Re: PerlAuthenHandler advice needed.
Here's a simple handler that will set the AuthType and AuthName
dynamically and handle the authentication for you. This handler will
prompt you for a password when you try to acess /manual with the
AuthName, "The Manual" and prompt with the AuthName "The Icons" when you
try to access /icons. These urls are part of Apaches basic installation
(that's if you did not remove the manual from your htdocs directory).
The authentication phase will let you in just as long you supply a
username and password. You can of course code such that it you can
authenicate against a .htpassword file, using Apache::Htpasswd.
Anyhow, this should show you that you can indeed change the AuthName
on-the-fly and also handle
authentication without having to include AuthName,AuthType,AuthUserFile
explicitly in your httpd.conf.
Note: the authentication subroutine acted flaky, sometimes it worked and
other times it didn't. But the realms did change for the each uri.
i hope this helps youhave fun ;)
Setting it up:
In your httpd.conf ( in a global area):
PerlHeaderParserHandler Apache::SetRealm;
=code
package Apache::SetRealm;
use Apache;
use Apache::Constants qw(:common);
sub handler {
my $r = shift;
## Make Apache aware the we want to also handle the Authentication
phase using a custom
## handler, in this case the subroutine authenticate()
$r-push_handlers(PerlAuthenHandler = \authenticate);
my $uri = $r-uri;
## only handle uri that are defined as protected, in this case the
only protected
## uri's are /icons and /manuals
return OK unless is_protected($r);
my $realm = get_realm($r);
## Construct the Header Field containing the type of authenticate
(Basic) and our
## realmname return by get_realm()
my $authheader = 'Basic realm="'.$realm.'"';
$r-header_out("WWW-Authenticate" ,$authheader);
## Return 401 to browser and prompt for login
$r-status(AUTH_REQUIRED);
$r-send_http_header("text/html");
return AUTH_REQUIRED;
}
sub get_realm {
## Get the AuthName for a specific uri. You can probably read these
off of a file that
## contains a list of uri's and realmNames
my $r = shift;
return "The Icons" if ($r-uri =~ /\/icons/);
return "The Manual" if ($r-uri =~ /\/manual/);
}
sub is_protected {
## Check the $uri requested matches our set of "Restricted"
locations
## 1 = isProtected, 0 = NotProtected
## You can probably have these protected areas in a seperate file,
the eagle book
## has some excellent ideas on how to acomplish this
my $r = shift;
my @protected = ('\/manual','\/icons');
for (@protected) { return 1 if ($r-uri =~ /$_/); }
return 0;
}
sub authenticate {
## Straight out of the Eagle Book
my $r = shift;
return OK if $r-sub_request;
my ($res,$password) = $r-get_basic_auth_pw;
return $res if $res != OK;
my $username = $r-connection-user;
unless ($username $pass) {
$r-note_basic_auth_failure;
$r-log_reason("Did not provide username");
return AUTH_REQUIRED;
}
## Now that you have the $username and $password you can
## include your code to open your AuthUserFile to check the password
and username
## I suggest using Apache::Htpasswd, it provides all the
methods/functions that you need to
## accomplish this part of the task...
$r-log_reason("WELCOME $user");
return OK;
}
1;
-Carlos
Todd Chapman wrote:
Please explain again how to get my AuthHandler called without setting
AuthName or AuthType in httpd.conf.
Thanks.
-Todd
On Wed, 27 Sep 2000, Carlos Ramirez wrote:
By choosing to use your custom AuthHandler, you basically override Apache's way of
handling the particular phase, in this case the authentication phase. So you must
handle prompting the user and also checking the password.
You might want to read the Apache Guide (http://perl.apache.org/) on how to write
you
own handler and also the eagle book.
After reviewing our previous conversation, I think you might need to send
WWW-Authenticate header field in another phase (preferable at the
PerlHeaderParserHandler) before the Authentication phase is called.
Your PerlHeaderParserHandler can check the $r-uri for any password protected
requests, i.e., if it matches /companyA, you can then set the WWW-Authenticate:
Basic
$realm and push it along it's merry way.
Then your PerlAuthHandler will get the username and password and check it against
the
realms' AuthUserFile. Apache will handle the initial prompting for the
username/password.
Your requirements imply that you will have a file(??) that has a list of UserFiles
for each Realm/path_info so that your authentication handler will know what file to
check against.
I hope this make sense ;) my coffee is running low...
-Carlos
Todd Chapman wrote:
Thanks for the help. I was hoping that Apache would
Re: PerlAuthenHandler advice needed.
On Wed, 27 Sep 2000, Todd Chapman wrote:
Problems with your suggestion:
1. The realm will not be known until I get path_info so
Location/Location directives will not work.
you can use $r-auth_name($realm) to set it at request time.
2. How can I get Perl to do the password lookup in the dynamically
selected AuthUserFile?
since mod_auth.c's structure defs are private to mod_auth.c, there's no
$r-api for this. what you can do use .htaccess like so:
Perl
my $r = Apache-request;
my $testing = $r-path_info =~ /test/;
$AuthType = "Basic";
$AuthName = $testing ? "Testing" : "Whatever";
$Require = "user dougm";
$AuthUserFile = $testing ? "/tmp/htpasswd" : "/whatever/htpasswd";
/Perl
also, i just committed this patch that makes $r-auth_type writable, the
same way $r-auth_name is. and, defaults auth_type to Basic when unset
and $r-get_basic_auth_pw is called.
Index: src/modules/perl/Apache.xs
===
RCS file: /home/cvs/modperl/src/modules/perl/Apache.xs,v
retrieving revision 1.110
diff -u -r1.110 Apache.xs
--- src/modules/perl/Apache.xs 2000/09/27 19:44:23 1.110
+++ src/modules/perl/Apache.xs 2000/09/27 23:43:33
@@ -824,8 +824,9 @@
char *val
const char *
-auth_type(r)
+mod_perl_auth_type(r, val=NULL)
Apacher
+char *val
const char *
document_root(r, ...)
@@ -887,6 +888,9 @@
int ret;
PPCODE:
+if (!auth_type(r)) {
+(void)mod_perl_auth_type(r, "Basic");
+}
ret = get_basic_auth_pw(r, sent_pw);
XPUSHs(sv_2mortal((SV*)newSViv(ret)));
if(ret == OK)
Index: src/modules/perl/mod_perl.h
===
RCS file: /home/cvs/modperl/src/modules/perl/mod_perl.h,v
retrieving revision 1.103
diff -u -r1.103 mod_perl.h
--- src/modules/perl/mod_perl.h 2000/09/22 18:51:59 1.103
+++ src/modules/perl/mod_perl.h 2000/09/27 23:43:46
@@ -1185,6 +1185,7 @@
perl_require_module("Apache", s)
char *mod_perl_auth_name(request_rec *r, char *val);
+char *mod_perl_auth_type(request_rec *r, char *val);
module *perl_get_module_ptr(char *name, int len);
void *perl_merge_server_config(pool *p, void *basev, void *addv);
Index: src/modules/perl/perl_config.c
===
RCS file: /home/cvs/modperl/src/modules/perl/perl_config.c,v
retrieving revision 1.105
diff -u -r1.105 perl_config.c
--- src/modules/perl/perl_config.c 2000/09/27 15:37:33 1.105
+++ src/modules/perl/perl_config.c 2000/09/27 23:44:03
@@ -158,6 +158,24 @@
#endif
}
+char *mod_perl_auth_type(request_rec *r, char *val)
+{
+#ifndef WIN32
+core_dir_config *conf =
+ (core_dir_config *)get_module_config(r-per_dir_config, core_module);
+
+if(val) {
+ conf-auth_type = pstrdup(r-pool, val);
+ set_module_config(r-per_dir_config, core_module, (void*)conf);
+ MP_TRACE_g(fprintf(stderr, "mod_perl: setting auth_type to %s\n",
+conf-auth_name));
+}
+
+return conf-auth_type;
+#else
+return (char *) auth_type(r);
+#endif
+}
+
void mod_perl_dir_env(request_rec *r, perl_dir_config *cld)
{
if(MP_HASENV(cld)) {
Re: PerlAuthenHandler advice needed.
On Wed, 27 Sep 2000, Carlos Ramirez wrote:
my $authheader = 'Basic realm="'.$realm.'"';
$r-header_out("WWW-Authenticate" ,$authheader);
there's a cleaner way for that:
$r-auth_name($realm);
$r-note_basic_auth_failure;
$r-status(AUTH_REQUIRED);
no need for that.
$r-send_http_header("text/html");
or this because..
return AUTH_REQUIRED;
..apache will send the headers when you return an error
return OK if $r-sub_request;
there's no Apache::sub_request method
my ($res,$password) = $r-get_basic_auth_pw;
this will core dump if AuthName is not set in the configuration file.
not with the current cvs though, see previous message.
$r-note_basic_auth_failure;
this won't work right unless you've set $r-auth_name($val)
Re: PerlAuthenHandler advice needed.
Thanks for the help Doug. This is what I have now but all I get is a
segementation fault in the log.
Any ideas?
-Todd
package Apache::SetRealm;
## Usage: PerlHeaderParserHandler Apache::SetRealm
use strict;
use Apache::Constants qw(:common);
sub handler {
my $r = shift;
# find the name of the realm
# if realm does not exist error
# else see if Auth header set
# if auth header not set return AUTH_REQUIRED
# else return OK
# If Auth header is set a future PerlAuthenHandler will check the
password.
# When that happens we can't use get_basic_auth_info because AuthName is
# not set in the config file. We will have to parse the Auth header manually.
# The realm will be determined from path_info.
return OK if $r-header_in('Authorization');
my $realm = get_realm($r);
# Prompt for authentication info in the proper realm
$r-auth_name($realm);
$r-note_basic_auth_failure;
return AUTH_REQUIRED;
}
sub get_realm {
## Get the AuthName for a specific uri. You can probably read these off of a file
that ## contains a list of uri's and realmNames
my $r = shift;
$r-uri =~ /\/modperl\/(.*)/;
return $1 if $1;
return "Top Level";
}
1;
Re: PerlAuthenHandler advice needed.
$r->auth_name($realm), $r->auth_type($basic) did not work for me, which
is why I used the $r->header_out method. Also, after I set the outgoing
header and returned AUTH_REQUIRED, I got prompted but the $realm did not
show. Instead it displayed 'unknown' as the realm name. But when I set
the $r->status and sent out the response via $r->send_http_header and returned
AUTH_REQUIRED, the $realm name showed?
I read the docs as i started this exercise and was aware of $r->auth_name,
$r->auth_type, but since they did'nt work and I kept getting segfaults
when using them I decided to try other routes. But anyways I'm glad that
I read the docs right and that you can indeed set the AuthName using $r->auth_name.
As for the authenticate subroutine, I just copied that from the eagle
book, just as a demonstration...
I'll upgrade my mod_perl from 1.2.1 -> latest and see if these work
for me.
Thanks for the helpful insights and explanations DougI have seen
the light ;)
-Carlos
Doug MacEachern wrote:
On Wed, 27 Sep 2000, Carlos Ramirez wrote:
> my $authheader = 'Basic realm="'.$realm.'"';
>
> $r->header_out("WWW-Authenticate" ,$authheader);
there's a cleaner way for that:
$r->auth_name($realm);
$r->note_basic_auth_failure;
> $r->status(AUTH_REQUIRED);
no need for that.
> $r->send_http_header("text/html");
or this because..
> return AUTH_REQUIRED;
..apache will send the headers when you return an error
> return OK if $r->sub_request;
there's no Apache::sub_request method
> my ($res,$password) = $r->get_basic_auth_pw;
this will core dump if AuthName is not set in the configuration file.
not with the current cvs though, see previous message.
>
$r->note_basic_auth_failure;
this won't work right unless you've set $r->auth_name($val)
--
---
Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181
---
- Someday I'll find that peer and reset his connection!
Re: PerlAuthenHandler advice needed.
On Thu, 28 Sep 2000, Todd Chapman wrote: Thanks for the help Doug. This is what I have now but all I get is a segementation fault in the log. $r-note_basic_auth_failure; if AuthType is not set, this will core dump. i just expanded the change that defaults AuthType to Basic for get_basic_auth_pw to include note_basic_auth_failure, in the cvs tree.
Re: PerlAuthenHandler advice needed.
On Thu, 28 Sep 2000, Carlos Ramirez wrote:
$r-auth_name($realm), $r-auth_type($basic) did not work for me, which
is why I used the $r-header_out method. Also, after I set the outgoing
header and returned AUTH_REQUIRED, I got prompted but the $realm did not
show. Instead it displayed 'unknown' as the realm name. But when I set
the $r-status and sent out the response via $r-send_http_header and
returned AUTH_REQUIRED, the $realm name showed?
$r-auth_name($realm) works fine, provided you call
$r-note_basic_auth_failure, rather than
$r-header_out('WWW-Authenticate',...)
$r-auth_type did not become writeable until the patch i posted earlier.
I read the docs as i started this exercise and was aware of
$r-auth_name, $r-auth_type, but since they did'nt work and I kept
getting segfaults when using them I decided to try other routes. But
anyways I'm glad that I read the docs right and that you can indeed set
the AuthName using $r-auth_name.
until the recent change where $r-auth_type became writeable, and
get_basic_auth_pw/note_basic_auth_failure default AuthType to Basic if it
is not configured, those methods would segfault.
Re: PerlAuthenHandler advice needed.
Thanks Doug but I (and my customer) don't want to live on the CVS bleeding edge right now. Can you suggest something else? Original problem: I need to set the realm for virtual documents based on path_info and use Basic authentication. Otherwise I may have to move to some cooie based authentication but I don't want to do that. -Todd On Thu, 28 Sep 2000, Doug MacEachern wrote: On Thu, 28 Sep 2000, Todd Chapman wrote: Thanks for the help Doug. This is what I have now but all I get is a segementation fault in the log. $r-note_basic_auth_failure; if AuthType is not set, this will core dump. i just expanded the change that defaults AuthType to Basic for get_basic_auth_pw to include note_basic_auth_failure, in the cvs tree.
Re: PerlAuthenHandler advice needed.
On Thu, 28 Sep 2000, Todd Chapman wrote: Thanks Doug but I (and my customer) don't want to live on the CVS bleeding edge right now. Can you suggest something else? yeah, add this to httpd.conf: AuthType Basic
Re: PerlAuthenHandler advice needed.
Duh! Thanks. Now, is there any way to determine the realm the browser thinks it's authentication to? Is the realm stored in the Authorization header or any other headers? -Todd On Thu, 28 Sep 2000, Doug MacEachern wrote: On Thu, 28 Sep 2000, Todd Chapman wrote: Thanks Doug but I (and my customer) don't want to live on the CVS bleeding edge right now. Can you suggest something else? yeah, add this to httpd.conf: AuthType Basic
Re: PerlAuthenHandler advice needed.
Todd Chapman [EMAIL PROTECTED] writes: Duh! Thanks. Now, is there any way to determine the realm the browser thinks it's authentication to? Is the realm stored in the Authorization header or any other headers? I wouldn't try to use realms in any serious way- various browsers do various things. The only reliable way to have the browser send different passwords to different locations is to use different server names. -- Joe Schaefer
Re: PerlAuthenHandler advice needed.
Problems with your suggestion: 1. The realm will not be known until I get path_info so Location/Location directives will not work. 2. How can I get Perl to do the password lookup in the dynamically selected AuthUserFile? Thanks for the help. -Todd On Wed, 27 Sep 2000, Carlos Ramirez wrote: You can you use Location to specify seperate AuthUserFile's like so: Location /companyA AuthType Basic AuthName CompanyA AuthUserFile path/to/CompanyAUsersFile /Location Location /companyN AuthType Basic AuthName CompanyN AuthUserFile path/to/CompanyNUsersFIle /Location Or you can write your own AuthHandler that lookups up AuthName, AuthUserFile in a seperate file against the path_info. This will eliminate the need to flood you httpd.conf file with a bunch of Location/Location directives. Todd Chapman wrote: I have read chapter 6 of the modperl book but still don't know how to set up authenification the way I want. I would like to use Basic authentification to protect virtual documents. The trick is that I want to set AuthName and AuthUserFile based on path_info. For example: http://virtual/companyA/dir1 would prompt for a password in the companyA realm and check it against the appropriate AuthUserFile. How do I add this flexibility without reinventing the parts Apache already does so well? Thanks. -Todd -- --- Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181 --- - Someday I'll find that peer and reset his connection!
Re: PerlAuthenHandler advice needed.
1. Oh, I mis-interpreted your question. I thought you already had a list of virtual directories with the AuthNames defined. You can set the AuthName by sending them in the server response header field: WWW-Authenticate Basic $realm So the first request to /companyA, you AuthHandler will respond with: $r->header_out(WWW-Authenticate => 'Basic $realm); ## Sets Realm field $r->note_basic_auth_failure; ## Prompts for password The when a username and password are supplied i.e. ($ret,$password) = $r->get_basic_auth_pw; where $ret = 1; Then: 1. determine the AuthUserFile 2. use Apache::Htpasswd to check password -Carlos Todd Chapman wrote: Problems with your suggestion: 1. The realm will not be known until I get path_info so Location>/Location> directives will not work. 2. How can I get Perl to do the password lookup in the dynamically selected AuthUserFile? Thanks for the help. -Todd On Wed, 27 Sep 2000, Carlos Ramirez wrote: > You can you use Location to specify seperate AuthUserFile's like so: > > Location /companyA> > AuthType Basic > AuthName CompanyA > AuthUserFile path/to/CompanyAUsersFile > > /Location> > > Location /companyN> > AuthType Basic > AuthName CompanyN > AuthUserFile path/to/CompanyNUsersFIle > /Location> > > > Or you can write your own AuthHandler that lookups up AuthName, AuthUserFile > in a seperate file against the path_info. This will eliminate the need to > flood you httpd.conf file with a bunch of Location>/Location> directives. > > > > > > > Todd Chapman wrote: > > > I have read chapter 6 of the modperl book but still don't know how to set > > up authenification the way I want. I would like to use Basic > > authentification to protect virtual documents. The trick is that I want > > to set AuthName and AuthUserFile based on path_info. > > > > For example: > > > > http://virtual/companyA/dir1 > > > > would prompt for a password in the companyA realm and check it against the > > appropriate AuthUserFile. > > > > How do I add this flexibility without reinventing the parts Apache already > > does so well? > > > > Thanks. > > > > -Todd > > -- > --- > Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181 > --- > - Someday I'll find that peer and reset his connection! > > > -- --- Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181 --- - Someday I'll find that peer and reset his connection!
Re: PerlAuthenHandler advice needed.
Thanks for the help. I was hoping that Apache would check the password for me but this should work. Now, how do I get Apache to run my PerlAuthenHandler without setting the AuthType or AuthName in httpd.conf? Do I need to do the Authentication in a PerlHandler? -Todd On Wed, 27 Sep 2000, Carlos Ramirez wrote: 1. Oh, I mis-interpreted your question. I thought you already had a list of virtual directories with the AuthNames defined. You can set the AuthName by sending them in the server response header field: WWW-Authenticate Basic $realm So the first request to /companyA, you AuthHandler will respond with: $r-header_out(WWW-Authenticate = 'Basic $realm); ## Sets Realm field $r-note_basic_auth_failure; ## Prompts for password The when a username and password are supplied i.e. ($ret,$password) = $r-get_basic_auth_pw; where $ret = 1; Then: 1. determine the AuthUserFile 2. use Apache::Htpasswd to check password -Carlos Todd Chapman wrote: Problems with your suggestion: 1. The realm will not be known until I get path_info so Location/Location directives will not work. 2. How can I get Perl to do the password lookup in the dynamically selected AuthUserFile? Thanks for the help. -Todd On Wed, 27 Sep 2000, Carlos Ramirez wrote: You can you use Location to specify seperate AuthUserFile's like so: Location /companyA AuthType Basic AuthName CompanyA AuthUserFile path/to/CompanyAUsersFile /Location Location /companyN AuthType Basic AuthName CompanyN AuthUserFile path/to/CompanyNUsersFIle /Location Or you can write your own AuthHandler that lookups up AuthName, AuthUserFile in a seperate file against the path_info. This will eliminate the need to flood you httpd.conf file with a bunch of Location/Location directives. Todd Chapman wrote: I have read chapter 6 of the modperl book but still don't know how to set up authenification the way I want. I would like to use Basic authentification to protect virtual documents. The trick is that I want to set AuthName and AuthUserFile based on path_info. For example: http://virtual/companyA/dir1 would prompt for a password in the companyA realm and check it against the appropriate AuthUserFile. How do I add this flexibility without reinventing the parts Apache already does so well? Thanks. -Todd -- --- Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181 --- - Someday I'll find that peer and reset his connection! -- --- Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181 --- - Someday I'll find that peer and reset his connection!
Re: PerlAuthenHandler advice needed.
By choosing to use your custom AuthHandler, you basically override Apache's way of handling the particular phase, in this case the authentication phase. So you must handle prompting the user and also checking the password. You might want to read the Apache Guide (http://perl.apache.org/) on how to write you own handler and also the eagle book. After reviewing our previous conversation, I think you might need to send WWW-Authenticate header field in another phase (preferable at the PerlHeaderParserHandler) before the Authentication phase is called. Your PerlHeaderParserHandler can check the $r->uri for any password protected requests, i.e., if it matches /companyA, you can then set the WWW-Authenticate: Basic $realm and push it along it's merry way. Then your PerlAuthHandler will get the username and password and check it against the realms' AuthUserFile. Apache will handle the initial prompting for the username/password. Your requirements imply that you will have a file(??) that has a list of UserFiles for each Realm/path_info so that your authentication handler will know what file to check against. I hope this make sense ;) my coffee is running low... -Carlos Todd Chapman wrote: Thanks for the help. I was hoping that Apache would check the password for me but this should work. Now, how do I get Apache to run my PerlAuthenHandler without setting the AuthType or AuthName in httpd.conf? Do I need to do the Authentication in a PerlHandler? -Todd On Wed, 27 Sep 2000, Carlos Ramirez wrote: > 1. Oh, I mis-interpreted your question. I thought you already had a list of > virtual directories with the > AuthNames defined. > > You can set the AuthName by sending them in the server response header field: > > WWW-Authenticate Basic $realm > > So the first request to /companyA, you AuthHandler will respond with: > > $r->header_out(WWW-Authenticate => 'Basic $realm); ## Sets Realm field > $r->note_basic_auth_failure; ## Prompts for password > > The when a username and password are supplied i.e. > ($ret,$password) = $r->get_basic_auth_pw; > > where $ret = 1; > > Then: > 1. determine the AuthUserFile > 2. use Apache::Htpasswd to check password > > -Carlos > > > > > > > > Todd Chapman wrote: > > > Problems with your suggestion: > > > > 1. The realm will not be known until I get path_info so > > Location>/Location> directives will not work. > > > > 2. How can I get Perl to do the password lookup in the dynamically > > selected AuthUserFile? > > > > Thanks for the help. > > > > -Todd > > > > On Wed, 27 Sep 2000, Carlos Ramirez wrote: > > > > > You can you use Location to specify seperate AuthUserFile's like so: > > > > > > Location /companyA> > > > AuthType Basic > > > AuthName CompanyA > > > AuthUserFile path/to/CompanyAUsersFile > > > > > > /Location> > > > > > > Location /companyN> > > > AuthType Basic > > > AuthName CompanyN > > > AuthUserFile path/to/CompanyNUsersFIle > > > /Location> > > > > > > > > > Or you can write your own AuthHandler that lookups up AuthName, AuthUserFile > > > in a seperate file against the path_info. This will eliminate the need to > > > flood you httpd.conf file with a bunch of Location>/Location> directives. > > > > > > > > > > > > > > > > > > > > > Todd Chapman wrote: > > > > > > > I have read chapter 6 of the modperl book but still don't know how to set > > > > up authenification the way I want. I would like to use Basic > > > > authentification to protect virtual documents. The trick is that I want > > > > to set AuthName and AuthUserFile based on path_info. > > > > > > > > For example: > > > > > > > > http://virtual/companyA/dir1 > > > > > > > > would prompt for a password in the companyA realm and check it against the > > > > appropriate AuthUserFile. > > > > > > > > How do I add this flexibility without reinventing the parts Apache already > > > > does so well? > > > > > > > > Thanks. > > > > > > > > -Todd > > > > > > -- > > > --- > > > Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181 > > > --- > > > - Someday I'll find that peer and reset his connection! > > > > > > > > > > > -- > --- > Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181 > --- > - Someday I'll find that peer and reset his connection! > > > -- --- Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181 --- - Someday I'll find that peer and reset his connection!
Re: PerlAuthenHandler advice needed.
Please explain again how to get my AuthHandler called without setting AuthName or AuthType in httpd.conf. Thanks. -Todd On Wed, 27 Sep 2000, Carlos Ramirez wrote: By choosing to use your custom AuthHandler, you basically override Apache's way of handling the particular phase, in this case the authentication phase. So you must handle prompting the user and also checking the password. You might want to read the Apache Guide (http://perl.apache.org/) on how to write you own handler and also the eagle book. After reviewing our previous conversation, I think you might need to send WWW-Authenticate header field in another phase (preferable at the PerlHeaderParserHandler) before the Authentication phase is called. Your PerlHeaderParserHandler can check the $r-uri for any password protected requests, i.e., if it matches /companyA, you can then set the WWW-Authenticate: Basic $realm and push it along it's merry way. Then your PerlAuthHandler will get the username and password and check it against the realms' AuthUserFile. Apache will handle the initial prompting for the username/password. Your requirements imply that you will have a file(??) that has a list of UserFiles for each Realm/path_info so that your authentication handler will know what file to check against. I hope this make sense ;) my coffee is running low... -Carlos Todd Chapman wrote: Thanks for the help. I was hoping that Apache would check the password for me but this should work. Now, how do I get Apache to run my PerlAuthenHandler without setting the AuthType or AuthName in httpd.conf? Do I need to do the Authentication in a PerlHandler? -Todd On Wed, 27 Sep 2000, Carlos Ramirez wrote: 1. Oh, I mis-interpreted your question. I thought you already had a list of virtual directories with the AuthNames defined. You can set the AuthName by sending them in the server response header field: WWW-Authenticate Basic $realm So the first request to /companyA, you AuthHandler will respond with: $r-header_out(WWW-Authenticate = 'Basic $realm); ## Sets Realm field $r-note_basic_auth_failure; ## Prompts for password The when a username and password are supplied i.e. ($ret,$password) = $r-get_basic_auth_pw; where $ret = 1; Then: 1. determine the AuthUserFile 2. use Apache::Htpasswd to check password -Carlos Todd Chapman wrote: Problems with your suggestion: 1. The realm will not be known until I get path_info so Location/Location directives will not work. 2. How can I get Perl to do the password lookup in the dynamically selected AuthUserFile? Thanks for the help. -Todd On Wed, 27 Sep 2000, Carlos Ramirez wrote: You can you use Location to specify seperate AuthUserFile's like so: Location /companyA AuthType Basic AuthName CompanyA AuthUserFile path/to/CompanyAUsersFile /Location Location /companyN AuthType Basic AuthName CompanyN AuthUserFile path/to/CompanyNUsersFIle /Location Or you can write your own AuthHandler that lookups up AuthName, AuthUserFile in a seperate file against the path_info. This will eliminate the need to flood you httpd.conf file with a bunch of Location/Location directives. Todd Chapman wrote: I have read chapter 6 of the modperl book but still don't know how to set up authenification the way I want. I would like to use Basic authentification to protect virtual documents. The trick is that I want to set AuthName and AuthUserFile based on path_info. For example: http://virtual/companyA/dir1 would prompt for a password in the companyA realm and check it against the appropriate AuthUserFile. How do I add this flexibility without reinventing the parts Apache already does so well? Thanks. -Todd -- --- Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181 --- - Someday I'll find that peer and reset his connection! -- --- Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181 --- - Someday I'll find that peer and reset his connection! -- --- Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181 --- - Someday I'll find that peer and reset his connection!
RE: PerlAuthenHandler invalid command
-Original Message- From: Stas Bekman [mailto:[EMAIL PROTECTED]] Sent: Monday, August 28, 2000 3:45 PM To: Geoffrey Young Cc: 'Frank Plunkett'; [EMAIL PROTECTED] Subject: RE: PerlAuthenHandler invalid command On Mon, 28 Aug 2000, Geoffrey Young wrote: build mod_perl with perl Makefile.PL EVERTHING=1 or PERL_AUTHEN=1 EVERYTHING=1 of course :) I don't think MakeMaker uses Soundex module yet :) maybe something to integrate into the mod_perl 2.0 build mechanism ;) HTH --Geoff -Original Message- From: Frank Plunkett [mailto:[EMAIL PROTECTED]] Sent: Monday, August 28, 2000 3:31 PM To: [EMAIL PROTECTED] Subject: PerlAuthenHandler invalid command Hi modperites, I keep receiving the following error message when starting httpd: Syntax error on line 99 of /usr/local/apache/conf/httpd.conf: Invalid command 'PerlAuthenHandler', perhaps mis-spelled or defined by a module not included in the server configuration my httpd.conf looks like this: Location /wwwhes AuthName Test AuthType Basic SetHandler perl-script PerlAuthenHandler Apache::AuthAny require valid-user /Location # I did a perl Makefile.pl everything=1 but still no luck. perl Makefile.PL Reading Makefile.PL args from ../makepl_args.mod_perl Configure mod_perl with /home/apache_1.3.12/src ? [y] Shall I build httpd in /home/apache_1.3.12/src for you? [y] Appending mod_perl to src/Configuration Using config file: /usr/local/mod_perl-1.24/src/Configuration Creating Makefile + configured for Solaris 270 platform + setting C compiler to cc + setting C pre-processor to cc -E + checking for system header files + adding selected modules o perl_module uses ConfigStart/End + mod_perl build type: OBJ + setting up mod_perl build environment + id: mod_perl/1.24 + id: Perl/v5.6.0 (solaris) [perl] + adjusting Apache build environment + checking sizeof various data types + doing sanity check on compiler and options Creating Makefile in support Creating Makefile in os/unix Creating Makefile in ap Creating Makefile in main Creating Makefile in lib/expat-lite Creating Makefile in modules/standard Creating Makefile in modules/perl EXTRA_CFLAGS: -DSOLARIS2=270 -DMOD_PERL -DUSE_EXPAT -I$(SRCDIR)/lib/expat-li te PerlDispatchHandler.enabled PerlChildInitHandlerenabled PerlChildExitHandlerenabled PerlPostReadRequestHandler..enabled PerlTransHandlerenabled PerlHeaderParserHandler.enabled PerlAccessHandler...enabled PerlAuthenHandler...enabled PerlAuthzHandlerenabled PerlTypeHandler.enabled PerlFixupHandlerenabled PerlHandler.enabled PerlLogHandler..enabled PerlInitHandler.enabled PerlCleanupHandler..enabled PerlRestartHandler..enabled PerlStackedHandlers.enabled PerlMethodHandlers..enabled PerlDirectiveHandlers...enabled PerlTableApienabled PerlLogApi..enabled PerlUriApi..enabled PerlUtilApi.enabled PerlFileApi.enabled PerlConnectionApi...enabled PerlServerApi...enabled PerlSectionsenabled PerlSSI.enabled Will run tests as User: 'nobody' Group: 'other' Checking CGI.pm VERSION..ok Checking for LWP::UserAgent..ok Checking for HTML::HeadParserok Writing Makefile for Apache Writing Makefile for Apache::Connection Writing Makefile for Apache::Constants Writing Makefile for Apache::File Writing Makefile for Apache::Leak Writing Makefile for Apache::Log Writing Makefile for Apache::ModuleConfig Writing Makefile for Apache::PerlRunXS Writing Makefile for Apache::Server Writing Makefile for Apache::Symbol Writing Makefile for Apache::Table Writing Makefile for Apache::URI Writing Makefile for Apache::Util Writing Makefile for mod_perl salcd6# make (cd /home/apache_1.3.12/src make CC="cc";) === os/unix _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://apachetoday.com http://jazzvalley.com http://singlesheaven.com http://perlmonth.com perl.org apache.org
RE: PerlAuthenHandler invalid command
-Original Message- From: Frank Plunkett [mailto:[EMAIL PROTECTED]] Sent: Monday, August 28, 2000 3:42 PM To: [EMAIL PROTECTED] Subject: Re: PerlAuthenHandler invalid command Geoff I did build with perl Makefile.PL PERL_AUTHEN=1 That was the first thing I thought also. Frank ok, sorry I didn't read far enough :) did you 'make install'? typically, you only see the message if you haven't enabled the api or you haven't installed mod_perl... see http://perl.apache.org/guide/install.html#A_Summary_of_a_Basic_mod_perl_In and http://perl.apache.org/guide/install.html#How_can_I_tell_whether_mod_perl_ HTH --Geoff -Original Message- From: Geoffrey Young [EMAIL PROTECTED] To: 'Frank Plunkett' [EMAIL PROTECTED]; [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Monday, August 28, 2000 3:40 PM Subject: RE: PerlAuthenHandler invalid command build mod_perl with perl Makefile.PL EVERTHING=1 or PERL_AUTHEN=1 HTH --Geoff -Original Message- From: Frank Plunkett [mailto:[EMAIL PROTECTED]] Sent: Monday, August 28, 2000 3:31 PM To: [EMAIL PROTECTED] Subject: PerlAuthenHandler invalid command Hi modperites, I keep receiving the following error message when starting httpd: Syntax error on line 99 of /usr/local/apache/conf/httpd.conf: Invalid command 'PerlAuthenHandler', perhaps mis-spelled or defined by a module not included in the server configuration my httpd.conf looks like this: Location /wwwhes AuthName Test AuthType Basic SetHandler perl-script PerlAuthenHandler Apache::AuthAny require valid-user /Location # I did a perl Makefile.pl everything=1 but still no luck. perl Makefile.PL Reading Makefile.PL args from ../makepl_args.mod_perl Configure mod_perl with /home/apache_1.3.12/src ? [y] Shall I build httpd in /home/apache_1.3.12/src for you? [y] Appending mod_perl to src/Configuration Using config file: /usr/local/mod_perl-1.24/src/Configuration Creating Makefile + configured for Solaris 270 platform + setting C compiler to cc + setting C pre-processor to cc -E + checking for system header files + adding selected modules o perl_module uses ConfigStart/End + mod_perl build type: OBJ + setting up mod_perl build environment + id: mod_perl/1.24 + id: Perl/v5.6.0 (solaris) [perl] + adjusting Apache build environment + checking sizeof various data types + doing sanity check on compiler and options Creating Makefile in support Creating Makefile in os/unix Creating Makefile in ap Creating Makefile in main Creating Makefile in lib/expat-lite Creating Makefile in modules/standard Creating Makefile in modules/perl EXTRA_CFLAGS: -DSOLARIS2=270 -DMOD_PERL -DUSE_EXPAT -I$(SRCDIR)/lib/expat-li te PerlDispatchHandler.enabled PerlChildInitHandlerenabled PerlChildExitHandlerenabled PerlPostReadRequestHandler..enabled PerlTransHandlerenabled PerlHeaderParserHandler.enabled PerlAccessHandler...enabled PerlAuthenHandler...enabled PerlAuthzHandlerenabled PerlTypeHandler.enabled PerlFixupHandlerenabled PerlHandler.enabled PerlLogHandler..enabled PerlInitHandler.enabled PerlCleanupHandler..enabled PerlRestartHandler..enabled PerlStackedHandlers.enabled PerlMethodHandlers..enabled PerlDirectiveHandlers...enabled PerlTableApienabled PerlLogApi..enabled PerlUriApi..enabled PerlUtilApi.enabled PerlFileApi.enabled PerlConnectionApi...enabled PerlServerApi...enabled PerlSectionsenabled PerlSSI.enabled Will run tests as User: 'nobody' Group: 'other' Checking CGI.pm VERSION..ok Checking for LWP::UserAgent..ok Checking for HTML::HeadParserok Writing Makefile for Apache Writing Makefile for Apache::Connection Writing Makefile for Apache::Constants Writing Makefile for Apache::File Writing Makefile for Apache::Leak Writing Makefile for Apache::Log Writing Makefile for Apache::ModuleConfig Writing Makefile for Apache::PerlRunXS Writing Makefile for Apache::Server Writing Makefile for Apache::Symbol Writing Makefile for Apache::Table Writing Makefile for Apache::URI Writing Makefile for Apache::Util Writing Makefile for mod_perl salcd6# make (cd /home/apache_1.3.12/src make CC="cc";) === os/unix
Re: PerlAuthenHandler invalid command
I figured it out. It was the dreaded permissions on the include directory. thanks for the advise all. Frank -Original Message- From: Frank Plunkett [mailto:[EMAIL PROTECTED]] Sent: Monday, August 28, 2000 3:42 PM To: [EMAIL PROTECTED] Subject: Re: PerlAuthenHandler invalid command Geoff I did build with perl Makefile.PL PERL_AUTHEN=1 That was the first thing I thought also. Frank ok, sorry I didn't read far enough :) did you 'make install'? typically, you only see the message if you haven't enabled the api or you haven't installed mod_perl... see http://perl.apache.org/guide/install.html#A_Summary_of_a_Basic_mod_perl_In and http://perl.apache.org/guide/install.html#How_can_I_tell_whether_mod_perl_ HTH --Geoff -Original Message- From: Geoffrey Young [EMAIL PROTECTED] To: 'Frank Plunkett' [EMAIL PROTECTED]; [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Monday, August 28, 2000 3:40 PM Subject: RE: PerlAuthenHandler invalid command build mod_perl with perl Makefile.PL EVERTHING=1 or PERL_AUTHEN=1 HTH --Geoff -Original Message- From: Frank Plunkett [mailto:[EMAIL PROTECTED]] Sent: Monday, August 28, 2000 3:31 PM To: [EMAIL PROTECTED] Subject: PerlAuthenHandler invalid command Hi modperites, I keep receiving the following error message when starting httpd: Syntax error on line 99 of /usr/local/apache/conf/httpd.conf: Invalid command 'PerlAuthenHandler', perhaps mis-spelled or defined by a module not included in the server configuration my httpd.conf looks like this: Location /wwwhes AuthName Test AuthType Basic SetHandler perl-script PerlAuthenHandler Apache::AuthAny require valid-user /Location # I did a perl Makefile.pl everything=1 but still no luck. perl Makefile.PL Reading Makefile.PL args from ../makepl_args.mod_perl Configure mod_perl with /home/apache_1.3.12/src ? [y] Shall I build httpd in /home/apache_1.3.12/src for you? [y] Appending mod_perl to src/Configuration Using config file: /usr/local/mod_perl-1.24/src/Configuration Creating Makefile + configured for Solaris 270 platform + setting C compiler to cc + setting C pre-processor to cc -E + checking for system header files + adding selected modules o perl_module uses ConfigStart/End + mod_perl build type: OBJ + setting up mod_perl build environment + id: mod_perl/1.24 + id: Perl/v5.6.0 (solaris) [perl] + adjusting Apache build environment + checking sizeof various data types + doing sanity check on compiler and options Creating Makefile in support Creating Makefile in os/unix Creating Makefile in ap Creating Makefile in main Creating Makefile in lib/expat-lite Creating Makefile in modules/standard Creating Makefile in modules/perl EXTRA_CFLAGS: -DSOLARIS2=270 -DMOD_PERL -DUSE_EXPAT -I$(SRCDIR)/lib/expat-li te PerlDispatchHandler.enabled PerlChildInitHandlerenabled PerlChildExitHandlerenabled PerlPostReadRequestHandler..enabled PerlTransHandlerenabled PerlHeaderParserHandler.enabled PerlAccessHandler...enabled PerlAuthenHandler...enabled PerlAuthzHandlerenabled PerlTypeHandler.enabled PerlFixupHandlerenabled PerlHandler.enabled PerlLogHandler..enabled PerlInitHandler.enabled PerlCleanupHandler..enabled PerlRestartHandler..enabled PerlStackedHandlers.enabled PerlMethodHandlers..enabled PerlDirectiveHandlers...enabled PerlTableApienabled PerlLogApi..enabled PerlUriApi..enabled PerlUtilApi.enabled PerlFileApi.enabled PerlConnectionApi...enabled PerlServerApi...enabled PerlSectionsenabled PerlSSI.enabled Will run tests as User: 'nobody' Group: 'other' Checking CGI.pm VERSION..ok Checking for LWP::UserAgent..ok Checking for HTML::HeadParserok Writing Makefile for Apache Writing Makefile for Apache::Connection Writing Makefile for Apache::Constants Writing Makefile for Apache::File Writing Makefile for Apache::Leak Writing Makefile for Apache::Log Writing Makefile for Apache::ModuleConfig Writing Makefile for Apache::PerlRunXS Writing Makefile for Apache::Server Writing Makefile for Apache::Symbol Writing Makefile for Apache::Table Writing Makefile for Apache::URI Writing Makefile for Apache::Util Writing Makefile for mod_perl salcd6# make (cd /home/apache_1.3.12/src make CC="cc";) === os/unix
RE: PerlAuthenHandler invalid command
build mod_perl with perl Makefile.PL EVERTHING=1 or PERL_AUTHEN=1 HTH --Geoff -Original Message- From: Frank Plunkett [mailto:[EMAIL PROTECTED]] Sent: Monday, August 28, 2000 3:31 PM To: [EMAIL PROTECTED] Subject: PerlAuthenHandler invalid command Hi modperites, I keep receiving the following error message when starting httpd: Syntax error on line 99 of /usr/local/apache/conf/httpd.conf: Invalid command 'PerlAuthenHandler', perhaps mis-spelled or defined by a module not included in the server configuration my httpd.conf looks like this: Location /wwwhes AuthName Test AuthType Basic SetHandler perl-script PerlAuthenHandler Apache::AuthAny require valid-user /Location # I did a perl Makefile.pl everything=1 but still no luck. perl Makefile.PL Reading Makefile.PL args from ../makepl_args.mod_perl Configure mod_perl with /home/apache_1.3.12/src ? [y] Shall I build httpd in /home/apache_1.3.12/src for you? [y] Appending mod_perl to src/Configuration Using config file: /usr/local/mod_perl-1.24/src/Configuration Creating Makefile + configured for Solaris 270 platform + setting C compiler to cc + setting C pre-processor to cc -E + checking for system header files + adding selected modules o perl_module uses ConfigStart/End + mod_perl build type: OBJ + setting up mod_perl build environment + id: mod_perl/1.24 + id: Perl/v5.6.0 (solaris) [perl] + adjusting Apache build environment + checking sizeof various data types + doing sanity check on compiler and options Creating Makefile in support Creating Makefile in os/unix Creating Makefile in ap Creating Makefile in main Creating Makefile in lib/expat-lite Creating Makefile in modules/standard Creating Makefile in modules/perl EXTRA_CFLAGS: -DSOLARIS2=270 -DMOD_PERL -DUSE_EXPAT -I$(SRCDIR)/lib/expat-li te PerlDispatchHandler.enabled PerlChildInitHandlerenabled PerlChildExitHandlerenabled PerlPostReadRequestHandler..enabled PerlTransHandlerenabled PerlHeaderParserHandler.enabled PerlAccessHandler...enabled PerlAuthenHandler...enabled PerlAuthzHandlerenabled PerlTypeHandler.enabled PerlFixupHandlerenabled PerlHandler.enabled PerlLogHandler..enabled PerlInitHandler.enabled PerlCleanupHandler..enabled PerlRestartHandler..enabled PerlStackedHandlers.enabled PerlMethodHandlers..enabled PerlDirectiveHandlers...enabled PerlTableApienabled PerlLogApi..enabled PerlUriApi..enabled PerlUtilApi.enabled PerlFileApi.enabled PerlConnectionApi...enabled PerlServerApi...enabled PerlSectionsenabled PerlSSI.enabled Will run tests as User: 'nobody' Group: 'other' Checking CGI.pm VERSION..ok Checking for LWP::UserAgent..ok Checking for HTML::HeadParserok Writing Makefile for Apache Writing Makefile for Apache::Connection Writing Makefile for Apache::Constants Writing Makefile for Apache::File Writing Makefile for Apache::Leak Writing Makefile for Apache::Log Writing Makefile for Apache::ModuleConfig Writing Makefile for Apache::PerlRunXS Writing Makefile for Apache::Server Writing Makefile for Apache::Symbol Writing Makefile for Apache::Table Writing Makefile for Apache::URI Writing Makefile for Apache::Util Writing Makefile for mod_perl salcd6# make (cd /home/apache_1.3.12/src make CC="cc";) === os/unix
Re: PerlAuthenHandler invalid command
Geoff I did build with perl Makefile.PL PERL_AUTHEN=1 That was the first thing I thought also. Frank -Original Message- From: Geoffrey Young [EMAIL PROTECTED] To: 'Frank Plunkett' [EMAIL PROTECTED]; [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Monday, August 28, 2000 3:40 PM Subject: RE: PerlAuthenHandler invalid command build mod_perl with perl Makefile.PL EVERTHING=1 or PERL_AUTHEN=1 HTH --Geoff -Original Message- From: Frank Plunkett [mailto:[EMAIL PROTECTED]] Sent: Monday, August 28, 2000 3:31 PM To: [EMAIL PROTECTED] Subject: PerlAuthenHandler invalid command Hi modperites, I keep receiving the following error message when starting httpd: Syntax error on line 99 of /usr/local/apache/conf/httpd.conf: Invalid command 'PerlAuthenHandler', perhaps mis-spelled or defined by a module not included in the server configuration my httpd.conf looks like this: Location /wwwhes AuthName Test AuthType Basic SetHandler perl-script PerlAuthenHandler Apache::AuthAny require valid-user /Location # I did a perl Makefile.pl everything=1 but still no luck. perl Makefile.PL Reading Makefile.PL args from ../makepl_args.mod_perl Configure mod_perl with /home/apache_1.3.12/src ? [y] Shall I build httpd in /home/apache_1.3.12/src for you? [y] Appending mod_perl to src/Configuration Using config file: /usr/local/mod_perl-1.24/src/Configuration Creating Makefile + configured for Solaris 270 platform + setting C compiler to cc + setting C pre-processor to cc -E + checking for system header files + adding selected modules o perl_module uses ConfigStart/End + mod_perl build type: OBJ + setting up mod_perl build environment + id: mod_perl/1.24 + id: Perl/v5.6.0 (solaris) [perl] + adjusting Apache build environment + checking sizeof various data types + doing sanity check on compiler and options Creating Makefile in support Creating Makefile in os/unix Creating Makefile in ap Creating Makefile in main Creating Makefile in lib/expat-lite Creating Makefile in modules/standard Creating Makefile in modules/perl EXTRA_CFLAGS: -DSOLARIS2=270 -DMOD_PERL -DUSE_EXPAT -I$(SRCDIR)/lib/expat-li te PerlDispatchHandler.enabled PerlChildInitHandlerenabled PerlChildExitHandlerenabled PerlPostReadRequestHandler..enabled PerlTransHandlerenabled PerlHeaderParserHandler.enabled PerlAccessHandler...enabled PerlAuthenHandler...enabled PerlAuthzHandlerenabled PerlTypeHandler.enabled PerlFixupHandlerenabled PerlHandler.enabled PerlLogHandler..enabled PerlInitHandler.enabled PerlCleanupHandler..enabled PerlRestartHandler..enabled PerlStackedHandlers.enabled PerlMethodHandlers..enabled PerlDirectiveHandlers...enabled PerlTableApienabled PerlLogApi..enabled PerlUriApi..enabled PerlUtilApi.enabled PerlFileApi.enabled PerlConnectionApi...enabled PerlServerApi...enabled PerlSectionsenabled PerlSSI.enabled Will run tests as User: 'nobody' Group: 'other' Checking CGI.pm VERSION..ok Checking for LWP::UserAgent..ok Checking for HTML::HeadParserok Writing Makefile for Apache Writing Makefile for Apache::Connection Writing Makefile for Apache::Constants Writing Makefile for Apache::File Writing Makefile for Apache::Leak Writing Makefile for Apache::Log Writing Makefile for Apache::ModuleConfig Writing Makefile for Apache::PerlRunXS Writing Makefile for Apache::Server Writing Makefile for Apache::Symbol Writing Makefile for Apache::Table Writing Makefile for Apache::URI Writing Makefile for Apache::Util Writing Makefile for mod_perl salcd6# make (cd /home/apache_1.3.12/src make CC="cc";) === os/unix
RE: PerlAuthenHandler invalid command
On Mon, 28 Aug 2000, Geoffrey Young wrote: build mod_perl with perl Makefile.PL EVERTHING=1 or PERL_AUTHEN=1 EVERYTHING=1 of course :) I don't think MakeMaker uses Soundex module yet :) HTH --Geoff -Original Message- From: Frank Plunkett [mailto:[EMAIL PROTECTED]] Sent: Monday, August 28, 2000 3:31 PM To: [EMAIL PROTECTED] Subject: PerlAuthenHandler invalid command Hi modperites, I keep receiving the following error message when starting httpd: Syntax error on line 99 of /usr/local/apache/conf/httpd.conf: Invalid command 'PerlAuthenHandler', perhaps mis-spelled or defined by a module not included in the server configuration my httpd.conf looks like this: Location /wwwhes AuthName Test AuthType Basic SetHandler perl-script PerlAuthenHandler Apache::AuthAny require valid-user /Location # I did a perl Makefile.pl everything=1 but still no luck. perl Makefile.PL Reading Makefile.PL args from ../makepl_args.mod_perl Configure mod_perl with /home/apache_1.3.12/src ? [y] Shall I build httpd in /home/apache_1.3.12/src for you? [y] Appending mod_perl to src/Configuration Using config file: /usr/local/mod_perl-1.24/src/Configuration Creating Makefile + configured for Solaris 270 platform + setting C compiler to cc + setting C pre-processor to cc -E + checking for system header files + adding selected modules o perl_module uses ConfigStart/End + mod_perl build type: OBJ + setting up mod_perl build environment + id: mod_perl/1.24 + id: Perl/v5.6.0 (solaris) [perl] + adjusting Apache build environment + checking sizeof various data types + doing sanity check on compiler and options Creating Makefile in support Creating Makefile in os/unix Creating Makefile in ap Creating Makefile in main Creating Makefile in lib/expat-lite Creating Makefile in modules/standard Creating Makefile in modules/perl EXTRA_CFLAGS: -DSOLARIS2=270 -DMOD_PERL -DUSE_EXPAT -I$(SRCDIR)/lib/expat-li te PerlDispatchHandler.enabled PerlChildInitHandlerenabled PerlChildExitHandlerenabled PerlPostReadRequestHandler..enabled PerlTransHandlerenabled PerlHeaderParserHandler.enabled PerlAccessHandler...enabled PerlAuthenHandler...enabled PerlAuthzHandlerenabled PerlTypeHandler.enabled PerlFixupHandlerenabled PerlHandler.enabled PerlLogHandler..enabled PerlInitHandler.enabled PerlCleanupHandler..enabled PerlRestartHandler..enabled PerlStackedHandlers.enabled PerlMethodHandlers..enabled PerlDirectiveHandlers...enabled PerlTableApienabled PerlLogApi..enabled PerlUriApi..enabled PerlUtilApi.enabled PerlFileApi.enabled PerlConnectionApi...enabled PerlServerApi...enabled PerlSectionsenabled PerlSSI.enabled Will run tests as User: 'nobody' Group: 'other' Checking CGI.pm VERSION..ok Checking for LWP::UserAgent..ok Checking for HTML::HeadParserok Writing Makefile for Apache Writing Makefile for Apache::Connection Writing Makefile for Apache::Constants Writing Makefile for Apache::File Writing Makefile for Apache::Leak Writing Makefile for Apache::Log Writing Makefile for Apache::ModuleConfig Writing Makefile for Apache::PerlRunXS Writing Makefile for Apache::Server Writing Makefile for Apache::Symbol Writing Makefile for Apache::Table Writing Makefile for Apache::URI Writing Makefile for Apache::Util Writing Makefile for mod_perl salcd6# make (cd /home/apache_1.3.12/src make CC="cc";) === os/unix _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://apachetoday.com http://jazzvalley.com http://singlesheaven.com http://perlmonth.com perl.org apache.org
Re: PerlAuthenHandler invalid command
On Mon, 28 Aug 2000, Frank Plunkett wrote: Geoff I did build with perl Makefile.PL PERL_AUTHEN=1 That was the first thing I thought also. How about 'make install' in apache/src directory? Frank -Original Message- From: Geoffrey Young [EMAIL PROTECTED] To: 'Frank Plunkett' [EMAIL PROTECTED]; [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Monday, August 28, 2000 3:40 PM Subject: RE: PerlAuthenHandler invalid command build mod_perl with perl Makefile.PL EVERTHING=1 or PERL_AUTHEN=1 HTH --Geoff -Original Message- From: Frank Plunkett [mailto:[EMAIL PROTECTED]] Sent: Monday, August 28, 2000 3:31 PM To: [EMAIL PROTECTED] Subject: PerlAuthenHandler invalid command Hi modperites, I keep receiving the following error message when starting httpd: Syntax error on line 99 of /usr/local/apache/conf/httpd.conf: Invalid command 'PerlAuthenHandler', perhaps mis-spelled or defined by a module not included in the server configuration my httpd.conf looks like this: Location /wwwhes AuthName Test AuthType Basic SetHandler perl-script PerlAuthenHandler Apache::AuthAny require valid-user /Location # I did a perl Makefile.pl everything=1 but still no luck. perl Makefile.PL Reading Makefile.PL args from ../makepl_args.mod_perl Configure mod_perl with /home/apache_1.3.12/src ? [y] Shall I build httpd in /home/apache_1.3.12/src for you? [y] Appending mod_perl to src/Configuration Using config file: /usr/local/mod_perl-1.24/src/Configuration Creating Makefile + configured for Solaris 270 platform + setting C compiler to cc + setting C pre-processor to cc -E + checking for system header files + adding selected modules o perl_module uses ConfigStart/End + mod_perl build type: OBJ + setting up mod_perl build environment + id: mod_perl/1.24 + id: Perl/v5.6.0 (solaris) [perl] + adjusting Apache build environment + checking sizeof various data types + doing sanity check on compiler and options Creating Makefile in support Creating Makefile in os/unix Creating Makefile in ap Creating Makefile in main Creating Makefile in lib/expat-lite Creating Makefile in modules/standard Creating Makefile in modules/perl EXTRA_CFLAGS: -DSOLARIS2=270 -DMOD_PERL -DUSE_EXPAT -I$(SRCDIR)/lib/expat-li te PerlDispatchHandler.enabled PerlChildInitHandlerenabled PerlChildExitHandlerenabled PerlPostReadRequestHandler..enabled PerlTransHandlerenabled PerlHeaderParserHandler.enabled PerlAccessHandler...enabled PerlAuthenHandler...enabled PerlAuthzHandlerenabled PerlTypeHandler.enabled PerlFixupHandlerenabled PerlHandler.enabled PerlLogHandler..enabled PerlInitHandler.enabled PerlCleanupHandler..enabled PerlRestartHandler..enabled PerlStackedHandlers.enabled PerlMethodHandlers..enabled PerlDirectiveHandlers...enabled PerlTableApienabled PerlLogApi..enabled PerlUriApi..enabled PerlUtilApi.enabled PerlFileApi.enabled PerlConnectionApi...enabled PerlServerApi...enabled PerlSectionsenabled PerlSSI.enabled Will run tests as User: 'nobody' Group: 'other' Checking CGI.pm VERSION..ok Checking for LWP::UserAgent..ok Checking for HTML::HeadParserok Writing Makefile for Apache Writing Makefile for Apache::Connection Writing Makefile for Apache::Constants Writing Makefile for Apache::File Writing Makefile for Apache::Leak Writing Makefile for Apache::Log Writing Makefile for Apache::ModuleConfig Writing Makefile for Apache::PerlRunXS Writing Makefile for Apache::Server Writing Makefile for Apache::Symbol Writing Makefile for Apache::Table Writing Makefile for Apache::URI Writing Makefile for Apache::Util Writing Makefile for mod_perl salcd6# make (cd /home/apache_1.3.12/src make CC="cc";) === os/unix _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://apachetoday.com http://jazzvalley.com http://singlesheaven.com http://perlmonth.com perl.org apache.org
Re: PerlAuthenHandler -- doesn't get there...? SOLVED
[ previous discussion snipped ] httpd.conf or .htaccess (PerlModule hasta be in httpd.conf, from my experience)-- PerlAccessHandler My::Auth::access_handler PerlSetVar Intranet "10.10.10.1 = userA, 10.10.10.2 = userB" PerlAuthenHandler My::Auth::authen_handler AuthName realm AuthType Basic Require valid-user order deny,allow deny from all # # add 'order/deny', and we're done (as far as i can tell) # Before any changes to the Guide solidify out of this, I'd like to know that we're not pushing bad information into it. - order, deny, allow are all handled by mod_access, which worries about hostname- and IP address-based restrictions. - AuthType Basic is handled right in the core Apache code, where it, along with digest, is special-cased for in http_request and elsewhere. You aren't really doing Basic auth with your module, are you? That is, you're not putting the Auth-Required headers into your responses (to cause the browser to prompt for credentials) if you don't see the Basic auth headers in the requests, right? I'm using Apache::AuthCookie, not doing this from scratch, so that clouds things a bit for me, but I've been looking at Apache's behaviour a lot. Here's my test config (for Apache::AuthCookie): Location /some/where AllowOverride None Options +ExecCGI SetHandler cgi-script AuthType Site::AuthCookieHandler AuthName Testing PerlAuthenHandler Site::AuthCookieHandler-authenticate PerlAuthzHandler Site::AuthCookieHandler-authorize require valid-user /Location Notice that there are no order, allow, deny directives in sight, and this works as it should. If I truss apache while I hit this spot with a request, I see the results of the handlers being invoked, which in AuthCookie's case is a redirection to a login form. If I replace "AuthType Site::AuthCookieHandler" with "AuthType Basic", the handlers don't get invoked, and I instead see this error from apache: configuration error: couldn't check user. No user file?: /some/where This comes from http_request.c, which is responding to "AuthType Basic". It's giving an error because I haven't told it where to find a user file (AuthUserFile) or database (AuthDBMUserFile) to check requests against, but I've requested Basic auth. ...Steve -- Steve van der Burg Information Services London Health Sciences Centre (519) 685-8300 ext 35559 [EMAIL PROTECTED]
Re: PerlAuthenHandler -- doesn't get there...? SOLVED
Stas Bekman replied:
Argh, I wish I could always test every addition I have in the guide, some
code goes untested as it was posted to the mod_perl or contributed by
someone else. Then people come and use it, if something is wrong they send
me a patch I fix it. I guess this is a similar scenario -- I admit that
this code wasn't tested by me. If you find the problem and solve it,
please send me the patch, so everybody could benefit from it.
As for hints you want to read the Eagle book, I try hard not to duplicate
information in the book, but sometimes I do. The book covers extensively
the Authentication handler writing. You should start from the Basic one
that works for you and then move on and add the extra, more complicated
logic inside.
I'm looking forward for the patch :) Thanks a lot!
hmm! "hey, i'm lost in the sears tower. can anybody tell me
how to turn the lights on?" "whoops. maybe if you build your
own skyscraper you can get back with us on that..." :)
so here's what i've stumbled into, in the dark--
i'm using apache 1.3.9 on debian/gnu linux 2.2:
ONE--
from http://perl.apache.org/current/htdocs/manual/mod/mod_perl.html
PerlModule directive
Description: List of Perl modules
Syntax: PerlModule Arg1 x n (ITERATE)
PerlSyntax: push @PerlModule, $arg1
Context: Allowed in *.conf anywhere and in .htaccess
Override: Any other than None
Status: Extension
Module: mod_perl
yet when i put 'PerlModule Serensoft::Auth' into
the .htaccess file i consistently got
[notice] child pid 30127 exit signal Segmentation fault (11)
moving it back into the /etc/apache/httpd.conf file,
all is sparkly again.
TWO--
if i modify the .htaccess file or the Auth.pm file, it's
USUALLY silently ignored until i do
'apachectl graceful'
although sometimes .htaccess updates are activated.
i presume that even having five or ten child apaches running
around loose, it's the one that's dealing with the request that
checks for updates to required modules settings files...
should i hafta 'graceful' just to update Auth.pm or .htaccess?
THREE--
according to /usr/doc/apache/manual/mod/core.html, the
AuthName and AuthType are allowed in .htaccess and
directory sections only, NOT location sections; this
could be a documentation oversight, i reckon.
FOUR--
i'm now reasonably certain (90% or so) that the missing
ingredients were basically indicated by Eric Cholet when he said
maybe you need "Order deny, allow" to trigger authentication
seems that i also needed the companion
deny from all
as well (he probably thought i knew enough to presume that,
but alas, i only now begin to see...).
===
SO -- Stas, here's a coupla extra tweaks i think you should
make so that cut/paste newbies (unlike me, of course) will
have an easier time with this particular example on the next
iteration:
My/Auth.pm--
[snip]
sub authen_handler {
[snip]
my $reason = authen_dbi ($r, $user, $sent_pw, $level);
#
# '$level' looks like an artifact from the
# original code that isn't part of this example.
#
[snip]
sub authen_dbi{
my ($r, $user, $sent_pw, $level) = @_;
#
# $level, again. omit.
#
# validate username/passwd
return 0 if (*PASSED*)
#
# i'd leave this as is; if you change it to a real perl
# expression such as /PASSED/ some newbies will sail right
# on by, wondering why they'll never authenticate properly
# (i'd be one of them).
#
return "Failed for X reason";
}
1;
#
# add the 'require'-friendly 'non-zero final statement'
#
httpd.conf or .htaccess (PerlModule hasta be in httpd.conf,
from my experience)--
PerlAccessHandler My::Auth::access_handler
PerlSetVar Intranet "10.10.10.1 = userA, 10.10.10.2 = userB"
PerlAuthenHandler My::Auth::authen_handler
AuthName realm
AuthType Basic
Require valid-user
order deny,allow
deny from all
#
# add 'order/deny', and we're done (as far as i can tell)
#
and there you have it. i think.
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Their is five errers in this sentance.
Re: PerlAuthenHandler -- doesn't get there...? SOLVED
SO -- Stas, here's a coupla extra tweaks i think you should make so that cut/paste newbies (unlike me, of course) will have an easier time with this particular example on the next iteration: It's corrected in the guide's cvs version! Thanks Will! _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://apachetoday.com http://jazzvalley.com http://singlesheaven.com http://perlmonth.com perl.org apache.org
Re: PerlAuthenHandler -- doesn't get there...?
i canna get the PerlAuthenHandler to do ANYTHING. first
line of code after $r = shift is $r-warn() but nothing
shows up in the log. aaugh!
i copied the sample code from 'illustrated security scenarios'
at http://perl.apache.org/guide/security.html nearly verbatim,
(cut paste + munge) changed '(*PASSED*)' to a simple test
(moot, at this point) and inserted a few $r-warn("") for tracing
and debugging purposes.
access_handler() works fine. all its $r-warn output shows up
in the logfile as it should.
BUT i never see any incursion into the authen_handler() AT ALL!
maybe you need "Order deny, allow" to trigger authentication
[my main site is serensoft.com; the virtual site is dontUthink.com
and the url i'm trying to test is dontUthink.com/auth ... it lets
me in, every time, without asking for any userid:password.]
httpd.conf:
PerlModule Serensoft::Auth
Location /auth
PerlAccessHandler Serensoft::Auth::access_handler
PerlSetVar Intranet "this = that"
PerlAuthenHandler Serensoft::Auth::authen_handler
AuthName "dontUthink subscriber"
AuthType Basic
Require valid-user
/Location
Serensoft/Auth.pm:
Package Serensoft::Auth;
use strict;
use Apache::Constants qw(:common);
[snip]
sub authen_handler {
my $r = shift;
$r-warn('authen_handler'); # == NEVER gets here!!!
# get user's authentication credentials
my ($res, $sent_pw) = $r-get_basic_auth_pw;
return $res if $res != OK;
my $user = $r-connection-user;
# authenticate through DBI
my $reason = authen_dbi ($r, $user, $sent_pw); # $level? eh?
if ($reason) {
$r-note_basic_auth_failure;
$r-log_reason ($reason, $r-uri);
return AUTH_REQUIRED;
}
return OK;
}
i even tried adding
$r-set_handlers(PerlAuthenHandler = [\authen_handler]);
right at the end of access_handler() (before returning OK)
but alas, to no avail.
what obvious dial have i forgotten to frob?
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Their is five errers in this sentance.
Re: PerlAuthenHandler -- doesn't get there...?
i canna get the PerlAuthenHandler to do ANYTHING. first line of code after $r = shift is $r-warn() but nothing shows up in the log. aaugh! [snip] Location /auth PerlAccessHandler Serensoft::Auth::access_handler PerlSetVar Intranet "this = that" PerlAuthenHandler Serensoft::Auth::authen_handler AuthName "dontUthink subscriber" AuthType Basic Require valid-user /Location [snip] After looking at my own configuration for Apache::AuthCookie, and snooping in the Apache source a bit, I think that your "AuthType Basic" needs to be changed to "AuthType Serensoft::Auth". ...Steve -- Steve van der Burg Information Services London Health Sciences Centre (519) 685-8300 ext 35559 [EMAIL PROTECTED]
Re: PerlAuthenHandler -- doesn't get there...?
thanks for your posts, guys!
Eric Cholet replied:
i copied the sample code from 'illustrated security scenarios'
at http://perl.apache.org/guide/security.html nearly verbatim,
(cut paste + munge) changed '(*PASSED*)' to a simple test
(moot, at this point) and inserted a few $r-warn("") for tracing
and debugging purposes.
access_handler() works fine. all its $r-warn output shows up
in the logfile as it should.
BUT i never see any incursion into the authen_handler() AT ALL!
maybe you need "Order deny, allow" to trigger authentication
Steve van der Burg replied:
After looking at my own configuration for
Apache::AuthCookie, and snooping in the Apache source a
bit, I think that your "AuthType Basic" needs to be
changed to "AuthType Serensoft::Auth".
tried both... alas, still no entry into authen_handler.
it's never executed at all.
(Steve--docs for most of the standard auth modules [see your
local http://localhost/doc/apache/manual/mod/] which seem
to indicate 'AuthType Basic' not 'AuthType Mod::Path'...?)
if Stas can get it to work using the framework on the guide page,
what've i got missing? (can anybody confirm that it can/does
run as expected?)
what modules are required for this simple authenticator to work?
there's gotta be something i'm missing. Doesn't look like
'AuthUserFile' or the like, would come into play, does it?
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Their is five errers in this sentance.
Re: PerlAuthenHandler -- doesn't get there...?
On Fri, 18 Aug 2000, will trillich wrote:
thanks for your posts, guys!
Eric Cholet replied:
i copied the sample code from 'illustrated security scenarios'
at http://perl.apache.org/guide/security.html nearly verbatim,
(cut paste + munge) changed '(*PASSED*)' to a simple test
(moot, at this point) and inserted a few $r-warn("") for tracing
and debugging purposes.
access_handler() works fine. all its $r-warn output shows up
in the logfile as it should.
BUT i never see any incursion into the authen_handler() AT ALL!
maybe you need "Order deny, allow" to trigger authentication
Steve van der Burg replied:
After looking at my own configuration for
Apache::AuthCookie, and snooping in the Apache source a
bit, I think that your "AuthType Basic" needs to be
changed to "AuthType Serensoft::Auth".
tried both... alas, still no entry into authen_handler.
it's never executed at all.
(Steve--docs for most of the standard auth modules [see your
local http://localhost/doc/apache/manual/mod/] which seem
to indicate 'AuthType Basic' not 'AuthType Mod::Path'...?)
if Stas can get it to work using the framework on the guide page,
what've i got missing? (can anybody confirm that it can/does
run as expected?)
Argh, I wish I could always test every addition I have in the guide, some
code goes untested as it was posted to the mod_perl or contributed by
someone else. Then people come and use it, if something is wrong they send
me a patch I fix it. I guess this is a similar scenario -- I admit that
this code wasn't tested by me. If you find the problem and solve it,
please send me the patch, so everybody could benefit from it.
As for hints you want to read the Eagle book, I try hard not to duplicate
information in the book, but sometimes I do. The book covers extensively
the Authentication handler writing. You should start from the Basic one
that works for you and then move on and add the extra, more complicated
logic inside.
I'm looking forward for the patch :) Thanks a lot!
_
Stas Bekman JAm_pH -- Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide http://perl.apache.org/guide
mailto:[EMAIL PROTECTED] http://apachetoday.com http://jazzvalley.com
http://singlesheaven.com http://perlmonth.com perl.org apache.org
Re: PerlAuthenHandler and browsers
On Wed, 21 Jun 2000, J. J. Horner wrote: For that reason, my handler can't rely on browsers to behave during the Authentication phase. I am going to have to find a way to force a user to input his password into the browser not using standard HTTP response codes. Could you elaborate on that a little more, please? What is a reliable way to return a CGI script, and doing something with that response, before returning the page requested by the user? JJ -- Blue Lang Unix Systems Admin QSP, Inc., 3200 Atlantic Ave, Ste 100, Raleigh, NC, 27604 Home: 919 835 1540 Work: 919 875 6994 Fax: 919 872 4015
RE: PerlAuthenHandler
When you installed mod_perl on the Stronghold server, did you indicate that you wanted to install support for perl authentication handlers? (I think adding PERL_AUTHEN=1 to the "perl Makefile.PL" command is the way to do this.) Sorry to be so vague, but since I use "EVERYTHING=1" I really have never had to deal with this issue before. -Original Message- From: HORNER, J. (JH8) [mailto:[EMAIL PROTECTED]] Sent: Friday, June 09, 2000 9:25 AM To: '[EMAIL PROTECTED]' Cc: '[EMAIL PROTECTED]' Subject: PerlAuthenHandler What are the rules for using the PerlAuthenHandler? I have a timeout module that works great on my Apache 1.3.12/mod_perl 1.24, and if I put the directives directly in the httpd.conf file. When I try to put the stuff in the httpd.conf file on my "Stronghold/2.4.1 Apache/1.3.3 C2NetEU/2409 Doorkeeper/2.0 (Unix) mod_perl/1.21 configured" server, the service doesn't start. Here are the entries on the first server: PerlSetEnv PERL5LIB lib/perl PerlRequire conf/startup.pl PerlFreshRestart On PerlModule Apache::Registry Directory /data/2jnetworks/test AuthType Basic AuthName TEST AuthUserFile /usr/local/apache/conf/www_passwd AuthGroupFile /usr/local/apache/conf/www_group require group 2jnetworks PerlAuthenHandler Apache::TimeOut PerlSetVar TimeLimit 15 /Directory Here are the entries for the second server: PerlSetEnv PERL5LIB lib/perl PerlRequire conf/startup.pl PerlFreshRestart On PerlModule Apache::Registry Directory /data/httpd/docs/jhorner AuthName Test AuthType Basic AuthUserFile /usr/local/apache/conf/www_passwd AuthGroupFile /usr/local/apache/conf/www_group require group test PerlAuthenHandler Apache::TimeOut PerlSetVar TimeOut 15 /Directory When I put the PerlAuthenHandler entries into an .htaccess file, the server will start, but I get: /data/httpd/docs/jhorner/.htaccess: Invalid command 'PerlAuthenHandler', perhaps mis-spelled or defined by a module not included in the server configuration I have other perl handler type things in the httpd.conf file, but nothing else gives this error, any ideas? Thanks, JJ
