PerlAuthenHandler & phpMyAdmin

Hello all,

Today I tried to limit access to phpMyAdmin using my own Authen.pm
module. It works well but not always. Looks like phpMyAdmin has
problems with HTTP post method if I enable my PerlAuthenHandler
Authen.pm. Otherwise phpMyAdmin and Authen.pm work well.

The error I get in phpMyAdmin is:
Fatal error: PMA_sendHeaderLocation called when headers are already
sent! in /opt/datajoy/www/lib/phpMyAdmin/libraries/common.lib.php on
line 650

I am not sure what causes this problem. It may be phpMyAdmin issue or
there is something wrong in my Authen.pm. But since my Authen.pm works
well when limiting access to directories/files and since I have no
problem with phpMyAdmin if I use .htaccess with password file
(AuthUserFile) I thought it might be mod_perl issue. Anyone else
noticed strange behaviour when using PerlAuthenHandler? It is the same
if I use PerlAccessHandler.

I hope someone can direct me where to look for solution.

Best regards,
Miha

Server software:
Apache/2.2.9 (Debian) PHP/5.2.6-5 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
I also noticed this problem in older versions of Apache, perl, mod_perl and php.

Bellow are my Apache settings for phpMyAdmin dir and Authen.pm module:


PerlSendHeader Off
AuthName DatajoyWebAuth
AuthType Basic
PerlAuthenHandler Datajoy::Authen
require valid-user



package Datajoy::Authen;

use strict;
use Apache2::Access ();
use Apache2::RequestUtil ();
use Apache2::Const -compile => qw(OK DECLINED HTTP_UNAUTHORIZED);

use Datajoy::Application;
use Datajoy::Config;

sub Authenticate {
my ($domain,$user,$pass,$file)=@_;
my $result=0;

my $app=Datajoy::Application->new();
$app->Db_Connect;

my $sth=$app->{dbh}->prepare("select users.org_id, users.id, pages.path
from domains,users,pages
where domains.page_id=pages.id and users.org_id=domains.org_id
and domains.domain=? and users.username=?");
$sth->execute($domain,$user);
my ($org_id,$user_id,$domain_path)=$sth->fetchrow_array;

if ($org_id && $user_id) {
my $auth=undef;
eval '$auth='.$app->{config}->{auth_module}.'->new($app)';
if (! $@) {
my ($logged_in,$uref)=$auth->Login($org_id,$user,$pass);
if ($logged_in>0) {
$result=1;
}
}
}

return $result;
}

sub handler {
my $r=shift;

my ($status,$pass)=$r->get_basic_auth_pw;

return $status unless $status == Apache2::Const::OK;

my $domain=$r->hostname();
my $user=$r->user;
my $file=$r->filename();

if (Authenticate($domain,$user,$pass,$file)) {
return Apache2::Const::OK;
} else {
$r->note_basic_auth_failure;
return Apache2::Const::HTTP_UNAUTHORIZED;
}

}

1;

Re: PerlAuthenHandler & phpMyAdmin

Usually, if you run into problems that only affect POST requests, that
means that somewhere earlier in the apache cycle there is something
consuming the posted data. Looking at the code you've posted though,
it's not immediately obvious that that is the problem, nor is it obvious
that it's actually the even related to the problem that phpMyAdmin is
displaying. That is something you can look into further though Perhaps
part of DataJoy::Application is reading the post variables out of STDIN.

Adam



Miha Lampret wrote:
> Hello all,
>
> Today I tried to limit access to phpMyAdmin using my own Authen.pm
> module. It works well but not always. Looks like phpMyAdmin has
> problems with HTTP post method if I enable my PerlAuthenHandler
> Authen.pm. Otherwise phpMyAdmin and Authen.pm work well.
>
> The error I get in phpMyAdmin is:
> Fatal error: PMA_sendHeaderLocation called when headers are already
> sent! in /opt/datajoy/www/lib/phpMyAdmin/libraries/common.lib.php on
> line 650
>
> I am not sure what causes this problem. It may be phpMyAdmin issue or
> there is something wrong in my Authen.pm. But since my Authen.pm works
> well when limiting access to directories/files and since I have no
> problem with phpMyAdmin if I use .htaccess with password file
> (AuthUserFile) I thought it might be mod_perl issue. Anyone else
> noticed strange behaviour when using PerlAuthenHandler? It is the same
> if I use PerlAccessHandler.
>
> I hope someone can direct me where to look for solution.
>
> Best regards,
> Miha
>
> Server software:
> Apache/2.2.9 (Debian) PHP/5.2.6-5 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
> I also noticed this problem in older versions of Apache, perl, mod_perl and php.
>
> Bellow are my Apache settings for phpMyAdmin dir and Authen.pm module:
>
>
> PerlSendHeader Off
> AuthName DatajoyWebAuth
> AuthType Basic
> PerlAuthenHandler Datajoy::Authen
> require valid-user
>
>
>
> package Datajoy::Authen;
>
> use strict;
> use Apache2::Access ();
> use Apache2::RequestUtil ();
> use Apache2::Const -compile => qw(OK DECLINED HTTP_UNAUTHORIZED);
>
> use Datajoy::Application;
> use Datajoy::Config;
>
> sub Authenticate {
> my ($domain,$user,$pass,$file)=@_;
> my $result=0;
>
> my $app=Datajoy::Application->new();
> $app->Db_Connect;
>
> my $sth=$app->{dbh}->prepare("select users.org_id, users.id, pages.path
> from domains,users,pages
> where domains.page_id=pages.id and users.org_id=domains.org_id
> and domains.domain=? and users.username=?");
> $sth->execute($domain,$user);
> my ($org_id,$user_id,$domain_path)=$sth->fetchrow_array;
>
> if ($org_id && $user_id) {
> my $auth=undef;
> eval '$auth='.$app->{config}->{auth_module}.'->new($app)';
> if (! $@) {
> my ($logged_in,$uref)=$auth->Login($org_id,$user,$pass);
> if ($logged_in>0) {
> $result=1;
> }
> }
> }
>
> return $result;
> }
>
> sub handler {
> my $r=shift;
>
> my ($status,$pass)=$r->get_basic_auth_pw;
>
> return $status unless $status == Apache2::Const::OK;
>
> my $domain=$r->hostname();
> my $user=$r->user;
> my $file=$r->filename();
>
> if (Authenticate($domain,$user,$pass,$file)) {
> return Apache2::Const::OK;
> } else {
> $r->note_basic_auth_failure;
> return Apache2::Const::HTTP_UNAUTHORIZED;
> }
>
> }
>
> 1;
>

Re: PerlAuthenHandler & phpMyAdmin

You are right. In Datajoy::Application I was using CGI.pm. Removing
"new CGI" code from Application.pm solved the problem.

Thank you for your help.

Best regards,
Miha

On Wed, Oct 22, 2008 at 8:49 PM, Adam Prime wrote:
> Usually, if you run into problems that only affect POST requests, that means
> that somewhere earlier in the apache cycle there is something consuming the
> posted data. Looking at the code you've posted though, it's not immediately
> obvious that that is the problem, nor is it obvious that it's actually the
> even related to the problem that phpMyAdmin is displaying. That is
> something you can look into further though Perhaps part of
> DataJoy::Application is reading the post variables out of STDIN.
>
> Adam
>
>
>
> Miha Lampret wrote:
>>
>> Hello all,
>>
>> Today I tried to limit access to phpMyAdmin using my own Authen.pm
>> module. It works well but not always. Looks like phpMyAdmin has
>> problems with HTTP post method if I enable my PerlAuthenHandler
>> Authen.pm. Otherwise phpMyAdmin and Authen.pm work well.
>>
>> The error I get in phpMyAdmin is:
>> Fatal error: PMA_sendHeaderLocation called when headers are already
>> sent! in /opt/datajoy/www/lib/phpMyAdmin/libraries/common.lib.php on
>> line 650
>>
>> I am not sure what causes this problem. It may be phpMyAdmin issue or
>> there is something wrong in my Authen.pm. But since my Authen.pm works
>> well when limiting access to directories/files and since I have no
>> problem with phpMyAdmin if I use .htaccess with password file
>> (AuthUserFile) I thought it might be mod_perl issue. Anyone else
>> noticed strange behaviour when using PerlAuthenHandler? It is the same
>> if I use PerlAccessHandler.
>>
>> I hope someone can direct me where to look for solution.
>>
>> Best regards,
>> Miha
>>
>> Server software:
>> Apache/2.2.9 (Debian) PHP/5.2.6-5 with Suhosin-Patch mod_perl/2.0.4
>> Perl/v5.10.0
>> I also noticed this problem in older versions of Apache, perl, mod_perl
>> and php.
>>
>> Bellow are my Apache settings for phpMyAdmin dir and Authen.pm module:
>>
>>
>> PerlSendHeader Off
>> AuthName DatajoyWebAuth
>> AuthType Basic
>> PerlAuthenHandler Datajoy::Authen
>> require valid-user
>>
>>
>>
>> package Datajoy::Authen;
>>
>> use strict;
>> use Apache2::Access ();
>> use Apache2::RequestUtil ();
>> use Apache2::Const -compile => qw(OK DECLINED HTTP_UNAUTHORIZED);
>>
>> use Datajoy::Application;
>> use Datajoy::Config;
>>
>> sub Authenticate {
>> my ($domain,$user,$pass,$file)=@_;
>> my $result=0;
>>
>> my $app=Datajoy::Application->new();
>> $app->Db_Connect;
>>
>> my $sth=$app->{dbh}->prepare("select users.org_id, users.id, pages.path
>> from domains,users,pages
>> where domains.page_id=pages.id and users.org_id=domains.org_id
>> and domains.domain=? and users.username=?");
>> $sth->execute($domain,$user);
>> my ($org_id,$user_id,$domain_path)=$sth->fetchrow_array;
>>
>> if ($org_id && $user_id) {
>> my $auth=undef;
>> eval '$auth='.$app->{config}->{auth_module}.'->new($app)';
>> if (! $@) {
>> my ($logged_in,$uref)=$auth->Login($org_id,$user,$pass);
>> if ($logged_in>0) {
>> $result=1;
>> }
>> }
>> }
>>
>> return $result;
>> }
>>
>> sub handler {
>> my $r=shift;
>>
>> my ($status,$pass)=$r->get_basic_auth_pw;
>>
>> return $status unless $status == Apache2::Const::OK;
>>
>> my $domain=$r->hostname();
>> my $user=$r->user;
>> my $file=$r->filename();
>>
>> if (Authenticate($domain,$user,$pass,$file)) {
>> return Apache2::Const::OK;
>> } else {
>> $r->note_basic_auth_failure;
>> return Apache2::Const::HTTP_UNAUTHORIZED;
>> }
>>
>> }
>>
>> 1;
>>
>
>