Re: [mp2] php response handler clears authenticated user in mod_perl

Tue, 04 Jan 2011 07:43:33 -0800 

the perl core is early buggy
some misunderstand in the regex
some valuable { is again ....
my personnal experience with the mod perl user is crach with the webmail
if Jaos @
Le mardi 04 janvier 2011 à 14:57 +0100, Peter Albrecht a écrit :
> Hello everyone,
> 
> 1. Problem Description:
> 
>   Using PHP as response handler seems to clear the authenticated user 
> ("$r->user()") in successive mod_perl handlers.
> 
>   
> *** Reproduce:
> 
>   1.1. Install attached simple Apache2 server setup (see "4. Source-snippets")
>   
>   1.2. PHP response handler
> 
>   1.2.1. Ensure the following lines of "/etc/apache2/vhosts/bug.conf" are 
> commented out:
> 
>     # SetHandler modperl
>     # PerlResponseHandler MyApache2::MyResponseHandler
> 
>     => PHP response handler will be in action
> 
>   1.2.2. visit http://<yourServer>/index.php with your browser
>   
>   1.2.3. error.log tells us:
>       [Tue Jan 04 11:29:03 2011] [info] [client 90.148.54.54] Start 
> Authentication
>       [Tue Jan 04 11:29:03 2011] [info] [client 90.148.54.54] Session started 
> for user: 'JonDoe'
>       [Tue Jan 04 11:29:03 2011] [error] [client 90.148.54.54] OutputFilter: 
> user = ""               <-- failure! Should be 'JonDoe'
> 
>   1.3. mod_perl response handler
>   
>   1.3.1. Enable the following lines of "/etc/apache2/vhosts/bug.conf":
> 
>     SetHandler modperl
>     PerlResponseHandler MyApache2::MyResponseHandler
> 
>     => mod_perl response handler (MyResponseHandler.pm) will be in action
> 
>   1.3.2. visit http://<yourServer>/index.php with your browser
>   
>   1.3.3. error.log tells us:
>       [Tue Jan 04 11:30:28 2011] [info] [client 90.148.54.54] Start 
> Authentication
>       [Tue Jan 04 11:30:28 2011] [info] [client 90.148.54.54] Session started 
> for user: 'JonDoe'
>       [Tue Jan 04 11:30:28 2011] [error] [client 90.148.54.54] OutputFilter: 
> user = "JonDoe"            <-- correct behaviour!
> 
> 
> 
> *** Actual result:
> 
>   Both ResponseHandlers know the authenticated user (see browser output). But 
> in case of the PHP response handler, "$r->user()" seems to be resetted for 
> futher mod_perl handlers (like MyOutputFilter). Using a mod_perl response 
> handler, I always get the correct authenticated user via "$r->user()" in 
> succesive handlers.
> 
> 
> *** Expected result:
> 
>   After PHP response handler "$r->user()" should provide the authenticated 
> user for use in succesive mod_perl handlers like OutputFilter or LogHandler.
> 
> 
> *** Workaround:
> 
>   In your AuthenticationHandler make a backup of the user in an user defined 
> Apache note:
>   
>     $r->notes->set('myAuthenUser', $r->user()); 
> 
>   and use that one in later handlers:
>   
>     my $user = $r->notes->get('myAuthenUser');
>   
> 
> 2. Used Components and their Configuration:
> 
> *** mod_perl version 2.000004
> 
> *** using 
> /usr/lib/perl5/vendor_perl/5.10.0/i586-linux-thread-multi/Apache2/BuildConfig.pm
> 
> *** Makefile.PL options:
>   MP_APR_LIB     => aprext
>   MP_APXS        => /usr/sbin/apxs2
>   MP_CCOPTS      => -march=i586 -mtune=i686 -fmessage-length=0 -O2 -Wall 
> -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables 
> -fasynchronous-unwind-tables -g -fPIC -Wall -fno-strict-aliasing 
> -DLDAP_DEPRECATED
>   MP_COMPAT_1X   => 1
>   MP_GENERATE_XS => 1
>   MP_LIBNAME     => mod_perl
>   MP_USE_DSO     => 1
> 
> 
> *** The httpd binary was not found
> 
>   .. but "httpd2 -V" tells:
>   
>      Server version: Apache/2.2.10 (Linux/SUSE)
>      Server built:   Feb 23 2009 21:11:31
>      Server's Module Magic Number: 20051115:18
>      Server loaded:  APR 1.3.3, APR-Util 1.3.4
>      Compiled using: APR 1.3.3, APR-Util 1.3.4
>      Architecture:   32-bit
>      Server MPM:     Prefork
>        threaded:     no
>          forked:     yes (variable process count)
>      Server compiled with....
>       -D APACHE_MPM_DIR="server/mpm/prefork"
>       -D APR_HAS_SENDFILE
>       -D APR_HAS_MMAP
>       -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
>       -D APR_USE_SYSVSEM_SERIALIZE
>       -D APR_USE_PTHREAD_SERIALIZE
>       -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
>       -D APR_HAS_OTHER_CHILD
>       -D AP_HAVE_RELIABLE_PIPED_LOGS
>       -D DYNAMIC_MODULE_LIMIT=128
>       -D HTTPD_ROOT="/srv/www"
>       -D SUEXEC_BIN="/usr/sbin/suexec2"
>       -D DEFAULT_PIDLOG="/var/run/httpd2.pid"
>       -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
>       -D DEFAULT_LOCKFILE="/var/run/accept.lock"
>       -D DEFAULT_ERRORLOG="/var/log/apache2/error_log"
>       -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
>       -D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf"
> 
> 
> *** (apr|apu)-config linking info
> 
> (apr|apu)-config scripts were not found
> 
> 
> 
> *** /usr/bin/perl -V
> Summary of my perl5 (revision 5 version 10 subversion 0) configuration:
>   Platform:
>     osname=linux, osvers=2.6.27, archname=i586-linux-thread-multi
>     uname='linux eisler 2.6.27 #1 smp 2009-02-09 15:38:31 +0100 i686 athlon 
> i386 gnulinux '
>     config_args='-ds -e -Dprefix=/usr -Dvendorprefix=/usr -Dinstallusrbinperl 
> -Dusethreads -Di_db -Di_dbm -Di_ndbm -Di_gdbm -Duseshrplib=true 
> -Doptimize=-march=i586 -mtune=i686 -fmessage-length=0 -O2 -Wall 
> -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables 
> -fasynchronous-unwind-tables -g -Wall -pipe -Accflags=-DPERL_USE_SAFE_PUTENV'
>     hint=recommended, useposix=true, d_sigaction=define
>     useithreads=define, usemultiplicity=define
>     useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
>     use64bitint=undef, use64bitall=undef, uselongdouble=undef
>     usemymalloc=n, bincompat5005=undef
>   Compiler:
>     cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DPERL_USE_SAFE_PUTENV 
> -DDEBUGGING -fno-strict-aliasing -pipe -D_LARGEFILE_SOURCE 
> -D_FILE_OFFSET_BITS=64',
>     optimize='-march=i586 -mtune=i686 -fmessage-length=0 -O2 -Wall 
> -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables 
> -fasynchronous-unwind-tables -g -Wall -pipe',
>     cppflags='-D_REENTRANT -D_GNU_SOURCE -DPERL_USE_SAFE_PUTENV -DDEBUGGING 
> -fno-strict-aliasing -pipe'
>     ccversion='', gccversion='4.3.2 [gcc-4_3-branch revision 141291]', 
> gccosandvers=''
>     intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
>     d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
>     ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', 
> lseeksize=8
>     alignbytes=4, prototype=define
>   Linker and Libraries:
>     ld='cc', ldflags =''
>     libpth=/lib /usr/lib /usr/local/lib
>     libs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
>     perllibs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
>     libc=/lib/libc-2.9.so, so=so, useshrplib=true, libperl=libperl.so
>     gnulibc_version='2.9'
>   Dynamic Linking:
>     dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E 
> -Wl,-rpath,/usr/lib/perl5/5.10.0/i586-linux-thread-multi/CORE'
>     cccdlflags='-fPIC', lddlflags='-shared -march=i586 -mtune=i686 
> -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector 
> -funwind-tables -fasynchronous-unwind-tables -g -Wall -pipe'
> 
> 
> Characteristics of this binary (from libperl):
>   Compile-time options: DEBUGGING MULTIPLICITY PERL_DONT_CREATE_GVSV
>                         PERL_IMPLICIT_CONTEXT PERL_MALLOC_WRAP
>                         PERL_TRACK_MEMPOOL PERL_USE_SAFE_PUTENV USE_ITHREADS
>                         USE_LARGE_FILES USE_PERLIO USE_REENTRANT_API
>   Built under linux
>   Compiled at Feb 21 2009 07:14:55
>   %ENV:
>     PERL_LWP_USE_HTTP_10="1"
>   @INC:
>     /usr/lib/perl5/5.10.0/i586-linux-thread-multi
>     /usr/lib/perl5/5.10.0
>     /usr/lib/perl5/site_perl/5.10.0/i586-linux-thread-multi
>     /usr/lib/perl5/site_perl/5.10.0
>     /usr/lib/perl5/vendor_perl/5.10.0/i586-linux-thread-multi
>     /usr/lib/perl5/vendor_perl/5.10.0
>     /usr/lib/perl5/vendor_perl
>     .
> 
> *** Packages of interest status:
> 
> Apache2            : -
> Apache2::Request   : -
> CGI                : 3.29
> ExtUtils::MakeMaker: 6.42
> LWP                : 5.816
> mod_perl           : -
> mod_perl2          : 2.000004
> 
> 
> 3. This is the core dump trace: (if you get a core dump):
> 
>   got no core dump
> 
> This report was generated by /usr/bin/mp2bug on Wed Dec 22 06:49:14 2010 GMT.
> 
> *** Other environment information (manual addition)
> 
>   Linux: SuSE Linux Enterprise Server 11, PL0
> 
>   rpm -qa | grep php:
>      apache2-mod_php5-5.2.6-50.17
>      php5-5.2.6-50.17
>      php5-zlib-5.2.6-50.17
>      php5-iconv-5.2.6-50.17
>      php5-xmlreader-5.2.6-50.17
>      php5-pear-log-1.9.11-24.28
>      php5-mcrypt-5.2.6-50.17
>      php5-tokenizer-5.2.6-50.17
>      php5-mbstring-5.2.6-50.17
>      php5-gd-5.2.6-50.17
>      php5-odbc-5.2.6-50.17
>      php5-ncurses-5.2.6-50.17
>      php5-sqlite-5.2.6-50.17
>      php5-curl-5.2.6-50.17
>      php5-pdo-5.2.6-50.17
>      php5-json-5.2.6-50.17
>      php5-dom-5.2.6-50.17
>      php5-mysql-5.2.6-50.17
>      php5-pear-5.2.12-5.1
>      php5-devel-5.2.6-50.17
>      php5-openssl-5.2.6-50.17
>      php5-ctype-5.2.6-50.17
>      php5-ldap-5.2.6-50.17
>      php5-xmlwriter-5.2.6-50.17
>      php5-hash-5.2.6-50.17
>      php5-APC-3.1.3-1.1
> 
>   rpm -qa | grep apache2:
>      apache2-utils-2.2.10-2.18
>      apache2-2.2.10-2.18
>      apache2-example-pages-2.2.10-2.18
>      apache2-mod_php5-5.2.6-50.17
>      apache2-mod_auth_kerb-5.4-7.1
>      apache2-prefork-2.2.10-2.18
>      apache2-worker-2.2.10-2.18
>      apache2-doc-2.2.10-2.18
>      apache2-mod_python-3.3.1-147.19
>      apache2-mod_jk-1.2.26-1.29
>      apache2-mod_perl-2.0.4-40.19
> 
> 
> 4. Source-snippets:
> 
> *** ./htdocs/index.php
> <?php
> print("Hello world! From php (REMOTE_USER: \"" . $_SERVER['REMOTE_USER'] . 
> "\")");
> ?>
> 
> 
> *** ./mp2/MyApache2/MyAuthenHandler.pm
>   [...]
> sub handler {
>         my $r = shift;
>         my $logger = $r->log;
> 
>         $logger->info('Start Authentication');
> 
>         $r->ap_auth_type('Session');
>         $r->user('JonDoe');
> 
>         $logger->info("Session started for user: '" . $r->user() . "'");
>         return Apache2::Const::OK;
> }
>   [...]
> 
> 
> *** ./mp2/MyApache2/MyResponseHandler.pm
>   [...]
> sub handler {
>         my $r = shift;
> 
>         $r->print("Hello world! From mod_perl (Request-User: \"" . $r->user() 
> . "\")");
> 
>         return Apache2::Const::OK;
> }
>   [...]
> 
> 
> *** ./mp2/MyApache2/MyOutputFilter.pm
>   [...]
> use base qw(Apache2::Filter);
> 
> sub handler : FilterRequestHandler {
>         my $f = shift;
> 
>         my $r = $f->r;
>         my $logger = $r->log;
> 
>         $logger->error("OutputFilter: user = \"" . $r->user() . "\"");
> 
>         return Apache2::Const::DECLINED;
> }
>   [...]
> 
> 
> *** /etc/apache2/vhosts/bug.conf
> <VirtualHost *:80>
>   [...]
>   php_value include_path ".:/usr/share/php5:/usr/share/php5/PEAR"
>   <Perl>
>     use lib qw#/srv/www/bug/mp2#;
>   </Perl>
> 
>   <Directory /srv/www/bug/htdocs>
>     AddType text/html .php
>     PerlAuthenHandler MyApache2::MyAuthenHandler
>     PerlOutputFilterHandler MyApache2::MyOutputFilter
> 
>     Allow from all
>     AuthType MyAuthType
>     AuthName "Secret Area"
>     require valid-user
> 
> #    SetHandler modperl
> #    PerlResponseHandler MyApache2::MyResponseHandler
>   </Directory>
> </VirtualHost>
> 
-- 
gpg --keyserver pgp.mit.edu --recv-key 092164A7
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7

Attachment: signature.asc
Description: Ceci est une partie de message numériquement signée

Reply via email to