You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Rob Bloodgood <ro...@empire2.com> on 2001/04/03 22:35:49 UTC
Apache::AuthCookieDBI forgets its config
So I finally decided to plunge into AuthCookie*, and settled on
AuthCookieDBI cuz it's pretty complete, and meets my environment, and I
don't have to subclass it to even try it.
DAMN what a *****!
Oh, mostly it's an EXCELLENT module.
Mostly.
For starters, as verbose as the docs are, they aren't as clear as one would
hope. HOWEVER I finally got it to where everything LOOKS right, but I still
have no go.
As I delved into the problem, I found the following:
The module has a BEGIN {} block that reads the server config for parameters
of the form
PerlSetVar MyRealmSecretKeyFile "/etc/httpd/conf/secretkeyfile.txt"
into the module global hash %SECRET_KEYS
and the docs recommend it be
-rw------- root root
so that it's only readable on server startup.
HOWEVER, whenever the module is actually invoked, %SECRET_KEYS is empty!
Here's the BEGIN{} block:
BEGIN {
my @keyfile_vars = grep {
$_ =~ /DBI_SecretKeyFile$/
} keys %{ Apache->server->dir_config() };
foreach my $keyfile_var ( @keyfile_vars ) {
my $keyfile = Apache->server->dir_config( $keyfile_var );
my $auth_name = $keyfile_var;
$auth_name =~ s/DBI_SecretKeyFile$//;
unless ( open( KEY, "<$keyfile" ) ) {
Apache::log_error( "Could not open keyfile for $auth_name in file
$keyfile" );
} else {
$SECRET_KEYS{ $auth_name } = <KEY>;
close KEY;
}
}
}
My temporary solution was to patch the handlers to understand a new
PerlSetVar:
# Get the secret key.
my $secret_key = $SECRET_KEYS{ $auth_name };
unless ( defined $secret_key ) {
+ if (not defined ($SECRET_KEYS{ $auth_name } =
+ _dir_config_var($r, 'DBI_SecretKeyFile'))) {
$r->log_reason( "Apache::AuthCookieDBI: didn't the secret key from for
auth realm $auth_name", $r->uri );
return undef;
+ } else {
+ $secret_key = $SECRET_KEYS{ $auth_name };
}
}
But this seems crufty.
What I'd prefer to do is fix the init section so that it works. I can't
find anything in the mod_perl docs or the Guide that helps.
Suggestions??
TIA
L8r,
Rob
#!/usr/bin/perl -w
use Disclaimer qw/:standard/;
Re: Apache::AuthCookieDBI forgets its config
Posted by Vegard Vesterheim <Ve...@runit.no>.
"Rob Bloodgood" <ro...@empire2.com> writes:
> So I finally decided to plunge into AuthCookie*, and settled on
> AuthCookieDBI cuz it's pretty complete, and meets my environment, and I
> don't have to subclass it to even try it.
>
> DAMN what a *****!
>
> Oh, mostly it's an EXCELLENT module.
>
> Mostly.
>
> For starters, as verbose as the docs are, they aren't as clear as one would
> hope. HOWEVER I finally got it to where everything LOOKS right, but I still
> have no go.
>
> As I delved into the problem, I found the following:
>
> The module has a BEGIN {} block that reads the server config for parameters
> of the form
> PerlSetVar MyRealmSecretKeyFile "/etc/httpd/conf/secretkeyfile.txt"
>
> into the module global hash %SECRET_KEYS
>
> and the docs recommend it be
> -rw------- root root
>
> so that it's only readable on server startup.
>
> HOWEVER, whenever the module is actually invoked, %SECRET_KEYS is empty!
>
I discovered the same thing. I think the problem is that the BEGIN
block as written, only considers parameters defined in the *main
server*. So if you have any PerlSetVar in a Virtual Server, it will
not be found.
A kludgy workaround is to move the PerlSetVar out of any Virtual
Server sections. A better option is to reimplement the mechanism for
populating the SECRET_KEYS hash, so that Virtual Servers are handled
properly.
--
Vegard Vesterheim : Phone: +47 73593002
Runit AS : Fax: +47 73591700
N-7465 Trondheim, NORWAY : Email: Vegard.Vesterheim@runit.no
RE: Apache::AuthCookieDBI forgets its config [SOLVED]
Posted by Rob Bloodgood <ro...@empire2.com>.
> OK, more examination reveals that:
> At the time this BEGIN block is running, this call:
> my @keyfile_vars = grep {
> $_ =~ /DBI_SecretKeyFile$/
> } keys %{ Apache->server->dir_config() };
>
> is returning EMPTY.
>
> Meaning it's evaling too early to see the dir_config??????? Or what?
- PerlModule Apache::AuthCookieDBI
> PerlSetVar AdminPath /admin
> PerlSetVar AdminLoginScript /scripts/adminlogin.pl
>
> # These must be set
> PerlSetVar AdminDBI_DSN "dbi:Oracle:STATS"
> PerlSetVar AdminDBI_SecretKeyFile /etc/httpd/conf/admin.secret.key
+ PerlModule Apache::AuthCookieDBI
My ealier message reveals the solution: move the line
PerlModule Apache::AuthCookieDBI
to *AFTER* the line(s)
PerlSetVar BlahBlahDBI_SecretKeyFile /path/to/keyfile
It now works perfectly!
Thx for putting up w/ me bouncing my problem-solving off the list...
hopefully somebody will save the day & a half I just spent on this.
L8r,
Rob
#/usr/bin/perl -w
use Disclaimer qw/:standard/;
RE: Apache::AuthCookieDBI forgets its config [UPDATE]
Posted by Rob Bloodgood <ro...@empire2.com>.
> HOWEVER, whenever the module is actually invoked, %SECRET_KEYS is empty!
>
> Here's the BEGIN{} block:
> BEGIN {
> my @keyfile_vars = grep {
> $_ =~ /DBI_SecretKeyFile$/
> } keys %{ Apache->server->dir_config() };
> foreach my $keyfile_var ( @keyfile_vars ) {
> my $keyfile = Apache->server->dir_config( $keyfile_var );
> my $auth_name = $keyfile_var;
> $auth_name =~ s/DBI_SecretKeyFile$//;
> unless ( open( KEY, "<$keyfile" ) ) {
> Apache::log_error( "Could not open keyfile for
> $auth_name in file
> $keyfile" );
> } else {
> $SECRET_KEYS{ $auth_name } = <KEY>;
> close KEY;
> }
> }
> }
OK, more examination reveals that:
At the time this BEGIN block is running, this call:
my @keyfile_vars = grep {
$_ =~ /DBI_SecretKeyFile$/
} keys %{ Apache->server->dir_config() };
is returning EMPTY.
Meaning it's evaling too early to see the dir_config??????? Or what?
PerlModule Apache::AuthCookieDBI
PerlSetVar AdminPath /admin
PerlSetVar AdminLoginScript /scripts/adminlogin.pl
#PerlSetVar AdminLoginScript /error/adminlogin.html
# Optional, to share tickets between servers.
#PerlSetVar AdminDomain .domain.com
# These must be set
PerlSetVar AdminDBI_DSN "dbi:Oracle:STATS"
PerlSetVar AdminDBI_SecretKeyFile /etc/httpd/conf/admin.secret.key
# etc.
Ideas?
L8r,
Rob
#!/usr/bin/perl -w
use Disclaimer qw/:standard/;