Bug 31384 - Adding modssl variables to the environment and forwarded requests
Summary: Adding modssl variables to the environment and forwarded requests
Status: CLOSED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_headers (show other bugs)
Version: 2.0-HEAD
Hardware: All All
: P3 major (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: PatchAvailable
Depends on:
Blocks:
 
Reported: 2004-09-23 09:55 UTC by Marc Stern
Modified: 2004-11-29 16:17 UTC (History)
0 users


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marc Stern 2004-09-23 09:55:21 UTC 
The environment variables created by modssl are not passed back to a forward
request. This prevent to retrieve the user's certificate when Apache is used as
reverse proxy. This is a major issue for user's authentication.

Patch:

diff -aur httpd-2.0.49/modules/metadata/mod_headers.c
httpd-ocsp/modules/metadata/mod_headers.c
--- httpd-2.0.49/modules/metadata/mod_headers.c	2004-02-09 21:53:19.000000000 +0100
+++ httpd-ocsp/modules/metadata/mod_headers.c	2004-08-13 12:10:45.000000000 +0200
@@ -70,6 +70,7 @@
 #include "apr_hash.h"
 #define APR_WANT_STRFUNC
 #include "apr_want.h"
+#include "apr_optional.h"
 
 #include "httpd.h"
 #include "http_config.h"
@@ -128,6 +129,14 @@
     apr_array_header_t *fixup_out;
 } headers_conf;
 
+/* Pointer to ssl_var_lookup, if available. */
+APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup,
+                        (apr_pool_t *, server_rec *,
+                         conn_rec *, request_rec *,
+                         char *));
+static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *header_ssl_lookup = NULL;
+
+
 module AP_MODULE_DECLARE_DATA headers_module;
 
 /*
@@ -146,9 +155,27 @@
 {
     return apr_psprintf(r->pool, "t=%" APR_TIME_T_FMT, r->request_time);
 }
+/* to also get the variables from mod_ssl */
+static const char *header_request_ssl_var(request_rec *r, char *name)
+{
+    const char *val;
+
+    ap_log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server, "Getting env. var.
'%s' from mod_sll", name );
+
+    if ( !header_ssl_lookup) return NULL;
+
+    val = header_ssl_lookup(r->pool, r->server, r->connection, r, name);
+    if ( !val || !val[0] ) return NULL;
+    
+    ap_log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server, "Getting env. var.
from mod_sll: '%s'='%s'", name, val );
+
+    return val;
+}
 static const char *header_request_env_var(request_rec *r, char *a)
 {
     const char *s = apr_table_get(r->subprocess_env,a);
+    /* to also get the variables from mod_ssl */
+    if ( !s ) s = header_request_ssl_var(r, a);
 
     if (s)
         return s;
@@ -573,9 +600,18 @@
     return OK;
 }
 
+/* to also get the variables from mod_ssl */
+static int header_post_config(apr_pool_t *pconf, apr_pool_t *plog,
+                              apr_pool_t *ptemp, server_rec *s)
+{
+    header_ssl_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
+    return OK;
+}
+
 static void register_hooks(apr_pool_t *p)
 {
     ap_hook_pre_config(header_pre_config,NULL,NULL,APR_HOOK_MIDDLE);
+    ap_hook_post_config(header_post_config,NULL,NULL,APR_HOOK_MIDDLE); /* to
also get the variables from mod_ssl */
     ap_hook_insert_filter(ap_headers_insert_output_filter, NULL, NULL,
APR_HOOK_LAST);
     ap_hook_fixups(ap_headers_fixup, NULL, NULL, APR_HOOK_LAST);
     ap_register_output_filter("FIXUP_HEADERS_OUT", ap_headers_output_filter,
Comment 1 Joe Orton 2004-09-23 10:11:10 UTC 
This is already done on HEAD:

http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/metadata/mod_headers.c?r1=1.49&r2=1.50

and is pending some tweaks for inclusion in 2.0.