Using add_config to trigger authentication

Hi all,

I'm putting together a mp2 application where I'd like to trigger =
authentication from within a PerlTransHandler, and not from httpd.conf.

As I understand it, the following should work:

-----

use Apache2::RequestUtil ();

$r->add_config(['require valid-user']);

$r->push_handlers(PerlAuthenHandler =3D> 'My::App::Authen');
$r->push_handlers(PerlAuthzHandler =3D> 'My::App::Authz');

-----

But the authen handler doesn't get called. If I add the require line to =
httpd conf, it does.

I've tried including AuthName and AuthType in the call to add_config, =
moving this to a PerlPostReadRequestHandler, setting PerlOptions =
+GlobalRequest and other tricks, to no avail.

$r->get_handlers('PerlAuthenHandler') confirms that the handler is set, =
and $r->requires (using Apache2::Access) indicates that the valid-user =
requirement has actually been set.

I'm running mod_perl 2.0.4, perl 5.12.3 and Apache 2.2.17 on Fedora 14.

What am I missing? Is there something else that could prevent this from =
working, when it works just fine if I set requires in httpd.conf?

Any pointers would be very much appreciated!

Thanks,
Andrew.=

Re: Using add_config to trigger authentication

On Wednesday, March 23, 2011 14:24:11 Andrew Green wrote:
> I'm putting together a mp2 application where I'd like to trigger
> authentication from within a PerlTransHandler, and not from httpd.conf.
>=20
> As I understand it, the following should work:
>=20
> -----
>=20
> use Apache2::RequestUtil ();
>=20
> $r->add_config(['require valid-user']);
>=20
> $r->push_handlers(PerlAuthenHandler =3D> 'My::App::Authen');
> $r->push_handlers(PerlAuthzHandler =3D> 'My::App::Authz');

This won't work in a PerlTransHandler because between trans and maptostorag=
e=20
the request configuration made so far is thrown away and reset to the defau=
lt=20
server config. Move those lines to a PerlMapToStorage handler and it should=
=20
work assuming that there are no other directives overriding them in .htacce=
ss=20
files or similar.

Torsten Förtsch

=2D-=20
Need professional modperl support? Hire me! (http://foertsch.name)

Like fantasy? http://kabatinte.net

Re: Using add_config to trigger authentication

Hi,

On 23 Mar 2011, at 13:42, Torsten Förtsch wrote:

>> I'm putting together a mp2 application where I'd like to trigger
>> authentication from within a PerlTransHandler, and not from =
httpd.conf.
>=20
> This won't work in a PerlTransHandler because between trans and =
maptostorage=20
> the request configuration made so far is thrown away and reset to the =
default=20
> server config. Move those lines to a PerlMapToStorage handler and it =
should=20
> work assuming that there are no other directives overriding them in =
..htaccess=20
> files or similar.

Thanks so much, Torsten -- you're a star!

Interestingly, adding a PerlMapToStorageHandler caused a segfault, but =
using a PerlHeaderParserHandler instead (with identical code) worked =
like a dream.

Cheers,
Andrew.

--=20
Andrew Green
Article Seven Limited
http://www.article7.co.uk/

Article Seven Limited is a registered company in England and Wales. =
Registered number: 5703656. Registered office: 73 Lassell Street, =
Greenwich, London, SE10 9PJ.

Re: Using add_config to trigger authentication

On Wednesday, March 23, 2011 15:26:48 Andrew Green wrote:
> Interestingly, adding a PerlMapToStorageHandler caused a segfault

Does your code by chance return Apache2::Const::OK? If so, try to change it=
to=20
DECLINED. A PerlMapToStorageHandler returning OK prevents the core map2stor=
age
handler to be run. Thus, $r->filename, $r->finfo and $r->pathinfo may be=20
unset. This may cause the segfault.

The problem with the PerlHeaderParserHandler is that it is skipped for=20
subrequests. That might in your case affect security.

Torsten Förtsch

=2D-=20
Need professional modperl support? Hire me! (http://foertsch.name)

Like fantasy? http://kabatinte.net

Re: Using add_config to trigger authentication

Hi Torsten,

On 23 Mar 2011, at 15:02, Torsten Förtsch wrote:

>> Interestingly, adding a PerlMapToStorageHandler caused a segfault
>=20
> Does your code by chance return Apache2::Const::OK? If so, try to =
change it to=20
> DECLINED.

Actually, even the following causes a segfault:

$r->push_handlers(PerlMapToStorageHandler =3D> =
Apache2::Const::DECLINED);


> The problem with the PerlHeaderParserHandler is that it is skipped for=20=

> subrequests. That might in your case affect security.

Thanks -- that's very useful to know.

Cheers,
Andrew.

--=20
Andrew Green
Article Seven Limited
http://www.article7.co.uk/

Article Seven Limited is a registered company in England and Wales. =
Registered number: 5703656. Registered office: 73 Lassell Street, =
Greenwich, London, SE10 9PJ.

Re: Using add_config to trigger authentication

Hi all,

On 23 Mar 2011, at 20:38, I wrote:

> Actually, even the following causes a segfault:
>=20
> $r->push_handlers(PerlMapToStorageHandler =3D> =
Apache2::Const::DECLINED);

Nope, I'm wrong -- that segfaults if I call it from a =
PerlPostReadRequestHandler, but not from a PerlTransHandler. I'd moved =
things around in my experiments earlier!

Thanks so much again for the help and advice.

Cheers,
Andrew.

--=20
Andrew Green
Article Seven Limited
http://www.article7.co.uk/

Article Seven Limited is a registered company in England and Wales. =
Registered number: 5703656. Registered office: 73 Lassell Street, =
Greenwich, London, SE10 9PJ.