Return-Path: 
 <dev-return-63681-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: (qmail 84201 invoked from network); 23 Feb 2009 07:47:33 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 23 Feb 2009 07:47:33 -0000
Received: (qmail 23373 invoked by uid 500); 23 Feb 2009 07:47:31 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 23334 invoked by uid 500); 23 Feb 2009 07:47:31 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:dev@httpd.apache.org>
List-Id: <dev.httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 23325 invoked by uid 99); 23 Feb 2009 07:47:31 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 22 Feb 2009 23:47:31 -0800
X-ASF-Spam-Status: No, hits=-2.8 required=10.0
	tests=RCVD_IN_DNSWL_MED,SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (athena.apache.org: local policy)
Received: from [83.145.252.5] (HELO mailer.nbl-solutions.fi) (83.145.252.5)
    by apache.org (qpsmtpd/0.29) with SMTP; Mon, 23 Feb 2009 07:47:23 +0000
Received: from exch02.nbl-solutions.fi ([83.145.252.6]) by
 mailer.nbl-solutions.fi with Microsoft SMTPSVC(6.0.3790.3959);
	 Mon, 23 Feb 2009 09:46:58 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: ap_auth_type() -question
Date: Mon, 23 Feb 2009 09:46:54 +0200
Message-ID: <F7D6436D7496AF43965E3D1F93C1BB9A025508E8@exch02.nbl-solutions.fi>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: ap_auth_type() -question
Thread-Index: AcmViuWQ6Z3rloO6T+qGZeyHARnbfg==
From: =?iso-8859-1?Q?Jouni_M=E4kel=E4inen?= <jouni.makelainen@twinkle.fi>
To: <dev@httpd.apache.org>
X-OriginalArrivalTime: 23 Feb 2009 07:46:58.0223 (UTC)
 FILETIME=[E7B58BF0:01C9958A]
X-Virus-Checked: Checked by ClamAV on apache.org

Hi!

I have made an authentication module for Apache 2.0, that supports our =
client's single sign on -mechanism. User doesn't give username or =
password to authenticate. Instead the URL and cookies are examined. If =
there is no valid DES-encrypted authentication string, user is =
automatically redirected to an external server to login and after that =
back to originating url with proper auth string.

The module worked with Apache 2.0 without problems and it compiles =
nicely with Apache 2.2, but when module calls ap_auth_type() -function =
to determine if the module should perform authentication, segmentation =
fault occurs. I have tested the module with two precompiled =
Apache-versions (2.2.3 and 2.2.8) on CentOS 5.2 with x86_64 =
-architecture. Based on some dev mailing list notes status of =
ap_auth_type() -function seems unclear. I have considered skipping =
ap_auth_type() -function call and adding own custom module parameter =
XXX_Authoritative instead to deduce if the module should check =
authentication, but ain't sure if this is a sound solution. The new =
provider model seems too complicated (and expensive) to adopt in this =
situation. I posted also a similar message to the modules-dev mailing =
list, but got no answers.

Here is the current logic of the module:
static int authenticate_user(request_rec *r) {
    xxx_auth_config_rec *conf =3D =
ap_get_module_config(r->per_dir_config, &auth_xxx_module);
    const char* encrypted_sso_str =3D NULL;
... *Checking URL and cookies* ...
    if (!encrypted_sso_str || apr_strnatcmp(encrypted_sso_str, "false") =
=3D=3D 0) {
        if (apr_strnatcasecmp(ap_auth_type(r), "auth_xxx") =3D=3D 0) {
*** Segmentation fault *** (ap_auth_type)
...
static void mod_auth_xxx_register_hooks(apr_pool_t *p) {
    // APR_HOOK_FIRST to bypass other modules, tried also =
APR_HOOK_MIDDLE
    ap_hook_check_user_id(authenticate_user,NULL,NULL,APR_HOOK_FIRST);
}
...
module AP_MODULE_DECLARE_DATA auth_xxx_module =3D {
	STANDARD20_MODULE_STUFF,
	create_auth_dir_config,         /* per-directory config creater */
	NULL,                           /* dir merger --- default is to =
override */
	NULL,                           /* server config creator */
	NULL,                           /* server config merger */
	auth_commands,                  /* command table */
	mod_auth_xxx_register_hooks,    /* callback for registering hooks */
};

In Virtual Host configuration I have following common authentication =
lines (and some module specific parameters):
<Location ...>
...=20
AuthType auth_xxx
require valid-user
...
</Location>

I compile module with apxs (CentOS 5.2 x86_64, Apache 2.2.3, tried also =
Apache 2.2.8) against libmcrypt (for DES calculations):
apxs -lmcrypt -c mod_auth_xxx.c

Here is the backtrace from the core dump:
#0  0x00002af41b58b67f in apr_match_glob () from =
/usr/lib64/libapr-1.so.0
#1  0x00002af4249ebb74 in authenticate_user (r=3D0x2af42ed75488) at =
mod_auth_xxx.c:159
#2  0x00002af419cc5112 in ap_run_check_user_id () from /usr/sbin/httpd
#3  0x00002af419cc6327 in ap_process_request_internal () from =
/usr/sbin/httpd
#4  0x00002af419cd7eb8 in ap_process_request () from /usr/sbin/httpd
#5  0x00002af419cd50f0 in ap_register_input_filter () from =
/usr/sbin/httpd
#6  0x00002af419cd11c2 in ap_run_process_connection () from =
/usr/sbin/httpd
#7  0x00002af419cdbe5b in ap_graceful_stop_signalled () from =
/usr/sbin/httpd
#8  0x00002af419cdc0ea in ap_graceful_stop_signalled () from =
/usr/sbin/httpd
#9  0x00002af419cdc1a0 in ap_graceful_stop_signalled () from =
/usr/sbin/httpd #10 0x00002af419cdccd8 in ap_mpm_run () from =
/usr/sbin/httpd
#11 0x00002af419cb7183 in main () from /usr/sbin/httpd

Any help would be most welcome,
Jouni