|
Rich Salz
rsalz at zolera.com
Tue Feb 26 18:38:39 EST 2002
Okay, let me try to be more explicit.
We use SWIG (www.swig.org). SWIG can parse header files and generate
modules for various scripting languages, including Python. So, for
example, a SWIG interface file might say
int UsingSSL(request_rec* r);
char* GetClientDN(request_rec* r);
and so on. The actual implementation of those functions tend to be
fairly short Apache ap_xxx calls, such as
int
UsingSSL(request_rec* r)
{
return ap_ctx_get(r->connection->client->ctx, "ssl") != NULL;
}
We can create an Apache module that has our "swigged" extensions, and
build that into Apache. (Or make it a shared library, DSO, whatever.)
The only "trick" is how to get that request_rec pointer. It turns out
to be not that hard, because SWIG actually uses strings to represent
pointers.
So, we patched mod_python to add a new method to the mod_python request
object; this new method returns a swig-compatible pointer(string) up to
Python. From python code, then, we can call the SWIG functions we wrote
as described above.
So, in our case,
from zolera import pyssl
h = req.get_swig_handle()
if h.UsingSSL():
dn = h.GetClientDN()
else:
return Apache.Unauthorized
We have found it easier (again, since we were already using SWIG), to
just add the one function to mod_python, and then to use SWIG for
everything else.
Hope this helps.
/r$
--
Zolera Systems, Securing web services (XML, SOAP, Signatures,
Encryption)
http://www.zolera.com
|