Bug#242985: Requires valid-user is not being honored
Package: apache
Version: 1.3.29.0.2-4
I am attempting to use libapache-mod-perl to perform a custom
configuration. However it appears that apache is not honoring the
directory stanza for the virtual host. I believe this is a bug in apache
and not in libapache-mod-perl because libapache-mod-perl is returning
fails to the apachesubsystem. At this time I do not think this is user
error because I've checked against half a dozen examples (including
perl.apache.org) and I seem to be right in line.
Log snippit
==================================
[Sat Apr 10 04:40:16 2004]
[error] access to / failed for 209.173.6.54, reason: Failed for X reason
[Sat Apr 10 04:40:16 2004]
[error] access to /index.html failed for 209.173.6.54, reason: Failed
for X reason
[Sat Apr 10 04:40:16 2004]
[error] access to /index.html failed for 209.173.6.54, reason: Failed
for X reason
209.173.6.54 - someuser [10/Apr/2004:04:40:16 +0000] "GET / HTTP/1.0" 200 0
==================================
According to the logs (and the web browser!) the page gets served, even
though access should be denied.
/etc/apache/conf.d/push.sourcecontrol.net:
====================================
<VirtualHost *>
Servername push.sourcecontrol.net
DocumentRoot /var/www/mirrors/push
ErrorLog /var/log/apache/push.sourcecontrol.net
CustomLog /var/log/apache/push.sourcecontrol.net common
PerlModule SourceControl
<Directory /var/www/mirrors/push >
AuthName SourceControl
AuthType Basic
PerlAuthenHandler SourceControl::authen_handler
Require valid-user
</Directory>
</VirtualHost>
==================================
/usr/local/lib/site_perl/SourceControl.pm :
==================================
package SourceControl;
sub authen_handler {
my $r = shift;
# get user's authentication credentials
my ($res, $sent_pw) = $r->get_basic_auth_pw;
return $res if $res != OK;
my $user = $r->connection->user;
my $reason = "";
# authenticate through DBI
my $reason = authen_dbi($r, $user, $sent_pw);
if ($reason) {
$r->note_basic_auth_failure;
$r->log_reason($reason, $r->uri);
return FORBIDDEN;
#return AUTH_REQUIRED;
}
return OK;
}
sub authen_dbi{
my ($r, $user, $sent_pw) = @_;
# validate username/passwd
#return 0; # replace with real code!!!
return "Failed for X reason";
}
# don't forget 1;
1;
==================================
--
James Blackwell Please do not send me carbon copies of mailing
Smile more! list posts. Such mail is unsolicited. Thank you!
GnuPG (ID 06357400) AAE4 8C76 58DA 5902 761D 247A 8A55 DA73 0635 7400
Reply to: