httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jouni Mäkeläinen <jouni.makelai...@twinkle.fi>
Subject ap_auth_type() -question
Date Mon, 23 Feb 2009 07:46:54 GMT
Hi!

I have made an authentication module for Apache 2.0, that supports our client's single sign
on -mechanism. User doesn't give username or password to authenticate. Instead the URL and
cookies are examined. If there is no valid DES-encrypted authentication string, user is automatically
redirected to an external server to login and after that back to originating url with proper
auth string.

The module worked with Apache 2.0 without problems and it compiles nicely with Apache 2.2,
but when module calls ap_auth_type() -function to determine if the module should perform authentication,
segmentation fault occurs. I have tested the module with two precompiled Apache-versions (2.2.3
and 2.2.8) on CentOS 5.2 with x86_64 -architecture. Based on some dev mailing list notes status
of ap_auth_type() -function seems unclear. I have considered skipping ap_auth_type() -function
call and adding own custom module parameter XXX_Authoritative instead to deduce if the module
should check authentication, but ain't sure if this is a sound solution. The new provider
model seems too complicated (and expensive) to adopt in this situation. I posted also a similar
message to the modules-dev mailing list, but got no answers.

Here is the current logic of the module:
static int authenticate_user(request_rec *r) {
    xxx_auth_config_rec *conf = ap_get_module_config(r->per_dir_config, &auth_xxx_module);
    const char* encrypted_sso_str = NULL;
... *Checking URL and cookies* ...
    if (!encrypted_sso_str || apr_strnatcmp(encrypted_sso_str, "false") == 0) {
        if (apr_strnatcasecmp(ap_auth_type(r), "auth_xxx") == 0) {
*** Segmentation fault *** (ap_auth_type)
...
static void mod_auth_xxx_register_hooks(apr_pool_t *p) {
    // APR_HOOK_FIRST to bypass other modules, tried also APR_HOOK_MIDDLE
    ap_hook_check_user_id(authenticate_user,NULL,NULL,APR_HOOK_FIRST);
}
...
module AP_MODULE_DECLARE_DATA auth_xxx_module = {
	STANDARD20_MODULE_STUFF,
	create_auth_dir_config,         /* per-directory config creater */
	NULL,                           /* dir merger --- default is to override */
	NULL,                           /* server config creator */
	NULL,                           /* server config merger */
	auth_commands,                  /* command table */
	mod_auth_xxx_register_hooks,    /* callback for registering hooks */
};

In Virtual Host configuration I have following common authentication lines (and some module
specific parameters):
<Location ...>
... 
AuthType auth_xxx
require valid-user
...
</Location>

I compile module with apxs (CentOS 5.2 x86_64, Apache 2.2.3, tried also Apache 2.2.8) against
libmcrypt (for DES calculations):
apxs -lmcrypt -c mod_auth_xxx.c

Here is the backtrace from the core dump:
#0  0x00002af41b58b67f in apr_match_glob () from /usr/lib64/libapr-1.so.0
#1  0x00002af4249ebb74 in authenticate_user (r=0x2af42ed75488) at mod_auth_xxx.c:159
#2  0x00002af419cc5112 in ap_run_check_user_id () from /usr/sbin/httpd
#3  0x00002af419cc6327 in ap_process_request_internal () from /usr/sbin/httpd
#4  0x00002af419cd7eb8 in ap_process_request () from /usr/sbin/httpd
#5  0x00002af419cd50f0 in ap_register_input_filter () from /usr/sbin/httpd
#6  0x00002af419cd11c2 in ap_run_process_connection () from /usr/sbin/httpd
#7  0x00002af419cdbe5b in ap_graceful_stop_signalled () from /usr/sbin/httpd
#8  0x00002af419cdc0ea in ap_graceful_stop_signalled () from /usr/sbin/httpd
#9  0x00002af419cdc1a0 in ap_graceful_stop_signalled () from /usr/sbin/httpd #10 0x00002af419cdccd8
in ap_mpm_run () from /usr/sbin/httpd
#11 0x00002af419cb7183 in main () from /usr/sbin/httpd

Any help would be most welcome,
Jouni


Mime
View raw message