RE: Multiple authentication methods
At 17:21 13.02.2002 -0600, you wrote:
File::Spec is in included with the standard perl mods I believe
so dependencies shouldn't be a problem.
I see. You're right, this is actually much nicer!
Sorry for the misinformation. On debian it return : also. I made a
mistake checking it.
But with the suggested code by Per it works just fine:
sub load {
my $module=@_[0];
$module = File::Spec-catfile(split /::/, $module);
$module .= '.pm';
eval { require $module; };
return $@ ? 1 : 0;
}
Of course one has to put a use File::Spec at the beginning and a Per
Finar Ellefsen
That's Per Einar :)
I think this module is a great idea. You should get it on CPAN as soon as
possible.
--
Per Einar Ellefsen
[EMAIL PROTECTED]
Re: Multiple authentication methods
Hi Darren Would you submit the current version? If you need help with the Documentation just let me know. For the makefile, I do not have any experience. Marcel Am Mittwoch den, 13. Februar 2002, um 21:01, schrieb darren chamberlain: Quoting Marcel Weber [EMAIL PROTECTED] [13 Feb-02 14:53]: Why not submitting this somewhere? I think this could be usefull for quite a lot of people. I think this is cool, as you do not have to worry wether the module returns DECLINED or AUTH_REQUIRED. I can package this up and put it on CPAN as version 0.01 tomorrow morning, if that seems reasonable to everyone involved. I'll need to add some docs and a Makefile.PL, of course. (darren) -- To believe is very dull. To doubt is intensely engrossing. To be on alert is to live, to be lulled into security is to die. -- Oscar Wilde --- PGP / GPG Key: http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc
Re: Multiple authentication methods
Quoting Marcel Weber [EMAIL PROTECTED] [12 Feb-02 16:15]:
I don't get the point why it did not work the other way round,
but now everything is just fine now :
Make it a little more generic:
package Apache::MultiAuthen;
use strict;
use Apache::Constants qw(:common);
sub handler {
my $r = shift;
my($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
# Tweak this; unsure about dir_config returning an array
my @auth_modules = $r-dir_config(AuthModules);
for my $am (@auth_modules) {
load($am);
if ($@) {
$r-log(Error loading module '$am': $@);
next;
}
my $handler = \{$am\::handler};
if ($handler-($r) == OK) {
$r-log_reason($am return OK);
return OK
}
$r-log_reason($am not OK);
}
$r-note_basic_auth_failure;
return AUTH_REQUIRED;
}
sub load {
my $module = @_;
$module =~ s[::][/]g;
$module .= '.pm';
eval { require $module; };
return $@ ? 1 : 0;
}
1;
__END__
(darren)
--
Never attribute to malice that which is adequately explained by
incompetence.
-- Napolean Bonaparte
Re: Multiple authentication methods
shouldn't stacked handlers be the right solution here? are stacked auth
handlers not allowed or something?
aaron
On Wed, 2002-02-13 at 09:02, darren chamberlain wrote:
Quoting Marcel Weber [EMAIL PROTECTED] [12 Feb-02 16:15]:
I don't get the point why it did not work the other way round,
but now everything is just fine now :
Make it a little more generic:
package Apache::MultiAuthen;
use strict;
use Apache::Constants qw(:common);
sub handler {
my $r = shift;
my($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
# Tweak this; unsure about dir_config returning an array
my @auth_modules = $r-dir_config(AuthModules);
for my $am (@auth_modules) {
load($am);
if ($@) {
$r-log(Error loading module '$am': $@);
next;
}
my $handler = \{$am\::handler};
if ($handler-($r) == OK) {
$r-log_reason($am return OK);
return OK
}
$r-log_reason($am not OK);
}
$r-note_basic_auth_failure;
return AUTH_REQUIRED;
}
sub load {
my $module = @_;
$module =~ s[::][/]g;
$module .= '.pm';
eval { require $module; };
return $@ ? 1 : 0;
}
1;
__END__
(darren)
--
Never attribute to malice that which is adequately explained by
incompetence.
-- Napolean Bonaparte
--
aaron ross . alias intelligence, inc
email . [EMAIL PROTECTED]
phone . 215 545 6428
Re: Multiple authentication methods
Quoting Aaron Ross [EMAIL PROTECTED] [13 Feb-02 09:21]: shouldn't stacked handlers be the right solution here? are stacked auth handlers not allowed or something? Assuming your mod_perl has been built with them, then, yes, that's probably a better solution. But I had a fun 15 minutes writing Apache::MultiAuthen, though. :) (darren) -- My studies in Speculative Philosophy, metaphysics, and science are all summed up in the image of a mouse called man running in and out of every hole in the Cosmos hunting for the Absolute Cheese. -- Edmund Burke
RE: Multiple authentication methods
He wants to check a 'handler' return value.
shouldn't stacked handlers be the right solution here? are stacked auth
handlers not allowed or something?
aaron
On Wed, 2002-02-13 at 09:02, darren chamberlain wrote:
Quoting Marcel Weber [EMAIL PROTECTED] [12 Feb-02 16:15]:
I don't get the point why it did not work the other way round,
but now everything is just fine now :
Make it a little more generic:
package Apache::MultiAuthen;
use strict;
use Apache::Constants qw(:common);
sub handler {
my $r = shift;
my($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
# Tweak this; unsure about dir_config returning an array
my @auth_modules = $r-dir_config(AuthModules);
for my $am (@auth_modules) {
load($am);
if ($@) {
$r-log(Error loading module '$am': $@);
next;
}
my $handler = \{$am\::handler};
if ($handler-($r) == OK) {
$r-log_reason($am return OK);
return OK
}
$r-log_reason($am not OK);
}
$r-note_basic_auth_failure;
return AUTH_REQUIRED;
}
sub load {
my $module = @_;
$module =~ s[::][/]g;
$module .= '.pm';
eval { require $module; };
return $@ ? 1 : 0;
}
1;
__END__
(darren)
--
Never attribute to malice that which is adequately explained by
incompetence.
-- Napolean Bonaparte
--
aaron ross . alias intelligence, inc
email . [EMAIL PROTECTED]
phone . 215 545 6428
Re: Multiple authentication methods
Aaron Ross wrote: shouldn't stacked handlers be the right solution here? are stacked auth handlers not allowed or something? yes, you can stack multiple auth handlers. the only problem is that, for the PerlAuthenHandler and PerlAuthzHandler the first handler to return an Apache error code (anything other than OK, DECLINED, or DONE) terminates the chain. which is generally fine, except when you want to return AUTH_REQUIRED and note_basic_auth_failure(). when writing your own auth modules, you could return DECLINED (and not call note_basic_auth_failure()) instead of AUTH_REQUIRED and let mod_auth take care of setting AUTH_REQUIRED for you (since the perl handlers generally run before the Apache C modules). however, with Apache::AuthFoo, the AUTH_REQUIRED stuff is generally compiled in, which means that the authentication chain is terminated prematurely. the solution darren posted is kinda nifty and is along the lines of what you would need to have in order to use the shrink-wrapped Apache:: solutions - one controlling handler that traps the return code of the other handlers, keeping them from Apache so that Apache doesn't end the handler chain before you're ready. HTH --Geoff
Re: Multiple authentication methods
the only problem is that, for the PerlAuthenHandler and PerlAuthzHandler the first handler to return an Apache error code (anything other than OK, DECLINED, or DONE) terminates the chain. which is generally fine, except when you want to return AUTH_REQUIRED and note_basic_auth_failure(). blarg... of course, returning OK also ends the chain, meaning that the user has been authenticated and Apache can stop now. in that respect both the PerlAuthenHandler and PerlAuthzHandler are like the PerlTransHandler (if that helps you think about it). sorry, too much information up there :) --Geoff
Re: Multiple authentication methods
Fixed some errors. Here comes the working version:
-
package Apache::AuthMulti;
# Stathy G. Touloumis
# Marcel M. Weber
# Darren Chamberlain
#
# Version 0.1.0 / 2002.02.13 / Marcel M. Weber
use strict;
use Apache::Constants qw(:common);
sub handler {
my $r = shift;
my($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
my @auth_modules=$r-dir_config-get(AuthModules);
for my $am (@auth_modules)
{
load($am);
if ($@){
$r-log_reason(Error loading module '$am':$@);
next;
}
my $handler = \{$am\::handler};
if ($handler-($r) == OK) {
$r-warn($am return OK);
return OK;
}
$r-log_reason($am not OK);
}
$r-note_basic_auth_failure;
$r-log_reason(none of the handlers could authenticate this
user);
return AUTH_REQUIRED;
}
sub load {
my $module=@_[0];
$module =~ s[::][/]g;
$module .= '.pm';
eval { require $module; };
return $@ ? 1 : 0;
}
1;
__END__
---
In the httpd.conf you have to put something like this:
Location /test
AuthName Test
AuthType Basic
# These are AuthenSmb specific
PerlSetVar myPDC SAMBA
PerlSetVar myDOMAIN ARBEITSGRUPPE
# With PerlAddVar you pass an array
PerlAddVar AuthModules Apache::AuthSybase
PerlAddVar AuthModules Apache::AuthenSmb
PerlAuthenHandler Apache::AuthMulti
require valid-user
/Location
---
Works perfect...
Why not submitting this somewhere? I think this could be usefull for
quite a lot of people. I think this is cool, as you do not have to worry
wether the module returns DECLINED or AUTH_REQUIRED.
Marcel
Am Mittwoch den, 13. Februar 2002, um 15:02, schrieb darren chamberlain:
Quoting Marcel Weber [EMAIL PROTECTED] [12 Feb-02 16:15]:
I don't get the point why it did not work the other way round,
but now everything is just fine now :
Make it a little more generic:
package Apache::MultiAuthen;
use strict;
use Apache::Constants qw(:common);
sub handler {
my $r = shift;
my($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
# Tweak this; unsure about dir_config returning an array
my @auth_modules = $r-dir_config(AuthModules);
for my $am (@auth_modules) {
load($am);
if ($@) {
$r-log(Error loading module '$am': $@);
next;
}
my $handler = \{$am\::handler};
if ($handler-($r) == OK) {
$r-log_reason($am return OK);
return OK
}
$r-log_reason($am not OK);
}
$r-note_basic_auth_failure;
return AUTH_REQUIRED;
}
sub load {
my $module = @_;
$module =~ s[::][/]g;
$module .= '.pm';
eval { require $module; };
return $@ ? 1 : 0;
}
1;
__END__
(darren)
--
Never attribute to malice that which is adequately explained by
incompetence.
-- Napolean Bonaparte
---
PGP / GPG Key: http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc
Re: Multiple authentication methods
Quoting Marcel Weber [EMAIL PROTECTED] [13 Feb-02 14:53]: Why not submitting this somewhere? I think this could be usefull for quite a lot of people. I think this is cool, as you do not have to worry wether the module returns DECLINED or AUTH_REQUIRED. I can package this up and put it on CPAN as version 0.01 tomorrow morning, if that seems reasonable to everyone involved. I'll need to add some docs and a Makefile.PL, of course. (darren) -- To believe is very dull. To doubt is intensely engrossing. To be on alert is to live, to be lulled into security is to die. -- Oscar Wilde
Re: Multiple authentication methods
Marcel Weber wrote: Fixed some errors. Here comes the working version: untested I think you might need to iterate through $r-err_headers_out and remove WWW-Authenticate and Proxy-Authenticate after each authentication module runs. say you have an AuthSMB and AythSybase chain. AuthSMB calls note_basic_auth_failure and sets the WWW-Authenticate header, AuthSybase succeeds and sets the Authorizaion header. in this case, both WWW-Authenticate and Authorization will be passed to the browser (I think), which could lead to spurious results in some browsers. /untested also, you might want to check specifically for AUTH_REQUIRED instead of OK in the chain. AUTH_REQUIRED is not the only return code that get_basic_auth_pw can return (SERVER_ERROR and DECLINED are also possible) and you probably would want to propagate a SERVER_ERROR rather than returning AUTH_REQUIRED. HTH --Geoff
Re: Multiple authentication methods
untested I think you might need to iterate through $r-err_headers_out and remove WWW-Authenticate and Proxy-Authenticate after each authentication module runs. say you have an AuthSMB and AythSybase chain. AuthSMB calls note_basic_auth_failure and sets the WWW-Authenticate header, AuthSybase succeeds and sets the Authorizaion header. in this case, both WWW-Authenticate and Authorization will be passed to the browser (I think), which could lead to spurious results in some browsers. /untested or not. the browser sends the Authorization header, last I checked :) at any rate, I think my thoughts were headed somewhere. you might end up with a popup box on every request or something if every request ends up with a WWW-Authenticate header. it at least warrants a test I would think. the return code part is probably valid, though. anyway, I swear to start thinking before I type from now on... --Geoff
RE: Multiple authentication methods
Some more fixes ; )
I would suggest changing the PerlSetVar variables
to actual apache configuration directives which would change this :
my @auth_modules=$r-dir_config-get(AuthModules);
I don't have an immediate patch for this but have done it before.
If you would like me to work on this code no prob, otherwise check
the eagle book for some samples if unfamiliar.
Also,
THIS :
my $handler = \{$am\::handler};
if ($handler-($r) == OK) {
$r-warn($am return OK);
return OK;
TO :
## 'or next' can be changed
my $handler = $am-can('handler') or next;
if ($handler-($r) == OK) {
$r-warn($am return OK);
return OK;
}
And I would consider changing this :
$module =~ s[::][/]g;
to be more portable. I am working on another class for runtime management
of classes that should address this but won't be on CPAN for a few days.
-
package Apache::AuthMulti;
# Stathy G. Touloumis
# Marcel M. Weber
# Darren Chamberlain
#
# Version 0.1.0 / 2002.02.13 / Marcel M. Weber
use strict;
use Apache::Constants qw(:common);
sub handler {
my $r = shift;
my($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
my @auth_modules=$r-dir_config-get(AuthModules);
for my $am (@auth_modules)
{
load($am);
if ($@){
$r-log_reason(Error loading module '$am':$@);
next;
}
my $handler = \{$am\::handler};
if ($handler-($r) == OK) {
$r-warn($am return OK);
return OK;
}
$r-log_reason($am not OK);
}
$r-note_basic_auth_failure;
$r-log_reason(none of the handlers could authenticate this
user);
return AUTH_REQUIRED;
}
sub load {
my $module=@_[0];
$module =~ s[::][/]g;
$module .= '.pm';
eval { require $module; };
return $@ ? 1 : 0;
}
1;
__END__
---
In the httpd.conf you have to put something like this:
Location /test
AuthName Test
AuthType Basic
# These are AuthenSmb specific
PerlSetVar myPDC SAMBA
PerlSetVar myDOMAIN ARBEITSGRUPPE
# With PerlAddVar you pass an array
PerlAddVar AuthModules Apache::AuthSybase
PerlAddVar AuthModules Apache::AuthenSmb
PerlAuthenHandler Apache::AuthMulti
require valid-user
/Location
---
Works perfect...
Why not submitting this somewhere? I think this could be usefull for
quite a lot of people. I think this is cool, as you do not have to worry
wether the module returns DECLINED or AUTH_REQUIRED.
Marcel
Am Mittwoch den, 13. Februar 2002, um 15:02, schrieb darren chamberlain:
Quoting Marcel Weber [EMAIL PROTECTED] [12 Feb-02 16:15]:
I don't get the point why it did not work the other way round,
but now everything is just fine now :
Make it a little more generic:
package Apache::MultiAuthen;
use strict;
use Apache::Constants qw(:common);
sub handler {
my $r = shift;
my($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
# Tweak this; unsure about dir_config returning an array
my @auth_modules = $r-dir_config(AuthModules);
for my $am (@auth_modules) {
load($am);
if ($@) {
$r-log(Error loading module '$am': $@);
next;
}
my $handler = \{$am\::handler};
if ($handler-($r) == OK) {
$r-log_reason($am return OK);
return OK
}
$r-log_reason($am not OK);
}
$r-note_basic_auth_failure;
return AUTH_REQUIRED;
}
sub load {
my $module = @_;
$module =~ s[::][/]g;
$module .= '.pm';
eval { require $module; };
return $@ ? 1 : 0;
}
1;
__END__
(darren)
--
Never attribute to malice that which is adequately explained by
incompetence.
-- Napolean Bonaparte
---
PGP / GPG Key:http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc
Re: Multiple authentication methods
Quoting Stathy G. Touloumis [EMAIL PROTECTED] [13 Feb-02 15:26]:
Some more fixes ; )
Yay! Bug reports already...
I would suggest changing the PerlSetVar variables
to actual apache configuration directives which would change this :
my @auth_modules=$r-dir_config-get(AuthModules);
I don't have an immediate patch for this but have done it before.
If you would like me to work on this code no prob, otherwise check
the eagle book for some samples if unfamiliar.
*nod* I'm not sure that the syntax would work; $r-dir_config()
would probably return an arrayref, and such; this needs to be
tested.
Also,
THIS :
my $handler = \{$am\::handler};
if ($handler-($r) == OK) {
$r-warn($am return OK);
return OK;
TO :
## 'or next' can be changed
my $handler = $am-can('handler') or next;
if ($handler-($r) == OK) {
$r-warn($am return OK);
return OK;
}
Yeah, I just didn't think of that when I wrote the code. That is
the Correct Way.
And I would consider changing this :
$module =~ s[::][/]g;
to be more portable. I am working on another class for runtime
management of classes that should address this but won't be on
CPAN for a few days.
I stole that almost whole hog from Template/Config.pm, lines
68-78. Take it up with Andy. ;)
The easiest thing would be to use Config, and do:
$module =~ s[::][$Config{'path_sep'}]g;
Right?
(darren)
--
What a strange illusion it is to suppose that beauty is goodness.
-- Leo Tolstoy
RE: Multiple authentication methods
I would suggest changing the PerlSetVar variables
to actual apache configuration directives which would change this :
my @auth_modules=$r-dir_config-get(AuthModules);
I don't have an immediate patch for this but have done it before.
If you would like me to work on this code no prob, otherwise check
the eagle book for some samples if unfamiliar.
*nod* I'm not sure that the syntax would work; $r-dir_config()
would probably return an arrayref, and such; this needs to be
tested.
You can specify anything for a directive as you can for dir_config() yet
it is more extensible : Syntax checking, ability to set in '.htaccess' files
and of course everybodies favorite . . . it's faster ; )
Doesn't need to be implemented now but just a thought . . .
I stole that almost whole hog from Template/Config.pm, lines
68-78. Take it up with Andy. ;)
The easiest thing would be to use Config, and do:
$module =~ s[::][$Config{'path_sep'}]g;
Right?
Anything other than hardcoding and this is fine by me.
Although should probably compile once :
s[::][$Config{'path_sep'}]go;
RE: Multiple authentication methods
The easiest thing would be to use Config, and do:
$module =~ s[::][$Config{'path_sep'}]g;
Right?
Maybe not : ) When checking on 2 linux systems I got a path seperator of
':'. Can you let me know if you get similar results?
Thanks,
Re: Multiple authentication methods
So here comes the most actual code:
Submitting it to CPAN would be fine!
package Apache::AuthMulti;
# Stathy G. Touloumis
# Marcel M. Weber
# Darren Chamberlain
#
# Version 0.01-2 / 13.02.2002 / Marcel M. Weber
use strict;
use Apache::Constants qw(:common);
sub handler {
my $r = shift;
my($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
my @auth_modules=$r-dir_config-get(AuthModules);
for my $am (@auth_modules)
{
load($am);
if ($@){
$r-log_reason(Error loading module '$am':$@);
next;
}
my $handler = $am-can('handler') or next;
if ($handler-($r) == OK) {
$r-warn($am return OK);
return OK;
}
$r-log_reason($am not OK);
}
$r-note_basic_auth_failure;
$r-log_reason(none of the handlers could authenticate this
user);
return AUTH_REQUIRED;
}
sub load {
my $module=@_[0];
$module =~ s[::][$Config{'path_sep'}]go;
$module .= '.pm';
eval { require $module; };
return $@ ? 1 : 0;
}
1;
__END__
-
Am Mittwoch den, 13. Februar 2002, um 21:42, schrieb Stathy G. Touloumis:
I would suggest changing the PerlSetVar variables
to actual apache configuration directives which would change this :
my @auth_modules=$r-dir_config-get(AuthModules);
I don't have an immediate patch for this but have done it before.
If you would like me to work on this code no prob, otherwise check
the eagle book for some samples if unfamiliar.
*nod* I'm not sure that the syntax would work; $r-dir_config()
would probably return an arrayref, and such; this needs to be
tested.
It returns a arrayref, as far as I experienced. Well I'm really new to
mod_perl
and my eagle book waits still in the library to be bought... But why is
this
version not nice?
---
Marcel
PGP / GPG Key: http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc
Re: Multiple authentication methods
On my woody system it's fine.
Marcel
Am Mittwoch den, 13. Februar 2002, um 23:51, schrieb Stathy G. Touloumis:
The easiest thing would be to use Config, and do:
$module =~ s[::][$Config{'path_sep'}]g;
Right?
Maybe not : ) When checking on 2 linux systems I got a path seperator
of
':'. Can you let me know if you get similar results?
Thanks,
---
PGP / GPG Key: http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc
RE: Multiple authentication methods
At 16:51 13.02.2002 -0600, Stathy G. Touloumis wrote:
The easiest thing would be to use Config, and do:
$module =~ s[::][$Config{'path_sep'}]g;
Right?
Maybe not : ) When checking on 2 linux systems I got a path seperator of
':'. Can you let me know if you get similar results?
I'm getting the same problem here. It seems like $Config{path_sep} has been
misunderstood: it gives ':' on Unix and ';' on Windows, so I believe it
means the separator between different items in your PATH
(/usr/bin:/usr/local/bin etc..).
I think what you need is File::Spec.
Use this instead:
$module = File::Spec-catfile(split /::/, $module);
That'll be portable.
--
Per Einar Ellefsen
[EMAIL PROTECTED]
Re: Multiple authentication methods
Sorry, this code does not work... Should test it better before sending
it to to mailing list...
Marcel
Am Donnerstag den, 14. Februar 2002, um 00:05, schrieb Marcel Weber:
So here comes the most actual code:
Submitting it to CPAN would be fine!
package Apache::AuthMulti;
# Stathy G. Touloumis
# Marcel M. Weber
# Darren Chamberlain
#
# Version 0.01-2 / 13.02.2002 / Marcel M. Weber
use strict;
use Apache::Constants qw(:common);
sub handler {
my $r = shift;
my($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
my @auth_modules=$r-dir_config-get(AuthModules);
for my $am (@auth_modules)
{
load($am);
if ($@){
$r-log_reason(Error loading module '$am':$@);
next;
}
my $handler = $am-can('handler') or next;
if ($handler-($r) == OK) {
$r-warn($am return OK);
return OK;
}
$r-log_reason($am not OK);
}
$r-note_basic_auth_failure;
$r-log_reason(none of the handlers could authenticate this
user);
return AUTH_REQUIRED;
}
sub load {
my $module=@_[0];
$module =~ s[::][$Config{'path_sep'}]go;
$module .= '.pm';
eval { require $module; };
return $@ ? 1 : 0;
}
1;
__END__
-
Am Mittwoch den, 13. Februar 2002, um 21:42, schrieb Stathy G.
Touloumis:
I would suggest changing the PerlSetVar variables
to actual apache configuration directives which would change this :
my @auth_modules=$r-dir_config-get(AuthModules);
I don't have an immediate patch for this but have done it before.
If you would like me to work on this code no prob, otherwise check
the eagle book for some samples if unfamiliar.
*nod* I'm not sure that the syntax would work; $r-dir_config()
would probably return an arrayref, and such; this needs to be
tested.
It returns a arrayref, as far as I experienced. Well I'm really new to
mod_perl
and my eagle book waits still in the library to be bought... But why
is this
version not nice?
---
Marcel
PGP / GPG Key:http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc
---
PGP / GPG Key: http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc
RE: Multiple authentication methods
Cool . . .
Thanks for the tip : )
The easiest thing would be to use Config, and do:
$module =~ s[::][$Config{'path_sep'}]g;
Right?
Maybe not : ) When checking on 2 linux systems I got a path seperator of
':'. Can you let me know if you get similar results?
I'm getting the same problem here. It seems like
$Config{path_sep} has been
misunderstood: it gives ':' on Unix and ';' on Windows, so I believe it
means the separator between different items in your PATH
(/usr/bin:/usr/local/bin etc..).
I think what you need is File::Spec.
Use this instead:
$module = File::Spec-catfile(split /::/, $module);
That'll be portable.
Re: Multiple authentication methods
I see. You're right, this is actually much nicer!
Sorry for the misinformation. On debian it return : also. I made a
mistake checking it.
But with the suggested code by Per it works just fine:
sub load {
my $module=@_[0];
$module = File::Spec-catfile(split /::/, $module);
$module .= '.pm';
eval { require $module; };
return $@ ? 1 : 0;
}
Of course one has to put a use File::Spec at the beginning and a Per
Finar Ellefsen
Marcel
Am Donnerstag den, 14. Februar 2002, um 00:11, schrieb Stathy G.
Touloumis:
Interesting, one system is RedHat 7.2 and Suse 7.3 (custom built perl)
that
returns
a ':' for $Config{'path_sep'}
It returns a arrayref, as far as I experienced. Well I'm really new to
mod_perl
and my eagle book waits still in the library to be bought... But why
is
this
version not nice?
It's fine but I have become much more impressed with the mod_perl
configuration features. It provides a much cleaner interface for
specifying
directives.
THIS :
Location /test
AuthName Test
AuthType Basic
# These are AuthenSmb specific
PerlSetVar myPDC SAMBA
PerlSetVar myDOMAIN ARBEITSGRUPPE
# With PerlAddVar you pass an array
PerlAddVar AuthModules Apache::AuthSybase
PerlAddVar AuthModules Apache::AuthenSmb
PerlAuthenHandler Apache::AuthMulti
require valid-user
/Location
VS :
Location /test
AuthName Test
AuthType Basic
# Now an actual apache conf
myPDC SAMBA
myDOMAIN ARBEITSGRUPPE
# No need to specify twice
AuthModules Apache::AuthSybase Apache::AuthenSmb
PerlAuthenHandler Apache::AuthMulti
require valid-user
/Location
Of course there will be some minor changes in the module
and in the Makefile.PL
---
PGP / GPG Key: http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc
RE: Multiple authentication methods
File::Spec is in included with the standard perl mods I believe
so dependencies shouldn't be a problem.
I see. You're right, this is actually much nicer!
Sorry for the misinformation. On debian it return : also. I made a
mistake checking it.
But with the suggested code by Per it works just fine:
sub load {
my $module=@_[0];
$module = File::Spec-catfile(split /::/, $module);
$module .= '.pm';
eval { require $module; };
return $@ ? 1 : 0;
}
Of course one has to put a use File::Spec at the beginning and a Per
Finar Ellefsen
Re: Multiple authentication methods
Location /test AuthName Test AuthType Basic PerlSetVar myPDC SAMBA PerlSetVar myDOMAIN ARBEITSGRUPPE PerlAuthenHandler Apache::AuthenSmb Apache::AuthSybase require valid-user /Location is mod_perl compiled with STACKED HANDLERS? the first module to run will need to return DECLINED for the second to ever see the request. You may need a simple AuthHandler that always fails at the end. Try AuthenSmb, DECLINED or OK, try AuthSybase, DECLINED or OK, then AuthFailed, always returned FORBIDDEN. HTH, aaron -- aaron ross . alias intelligence, inc email . [EMAIL PROTECTED] phone . 215 545 6428
RE: Multiple authentication methods
The get_handlers code is out of AuthenSmb as I do not have the slightest
idea of how to get the results of the called function.
Hmmm, It would seem that it would be better to call the function directly
from your handler. I am not sure how the AuthenSmb handlers should be
called but you should get the idea.
sub handler {
my $r = shift;
my($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
if ( Apache::AuthSybase-handler($r) == Apache::Constants::OK ) {
return Apache::Constants::OK;
} elsif ( Apache::AuthenSmb-handler($r) == Apache::Constants::OK ) {
return Apache::Constants::OK;
} else {
return Apache::Constant::DECLINED;
}
}
I get just as far, as I can authenticate via AuthSybase, but the second
method is never executed. Well, probably some expirienced perl coder would
laugh at me...
He he, we all had to start from the beginning ; )
Hmm, I fiddled a bit around whith this code but, it does not
really work the
way I want it to.
This is what I coded:
sub handler {
my $r = shift;
my($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
$r-push_handlers( PerlAuthenHandler= Apache::AuthSybase );
if (@{ $r-get_handlers(PerlAuthenHandler) || []}) {
return OK;
}
$r-push_handlers( PerlAuthenHandler= Apache::AuthenSmb );
if (@{ $r-get_handlers(PerlAuthenHandler) || []}) {
return OK;
}
return DECLINED;
}
The get_handlers code is out of AuthenSmb as I do not have the slightest
idea of how to get the results of the called function.
What the code should do is: Call AuthSybase, check return value, if OK
return OK, else call AuthenSMB, return return value.
AW: Multiple authentication methods
Thank you!
I also tried something like this at first. But I get this error message in
my apache/error.log
[Tue Feb 12 20:20:59 2002] [error] Can't locate object method handler via
package Apache::AuthenS
mb (perhaps you forgot to load Apache::AuthenSmb?) at
/usr/share/perl5/Apache/AuthenIntra.pm line
13.
resp. vice versa, when the AuthSybase method is first. Perhaps it is my
mod_perl installation. It is a stock Debian Woody installation.
Marcel
-Ursprüngliche Nachricht-
Von: Stathy G. Touloumis [mailto:[EMAIL PROTECTED]]
Gesendet: Dienstag, 12. Februar 2002 18:32
An: Marcel Weber; [EMAIL PROTECTED]
Betreff: RE: Multiple authentication methods
The get_handlers code is out of AuthenSmb as I do not have the slightest
idea of how to get the results of the called function.
Hmmm, It would seem that it would be better to call the function directly
from your handler. I am not sure how the AuthenSmb handlers should be
called but you should get the idea.
sub handler {
my $r = shift;
my($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
if ( Apache::AuthSybase-handler($r) == Apache::Constants::OK ) {
return Apache::Constants::OK;
} elsif ( Apache::AuthenSmb-handler($r) == Apache::Constants::OK ) {
return Apache::Constants::OK;
} else {
return Apache::Constant::DECLINED;
}
}
I get just as far, as I can authenticate via AuthSybase, but the second
method is never executed. Well, probably some expirienced perl coder would
laugh at me...
He he, we all had to start from the beginning ; )
Hmm, I fiddled a bit around whith this code but, it does not
really work the
way I want it to.
This is what I coded:
sub handler {
my $r = shift;
my($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
$r-push_handlers( PerlAuthenHandler= Apache::AuthSybase );
if (@{ $r-get_handlers(PerlAuthenHandler) || []}) {
return OK;
}
$r-push_handlers( PerlAuthenHandler= Apache::AuthenSmb );
if (@{ $r-get_handlers(PerlAuthenHandler) || []}) {
return OK;
}
return DECLINED;
}
The get_handlers code is out of AuthenSmb as I do not have the slightest
idea of how to get the results of the called function.
What the code should do is: Call AuthSybase, check return value, if OK
return OK, else call AuthenSMB, return return value.
RE: Multiple authentication methods
I also tried something like this at first. But I get this error message in
my apache/error.log
[Tue Feb 12 20:20:59 2002] [error] Can't locate object method
handler via
package Apache::AuthenS
mb (perhaps you forgot to load Apache::AuthenSmb?) at
/usr/share/perl5/Apache/AuthenIntra.pm line
13.
Try calling it via Apache::AuthenSmb::handler($r) instead. You will
probably want to do the same with Apache::AuthSybase::handler($r) as well.
resp. vice versa, when the AuthSybase method is first. Perhaps it is my
mod_perl installation. It is a stock Debian Woody installation.
Marcel
-Ursprüngliche Nachricht-
Von: Stathy G. Touloumis [mailto:[EMAIL PROTECTED]]
Gesendet: Dienstag, 12. Februar 2002 18:32
An: Marcel Weber; [EMAIL PROTECTED]
Betreff: RE: Multiple authentication methods
The get_handlers code is out of AuthenSmb as I do not have the slightest
idea of how to get the results of the called function.
Hmmm, It would seem that it would be better to call the function directly
from your handler. I am not sure how the AuthenSmb handlers should be
called but you should get the idea.
sub handler {
my $r = shift;
my($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
if ( Apache::AuthSybase-handler($r) == Apache::Constants::OK ) {
return Apache::Constants::OK;
} elsif ( Apache::AuthenSmb-handler($r) == Apache::Constants::OK ) {
return Apache::Constants::OK;
} else {
return Apache::Constant::DECLINED;
}
}
I get just as far, as I can authenticate via AuthSybase, but the second
method is never executed. Well, probably some expirienced perl
coder would
laugh at me...
He he, we all had to start from the beginning ; )
Hmm, I fiddled a bit around whith this code but, it does not
really work the
way I want it to.
This is what I coded:
sub handler {
my $r = shift;
my($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
$r-push_handlers( PerlAuthenHandler= Apache::AuthSybase );
if (@{ $r-get_handlers(PerlAuthenHandler) || []}) {
return OK;
}
$r-push_handlers( PerlAuthenHandler= Apache::AuthenSmb );
if (@{ $r-get_handlers(PerlAuthenHandler) || []}) {
return OK;
}
return DECLINED;
}
The get_handlers code is out of AuthenSmb as I do not have the slightest
idea of how to get the results of the called function.
What the code should do is: Call AuthSybase, check return value, if OK
return OK, else call AuthenSMB, return return value.
AW: Multiple authentication methods
Hi
This way, I do not get any failure messages, but the authenication does not
work at all. Say, it does not matter wat password your typing in, you get
always authenticated. Even when one auf the handlers logs a violation and
return AUTH_REQUIRED / DECLINED.
package Apache::AuthenIntra;
use strict;
use Apache::AuthenSmb;
use Apache::AuthSybase;
use Apache::Constants;
sub handler {
my $r = shift;
my($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
if ( Apache::AuthenSmb::handler($r) == Apache::Constants::OK ) {
return Apache::Constants::OK;
} elsif ( Apache::AuthSybase::handler($r) == Apache::Constants::OK )
{
return Apache::Constants::OK;
}
$r-note_basic_auth_failure;
return Apache::Constant::AUTH_REQUIRED;
}
Marcel
-Ursprüngliche Nachricht-
Von: Stathy G. Touloumis [mailto:[EMAIL PROTECTED]]
Gesendet: Dienstag, 12. Februar 2002 18:32
An: Marcel Weber; [EMAIL PROTECTED]
Betreff: RE: Multiple authentication methods
The get_handlers code is out of AuthenSmb as I do not have the slightest
idea of how to get the results of the called function.
Hmmm, It would seem that it would be better to call the function directly
from your handler. I am not sure how the AuthenSmb handlers should be
called but you should get the idea.
sub handler {
my $r = shift;
my($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
if ( Apache::AuthSybase-handler($r) == Apache::Constants::OK ) {
return Apache::Constants::OK;
} elsif ( Apache::AuthenSmb-handler($r) == Apache::Constants::OK ) {
return Apache::Constants::OK;
} else {
return Apache::Constant::DECLINED;
}
}
I get just as far, as I can authenticate via AuthSybase, but the second
method is never executed. Well, probably some expirienced perl coder would
laugh at me...
He he, we all had to start from the beginning ; )
Hmm, I fiddled a bit around whith this code but, it does not
really work the
way I want it to.
This is what I coded:
sub handler {
my $r = shift;
my($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
$r-push_handlers( PerlAuthenHandler= Apache::AuthSybase );
if (@{ $r-get_handlers(PerlAuthenHandler) || []}) {
return OK;
}
$r-push_handlers( PerlAuthenHandler= Apache::AuthenSmb );
if (@{ $r-get_handlers(PerlAuthenHandler) || []}) {
return OK;
}
return DECLINED;
}
The get_handlers code is out of AuthenSmb as I do not have the slightest
idea of how to get the results of the called function.
What the code should do is: Call AuthSybase, check return value, if OK
return OK, else call AuthenSMB, return return value.
RE: Multiple authentication methods
That is odd, I would check the interface for the authentication modules and
be sure that they are being used properly. It may help to also put in some
debug/trace statements to figure out where things are failing or not working
as expected : )
This way, I do not get any failure messages, but the
authenication does not
work at all. Say, it does not matter wat password your typing in, you get
always authenticated. Even when one auf the handlers logs a violation and
return AUTH_REQUIRED / DECLINED.
package Apache::AuthenIntra;
use strict;
use Apache::AuthenSmb;
use Apache::AuthSybase;
use Apache::Constants;
sub handler {
my $r = shift;
my($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
if ( Apache::AuthenSmb::handler($r) == Apache::Constants::OK ) {
return Apache::Constants::OK;
} elsif ( Apache::AuthSybase::handler($r) ==
Apache::Constants::OK )
{
return Apache::Constants::OK;
}
$r-note_basic_auth_failure;
return Apache::Constant::AUTH_REQUIRED;
}
Marcel
-Ursprüngliche Nachricht-
Von: Stathy G. Touloumis [mailto:[EMAIL PROTECTED]]
Gesendet: Dienstag, 12. Februar 2002 18:32
An: Marcel Weber; [EMAIL PROTECTED]
Betreff: RE: Multiple authentication methods
The get_handlers code is out of AuthenSmb as I do not have the slightest
idea of how to get the results of the called function.
Hmmm, It would seem that it would be better to call the function directly
from your handler. I am not sure how the AuthenSmb handlers should be
called but you should get the idea.
sub handler {
my $r = shift;
my($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
if ( Apache::AuthSybase-handler($r) == Apache::Constants::OK ) {
return Apache::Constants::OK;
} elsif ( Apache::AuthenSmb-handler($r) == Apache::Constants::OK ) {
return Apache::Constants::OK;
} else {
return Apache::Constant::DECLINED;
}
}
I get just as far, as I can authenticate via AuthSybase, but the second
method is never executed. Well, probably some expirienced perl
coder would
laugh at me...
He he, we all had to start from the beginning ; )
Hmm, I fiddled a bit around whith this code but, it does not
really work the
way I want it to.
This is what I coded:
sub handler {
my $r = shift;
my($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
$r-push_handlers( PerlAuthenHandler= Apache::AuthSybase );
if (@{ $r-get_handlers(PerlAuthenHandler) || []}) {
return OK;
}
$r-push_handlers( PerlAuthenHandler= Apache::AuthenSmb );
if (@{ $r-get_handlers(PerlAuthenHandler) || []}) {
return OK;
}
return DECLINED;
}
The get_handlers code is out of AuthenSmb as I do not have the slightest
idea of how to get the results of the called function.
What the code should do is: Call AuthSybase, check return value, if OK
return OK, else call AuthenSMB, return return value.
AW: Multiple authentication methods
It works
I don't get the point why it did not work the other way round, but now
everything is just fine now :
package Apache::AuthenIntra;
#use strict;
use Apache::AuthenSmb;
use Apache::AuthSybase;
use Apache::Constants;
sub handler {
my $r = shift;
my($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
if ( Apache::AuthenSmb::handler($r) == OK ) {
$r-log_reason(AuthenSmb is okay, $r-uri);
return OK;
} elsif ( Apache::AuthSybase::handler($r) == OK ) {
$r-log_reason(AuthSybase is okay, $r-uri);
return OK;
}
$r-note_basic_auth_failure;
return AUTH_REQUIRED;
}
1;
__END__
Like this, you may take every authentication module you'd like, wether it
returns DECLINE or AUTH_REQUIRED and it will give an OK if one of the two
works.
Thanks to all who helped me
Marcel
-Ursprüngliche Nachricht-
Von: Stathy G. Touloumis [mailto:[EMAIL PROTECTED]]
Gesendet: Dienstag, 12. Februar 2002 21:17
An: Marcel Weber; [EMAIL PROTECTED]
Betreff: RE: Multiple authentication methods
That is odd, I would check the interface for the authentication modules and
be sure that they are being used properly. It may help to also put in some
debug/trace statements to figure out where things are failing or not working
as expected : )
This way, I do not get any failure messages, but the
authenication does not
work at all. Say, it does not matter wat password your typing in, you get
always authenticated. Even when one auf the handlers logs a violation and
return AUTH_REQUIRED / DECLINED.
package Apache::AuthenIntra;
use strict;
use Apache::AuthenSmb;
use Apache::AuthSybase;
use Apache::Constants;
sub handler {
my $r = shift;
my($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
if ( Apache::AuthenSmb::handler($r) == Apache::Constants::OK ) {
return Apache::Constants::OK;
} elsif ( Apache::AuthSybase::handler($r) ==
Apache::Constants::OK )
{
return Apache::Constants::OK;
}
$r-note_basic_auth_failure;
return Apache::Constant::AUTH_REQUIRED;
}
Marcel
-Ursprüngliche Nachricht-
Von: Stathy G. Touloumis [mailto:[EMAIL PROTECTED]]
Gesendet: Dienstag, 12. Februar 2002 18:32
An: Marcel Weber; [EMAIL PROTECTED]
Betreff: RE: Multiple authentication methods
The get_handlers code is out of AuthenSmb as I do not have the slightest
idea of how to get the results of the called function.
Hmmm, It would seem that it would be better to call the function directly
from your handler. I am not sure how the AuthenSmb handlers should be
called but you should get the idea.
sub handler {
my $r = shift;
my($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
if ( Apache::AuthSybase-handler($r) == Apache::Constants::OK ) {
return Apache::Constants::OK;
} elsif ( Apache::AuthenSmb-handler($r) == Apache::Constants::OK ) {
return Apache::Constants::OK;
} else {
return Apache::Constant::DECLINED;
}
}
I get just as far, as I can authenticate via AuthSybase, but the second
method is never executed. Well, probably some expirienced perl
coder would
laugh at me...
He he, we all had to start from the beginning ; )
Hmm, I fiddled a bit around whith this code but, it does not
really work the
way I want it to.
This is what I coded:
sub handler {
my $r = shift;
my($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
$r-push_handlers( PerlAuthenHandler= Apache::AuthSybase );
if (@{ $r-get_handlers(PerlAuthenHandler) || []}) {
return OK;
}
$r-push_handlers( PerlAuthenHandler= Apache::AuthenSmb );
if (@{ $r-get_handlers(PerlAuthenHandler) || []}) {
return OK;
}
return DECLINED;
}
The get_handlers code is out of AuthenSmb as I do not have the slightest
idea of how to get the results of the called function.
What the code should do is: Call AuthSybase, check return value, if OK
return OK, else call AuthenSMB, return return value.
AW: Multiple authentication methods
Hmm, I fiddled a bit around whith this code but, it does not really work the
way I want it to.
This is what I coded:
sub handler {
my $r = shift;
my($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
$r-push_handlers( PerlAuthenHandler= Apache::AuthSybase );
if (@{ $r-get_handlers(PerlAuthenHandler) || []}) {
return OK;
}
$r-push_handlers( PerlAuthenHandler= Apache::AuthenSmb );
if (@{ $r-get_handlers(PerlAuthenHandler) || []}) {
return OK;
}
return DECLINED;
}
The get_handlers code is out of AuthenSmb as I do not have the slightest
idea of how to get the results of the called function.
What the code should do is: Call AuthSybase, check return value, if OK
return OK, else call AuthenSMB, return return value.
I get just as far, as I can authenticate via AuthSybase, but the second
method is never executed. Well, probably some expirienced perl coder would
laugh at me...
Marcel
-Ursprüngliche Nachricht-
Von: Stathy G. Touloumis [mailto:[EMAIL PROTECTED]]
Gesendet: Montag, 11. Februar 2002 23:34
An: Marcel Weber
Cc: [EMAIL PROTECTED]
Betreff: RE: Multiple authentication methods
sub handler {
my $r = shift;
if ( $smbauthwhatever ) {
$r-push_handlers( PerlAuthenHandler= Apache::AuthenSmb::handler );
} else {
$r-push_handlers( PerlAuthenHandler= Apache::Foo::handler );
}
}
I already thought of this. But how can I call the first and second
handler from within this super-handler?
I'll do something like this:
use Apache::AuthenSmb;
use Apache::AuthSybase;
sub handler {
if (smbauthwhatever)
sybaseauthwhatever
.
}
So how can I call the handler function of AuthenSmb?
