Authorization module is not working
am 08.01.2009 00:21:14 von odysseasThis is a multi-part message in MIME format.
------=_NextPart_000_0349_01C970F4.BA059930
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
I am trying to accomplish authorization of users using client certificates
for authenticating users and a database of valid DN's for authorization. As
a first step the only thing I am trying to do is verify that my
authorization module has been correctly installed. So, before I attempt to
write the database code to verify if a given certificate has access to the
web content, I am returning for all requests the constant FORBIDDEN. The
problem I am having is that regardless of what the module returns, the user
is still presented with the page. I know that the handler is invoked because
I see the logged statements in the log file for the requested page.
I am really not sure what else to try. The fact that the user is allowed to
access the page despite the fact that the module returns FORBIDDEN indicates
that another module is approving the request but I have minimized the
configuration file down to the bare minimum to make sure that nothing else
is interfering. Any help with this would be very much appreciated.
Thanks,
Odysseas
I have configured the module as follows:
AuthName "Certificate Authentication"
AuthType Basic
SSLVerifyClient require
SSLRequireSSL
PerlAuthenHandler Apache::OK
PerlAuthzHandler Apache::CertAuthz
require valid-user
And the module CertAuthz looks like the following:
package Apache::CertAuthz;
# use strict;
use mod_perl ();
use Apache::Log ();
use Apache::URI ();
$Apache::CertAuthz::VERSION = '0.01';
my %is_installed = ();
my $Is_Win32 = ($^O eq "MSWin32");
{
local $SIG{__DIE__};
%is_installed = map {
$_, (eval("require $_") || 0);
} qw (Data::Dumper Devel::Symdump B Apache::Request Apache::Peek
Apache::Symbol);
}
use vars qw($newQ);
if ($is_installed{"Apache::Request"}) {
$newQ ||= sub { Apache::Request->new(@_) };
}
else {
$is_installed{"CGI"} = eval("require CGI") || 0;
$newQ ||= sub { CGI->new; };
}
sub handler {
my($r) = @_;
my $log = $r->log;
return FORBIDDEN unless $r->is_main;
my $subr = $r->lookup_uri($r->uri);
my $dn = $subr->subprocess_env('SSL_CLIENT_S_DN');
$r->log_reason("In CertAuthz a certificate must be provided with a DN of
$dn.", $r->filename);
return FORBIDDEN;
}
1;
__END__
------=_NextPart_000_0349_01C970F4.BA059930
Content-Type: application/ms-tnef;
name="winmail.dat"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="winmail.dat"
eJ8+Ig8XAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcA GAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQOQBgCsCQAAIAAAAAsAAgABAAAAAwAmAAAA AAAeAHAAAQAAACQA
AABBdXRob3JpemF0aW9uIG1vZHVsZSBpcyBub3Qgd29ya2luZwACAXEAAQAA ABYAAAAByXEeooyA
LiwnL2pJA5UIZLQ60sjYAAALAAEOAAAAAAIBCg4BAAAAGAAAAAAAAACOLBXr ViQ2Tr5xPxIP+onp
woAAAAMAFA4BAAAAHgAoDgEAAAAzAAAAMDAwMDAwMDQBb2R5c3NlYXNAc3lz bmV0aW50LmNvbQFt
YWlsLnN5c25ldGludC5jb20AAB4AKQ4BAAAAMwAAADAwMDAwMDA0AW9keXNz ZWFzQHN5c25ldGlu
dC5jb20BbWFpbC5zeXNuZXRpbnQuY29tAAACAQkQAQAAAEwGAABIBgAADAsA AExaRnU2JI0dAwAK
AHJjcGcxMjUWMgD4C2BuDhAwMzNPAfcCpAPjAgBjaArAc/BldDAgBxMCgwBQ A9XtEXV9CoAAACoJ
sAnwBJDUYXQFsVIN4GgJgAHQACA1LjUwLjk5Ti4B0BTQAoBcdgiQd9JrC4Bk NAxgYwBQCwMHC7YK
sQqEZCBJIGGgbSB0cnkLgGcYQGpvGBBjBaBtC1AEAGiRGBB1dGgFsGl6E9CC aQIgIG9mIHURIHcR
EBqhGIJjGVAJ8AVAY/sEkBowZg3gE9AHkQIQBcB/GaIboRxCGIIatABwF+Bh bCBkE9ABoGERIBpy
dsUHQGkX4EROJxyYGefuLhFgHiEcoGkREAVAIcAcZXAYQBRQGnBubHn3IjEY ghgNZBjQBAAfUAZy
cyKyE9AgbSKwGawEYXXubB8QEPAEIGIJ4RtgBbD5CXBjdCKhC4AhwAdAJpDi ZCEgU28sJvEcsR8Q
uxgBAkBlGTAFQBjBdwUQ/xxwIjMepwWgAQAYsiSFBpD5HnFnaSSAJzEb+Caz GPGPB5AEIBjBIkJ3
ZWInQd8CMBuhKMAYAwlwdAhwAwDvGJEcsyhAL+FxClAhwC5BDyJRLxEoERux Rk9SQqBJRERFTiEg
VCJR/nADYAJgKaAX9BDwFaAYkfckUSTzCXBnCxEmkAQRGoHedyUCIkImVS/0 cyjAIkL/GrIkQiHA
AxADIDNgB5Abof8JgCoQKkAZgCJCCrATgCEg8RgAa25vB+Ak8yJCEPCPFgAm kDgDC4B2b2s5IX8n
ABxQGrEX8REgKmQJAGf/E4AX4CgRKZEboTvSPUYhgf8mkRyyIkIxFTkhOeMX SAqA/y+lKDEisDpw
IdEIcC6xJQK8ZWwfAS5iGGAzBGYA0P82MjYlN9YoMTqAOSEYxC4j9zm1HpAH kHAqRkScNpwyaP0n
4WQcRSTzAHBCsBRQBcD7JlVFwnAzYTRTP/km8Bmw/xfxNDE2cQuAB3AaAEZC MbS9HDBnCHAaJD9j
JCB3PsHvLnQe4CkhTvN1GDEY0ADA/zwwQtQk80vSGIJDgzvDHHDccmYGcQ8g ISFuIrAUUK5sIiA5
VSRRdwhgbDxS/yRyIrBSUBDgTNMFkAcwORE3QRszIABwazdgF0RPZP55BBBC QBCwQTtOo0/WT2VP
JlUm0QIQRgJzOkEqPExMbx1yGlEvPhdEIDVf0UEZsU4YIB8QIkMvLQlgEh02 AiAiX3xUeTpwHxBC
HvAN4F94U1N0TFYkk0MbhDESIaBl3WPrUmWUZIFfeFAEkAcANR0DSDtVQQqw FEE6OuRPS2dvaHpo
rmCyaqO3X3hlhR9ULRqyXlUvXsb/X2AL4RYgF1QSAxcrArFVcf9ce2v3PYE8 IAQgGVBS4Ugjb12D
GIFd62kxa0dia387/RdEIxqiIeEFECegduU8so0EYV9jYGggICgpeBmfaSZe wBigeV9pYlVSGAAb
eucXRCR132mAVkVSiFNJT0qwPSAnFOBYMDEnfJslQSUEAF9PJ/d/EXrnJUEk SYDAV4kLgDMygXIk
Xk9DcO5xYJAF4IKjInyHAABfh1cJABxQAyAkftBHhLBfkF9ESUWGMFx9duU/ X9KArgDAIiCEtgyC
JF/JKMAoZR9hKCJtJolwwYQgIHx8IDB69l/SyYagIHEH4ChEHrFpgP5EUmB5 AR+wicBDgGmABrH/
JnAZMGOAaRdmwk4CaSZoAPxla2kXBrR8hxWAQTk8sp8fYBrhjCCDIBOgd1F8 jG8sQYMggLqEsCKO
TWJQff+K0IS6kxOK4X8gQuAu8ISwiY4+LT6TIShAX5ahH4a2kXZDg5bLlJ1D R0n/lnF/EYnMnUKK
1IbJl4+dQf2ZgzuaH0F1mCI7RoS6JUD9gyByitB/IJngfJukZIJQ/z8ifyCk 0JmAPZGLSmyZMBL9
Sil1IpAuIqcCgLEAwAuAP6VfgjKYIQXApuY8IHVwfl8IcaTBmYAIcYs6gjJk fwOgpuGsQpmAmCEz
YS4SXxEJ8HYoJ2SBX0NM4YZgTlRfU4ZAH9B8jGufw6cUX0IxcwIgigBJ/wOg cmgegCz6UlBOEjND
FaA/AQA5NR6AH8Aacq8BLiL3KMCnAj9ibmBhizqozqHf3RdiMXybhjAy4ESG gRdTBRMRAL2wAwDe
P59OAAADAAlZAwAAAAsAAoAIIAYAAAAAAMAAAAAAAABGAAAAAAOFAAAAAAAA AwAEgAggBgAAAAAA
wAAAAAAAAEYAAAAAEIUAAAAAAAADABaACCAGAAAAAADAAAAAAAAARgAAAAAB hQAAAAAAAAsAQIAI
IAYAAAAAAMAAAAAAAABGAAAAAAaFAAAAAAAACwBEgAggBgAAAAAAwAAAAAAA AEYAAAAADoUAAAAA
AAADAEeACCAGAAAAAADAAAAAAAAARgAAAAAYhQAAAAAAAAsAXIAIIAYAAAAA AMAAAAAAAABGAAAA
AIKFAAAAAAAACwAfDgEAAAACAfgPAQAAABAAAACOLBXrViQ2Tr5xPxIP+onp AgH6DwEAAAAQAAAA
jiwV61YkNk6+cT8SD/qJ6QMA/g8FAAAAAwANNP0/BQADAA80/T8FAAIBFDQB AAAAEAAAAE5JVEH5
v7gBAKoAN9luAAACAX8AAQAAADEAAAAwMDAwMDAwMDhFMkMxNUVCNTYyNDM2 NEVCRTcxM0YxMjBG
RkE4OUU5ODRBRjJEMDAAAAAAAwAGEF+Uu3ADAAcQ5AYAAAMAEBAAAAAAAwAR EAIAAAAeAAgQAQAA
AGUAAABJQU1UUllJTkdUT0FDQ09NUExJU0hBVVRIT1JJWkFUSU9OT0ZVU0VS U1VTSU5HQ0xJRU5U
Q0VSVElGSUNBVEVTRk9SQVVUSEVOVElDQVRJTkdVU0VSU0FOREFEQVRBQkFT RU9GAAAAAM3V
------=_NextPart_000_0349_01C970F4.BA059930--