Bug#242985: Requires valid-user is not being honored

To: submit@bugs.debian.org
Subject: Bug#242985: Requires valid-user is not being honored
From: jblack@inframix.com (James Blackwell)
Date: Sat, 10 Apr 2004 00:48:35 -0400
Message-id: <[🔎] 20040410044835.GA31512@inframix.com>
Reply-to: jblack@inframix.com (James Blackwell), 242985@bugs.debian.org

Package: apache
Version: 1.3.29.0.2-4

I am attempting to use libapache-mod-perl to perform a custom
configuration. However it appears that apache is not honoring the
directory stanza for the virtual host. I believe this is a bug in apache
and not in libapache-mod-perl because libapache-mod-perl is returning
fails to the apachesubsystem. At this time I do not think this is user
error because I've checked against half a dozen examples (including
perl.apache.org) and I seem to be right in line.


Log snippit
==================================
[Sat Apr 10 04:40:16 2004]
     [error] access to / failed for 209.173.6.54, reason: Failed for X reason
[Sat Apr 10 04:40:16 2004]
     [error] access to /index.html failed for 209.173.6.54, reason: Failed
             for X reason
[Sat Apr 10 04:40:16 2004]
     [error] access to /index.html failed for 209.173.6.54, reason: Failed
             for X reason
209.173.6.54 - someuser [10/Apr/2004:04:40:16 +0000] "GET / HTTP/1.0" 200 0
==================================


According to the logs (and the web browser!) the page gets served, even
though access should be denied.


/etc/apache/conf.d/push.sourcecontrol.net:
====================================
<VirtualHost *>
  Servername push.sourcecontrol.net

  DocumentRoot /var/www/mirrors/push

  ErrorLog /var/log/apache/push.sourcecontrol.net
  CustomLog /var/log/apache/push.sourcecontrol.net common

  PerlModule SourceControl
  <Directory /var/www/mirrors/push >
    AuthName SourceControl
    AuthType Basic
    PerlAuthenHandler SourceControl::authen_handler
    Require valid-user
  </Directory>
</VirtualHost>
==================================


/usr/local/lib/site_perl/SourceControl.pm : 
==================================
package SourceControl;

    sub authen_handler {
  
        my $r = shift;
  
        # get user's authentication credentials
        my ($res, $sent_pw) = $r->get_basic_auth_pw;
        return $res if $res != OK;

        my $user = $r->connection->user;
        my $reason = "";

        # authenticate through DBI
        my $reason = authen_dbi($r, $user, $sent_pw);
  
        if ($reason) {
                $r->note_basic_auth_failure;
                $r->log_reason($reason, $r->uri);
                return FORBIDDEN;
                #return AUTH_REQUIRED;
        }
        return OK;
    }
     
    sub authen_dbi{
      my ($r, $user, $sent_pw) = @_;
  
      # validate username/passwd
      #return 0;  # replace with real code!!!
  
      return "Failed for X reason";
  
    }
    # don't forget 1;
    1;
==================================


-- 
James Blackwell          Please do not send me carbon copies of mailing
Smile more!              list posts. Such mail is unsolicited. Thank you!

GnuPG (ID 06357400) AAE4 8C76 58DA 5902 761D  247A 8A55 DA73 0635 7400

Reply to:

Follow-Ups:
- Re: Bug#242985: Requires valid-user is not being honored
  - From: Fabio Massimo Di Nitto <fabbione@fabbione.net>
- Bug#242985: marked as done (Requires valid-user is not being honored)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: 995-8-2-41 Egliksh for you!
Next by Date: Re: Bug#242985: Requires valid-user is not being honored
Previous by thread: 995-8-2-41 Egliksh for you!
Next by thread: Re: Bug#242985: Requires valid-user is not being honored
Index(es):
- Date
- Thread