Re: two identical directives in Perl configuration (doc patch included)
Dave Kaufman wrote:
"Adi Fairbank" [EMAIL PROTECTED] wrote:
Dave Kaufman wrote:
$Location{"blah"} = {
require = "group payer_manager, payer_group demo"
};
should do the trick.
I wrote:
Thanks, that fixed it.
Actually, no that didn't fix it!
$r-requires
returns
[{ 'group' = "payer_manager, payer_group demo"}]
d'oh! we have the syntax wrong to begin with.
http://www.apache.org/docs/mod/core.html#require says:
Yes, but I'm using Apache::AuthCookie, which allows you to implement your own
require methods. Theoretically, I could have as many require'ments as I write
perl methods in the PerlAuthzHandler.
require group payer_manager
require payer_group demo
require user_ip 127.0.0.1
require dayofweek wednesday
etc..
This is why it would be useful for Perl sections to support:
$Location{"blah"} = {
require = ["req 1", "req 2", "req 3", "req 4", ..]
};
-Adi
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: two identical directives in Perl configuration (doc patch included)
Dave Kaufman wrote:
i belive it is. in fact, i didn't realize specifing two require coditions (one
group and one user) worked on *separate* lines :)
something like:
$Location{"blah"} = {
require = "group payer_manager, payer_group demo"
};
should do the trick.
-dave
Thanks, that fixed it.
One thing I noticed through all this, is I think the mod_perl documentation is
wrong.. I don't think the following is supported...
DirectoryIndex = [qw(index.html index.htm)],
... unless DirectoryIndex is a special case.
From perl_config.c:
1148 #define SECiter_list(t) \
1149 { \
1150 I32 i; \
1151 for(i=0; i=AvFILL(entries); i++) { \
1152 SV *rv = *av_fetch(entries, i, FALSE); \
1153 HV *nhv; \
1154 if(!SvROK(rv) || (SvTYPE(SvRV(rv)) != SVt_PVHV)) \
1155 croak("not a HASH reference!"); \
1156 nhv = newHV(); \
1157 hv_store(nhv, (char*)key, klen, SvREFCNT_inc(rv), FALSE); \
1158 tab = nhv; \
1159 t; \
1160 SvREFCNT_dec(nhv); \
1161 } \
1162 entries = Nullav; \
1163 continue; \
1164 }
lines 1154-1155 will cause it to croak if any array value in entries is not a
hashref, so an arrayref of scalars (e.g. DirectoryIndex = [qw(index.html
index.htm)]) won't work.
Am I wrong here? I did some simple tests which confirmed my suspicions, but I
may still be missing something.
Below is a documentation patch that I think will prevent other people's
confusion in the future:
Index: mod_perl.pod
===
RCS file: /home/cvspublic/modperl/mod_perl.pod,v
retrieving revision 1.20
diff -u -r1.20 mod_perl.pod
--- mod_perl.pod2000/03/05 23:46:30 1.20
+++ mod_perl.pod2000/11/17 23:18:54
@@ -618,7 +618,7 @@
AuthUserFile = '/tmp/htpasswd',
AuthType = 'Basic',
AuthName = 'test',
- DirectoryIndex = [qw(index.html index.htm)],
+ DirectoryIndex = 'index.html index.htm',
Limit = {
METHODS = 'GET POST',
require = 'user dougm',
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: two identical directives in Perl configuration (doc patch included)
Dave Kaufman wrote:
i belive it is. in fact, i didn't realize specifing two require coditions (one
group and one user) worked on *separate* lines :)
something like:
$Location{"blah"} = {
require = "group payer_manager, payer_group demo"
};
should do the trick.
-dave
I wrote:
Thanks, that fixed it.
Actually, no that didn't fix it!
$r-requires
returns
[{ 'group' = "payer_manager, payer_group demo"}]
for the above $Location{} directive. It does no comma separation. I guess the
only workaround is to split on comma after calling $r-requires (in the Auth
handler).
This is definitely not ideal.. I think we should fix this in perl_config.c.
Basically I think there should be some straightforward way to have two (or more)
require statements in $Location{} directives. The most logical seems to be what
Tom suggested:
require = ["group payer_manager", "payer_group demo"]
I'd be happy to submit patches if I got a go ahead from Doug that this would be
useful.
-Adi
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: two identical directives in Perl configuration (doc patch included)
"Adi Fairbank" [EMAIL PROTECTED] wrote:
Dave Kaufman wrote:
$Location{"blah"} = {
require = "group payer_manager, payer_group demo"
};
should do the trick.
I wrote:
Thanks, that fixed it.
Actually, no that didn't fix it!
$r-requires
returns
[{ 'group' = "payer_manager, payer_group demo"}]
d'oh! we have the syntax wrong to begin with.
http://www.apache.org/docs/mod/core.html#require says:
Require directive
The allowed syntaxes are:
Require user userid userid ...
Only the named users can access the directory.
Require group group-name group-name ...
^
Only users in the named groups can access the directory.
Require valid-user
All valid users can access the directory.
implying that you *must* specify either
'user' username username ...
or 'group' groupname groupname ...
or 'valid-user'
but the concept of specifying access based on a combination of
username-or-group-memership seems to be undefined.
i thought maybe the satisfy directive might help, ala:
satisfy any
require group simpson
require user bart
but the satisy docs say its only for mixing allow deny type access restrictions with
auth-based restrictions...
i could have sworn i had successfully done this in the past though, allowing a whole
group plus one named user... (but maybe i just added him to the group in question)
perhaps someone else can enlighten us...
-dave
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
