You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modules-dev@httpd.apache.org by Suneet Shah <su...@gmail.com> on 2011/10/01 23:05:44 UTC
Developing Authn/Authz Modules
Hello,
I am trying to build my apache module which needs to carry out
authentication and authorization functions based on the value of a cookie.
To start with, I have just created a shell with the intent that I wanted the
functions for authentication and authorization being called.
However, it does not appear that these functions are being called. I have
pasted by configuration and code below.
When I try to access http://localhost/test_rpc/ I get the login.html that
is defined in my ErrorDocument below.
But when I look in the log file, I see the following.
Since its looking for a userId, I am wondering if there is an error in my
configuration
[Sat Oct 01 16:37:29 2011] [debug] prefork.c(996): AcceptMutex: sysvsem
(default: sysvsem)
[Sat Oct 01 16:38:08 2011] [error] [client 127.0.0.1] access to
/test_rpc/header.jsp failed, reason: verification of user id '<null>' not
configured
Any guidance on what I am doing wrong would be greatly appreciate.
Regards
Suneet
-- Configuration in Httpd.conf
<Location />
IAM_CookieName IAM_PARAM
IAM_TokenParam tkn
IAM_Service_base_url "http://localhost:8080/"
ErrorDocument 401 "/login.html"
AuthType IAMToken
AuthName "IAM Login"
AuthCookie_Authoritative On
</Location>
<Location /test_rpc/>
ProxyPass http://localhost:9080/test_rpc
require tkn
</Location>
----- Module Code
static int authz_dbd_check(request_rec *r) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "authz_dbd_check
called");
return HTTP_OK;
}
static int check_token(request_rec *r) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "chedk_token
called.");
return OK;
}
static void authz_dbd_hooks(apr_pool_t *p)
{
ap_hook_auth_checker(check_token, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_auth_checker(authz_dbd_check, NULL, NULL, APR_HOOK_MIDDLE);
}
module AP_MODULE_DECLARE_DATA authz_dbd_module =
{
STANDARD20_MODULE_STUFF,
authz_dbd_cr_cfg,
NULL,
NULL,
NULL,
authz_dbd_cmds,
authz_dbd_hooks
};
Re: Developing Authn/Authz Modules
Posted by Suneet Shah <su...@gmail.com>.
Thanks very much, Sorin
I can see my code getting called now.
On Mon, Oct 3, 2011 at 9:24 AM, Sorin Manolache <so...@gmail.com> wrote:
> On Sat, Oct 1, 2011 at 23:05, Suneet Shah <su...@gmail.com>
> wrote:
> > Hello,
> >
> > I am trying to build my apache module which needs to carry out
> > authentication and authorization functions based on the value of a
> cookie.
> > To start with, I have just created a shell with the intent that I wanted
> the
> > functions for authentication and authorization being called.
> > However, it does not appear that these functions are being called. I have
> > pasted by configuration and code below.
> >
> > When I try to access http://localhost/test_rpc/ I get the login.html
> that
> > is defined in my ErrorDocument below.
> > But when I look in the log file, I see the following.
> > Since its looking for a userId, I am wondering if there is an error in my
> > configuration
> >
> > [Sat Oct 01 16:37:29 2011] [debug] prefork.c(996): AcceptMutex: sysvsem
> > (default: sysvsem)
> > [Sat Oct 01 16:38:08 2011] [error] [client 127.0.0.1] access to
> > /test_rpc/header.jsp failed, reason: verification of user id '<null>' not
> > configured
>
> You have not hooked check_user_id. In this case the default
> check_user_id of mod_authn_default is called. The mod_authn_default
> module rejects the request by default and gives you the "verification
> of user id '<null>'" log line.
>
> Hook check_user_id instead of auth_checker. Set r->user in
> check_user_id. I think setting r->user is not mandatory but it gives
> you more precise log messages.
>
> Use return OK (OK is 0) and not return HTTP_OK (HTTP_OK is 200) in your
> hooks.
>
> S
>
> >
> > Any guidance on what I am doing wrong would be greatly appreciate.
> >
> > Regards
> > Suneet
> >
> >
> > -- Configuration in Httpd.conf
> >
> > <Location />
> > IAM_CookieName IAM_PARAM
> > IAM_TokenParam tkn
> > IAM_Service_base_url "http://localhost:8080/"
> > ErrorDocument 401 "/login.html"
> > AuthType IAMToken
> > AuthName "IAM Login"
> > AuthCookie_Authoritative On
> > </Location>
> >
> > <Location /test_rpc/>
> > ProxyPass http://localhost:9080/test_rpc
> >
> > require tkn
> > </Location>
> >
> > ----- Module Code
> > static int authz_dbd_check(request_rec *r) {
> >
> > ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "authz_dbd_check
> > called");
> > return HTTP_OK;
> > }
> >
> > static int check_token(request_rec *r) {
> >
> > ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "chedk_token
> > called.");
> > return OK;
> > }
> >
> > static void authz_dbd_hooks(apr_pool_t *p)
> > {
> > ap_hook_auth_checker(check_token, NULL, NULL, APR_HOOK_MIDDLE);
> > ap_hook_auth_checker(authz_dbd_check, NULL, NULL, APR_HOOK_MIDDLE);
> > }
> > module AP_MODULE_DECLARE_DATA authz_dbd_module =
> > {
> > STANDARD20_MODULE_STUFF,
> > authz_dbd_cr_cfg,
> > NULL,
> > NULL,
> > NULL,
> > authz_dbd_cmds,
> > authz_dbd_hooks
> > };
> >
>
Re: Developing Authn/Authz Modules
Posted by Sorin Manolache <so...@gmail.com>.
On Sat, Oct 1, 2011 at 23:05, Suneet Shah <su...@gmail.com> wrote:
> Hello,
>
> I am trying to build my apache module which needs to carry out
> authentication and authorization functions based on the value of a cookie.
> To start with, I have just created a shell with the intent that I wanted the
> functions for authentication and authorization being called.
> However, it does not appear that these functions are being called. I have
> pasted by configuration and code below.
>
> When I try to access http://localhost/test_rpc/ I get the login.html that
> is defined in my ErrorDocument below.
> But when I look in the log file, I see the following.
> Since its looking for a userId, I am wondering if there is an error in my
> configuration
>
> [Sat Oct 01 16:37:29 2011] [debug] prefork.c(996): AcceptMutex: sysvsem
> (default: sysvsem)
> [Sat Oct 01 16:38:08 2011] [error] [client 127.0.0.1] access to
> /test_rpc/header.jsp failed, reason: verification of user id '<null>' not
> configured
You have not hooked check_user_id. In this case the default
check_user_id of mod_authn_default is called. The mod_authn_default
module rejects the request by default and gives you the "verification
of user id '<null>'" log line.
Hook check_user_id instead of auth_checker. Set r->user in
check_user_id. I think setting r->user is not mandatory but it gives
you more precise log messages.
Use return OK (OK is 0) and not return HTTP_OK (HTTP_OK is 200) in your hooks.
S
>
> Any guidance on what I am doing wrong would be greatly appreciate.
>
> Regards
> Suneet
>
>
> -- Configuration in Httpd.conf
>
> <Location />
> IAM_CookieName IAM_PARAM
> IAM_TokenParam tkn
> IAM_Service_base_url "http://localhost:8080/"
> ErrorDocument 401 "/login.html"
> AuthType IAMToken
> AuthName "IAM Login"
> AuthCookie_Authoritative On
> </Location>
>
> <Location /test_rpc/>
> ProxyPass http://localhost:9080/test_rpc
>
> require tkn
> </Location>
>
> ----- Module Code
> static int authz_dbd_check(request_rec *r) {
>
> ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "authz_dbd_check
> called");
> return HTTP_OK;
> }
>
> static int check_token(request_rec *r) {
>
> ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "chedk_token
> called.");
> return OK;
> }
>
> static void authz_dbd_hooks(apr_pool_t *p)
> {
> ap_hook_auth_checker(check_token, NULL, NULL, APR_HOOK_MIDDLE);
> ap_hook_auth_checker(authz_dbd_check, NULL, NULL, APR_HOOK_MIDDLE);
> }
> module AP_MODULE_DECLARE_DATA authz_dbd_module =
> {
> STANDARD20_MODULE_STUFF,
> authz_dbd_cr_cfg,
> NULL,
> NULL,
> NULL,
> authz_dbd_cmds,
> authz_dbd_hooks
> };
>
Re: Developing Authn/Authz Modules
Posted by Suneet Shah <su...@gmail.com>.
Hi Ben
I tried adding a Satify All to the Directory tag below as well as to
Directory "/", the functions in my module are not getting called.
Have I missed something else?
thanks for your help
<Directory "/var/www/html">
Order allow,deny
Allow from all
Satisfy All
</Directory>
On Sat, Oct 1, 2011 at 5:29 PM, Ben Noordhuis <in...@bnoordhuis.nl> wrote:
> On Sat, Oct 1, 2011 at 23:05, Suneet Shah <su...@gmail.com>
> wrote:
> > Hello,
> >
> > I am trying to build my apache module which needs to carry out
> > authentication and authorization functions based on the value of a
> cookie.
> > To start with, I have just created a shell with the intent that I wanted
> the
> > functions for authentication and authorization being called.
> > However, it does not appear that these functions are being called. I have
> > pasted by configuration and code below.
> >
> > When I try to access http://localhost/test_rpc/ I get the login.html
> that
> > is defined in my ErrorDocument below.
> > But when I look in the log file, I see the following.
> > Since its looking for a userId, I am wondering if there is an error in my
> > configuration
> >
> > [Sat Oct 01 16:37:29 2011] [debug] prefork.c(996): AcceptMutex: sysvsem
> > (default: sysvsem)
> > [Sat Oct 01 16:38:08 2011] [error] [client 127.0.0.1] access to
> > /test_rpc/header.jsp failed, reason: verification of user id '<null>' not
> > configured
> >
> > Any guidance on what I am doing wrong would be greatly appreciate.
> >
> > Regards
> > Suneet
> >
> >
> > -- Configuration in Httpd.conf
> >
> > <Location />
> > IAM_CookieName IAM_PARAM
> > IAM_TokenParam tkn
> > IAM_Service_base_url "http://localhost:8080/"
> > ErrorDocument 401 "/login.html"
> > AuthType IAMToken
> > AuthName "IAM Login"
> > AuthCookie_Authoritative On
> > </Location>
> >
> > <Location /test_rpc/>
> > ProxyPass http://localhost:9080/test_rpc
> >
> > require tkn
> > </Location>
> >
> > ----- Module Code
> > static int authz_dbd_check(request_rec *r) {
> >
> > ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "authz_dbd_check
> > called");
> > return HTTP_OK;
> > }
> >
> > static int check_token(request_rec *r) {
> >
> > ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "chedk_token
> > called.");
> > return OK;
> > }
> >
> > static void authz_dbd_hooks(apr_pool_t *p)
> > {
> > ap_hook_auth_checker(check_token, NULL, NULL, APR_HOOK_MIDDLE);
> > ap_hook_auth_checker(authz_dbd_check, NULL, NULL, APR_HOOK_MIDDLE);
> > }
> > module AP_MODULE_DECLARE_DATA authz_dbd_module =
> > {
> > STANDARD20_MODULE_STUFF,
> > authz_dbd_cr_cfg,
> > NULL,
> > NULL,
> > NULL,
> > authz_dbd_cmds,
> > authz_dbd_hooks
> > };
>
> You probably need a `Satisfy all` in your httpd config.
>
Re: Developing Authn/Authz Modules
Posted by Ben Noordhuis <in...@bnoordhuis.nl>.
On Sat, Oct 1, 2011 at 23:05, Suneet Shah <su...@gmail.com> wrote:
> Hello,
>
> I am trying to build my apache module which needs to carry out
> authentication and authorization functions based on the value of a cookie.
> To start with, I have just created a shell with the intent that I wanted the
> functions for authentication and authorization being called.
> However, it does not appear that these functions are being called. I have
> pasted by configuration and code below.
>
> When I try to access http://localhost/test_rpc/ I get the login.html that
> is defined in my ErrorDocument below.
> But when I look in the log file, I see the following.
> Since its looking for a userId, I am wondering if there is an error in my
> configuration
>
> [Sat Oct 01 16:37:29 2011] [debug] prefork.c(996): AcceptMutex: sysvsem
> (default: sysvsem)
> [Sat Oct 01 16:38:08 2011] [error] [client 127.0.0.1] access to
> /test_rpc/header.jsp failed, reason: verification of user id '<null>' not
> configured
>
> Any guidance on what I am doing wrong would be greatly appreciate.
>
> Regards
> Suneet
>
>
> -- Configuration in Httpd.conf
>
> <Location />
> IAM_CookieName IAM_PARAM
> IAM_TokenParam tkn
> IAM_Service_base_url "http://localhost:8080/"
> ErrorDocument 401 "/login.html"
> AuthType IAMToken
> AuthName "IAM Login"
> AuthCookie_Authoritative On
> </Location>
>
> <Location /test_rpc/>
> ProxyPass http://localhost:9080/test_rpc
>
> require tkn
> </Location>
>
> ----- Module Code
> static int authz_dbd_check(request_rec *r) {
>
> ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "authz_dbd_check
> called");
> return HTTP_OK;
> }
>
> static int check_token(request_rec *r) {
>
> ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "chedk_token
> called.");
> return OK;
> }
>
> static void authz_dbd_hooks(apr_pool_t *p)
> {
> ap_hook_auth_checker(check_token, NULL, NULL, APR_HOOK_MIDDLE);
> ap_hook_auth_checker(authz_dbd_check, NULL, NULL, APR_HOOK_MIDDLE);
> }
> module AP_MODULE_DECLARE_DATA authz_dbd_module =
> {
> STANDARD20_MODULE_STUFF,
> authz_dbd_cr_cfg,
> NULL,
> NULL,
> NULL,
> authz_dbd_cmds,
> authz_dbd_hooks
> };
You probably need a `Satisfy all` in your httpd config.