Loading ...
Sorry, an error occurred while loading the content.

user with Basic Auth

Expand Messages
  • Eric
    Hi, I am using CGI::Application under mod_perl 1.29/with mod_ssl on a Solaris 10 machine. Since our move from a internal office machine that was not using SSL
    Message 1 of 5 , Jul 4, 2005
    • 0 Attachment
      Hi,

      I am using CGI::Application under mod_perl 1.29/with mod_ssl on a Solaris
      10 machine.
      Since our move from a internal office machine that was not using SSL to an
      outside machine that is, I have not been able to get the Basic user's name.
      I think I have tried just about everything, including the correct way. That
      should be, if the ENV doesn't work, then I should be able to use
      Apache::Request to get the info, I had to do that with the IP address a
      long while back for example.

      But this doesn't work:

      my $r = Apache->request(); #
      my $c = $r->connection;
      my $user = $c->user();
      warn "REMOTE USER IS,$user";

      And I get nothing for the $user.

      So I tried this:

      my $r = Apache->request(); #
      my $headers = $r->headers_in();
      warn Dumper \%ENV;
      warn Dumper $headers;

      my $c = $r->connection;
      my $user = $c->user();
      warn "REMOTE USER IS,$user";

      Output...


      %ENV dump
      'SSL_SESSION_ID' =>
      '48E61FD73981E09104082EFFB995DCB4B5941ACD63B4DE189280B2A1A609029C6',
      'SCRIPT_NAME' => '/perl/multi_cs.cgi',
      'SSL_PROTOCOL' => 'SSLv3',
      'REQUEST_METHOD' => 'GET',
      'HTTP_ACCEPT' =>
      'text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5',
      'SCRIPT_FILENAME' => '/usr/local/apachessl/perl/multi_cs.cgi',
      'SSL_VERSION_LIBRARY' => 'OpenSSL/0.9.7d',
      'SSL_VERSION_INTERFACE' => 'mod_ssl/2.8.19',
      'SSL_CLIENT_VERIFY' => 'NONE',
      'SSL_SERVER_S_DN_ST' => 'British Columbia',
      'SERVER_SOFTWARE' => 'Apache/1.3.31 (Unix) mod_perl/1.29
      mod_ssl/2.8.19 OpenSSL/0.9.7d',
      'SSL_SERVER_I_DN_OU' => 'Equifax Secure Certificate Authority',
      'QUERY_STRING' =>
      'datecontrol1=&datecontrol2=&rm=order_display&ord_num=&old_ord_num=&cu_phone_raw=&postal=&cu_lastname=&cu_firstname=&cu_address1=&cu_city=&cu_st_prov=n%2Fa&cu_countrycode=--&cu_email=&quantity_ordered=&product_name=0&username=&Submit=Go+Search&month=0&day=0&year=0&endmonth=0&endday=0&endyear=0&orderby=orders.ord_date',
      'REMOTE_PORT' => '4398',
      'HTTP_USER_AGENT' => 'Mozilla/5.0 (Windows; U; Windows NT 5.0;
      en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0',
      'SSL_SERVER_S_DN_CN' => 'dmcontact.com',
      'SERVER_SIGNATURE' => '<ADDRESS>Apache/1.3.31 Server at
      dmcontact.com Port 443</ADDRESS>
      ',
      'SSL_SERVER_S_DN_L' => 'Victoria',
      'HTTP_CACHE_CONTROL' => 'max-age=0',
      'HTTP_ACCEPT_LANGUAGE' => 'en-us,en;q=0.5',
      'HTTP_KEEP_ALIVE' => '300',
      'SSL_SERVER_A_SIG' => 'sha1WithRSAEncryption',
      'PATH' =>
      '/usr/sbin:/usr/bin:/usr/ccs/bin:/usr/openwin/bin:/usr/dt/bin:/usr/platform/i86pc/sbin:/opt/sun/bin:/usr/local/mysql/bin:/usr/sfw/bin:/opt/SUNWvts/bin:/opt/SUNWexplo/bin',
      'GATEWAY_INTERFACE' => 'CGI-Perl/1.1',
      'SSL_CIPHER_USEKEYSIZE' => '256',
      'HTTPS' => 'on',
      'SSL_CIPHER_ALGKEYSIZE' => '256',
      'DOCUMENT_ROOT' => '/usr/local/apachessl/htdocs',
      'SSL_SERVER_M_SERIAL' => '051E24',
      'SSL_CIPHER_EXPORT' => 'false',
      'SSL_SERVER_S_DN_O' => 'DM Contact Management Ltd.',
      'SSL_SERVER_S_DN' => '/C=CA/ST=British Columbia/L=Victoria/O=DM
      Contact Management Ltd./CN=dmcontact.com',
      'SERVER_NAME' => 'dmcontact.com',
      'SSL_SERVER_I_DN_O' => 'Equifax',
      'HTTP_REFERER' =>
      'https://dmcontact.com/perl/multi_cs.cgi?rm=order_search',
      'HTTP_ACCEPT_ENCODING' => 'gzip,deflate',
      'PERL_SEND_HEADER' => 'On',
      'SERVER_ADMIN' => 'eric@...',
      'HTTP_CONNECTION' => 'keep-alive',
      'SSL_SERVER_V_END' => 'Oct 14 18:07:34 2005 GMT',
      'SSL_SERVER_I_DN_C' => 'US',
      'HTTP_ACCEPT_CHARSET' => 'ISO-8859-1,utf-8;q=0.7,*;q=0.7',
      'TZ' => 'US/Pacific',
      'SSL_SERVER_V_START' => 'Oct 13 18:07:34 2004 GMT',
      'SERVER_PORT' => '443',
      'SSL_SERVER_S_DN_C' => 'CA',
      'SSL_SERVER_A_KEY' => 'rsaEncryption',
      'REMOTE_ADDR' => '24.179.181.36',
      'SSL_CIPHER' => 'DHE-RSA-AES256-SHA',
      'SERVER_PROTOCOL' => 'HTTP/1.1',
      'REQUEST_URI' =>
      '/perl/multi_cs.cgi?datecontrol1=&datecontrol2=&rm=order_display&ord_num=&old_ord_num=&cu_phone_raw=&postal=&cu_lastname=&cu_firstname=&cu_address1=&cu_city=&cu_st_prov=n%2Fa&cu_countrycode=--&cu_email=&quantity_ordered=&product_name=0&username=&Submit=Go+Search&month=0&day=0&year=0&endmonth=0&endday=0&endyear=0&orderby=orders.ord_date',
      'SSL_SERVER_M_VERSION' => '3',
      'SSL_SERVER_I_DN' => '/C=US/O=Equifax/OU=Equifax Secure
      Certificate Authority',
      'SERVER_ADDR' => '24.90.29.168',
      'HTTP_HOST' => 'dmcontact.com',
      'MOD_PERL' => 'mod_perl/1.29'
      };

      $r->headers_in() Dump

      $VAR1 = bless( {
      'Accept' =>
      'text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5',
      'Accept-Charset' => 'ISO-8859-1,utf-8;q=0.7,*;q=0.7',
      'Accept-Encoding' => 'gzip,deflate',
      'Accept-Language' => 'en-us,en;q=0.5',
      'Authorization' => 'Basic (crypted password here)',
      'Cache-Control' => 'max-age=0',
      'Connection' => 'keep-alive',
      'Host' => 'dmcontact.com',
      'Keep-Alive' => '300',
      'Referer' =>
      'https://dmcontact.com/perl/multi_cs.cgi?rm=order_search',
      'User-Agent' => 'Mozilla/5.0 (Windows; U; Windows NT
      5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0'

      But where is the user? I can get the password from Authorization, the
      username is getting recorded in the Access log, so I know it does exist and
      Apache knows about it.

      I am lost, this is pretty important for this app too :(


      Thanks,

      Eric
    • Markus Wichitill
      ... Do you have SSLOptions FakeBasicAuth enabled? That would probably overwrite the normal $r- user with the name from the SSL client certificate
      Message 2 of 5 , Jul 4, 2005
      • 0 Attachment
        Eric wrote:
        > Since our move from a internal office machine that was not using SSL to
        > an outside machine that is, I have not been able to get the Basic user's
        > name.

        Do you have "SSLOptions FakeBasicAuth" enabled? That would probably
        overwrite the normal $r->user with the name from the SSL client certificate
        (non-existent in your case).

        > my $r = Apache->request(); #
        > my $c = $r->connection;
        > my $user = $c->user();

        BTW, non-deprecated and mp2-compatible version:

        my $r = shift @_;
        my $user = $r->user;
      • Eric
        ... No, I just have this: SSLOptions +StdEnvVars I should end up with a user in that case anyway, it would just
        Message 3 of 5 , Jul 4, 2005
        • 0 Attachment
          At 01:16 PM 7/4/2005, Markus Wichitill wrote:
          >Eric wrote:
          >>Since our move from a internal office machine that was not using SSL to
          >>an outside machine that is, I have not been able to get the Basic user's name.
          >
          >Do you have "SSLOptions FakeBasicAuth" enabled? That would probably
          >overwrite the normal $r->user with the name from the SSL client
          >certificate (non-existent in your case).

          No, I just have this:

          <Files ~ "\.(cgi|shtml|phtml|php3?)$">
          SSLOptions +StdEnvVars
          </Files>

          I should end up with a user in that case anyway, it would just be the wrong
          from some part of the cert info.

          I did find one post that complained about a CGI env where +StdEnvVars
          seemed to break %ENV, but removing this directive made no difference. I am
          calling a .cgi named script, so the above section would apply.



          >>my $r = Apache->request(); #
          >>my $c = $r->connection;
          >>my $user = $c->user();
          >
          >BTW, non-deprecated and mp2-compatible version:
          >
          >my $r = shift @_;
          >my $user = $r->user;


          I am still breaking skulls with my hands, while you guys have moved up to
          using femurs :) (See 2001)


          Thanks,

          Eric
        • Markus Wichitill
          ... And are you sure it s not inherited from somewhere else? Try SSLOptions +StdEnvVars -FakeBasicAuth . ... According to your env dump, there s no client
          Message 4 of 5 , Jul 4, 2005
          • 0 Attachment
            Eric wrote:
            >> Do you have "SSLOptions FakeBasicAuth" enabled? That would probably
            >> overwrite the normal $r->user with the name from the SSL client
            >> certificate (non-existent in your case).
            >
            > No, I just have this:
            >
            > <Files ~ "\.(cgi|shtml|phtml|php3?)$">
            > SSLOptions +StdEnvVars
            > </Files>

            And are you sure it's not inherited from somewhere else? Try "SSLOptions
            +StdEnvVars -FakeBasicAuth".

            > I should end up with a user in that case anyway, it would just be the
            > wrong from some part of the cert info.

            According to your env dump, there's no client certificate, so there's no
            name. Client certs are not commonly used, only server certs.
          • Eric
            ... I did try that. Still no user. It looks like everything else that I could want is in the %ENV, but not that. ... Ok, at least that much more makes sense
            Message 5 of 5 , Jul 4, 2005
            • 0 Attachment
              At 01:51 PM 7/4/2005, Markus Wichitill wrote:
              >Eric wrote:
              >>>Do you have "SSLOptions FakeBasicAuth" enabled? That would probably
              >>>overwrite the normal $r->user with the name from the SSL client
              >>>certificate (non-existent in your case).
              >>No, I just have this:
              >><Files ~ "\.(cgi|shtml|phtml|php3?)$">
              >> SSLOptions +StdEnvVars
              >></Files>
              >
              >And are you sure it's not inherited from somewhere else? Try "SSLOptions
              >+StdEnvVars -FakeBasicAuth".

              I did try that. Still no user. It looks like everything else that I could
              want is in the %ENV, but not that.



              >>I should end up with a user in that case anyway, it would just be the
              >>wrong from some part of the cert info.
              >
              >According to your env dump, there's no client certificate, so there's no
              >name. Client certs are not commonly used, only server certs.

              Ok, at least that much more makes sense then.

              Thanks,

              Eric
            Your message has been successfully submitted and would be delivered to recipients shortly.