Hi!
I have made an authentication module for Apache 2.0, that supports our client's
single sign on -mechanism. User doesn't give username or password to
authenticate. Instead the URL and cookies are examined. If there is no valid
DES-encrypted authentication string, user is automatically redirected to an
external server to login and after that back to originating url with proper
auth string.
The module worked with Apache 2.0 without problems and it compiles nicely with
Apache 2.2, but when module calls ap_auth_type() -function to determine if the
module should perform authentication, segmentation fault occurs. I have tested
the module with two precompiled Apache-versions (2.2.3 and 2.2.8) on CentOS 5.2
with x86_64 -architecture. Based on some dev mailing list notes status of
ap_auth_type() -function seems unclear. I have considered skipping
ap_auth_type() -function call and adding own custom module parameter
XXX_Authoritative instead to deduce if the module should check authentication,
but ain't sure if this is a sound solution. The new provider model seems too
complicated (and expensive) to adopt in this situation. I posted also a similar
message to the modules-dev mailing list, but got no answers.
Here is the current logic of the module:
static int authenticate_user(request_rec *r) {
xxx_auth_config_rec *conf = ap_get_module_config(r->per_dir_config,
&auth_xxx_module);
const char* encrypted_sso_str = NULL;
... *Checking URL and cookies* ...
if (!encrypted_sso_str || apr_strnatcmp(encrypted_sso_str, "false") == 0) {
if (apr_strnatcasecmp(ap_auth_type(r), "auth_xxx") == 0) {
*** Segmentation fault *** (ap_auth_type)
...
static void mod_auth_xxx_register_hooks(apr_pool_t *p) {
// APR_HOOK_FIRST to bypass other modules, tried also APR_HOOK_MIDDLE
ap_hook_check_user_id(authenticate_user,NULL,NULL,APR_HOOK_FIRST);
}
...
module AP_MODULE_DECLARE_DATA auth_xxx_module = {
STANDARD20_MODULE_STUFF,
create_auth_dir_config, /* per-directory config creater */
NULL, /* dir merger --- default is to
override */
NULL, /* server config creator */
NULL, /* server config merger */
auth_commands, /* command table */
mod_auth_xxx_register_hooks, /* callback for registering hooks */
};
In Virtual Host configuration I have following common authentication lines (and
some module specific parameters):
<Location ...>
...
AuthType auth_xxx
require valid-user
...
</Location>
I compile module with apxs (CentOS 5.2 x86_64, Apache 2.2.3, tried also Apache
2.2.8) against libmcrypt (for DES calculations):
apxs -lmcrypt -c mod_auth_xxx.c
Here is the backtrace from the core dump:
#0 0x00002af41b58b67f in apr_match_glob () from /usr/lib64/libapr-1.so.0
#1 0x00002af4249ebb74 in authenticate_user (r=0x2af42ed75488) at
mod_auth_xxx.c:159
#2 0x00002af419cc5112 in ap_run_check_user_id () from /usr/sbin/httpd
#3 0x00002af419cc6327 in ap_process_request_internal () from /usr/sbin/httpd
#4 0x00002af419cd7eb8 in ap_process_request () from /usr/sbin/httpd
#5 0x00002af419cd50f0 in ap_register_input_filter () from /usr/sbin/httpd
#6 0x00002af419cd11c2 in ap_run_process_connection () from /usr/sbin/httpd
#7 0x00002af419cdbe5b in ap_graceful_stop_signalled () from /usr/sbin/httpd
#8 0x00002af419cdc0ea in ap_graceful_stop_signalled () from /usr/sbin/httpd
#9 0x00002af419cdc1a0 in ap_graceful_stop_signalled () from /usr/sbin/httpd
#10 0x00002af419cdccd8 in ap_mpm_run () from /usr/sbin/httpd
#11 0x00002af419cb7183 in main () from /usr/sbin/httpd
Any help would be most welcome,
Jouni
