Re: Input Filters -- not seeing anything
Is util_filter.h lacking a closing " in the #include ? On 1/16/12, Pranesh Vadhirajan wrote: > Hello, > > I'm very new to developing Input Filters with Apache. I have written an > input filter to read the request body content and print it to my error log. > I have two print statements in my filtering function (one to let me know > that my filter code has been called and the other to print the request > content). Yet, I'm not seeing anything happening (nothing is getting > printed to my log). I have tried different things but I'm not able to make > anything work, so I've attached the code below hoping to get some insight on > why my filter doesn't seem to work. I am building the module using apxs and > I have a LoadModule directive in the httpd.conf file to load my module. I'm > new to the filter API and I'm totally out of ideas at this point as to why > this is not working. > > > #include "httpd.h" > #include "http_core.h" > #include "http_protocol.h" > #include "http_config.h" > #include "http_protocol.h" > #include "http_main.h" > #include "http_log.h" > #include "http_request.h" > #include "util_script.h" > #include "http_connection.h" > #include > #include > #include > #include > #include > #include > #include "uvds_metrics_sessions.h" > > #include "apr.h" > #include "apr_lib.h" > #include "apr_general.h" > #include "apr_strings.h" > #include "ap_config.h" > #include "apr_buckets.h" > #include "util_filter.h > > static apr_status_t req_body_filter_in(ap_filter_t *f, apr_bucket_brigade > *b, ap_input_mode_t mode, apr_size_t *readbytes) > { > const char *str; > int length; > apr_bucket *e; > > fprintf(stderr,"reached this point\n"); > > ap_get_brigade(f->next, b, mode, APR_BLOCK_READ,1); > > e = APR_BRIGADE_FIRST(b); > > if (e->type == NULL) { > return APR_SUCCESS; > } > > apr_bucket_read(e, &str, (apr_size_t*)&length, APR_NONBLOCK_READ); > fprintf(stderr,"req body: %s\n",str); > > return APR_SUCCESS; > } > > static void my_register_hooks (apr_pool_t *p) { > ap_hook_insert_filter(req_body_filter_in, NULL , NULL , > APR_HOOK_MIDDLE) ; > //ap_register_input_filter("get_request_body" , req_body_filter_in , > NULL , AP_FTYPE_RESOURCE) ; > > } > > module AP_MODULE_DECLARE_DATA my_module = > { > STANDARD20_MODULE_STUFF, > NULL, /* Per-Directory > Configuration */ > NULL, /* Directory Config > Merger */ > NULL, /* Per-Server > Configuration */ > NULL, /* Server Config > Merger */ > NULL, /* Command Table > (Directives) */ > my_register_hooks /* Registering > Hooks */ > > }; > > -- Sent from my mobile device
Re: Modify the body of a post request Multipar/form-data?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Eddy wrote: > For illustrate my problem : > > I have register a filter like in deflate : Your problem reminds me of the time when I tried to get help from this list to implement mod_openpgp - I recommend you check out mod_transform.c off svn://svn.buanzo.org/mod_openpgp which is a module implemented by Kevin Kiley (author of the excellent mod_gzip) that allows full request transformation. - -- Arturo "Buanzo" Busleiman Independent Linux and Security Consultant - OWASP - SANS - OISSG http://www.buanzo.com.ar/pro/eng.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREKAAYFAkwSqWIACgkQAlpOsGhXcE2YYgCeMqMRjKdLlkKgkRU7q4VqR9Hz Sj8An1EGpaxBiBlFYbHzaOSEb67NuW1l =tcyQ -END PGP SIGNATURE-
Re: Time for a new AuthType: "cert?"
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Thomas, Peter wrote: >> From: Eric Covener [mailto:cove...@gmail.com] >> I think "AuthType cert" is reasonable as long as you can demonstrate using >> the the traditional authz providers. > > Agreed. I'll think about what test cases are appropriate to demonstrate > functonality without impacting compatibility. Funny. Thinking of implementing the Enigform (i.e mod_openpgp) session initiation protocol inside a new AuthType. I'll be following this thread closely :) - -- Arturo "Buanzo" Busleiman Independent Linux and Security Consultant - OWASP - SANS - OISSG http://www.buanzo.com.ar/pro/eng.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREKAAYFAkuMb00ACgkQAlpOsGhXcE2DZgCeMCIdSR6cXVOFrPcMpRGRySMH b4IAn38SYP3gsXNESbBfhBRuwUAicbFM =dk9g -END PGP SIGNATURE-
Re: Make HTTP Request
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Saju Pillai wrote: > I think OP wants to know how to make a HTTP request to *another* HTTP > server. Yes, that's my main concern, but I could also setup mod_proxy_http and do the subrequest locally, which'll get forwarded by mod_proxy_http, right? - I had reviewed subrequests, and this method is the only one I imagine as to avoid linking to libcurl. In any case, if I end up linking to an external library (I'm already doing gpgme, see http://wiki.buanzo.org/index.php?n=Main.Wp-enigform-authentication ), then I might as well link to libcurl. But I'm worried about portability. I'm not a windows programmer, so I should review libcurl and gpgme on another platform before making any decisions. Thanks for your comments, Saju and Sorin! - -- Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107 Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREKAAYFAkm+nPUACgkQAlpOsGhXcE0bcACdHNWj+1/QLic7H+4M/1upxXE8 ytwAnR9LOmbE4bVF9SO3hq7HWbHRiMUk =4Hqy -END PGP SIGNATURE-
Make HTTP Request
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi! From within my module, I'd like to make an HTTP request from another HTTP server, get something from it, and use the returned information. What's the best way to do this? Thanks! - -- Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107 Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREKAAYFAkm+h1kACgkQAlpOsGhXcE0mowCeOpf2ADA9jt5/jv7KEYC+J9jL FeoAnR3uuu2A2/IiTPrkcv0JlCvK5LKO =99g7 -END PGP SIGNATURE-
APR's DBM outside APR
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi! I've tried to open DBM files created via APR code using Python, to no success. Any suggestions? - -- Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107 Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJkuBxAlpOsGhXcE0RCh41AJ4pMVfgFRKLecNuie0aoZLAYi1PRgCeN9KD 5VRobnfhf8a1p3jHjedLuVY= =q3yq -END PGP SIGNATURE-
Re: [apr_dbd] apr_dbd_datum_get example
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Jérôme Renard wrote: > No idea ? I got a lot of nice code out of this file: $APACHE_SRC_DIR/modules/cache/mod_socache_dbm.c Hope it helps you! - -- Arturo "Buanzo" Busleiman Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI2YHhAlpOsGhXcE0RCpd8AJ945w0jjI9SYfsTSJ+0q7kqbcYbzACfUH8W IwuwIYSbo4CPFWpPjDdMkK0= =o/cr -END PGP SIGNATURE-
apr_dbm and python/ruby/etc
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi group, Does anyone know of a python/ruby/whateverscriptinglanguage that can open a dbm database created using apr_dbm ? So long, all my python testing was negative (yes, using anydbm and every other dbm python module available). I'm in the process of adding a solid session backend for mod_openpgp (http://maotest.buanzo.org, an owasp endorsed project), and if I can't find good outside-APR dbm support, then I'm ditching it in benefit of apr_dbd (which, so far, doesn't look quite used apart from mod_auth[nz]_dbd). Anything? - -- Arturo "Buanzo" Busleiman Independent Security Consultant - SANS - OISSG Tired of SPAM? Slow Internet in your office? Ask me. http://www.buanzo.com.ar/pro/eng.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIXsS3AlpOsGhXcE0RCnLQAJ9pJ7hOWwbrQRzrqogsfUmcXNaQMACfVmrG TIT4INETKQMP2M0u7QNbHIA= =1jg0 -END PGP SIGNATURE-
[OT] Re: Versioning a module?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Mads Toftum wrote: > It used to be that you could just stick it into the server header and be > done with it, but with recent trends of security "experts" telling > everyone to go ServerTokens Prod, that doesn't really fly. Typical security-through-obscurity approach. I just hate that kind of "expert". I'll see that it does not become practice in this year's SANS TOP-20 (I've been a contributor to it for the last 4 years www.sans.org/top20)! - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica Servicios Ofrecidos: http://www.buanzo.com.ar/pro/ Unase a los Foros GNU/Buanzo - La palabra Comunidad en su maxima expresion. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG3cRXAlpOsGhXcE0RCo0rAJ9m58S0gNj8DYy52CYMz0Sn/54ucgCfQJ/g P9Jz3pfhbALdJRuO0csuzXo= =SPAA -END PGP SIGNATURE-
Re: flagging content input errors
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Christopher Vitale wrote: > I know this isn't a php list, but if you're interested in the Apache > module aspect of the bug you can see it at: I'll add myself to the bug-item. Might become interested in it when I implement HTTP request encryption using OpenPGP later on (mod_auth_openpgp). - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica Servicios Ofrecidos: http://www.buanzo.com.ar/pro/ Unase a los Foros GNU/Buanzo - La palabra Comunidad en su maxima expresion. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGzgCRAlpOsGhXcE0RCqJ3AJ9YZ1RGrPotN0Rb9GkEMCsIJgwqogCbBXCp hHMvhO1CiSmj2OaSncQqmHo= =TnZj -END PGP SIGNATURE-
Re: flagging content input errors
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Christopher Vitale wrote: > Is there anything else I can do to communicate that my module has given > this request a big thumbs down? What about return HTTP_INTERNAL_SERVER_ERROR? APR_* seems like less important to me, being "Apache runtime" related. - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica Servicios Ofrecidos: http://www.buanzo.com.ar/pro/ Unase a los Foros GNU/Buanzo - La palabra Comunidad en su maxima expresion. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGzfhYAlpOsGhXcE0RCpckAJsERfGv35NIz/SlSaCZGLJOyKJGhACeLphD FGT/8Xk1GC9XZljC5vkEiiY= =ZS+E -END PGP SIGNATURE-
Re: modules dev docs, porting docs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Tim Bray wrote: > The saving grace is that the httpd & modules code is generally very > transparent and readable. In every case, when I was puzzled as to (a) > what does apr_furgle_brolly() really do? or (b) how do I accomplish > XXX? I was able to track the answer down by poking around *.[ch]. Yes, that's true. But taken form another point of view, a more "architectural" point of view let's say, I can't believe I had to go through mod_perl's EXCELLENT documentation (1) to understand WHY apache is not allowing extra headers when I write a fully-rewriting input connection filter for mod_openpgp. (3) Of course, we have amazing books, like Nick Kew's, but still! References: 1 - http://perl.apache.org/docs/2.0/user/handlers/filters.html 2 - http://perl.apache.org/docs/2.0/user/handlers/filters.html#Connection_Input_Filters 3 - http://linux-consulting.buanzo.com.ar/2007/07/apache-frustration-p.html - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica SHOW DE FUTURABANDA - Sabado 18 de Agosto 2007 (Speed King, Capital Federal) Entradas anticipadas a traves de www.futurabanda.com.ar - Punk Rock Melodico -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGpjOpAlpOsGhXcE0RCpk6AJ97XPHAS6AaCKDmYQxKi54Mfd5jcgCcCGFj B9hi8b/7Cp/cU5nHNuaK+/g= =Ju0e -END PGP SIGNATURE-
adding extra bucket brigades?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi group, My connection-level input filter needs to replace a request with another request. This "another request" is contained, in encrypted form, in the BODY of the POST request I'm going to replace. I've been able to use ap_save_brigade, and move all the request's bucket brigades to a ctx bucket brigade, and use the last bucket-brigade of the request as starting point to insert the decrypted request. The problem is, Apache expects request headers in it's own bucket, and it's own bucket brigade. So, I can use that last bucket brigade to insert the first line of an HTTP request, but I can't add headers. So, I've thought I'd just use that bucket brigade to insert the first line of request (GET /blabla HTTP/1.1\r\n), and "then", append mode bucket brigades. But HOW to actually do this is eluding me. Any ideas? - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica SHOW DE FUTURABANDA - Sabado 18 de Agosto 2007 (Speed King, Capital Federal) Entradas anticipadas a traves de www.futurabanda.com.ar - Punk Rock Melodico -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGpObJAlpOsGhXcE0RCueKAJ4j7DOHskuvTaUp8keQNpa/AfETrgCfYn2g c07P+tJmhZMLHl1jvOaL7aw= =Rzef -END PGP SIGNATURE-
Last Brigade
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 In an input filter of CONNECTION type, how can I know if I've processed the last brigade? - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica ¿Su empresa consume demasiado ancho de banda? ¡Consulteme! Free (as in Freedom) Punk Rock from Argentina: http://www.futurabanda.com.ar -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGmRvLAlpOsGhXcE0RCt4wAJ9J7FtjLXaeS7dNYSF9JH4VSTWbMgCcDZv7 Afz6jxCfDMlCck/+9Ik9BUE= =Rchr -END PGP SIGNATURE-
Re: [ANN] mod_concat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Ian Holsman wrote: > you can try it out yourself: Yep, definitely a boost. :) - Good work!! - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica ¿Su empresa consume demasiado ancho de banda? ¡Consulteme! Free (as in Freedom) Punk Rock from Argentina: http://www.futurabanda.com.ar -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGiuZiAlpOsGhXcE0RCjMOAJ9ExS+9D+HUdTS30rtIVyTHSj2MvwCfcWWc wgd3lKXSn1rbh9u9qTBZps8= =AzbT -END PGP SIGNATURE-
Re: OpenPGP Input Filter
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Arturo 'Buanzo' Busleiman wrote: > Dear group, > > As some of you already know, I'm working on OpenPGP extensions to the HTTP > protocol. I've created > the Enigform firefox extension, and it's Apache counterpart, mod_auth_openpgp > (which will be renamed > to mod_openpgp in the near future). Anybody had a chance to look at this? Or anyone willing to join the devel team? :) - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica Free (as in Freedom) Punk Rock from Argentina: http://www.futurabanda.com.ar GNU/Linux Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGgl3JAlpOsGhXcE0RCv66AJ9Ovbwqkp8UHswXWYA8YxsLOeXAZgCfd4GB RsUNQrW6gEgcfZxxfNiJx0I= =uOuD -END PGP SIGNATURE-
OpenPGP Input Filter
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear group, As some of you already know, I'm working on OpenPGP extensions to the HTTP protocol. I've created the Enigform firefox extension, and it's Apache counterpart, mod_auth_openpgp (which will be renamed to mod_openpgp in the near future). I've already implemented the "sign" openpgp operation in Enigform, and the "verify" operation in mod_auth_openpgp, along with methods to import a public key from client to server. The next step is server-side signing and both-sides encryption and decryption. For this I will be needing to input the passphrase to unlock the private key at the server side, but I will use mod_ssl's approach. So, before implementing encryption at the browser-side, I've crafted an "OpenPGP encrypted http request", which looks like this (OpenPGP header modified for this email on purpose, so it does not trigger your PGP/GPG plugin) =- cut here -= POST /HTTP_OPENPGP_DECRYPT Host: localhost - -BEGIN*PGP*MESSAGE- Version: GnuPG v1.4.7 (GNU/Linux) hQIOA9YKl/p/3dcgEAf/erCrgwG8kB35bKerk3gMNqh0N2IUh2iPk3qgWsFurvOW 26nA4WU2ZmB3i5ZP4aaZwKZulsBhBA7IyX+lKbf6IyewLIaw0N/sgcoMBCOW0DmN hfJ0mgGFIGwl+uFyQoCwXk33H5j1lJidnC/AvRyqMHwxSOOXcFBuDoCVNXLiQAx8 lqKlLHtccLuG4fAAYfviqLmuK8vpFcbVURw96rh+KmWpMCY70U9JGiD/9jlcLKlo oYYkiLgJ+fDDxDwGAZ/6ryAN3tlPUyq2vLClqzbd/fgtAnTcnjhGeI3HzDUDr1aG TDPOAzpQM0ho385J4xv1ZfQRajSRY8AOcGz0s0pAgLX6wFy47IUKrsQeNMBy a/YBe4SGJyjyvDXxpUMhbftZMKDMLCL3qjfyy+v6S86i3dEI16/0a3J4ms4T7Zk5 3E08dzok+uvoLVDBJ7wpFhYACcguXogqQgkanwytW/CIzaXz43BEJnrRXXzPuzx4 N1cR2yQFqiuR+S6ycEo/qEL2XNM3rJc0ReQEPyMHzTwZhNPDXl1Zc2hjE/HjNeQy sQ70D1+KQHwFWK1w+PDNamoAM30bRmaE+HcpcowHiOi/uGMOxi5RcYRi7Ap+6yps 5inK/AGWMFGx4+zdsO+uSpmShR44O+SX6WOOBajgHHNLqZLvn1YnPdtsNkhmeLLA BNLpAT5uSv0sMBSnRq//0HhcgjRlQX9JiZzJdr1PxM7x061wTYwuWRLwWepuALG6 23Ywtmdsm+TKSn5MdDYFJFzmVKBP8lEB9yy8KeFgAWupqlm0/aXlz47ZEAds+5wi vkO5Oujm5kfR4E+hUbd0OQtvzvUnTGeh959g5P29UjR25bKWa2vgbj5ecZmE50+t QEHJYojLqZIK2JaG7E+IF5xJzZsnSJMm/UL7xrYE8rqLMHe+oz7Uj+1Ue0Nv/jOp xMFZSF/rLZsOzB4HAmLTN/RiW2K/M5YpFPmRxWHnJOeLxKgmAMY4ZG6m5/40ePlQ lKN64J6b/dOAYnEJYp/DvjZXX0t379QNzgTcsI3tQhIEsM/Dgcqe6Y3Za2JFPx74 KdvjhdpWBLCYSlnyLe5Dp69aLQMmMSNzSnj0BfWAQvKq/N4YNXk8nPo8G3oTO3hv yTcdpPVTZzTKNdUkmmC2dsEO6AXf7gdhHQrPTLXWeMfSED2O3L1p4AoQZi+cnWQI OxUklg8KoGuwKgJFIIi1aGo7aINbgfn12It9ovQA7yO459Yu6Ksd5W66cBbJbeyf pAiQTz4hu/7Hh1WOm7sIzOsglxI3C/gtG6xFBq9S6Nc13shGfY9WojVVGMUKRPt5 hmcD4bE595UcunoBb8VAKloZ15jD149fqc/evzgeMZIEpVloqd2dj98E6d0m5LPR +7NBnqaKrn+Z5lTA8z1mhMMv17pSi0XxczA/3Vs2Vn+/zpuupR7fdXZY1uiu6vGr 3SwZkRx6hJHdVA6y+J7OC5YOtBKUxTGc1N4oa1uUhhPmViwFURCuZqxqRbE= =OPnL - -END*PGP*MESSAGE- =- cut here -= When the "localhost" virtualhost gets that request, an input filter should be called by a handler I've setup for location /HTTP_OPENPGP_DECRYPT withing mod_openpgp. The "host" header must not be encrypted, so server-wide openpgp decryption shouldn't be needed. The encrypted text, is the following HTTP request: =- cut here -= POST /pba/test.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (example) Accept: text/html, blahblah Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://localhost/pba/index.html X-OpenPGP-Type: S X-OpenPGP-Sig-Fields: body X-OpenPGP-Sig: iD8DBQFGflnpw7MFlotPrwCeKb0qqa5Vt6eaPVaqHuUG2SVHz/c==B/eo X-OpenPGP-Digest-Algo: SHA1 X-OpenPGP-Version: GnuPG v1.4.7 (GNU/Linux) X-OpenPGP-Agent: Enigform 0.8.1 for Mozilla Firefox Cache-Control: max-age=0 Content-Type: application/x-www-form-urlencoded Content-Length: 15 variable=dsadas =- cut here -= As you can see, it is also an OpenPGP-signed request, with the same Host: line, but with a different request line, headers and body. That's the REAL request, that should be input into Apache, the response be obtained and returned (encrypted, but we can work on that once decryption is ready) to the browser. So, at first I thought a subrequest would do the job, but then it seemed to me that another approach was better: decrypt, parse cleantext's http headers and add them to r->headers_in, then replace body with the cleantext body (variable=dsadas). As this is BIG stuff, I thought the people at modules_dev would be interested in providing their views, insults, etc. If this is too offtopic or too long a thread, I have a forum to discuss enigform and mod_auth_openpgp development, but I believe this question should be discussed here. In any case, the URL is: http://foros.buanzo.com.ar/viewforum.php?f=35 mod_auth_openpgp: http://freshmeat.net/projects/maopenpgp Enigform: http://freshmeat.net/projects/maopenpgp and http://addons.mozilla.org Sincerely, Buanzo PS: Nick, chapter 8 of your book is definitely GREAT :) - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica Free Music: http:
Re: Obtain Homedir of Apache User
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Arturo 'Buanzo' Busleiman wrote: > Hi! > > I need to obtain the homedir for the user apache is running under. Any ideas? OK, answering myself. What about something along the lines of: apr_uid_homepath_get(apr_uid_current()) ? - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica Free Music: http://www.buanzo.com.ar/files/buanzo-ultimamente.ogg Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGenfwAlpOsGhXcE0RCk/pAJ97oq+mQUbszU48fyYes6jtA437gACggp7e i49nH1IxWunBKteowQn6+Nc= =brCN -END PGP SIGNATURE-
Obtain Homedir of Apache User
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi! I need to obtain the homedir for the user apache is running under. Any ideas? I need that value to define a default value for the .gnupg dir location (/var/www/.gnupg in my case, because ~apache=/var/www). - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica Free Music: http://www.buanzo.com.ar/files/buanzo-ultimamente.ogg Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGenS2AlpOsGhXcE0RCoQ+AJ444xzZe20tDUSJk4OUI8iOTnQpsgCfRdA9 7RhWMgKjdAwzFrSmxetyzlw= =36Qe -END PGP SIGNATURE-
Re: Module license
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 William A. Rowe, Jr. wrote: > You are always welcome :) :D > I pointed it out only because there have been hard feelings > in the past of "Why isn't my great mod_foo part of httpd's > distribution yet?" The dev's aren't psychic, and we've > rarely actually shopped for a project to bundle nor contacted > the developers. The mods that have been added had authors > who approached httpd devs themselves. Well, that's something people-that-do-not-read-onsite-documentation will never fully understand :) - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica Free Music: http://www.buanzo.com.ar/files/buanzo-ultimamente.ogg Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGdcbMAlpOsGhXcE0RCpJLAJ4kSBCMICrGlMQHxT0nCuHE7IdF9gCdFnwX +ZlEgWK+bpLdLdB7lyay0OQ= =6SSV -END PGP SIGNATURE-
Re: Module license
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 William A. Rowe, Jr. wrote: > Of course, it's necessary for you to submit the code to [EMAIL PROTECTED] Yes, of course! I will not submit an incomplete project :P but thanks for the great on-list info! :D - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica Free Music: http://www.buanzo.com.ar/files/buanzo-ultimamente.ogg Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGdcSCAlpOsGhXcE0RCrnjAJsGAM8AAMH1tfPwqv3sB5V6F9panQCeOtj4 rNt0LfasAh+0JO32JEQEpcA= =6KrN -END PGP SIGNATURE-
Re: Module license
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 William A. Rowe, Jr. wrote: > The ASF only considers contributions of modules which the author has > provided under the AL, and if you hope for redistributors such as RedHat, > Novell etc to pick up your module, staying with the AL is a safer way > to help make that happen. Regarding that, I've declared mod_auth_openpgp (that will be renamed to mod_openpgp, as it is more an openpgp extenion for http module than an authorization module [although it works like that when combined with mod_access, php, etc]) licensed under the apache license 2.0, because I expect the Apache Software Foundation to consider it for inclusion. - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica Free Music: http://www.buanzo.com.ar/files/buanzo-ultimamente.ogg Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGdTzGAlpOsGhXcE0RCnQdAJ9k4aPz2WrXdeYd1rfk0WUoDN2CBgCffTmf fyCA8w8JG1cP9Yk1hQeUl1k= =TnuO -END PGP SIGNATURE-
Re: module SIGSEGV's on config
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Mike wrote: > And one more 'trick'. try to enable CoreDumpDirectory in Apache config > (in Apache start script as well - ulimit) and analyse coredumps. It > helps a lot. I tried the gdb approach, but the process died. And the backtrace had two ? items and the last was, of course, my function, but thanks for this new tip! - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica OpenPGP for HTTP: New Web-Auth Scheme: http://freshmeat.net/articles/view/2599 Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGWCwcAlpOsGhXcE0RCgL7AJ0ZVgEJgV6i7bAuINIpU+gNhKhGAACdHfDR dQ45lXM1pRcYQweB7PAwpEk= =OJpo -END PGP SIGNATURE-
Re: module SIGSEGV's on config
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Nick Kew wrote: > You can't use ap_set_*_slot with server config. Damn, you're right, it's the Server Hierarchy... just like those two lines in your book i JUST found a couple of minutes ago :) Sincerely, Buanzo - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica OpenPGP for HTTP: New Web-Auth Scheme: http://freshmeat.net/articles/view/2599 Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGV5NyAlpOsGhXcE0RCuRwAJ0XsrorRqPgvufT8auyoPjHzBb4DwCffcCY ynOou1Rk+40L0f/Nw/w09gI= =vtO2 -END PGP SIGNATURE-
module SIGSEGV's on config
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi group! I have this code that manages my modules configuration. The three declared directives should go in global or virtualhost (not at Directory, etc). typedef struct { int bEnabled; char *KeyServer; char *ImportKeyUrl; } AuthOpenPGPConfig; static void *create_auth_openpgp_server_config(apr_pool_t *p, server_rec *s) { AuthOpenPGPConfig *pConfig = apr_palloc(p, sizeof (AuthOpenPGPConfig)); pConfig->bEnabled = 0; pConfig->KeyServer = apr_pstrdup(p,"hkp://subkeys.pgp.net"); pConfig->ImportKeyUrl = NULL; return pConfig; } static const command_rec auth_openpgp_cmds[] = { AP_INIT_FLAG("OpenPGPEngine", ap_set_flag_slot, (void *)APR_OFFSETOF(AuthOpenPGPConfig,bEnabled), RSRC_CONF, "Enable OpenPGP Auth on this host"), AP_INIT_TAKE1("OpenPGPKeyServer",ap_set_string_slot, (void *) APR_OFFSETOF(AuthOpenPGPConfig,KeyServer), RSRC_CONF, "Specify which keyserver to use for public key imports. Default: hkp://subkeys.pgp.net"), AP_INIT_TAKE1("OpenPGPImportKeyUrl",ap_set_string_slot, (void *)APR_OFFSETOF(AuthOpenPGPConfig,ImportKeyUrl),RSRC_CONF, "Specify full URL where the mao_ImportKey handler is accessed from."), { NULL } }; If I set all/any of those in my VirtualHost container, apache segfaults. I've just double-chcked with Nick Kew's book, and with some modules' source, but it all seems OK to me. Any ideas? - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica OpenPGP for HTTP: New Web-Auth Scheme: http://freshmeat.net/articles/view/2599 Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGV3r9AlpOsGhXcE0RCjnNAKCDCNnoMd3vN3Pl5NWdo/yoJR9czACfacJq d4eW2Ws2u3aLu3ZMd1TH1Kk= =fNuU -END PGP SIGNATURE-
[OT] Re: Module address space
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Graham Dumpleton wrote: > Strictly speaking it is more complicated that my simple answer > indicates and I in part tried to suggest that there was more to it > than that. The main thrust of my simple answers was to make clear that [...] Graham, I just want to state that your answers were definitely clear, and that they also helped me! :) - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica OpenPGP for HTTP: New Web-Auth Scheme: http://freshmeat.net/articles/view/2599 Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGVL+DAlpOsGhXcE0RChCFAJ0ZnQE4g6xWA0cUmuCBtwBRvkiOxACfW3rK o4oYufcAossB/cG7F3ejtGw= =Uhmt -END PGP SIGNATURE-
parsed_uri
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Quick question: Why is it that r->parsed_uri->path has valid content ("/something"), but the other fields such as scheme, port_str, hostname are NULL? I've tried: apr_uri_parse(r->pool, r->unparsed_uri, &r->parsed_uri); and apr_uri_parse(r->pool, r->uri, &r->parsed_uri); (just in case it was a documentation glitch), but to no avail. Searching for apr_parse_uri in apache's sources gives me no useful pointers :( What's wrong with me today? :) - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica OpenPGP for HTTP: New Web-Auth Scheme: http://freshmeat.net/articles/view/2599 Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGVIENAlpOsGhXcE0RCsilAJ48H6ZYGKG5z3Xfc4vQGp1ndDBcNwCeOoEm /RZoLUwBfknO7Y2EM6Wm0n8= =f1Gk -END PGP SIGNATURE-
Ideas/Security advice needed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Guys, for mod_auth_openpgp (the OpenPGP support module for Apache I'm working on) to support encryption and signing (so far only has verification), I need to provide GnuPG the passphrase to unlock a private key. It's the classic SSL passphrase issue all admins work around by using a passwordless certificate, so I really am looking forward for some community feedback here. I've published this "call for ideas" on a couple of mailing lists, and in my site, but some help from apache developers would definitely be a GREAT idea. If you rather reply/comment at the official forum, please visit: http://foros.buanzo.com.ar/viewtopic.php?f=37&t=229 Sincerely, Buanzo - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica OpenPGP for HTTP: New Web-Auth Scheme: http://freshmeat.net/articles/view/2599 Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGU2hTAlpOsGhXcE0RCoEOAJwLKfCE2gTOEqQjntUZ6oMF8ual2gCfcIjD q5I89yb7mylP04HOWbSML6M= =QDFG -END PGP SIGNATURE-
Re: ap_add_version_component
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Joe Lewis wrote: > It takes two arguments. The first should be the pool from the [...] > static int mod_example_post_config(apr_pool_t * p,apr_pool_t * damn, i should pay more attention to mod_example... thank you very much for your time Joe, I'm sorry I've bothered the list with something I could've found myself. Sorry! - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica OpenPGP for HTTP: New Web-Auth Scheme: http://freshmeat.net/articles/view/2599 Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGUapzAlpOsGhXcE0RCjKdAJ9+7YY6wuciPR5SOsRxm/Cg2WmtJgCfe/mQ 2+41RF36AupR4uGUa8xb4Hg= =tZ7D -END PGP SIGNATURE-
Re: ap_call_exec
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Arturo 'Buanzo' Busleiman wrote: > Hi guys! Hi Myself! > I was just adding some functionality for public key importing to > mod_auth_openpgp, so I used > ap_call_exec, but it seems that call does not exist anymore. I found it in > API 1.3 documentation, > but I can't seem to find proper 2.x docs. > Any pointers? This is becoming annoying. Each time I ask something on a mailing list, I came up with the answer seconds later... In this case, I just remembered we have mod_ext_filter's source. So, right into it, all the necessary stuff :) Somebody shoot me :P - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica OpenPGP for HTTP: New Web-Auth Scheme: http://freshmeat.net/articles/view/2599 Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGS0+xAlpOsGhXcE0RCuwcAJ9vmb9XQOafR5CEkd1E1aLsLvchswCdHNQC qRYCeyqFEkPLGuUbVGy9yr8= =VG6K -END PGP SIGNATURE-
ap_call_exec
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi guys! I was just adding some functionality for public key importing to mod_auth_openpgp, so I used ap_call_exec, but it seems that call does not exist anymore. I found it in API 1.3 documentation, but I can't seem to find proper 2.x docs. Any pointers? - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica OpenPGP for HTTP: New Web-Auth Scheme: http://freshmeat.net/articles/view/2599 Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGS04kAlpOsGhXcE0RCnGgAJ9y//MTdWv4wVMnE8nK10mL8NZ1VwCePrfV XZ4n9VIEHJJi1FvM8xX5830= =jK+E -END PGP SIGNATURE-
mod_auth_openpgp with POST support
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Short announcement: check freshmeat.net/projects/maopenpgp - I've added POST support to mod_auth_openpgp. Includes FILE uploads. The code is based on suggestions from this list. If anyone wants to take a look at that code... I'll be happy to receive knock-outs :) - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica Foros GNU/Buanzo: Respeto, Soluciones y Buena Onda: http://foros.buanzo.com.ar Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGJDAQAlpOsGhXcE0RCorrAJ4iOuFqy8aHV90rcfKwZIzxm7DpmQCcCYJT Y1tQqRCkU/26PidltQ+RL6Y= =xJJJ -END PGP SIGNATURE-
Re: read POST body
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Graham Dumpleton wrote: > Again, this is my understanding from studying code and reading > different bits and pieces, so someone correct me if I am wrong. > Confirmation from someone that this is correct would also be > appreciated. Graham: Wow. Very interesting and insightful information! *THANKS* for your time! I will post my solution as soon as I implement and test it. Thanks! - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica Foros GNU/Buanzo: Respeto, Soluciones y Buena Onda: http://foros.buanzo.com.ar Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGHtgZAlpOsGhXcE0RCod8AJ41V9WLD8ryjFQr3eITGpQprAJjQQCfS6kN XIdys39JD5XSFpZsy3Nii0w= =eVQg -END PGP SIGNATURE-
read POST body
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi group! For mod_auth_openpgp I need to read the POST body. During my research (googling, archives of this list, apache.org, etc) I discovered three methods so far. I would like your opinions on the safest one, fastest one, if should DECHUNK, how much to allow for post size allocation (probably a configuration option, but i'd need a default value...). This is what I got: anything you can think of would be of GREAT help: Getting REQUEST BODY: (1) ap_setup_client_block(r, REQUEST_CHUNKED_DECHUNK); char buffer[1024]; if ( ap_should_client_block(r) == 1 ) { while ( ap_get_client_block(r, buffer, 1024) > 0 ) { ap_rputs("Reading in buffer...",r); ap_rputs(buffer,r); } } else { ap_rputs("Nothing to read...",r); } Getting REQUEST BODY: (2) http://httpd.apache.org/apreq/ Getting REQUEST BODY: (3) static int util_read(request_rec *r, const char **rbuf) { int rc; if ((rc = ap_setup_client_block(r, REQUEST_CHUNKED_ERROR)) != OK) { return rc; } if (ap_should_client_block(r)) { char argsbuffer[HUGE_STRING_LEN]; int rsize, len_read, rpos=0; long length = r->remaining; *rbuf = ap_pcalloc(r->pool, length + 1); ap_hard_timeout("util_read", r); while ((len_read = ap_get_client_block(r, argsbuffer, sizeof(argsbuffer))) > 0) { ap_reset_timeout(r); if ((rpos + len_read) > length) { rsize = length - rpos; } else { rsize = len_read; } memcpy((char*)*rbuf + rpos, argsbuffer, rsize); rpos += rsize; } ap_kill_timeout(r); } return rc; } - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica Foros GNU/Buanzo: Respeto, Soluciones y Buena Onda: http://foros.buanzo.com.ar Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGHmb3AlpOsGhXcE0RClVRAJ95UqidCJcSXqmdWMGupuNahdBk/QCfb5KO R5y+G2NbAFGUIvHYytfHxb4= =xxOM -END PGP SIGNATURE-
Re: Introducing mod_enigform.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Karl, thanks for your input: Karl Southern wrote: > This might be off at a bit of a tangent, but I'd love to test this out > and I'd be interested in seeing some sort of provision for redirection > or something, if the signing isn't available. Possibly a little out of > scope as this is achievable through mod_rewrite. Well, I guess it wouldn't be difficult to add a parameter to specify a redirection url for certain cases. Like, an url to redirect when request is not signed, another when verification fails, but in any case I'm adding some headers to the request, that can tell a web application (or other modules) verification status, etc. Of course, my module remove any of those headers from incoming requests, to avoid spoofing. > What I'd really love to see is support for mod_dbd, etc. so that keys > could be stored in a database and yanked from there. Never heard of it. Could you contact me offlist, or onlist if appropaite, so we can discuss it? > Also off at a giant tangent, is there any plans for a signed response in > the specs (I assume this would require a fully buffered response, which > would be rather "expensive")? If so, any plans on this module supporting > that? Signing responses it's a matter of adding the required headers to the outgoing reply, so, as long as they're added before any other output, no buffering seems necessary (at least from an 'outside modules' perspective. I guess that would probably fall into another module, or in a PHP Class, or similar. - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica Foros GNU/Buanzo: Respeto, Soluciones y Buena Onda: http://foros.buanzo.com.ar Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGG6GAAlpOsGhXcE0RClINAJ9H+NVAYd/xxqnZq+KjadZatrvh5ACeMDhx BIoXOTkfcWunlFUQZ1oMQjw= =UANe -END PGP SIGNATURE-
Re: Introducing mod_enigform.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 William A. Rowe, Jr. wrote: > It's non-trivial but is the best example, I'd point you to FakeBasicAuth > in mod_ssl. Hi group! Although I have not used the FakeBasicAuth approach, I'm now announcing that I already have a (mostly) working implementation of mod_auth_openpgp. It's modelled after mod_authz_host. I'd appreciatte input on what kind of configuration it would be nice to have. So far I thought of Order/Allow/Deny, but I'd like it to be more flexible. If there's anyone who'd like to get hands on the code, let me know. I also don't know if this code should be hsoted on apache.org's CVS servers, or what, as I plan to release this to the Apache foundation, so Apache becomes the first HTTP server to support the upcoming IETF Draft that all this is about. Any other tips? :) Sincerely, and in a very happy mood, Buanzo. - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica Foros GNU/Buanzo: Respeto, Soluciones y Buena Onda: http://foros.buanzo.com.ar Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGGVOBAlpOsGhXcE0RCujSAJ0TktFIPZQBjcypht8M8z8acoqwmQCfWa9u KlF7WH/J3OIdfI1stkPY6is= =URVS -END PGP SIGNATURE-
Re: Introducing mod_enigform.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 William A. Rowe, Jr. wrote: > It's non-trivial but is the best example, I'd point you to FakeBasicAuth > in mod_ssl. It's a GREAT example. I'm now there: ssl_engine_kernel.c line 1149: /* * Auth Handler: * Fake a Basic authentication from the X509 client certificate. * * This must be run fairly early on to prevent a real authentication from * occuring, in particular it must be run before anything else that * authenticates a user. This means that the Module statement for this * module should be LAST in the Configuration file. */ It even fakes a password :P Thanks Will! - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica Foros GNU/Buanzo: Respeto, Soluciones y Buena Onda: http://foros.buanzo.com.ar Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGGB2mAlpOsGhXcE0RCtdNAJ9OGXZUFSjZ/dcolqcqibP5pa44wQCfYusr YASK+KG6GkQ5FYtjfivwT0A= =FGJX -END PGP SIGNATURE-