Bug#242985: Requires valid-user is not being honored

Sat, 10 Apr 2004 00:09:25 -0500 

Package: apache
Version: 1.3.29.0.2-4

I am attempting to use libapache-mod-perl to perform a custom
configuration. However it appears that apache is not honoring the
directory stanza for the virtual host. I believe this is a bug in apache
and not in libapache-mod-perl because libapache-mod-perl is returning
fails to the apachesubsystem. At this time I do not think this is user
error because I've checked against half a dozen examples (including
perl.apache.org) and I seem to be right in line.


Log snippit
==================================
[Sat Apr 10 04:40:16 2004]
     [error] access to / failed for 209.173.6.54, reason: Failed for X reason
[Sat Apr 10 04:40:16 2004]
     [error] access to /index.html failed for 209.173.6.54, reason: Failed
             for X reason
[Sat Apr 10 04:40:16 2004]
     [error] access to /index.html failed for 209.173.6.54, reason: Failed
             for X reason
209.173.6.54 - someuser [10/Apr/2004:04:40:16 +0000] "GET / HTTP/1.0" 200 0
==================================


According to the logs (and the web browser!) the page gets served, even
though access should be denied.


/etc/apache/conf.d/push.sourcecontrol.net:
====================================
<VirtualHost *>
  Servername push.sourcecontrol.net

  DocumentRoot /var/www/mirrors/push

  ErrorLog /var/log/apache/push.sourcecontrol.net
  CustomLog /var/log/apache/push.sourcecontrol.net common

  PerlModule SourceControl
  <Directory /var/www/mirrors/push >
    AuthName SourceControl
    AuthType Basic
    PerlAuthenHandler SourceControl::authen_handler
    Require valid-user
  </Directory>
</VirtualHost>
==================================


/usr/local/lib/site_perl/SourceControl.pm : 
==================================
package SourceControl;

    sub authen_handler {
  
        my $r = shift;
  
        # get user's authentication credentials
        my ($res, $sent_pw) = $r->get_basic_auth_pw;
        return $res if $res != OK;

        my $user = $r->connection->user;
        my $reason = "";

        # authenticate through DBI
        my $reason = authen_dbi($r, $user, $sent_pw);
  
        if ($reason) {
                $r->note_basic_auth_failure;
                $r->log_reason($reason, $r->uri);
                return FORBIDDEN;
                #return AUTH_REQUIRED;
        }
        return OK;
    }
     
    sub authen_dbi{
      my ($r, $user, $sent_pw) = @_;
  
      # validate username/passwd
      #return 0;  # replace with real code!!!
  
      return "Failed for X reason";
  
    }
    # don't forget 1;
    1;
==================================


-- 
James Blackwell          Please do not send me carbon copies of mailing
Smile more!              list posts. Such mail is unsolicited. Thank you!

GnuPG (ID 06357400) AAE4 8C76 58DA 5902 761D  247A 8A55 DA73 0635 7400

Reply via email to