You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Todd Chapman <mo...@chaka.net> on 2000/09/27 19:29:20 UTC
PerlAuthenHandler advice needed.
I have read chapter 6 of the modperl book but still don't know how to set
up authenification the way I want. I would like to use Basic
authentification to protect virtual documents. The trick is that I want
to set AuthName and AuthUserFile based on path_info.
For example:
http://virtual/companyA/dir1
would prompt for a password in the companyA realm and check it against the
appropriate AuthUserFile.
How do I add this flexibility without reinventing the parts Apache already
does so well?
Thanks.
-Todd
Re: PerlAuthenHandler advice needed.
Posted by Doug MacEachern <do...@covalent.net>.
On Thu, 28 Sep 2000, Carlos Ramirez wrote:
> $r->auth_name($realm), $r->auth_type($basic) did not work for me, which
> is why I used the $r->header_out method. Also, after I set the outgoing
> header and returned AUTH_REQUIRED, I got prompted but the $realm did not
> show. Instead it displayed 'unknown' as the realm name. But when I set
> the $r->status and sent out the response via $r->send_http_header and
> returned AUTH_REQUIRED, the $realm name showed?
$r->auth_name($realm) works fine, provided you call
$r->note_basic_auth_failure, rather than
$r->header_out('WWW-Authenticate',...)
$r->auth_type did not become writeable until the patch i posted earlier.
> I read the docs as i started this exercise and was aware of
> $r->auth_name, $r->auth_type, but since they did'nt work and I kept
> getting segfaults when using them I decided to try other routes. But
> anyways I'm glad that I read the docs right and that you can indeed set
> the AuthName using $r->auth_name.
until the recent change where $r->auth_type became writeable, and
get_basic_auth_pw/note_basic_auth_failure default AuthType to Basic if it
is not configured, those methods would segfault.
Re: PerlAuthenHandler advice needed.
Posted by Carlos Ramirez <ra...@roses.bna.boeing.com>.
$r->auth_name($realm), $r->auth_type($basic) did not work for me, which
is why I used the $r->header_out method. Also, after I set the outgoing
header and returned AUTH_REQUIRED, I got prompted but the $realm did not
show. Instead it displayed 'unknown' as the realm name. But when I set
the $r->status and sent out the response via $r->send_http_header and
returned AUTH_REQUIRED, the $realm name showed?
I read the docs as i started this exercise and was aware of
$r->auth_name, $r->auth_type, but since they did'nt work and I kept
getting segfaults when using them I decided to try other routes. But
anyways I'm glad that I read the docs right and that you can indeed set
the AuthName using $r->auth_name.
As for the authenticate subroutine, I just copied that from the eagle
book, just as a demonstration...
I'll upgrade my mod_perl from 1.2.1 -> latest and see if these work for
me.
Thanks for the helpful insights and explanations Doug....I have seen the
light ;)
-Carlos
Doug MacEachern wrote:
> On Wed, 27 Sep 2000, Carlos Ramirez wrote:
>
> > my $authheader = 'Basic realm="'.$realm.'"';
> >
> > $r->header_out("WWW-Authenticate" ,$authheader);
>
> there's a cleaner way for that:
> $r->auth_name($realm);
> $r->note_basic_auth_failure;
>
> > $r->status(AUTH_REQUIRED);
>
> no need for that.
>
> > $r->send_http_header("text/html");
>
> or this because..
>
> > return AUTH_REQUIRED;
>
> ..apache will send the headers when you return an error
>
> > return OK if $r->sub_request;
>
> there's no Apache::sub_request method
>
> > my ($res,$password) = $r->get_basic_auth_pw;
>
> this will core dump if AuthName is not set in the configuration file.
> not with the current cvs though, see previous message.
>
> > $r->note_basic_auth_failure;
>
> this won't work right unless you've set $r->auth_name($val)
--
-----------------------------------------------------------------------
Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181
-----------------------------------------------------------------------
- Someday I'll find that peer and reset his connection!
Re: PerlAuthenHandler advice needed.
Posted by Joe Schaefer <jo...@sunstarsys.com>.
Todd Chapman <mo...@chaka.net> writes:
> Duh! Thanks.
>
> Now, is there any way to determine the realm the browser thinks it's
> authentication to? Is the realm stored in the Authorization header or any
> other headers?
>
I wouldn't try to use realms in any serious way- various browsers
do various things. The only reliable way to have the browser send
different passwords to different locations is to use different
server names.
--
Joe Schaefer
Re: PerlAuthenHandler advice needed.
Posted by Todd Chapman <mo...@chaka.net>.
Duh! Thanks.
Now, is there any way to determine the realm the browser thinks it's
authentication to? Is the realm stored in the Authorization header or any
other headers?
-Todd
On Thu, 28 Sep 2000, Doug MacEachern wrote:
> On Thu, 28 Sep 2000, Todd Chapman wrote:
>
> >
> > Thanks Doug but I (and my customer) don't want to live on the CVS bleeding
> > edge right now. Can you suggest something else?
>
> yeah, add this to httpd.conf:
>
> AuthType Basic
>
>
Re: PerlAuthenHandler advice needed.
Posted by Doug MacEachern <do...@covalent.net>.
On Thu, 28 Sep 2000, Todd Chapman wrote:
>
> Thanks Doug but I (and my customer) don't want to live on the CVS bleeding
> edge right now. Can you suggest something else?
yeah, add this to httpd.conf:
AuthType Basic
Re: PerlAuthenHandler advice needed.
Posted by Todd Chapman <mo...@chaka.net>.
Thanks Doug but I (and my customer) don't want to live on the CVS bleeding
edge right now. Can you suggest something else?
Original problem:
I need to set the realm for virtual documents based on path_info and use
Basic authentication. Otherwise I may have to move to some cooie based
authentication but I don't want to do that.
-Todd
On Thu, 28 Sep 2000, Doug MacEachern wrote:
> On Thu, 28 Sep 2000, Todd Chapman wrote:
>
> >
> > Thanks for the help Doug. This is what I have now but all I get is a
> > segementation fault in the log.
>
> > $r->note_basic_auth_failure;
>
> if AuthType is not set, this will core dump. i just expanded the change
> that defaults AuthType to Basic for get_basic_auth_pw to include
> note_basic_auth_failure, in the cvs tree.
>
Re: PerlAuthenHandler advice needed.
Posted by Doug MacEachern <do...@covalent.net>.
On Thu, 28 Sep 2000, Todd Chapman wrote:
>
> Thanks for the help Doug. This is what I have now but all I get is a
> segementation fault in the log.
> $r->note_basic_auth_failure;
if AuthType is not set, this will core dump. i just expanded the change
that defaults AuthType to Basic for get_basic_auth_pw to include
note_basic_auth_failure, in the cvs tree.
Re: PerlAuthenHandler advice needed.
Posted by Todd Chapman <mo...@chaka.net>.
Thanks for the help Doug. This is what I have now but all I get is a
segementation fault in the log.
Any ideas?
-Todd
package Apache::SetRealm;
## Usage: PerlHeaderParserHandler Apache::SetRealm
use strict;
use Apache::Constants qw(:common);
sub handler {
my $r = shift;
# find the name of the realm
# if realm does not exist error
# else see if Auth header set
# if auth header not set return AUTH_REQUIRED
# else return OK
# If Auth header is set a future PerlAuthenHandler will check the
password.
# When that happens we can't use get_basic_auth_info because AuthName is
# not set in the config file. We will have to parse the Auth header manually.
# The realm will be determined from path_info.
return OK if $r->header_in('Authorization');
my $realm = get_realm($r);
# Prompt for authentication info in the proper realm
$r->auth_name($realm);
$r->note_basic_auth_failure;
return AUTH_REQUIRED;
}
sub get_realm {
## Get the AuthName for a specific uri. You can probably read these off of a file that ## contains a list of uri's and realmNames
my $r = shift;
$r->uri =~ /\/modperl\/(.*)/;
return $1 if $1;
return "Top Level";
}
1;
Re: PerlAuthenHandler advice needed.
Posted by Doug MacEachern <do...@covalent.net>.
On Wed, 27 Sep 2000, Carlos Ramirez wrote:
> my $authheader = 'Basic realm="'.$realm.'"';
>
> $r->header_out("WWW-Authenticate" ,$authheader);
there's a cleaner way for that:
$r->auth_name($realm);
$r->note_basic_auth_failure;
> $r->status(AUTH_REQUIRED);
no need for that.
> $r->send_http_header("text/html");
or this because..
> return AUTH_REQUIRED;
..apache will send the headers when you return an error
> return OK if $r->sub_request;
there's no Apache::sub_request method
> my ($res,$password) = $r->get_basic_auth_pw;
this will core dump if AuthName is not set in the configuration file.
not with the current cvs though, see previous message.
> $r->note_basic_auth_failure;
this won't work right unless you've set $r->auth_name($val)
Re: PerlAuthenHandler advice needed.
Posted by Carlos Ramirez <cr...@gte.net>.
Here's a simple handler that will set the AuthType and AuthName
dynamically and handle the authentication for you. This handler will
prompt you for a password when you try to acess /manual with the
AuthName, "The Manual" and prompt with the AuthName "The Icons" when you
try to access /icons. These urls are part of Apaches basic installation
(that's if you did not remove the manual from your htdocs directory).
The authentication phase will let you in just as long you supply a
username and password. You can of course code such that it you can
authenicate against a .htpassword file, using Apache::Htpasswd.
Anyhow, this should show you that you can indeed change the AuthName
on-the-fly and also handle
authentication without having to include AuthName,AuthType,AuthUserFile
explicitly in your httpd.conf.
Note: the authentication subroutine acted flaky, sometimes it worked and
other times it didn't. But the realms did change for the each uri.
i hope this helps you....have fun ;)
Setting it up:
In your httpd.conf ( in a global area):
PerlHeaderParserHandler Apache::SetRealm;
=code
package Apache::SetRealm;
use Apache;
use Apache::Constants qw(:common);
sub handler {
my $r = shift;
## Make Apache aware the we want to also handle the Authentication
phase using a custom
## handler, in this case the subroutine authenticate()
$r->push_handlers(PerlAuthenHandler => \&authenticate);
my $uri = $r->uri;
## only handle uri that are defined as protected, in this case the
only protected
## uri's are /icons and /manuals
return OK unless is_protected($r);
my $realm = get_realm($r);
## Construct the Header Field containing the type of authenticate
(Basic) and our
## realmname return by get_realm()
my $authheader = 'Basic realm="'.$realm.'"';
$r->header_out("WWW-Authenticate" ,$authheader);
## Return 401 to browser and prompt for login
$r->status(AUTH_REQUIRED);
$r->send_http_header("text/html");
return AUTH_REQUIRED;
}
sub get_realm {
## Get the AuthName for a specific uri. You can probably read these
off of a file that
## contains a list of uri's and realmNames
my $r = shift;
return "The Icons" if ($r->uri =~ /\/icons/);
return "The Manual" if ($r->uri =~ /\/manual/);
}
sub is_protected {
## Check the $uri requested matches our set of "Restricted"
locations
## 1 = isProtected, 0 = NotProtected
## You can probably have these protected areas in a seperate file,
the eagle book
## has some excellent ideas on how to acomplish this
my $r = shift;
my @protected = ('\/manual','\/icons');
for (@protected) { return 1 if ($r->uri =~ /$_/); }
return 0;
}
sub authenticate {
## Straight out of the Eagle Book
my $r = shift;
return OK if $r->sub_request;
my ($res,$password) = $r->get_basic_auth_pw;
return $res if $res != OK;
my $username = $r->connection->user;
unless ($username && $pass) {
$r->note_basic_auth_failure;
$r->log_reason("Did not provide username");
return AUTH_REQUIRED;
}
## Now that you have the $username and $password you can
## include your code to open your AuthUserFile to check the password
and username
## I suggest using Apache::Htpasswd, it provides all the
methods/functions that you need to
## accomplish this part of the task...
$r->log_reason("WELCOME $user");
return OK;
}
1;
-Carlos
Todd Chapman wrote:
>
> Please explain again how to get my AuthHandler called without setting
> AuthName or AuthType in httpd.conf.
>
> Thanks.
>
> -Todd
>
> On Wed, 27 Sep 2000, Carlos Ramirez wrote:
>
> > By choosing to use your custom AuthHandler, you basically override Apache's way of
> > handling the particular phase, in this case the authentication phase. So you must
> > handle prompting the user and also checking the password.
> >
> > You might want to read the Apache Guide (http://perl.apache.org/) on how to write you
> > own handler and also the eagle book.
> >
> > After reviewing our previous conversation, I think you might need to send
> > WWW-Authenticate header field in another phase (preferable at the
> > PerlHeaderParserHandler) before the Authentication phase is called.
> >
> > Your PerlHeaderParserHandler can check the $r->uri for any password protected
> > requests, i.e., if it matches /companyA, you can then set the WWW-Authenticate: Basic
> > $realm and push it along it's merry way.
> >
> > Then your PerlAuthHandler will get the username and password and check it against the
> > realms' AuthUserFile. Apache will handle the initial prompting for the
> > username/password.
> >
> > Your requirements imply that you will have a file(??) that has a list of UserFiles
> > for each Realm/path_info so that your authentication handler will know what file to
> > check against.
> >
> > I hope this make sense ;) my coffee is running low...
> >
> > -Carlos
> >
> >
> > Todd Chapman wrote:
> >
> > > Thanks for the help. I was hoping that Apache would check the password for
> > > me but this should work.
> > >
> > > Now, how do I get Apache to run my PerlAuthenHandler without setting the
> > > AuthType or AuthName in httpd.conf?
> > >
> > > Do I need to do the Authentication in a PerlHandler?
> > >
> > > -Todd
> > >
> > > On Wed, 27 Sep 2000, Carlos Ramirez wrote:
> > >
> > > > 1. Oh, I mis-interpreted your question. I thought you already had a list of
> > > > virtual directories with the
> > > > AuthNames defined.
> > > >
> > > > You can set the AuthName by sending them in the server response header field:
> > > >
> > > > WWW-Authenticate Basic $realm
> > > >
> > > > So the first request to /companyA, you AuthHandler will respond with:
> > > >
> > > > $r->header_out(WWW-Authenticate => 'Basic $realm); ## Sets Realm field
> > > > $r->note_basic_auth_failure; ## Prompts for password
> > > >
> > > > The when a username and password are supplied i.e.
> > > > ($ret,$password) = $r->get_basic_auth_pw;
> > > >
> > > > where $ret = 1;
> > > >
> > > > Then:
> > > > 1. determine the AuthUserFile
> > > > 2. use Apache::Htpasswd to check password
> > > >
> > > > -Carlos
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Todd Chapman wrote:
> > > >
> > > > > Problems with your suggestion:
> > > > >
> > > > > 1. The realm will not be known until I get path_info so
> > > > > <Location></Location> directives will not work.
> > > > >
> > > > > 2. How can I get Perl to do the password lookup in the dynamically
> > > > > selected AuthUserFile?
> > > > >
> > > > > Thanks for the help.
> > > > >
> > > > > -Todd
> > > > >
> > > > > On Wed, 27 Sep 2000, Carlos Ramirez wrote:
> > > > >
> > > > > > You can you use Location to specify seperate AuthUserFile's like so:
> > > > > >
> > > > > > <Location /companyA>
> > > > > > AuthType Basic
> > > > > > AuthName CompanyA
> > > > > > AuthUserFile path/to/CompanyAUsersFile
> > > > > >
> > > > > > </Location>
> > > > > > ....
> > > > > > <Location /companyN>
> > > > > > AuthType Basic
> > > > > > AuthName CompanyN
> > > > > > AuthUserFile path/to/CompanyNUsersFIle
> > > > > > </Location>
> > > > > >
> > > > > >
> > > > > > Or you can write your own AuthHandler that lookups up AuthName, AuthUserFile
> > > > > > in a seperate file against the path_info. This will eliminate the need to
> > > > > > flood you httpd.conf file with a bunch of <Location></Location> directives.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > Todd Chapman wrote:
> > > > > >
> > > > > > > I have read chapter 6 of the modperl book but still don't know how to set
> > > > > > > up authenification the way I want. I would like to use Basic
> > > > > > > authentification to protect virtual documents. The trick is that I want
> > > > > > > to set AuthName and AuthUserFile based on path_info.
> > > > > > >
> > > > > > > For example:
> > > > > > >
> > > > > > > http://virtual/companyA/dir1
> > > > > > >
> > > > > > > would prompt for a password in the companyA realm and check it against the
> > > > > > > appropriate AuthUserFile.
> > > > > > >
> > > > > > > How do I add this flexibility without reinventing the parts Apache already
> > > > > > > does so well?
> > > > > > >
> > > > > > > Thanks.
> > > > > > >
> > > > > > > -Todd
> > > > > >
> > > > > > --
> > > > > > -----------------------------------------------------------------------
> > > > > > Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181
> > > > > > -----------------------------------------------------------------------
> > > > > > - Someday I'll find that peer and reset his connection!
> > > > > >
> > > > > >
> > > > > >
> > > >
> > > > --
> > > > -----------------------------------------------------------------------
> > > > Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181
> > > > -----------------------------------------------------------------------
> > > > - Someday I'll find that peer and reset his connection!
> > > >
> > > >
> > > >
> >
> > --
> > -----------------------------------------------------------------------
> > Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181
> > -----------------------------------------------------------------------
> > - Someday I'll find that peer and reset his connection!
> >
> >
> >
--
Claiming that your operating system is the best in the world because
more people use it is like saying
McDonalds makes the best food in the world.
Re: PerlAuthenHandler advice needed.
Posted by Todd Chapman <mo...@chaka.net>.
Please explain again how to get my AuthHandler called without setting
AuthName or AuthType in httpd.conf.
Thanks.
-Todd
On Wed, 27 Sep 2000, Carlos Ramirez wrote:
> By choosing to use your custom AuthHandler, you basically override Apache's way of
> handling the particular phase, in this case the authentication phase. So you must
> handle prompting the user and also checking the password.
>
> You might want to read the Apache Guide (http://perl.apache.org/) on how to write you
> own handler and also the eagle book.
>
> After reviewing our previous conversation, I think you might need to send
> WWW-Authenticate header field in another phase (preferable at the
> PerlHeaderParserHandler) before the Authentication phase is called.
>
> Your PerlHeaderParserHandler can check the $r->uri for any password protected
> requests, i.e., if it matches /companyA, you can then set the WWW-Authenticate: Basic
> $realm and push it along it's merry way.
>
> Then your PerlAuthHandler will get the username and password and check it against the
> realms' AuthUserFile. Apache will handle the initial prompting for the
> username/password.
>
> Your requirements imply that you will have a file(??) that has a list of UserFiles
> for each Realm/path_info so that your authentication handler will know what file to
> check against.
>
> I hope this make sense ;) my coffee is running low...
>
> -Carlos
>
>
> Todd Chapman wrote:
>
> > Thanks for the help. I was hoping that Apache would check the password for
> > me but this should work.
> >
> > Now, how do I get Apache to run my PerlAuthenHandler without setting the
> > AuthType or AuthName in httpd.conf?
> >
> > Do I need to do the Authentication in a PerlHandler?
> >
> > -Todd
> >
> > On Wed, 27 Sep 2000, Carlos Ramirez wrote:
> >
> > > 1. Oh, I mis-interpreted your question. I thought you already had a list of
> > > virtual directories with the
> > > AuthNames defined.
> > >
> > > You can set the AuthName by sending them in the server response header field:
> > >
> > > WWW-Authenticate Basic $realm
> > >
> > > So the first request to /companyA, you AuthHandler will respond with:
> > >
> > > $r->header_out(WWW-Authenticate => 'Basic $realm); ## Sets Realm field
> > > $r->note_basic_auth_failure; ## Prompts for password
> > >
> > > The when a username and password are supplied i.e.
> > > ($ret,$password) = $r->get_basic_auth_pw;
> > >
> > > where $ret = 1;
> > >
> > > Then:
> > > 1. determine the AuthUserFile
> > > 2. use Apache::Htpasswd to check password
> > >
> > > -Carlos
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Todd Chapman wrote:
> > >
> > > > Problems with your suggestion:
> > > >
> > > > 1. The realm will not be known until I get path_info so
> > > > <Location></Location> directives will not work.
> > > >
> > > > 2. How can I get Perl to do the password lookup in the dynamically
> > > > selected AuthUserFile?
> > > >
> > > > Thanks for the help.
> > > >
> > > > -Todd
> > > >
> > > > On Wed, 27 Sep 2000, Carlos Ramirez wrote:
> > > >
> > > > > You can you use Location to specify seperate AuthUserFile's like so:
> > > > >
> > > > > <Location /companyA>
> > > > > AuthType Basic
> > > > > AuthName CompanyA
> > > > > AuthUserFile path/to/CompanyAUsersFile
> > > > >
> > > > > </Location>
> > > > > ....
> > > > > <Location /companyN>
> > > > > AuthType Basic
> > > > > AuthName CompanyN
> > > > > AuthUserFile path/to/CompanyNUsersFIle
> > > > > </Location>
> > > > >
> > > > >
> > > > > Or you can write your own AuthHandler that lookups up AuthName, AuthUserFile
> > > > > in a seperate file against the path_info. This will eliminate the need to
> > > > > flood you httpd.conf file with a bunch of <Location></Location> directives.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Todd Chapman wrote:
> > > > >
> > > > > > I have read chapter 6 of the modperl book but still don't know how to set
> > > > > > up authenification the way I want. I would like to use Basic
> > > > > > authentification to protect virtual documents. The trick is that I want
> > > > > > to set AuthName and AuthUserFile based on path_info.
> > > > > >
> > > > > > For example:
> > > > > >
> > > > > > http://virtual/companyA/dir1
> > > > > >
> > > > > > would prompt for a password in the companyA realm and check it against the
> > > > > > appropriate AuthUserFile.
> > > > > >
> > > > > > How do I add this flexibility without reinventing the parts Apache already
> > > > > > does so well?
> > > > > >
> > > > > > Thanks.
> > > > > >
> > > > > > -Todd
> > > > >
> > > > > --
> > > > > -----------------------------------------------------------------------
> > > > > Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181
> > > > > -----------------------------------------------------------------------
> > > > > - Someday I'll find that peer and reset his connection!
> > > > >
> > > > >
> > > > >
> > >
> > > --
> > > -----------------------------------------------------------------------
> > > Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181
> > > -----------------------------------------------------------------------
> > > - Someday I'll find that peer and reset his connection!
> > >
> > >
> > >
>
> --
> -----------------------------------------------------------------------
> Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181
> -----------------------------------------------------------------------
> - Someday I'll find that peer and reset his connection!
>
>
>
Re: PerlAuthenHandler advice needed.
Posted by Carlos Ramirez <ra...@roses.bna.boeing.com>.
By choosing to use your custom AuthHandler, you basically override Apache's way of
handling the particular phase, in this case the authentication phase. So you must
handle prompting the user and also checking the password.
You might want to read the Apache Guide (http://perl.apache.org/) on how to write you
own handler and also the eagle book.
After reviewing our previous conversation, I think you might need to send
WWW-Authenticate header field in another phase (preferable at the
PerlHeaderParserHandler) before the Authentication phase is called.
Your PerlHeaderParserHandler can check the $r->uri for any password protected
requests, i.e., if it matches /companyA, you can then set the WWW-Authenticate: Basic
$realm and push it along it's merry way.
Then your PerlAuthHandler will get the username and password and check it against the
realms' AuthUserFile. Apache will handle the initial prompting for the
username/password.
Your requirements imply that you will have a file(??) that has a list of UserFiles
for each Realm/path_info so that your authentication handler will know what file to
check against.
I hope this make sense ;) my coffee is running low...
-Carlos
Todd Chapman wrote:
> Thanks for the help. I was hoping that Apache would check the password for
> me but this should work.
>
> Now, how do I get Apache to run my PerlAuthenHandler without setting the
> AuthType or AuthName in httpd.conf?
>
> Do I need to do the Authentication in a PerlHandler?
>
> -Todd
>
> On Wed, 27 Sep 2000, Carlos Ramirez wrote:
>
> > 1. Oh, I mis-interpreted your question. I thought you already had a list of
> > virtual directories with the
> > AuthNames defined.
> >
> > You can set the AuthName by sending them in the server response header field:
> >
> > WWW-Authenticate Basic $realm
> >
> > So the first request to /companyA, you AuthHandler will respond with:
> >
> > $r->header_out(WWW-Authenticate => 'Basic $realm); ## Sets Realm field
> > $r->note_basic_auth_failure; ## Prompts for password
> >
> > The when a username and password are supplied i.e.
> > ($ret,$password) = $r->get_basic_auth_pw;
> >
> > where $ret = 1;
> >
> > Then:
> > 1. determine the AuthUserFile
> > 2. use Apache::Htpasswd to check password
> >
> > -Carlos
> >
> >
> >
> >
> >
> >
> >
> > Todd Chapman wrote:
> >
> > > Problems with your suggestion:
> > >
> > > 1. The realm will not be known until I get path_info so
> > > <Location></Location> directives will not work.
> > >
> > > 2. How can I get Perl to do the password lookup in the dynamically
> > > selected AuthUserFile?
> > >
> > > Thanks for the help.
> > >
> > > -Todd
> > >
> > > On Wed, 27 Sep 2000, Carlos Ramirez wrote:
> > >
> > > > You can you use Location to specify seperate AuthUserFile's like so:
> > > >
> > > > <Location /companyA>
> > > > AuthType Basic
> > > > AuthName CompanyA
> > > > AuthUserFile path/to/CompanyAUsersFile
> > > >
> > > > </Location>
> > > > ....
> > > > <Location /companyN>
> > > > AuthType Basic
> > > > AuthName CompanyN
> > > > AuthUserFile path/to/CompanyNUsersFIle
> > > > </Location>
> > > >
> > > >
> > > > Or you can write your own AuthHandler that lookups up AuthName, AuthUserFile
> > > > in a seperate file against the path_info. This will eliminate the need to
> > > > flood you httpd.conf file with a bunch of <Location></Location> directives.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Todd Chapman wrote:
> > > >
> > > > > I have read chapter 6 of the modperl book but still don't know how to set
> > > > > up authenification the way I want. I would like to use Basic
> > > > > authentification to protect virtual documents. The trick is that I want
> > > > > to set AuthName and AuthUserFile based on path_info.
> > > > >
> > > > > For example:
> > > > >
> > > > > http://virtual/companyA/dir1
> > > > >
> > > > > would prompt for a password in the companyA realm and check it against the
> > > > > appropriate AuthUserFile.
> > > > >
> > > > > How do I add this flexibility without reinventing the parts Apache already
> > > > > does so well?
> > > > >
> > > > > Thanks.
> > > > >
> > > > > -Todd
> > > >
> > > > --
> > > > -----------------------------------------------------------------------
> > > > Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181
> > > > -----------------------------------------------------------------------
> > > > - Someday I'll find that peer and reset his connection!
> > > >
> > > >
> > > >
> >
> > --
> > -----------------------------------------------------------------------
> > Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181
> > -----------------------------------------------------------------------
> > - Someday I'll find that peer and reset his connection!
> >
> >
> >
--
-----------------------------------------------------------------------
Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181
-----------------------------------------------------------------------
- Someday I'll find that peer and reset his connection!
Re: PerlAuthenHandler advice needed.
Posted by Todd Chapman <mo...@chaka.net>.
Thanks for the help. I was hoping that Apache would check the password for
me but this should work.
Now, how do I get Apache to run my PerlAuthenHandler without setting the
AuthType or AuthName in httpd.conf?
Do I need to do the Authentication in a PerlHandler?
-Todd
On Wed, 27 Sep 2000, Carlos Ramirez wrote:
> 1. Oh, I mis-interpreted your question. I thought you already had a list of
> virtual directories with the
> AuthNames defined.
>
> You can set the AuthName by sending them in the server response header field:
>
> WWW-Authenticate Basic $realm
>
> So the first request to /companyA, you AuthHandler will respond with:
>
> $r->header_out(WWW-Authenticate => 'Basic $realm); ## Sets Realm field
> $r->note_basic_auth_failure; ## Prompts for password
>
> The when a username and password are supplied i.e.
> ($ret,$password) = $r->get_basic_auth_pw;
>
> where $ret = 1;
>
> Then:
> 1. determine the AuthUserFile
> 2. use Apache::Htpasswd to check password
>
> -Carlos
>
>
>
>
>
>
>
> Todd Chapman wrote:
>
> > Problems with your suggestion:
> >
> > 1. The realm will not be known until I get path_info so
> > <Location></Location> directives will not work.
> >
> > 2. How can I get Perl to do the password lookup in the dynamically
> > selected AuthUserFile?
> >
> > Thanks for the help.
> >
> > -Todd
> >
> > On Wed, 27 Sep 2000, Carlos Ramirez wrote:
> >
> > > You can you use Location to specify seperate AuthUserFile's like so:
> > >
> > > <Location /companyA>
> > > AuthType Basic
> > > AuthName CompanyA
> > > AuthUserFile path/to/CompanyAUsersFile
> > >
> > > </Location>
> > > ....
> > > <Location /companyN>
> > > AuthType Basic
> > > AuthName CompanyN
> > > AuthUserFile path/to/CompanyNUsersFIle
> > > </Location>
> > >
> > >
> > > Or you can write your own AuthHandler that lookups up AuthName, AuthUserFile
> > > in a seperate file against the path_info. This will eliminate the need to
> > > flood you httpd.conf file with a bunch of <Location></Location> directives.
> > >
> > >
> > >
> > >
> > >
> > >
> > > Todd Chapman wrote:
> > >
> > > > I have read chapter 6 of the modperl book but still don't know how to set
> > > > up authenification the way I want. I would like to use Basic
> > > > authentification to protect virtual documents. The trick is that I want
> > > > to set AuthName and AuthUserFile based on path_info.
> > > >
> > > > For example:
> > > >
> > > > http://virtual/companyA/dir1
> > > >
> > > > would prompt for a password in the companyA realm and check it against the
> > > > appropriate AuthUserFile.
> > > >
> > > > How do I add this flexibility without reinventing the parts Apache already
> > > > does so well?
> > > >
> > > > Thanks.
> > > >
> > > > -Todd
> > >
> > > --
> > > -----------------------------------------------------------------------
> > > Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181
> > > -----------------------------------------------------------------------
> > > - Someday I'll find that peer and reset his connection!
> > >
> > >
> > >
>
> --
> -----------------------------------------------------------------------
> Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181
> -----------------------------------------------------------------------
> - Someday I'll find that peer and reset his connection!
>
>
>
Re: PerlAuthenHandler advice needed.
Posted by Carlos Ramirez <ra...@roses.bna.boeing.com>.
1. Oh, I mis-interpreted your question. I thought you already had a list of
virtual directories with the
AuthNames defined.
You can set the AuthName by sending them in the server response header field:
WWW-Authenticate Basic $realm
So the first request to /companyA, you AuthHandler will respond with:
$r->header_out(WWW-Authenticate => 'Basic $realm); ## Sets Realm field
$r->note_basic_auth_failure; ## Prompts for password
The when a username and password are supplied i.e.
($ret,$password) = $r->get_basic_auth_pw;
where $ret = 1;
Then:
1. determine the AuthUserFile
2. use Apache::Htpasswd to check password
-Carlos
Todd Chapman wrote:
> Problems with your suggestion:
>
> 1. The realm will not be known until I get path_info so
> <Location></Location> directives will not work.
>
> 2. How can I get Perl to do the password lookup in the dynamically
> selected AuthUserFile?
>
> Thanks for the help.
>
> -Todd
>
> On Wed, 27 Sep 2000, Carlos Ramirez wrote:
>
> > You can you use Location to specify seperate AuthUserFile's like so:
> >
> > <Location /companyA>
> > AuthType Basic
> > AuthName CompanyA
> > AuthUserFile path/to/CompanyAUsersFile
> >
> > </Location>
> > ....
> > <Location /companyN>
> > AuthType Basic
> > AuthName CompanyN
> > AuthUserFile path/to/CompanyNUsersFIle
> > </Location>
> >
> >
> > Or you can write your own AuthHandler that lookups up AuthName, AuthUserFile
> > in a seperate file against the path_info. This will eliminate the need to
> > flood you httpd.conf file with a bunch of <Location></Location> directives.
> >
> >
> >
> >
> >
> >
> > Todd Chapman wrote:
> >
> > > I have read chapter 6 of the modperl book but still don't know how to set
> > > up authenification the way I want. I would like to use Basic
> > > authentification to protect virtual documents. The trick is that I want
> > > to set AuthName and AuthUserFile based on path_info.
> > >
> > > For example:
> > >
> > > http://virtual/companyA/dir1
> > >
> > > would prompt for a password in the companyA realm and check it against the
> > > appropriate AuthUserFile.
> > >
> > > How do I add this flexibility without reinventing the parts Apache already
> > > does so well?
> > >
> > > Thanks.
> > >
> > > -Todd
> >
> > --
> > -----------------------------------------------------------------------
> > Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181
> > -----------------------------------------------------------------------
> > - Someday I'll find that peer and reset his connection!
> >
> >
> >
--
-----------------------------------------------------------------------
Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181
-----------------------------------------------------------------------
- Someday I'll find that peer and reset his connection!
Re: PerlAuthenHandler advice needed.
Posted by Doug MacEachern <do...@covalent.net>.
On Wed, 27 Sep 2000, Todd Chapman wrote:
>
> Problems with your suggestion:
>
> 1. The realm will not be known until I get path_info so
> <Location></Location> directives will not work.
you can use $r->auth_name($realm) to set it at request time.
> 2. How can I get Perl to do the password lookup in the dynamically
> selected AuthUserFile?
since mod_auth.c's structure defs are private to mod_auth.c, there's no
$r->api for this. what you can do use .htaccess like so:
<Perl>
my $r = Apache->request;
my $testing = $r->path_info =~ /test/;
$AuthType = "Basic";
$AuthName = $testing ? "Testing" : "Whatever";
$Require = "user dougm";
$AuthUserFile = $testing ? "/tmp/htpasswd" : "/whatever/htpasswd";
</Perl>
also, i just committed this patch that makes $r->auth_type writable, the
same way $r->auth_name is. and, defaults auth_type to Basic when unset
and $r->get_basic_auth_pw is called.
Index: src/modules/perl/Apache.xs
===================================================================
RCS file: /home/cvs/modperl/src/modules/perl/Apache.xs,v
retrieving revision 1.110
diff -u -r1.110 Apache.xs
--- src/modules/perl/Apache.xs 2000/09/27 19:44:23 1.110
+++ src/modules/perl/Apache.xs 2000/09/27 23:43:33
@@ -824,8 +824,9 @@
char *val
const char *
-auth_type(r)
+mod_perl_auth_type(r, val=NULL)
Apache r
+ char *val
const char *
document_root(r, ...)
@@ -887,6 +888,9 @@
int ret;
PPCODE:
+ if (!auth_type(r)) {
+ (void)mod_perl_auth_type(r, "Basic");
+ }
ret = get_basic_auth_pw(r, &sent_pw);
XPUSHs(sv_2mortal((SV*)newSViv(ret)));
if(ret == OK)
Index: src/modules/perl/mod_perl.h
===================================================================
RCS file: /home/cvs/modperl/src/modules/perl/mod_perl.h,v
retrieving revision 1.103
diff -u -r1.103 mod_perl.h
--- src/modules/perl/mod_perl.h 2000/09/22 18:51:59 1.103
+++ src/modules/perl/mod_perl.h 2000/09/27 23:43:46
@@ -1185,6 +1185,7 @@
perl_require_module("Apache", s)
char *mod_perl_auth_name(request_rec *r, char *val);
+char *mod_perl_auth_type(request_rec *r, char *val);
module *perl_get_module_ptr(char *name, int len);
void *perl_merge_server_config(pool *p, void *basev, void *addv);
Index: src/modules/perl/perl_config.c
===================================================================
RCS file: /home/cvs/modperl/src/modules/perl/perl_config.c,v
retrieving revision 1.105
diff -u -r1.105 perl_config.c
--- src/modules/perl/perl_config.c 2000/09/27 15:37:33 1.105
+++ src/modules/perl/perl_config.c 2000/09/27 23:44:03
@@ -158,6 +158,24 @@
#endif
}
+char *mod_perl_auth_type(request_rec *r, char *val)
+{
+#ifndef WIN32
+ core_dir_config *conf =
+ (core_dir_config *)get_module_config(r->per_dir_config, &core_module);
+
+ if(val) {
+ conf->auth_type = pstrdup(r->pool, val);
+ set_module_config(r->per_dir_config, &core_module, (void*)conf);
+ MP_TRACE_g(fprintf(stderr, "mod_perl: setting auth_type to %s\n", conf->auth_name));
+ }
+
+ return conf->auth_type;
+#else
+ return (char *) auth_type(r);
+#endif
+}
+
void mod_perl_dir_env(request_rec *r, perl_dir_config *cld)
{
if(MP_HASENV(cld)) {
Re: PerlAuthenHandler advice needed.
Posted by Todd Chapman <mo...@chaka.net>.
Problems with your suggestion:
1. The realm will not be known until I get path_info so
<Location></Location> directives will not work.
2. How can I get Perl to do the password lookup in the dynamically
selected AuthUserFile?
Thanks for the help.
-Todd
On Wed, 27 Sep 2000, Carlos Ramirez wrote:
> You can you use Location to specify seperate AuthUserFile's like so:
>
> <Location /companyA>
> AuthType Basic
> AuthName CompanyA
> AuthUserFile path/to/CompanyAUsersFile
>
> </Location>
> ....
> <Location /companyN>
> AuthType Basic
> AuthName CompanyN
> AuthUserFile path/to/CompanyNUsersFIle
> </Location>
>
>
> Or you can write your own AuthHandler that lookups up AuthName, AuthUserFile
> in a seperate file against the path_info. This will eliminate the need to
> flood you httpd.conf file with a bunch of <Location></Location> directives.
>
>
>
>
>
>
> Todd Chapman wrote:
>
> > I have read chapter 6 of the modperl book but still don't know how to set
> > up authenification the way I want. I would like to use Basic
> > authentification to protect virtual documents. The trick is that I want
> > to set AuthName and AuthUserFile based on path_info.
> >
> > For example:
> >
> > http://virtual/companyA/dir1
> >
> > would prompt for a password in the companyA realm and check it against the
> > appropriate AuthUserFile.
> >
> > How do I add this flexibility without reinventing the parts Apache already
> > does so well?
> >
> > Thanks.
> >
> > -Todd
>
> --
> -----------------------------------------------------------------------
> Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181
> -----------------------------------------------------------------------
> - Someday I'll find that peer and reset his connection!
>
>
>
Re: PerlAuthenHandler advice needed.
Posted by Carlos Ramirez <ra...@roses.bna.boeing.com>.
You can you use Location to specify seperate AuthUserFile's like so:
<Location /companyA>
AuthType Basic
AuthName CompanyA
AuthUserFile path/to/CompanyAUsersFile
</Location>
....
<Location /companyN>
AuthType Basic
AuthName CompanyN
AuthUserFile path/to/CompanyNUsersFIle
</Location>
Or you can write your own AuthHandler that lookups up AuthName, AuthUserFile
in a seperate file against the path_info. This will eliminate the need to
flood you httpd.conf file with a bunch of <Location></Location> directives.
Todd Chapman wrote:
> I have read chapter 6 of the modperl book but still don't know how to set
> up authenification the way I want. I would like to use Basic
> authentification to protect virtual documents. The trick is that I want
> to set AuthName and AuthUserFile based on path_info.
>
> For example:
>
> http://virtual/companyA/dir1
>
> would prompt for a password in the companyA realm and check it against the
> appropriate AuthUserFile.
>
> How do I add this flexibility without reinventing the parts Apache already
> does so well?
>
> Thanks.
>
> -Todd
--
-----------------------------------------------------------------------
Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181
-----------------------------------------------------------------------
- Someday I'll find that peer and reset his connection!