I had a reason to remove a module's check_user function registration just like you did, but wasn't ever able to find a way to do so. What I ended up having to do is much as described, by running that phase twice, under the control of my own module's code. You may need to trap some instances of the 403 condition, do some additional checking, modify your circumstances, then re-do the operation that originally resulted in the 403.
Thanks, Rick Houser Auto-Owners Insurance Systems Support (517)703-2580 -----Original Message----- From: Ben Davies [mailto:bdav...@stickyeyes.com] Sent: Wednesday, July 22, 2009 8:28 AM To: modules-dev@httpd.apache.org Subject: RE: Dynamicly insert 'require' into request > One solution would be to set a note for your hook in an earlier stage, > and then return DECLINED from your handler when you detect that note. Ah, but from what I can work out, before the check_user() hook fires, the 403 is sent to the client because of the presence of the require. I can't have the check_user() hook return DECLINED because its too late: the 403 has been sent back automatically. But additionally, I can't return DECLINED from the access() hook (which fires before the check_user() hook) because if the resource requested is publicly accessible, then the access() hook should return OK :) So, to me, the only solution is: In the access() hook, if the resource is NOT publicly accessible, return OK. This will make apache recognise the require directive, return a 403, and then fire the check_user() and auth() hooks. If the resource IS publicly available, I need to somehow remove the require directive from the request, and then return OK from the access() hook. This means that the 403 won't be returns (as there is no require directive set anymore) which means no authentication (check_user()) hook is fired and subsequently no authorization (auth()) hook either. >From what I can make out, this is how Apache would handle the process. No to see if I can actually modify the request->requires array, and if so, if that will affect the request processing after exiting the access() hook so that the 403 and the check_user() and auth() hooks don't fire. Fun fun fun! Can someone with a deeper knowledge of Apache than me comment if this sounds like crazy talk? Have I made a massive assumption regarding the returning of the 403 header before check_user(), for example? Cheers! Ben -----Original Message----- From: Tom Evans [mailto:tevans...@googlemail.com] Sent: 22 July 2009 12:24 To: modules-dev@httpd.apache.org Subject: RE: Dynamicly insert 'require' into request On Wed, 2009-07-22 at 10:43 +0100, Ben Davies wrote: > Okay, so upon further inspection, it appears that there may not be an > equivalent function for mod_perls set_handlers(). > > This leads me to a problem: how do I "turn off" a hook, especially, as > the > check_user() hook expects the r->user property to contain the > username, meaning that the sending of a 403 happens before the > check_user() hook is called. Whatever it is I need to do, I need to do in the access() hook. > > I was hoping it might be something as simple as removing my require > entry from the require array. Has anyone had any experience with this? > If so, could you comment on techniques? > > Cheers, > > Ben > One solution would be to set a note for your hook in an earlier stage, and then return DECLINED from your handler when you detect that note. There may be a better way :) Cheers Tom