Re: [OT] what drives Amazon?
There were a lot or perl coders when I was there for a short consulting gig. Wonder if any of my perl code still survives... -Todd On Sun, 16 Jun 2002, F. Xavier Noria wrote: > Does anybody know which is the technology behind Amazon? > > -- fxn >
Re: Setting require in Authentication handler?
On Mon, 20 May 2002, Geoffrey Young wrote: > > > Todd Chapman wrote: > > > That makes sense. I can't use mod_auth because I can't set Require. > > > well, if you're saying that you don't have the ability to set the Require directive >at all > (as in you don't have access to edit httpd.conf), then you can't run any >authentication > handler - mod_auth, mod_perl, or otherwise. Apache core requires the Require >directive to > be set to something before it will even try to run the authen/authz phases of the >request. > > so, you may be out of luck and need to resort to the CGI tricks of yore where >everything > is clumped in the content-generation phase (and of which I'm not that familiar). I can set Require, but I will have to ignore it's value since the realm, password file, and require are decided based on the URI. > > > I'm > > using Basic authentication and text based password files. Unfortunately, I > > can't find an Apache::Auth* module that handles basic authentication > > against text files. Did I miss it somewhere? > > > I'm not sure, but it may not exist for the reason I stated eariler about mod_perl >not > duplicating default Apache behavior. IIRC, there is one that authenticates against > /etc/passwd, so maybe you can use that as an example of flat file based processing. > > in general, though, the steps are pretty much the same no matter which >authentication > method you choose. see > >http://www.modperlcookbook.org/code/ch13/Cookbook/Authenticate.pm > > for an example - all you need to do is replace the authenticate_user() subroutine >with > calls that validate the user based on your own criteria. > Thanks. Sounds like we need an Apache::AuthBasicFile since mod_auth doesn't allow Require to be set dynamically. -Todd > HTH > > --Geoff > > > >
Re: Setting require in Authentication handler?
That makes sense. I can't use mod_auth because I can't set Require. I'm using Basic authentication and text based password files. Unfortunately, I can't find an Apache::Auth* module that handles basic authentication against text files. Did I miss it somewhere? Thanks. -Todd On Mon, 20 May 2002, Geoffrey Young wrote: > > > > Does the cookbook have a code sample of checking the password for > > basic authentication? > > > well, not via .htpasswd files, no. in general, it doesn't make much sense to use >mod_perl > to duplicate the same things that Apache already does for you, since the Apache code >is > faster, has had more eyeballs looking at it for longer, etc. in that sense you >wouldn't > want to write your own routine to just check a flat file. where mod_perl really >shines > wrt authentication is with all the other things Perl does well, such as using DBI to > authenticate against a database, or working with other schemes like SMB or Radius - >see > the 25+ Apache::Auth* modules on CPAN for just about anything you could think of. > > however, we do describe how to use the mod_perl API to interact with Apache the same >way > mod_auth does using $r->get_basic_auth_pw() and $r->not_basic_auth_failure() in a >few > different ways. you will also find those two methods in the eagle book if you have >it. > > make sense? > > --Geoff > > >
Re: Setting require in Authentication handler?
I need to decide who has access based on the URI. I guess this means I can't use Apache's Basic auth module, since I can't dynamically set require. Does the cookbook have a code sample of checking the password for basic authentication? -Todd On Mon, 20 May 2002, Geoffrey Young wrote: > > > Todd Chapman wrote: > > > Can dir_config be used to set 'require' in an authentication handler? > > > no. dir_config() provides access to a mod_perl specific table of variables, not >generic > Apache configuration directives. > > there is no API for setting the Require directive - it needs to be in your >httpd.conf. > > > > I would then return DECLINED do that Apache's Basic auth handler would do > > the heavy lifting of checking the password. > > if you're looking to do conditional authentication what you really need to do is a >bit > backward - turn on all authentication hooks using the Require directive then use >your > handler to return OK when you don't want Apache to check the password. See recipe >13.5 in > the cookbook for more information. > > the "Satisfy any" Apache directive may be able to help as well if you're using >host-based > criteria to determine whether you want to require a login. > > HTH > > --Geoff >
Setting require in Authentication handler?
Can dir_config be used to set 'require' in an authentication handler? I would then return DECLINED do that Apache's Basic auth handler would do the heavy lifting of checking the password. Thanks! -Todd
Re: Remembering Authentication
What if the user added his username and password to the URL? If they are valid the application could add those parameters to all links/form actions, but the plaintext password would be replaced with some parameter that would be good for the next access and expire after a specified period of time. The inital URL could be generated from a fill-out form. -Todd On Tue, 17 Oct 2000, John Saylor wrote: > Hi > > - Original Message - > From: "Ian Frawley" <[EMAIL PROTECTED]> > > > > Is it not just possible through a perl module as I am not very clued > up on > > digital certificates. > > Well, you have to have some credentials- and if it's not a cookie [bad > idea anyway], and if it's not a username/password- what would it be? > > You could have IP address based authentication, but this is probably > more prone to misconfiguration and forgery than digital certificates. > > How important is access control to your application? In other words, > where is the line on how much effort you [and your users] are going to > put into security at the expense of convenience? > > \js >
Re: Bugs database?
Gotcha. And the reason I don't call $r->get_basic_auth_pw() is I can't
live on the CVS edge.
[Quoting conversation from a few weeks ago]
> my ($res,$password) = $r->get_basic_auth_pw;
this will core dump if AuthName is not set in the configuration file.
not with the current cvs though, see previous message.
>$r->note_basic_auth_failure;
this won't work right unless you've set $r->auth_name($val)
Thanks for your help.
-Todd
On Fri, 13 Oct 2000, Doug MacEachern wrote:
> On Tue, 10 Oct 2000, Todd Chapman wrote:
>
> >
> > Is there a mod_perl bugs database? I am having a problem and I want to
> > make sure it isn't a bug in mod_perl that's fixed in a recent release.
>
> known bugs are listed in the ToDo file.
>
> > P.S. The bug is that $r->connection->user() is not set when I return OK
> > from my PerlAuthenHandler. I have to set it manually. Why would that be?
>
> it's not a bug, it's because you're not calling $r->get_basic_auth_pw(),
> which you should do instead of this:
>
> > my $authen = new HTTPD::Authen::Basic();
> > my @info = $authen->parse($r->header_in('Authorization'));
>
> otherwise, you need to set $r->connection->user yourself.
>
Bugs database?
Is there a mod_perl bugs database? I am having a problem and I want to
make sure it isn't a bug in mod_perl that's fixed in a recent release.
Thanks.
-Todd
P.S. The bug is that $r->connection->user() is not set when I return OK
from my PerlAuthenHandler. I have to set it manually. Why would that be?
package Apache::CheckPass;
## Usage: PerlAuthenHandler Apache::CheckPass
use strict;
use Apache::Constants qw(:common);
sub handler {
my $r = shift;
$r->notes('CheckPass' => 'Ran!');
my $authen = new HTTPD::Authen::Basic();
my @info = $authen->parse($r->header_in('Authorization'));
$r->notes('USERNAME' => $info[0]);
$r->notes('AUTH' => 1);
#return OK if checkpass($r->notes('REALM'), @info);
if (checkpass($r->notes('REALM'), @info)) {
$r->notes('CheckPass' => 'Verified!');
$r->connection->user($info[0]);
return OK;
}
$r->auth_name($r->notes('REALM'));
$r->note_basic_auth_failure;
return AUTH_REQUIRED;
}
sub checkpass {
my $realm = shift;
my $username = shift;
my $password = shift;
my $db = HTTPD::RealmManager->open(-realm => $realm,
-config_file => '/etc/httpd/conf/realms.conf',
-writable => 0,
-server => 'apache');
return $db->passwd(-user=>$username,-password=>$password);
}
1;
How late can $r->filename be set?
Can I set $r->filename at the end of an PerlAuthzhandler? Thanks. -Todd
Problem configuring handler in httpd.conf.
I am trying to set up httpd.conf so that documents in /home/httpd/html/mason are handled by HTML::Mason but documents in /home/httpd/html/mason/perl are handled by Apache::Registry. The problems in that while Mason works, the Apache::Registry cgi programs are getting dumped as plain text instead of executed. If it matters, I am changing $r->filename in my PerlAuthzHandler. Here is the section from httpd.conf: Alias /mason /home/httpd/html/mason Perlrequire /etc/httpd/conf/handler.pl SetHandler perl-script PerlHandler Apache::Registry PerlSendHeader On Options +ExecCGI PerlHeaderParserHandler Apache::SetRealm AuthType Basic PerlAuthenHandler Apache::CheckPass PerlAuthzHandler Apache::CheckAccess require valid-user SetHandler perl-script PerlHandler HTML::Mason Thanks for any help. -Todd
Re: Third post. PLease help. PerlHandler configuration question.
Thanks. It seems like I would want to write a PerlTransHandler. However I don't want to change the filename until after the authorization phase. Can I change the uri to filename mapping at the end of the authorization phase but before the content handler phase? Thanks. -Todd On Mon, 9 Oct 2000, Tom Brown wrote: > > > > I am servicing requests from a virtual document tree. Most of the time I > > want the request to be serviced by a PerlHandler module I wrote. However, > > if the requested filename is 'cgifile' I would rather have > > Apache::Registry handle the request, but since this is a virtual document > > tree the CGI program 'cgifile' is located in a real directory somewhere > > else. > > > > 1. How would I configure this behavior? > > mod_rewrite, or write your own URL -> file mapping utility that ties into > an early request phase > > > > > 2. Would I have to locate 'cgifile' in the document tree or could it be > > located anywhere accessible by the httpd process? > > anywhere... > > > > > Thanks! > > > > -Todd > > > > > > > > -- > [EMAIL PROTECTED] | Drive thy business, or it will drive thee. > http://BareMetal.com/ | - Benjamin Franklin > web hosting since '95 | >
Re: Third post. PLease help. PerlHandler configuration question.
That only solves half the problem. Since it is a virtual directory, how will Apache::Registry know where 'cgifile' really exists so it can run it? For example: http://www.mydoamin.com/dirA/dirB/cgifile dirA and dirB don't really exist. If 'cgifile' is stored somewhere else how will Apache::Registry know where to find it? Thanks. -Todd On Mon, 9 Oct 2000, Richard Dice wrote: > Todd: > > This seems fairly straightforward. Have you not just tried: > > >SetHandler perl-script >PerlHandler Apache::Registry > > > ? > > Just because it's in a virtual directory, it's a virtual URI/URL, etc., > doesn't mean that Location isn't the correct directive. "Location" > means a match on the URI requested by the web client. I just put > a pattern match in there saying "if the requested URI ends with 'cgifile', > then handle with Apache::Registry". > > This isn't a perfect location matching pattern, as this will work also on >http://www.yourdomain.com/thisisnotacgifile > but I can leave it to you to spruce it up. Maybe try > > ? > > (I know that would work with Perl, but the Apache pattern matching > engine might not work exactly the same in this circumstance.) > > If I misunderstood your problem, I'm sorry for not having read closer, > confused you, etc. :-) > > Cheers, > Richard > > Todd Chapman wrote: > > > > I need to get this problem solved for a project I am working on. Any help > > is appreciated. > > > > Thanks. > > > > -Todd > > > > -- Forwarded message -- > > > > I am servicing requests from a virtual document tree. Most of the time I > > want the request to be serviced by a PerlHandler module I wrote. However, > > if the requested filename is 'cgifile' I would rather have > > Apache::Registry handle the request, but since this is a virtual document > > tree the CGI program 'cgifile' is located in a real directory somewhere > > else. > > > > 1. How would I configure this behavior? > > > > 2. Would I have to locate 'cgifile' in the document tree or could it be > > located anywhere accessible by the httpd process? > > > > Thanks! > > > > -Todd > > -- > > Richard Dice * Personal 514 816 9568 * Fax 514 816 9569 > ShadNet Creator * http://shadnet.shad.ca/ * [EMAIL PROTECTED] > Occasional Writer, HotWired * http://www.hotwired.com/webmonkey/ > "squeeze the world 'til it's small enough to join us heel to toe" > - jesus jones >
Third post. PLease help. PerlHandler configuration question.
I need to get this problem solved for a project I am working on. Any help is appreciated. Thanks. -Todd -- Forwarded message -- I am servicing requests from a virtual document tree. Most of the time I want the request to be serviced by a PerlHandler module I wrote. However, if the requested filename is 'cgifile' I would rather have Apache::Registry handle the request, but since this is a virtual document tree the CGI program 'cgifile' is located in a real directory somewhere else. 1. How would I configure this behavior? 2. Would I have to locate 'cgifile' in the document tree or could it be located anywhere accessible by the httpd process? Thanks! -Todd
PerlHandler configuration question.
I am servicing requests from a virtual document tree. Most of the time I want the request to be serviced by a PerlHandler module I wrote. However, if the requested filename is 'cgifile' I would rather have Apache::Registry handle the request, but since this is a virtual document tree the CGI program 'cgifile' is located in a real directory somewhere else. 1. How would I configure this behavior? 2. Would I have to locate 'cgifile' in the document tree or could it be located anywhere accessible by the httpd process? Thanks! -Todd
PerlHandler configuration question.
I am servicing requests from a virtual document tree. Most of the time I want the request to be serviced by a PerlHandler module I wrote. However, if the requested filename is 'cgifile' I would rather have Apache::Registry handle the request, but since this is a virtual document tree the CGI program 'cgifile' is located in a real directory somewhere else. 1. How would I configure this behavior? 2. Would I have to locate 'cgifile' in the document tree or could it be located anywhere accessible by the httpd process? Thanks! -Todd
$r->path_info() bug?
When I request the following URL with netscape:
http://www.mydomain.com/mason_root/subdir/B/9/abc
The request is handled by a dhandler in /mason_root/subdir
Here is the dhandler:
Test
This is a test.
Path_info: <% $r->path_info() %>
<%init>
$r->content_type('text/html');
The problem is that the value of path_info is /9/abc when I expect it to
be B/9/abc.
Is the dhandler being treated as B?
HTML::Mason version 0.88
Thanks.
-Todd
Re: PerlAuthenHandler advice needed.
Duh! Thanks. Now, is there any way to determine the realm the browser thinks it's authentication to? Is the realm stored in the Authorization header or any other headers? -Todd On Thu, 28 Sep 2000, Doug MacEachern wrote: > On Thu, 28 Sep 2000, Todd Chapman wrote: > > > > > Thanks Doug but I (and my customer) don't want to live on the CVS bleeding > > edge right now. Can you suggest something else? > > yeah, add this to httpd.conf: > > AuthType Basic > >
Re: PerlAuthenHandler advice needed.
Thanks Doug but I (and my customer) don't want to live on the CVS bleeding edge right now. Can you suggest something else? Original problem: I need to set the realm for virtual documents based on path_info and use Basic authentication. Otherwise I may have to move to some cooie based authentication but I don't want to do that. -Todd On Thu, 28 Sep 2000, Doug MacEachern wrote: > On Thu, 28 Sep 2000, Todd Chapman wrote: > > > > > Thanks for the help Doug. This is what I have now but all I get is a > > segementation fault in the log. > > > $r->note_basic_auth_failure; > > if AuthType is not set, this will core dump. i just expanded the change > that defaults AuthType to Basic for get_basic_auth_pw to include > note_basic_auth_failure, in the cvs tree. >
Re: PerlAuthenHandler advice needed.
Thanks for the help Doug. This is what I have now but all I get is a
segementation fault in the log.
Any ideas?
-Todd
package Apache::SetRealm;
## Usage: PerlHeaderParserHandler Apache::SetRealm
use strict;
use Apache::Constants qw(:common);
sub handler {
my $r = shift;
# find the name of the realm
# if realm does not exist error
# else see if Auth header set
# if auth header not set return AUTH_REQUIRED
# else return OK
# If Auth header is set a future PerlAuthenHandler will check the
password.
# When that happens we can't use get_basic_auth_info because AuthName is
# not set in the config file. We will have to parse the Auth header manually.
# The realm will be determined from path_info.
return OK if $r->header_in('Authorization');
my $realm = get_realm($r);
# Prompt for authentication info in the proper realm
$r->auth_name($realm);
$r->note_basic_auth_failure;
return AUTH_REQUIRED;
}
sub get_realm {
## Get the AuthName for a specific uri. You can probably read these off of a file
that ## contains a list of uri's and realmNames
my $r = shift;
$r->uri =~ /\/modperl\/(.*)/;
return $1 if $1;
return "Top Level";
}
1;
Re: PerlAuthenHandler advice needed.
Please explain again how to get my AuthHandler called without setting AuthName or AuthType in httpd.conf. Thanks. -Todd On Wed, 27 Sep 2000, Carlos Ramirez wrote: > By choosing to use your custom AuthHandler, you basically override Apache's way of > handling the particular phase, in this case the authentication phase. So you must > handle prompting the user and also checking the password. > > You might want to read the Apache Guide (http://perl.apache.org/) on how to write you > own handler and also the eagle book. > > After reviewing our previous conversation, I think you might need to send > WWW-Authenticate header field in another phase (preferable at the > PerlHeaderParserHandler) before the Authentication phase is called. > > Your PerlHeaderParserHandler can check the $r->uri for any password protected > requests, i.e., if it matches /companyA, you can then set the WWW-Authenticate: Basic > $realm and push it along it's merry way. > > Then your PerlAuthHandler will get the username and password and check it against the > realms' AuthUserFile. Apache will handle the initial prompting for the > username/password. > > Your requirements imply that you will have a file(??) that has a list of UserFiles > for each Realm/path_info so that your authentication handler will know what file to > check against. > > I hope this make sense ;) my coffee is running low... > > -Carlos > > > Todd Chapman wrote: > > > Thanks for the help. I was hoping that Apache would check the password for > > me but this should work. > > > > Now, how do I get Apache to run my PerlAuthenHandler without setting the > > AuthType or AuthName in httpd.conf? > > > > Do I need to do the Authentication in a PerlHandler? > > > > -Todd > > > > On Wed, 27 Sep 2000, Carlos Ramirez wrote: > > > > > 1. Oh, I mis-interpreted your question. I thought you already had a list of > > > virtual directories with the > > > AuthNames defined. > > > > > > You can set the AuthName by sending them in the server response header field: > > > > > > WWW-Authenticate Basic $realm > > > > > > So the first request to /companyA, you AuthHandler will respond with: > > > > > > $r->header_out(WWW-Authenticate => 'Basic $realm); ## Sets Realm field > > > $r->note_basic_auth_failure; ## Prompts for password > > > > > > The when a username and password are supplied i.e. > > > ($ret,$password) = $r->get_basic_auth_pw; > > > > > > where $ret = 1; > > > > > > Then: > > > 1. determine the AuthUserFile > > > 2. use Apache::Htpasswd to check password > > > > > > -Carlos > > > > > > > > > > > > > > > > > > > > > > > > Todd Chapman wrote: > > > > > > > Problems with your suggestion: > > > > > > > > 1. The realm will not be known until I get path_info so > > > > directives will not work. > > > > > > > > 2. How can I get Perl to do the password lookup in the dynamically > > > > selected AuthUserFile? > > > > > > > > Thanks for the help. > > > > > > > > -Todd > > > > > > > > On Wed, 27 Sep 2000, Carlos Ramirez wrote: > > > > > > > > > You can you use Location to specify seperate AuthUserFile's like so: > > > > > > > > > > > > > > > AuthType Basic > > > > > AuthName CompanyA > > > > > AuthUserFile path/to/CompanyAUsersFile > > > > > > > > > > > > > > > > > > > > > > > > > AuthType Basic > > > > > AuthName CompanyN > > > > > AuthUserFile path/to/CompanyNUsersFIle > > > > > > > > > > > > > > > > > > > > Or you can write your own AuthHandler that lookups up AuthName, AuthUserFile > > > > > in a seperate file against the path_info. This will eliminate the need to > > > > > flood you httpd.conf file with a bunch of directives. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Todd Chapman wrote: > > > > > > > > > > > I have read chapter 6 of the modperl book but still don't know how to set > > > > > > up authenification the way I want. I wo
Re: PerlAuthenHandler advice needed.
Thanks for the help. I was hoping that Apache would check the password for me but this should work. Now, how do I get Apache to run my PerlAuthenHandler without setting the AuthType or AuthName in httpd.conf? Do I need to do the Authentication in a PerlHandler? -Todd On Wed, 27 Sep 2000, Carlos Ramirez wrote: > 1. Oh, I mis-interpreted your question. I thought you already had a list of > virtual directories with the > AuthNames defined. > > You can set the AuthName by sending them in the server response header field: > > WWW-Authenticate Basic $realm > > So the first request to /companyA, you AuthHandler will respond with: > > $r->header_out(WWW-Authenticate => 'Basic $realm); ## Sets Realm field > $r->note_basic_auth_failure; ## Prompts for password > > The when a username and password are supplied i.e. > ($ret,$password) = $r->get_basic_auth_pw; > > where $ret = 1; > > Then: > 1. determine the AuthUserFile > 2. use Apache::Htpasswd to check password > > -Carlos > > > > > > > > Todd Chapman wrote: > > > Problems with your suggestion: > > > > 1. The realm will not be known until I get path_info so > > directives will not work. > > > > 2. How can I get Perl to do the password lookup in the dynamically > > selected AuthUserFile? > > > > Thanks for the help. > > > > -Todd > > > > On Wed, 27 Sep 2000, Carlos Ramirez wrote: > > > > > You can you use Location to specify seperate AuthUserFile's like so: > > > > > > > > > AuthType Basic > > > AuthName CompanyA > > > AuthUserFile path/to/CompanyAUsersFile > > > > > > > > > > > > > > > AuthType Basic > > > AuthName CompanyN > > > AuthUserFile path/to/CompanyNUsersFIle > > > > > > > > > > > > Or you can write your own AuthHandler that lookups up AuthName, AuthUserFile > > > in a seperate file against the path_info. This will eliminate the need to > > > flood you httpd.conf file with a bunch of directives. > > > > > > > > > > > > > > > > > > > > > Todd Chapman wrote: > > > > > > > I have read chapter 6 of the modperl book but still don't know how to set > > > > up authenification the way I want. I would like to use Basic > > > > authentification to protect virtual documents. The trick is that I want > > > > to set AuthName and AuthUserFile based on path_info. > > > > > > > > For example: > > > > > > > > http://virtual/companyA/dir1 > > > > > > > > would prompt for a password in the companyA realm and check it against the > > > > appropriate AuthUserFile. > > > > > > > > How do I add this flexibility without reinventing the parts Apache already > > > > does so well? > > > > > > > > Thanks. > > > > > > > > -Todd > > > > > > -- > > > --- > > > Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181 > > > --- > > > - Someday I'll find that peer and reset his connection! > > > > > > > > > > > -- > --- > Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181 > --- > - Someday I'll find that peer and reset his connection! > > >
Re: PerlAuthenHandler advice needed.
Problems with your suggestion: 1. The realm will not be known until I get path_info so directives will not work. 2. How can I get Perl to do the password lookup in the dynamically selected AuthUserFile? Thanks for the help. -Todd On Wed, 27 Sep 2000, Carlos Ramirez wrote: > You can you use Location to specify seperate AuthUserFile's like so: > > > AuthType Basic > AuthName CompanyA > AuthUserFile path/to/CompanyAUsersFile > > > > > AuthType Basic > AuthName CompanyN > AuthUserFile path/to/CompanyNUsersFIle > > > > Or you can write your own AuthHandler that lookups up AuthName, AuthUserFile > in a seperate file against the path_info. This will eliminate the need to > flood you httpd.conf file with a bunch of directives. > > > > > > > Todd Chapman wrote: > > > I have read chapter 6 of the modperl book but still don't know how to set > > up authenification the way I want. I would like to use Basic > > authentification to protect virtual documents. The trick is that I want > > to set AuthName and AuthUserFile based on path_info. > > > > For example: > > > > http://virtual/companyA/dir1 > > > > would prompt for a password in the companyA realm and check it against the > > appropriate AuthUserFile. > > > > How do I add this flexibility without reinventing the parts Apache already > > does so well? > > > > Thanks. > > > > -Todd > > -- > --- > Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181 > --- > - Someday I'll find that peer and reset his connection! > > >
PerlAuthenHandler advice needed.
I have read chapter 6 of the modperl book but still don't know how to set up authenification the way I want. I would like to use Basic authentification to protect virtual documents. The trick is that I want to set AuthName and AuthUserFile based on path_info. For example: http://virtual/companyA/dir1 would prompt for a password in the companyA realm and check it against the appropriate AuthUserFile. How do I add this flexibility without reinventing the parts Apache already does so well? Thanks. -Todd
