> This leads me to a problem: how do I "turn off" a hook,
> Whatever it is I need to do, I need to do in the access()
> hook.
In access, set a variable. Call it "skipauth".
Set it to 1 if you need to skip authorization.
In auth, first check skipauth. If it's true,
skip your authorization and return OK.
> Okay, so upon further inspection, it appears that
> there may not be an equivalent function for mod_perls
> set_handlers().
You don't need it for your simple case, of course,
but think how it easy it would be write. What exactly
does it need to do? You want to call different functions,
so clearly you need some variabe that tells which
function(s) to call, then later you call whichever
function designated by the variable. It would be
maybe four or five lines added to the typical hook
code. There may well be a simpler or better way -
I've only just started learning about Apache internals
myself and I'm not even a C programer - I'm a Perl guy.
But here's the simple implementation that came immediately
to mind for me:
typedef struct {
int (*uid_function_pointer)(request_rec *r);
} my_module_conf;
static int check_user_id_1(request_rec *r) __attribute__((cdecl));
static int check_user_id_2(request_rec *r) __attribute__((cdecl));
static int my_access_hook(request_rec *r) {
if (one) {
cfg->uid_function_pointer = &check_user_id_1;
} else {
cfg->uid_function_pointer = &check_user_id_2;
}
}
static int my_check_user (request_rec *r) {
return cfg->uid_function_pointer(r);
}
The code dynamically assigns ONE function to
be called in a later hook, of course. Better would
be for uid_function_pointer to be an array, list,
or table of some kind. Implementing that is left
as an exercise for the reader. If you're wanting
to do the same thing as an existing function in
mod_perl, you could look at the source of mod_perl
to see how they did it. That might give you some
ideas.
--
Ray Morris
supp...@bettercgi.com
Strongbox - The next generation in site security:
http://www.bettercgi.com/strongbox/
Throttlebox - Intelligent Bandwidth Control
http://www.bettercgi.com/throttlebox/
Strongbox / Throttlebox affiliate program:
http://www.bettercgi.com/affiliates/user/register.php
On 07/22/2009 04:43:08 AM, Ben Davies wrote:
> Okay, so upon further inspection, it appears that there may not be an
> equivalent function for mod_perls set_handlers().
>
> This leads me to a problem: how do I "turn off" a hook, especially,
> as
> the
> check_user() hook expects the r->user property to contain the
> username,
> meaning that the sending of a 403 happens before the check_user()
> hook
> is
> called. Whatever it is I need to do, I need to do in the access()
> hook.
>
> I was hoping it might be something as simple as removing my require
> entry
> from the require array. Has anyone had any experience with this? If
> so,
> could you comment on techniques?
>
> Cheers,
>
> Ben
>
>
> -----Original Message-----
> From: Ben Davies [mailto:bdav...@stickyeyes.com]
> Sent: 21 July 2009 14:49
> To: modules-dev@httpd.apache.org
> Subject: RE: Dynamicly insert 'require' into request
>
> > mod_perl just exposes the API to Perl programmers. Translate their
>
> > example
> > to C and it'll work without mod_perl.
>
> Excellent! Just what I was hoping for! Any clues as to the C
> equivalent of
> set_handler()? I've been looking in the apache header files and not
> found
> anything yet that matches.
>
> > You want C, my book takes you
> > through
> > developing a custom authentication/authorization handler.
>
> I know. I've been doing exactly that :) Great book by the way :)
>
> > If I understood your original question ("... conditional
> > authentication ... if
> > public access is granted"??) I could perhaps say something more
> > specific.
>
> A quick overview of what I want: if user requests a resource with a
> particular method, and that method is in a list of public accessible
> methods, then auth is not required. If not, then authn/authz is
> required.
> Simple as.
>
> I know there are other ways of doing this with Limit, for example,
> but
> my
> module adds a few bits and bobs to make management a bit easier (and
> extensible). I would however, appreciate your comments on the subject
> :)
>
> Cheers for confirming,
>
> Ben
>
>
> -----Original Message-----
> From: Nick Kew [mailto:n...@apache.org]
> Sent: 21 July 2009 14:36
> To: modules-dev@httpd.apache.org
> Subject: Re: Dynamicly insert 'require' into request
>
>
> On 21 Jul 2009, at 13:44, Ben Davies wrote:
>
> > I've just found something that does pretty much what I want but
> with
> > mod_perl. For an example, see 13.5 in the following chapter
> > (warning: link
> > is a PDF)
>
> mod_perl just exposes the API to Perl programmers. Translate their
> example
> to C and it'll work without mod_perl. You want C, my book takes you
> through
> developing a custom authentication/authorization handler.
>
> If I understood your original question ("... conditional
> authentication ... if
> public access is granted"??) I could perhaps say something more
> specific.
>
> --
> Nick Kew
>
>
