Return-Path: 
 <modules-dev-return-1876-apmail-httpd-modules-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-modules-dev-archive@locus.apache.org
Received: (qmail 33675 invoked from network); 29 Aug 2008 18:53:26 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 29 Aug 2008 18:53:26 -0000
Received: (qmail 17383 invoked by uid 500); 29 Aug 2008 18:53:23 -0000
Delivered-To: apmail-httpd-modules-dev-archive@httpd.apache.org
Received: (qmail 17355 invoked by uid 500); 29 Aug 2008 18:53:23 -0000
Mailing-List: contact modules-dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:modules-dev-help@httpd.apache.org>
List-Unsubscribe: <mailto:modules-dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:modules-dev@httpd.apache.org>
List-Id: <modules-dev.httpd.apache.org>
Reply-To: modules-dev@httpd.apache.org
Delivered-To: mailing list modules-dev@httpd.apache.org
Received: (qmail 17344 invoked by uid 99); 29 Aug 2008 18:53:23 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 29 Aug 2008 11:53:23 -0700
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of deathanatos@gmail.com
 designates 64.233.166.180 as permitted sender)
Received: from [64.233.166.180] (HELO py-out-1112.google.com) (64.233.166.180)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 29 Aug 2008 18:52:26 +0000
Received: by py-out-1112.google.com with SMTP id d37so733150pye.29
        for <modules-dev@httpd.apache.org>;
 Fri, 29 Aug 2008 11:52:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to
         :subject:mime-version:content-type:content-transfer-encoding
         :content-disposition;
        bh=sPxZzNsyvnZkeL76s2Xq5sV8AjLIVhaPzrwa3R8buxk=;
        b=mhjOAV3dua9lAukAAJcIzu4o+BDzexKwBMce0iP3o9Y3fIn2aYLHhEZzKxW5ECevGS
         zkSzbWCS2Nue7eEKiUkm42dxoWxjYLvo8DZEiuaGluAhpibupPO5i1SgHTroWqMmGw5k
         9B3zvm+GcRI9eJIcJxsdPNXsdr2ObrWhM52lc=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:mime-version:content-type
         :content-transfer-encoding:content-disposition;
        b=OKVx0mXJyYuWSDtXcy5JacW/e+nuPTUiZl2ljTxbrpFGh+PJuC+YPybLYuhJ98C2V1
         zAi+DXF0+bN/KC9+AUprgZuRiMgsoh5rhv89g997+LHMvixfduFZmwQrKUjJrKqsieSJ
         m2uerZreiGB6eGb70DOfamzhQKRte2nMvy7+A=
Received: by 10.114.127.1 with SMTP id z1mr3043207wac.94.1220035975723;
        Fri, 29 Aug 2008 11:52:55 -0700 (PDT)
Received: by 10.114.88.8 with HTTP; Fri, 29 Aug 2008 11:52:55 -0700 (PDT)
Message-ID: <c233ea690808291152j65a12e56mda57655b8b1a1622@mail.gmail.com>
Date: Fri, 29 Aug 2008 14:52:55 -0400
From: "Roy Wellington" <deathanatos@gmail.com>
To: modules-dev@httpd.apache.org
Subject: Apache sub-requests
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Virus-Checked: Checked by ClamAV on apache.org

I'm currently trying to port mod_auth_script, a Apache 1.x module that
used the result of a script to allow/deny an authentication. The issue
I'm currently running into is sub requests - it seems that whatever
output and return code my module's sub request returns is what gets
sent to the web browser. What should happen is:
User asks for page.
Module makes a sub request to script.
Script returns a 200 OK, with a certain header set to allow or deny.
Module either gives web browser either a 403 or the result of the
original request.

Currently I'm always getting 200 (even on bad credentials), and the
returned document is the output of the script. (Just the body, not the
headers.)
I'm currently doing this as an AuthBasicProvider module. The following
works, perfectly:

static authn_status authn_check_password(request_rec *r, const char
*user, const char *password)
{
	if(0 == strcmp("Joe", user)
		&& 0 == strcmp("bob", password))
	{
		return AUTH_GRANTED;
	}
	return AUTH_DENIED;
}

However, if I add these three lines at the top:
	subreq = ap_sub_req_lookup_file("/path/to/script.php", r, NULL);
	ret = ap_run_sub_req(subreq);
	ap_destroy_sub_req(subreq);

I get the odd behavior above. Just adding these three lines alone,
should be essentially a no-op, aside from any side effects of having
the php script invoked. But they're not. The ap_sub_req_lookup_file
call returns 200, the ap_run_sub_req returns 0.

Where am I going wrong with sub requests? How exactly do these work?
The original mod_auth_script is here: http://mod-auth-script.sourceforge.net/
-Roy Wellington