RE: ModPerl - CGI in the same request phase

[csebe]

Hi,

I'm in the happy position of finding myself a solution to my problem. Here
it is for anyone interested ...

PerlModule MyModules::Module1

SetHandler perl-script
PerlHandler MyModules::Module1
PerlSendHeader Off


PerlModule Apache::PerlRun

SetHandler perl-script
PerlHandler MyModules::Module1 Apache::PerlRun
Options +ExecCGI


And then, inside my handler, when I decide the users are alowed to run
scripts from the /admin directory I let them through by returning DECLINE,
if not I print an error page and return DONE to skip the second handler in
this phase.

Thanks anyway,

Lian Sebe, M.Sc.
Freelance Analyst-Programmer
www.programEz.net

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, August 06, 2003 2:33 PM
> To: [EMAIL PROTECTED]
> Subject: ModPerl - CGI in the same request phase
>
>
> Hi again everybody,
>
> I have the following interesting (I hope ;-) requirement. Sorry for this
> rather long posting.
> (mod_perl 1, Apache 1.3.27)
>
> I have a custom authentication & authorization handler of mine
> which is the
> king in a protected directory (and its subdirectories):
>
> PerlModule MyModules::Module1
> 
> SetHandler perl-script
> PerlHandler MyModules::Module1
> PerlSendHeader Off
> 
>
> Then, for some users that I authenticate as SuperUsers, I should allow the
> execution of the administrative .cgi scripts in a subdir of this
> dir(/usr/local/apache1/ssl/protected/admin).
>
> (One solution would be to integrate the cgi-s logic into my handler but
> let's say want to leave them as simple CGI scripts.)
>
> I tried to use the Apache::PerlRun in the subdir like this:
> PerlModule Apache::PerlRun
> 
> SetHandler perl-script
> PerlHandler Apache::PerlRun
> PerlSendHeader On
> Options ExecCGI
> 
>
> I tried also:
> 
> SetHandler cgi-script
> Options +ExecCGI
> 
>
> The problem is it allows anybody to execute the cgi's since it's not going
> through my handler anymore (a "warn ..." statement inserted in my handler
> shows it's not executed when requesting /protected/admin/* files.)
>
> More generally: "how can I dynamically change a directory's handler during
> the same phase"
>
> I was thinking about using dynamic stacked handlers, something
> like: if the
> user is allowed in the admin section, my handler should push the
> cgi-script
> handler in the line of execution. However, the documentation says about
> stacking more custom created handlers and not those coming with Apache so
> I'm not sure how to do it.
>
> Thanks for your time,
>
> Lian Sebe, M.Sc.
> Freelance Analyst-Programmer
> www.programEz.net
>

ModPerl - CGI in the same request phase

[csebe]

Hi again everybody,

I have the following interesting (I hope ;-) requirement. Sorry for this
rather long posting.
(mod_perl 1, Apache 1.3.27)

I have a custom authentication & authorization handler of mine which is the
king in a protected directory (and its subdirectories):

PerlModule MyModules::Module1

SetHandler perl-script
PerlHandler MyModules::Module1
PerlSendHeader Off


Then, for some users that I authenticate as SuperUsers, I should allow the
execution of the administrative .cgi scripts in a subdir of this
dir(/usr/local/apache1/ssl/protected/admin).

(One solution would be to integrate the cgi-s logic into my handler but
let's say want to leave them as simple CGI scripts.)

I tried to use the Apache::PerlRun in the subdir like this:
PerlModule Apache::PerlRun

SetHandler perl-script
PerlHandler Apache::PerlRun
PerlSendHeader On
Options ExecCGI


I tried also:

SetHandler cgi-script
Options +ExecCGI


The problem is it allows anybody to execute the cgi's since it's not going
through my handler anymore (a "warn ..." statement inserted in my handler
shows it's not executed when requesting /protected/admin/* files.)

More generally: "how can I dynamically change a directory's handler during
the same phase"

I was thinking about using dynamic stacked handlers, something like: if the
user is allowed in the admin section, my handler should push the cgi-script
handler in the line of execution. However, the documentation says about
stacking more custom created handlers and not those coming with Apache so
I'm not sure how to do it.

Thanks for your time,

Lian Sebe, M.Sc.
Freelance Analyst-Programmer
www.programEz.net