|
Conrad Steenberg
conrad at hep.caltech.edu
Tue Feb 26 15:40:23 EST 2002
Thanks, this helps clarify things.
Cheers!
Conrad
On Tue, 2002-02-26 at 15:38, Rich Salz wrote:
> Okay, let me try to be more explicit.
>
> We use SWIG (www.swig.org). SWIG can parse header files and generate
> modules for various scripting languages, including Python. So, for
> example, a SWIG interface file might say
> int UsingSSL(request_rec* r);
> char* GetClientDN(request_rec* r);
> and so on. The actual implementation of those functions tend to be
> fairly short Apache ap_xxx calls, such as
>
> int
> UsingSSL(request_rec* r)
> {
> return ap_ctx_get(r->connection->client->ctx, "ssl") != NULL;
> }
>
> We can create an Apache module that has our "swigged" extensions, and
> build that into Apache. (Or make it a shared library, DSO, whatever.)
>
> The only "trick" is how to get that request_rec pointer. It turns out
> to be not that hard, because SWIG actually uses strings to represent
> pointers.
>
> So, we patched mod_python to add a new method to the mod_python request
> object; this new method returns a swig-compatible pointer(string) up to
> Python. From python code, then, we can call the SWIG functions we wrote
> as described above.
>
> So, in our case,
> from zolera import pyssl
> h = req.get_swig_handle()
> if h.UsingSSL():
> dn = h.GetClientDN()
> else:
> return Apache.Unauthorized
>
> We have found it easier (again, since we were already using SWIG), to
> just add the one function to mod_python, and then to use SWIG for
> everything else.
>
> Hope this helps.
> /r$
> --
> Zolera Systems, Securing web services (XML, SOAP, Signatures,
> Encryption)
> http://www.zolera.com
--
*-----------------------------------------*
| Conrad Steenberg |
| Caltech, Mail Code 356-48 |
| Pasadena, CA, 91125 |
| e-mail: conrad at hep.caltech.edu |
| Tel: (626) 395-8758 |
*-----------------------------------------*
|