You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by George Valpak <gv...@yahoo.com> on 2002/10/11 02:44:51 UTC
Re: AuthCookieDBI help please.... (more info)
At 04:16 PM 10/10/2002 -0700, I wrote:
>I am having trouble with Apache:AuthCookieDBI. I hope someone here can help because I have not been able to find a solution despite extensive searching.
<snip>
OK, now I am poking in the code.
I modified the BEGIN section for AuthCookieDBI.pm thusly:
BEGIN {
my @keyfile_vars = grep {
$_ =~ /DBI_SecretKeyFile$/
} keys %{ Apache->server->dir_config() };
#my changes start here
my @list = keys %{ Apache->server->dir_config()};
Apache::log_error("keys:@list");
Apache::log_error( "all varrs=$_" );
Apache::log_error( "keyfile_vars=@keyfile_vars" );
#my changes end here
foreach my $keyfile_var ( @keyfile_vars ) {
my $keyfile = Apache->server->dir_config( $keyfile_var );
my $auth_name = $keyfile_var;
$auth_name =~ s/DBI_SecretKeyFile$//;
unless ( open( KEY, "<$keyfile" ) ) {
Apache::log_error( "Could not open keyfile for $auth_nam
e in file $keyfile" );
} else {
$SECRET_KEYS{ $auth_name } = <KEY>;
close KEY;
}
}
}
and restarted the server. the logs show:
[Thu Oct 10 17:34:14 2002] [error] keys:
[Thu Oct 10 17:34:14 2002] [error] all varrs=
[Thu Oct 10 17:34:14 2002] [error] keyfile_vars=
[Thu Oct 10 17:34:14 2002] [notice] Apache/1.3.23 (Unix) (Red-Hat/Linux) mod_ssl/2.8.7 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 configured -- resuming normal operations
[Thu Oct 10 17:34:14 2002] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Oct 10 17:34:14 2002] [notice] Accept mutex: sysvsem (Default: sysvsem)
This to me indicates that the call to Apache->server->dir_config() is not returning anything at all. A quick look a the eagle book, p 456 does not explain to me why that should be....any thoughts?
GV
Re: AuthCookieDBI help please.... (more info)
Posted by George Valpak <gv...@yahoo.com>.
Thanks - I tried that earlier and again at your suggestion - no change in the behavior is noted.
This is really frustrating - there doesn't seem to be anything special about this config that should cause me such trouble. I suppose tomorrow I could try the kludge that is recommended in that thread, but given the lack of complaints about this module, I assume it is working for everyone else. Either that or no one is using it...could *that* be true? Is this module is not as useful as it seems at first glance?
If it is working for everyone else, I want it to work for me, and I would prefer not to have to track my own patches whenever new versions come out naturally....
GV
At 08:50 AM 10/11/2002 +0200, Vegard Vesterheim wrote:
>I had a similar problem a while ago. Check out this thread:
>
>http://groups.yahoo.com/group/modperl/message/34266
>
>----- snip - snip -------------------------------------------------
>I discovered the same thing. I think the problem is that the BEGIN
>block as written, only considers parameters defined in the *main
>server*. So if you have any PerlSetVar in a Virtual Server, it will
>not be found.
>
>A kludgy workaround is to move the PerlSetVar out of any Virtual
>Server sections. A better option is to reimplement the mechanism for
>populating the SECRET_KEYS hash, so that Virtual Servers are handled
>properly.
>----- snip - snip ------------------------------------------------
RE: AuthCookieDBI help please.... (more info)
Posted by George Valpak <gv...@yahoo.com>.
Rob - thanks for your response. The relevant part of my http.conf is below. The only thing I see maybe as different is my dev2Path line - my goal is to protect the location /directory and and .pl files. Is that line right? Also, you have a PerlSetVar SecretKey line that does not show up in my perldocs. (module v 1.19)
Thanks - GV
#-----------------------------------------------------
[snip previous virtualhost stuff...]
</VirtualHost>
PerlSetVar dev2DBI_SecretKeyFile /home/websites/dev2/signmanage/secretkey
PerlSetVar dev2Path /
PerlSetVar dev2LoginScript /signmanage/login.pl
PerlSetVar dev2DBI_DSN "dbi:Pg:dbname=users"
PerlSetVar dev2DBI_User "someone"
PerlModule Apache::AuthCookieDBI
<VirtualHost dev2>
DocumentRoot /home/websites/dev2
ServerName dev2.gimsnetwork.com
DirectoryIndex index.html
<Location /protected>
AuthName dev2
AuthType Apache::AuthCookieDBI
PerlAuthenHandler Apache::AuthCookieDBI->authenticate
PerlAuthzHandler Apache::AuthCookieDBI->authorize
Require valid-user
</Location>
<FilesMatch "\.pl$">
AuthName dev2
AuthType Apache::AuthCookieDBI
PerlAuthenHandler Apache::AuthCookieDBI->authenticate
PerlAuthzHandler Apache::AuthCookieDBI->authorize
Require valid-user
SetHandler perl-script
PerlHandler Apache::Registry
PerlSendHeader On
Options +ExecCGI
</FilesMatch>
# This is the action of the login.pl script above.
<Files LOGIN>
AuthType Apache::AuthCookieDBI
AuthName dev2
SetHandler perl-script
PerlHandler Apache::AuthCookieDBI->login
</Files>
At 03:47 PM 10/16/2002 -0700, Rob Bloodgood wrote:
>> -----Original Message-----
>> From: George Valpak [mailto:gvalpak@yahoo.com]
>> Sent: Wednesday, October 16, 2002 3:26 PM
>> To: Vegard Vesterheim
>> Cc: modperl@perl.apache.org
>> Subject: Re: AuthCookieDBI help please.... (more info)
>>
>>
>> I am still having trouble with Apache::AuthCookieDBI.
>>
>> I tried moving the PerlSetVar line out of the virtual server to
>> the main server but nothing in the behavior changed.
>>
>> Is it possible that the "Apache->server->dir_config()" code is
>> somehow wrong?
>
>Move ALL mention of the AuthCookieDBI directives OUT of any Directory,
>Location, or VirtualServer blocks. Define the secret key PerlSetVar BEFORE
>loading PerlModule directive.
>
>The relevant section of my server config looks like this:
># These must be set
>PerlSetVar AdminDBI_DSN "dbi:Oracle:STATS"
>PerlSetVar AdminDBI_SecretKeyFile /etc/httpd/conf/sercret.key
>PerlSetVar AdminDBI_SecretKey "XXXXXXX"
>
># moved BELOW AdminDBI_SecretKeyFile so the directive is available at
># BEGIN{} time
>PerlModule Apache::AuthCookieDBI
>PerlSetVar AdminPath /admin
>PerlSetVar AdminLoginScript /scripts/adminlogin.pl
>#PerlSetVar AdminLoginScript /error/adminlogin.html
>
>## more directives here
>
>Hope this helps!
>
>L8r,
>Rob
>
>#!/usr/bin/perl -w
>use Disclaimer qw/:standard/;
RE: AuthCookieDBI help please.... (more info)
Posted by Rob Bloodgood <ro...@empire2.com>.
> -----Original Message-----
> From: George Valpak [mailto:gvalpak@yahoo.com]
> Sent: Wednesday, October 16, 2002 3:26 PM
> To: Vegard Vesterheim
> Cc: modperl@perl.apache.org
> Subject: Re: AuthCookieDBI help please.... (more info)
>
>
> I am still having trouble with Apache::AuthCookieDBI.
>
> I tried moving the PerlSetVar line out of the virtual server to
> the main server but nothing in the behavior changed.
>
> Is it possible that the "Apache->server->dir_config()" code is
> somehow wrong?
Move ALL mention of the AuthCookieDBI directives OUT of any Directory,
Location, or VirtualServer blocks. Define the secret key PerlSetVar BEFORE
loading PerlModule directive.
The relevant section of my server config looks like this:
# These must be set
PerlSetVar AdminDBI_DSN "dbi:Oracle:STATS"
PerlSetVar AdminDBI_SecretKeyFile /etc/httpd/conf/sercret.key
PerlSetVar AdminDBI_SecretKey "XXXXXXX"
# moved BELOW AdminDBI_SecretKeyFile so the directive is available at
# BEGIN{} time
PerlModule Apache::AuthCookieDBI
PerlSetVar AdminPath /admin
PerlSetVar AdminLoginScript /scripts/adminlogin.pl
#PerlSetVar AdminLoginScript /error/adminlogin.html
## more directives here
Hope this helps!
L8r,
Rob
#!/usr/bin/perl -w
use Disclaimer qw/:standard/;
Re: AuthCookieDBI help please.... (more info)
Posted by George Valpak <gv...@yahoo.com>.
I am still having trouble with Apache::AuthCookieDBI.
I tried moving the PerlSetVar line out of the virtual server to the main server but nothing in the behavior changed.
Is it possible that the "Apache->server->dir_config()" code is somehow wrong?
I grepped all the other .pm files on my server and did not find a similar construct anywhere.
I realize that this begin statement happens when there is not yet a request object. But is it somehow occurring too early in the startup phase for the vars to ba available.
I really really want to figure out what's going wrong here - I am about to implement a workaround where I hardcode the values of the PerlSetVars into the BEGIN block, but that is very unsatisfying.
Other people use this module commonly, don't they? Is there a module I should be using instead?
Thanks for your help!
GV
At 08:50 AM 10/11/2002 +0200, Vegard Vesterheim wrote:
>On Thu, 10 Oct 2002 17:44:51 -0700 George Valpak <gv...@yahoo.com> wrote:
>
>> At 04:16 PM 10/10/2002 -0700, I wrote:
>> >I am having trouble with Apache:AuthCookieDBI. I hope someone here can help because I have not been able to find a solution despite extensive searching.
>>
>> <snip>
>>
>> OK, now I am poking in the code.
>>
>> I modified the BEGIN section for AuthCookieDBI.pm thusly:
>>
>> BEGIN {
>> my @keyfile_vars = grep {
>> $_ =~ /DBI_SecretKeyFile$/
>> } keys %{ Apache->server->dir_config() };
>> #my changes start here
>> my @list = keys %{ Apache->server->dir_config()};
>> Apache::log_error("keys:@list");
>> Apache::log_error( "all varrs=$_" );
>> Apache::log_error( "keyfile_vars=@keyfile_vars" );
>> #my changes end here
>> foreach my $keyfile_var ( @keyfile_vars ) {
>> my $keyfile = Apache->server->dir_config( $keyfile_var );
>> my $auth_name = $keyfile_var;
>> $auth_name =~ s/DBI_SecretKeyFile$//;
>> unless ( open( KEY, "<$keyfile" ) ) {
>> Apache::log_error( "Could not open keyfile for $auth_nam
>> e in file $keyfile" );
>> } else {
>> $SECRET_KEYS{ $auth_name } = <KEY>;
>> close KEY;
>> }
>> }
>> }
>>
>> and restarted the server. the logs show:
>>
>>
>> [Thu Oct 10 17:34:14 2002] [error] keys:
>> [Thu Oct 10 17:34:14 2002] [error] all varrs=
>> [Thu Oct 10 17:34:14 2002] [error] keyfile_vars=
>> [Thu Oct 10 17:34:14 2002] [notice] Apache/1.3.23 (Unix) (Red-Hat/Linux) mod_ssl/2.8.7 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 configured -- resuming normal operations
>> [Thu Oct 10 17:34:14 2002] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
>> [Thu Oct 10 17:34:14 2002] [notice] Accept mutex: sysvsem (Default: sysvsem)
>>
>> This to me indicates that the call to Apache->server->dir_config() is not returning anything at all. A quick look a the eagle book, p 456 does not explain to me why that should be....any thoughts?
>>
>
>I had a similar problem a while ago. Check out this thread:
>
>http://groups.yahoo.com/group/modperl/message/34266
>
>----- snip - snip -------------------------------------------------
>I discovered the same thing. I think the problem is that the BEGIN
>block as written, only considers parameters defined in the *main
>server*. So if you have any PerlSetVar in a Virtual Server, it will
>not be found.
>
>A kludgy workaround is to move the PerlSetVar out of any Virtual
>Server sections. A better option is to reimplement the mechanism for
>populating the SECRET_KEYS hash, so that Virtual Servers are handled
>properly.
>----- snip - snip -------------------------------------------------
Re: AuthCookieDBI help please.... (more info)
Posted by Vegard Vesterheim <Ve...@uninett.no>.
On Thu, 10 Oct 2002 17:44:51 -0700 George Valpak <gv...@yahoo.com> wrote:
> At 04:16 PM 10/10/2002 -0700, I wrote:
> >I am having trouble with Apache:AuthCookieDBI. I hope someone here can help because I have not been able to find a solution despite extensive searching.
>
> <snip>
>
> OK, now I am poking in the code.
>
> I modified the BEGIN section for AuthCookieDBI.pm thusly:
>
> BEGIN {
> my @keyfile_vars = grep {
> $_ =~ /DBI_SecretKeyFile$/
> } keys %{ Apache->server->dir_config() };
> #my changes start here
> my @list = keys %{ Apache->server->dir_config()};
> Apache::log_error("keys:@list");
> Apache::log_error( "all varrs=$_" );
> Apache::log_error( "keyfile_vars=@keyfile_vars" );
> #my changes end here
> foreach my $keyfile_var ( @keyfile_vars ) {
> my $keyfile = Apache->server->dir_config( $keyfile_var );
> my $auth_name = $keyfile_var;
> $auth_name =~ s/DBI_SecretKeyFile$//;
> unless ( open( KEY, "<$keyfile" ) ) {
> Apache::log_error( "Could not open keyfile for $auth_nam
> e in file $keyfile" );
> } else {
> $SECRET_KEYS{ $auth_name } = <KEY>;
> close KEY;
> }
> }
> }
>
> and restarted the server. the logs show:
>
>
> [Thu Oct 10 17:34:14 2002] [error] keys:
> [Thu Oct 10 17:34:14 2002] [error] all varrs=
> [Thu Oct 10 17:34:14 2002] [error] keyfile_vars=
> [Thu Oct 10 17:34:14 2002] [notice] Apache/1.3.23 (Unix) (Red-Hat/Linux) mod_ssl/2.8.7 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 configured -- resuming normal operations
> [Thu Oct 10 17:34:14 2002] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
> [Thu Oct 10 17:34:14 2002] [notice] Accept mutex: sysvsem (Default: sysvsem)
>
> This to me indicates that the call to Apache->server->dir_config() is not returning anything at all. A quick look a the eagle book, p 456 does not explain to me why that should be....any thoughts?
>
I had a similar problem a while ago. Check out this thread:
http://groups.yahoo.com/group/modperl/message/34266
----- snip - snip -------------------------------------------------
I discovered the same thing. I think the problem is that the BEGIN
block as written, only considers parameters defined in the *main
server*. So if you have any PerlSetVar in a Virtual Server, it will
not be found.
A kludgy workaround is to move the PerlSetVar out of any Virtual
Server sections. A better option is to reimplement the mechanism for
populating the SECRET_KEYS hash, so that Virtual Servers are handled
properly.
----- snip - snip -------------------------------------------------
--
Vegard Vesterheim : Phone: +47 73 55 79 12
UNINETT : Fax: +47 73 55 79 01
N-7465 Trondheim, NORWAY : Email: Vegard.Vesterheim@uninett.no