You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modules-dev@httpd.apache.org by Jouni Mäkeläinen <jo...@twinkle.fi> on 2009/02/17 16:33:42 UTC
Porting custom auth module to Apache 2.2
Hi,
I have developed a custom authentication module for Apache 2.0 using a similar module as model. Authentication module first checks if request URI contains hex coded and DES-encrypted string in query string. If URL doesn't contain param, then cookies are checked. If encrypted string is not found, user is redirected to separate authentication server and after authentication back to original URL with required parameter.
When module calls ap_auth_type(r) function, segmentation fault occurs.
First I assumed that the module fails because of the changed AAA-architecture in Apache 2.2. Then I came across with mod_auth_kerb, which should work also with Apache 2.2 and has a similar approach to authentication.
Here are the relevant parts of the module code:
static int authenticate_user(request_rec *r) {
xxx_auth_config_rec *conf = ap_get_module_config(r->per_dir_config, &auth_xxx_module);
const char* encrypted_sso_str = NULL;
if (r->args) {
apr_table_t* qs = val_str2apr_table(r->pool, r->args, "&");
encrypted_sso_str = apr_table_get(qs, conf->paramname);
apr_table_clear(qs);
}
if (!encrypted_sso_str) {
const char* cookie_str = apr_table_get(r->headers_in, "Cookie");
...
}
if (!encrypted_sso_str || apr_strnatcmp(encrypted_sso_str, "false") == 0) {
// encrypted_sso_str not found, redirecting user to auth server (first check the auth_type)
if (tmp_auth_type && apr_strnatcasecmp(ap_auth_type(r), "auth_xxx") == 0) {
*** BANG *** (ap_auth_type)
...
static void mod_auth_xxx_register_hooks(apr_pool_t *p)
{
// APR_HOOK_FIRST to bypass other modules, tried also APR_HOOK_MIDDLE
ap_hook_check_user_id(authenticate_user,NULL,NULL,APR_HOOK_FIRST);
}
...
module AP_MODULE_DECLARE_DATA auth_xxx_module =
{
STANDARD20_MODULE_STUFF,
create_auth_dir_config, /* per-directory config creater */
NULL, /* dir merger --- default is to override */
NULL, /* server config creator */
NULL, /* server config merger */
auth_commands, /* command table */
mod_auth_xxx_register_hooks, /* callback for registering hooks */
};
In server configuration I have following common authentication lines:
<Location ...>
...
AuthType auth_xxx
require valid-user
...
</Location>
I compile module with apxs (CentOS 5.2 x86_64, Apache 2.2.3, tried also Apache 2.2.8) against libmcrypt (for DES calculations):
apxs -lmcrypt -c mod_auth_xxx.c
Compilation generates some warnings, but nothing serious I guess. After compilation I copy .libs/mod_auth_xxx.so to modules directory (/usr/lib64/httpd/modules/) and restart the httpd server. Everything seems to work as expected, but when I try to access protected file process dies with segmentation fault. Here is the backtrace from the core dump:
#0 0x00002af41b58b67f in apr_match_glob () from /usr/lib64/libapr-1.so.0
#1 0x00002af4249ebb74 in authenticate_user (r=0x2af42ed75488) at mod_auth_xxx.c:159
#2 0x00002af419cc5112 in ap_run_check_user_id () from /usr/sbin/httpd
#3 0x00002af419cc6327 in ap_process_request_internal () from /usr/sbin/httpd
#4 0x00002af419cd7eb8 in ap_process_request () from /usr/sbin/httpd
#5 0x00002af419cd50f0 in ap_register_input_filter () from /usr/sbin/httpd
#6 0x00002af419cd11c2 in ap_run_process_connection () from /usr/sbin/httpd
#7 0x00002af419cdbe5b in ap_graceful_stop_signalled () from /usr/sbin/httpd
#8 0x00002af419cdc0ea in ap_graceful_stop_signalled () from /usr/sbin/httpd
#9 0x00002af419cdc1a0 in ap_graceful_stop_signalled () from /usr/sbin/httpd
#10 0x00002af419cdccd8 in ap_mpm_run () from /usr/sbin/httpd
#11 0x00002af419cb7183 in main () from /usr/sbin/httpd
Any help would be most welcome,
Jouni