among request characteristics and a regular expression was not
used for the <em>attribute</em>.</li>
-<li>
- A reference to an extension of an SSL client certificate, located by
- its object id <em>oid</em>.
- If a non-SSL request, or in absense of the configured <em>oid</em>,
- no variable will be set. If the <em>oid</em> is found multiple times,
- the individual strings will be concatenated, separated by a comma <code>','</code>.
- The <em>oid</em> should reference a string-valued extension.
-</li>
</ol>
<p>The second argument (<em>regex</em>) is a <a class="glossarylink" href="../glossary.html#regex" title="see glossary">regular expression</a>. If the <em>regex</em>
:<br />
SetEnvIf object_is_image xbm XBIT_PROCESSING=1<br />
:<br />
- SetEnvIf OID("2.16.840.1.113730.1.13") "(.*)" NetscapeComment=$1<br />
- :<br />
SetEnvIf ^TS ^[a-z] HAVE_TS<br />
</code></p></div>
the referring page was somewhere on the
<code>www.mydomain.example.com</code> Web site.</p>
- <p>The sixth example will set the <code>NetscapeComment</code>
- environment variable to the string found in the corresponding
- SSL client certificate field (if found).</p>
-
<p>The last example will set environment variable
<code>HAVE_TS</code> if the request contains any headers that
begin with "TS" whose values begins with any character in the
among request characteristics and a regular expression was not
used for the <em>attribute</em>.</li>
-<li>
- A reference to an extension of an SSL client certificate, located by
- its object id <em>oid</em>.
- If a non-SSL request, or in absense of the configured <em>oid</em>,
- no variable will be set. If the <em>oid</em> is found multiple times,
- the individual strings will be concatenated, separated by a comma <code>','</code>.
- The <em>oid</em> should reference a string-valued extension.
-</li>
</ol>
<p>The second argument (<em>regex</em>) is a <glossary
:<br />
SetEnvIf object_is_image xbm XBIT_PROCESSING=1<br />
:<br />
- SetEnvIf OID("2.16.840.1.113730.1.13") "(.*)" NetscapeComment=$1<br />
- :<br />
SetEnvIf ^TS ^[a-z] HAVE_TS<br />
</example>
the referring page was somewhere on the
<code>www.mydomain.example.com</code> Web site.</p>
- <p>The sixth example will set the <code>NetscapeComment</code>
- environment variable to the string found in the corresponding
- SSL client certificate field (if found).</p>
-
<p>The last example will set environment variable
<code>HAVE_TS</code> if the request contains any headers that
begin with "TS" whose values begins with any character in the
#include "http_log.h"
#include "http_protocol.h"
-#include "mod_ssl.h"
-
enum special {
SPECIAL_NOT,
SPECIAL_REMOTE_ADDR,
SPECIAL_REQUEST_URI,
SPECIAL_REQUEST_METHOD,
SPECIAL_REQUEST_PROTOCOL,
- SPECIAL_SERVER_ADDR,
- SPECIAL_OID_VALUE
+ SPECIAL_SERVER_ADDR
};
typedef struct {
char *name; /* header name */
module AP_MODULE_DECLARE_DATA setenvif_module;
-static APR_OPTIONAL_FN_TYPE(ssl_ext_list) *ssl_ext_list_func = NULL;
-
/*
* These routines, the create- and merge-config functions, are called
* for both the server-wide and the per-directory contexts. This is
else if (!strcasecmp(fname, "server_addr")) {
new->special_type = SPECIAL_SERVER_ADDR;
}
- else if (!strncasecmp(fname, "oid(",4)) {
- ap_regmatch_t match[AP_MAX_REG_MATCH];
-
- new->special_type = SPECIAL_OID_VALUE;
-
- /* Syntax check and extraction of the OID as a regex: */
- new->pnamereg = ap_pregcomp(cmd->temp_pool,
- "^oid\\(\"?([0-9.]+)\"?\\)$",
- (AP_REG_EXTENDED /* | AP_REG_NOSUB */
- | AP_REG_ICASE));
- /* this can never happen, as long as pcre works:
- if (new->pnamereg == NULL)
- return apr_pstrcat(cmd->pool, cmd->cmd->name,
- "OID regex could not be compiled.", NULL);
- */
- if (ap_regexec(new->pnamereg, fname, AP_MAX_REG_MATCH, match, 0) == AP_REG_NOMATCH) {
- return apr_pstrcat(cmd->pool, cmd->cmd->name,
- "OID syntax is: oid(\"1.2.3.4.5\"); error in: ",
- fname, NULL);
- }
- new->pnamereg = NULL;
- /* The name field is used for the stripped oid string */
- new->name = fname = apr_pstrdup(cmd->pool, fname+match[1].rm_so);
- fname[match[1].rm_eo - match[1].rm_so] = '\0';
- }
else {
new->special_type = SPECIAL_NOT;
/* Handle fname as a regular expression.
* same header. Remember we don't need to strcmp the two header
* names because we made sure the pointers were equal during
* configuration.
- * In the case of SPECIAL_OID_VALUE values, each oid string is
- * dynamically allocated, thus there are no duplicates.
*/
if (b->name != last_name) {
last_name = b->name;
case SPECIAL_REQUEST_PROTOCOL:
val = r->protocol;
break;
- case SPECIAL_OID_VALUE:
- /* If mod_ssl is not loaded, the accessor function is NULL */
- if (ssl_ext_list_func != NULL)
- {
- apr_array_header_t *oid_array;
- char **oid_value;
- int j, len = 0;
- char *retval = NULL;
-
- /* The given oid can occur multiple times. Concatenate the values */
- if ((oid_array = ssl_ext_list_func(r->pool, r->connection, 1,
- b->name)) != NULL) {
- oid_value = (char **) oid_array->elts;
- /* pass 1: determine the size of the string */
- for (len=j=0; j < oid_array->nelts; j++) {
- len += strlen(oid_value[j]) + 1; /* +1 for ',' or terminating NIL */
- }
- retval = apr_palloc(r->pool, len);
- /* pass 2: fill the string */
- for (j=0; j < oid_array->nelts; j++) {
- if (j > 0) {
- strcat(retval, ",");
- }
- strcat(retval, oid_value[j]);
- }
- }
- val = retval;
- }
- break;
case SPECIAL_NOT:
if (b->pnamereg) {
/* Matching headers_in against a regex. Iterate through
return DECLINED;
}
-static int setenvif_post_config(apr_pool_t *pconf, apr_pool_t *plog,
- apr_pool_t *ptemp, server_rec *s)
-{
- ssl_ext_list_func = APR_RETRIEVE_OPTIONAL_FN(ssl_ext_list);
- return OK;
-}
-
static void register_hooks(apr_pool_t *p)
{
ap_hook_header_parser(match_headers, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_post_read_request(match_headers, NULL, NULL, APR_HOOK_MIDDLE);
- /* post config handling */
- ap_hook_post_config(setenvif_post_config, NULL, NULL, APR_HOOK_MIDDLE);
}
AP_DECLARE_MODULE(setenvif) =
projects / apache / commitdiff