Re: Developing Authn/Authz Modules

2011-10-03 Thread Sorin Manolache 
On Sat, Oct 1, 2011 at 23:05, Suneet Shah suneetshah2...@gmail.com wrote:
 Hello,

 I am trying to build my apache module which needs to carry out
 authentication and authorization functions based on the value of a cookie.
 To start with, I have just created a shell with the intent that I wanted the
 functions for authentication and authorization being called.
 However, it does not appear that these functions are being called. I have
 pasted by configuration and code below.

 When I try to access  http://localhost/test_rpc/ I get the login.html that
 is defined in my ErrorDocument below.
 But when I look in the log file, I see the following.
 Since its looking for a userId, I am wondering if there is an error in my
 configuration

 [Sat Oct 01 16:37:29 2011] [debug] prefork.c(996): AcceptMutex: sysvsem
 (default: sysvsem)
 [Sat Oct 01 16:38:08 2011] [error] [client 127.0.0.1] access to
 /test_rpc/header.jsp failed, reason: verification of user id 'null' not
 configured

You have not hooked check_user_id. In this case the default
check_user_id of mod_authn_default is called. The mod_authn_default
module rejects the request by default and gives you the verification
of user id 'null' log line.

Hook check_user_id instead of auth_checker. Set r-user in
check_user_id. I think setting r-user is not mandatory but it gives
you more precise log messages.

Use return OK (OK is 0) and not return HTTP_OK (HTTP_OK is 200) in your hooks.

S


 Any guidance on what I am doing wrong would be greatly appreciate.

 Regards
 Suneet


 -- Configuration in Httpd.conf

 Location /
   IAM_CookieName IAM_PARAM
   IAM_TokenParam tkn
   IAM_Service_base_url http://localhost:8080/;
   ErrorDocument 401 /login.html
   AuthType IAMToken
   AuthName IAM Login
   AuthCookie_Authoritative On
  /Location

 Location /test_rpc/
    ProxyPass http://localhost:9080/test_rpc

    require tkn
 /Location

 - Module Code
 static int authz_dbd_check(request_rec *r) {

    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r-server, authz_dbd_check
 called);
    return HTTP_OK;
 }

 static int check_token(request_rec *r) {

     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r-server, chedk_token
 called.);
    return OK;
 }

 static void authz_dbd_hooks(apr_pool_t *p)
 {
    ap_hook_auth_checker(check_token, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_auth_checker(authz_dbd_check, NULL, NULL, APR_HOOK_MIDDLE);
 }
 module AP_MODULE_DECLARE_DATA authz_dbd_module =
 {
    STANDARD20_MODULE_STUFF,
    authz_dbd_cr_cfg,
    NULL,
    NULL,
    NULL,
    authz_dbd_cmds,
    authz_dbd_hooks
 };

Re: Developing Authn/Authz Modules

2011-10-01 Thread Ben Noordhuis 
On Sat, Oct 1, 2011 at 23:05, Suneet Shah suneetshah2...@gmail.com wrote:
 Hello,

 I am trying to build my apache module which needs to carry out
 authentication and authorization functions based on the value of a cookie.
 To start with, I have just created a shell with the intent that I wanted the
 functions for authentication and authorization being called.
 However, it does not appear that these functions are being called. I have
 pasted by configuration and code below.

 When I try to access  http://localhost/test_rpc/ I get the login.html that
 is defined in my ErrorDocument below.
 But when I look in the log file, I see the following.
 Since its looking for a userId, I am wondering if there is an error in my
 configuration

 [Sat Oct 01 16:37:29 2011] [debug] prefork.c(996): AcceptMutex: sysvsem
 (default: sysvsem)
 [Sat Oct 01 16:38:08 2011] [error] [client 127.0.0.1] access to
 /test_rpc/header.jsp failed, reason: verification of user id 'null' not
 configured

 Any guidance on what I am doing wrong would be greatly appreciate.

 Regards
 Suneet


 -- Configuration in Httpd.conf

 Location /
   IAM_CookieName IAM_PARAM
   IAM_TokenParam tkn
   IAM_Service_base_url http://localhost:8080/;
   ErrorDocument 401 /login.html
   AuthType IAMToken
   AuthName IAM Login
   AuthCookie_Authoritative On
  /Location

 Location /test_rpc/
    ProxyPass http://localhost:9080/test_rpc

    require tkn
 /Location

 - Module Code
 static int authz_dbd_check(request_rec *r) {

    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r-server, authz_dbd_check
 called);
    return HTTP_OK;
 }

 static int check_token(request_rec *r) {

     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r-server, chedk_token
 called.);
    return OK;
 }

 static void authz_dbd_hooks(apr_pool_t *p)
 {
    ap_hook_auth_checker(check_token, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_auth_checker(authz_dbd_check, NULL, NULL, APR_HOOK_MIDDLE);
 }
 module AP_MODULE_DECLARE_DATA authz_dbd_module =
 {
    STANDARD20_MODULE_STUFF,
    authz_dbd_cr_cfg,
    NULL,
    NULL,
    NULL,
    authz_dbd_cmds,
    authz_dbd_hooks
 };

You probably need a `Satisfy all` in your httpd config.