subject:"test framework\/mod_authany's check user id hook vs. mod

Re: test framework/mod_authany's check user id hook vs. mod_ssl's

2009-03-20 Thread Jeff Trawick

On Thu, Mar 19, 2009 at 4:36 PM, Jeff Trawick traw...@gmail.com wrote:

assert(Whatever is done in mod_ssl, the 2.3 logic in mod_authany needs to
 ensure that its check user id hook runs after mod_ssl's.)


I'm going with this code in mod_authany for Apache 2.0/2.2 as soon as it
checks out okay on more trees:

+static void extra_hooks(apr_pool_t *p)
+{
+static const char * const modssl_runs_before[] = {mod_ssl.c, NULL};
+
+ap_hook_check_user_id(authany_handler, modssl_runs_before, NULL,
+  APR_HOOK_FIRST);
+ap_hook_auth_checker(require_any_user, NULL, NULL, APR_HOOK_FIRST);
+}

Reversing the order of (modssl_runs_before, NULL) does show failure of
ssl/fakeauth and ssl/basicauth; the order in the code above works.

-- 
Born in Roswell... married an alien...

Re: test framework/mod_authany's check user id hook vs. mod_ssl's

2009-03-20 Thread Oden Eriksson

torsdag 19 mars 2009 21:36:42 skrev  Jeff Trawick:

[...]

I keep getting:

t/modules/include...ok 46/88# Failed test 67 in t/modules/include.t at 
line 396 

On Mandriva Linux (cooker)


-- 
Regards // Oden Eriksson

This email has been processed by SmoothZap - www.smoothwall.net

Re: test framework/mod_authany's check user id hook vs. mod_ssl's

2009-03-20 Thread Jeff Trawick

2009/3/20 Oden Eriksson oden.eriks...@envitory.se

 torsdag 19 mars 2009 21:36:42 skrev  Jeff Trawick:

 [...]

 I keep getting:

 t/modules/include...ok 46/88# Failed test 67 in t/modules/include.t
 at
 line 396

 On Mandriva Linux (cooker)


AFAICT, that observation is completely independent of this particular
discussion thread ;)

if that's all that fails for you, be happy; I see that one and others in
various modules before/after my mod_authany change

maybe you can minimize the skipped tests (by adding additional httpd or Perl
modules, if practical) and start a new thread on what failures you're
seeing?  (and which tree -- trunk or 2.2.x)

Re: test framework/mod_authany's check user id hook vs. mod_ssl's

2009-03-20 Thread Plüm, Rüdiger, VF-Group

 -Ursprüngliche Nachricht-
 Von: Oden Eriksson
 Gesendet: Freitag, 20. März 2009 16:53
 An: dev@httpd.apache.org
 Betreff: Re: test framework/mod_authany's check user id hook
 vs. mod_ssl's

 torsdag 19 mars 2009 21:36:42 skrev  Jeff Trawick:

 [...]

 I keep getting:

 t/modules/include...ok 46/88# Failed test 67 in
 t/modules/include.t at
 line 396

This has nothing to do with Jeff's changes.
This is caused by r755261 which is a test case for
PR 39369. This bug isn't fixed on trunk and 2.2.x.

Regards

Rüdiger

Re: test framework/mod_authany's check user id hook vs. mod_ssl's

2009-03-20 Thread Joe Orton

On Thu, Mar 19, 2009 at 04:36:42PM -0400, Jeff Trawick wrote:
 Beyond the mod_authany question, why doesn't mod_ssl declare its check user
 id hook really-first if it can generate the basic auth?  (Let the extremely
 limited number of modules which generate basic auth headers fight it out via
 predecessor/successor lists.)

I doubt much thought has gone into it.

Since, as you say, all the FakeBasic code needs to happen before the 
real check_user_id hooks run, I'd reckon it would make more sense to 
move it to e.g. the post_read_request hook (ssl_hook_ReadReq), rather 
than trying harder to win the hook ordering game?

Regards, Joe

Re: test framework/mod_authany's check user id hook vs. mod_ssl's

2009-03-20 Thread William A. Rowe, Jr.


Joe Orton wrote:

On Thu, Mar 19, 2009 at 04:36:42PM -0400, Jeff Trawick wrote:

Beyond the mod_authany question, why doesn't mod_ssl declare its check user
id hook really-first if it can generate the basic auth?  (Let the extremely
limited number of modules which generate basic auth headers fight it out via
predecessor/successor lists.)


I doubt much thought has gone into it.

Since, as you say, all the FakeBasic code needs to happen before the 
real check_user_id hooks run, I'd reckon it would make more sense to 
move it to e.g. the post_read_request hook (ssl_hook_ReadReq), rather 
than trying harder to win the hook ordering game?


For that matter, why does SSLRequire still exist?  Has nothing to do at
all with SSL ;-)  Perhaps it's time to start doing what Mr Laurie wanted
to accomplish in the first place, and (saving functionality elsewhere)
pare mod_ssl to the bone of what it is meant to do?  socache was a good
start, obviously :)

Re: test framework/mod_authany's check user id hook vs. mod_ssl's

2009-03-20 Thread Oden Eriksson

fredag 20 mars 2009 17:09:43 skrev  Plüm, Rüdiger, VF-Group:
  -Ursprüngliche Nachricht-
  Von: Oden Eriksson
  Gesendet: Freitag, 20. März 2009 16:53
  An: dev@httpd.apache.org
  Betreff: Re: test framework/mod_authany's check user id hook
  vs. mod_ssl's
 
  torsdag 19 mars 2009 21:36:42 skrev  Jeff Trawick:
 
  [...]
 
  I keep getting:
 
  t/modules/include...ok 46/88# Failed test 67 in
  t/modules/include.t at
  line 396

 This has nothing to do with Jeff's changes.
 This is caused by r755261 which is a test case for
 PR 39369. This bug isn't fixed on trunk and 2.2.x.

 Regards

 Rüdiger

Thanks Rüdiger,


The patch by Joe Orton attached to that bugreport made that test pass for me.

Sorry for being OT.

-- 
Regards // Oden Eriksson

This email has been processed by SmoothZap - www.smoothwall.net

test framework/mod_authany's check user id hook vs. mod_ssl's

2009-03-19 Thread Jeff Trawick

mod_authany's check user id hook is registered to run APR_HOOK_FIRST, as is
mod_ssl's.

mod_ssl's check user id hook needs to run before anything else that *uses*
basic auth because it can create basic auth information from the
certificate, for processing by normal check user id hooks.

Like practically all check user id hooks, mod_authany's hook operates on
existing basic auth information, so it must run after mod_ssl's hook.

I don't have a crisp understanding of why mod_authany's check user id hook
should be registered to run APR_HOOK_FIRST.  Any comments on that?  I'll try
to think on that some more.

Note that while the current, single APR_HOOK_FIRST specification applies to
both check user id and auth checker hooks, in the original implementation of
the module APR_HOOK_FIRST was individually specified for both.  (changes to
framework magic, apparently to work with Apache 1.3)  So the double
application of APR_HOOK_FIRST isn't a hint.

Beyond the mod_authany question, why doesn't mod_ssl declare its check user
id hook really-first if it can generate the basic auth?  (Let the extremely
limited number of modules which generate basic auth headers fight it out via
predecessor/successor lists.)

assert(A change to the mod_ssl hook ordering could theoretically break
existing modules, so that should be for future releases only.)

assert(Whatever is done in mod_ssl, the 2.3 logic in mod_authany needs to
ensure that its check user id hook runs after mod_ssl's.)

Re: test framework/mod_authany's check user id hook vs. mod_ssl's

Re: test framework/mod_authany's check user id hook vs. mod_ssl's

Re: test framework/mod_authany's check user id hook vs. mod_ssl's

Re: test framework/mod_authany's check user id hook vs. mod_ssl's

Re: test framework/mod_authany's check user id hook vs. mod_ssl's

Re: test framework/mod_authany's check user id hook vs. mod_ssl's

Re: test framework/mod_authany's check user id hook vs. mod_ssl's

test framework/mod_authany's check user id hook vs. mod_ssl's

8 matches

Site Navigation

Mail list logo

Footer information