httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick Welche <pr...@newn.cam.ac.uk>
Subject AuthBasic/mod_auth_pgsql
Date Wed, 05 May 2004 14:09:19 GMT
While trying to get mod_auth_pgsql-2.0.2b1 to work with 22 April CVS-httpd,
I found that the reason I could not authenticate against a postgresql
server was that mod_auth_pgsql received an empty user field in the
request structure. Strangely, it received the correct password from the
server.. How can this be?

In more detail:

  AuthType basic
  AuthBasicAuthoritative Off
  Auth_PG...

so, basic auth assumes that its provider is "file", a line appears in the
error log saying that file is null. Fine, it isn't authoritative, so
it is mod_auth_pgsql's turn:

static void register_hooks(apr_pool_t * p)
{ 
    ap_hook_post_config(pg_auth_init_handler, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_auth_checker(pg_check_auth, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_check_user_id(pg_authenticate_basic_user, NULL, NULL,
                          APR_HOOK_MIDDLE);  
};   

int pg_authenticate_basic_user(request_rec * r)

BUT r->user==NULL. Somehow

    if ((res = ap_get_basic_auth_pw(r, (const char **) &sent_pw)))
        return res;

sent_pw contains the correct password.

So, what happens to r->user as it gets passed between modules?


Style point: should mod_pgsql be a provider (ap_register_provider) rather
than using hooks?

Cheers,

Patrick

Mime
View raw message