>>> On 1/7/2008 at 4:56 AM, in message
<[EMAIL PROTECTED]>, "Rolf Banting"
<[EMAIL PROTECTED]> wrote:
>>
>> My immediate aim is to test Isaac's UDP support patch with mod_perl - I
>> want to make a case for apache as a viable alternative for our service
>> platform and udp support is essential. If I can get the mod_perl test suite
>> to pass I increase the credibility of my proposal.
>
>
> The mod_perl tests that use ap_requires are quite simple - the Require
> lines are retrieved via ap_requires and then the values compared against
> data in the current request. Example:
>
> In the conf:
>
> Require user goo bar
> Require group bar tar
>
> In the test code:
>
> # extract just the requirement entries
> my %require =
> map { my ($k, $v) = split /\s+/, $_->{requirement}, 2; ($k, $v||'') }
> @{ $r->requires };
> debug \%require;
>
> ....
>
> return Apache2::Const::SERVER_ERROR unless $require{user} eq $users;
> return Apache2::Const::SERVER_ERROR unless $require{group} eq $groups;
>
> $require{user} should be 'goo bar'
> $require{group} should be 'bar tar'
>
> I don't yet have much detailed knowledge of the httpd code - my naive
> interpretation is that ap_requires returned a list of require_line structs
> where the 'requirement' field is
> everything after the 'Require' in the config line. If there was some
> way to get a list of the Require statements in the conf file it would
> be an easy matter to re-jig the test code.
>
> I suppose I could parse the config file directly (e.g. with Config::General
> )
> to get the Require lines - but I would prefer to use any in-built httpd
> support if possible.
>
> From my naive perspective I'd offer that per-directory queries for
> configuration
> information such as all Require statements are useful things to have.
>
The problem is that the Require statements are no longer stored as a list of
require_line structs so retrieving them as such isn't possible. The Require
statements are added to a logic tree as they are read from the configuration
and then whenever authorization is done for that <Directory>, the logic tree is
traversed and a result is returned. Obviously if there is only a single
Require statement in the <Directory>, the logic tree would be very simple, but
this isn't something that you can count on. The authorization logic could be
anything. As far as the configuration file is concerned, it could look like
anything from
Require User goo bar
Require Group bar tar
which would be interpreted as:
if (User == 'goo') || (User == 'bar') || (Group == 'bar') || (Group == 'tar')
then
allow
else
deny
to:
Require User goo
<SatisfyAll>
Require Group foo
<SatisfyOne>
Require User bar
Require Group tar
</SatisfyOne>
</SatisfyAll>
which is interpreted as:
If (user == 'goo') || (group == 'foo' && (User == 'bar' || Group == 'tar'))
then
Allow
else
Deny
It appears that your test script doesn't really care about the authorization
result but rather if a Require statement simply exists with a given value. At
this point there isn't a way to get that information through an API. I guess
an API could be added that given a specific value would traverse the logic tree
to validate that a matching Require statement exists. But outside of the Perl
test, I'm not sure what usefulness an API like that would have.
Brad
