httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From PlagiaTUM <plagia...@fs.tum.de>
Subject Re: AuthN only once per request instead once every subrequest
Date Tue, 24 May 2011 02:01:39 GMT
Hello again!

Sorry for not writing so long,  and please excuse our being such a pest 
about this.

You probably have overseen the remaining questions in our last email.

The mod_auth_socache way should indeed work, but is a work-around, not a 
fix. We would like to fix the situation for the benefit of all httpd users.

Using show_forbidden does not work, because the subrequest is fired 
anyway, including re-authorization. From what we (us three) can see in 
the code, the subrequests are pretty much needed, for example for 
find_title(), find_icon() and find_alt().

The most promising and hopefully also un-intrusive way in our opinion is 
to fix the per_dir_config comparison in ap_process_request_internal() 
that should optimize out the unnecessary re-auths.

We wrote (Fri, 18 Mar 2011 03:23:01 -0700):
 > The comparison
 > (r->main->per_dir_config == r->per_dir_config) never succeeds
 > [...]

Nick Kew wrote (Fri, 18 Mar 2011 03:46:05 -0700):
 > It does if the configurations to r and r->main are not the same.

 From looking into the debugger, the _content_ of the per_dir_configs 
is, in our case, the same. The memory location is not. So the == 
operator returns false.

In server.c we find this:
> /* Skip authn/authz if the parent or prior request passed the authn/authz,
> * and that configuration didn't change (this requires optimized _walk()
> * functions in map_to_storage that use the same merge results given
> * identical input.) If the config changes, we must re-auth.
> */

Might this be relevant for us? Do we have to modify a _walk() or 
_merge() function? Can you give us a hint where to look?

Thanks again!

Mime
View raw message