Re: Apache, Mod_Perl and Custom Access/Authentication
"Steffers" [EMAIL PROTECTED] writes: Drew wrote: Well, it's the end of a long day on a long week - does that get me off the hook? Note to self: double check your memory next time. :-) yup, its been a long long week alright. On the downside, i +still+ cant get the cookies to work, although after faking a session via telnet it seems to work jst fine. Set-Cookie and everything. It +seems+ to be setting the cookie, but Apache is claiming that the browser doesnt like them (and yes, i have double checked that cookies are enabled on our netscape clients ;). I think its probably something to do with the layout of the servers dirctories. FeH! When dealing with cookie problems, it can be helpful to use a 'HTTP protocol sniffer'. You configure your browser to use the sniffer as a proxy, which will be sitting between the server and The client and allows you to 'listen in' on the HTTP conversation. There are probably a lot of tools that can do this, I have used wsnitch which has a nice GTK-based UI, and a perl script (webproxy.pl) made by Randal Schwartz. -- Vegard Vesterheim : Phone: +47 73593002 Runit AS: Fax: +47 73591700 N-7034 Trondheim, NORWAY: Email: [EMAIL PROTECTED]
Re: Apache, Mod_Perl and Custom Access/Authentication
Steffers wrote: On the downside, i +still+ cant get the cookies to work, although after faking a session via telnet it seems to work jst fine. Set-Cookie and everything. It +seems+ to be setting the cookie, but Apache is claiming that the browser doesnt like them (and yes, i have double checked that cookies are enabled on our netscape clients ;). I think its probably something to do with the layout of the servers dirctories. FeH! One last thing: have you checked the path being sent with the cookie? I always use '/', so the browser always sends it back. Domain Path are the two critical factors in cookies. Could you post the result HTTP headers for perusal? -- Drew Taylor Vialogix Communications, Inc. 501 N. College Street Charlotte, NC 28202 704 370 0550 http://www.vialogix.com/
Re: Apache, Mod_Perl and Custom Access/Authentication
Vegard Vesterheim wrote: When dealing with cookie problems, it can be helpful to use a 'HTTP protocol sniffer'. You configure your browser to use the sniffer as a proxy, which will be sitting between the server and The client and allows you to 'listen in' on the HTTP conversation. There are probably a lot of tools that can do this, I have used wsnitch which has a nice GTK-based UI, and a perl script (webproxy.pl) made by Randal Schwartz. Wsnitch looks very cool. I'm going to give it a try right now. I like the fact that I can still use the browser AND see the raw headers. :-) BTW, google took me right to wsnitch's homepage using the "I feel lucky" option. Google rocks! -- Drew Taylor Vialogix Communications, Inc. 501 N. College Street Charlotte, NC 28202 704 370 0550 http://www.vialogix.com/
Re: Apache, Mod_Perl and Custom Access/Authentication
Good morning Drew. On the downside, i +still+ cant get the cookies to work, although after faking a session via telnet it seems to work jst fine. Set-Cookie and everything. It +seems+ to be setting the cookie, but Apache is claiming that the browser doesnt like them (and yes, i have double checked that cookies are enabled on our netscape clients ;). I think its probably something to do with the layout of the servers dirctories. FeH! One last thing: have you checked the path being sent with the cookie? I always use '/', so the browser always sends it back. Domain Path are the two critical factors in cookies. Could you post the result HTTP headers for perusal? Surely. I always use the path of '/' and the domain is always '.bmo.com'. This (as i have mentioned) works fine from the cgi's, and I can see it being put into Netscapes cookie file, but when I do it from Apache it doesnt get even as far as that. All custom errors that are put into the Apache log tells me that this user has 'no cookies'. It +has+ to be something i am doing wrong with Apache, it isnt netscape (even made sure of this by using a windows machine to connect upto Apache and still no joy). If its my code, then great. If its a compile problem then thats more annoying, but my own fault. I can live with problems of my own making ;) Anyway, the ticket has the following (i jst duplicated the cgi headers out call twice to get the header printed ;) Date: Fri, 09 Jun 2000 15:38:52 GMT Server: Apache/1.3.12 (Unix) mod_perl/1.24 Set-Cookie: Ticket=sessionID%3D1; domain=.bmo.com; path=/ Connection: close Set-Cookie: Ticket=sessionID%3D1; domain=.bmo.com; path=/ Set-Cookie: Ticket=sessionID%3D1; domain=.bmo.com; path=/ Connection: close Content-Type: text/html the term to use here is 'what the f@#$' ?! *re-reading my old code* ARGH! okay okayi seem to be calling the Cookie once...i dont +believe+ this. An old piece of code that I wrote in the cgi many many moons ago is also doing a meta tag redirect to a place which is 'locked down' so no one can get access (it has a different reason for living ;). So of course, I authenticate fine, it says okay, redirects me to the originally requested page, which THEN redirects me to another page where i CANT get access to. Becuase the '/' directory is setup to always have the 403 return to the login screen it happens +so+ fast i couldnt notice it. DOH DOH DOH *beating head off of desk* thanks drew and evryone else for putting up with my ramblings. guess this means that I can take an 'early day' today then ;) once again, many thanks and profoundest apologies ;) ^Stefss^
Re: Apache, Mod_Perl and Custom Access/Authentication
Steffers wrote: okay okayi seem to be calling the Cookie once...i dont +believe+ this. An old piece of code that I wrote in the cgi many many moons ago is also doing a meta tag redirect to a place which is 'locked down' so no one can get access (it has a different reason for living ;). So of course, I authenticate fine, it says okay, redirects me to the originally requested page, which THEN redirects me to another page where i CANT get access to. Becuase the '/' directory is setup to always have the 403 return to the login screen it happens +so+ fast i couldnt notice it. DOH DOH DOH *beating head off of desk* Been there, done that! thanks drew and evryone else for putting up with my ramblings. guess this means that I can take an 'early day' today then ;) You have my blessing. lol once again, many thanks and profoundest apologies ;) It happens to the best of us. :-) Glad I could help diagnose your problem. The thing I like most about open source is the free, cheerful help I get from both authors fellow users. I'm just helping to pay my dues. Have a great weekend. -- Drew Taylor Vialogix Communications, Inc. 501 N. College Street Charlotte, NC 28202 704 370 0550 http://www.vialogix.com/
Re: Apache, Mod_Perl and Custom Access/Authentication
Steffers wrote:
hello,
first let me apologise for jst jumping straight into asking
questions on the mailing list, but this is really puzzling me. First
some background.
I have been using perl for the past 3 years. I think (note
+think+) that I understand perl quite well, so when the job came up
at work here to tie the programs into Apache using mod_perl I
figured it wouldnt be that hard. (Apache 1.3.12 and latest mod_perl)
I am still trying to get out of my 'cgi' ways (exit and $| and
such forth), so the code attached my look a tad strange. apologies
again for that.
The problem is, that I want to first have the access working
so that if someone doesnt have a cookie with 'sessionID' set in it,
then we know that they are a 'new user'. In this case, no other checks
are needed (we require valid-user).
IF the sessionid is valid, then we move onto authentication
which in this case is simply firing off the username and password to
PostgreSQL. The way that PostgreSQL is setup, it uses encrypted
passwords for connection, so simply getting a valid connection is
'good enough' to prove the user (in my eyes for the moment).
So once they have connected up succesfully, I cache the
DBI connection (by using Apache::DBI) and then creating a sessionID
cookie for the user.
This then means that the user will only have to 're-authenticate'
when the cookie times out. I dont know if i need to use the 'ping function'
to keep PostgreSQL alive, but thats a 'todo' for sure.
So what am I doing wrong ? There is probably a hundred things
here, and I +have+ read the faqs and even the oreilly book, i dont see
anything glaring, but then this is why its a learning process. (oh and
for what its worth the database and apache are working fine. its my code
that has the 'features' (okay okay, bugs ;))
Feel free to critisce my code/offer guidance/nudge improvments
or jst hit me with a large pointed stick ;)
many thanks
Stefs.
.htaccess
---
PerlAccessHandler Apache::ResAcc
PerlAuthenHandler Apache::ResAuth
require valid-user
ResAcc.pm
package Apache::ResAcc;
use strict;
use Apache::Constants qw(:common);
use Safe();
my $Safe=Safe-new;
use vars qw(@EXPORT $USE_THREAD $USE_SFIO $PERL_DIR);
use Exporter ();
use Config;
use FileHandle ();
*import = \Exporter::import;
@EXPORT = qw(handler);
use subs @EXPORT;
# This module will check for the presence of a sessionid and if found will
# allow access, otherwise it will print out the login screen with two inputs
# one for username and the other for password
sub handler
{ my $r = shift;
my $login = "HTML\nHEAD/HEAD\nBODY\nBODY#Imagine a password
form here/BODY\n/HTML\n";
my $header_ID=$r-header_in('sessionID');
If you're trying to get at the cookie, this is not the way. Either use
Apache::Cookie or CGI.pm to get the cookie contents.
my $query=CGI::new();
my $my_cookie=$query-cookie(-name='sessionID',
-value='1',
-path='/',
-expires='+30m');
$r-header_out-add("Set-cookie"=$my_cookie);
return OK;
}
This code is good. But it doesn't jive with what you have above. Try
making the first handler() actually get the cookie. Or am I missing
something?
--
Drew Taylor
Vialogix Communications, Inc.
501 N. College Street
Charlotte, NC 28202
704 370 0550
http://www.vialogix.com/
Re: Apache, Mod_Perl and Custom Access/Authentication
Drew wrote:
Steffers wrote:
my $header_ID=$r-header_in('sessionID');
If you're trying to get at the cookie, this is not the way. Either use
Apache::Cookie or CGI.pm to get the cookie contents.
okay. I have changd the line to the usual
my $header_ID=cookie(-name='sessionID');
but still no joy. If I put the .htaccess in the '/' of Apache
and then try to 'login'. The form that is generated by the
403 is the default login screen, and the form calls a cgi
underneath the '/connect/' directory. (with an .htaccess
that calls only the PerlAuthen handler)
Now from reading the logs, I can see that the authenitication
isnt being called, so fair enough, i moved the .htaccess to a
'/login/' directory, so that users will have to go there to login,
and when they hit the submit button the custom generated
form will direct them to /connect/connect.cgi
howver, all that happens now is that when i click the submit
button i get the info box of no data returned. Still using the
same code (as it were). If i run the .cgi from command line
it does output the initial welcome screen.
Hrmmm. Any ideas ? maybe my conf is all stuffed up, but
i sincerely doubt it, its a pretty vanilla conf. nothing too
radical ;)
This code is good. But it doesn't jive with what you have above. Try
making the first handler() actually get the cookie. Or am I missing
something?
nope. i thought that header_in would get the cookie, and now
i understand that it would if i had 'header_in('Set-Cookie')'
(or maybe jst cookie) and then i would have to parse out the
values myself.
I jst dont understand quite what I am doing wrong. I know that i
could get standard modules and +maybe+ get the functionality
i want, but i would rather learn about Apache+perl than jst
take some code at face value.
anywayz,
many thanks for the help.
^Stefs^
Re: Apache, Mod_Perl and Custom Access/Authentication
Drew wrote:
Going by your previous example, you should use
$cookie = $r-header_in('Set-Cookie');
i actually prefer the headers_in after reading about it.
(personal preference and lazy to boot ;)
You might also want to take a look at headers_in() (that's PLURAL). It
is a little more flexible in retrieving values.
indeed it is. much preferred.
I can't say off the top of my head. Have you read the mod_perl book?
Chapter 6 is all about authentication Authorization. Reading it might
help you understand the concepts better. As for your code, I
unfortuntely am not sure where to tell you to start.
you know, its really funny. We have the book right on our
shelf, but we are more a 'perl cookbook' sort (need an answer
then heres sample code).
ANYWAY, I went to the modperl site and downloaded the code
for chapter 6, seemed to be sorta what I want, so I have hacked
the authenticate code to jst connect up using login passwd
and then return ("") on success (almost the same).
I have also plan to take out the 'secret' (dont need that functionality)
and also add in ssl's at some point in the future.
Here is the clincher.
When I run the Ticket code from chapter 6 i +always+ get the
'no cookies' error.
Now, the netscape here is 4.73 and it DOES have 'always accept
cookies' activated. I can set cookies on this browser without using
Apache code jsst plain CGI, so i thought it must be a configure
option missed at compile time. I read and as far as I am aware i
got evrything in there (EVERYTHING=1 and lots of ACAPI modules)
but i DIDNT install mod_usertrack from what I can see, but this doesnt
matter with 'ordinary' cookies only for click tracking right ?
So what could possibly be wrong ? The Apache test 'skips' the cookies
test on this platform (Stock Mandrake 7 linux + Perl 5.6 + DBI 1.13 and
Pg 0.93). hhrmm.
have i been an idiot here ;
thanks for the help btw,
^Stefs^
Re: Apache, Mod_Perl and Custom Access/Authentication
Steffers wrote: you know, its really funny. We have the book right on our shelf, but we are more a 'perl cookbook' sort (need an answer then heres sample code). Use the tool that best fits the situation. I have both books on my shelf. ;-) When I run the Ticket code from chapter 6 i +always+ get the 'no cookies' error. Now, the netscape here is 4.73 and it DOES have 'always accept cookies' activated. I can set cookies on this browser without using Apache code jsst plain CGI, so i thought it must be a configure option missed at compile time. I read and as far as I am aware i got evrything in there (EVERYTHING=1 and lots of ACAPI modules) but i DIDNT install mod_usertrack from what I can see, but this doesnt matter with 'ordinary' cookies only for click tracking right ? Check the domain for the cookie... The default is nothing, which just uses the current host. I fell prey to that at first too. :-) Barring that, using lwp-request or plain old telnet to see the exact headers being sent will give you more ideas. Keep it up. I had problems first implementing the Ticket system in Ch 6, but it's successfully working now on our Intranet. You WILL get it to work eventually... -- Drew Taylor Vialogix Communications, Inc. 501 N. College Street Charlotte, NC 28202 704 370 0550 http://www.vialogix.com/
Re: Apache, Mod_Perl and Custom Access/Authentication
Drew wrote:
Going by your previous example, you should use
$cookie = $r-header_in('Set-Cookie');
Quick reality check here -- I'm easy to confuse. =o)
Shouldn't that be
$cookie = $r-header_in('Cookie')
to get cookies the browser sends, and then something like
$r-headers_out-add('Set-Cookie' = "$name=$val")
to place new ones?
Not that there aren't plenty more ways
Paul
At the hat-check, why don't they? ;o]
(grenade humor...tickingdud?)
__
Do You Yahoo!?
Yahoo! Photos -- now, 100 FREE prints!
http://photos.yahoo.com
Re: Apache, Mod_Perl and Custom Access/Authentication
Paul wrote:
Drew wrote:
Going by your previous example, you should use
$cookie = $r-header_in('Set-Cookie');
Quick reality check here -- I'm easy to confuse. =o)
Shouldn't that be
$cookie = $r-header_in('Cookie')
to get cookies the browser sends, and then something like
$r-headers_out-add('Set-Cookie' = "$name=$val")
to place new ones?
I'm pretty sure I'm right on this one. ;-) $r-headers_in|out are
getting/setting actual HTTP headers. Last I checked, the HTTP spec says
you use 'Set-Cookie' for cookies. Of course, I am frequently wrong as
well, but I don't think I am in this case.
--
Drew Taylor
Vialogix Communications, Inc.
501 N. College Street
Charlotte, NC 28202
704 370 0550
http://www.vialogix.com/
RE: Apache, Mod_Perl and Custom Access/Authentication
A server issues Set-Cookie: a client replies with Cookie:
o _
/|/ | Jerrad Pierce \ | __|_ _|
/||/ http://pthbb.org . | _| |
\|| _.-~-._.-~-._.-~-._@" _|\_|___|___|
-Original Message-
From: Drew Taylor [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 08, 2000 18:11
To: Paul
Cc: modperl
Subject: Re: Apache, Mod_Perl and Custom Access/Authentication
Paul wrote:
Drew wrote:
Going by your previous example, you should use
$cookie = $r-header_in('Set-Cookie');
Quick reality check here -- I'm easy to confuse. =o)
Shouldn't that be
$cookie = $r-header_in('Cookie')
to get cookies the browser sends, and then something like
$r-headers_out-add('Set-Cookie' = "$name=$val")
to place new ones?
I'm pretty sure I'm right on this one. ;-) $r-headers_in|out are
getting/setting actual HTTP headers. Last I checked, the HTTP
spec says
you use 'Set-Cookie' for cookies. Of course, I am frequently wrong as
well, but I don't think I am in this case.
--
Drew Taylor
Vialogix Communications, Inc.
501 N. College Street
Charlotte, NC 28202
704 370 0550
http://www.vialogix.com/
Re: Apache, Mod_Perl and Custom Access/Authentication
Jerrad Pierce wrote: A server issues Set-Cookie: a client replies with Cookie: It makes sense now that I think about it. I always use CGI.pm or Apache::Cookie to get the cookies so I never had to look at the incoming cookie headers. Live and learn eh? Well, it's the end of a long day on a long week - does that get me off the hook? Note to self: double check your memory next time. :-) -- Drew Taylor Vialogix Communications, Inc. 501 N. College Street Charlotte, NC 28202 704 370 0550 http://www.vialogix.com/
Re: Apache, Mod_Perl and Custom Access/Authentication
Drew wrote: Well, it's the end of a long day on a long week - does that get me off the hook? Note to self: double check your memory next time. :-) yup, its been a long long week alright. On the downside, i +still+ cant get the cookies to work, although after faking a session via telnet it seems to work jst fine. Set-Cookie and everything. It +seems+ to be setting the cookie, but Apache is claiming that the browser doesnt like them (and yes, i have double checked that cookies are enabled on our netscape clients ;). I think its probably something to do with the layout of the servers dirctories. FeH! On the upside, i have about 3 months to get this working on Apache (there are requirements for going Apache : persistant database handles across requests, quicker invocation of perl using mod_perl, ties in nicely with db's) ach well, thanks for all the help anyway drew, promise to let you know what it ends up being _especially_ if its down to one of my idiotic mistakes ; regards, Stefss
