Nicolas Lehuen wrote ..
> Just as a note, I'm still struggling with Apache 2.2 to make the test suite
> run with the latest svn version (everything seems OK with Apache 2.0.55).
>
> I still have a problem while testing req.auth_type(). It looks like the
> authentication system was changed in Apache 2.2, and that the current test
> framework does not configure it correctly.
>
> If I understood the new framework correctly, the authentication is handled
> by three different layers, in which you can select whatever implementation
> you want.
>
> The first layer is the authentication method, for now you can choose the
> Basic (mod_auth_basic.c) or the Digest (mod_auth_digest.c) method.
>
> The second layer is the authentication database, which is used to
> authenticate the credentials provided by the authentication method against
> a
> database. There are different mod_authn_* modules for different database
> storage, for instance mod_authn_file for flat file storage and mod_authn_dbm
> for DBM file storage.
>
> The last layer is the authorization database, which is used to check whether
> the given authenticated user may access the request resource. There are
> different mod_authz_* modules for different database storage, too.
>
> The current problem is that the test suite does not configure correctly
> the
> authentication framework. Either I get a 500 error because the
> authentication database is not properly configured, hence causing the
> "configuration error: couldn't check access. No groups file?" in the
> error
> log, or if I set up properly the authn and authz modules (adding directives
> to load mod_authn_default and mod_authz_default in test.py line 338) then
> I
> get a 401 error because the test users are not in the database.
>
> The best thing I guess would be to disable authentication & authorisation
> entirely because it seems that Apache 2.2 is hijacking the entire
> authn/authz process, even when mod_python tries to do it itself.
>
> I tried playing with the AuthBasicAuthoritative directive, even mimicking
> in
> test_req_auth_type_conf() the same condition that was put in
> test_req_requires_conf(). Unfortunately this doesn't lead me anywhere.
>
> What I don't understand is why the problem is only showing on Win32 and
> Jim's platform. Is it really OK on other platforms ?
>
> Any thoughts on this problem ?
I had a look at this a while back and couldn't work out why it would be
failing. I at least have no problems on Mac OS X. In looking through
again, one thought was to ask whether you tried it with both the new
module importer and old and got the same results. The original error
messages you posted indicated it was with new importer.
[Wed Mar 22 07:16:03 2006] [warn] mod_python
(pid=5140,interpreter='test_req_auth_type'): Module directory listed
in "sys.path". This may cause problems. Please check code. Code file
being imported is "C:\\projets\\mod_python\\test\\htdocs\\tests.py".
[Wed Mar 22 07:16:03 2006] [notice] mod_python
(pid=5140,interpreter='test_req_auth_type'): Importing module
'C:\\projets\\mod_python\\test\\htdocs\\tests.py'
[Wed Mar 22 07:16:03 2006] [crit] [client 127.0.0.1] configuration
error: couldn't check access. No groups file?: /tests.py
[Wed Mar 22 07:16:03 2006] [error] [client 127.0.0.1] No Authn
provider configured
Can you also augment the req_auth_type() in test/htdocs/tests.py
with some calls to req.log_error() to capture whether the function
is in fact being called and what path through the function it goes
through. Ie.,
def req_auth_type(req):
req.log_error("req_auth_type()")
req.log_error("phase=%s" % req.phase)
if (req.phase == "PythonAuthenHandler"):
if req.auth_type() != "dummy":
req.log_error("auth_type check failed")
req.write("test failed")
return apache.DONE
if req.auth_name() != "blah":
req.log_error("auth_name check failed")
req.write("test failed")
return apache.DONE
req.log_error("set user/ap_auth_type")
req.user = "dummy"
req.ap_auth_type = req.auth_type()
else:
if req.ap_auth_type != "dummy":
req.log_error("ap_auth_type check failed")
req.write("test failed")
return apache.OK
if req.user != "dummy":
req.log_error("user check failed")
req.write("test failed")
return apache.OK
req.log_error("return test ok")
req.write("test ok")
return apache.OK
I would expect to see in the tests/logs/error_log file:
[Thu Apr 13 11:09:37 2006] [error] [client 127.0.0.1] req_auth_type()
[Thu Apr 13 11:09:37 2006] [error] [client 127.0.0.1] phase=PythonAuthenHandler
[Thu Apr 13 11:09:37 2006] [error] [client 127.0.0.1] set user/ap_auth_type
[Thu Apr 13 11:09:37 2006] [error] [client 127.0.0.1] req_auth_type()
[Thu Apr 13 11:09:37 2006] [error] [client 127.0.0.1] phase=PythonHandler
[Thu Apr 13 11:09:37 2006] [error] [client 127.0.0.1] return test ok
What is interesting now is that when doing that, I note that on Mac OS X
there are some worrying error messages which follow that:
[Thu Apr 13 11:09:37 2006] [error] Internal error: pcfg_openfile() called with
NULL filename
[Thu Apr 13 11:09:37 2006] [error] [client 127.0.0.1] (9)Bad file descriptor:
Could not open password file: (null)
A bit of checking though suggests that that is from test_req_requires.
I'll dig into these latter errors, maybe they might help to uncover
something.
Graham
