Dear mailing list, I have written a rather complex module which deals with authentication and authorization among other things. It checks for example for the existence of a valid kerberos ticket, it checks a mysql database for information which user is allowed to see which URL of a website. Later it filters out unwanted content or removes part of the content delivered to the user based on the id of the user.
I didn't want the module to be dependent on any "require ..." line and I found out these lines are essential for a module which uses the auth_checker hook. So I use some of the other hooks. The main authentication and authorization parts are done in ap_hook_access_checker. Below there's the part of the code which registers functions for the hooks. The module was first created for Apache 1.3, transferred to Apache 2.0 and is now used with Apache 2.2. But lately there seem to be some compatibility problems with Basic Authentication. In the past it was possible to use Basic Authentication and this module at the same time. Now this gives us some Error 401 although we have a "satisfy any" and an allowed IP address configured. After the code in the acess_checker phase is run and returns a HTTP_MOVED_TEMPORARILY the user is prompted with a password/login popup. This is not coming from my code. I guess it's coming from the module that implements Basic Authentication. So while I cannot give you an example snippet of code, because it's a complex module which I cannot boil down to a few lines of code, I hope you still have an idea what might be going wrong or in which direction I should analyse this. Any help is greatly appreciated. Thank you very much. ====================================================================== static void SumpfRegisterHooks(apr_pool_t *pool) { static const char * const Succ[] = { "mod_php.c", NULL }; // This is the hook that is called initially at the server start // after the configuration is read ap_hook_post_config(SumpfInit, NULL, NULL, APR_HOOK_MIDDLE); // or APR_HOOK_LAST ? // This is the hook that is called after reading each request ap_hook_post_read_request(SumpfStartPerRequest, NULL, NULL, APR_HOOK_MIDDLE); // or APR_HOOK_LAST ? // We cannot use the auth_checker hook, cause it depends on // 'require valid-user' in the configuration ap_hook_access_checker(SumpfAuthChecker, NULL, NULL, APR_HOOK_FIRST); // ap_hook_check_user_id(SumpfCheckUserID, NULL, NULL, APR_HOOK_MIDDLE); // auth_checker hook will only be used if we have a 'require ...' option // if we use the require option the basic auth module can't use it !!! ap_hook_auth_checker(SumpfCheckAuthorization, NULL, NULL, APR_HOOK_FIRST); // For Kerberos we cannot run in auth_checker phase because mod_auth_kerb // prevents this by returning OK, which means no other module is run here // So we run as first in fixup hook ap_hook_fixups(SumpfKerberosChecker, NULL, NULL, APR_HOOK_FIRST); // For PHP a normal hook_handler doesn't do anything, // presumably because mod_php ends with return(OK) // We need the hook_fixups !! ap_hook_fixups(SumpfHandleSpecialRequests, NULL, NULL, APR_HOOK_MIDDLE); // Not needed anymore 15.12.2006 // ap_hook_handler(SumpfSpecialURLs, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_insert_filter(SumpfInsertFilter, Succ, NULL, APR_HOOK_MIDDLE); ap_register_output_filter(SumpfFilterName, sumpf_filter, NULL, AP_FTYPE_RESOURCE); } ======================================================================= -- Sitepark Gesellschaft für Informationsmanagement mbH Rothenburg 14-16, 48143 Münster Telefon: +49 251 482655-0, Telefax: +49 251 482655-55 http://www.sitepark.com http://www.facebook.com/sitepark Geschäftsführer: Thorsten Liebold Amtsgericht Münster, HRB 5017