cc'ing the list. John D Groenveld wrote: > If you could try to replicate this core dump which only occurs for > me on directory listings, I'd be most appreciative. Much hair has > been pulled out while trying to corner this bug.
aha! ok, here's what I think is going on. mod_dir is issuing a subrequest on /foo/ to /foo/index.html. this happens during fixups, which means that the PerlAuthHandler runs on /foo/ and on /foo/index.html in the same browser request. now, you have return Apache::OK unless $r->is_initial_req; in there for your PerlAuthHandler, which bypasses the later call to $r->get_basic_auth_pw and which would have set $r->user. the core authz handler then "if (!strcmp(w, user))" where user is NULL and *boom* therein lies your segfault. why doesn't this happen in 1.3? check this out. in apache-1.3 $r->user isn't r->user, it's r->connection->user. while r->connection->user is reset at the end of each real request, it isn't local to subrequests - the connection record is copied directly from the main request and so r->connection->user lingers between subrequests! which means that the "if !strcmp(w, user))" logic in the authz handler is actually using r->connection->user (as set by the initial request) in the subrequest if the authen checker declines to handle subrequests. *whew* so, I think there are a few problems here. the first is that apache 1.3 is messed up, so I'll address that with httpd-dev and see what they have to say about it. I doubt 1.3 will change, though, as I suspect there is lots of logic that depends on r->connection->user being non-NULL. the second issue is how we handle subrequests in mp2 (and apache 2.0 for that matter). my suggestion at the moment is to move the conditional after the call to $r->get_basic_auth_pw. shortcutting subrequests was intended as a process saver when your own auth mechanism was complex (like hitting a database) so simply parsing the headers before declining is not too bad and it still saves you. HTH --Geoff -- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html