You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Eric <ef...@kwinternet.com> on 2005/07/04 21:02:06 UTC
user with Basic Auth
Hi,
I am using CGI::Application under mod_perl 1.29/with mod_ssl on a Solaris
10 machine.
Since our move from a internal office machine that was not using SSL to an
outside machine that is, I have not been able to get the Basic user's name.
I think I have tried just about everything, including the correct way. That
should be, if the ENV doesn't work, then I should be able to use
Apache::Request to get the info, I had to do that with the IP address a
long while back for example.
But this doesn't work:
my $r = Apache->request(); #
my $c = $r->connection;
my $user = $c->user();
warn "REMOTE USER IS,$user";
And I get nothing for the $user.
So I tried this:
my $r = Apache->request(); #
my $headers = $r->headers_in();
warn Dumper \%ENV;
warn Dumper $headers;
my $c = $r->connection;
my $user = $c->user();
warn "REMOTE USER IS,$user";
Output...
%ENV dump
'SSL_SESSION_ID' =>
'48E61FD73981E09104082EFFB995DCB4B5941ACD63B4DE189280B2A1A609029C6',
'SCRIPT_NAME' => '/perl/multi_cs.cgi',
'SSL_PROTOCOL' => 'SSLv3',
'REQUEST_METHOD' => 'GET',
'HTTP_ACCEPT' =>
'text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5',
'SCRIPT_FILENAME' => '/usr/local/apachessl/perl/multi_cs.cgi',
'SSL_VERSION_LIBRARY' => 'OpenSSL/0.9.7d',
'SSL_VERSION_INTERFACE' => 'mod_ssl/2.8.19',
'SSL_CLIENT_VERIFY' => 'NONE',
'SSL_SERVER_S_DN_ST' => 'British Columbia',
'SERVER_SOFTWARE' => 'Apache/1.3.31 (Unix) mod_perl/1.29
mod_ssl/2.8.19 OpenSSL/0.9.7d',
'SSL_SERVER_I_DN_OU' => 'Equifax Secure Certificate Authority',
'QUERY_STRING' =>
'datecontrol1=&datecontrol2=&rm=order_display&ord_num=&old_ord_num=&cu_phone_raw=&postal=&cu_lastname=&cu_firstname=&cu_address1=&cu_city=&cu_st_prov=n%2Fa&cu_countrycode=--&cu_email=&quantity_ordered=&product_name=0&username=&Submit=Go+Search&month=0&day=0&year=0&endmonth=0&endday=0&endyear=0&orderby=orders.ord_date',
'REMOTE_PORT' => '4398',
'HTTP_USER_AGENT' => 'Mozilla/5.0 (Windows; U; Windows NT 5.0;
en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0',
'SSL_SERVER_S_DN_CN' => 'dmcontact.com',
'SERVER_SIGNATURE' => '<ADDRESS>Apache/1.3.31 Server at
dmcontact.com Port 443</ADDRESS>
',
'SSL_SERVER_S_DN_L' => 'Victoria',
'HTTP_CACHE_CONTROL' => 'max-age=0',
'HTTP_ACCEPT_LANGUAGE' => 'en-us,en;q=0.5',
'HTTP_KEEP_ALIVE' => '300',
'SSL_SERVER_A_SIG' => 'sha1WithRSAEncryption',
'PATH' =>
'/usr/sbin:/usr/bin:/usr/ccs/bin:/usr/openwin/bin:/usr/dt/bin:/usr/platform/i86pc/sbin:/opt/sun/bin:/usr/local/mysql/bin:/usr/sfw/bin:/opt/SUNWvts/bin:/opt/SUNWexplo/bin',
'GATEWAY_INTERFACE' => 'CGI-Perl/1.1',
'SSL_CIPHER_USEKEYSIZE' => '256',
'HTTPS' => 'on',
'SSL_CIPHER_ALGKEYSIZE' => '256',
'DOCUMENT_ROOT' => '/usr/local/apachessl/htdocs',
'SSL_SERVER_M_SERIAL' => '051E24',
'SSL_CIPHER_EXPORT' => 'false',
'SSL_SERVER_S_DN_O' => 'DM Contact Management Ltd.',
'SSL_SERVER_S_DN' => '/C=CA/ST=British Columbia/L=Victoria/O=DM
Contact Management Ltd./CN=dmcontact.com',
'SERVER_NAME' => 'dmcontact.com',
'SSL_SERVER_I_DN_O' => 'Equifax',
'HTTP_REFERER' =>
'https://dmcontact.com/perl/multi_cs.cgi?rm=order_search',
'HTTP_ACCEPT_ENCODING' => 'gzip,deflate',
'PERL_SEND_HEADER' => 'On',
'SERVER_ADMIN' => 'eric@dmcontact.com',
'HTTP_CONNECTION' => 'keep-alive',
'SSL_SERVER_V_END' => 'Oct 14 18:07:34 2005 GMT',
'SSL_SERVER_I_DN_C' => 'US',
'HTTP_ACCEPT_CHARSET' => 'ISO-8859-1,utf-8;q=0.7,*;q=0.7',
'TZ' => 'US/Pacific',
'SSL_SERVER_V_START' => 'Oct 13 18:07:34 2004 GMT',
'SERVER_PORT' => '443',
'SSL_SERVER_S_DN_C' => 'CA',
'SSL_SERVER_A_KEY' => 'rsaEncryption',
'REMOTE_ADDR' => '24.179.181.36',
'SSL_CIPHER' => 'DHE-RSA-AES256-SHA',
'SERVER_PROTOCOL' => 'HTTP/1.1',
'REQUEST_URI' =>
'/perl/multi_cs.cgi?datecontrol1=&datecontrol2=&rm=order_display&ord_num=&old_ord_num=&cu_phone_raw=&postal=&cu_lastname=&cu_firstname=&cu_address1=&cu_city=&cu_st_prov=n%2Fa&cu_countrycode=--&cu_email=&quantity_ordered=&product_name=0&username=&Submit=Go+Search&month=0&day=0&year=0&endmonth=0&endday=0&endyear=0&orderby=orders.ord_date',
'SSL_SERVER_M_VERSION' => '3',
'SSL_SERVER_I_DN' => '/C=US/O=Equifax/OU=Equifax Secure
Certificate Authority',
'SERVER_ADDR' => '24.90.29.168',
'HTTP_HOST' => 'dmcontact.com',
'MOD_PERL' => 'mod_perl/1.29'
};
$r->headers_in() Dump
$VAR1 = bless( {
'Accept' =>
'text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5',
'Accept-Charset' => 'ISO-8859-1,utf-8;q=0.7,*;q=0.7',
'Accept-Encoding' => 'gzip,deflate',
'Accept-Language' => 'en-us,en;q=0.5',
'Authorization' => 'Basic (crypted password here)',
'Cache-Control' => 'max-age=0',
'Connection' => 'keep-alive',
'Host' => 'dmcontact.com',
'Keep-Alive' => '300',
'Referer' =>
'https://dmcontact.com/perl/multi_cs.cgi?rm=order_search',
'User-Agent' => 'Mozilla/5.0 (Windows; U; Windows NT
5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0'
But where is the user? I can get the password from Authorization, the
username is getting recorded in the Access log, so I know it does exist and
Apache knows about it.
I am lost, this is pretty important for this app too :(
Thanks,
Eric
Re: user with Basic Auth
Posted by Eric <ef...@kwinternet.com>.
At 01:51 PM 7/4/2005, Markus Wichitill wrote:
>Eric wrote:
>>>Do you have "SSLOptions FakeBasicAuth" enabled? That would probably
>>>overwrite the normal $r->user with the name from the SSL client
>>>certificate (non-existent in your case).
>>No, I just have this:
>><Files ~ "\.(cgi|shtml|phtml|php3?)$">
>> SSLOptions +StdEnvVars
>></Files>
>
>And are you sure it's not inherited from somewhere else? Try "SSLOptions
>+StdEnvVars -FakeBasicAuth".
I did try that. Still no user. It looks like everything else that I could
want is in the %ENV, but not that.
>>I should end up with a user in that case anyway, it would just be the
>>wrong from some part of the cert info.
>
>According to your env dump, there's no client certificate, so there's no
>name. Client certs are not commonly used, only server certs.
Ok, at least that much more makes sense then.
Thanks,
Eric
Re: user with Basic Auth
Posted by Markus Wichitill <ma...@gmx.de>.
Eric wrote:
>> Do you have "SSLOptions FakeBasicAuth" enabled? That would probably
>> overwrite the normal $r->user with the name from the SSL client
>> certificate (non-existent in your case).
>
> No, I just have this:
>
> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
> SSLOptions +StdEnvVars
> </Files>
And are you sure it's not inherited from somewhere else? Try "SSLOptions
+StdEnvVars -FakeBasicAuth".
> I should end up with a user in that case anyway, it would just be the
> wrong from some part of the cert info.
According to your env dump, there's no client certificate, so there's no
name. Client certs are not commonly used, only server certs.
Re: user with Basic Auth
Posted by Eric <ef...@kwinternet.com>.
At 01:16 PM 7/4/2005, Markus Wichitill wrote:
>Eric wrote:
>>Since our move from a internal office machine that was not using SSL to
>>an outside machine that is, I have not been able to get the Basic user's name.
>
>Do you have "SSLOptions FakeBasicAuth" enabled? That would probably
>overwrite the normal $r->user with the name from the SSL client
>certificate (non-existent in your case).
No, I just have this:
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
I should end up with a user in that case anyway, it would just be the wrong
from some part of the cert info.
I did find one post that complained about a CGI env where +StdEnvVars
seemed to break %ENV, but removing this directive made no difference. I am
calling a .cgi named script, so the above section would apply.
>>my $r = Apache->request(); #
>>my $c = $r->connection;
>>my $user = $c->user();
>
>BTW, non-deprecated and mp2-compatible version:
>
>my $r = shift @_;
>my $user = $r->user;
I am still breaking skulls with my hands, while you guys have moved up to
using femurs :) (See 2001)
Thanks,
Eric
Re: user with Basic Auth
Posted by Markus Wichitill <ma...@gmx.de>.
Eric wrote:
> Since our move from a internal office machine that was not using SSL to
> an outside machine that is, I have not been able to get the Basic user's
> name.
Do you have "SSLOptions FakeBasicAuth" enabled? That would probably
overwrite the normal $r->user with the name from the SSL client certificate
(non-existent in your case).
> my $r = Apache->request(); #
> my $c = $r->connection;
> my $user = $c->user();
BTW, non-deprecated and mp2-compatible version:
my $r = shift @_;
my $user = $r->user;