Re: two identical directives in Perl configuration (doc patch included)
Dave Kaufman wrote: "Adi Fairbank" [EMAIL PROTECTED] wrote: Dave Kaufman wrote: $Location{"blah"} = { require = "group payer_manager, payer_group demo" }; should do the trick. I wrote: Thanks, that fixed it. Actually, no that didn't fix it! $r-requires returns [{ 'group' = "payer_manager, payer_group demo"}] d'oh! we have the syntax wrong to begin with. http://www.apache.org/docs/mod/core.html#require says: Yes, but I'm using Apache::AuthCookie, which allows you to implement your own require methods. Theoretically, I could have as many require'ments as I write perl methods in the PerlAuthzHandler. require group payer_manager require payer_group demo require user_ip 127.0.0.1 require dayofweek wednesday etc.. This is why it would be useful for Perl sections to support: $Location{"blah"} = { require = ["req 1", "req 2", "req 3", "req 4", ..] }; -Adi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: two identical directives in Perl configuration (doc patch included)
Dave Kaufman wrote: i belive it is. in fact, i didn't realize specifing two require coditions (one group and one user) worked on *separate* lines :) something like: $Location{"blah"} = { require = "group payer_manager, payer_group demo" }; should do the trick. -dave Thanks, that fixed it. One thing I noticed through all this, is I think the mod_perl documentation is wrong.. I don't think the following is supported... DirectoryIndex = [qw(index.html index.htm)], ... unless DirectoryIndex is a special case. From perl_config.c: 1148 #define SECiter_list(t) \ 1149 { \ 1150 I32 i; \ 1151 for(i=0; i=AvFILL(entries); i++) { \ 1152 SV *rv = *av_fetch(entries, i, FALSE); \ 1153 HV *nhv; \ 1154 if(!SvROK(rv) || (SvTYPE(SvRV(rv)) != SVt_PVHV)) \ 1155 croak("not a HASH reference!"); \ 1156 nhv = newHV(); \ 1157 hv_store(nhv, (char*)key, klen, SvREFCNT_inc(rv), FALSE); \ 1158 tab = nhv; \ 1159 t; \ 1160 SvREFCNT_dec(nhv); \ 1161 } \ 1162 entries = Nullav; \ 1163 continue; \ 1164 } lines 1154-1155 will cause it to croak if any array value in entries is not a hashref, so an arrayref of scalars (e.g. DirectoryIndex = [qw(index.html index.htm)]) won't work. Am I wrong here? I did some simple tests which confirmed my suspicions, but I may still be missing something. Below is a documentation patch that I think will prevent other people's confusion in the future: Index: mod_perl.pod === RCS file: /home/cvspublic/modperl/mod_perl.pod,v retrieving revision 1.20 diff -u -r1.20 mod_perl.pod --- mod_perl.pod2000/03/05 23:46:30 1.20 +++ mod_perl.pod2000/11/17 23:18:54 @@ -618,7 +618,7 @@ AuthUserFile = '/tmp/htpasswd', AuthType = 'Basic', AuthName = 'test', - DirectoryIndex = [qw(index.html index.htm)], + DirectoryIndex = 'index.html index.htm', Limit = { METHODS = 'GET POST', require = 'user dougm', - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: two identical directives in Perl configuration (doc patch included)
Dave Kaufman wrote: i belive it is. in fact, i didn't realize specifing two require coditions (one group and one user) worked on *separate* lines :) something like: $Location{"blah"} = { require = "group payer_manager, payer_group demo" }; should do the trick. -dave I wrote: Thanks, that fixed it. Actually, no that didn't fix it! $r-requires returns [{ 'group' = "payer_manager, payer_group demo"}] for the above $Location{} directive. It does no comma separation. I guess the only workaround is to split on comma after calling $r-requires (in the Auth handler). This is definitely not ideal.. I think we should fix this in perl_config.c. Basically I think there should be some straightforward way to have two (or more) require statements in $Location{} directives. The most logical seems to be what Tom suggested: require = ["group payer_manager", "payer_group demo"] I'd be happy to submit patches if I got a go ahead from Doug that this would be useful. -Adi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: two identical directives in Perl configuration (doc patch included)
"Adi Fairbank" [EMAIL PROTECTED] wrote: Dave Kaufman wrote: $Location{"blah"} = { require = "group payer_manager, payer_group demo" }; should do the trick. I wrote: Thanks, that fixed it. Actually, no that didn't fix it! $r-requires returns [{ 'group' = "payer_manager, payer_group demo"}] d'oh! we have the syntax wrong to begin with. http://www.apache.org/docs/mod/core.html#require says: Require directive The allowed syntaxes are: Require user userid userid ... Only the named users can access the directory. Require group group-name group-name ... ^ Only users in the named groups can access the directory. Require valid-user All valid users can access the directory. implying that you *must* specify either 'user' username username ... or 'group' groupname groupname ... or 'valid-user' but the concept of specifying access based on a combination of username-or-group-memership seems to be undefined. i thought maybe the satisfy directive might help, ala: satisfy any require group simpson require user bart but the satisy docs say its only for mixing allow deny type access restrictions with auth-based restrictions... i could have sworn i had successfully done this in the past though, allowing a whole group plus one named user... (but maybe i just added him to the group in question) perhaps someone else can enlighten us... -dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]