httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ray Morris <supp...@bettercgi.com>
Subject Re: Dynamicly insert 'require' into request
Date Wed, 22 Jul 2009 11:51:12 GMT
> This leads me to a problem: how do I "turn off" a hook,
> Whatever it is I need to do, I need to do in the access()
> hook.

   In access, set a variable.  Call it "skipauth".
Set it to 1 if you need to skip authorization.  
In auth, first check skipauth.  If it's true, 
skip your authorization and return OK.


> Okay, so upon further inspection, it appears that 
> there may not be an equivalent function for mod_perls 
> set_handlers().

  You don't need it for your simple case, of course, 
but think how it easy it would be write.  What exactly 
does it need to do?  You want to call different functions, 
so clearly you need some variabe that tells which 
function(s) to call, then later you call whichever 
function designated by the variable.  It would be 
maybe four or five lines added to the typical hook 
code.  There may well be a simpler or better way - 
I've only just started learning about Apache internals 
myself and I'm not even a C programer - I'm a Perl guy.
But here's the simple implementation that came immediately
to mind for me:

typedef struct {
   int (*uid_function_pointer)(request_rec *r);
} my_module_conf;


static int check_user_id_1(request_rec *r) __attribute__((cdecl));
static int check_user_id_2(request_rec *r) __attribute__((cdecl));


static int my_access_hook(request_rec *r) {
    if (one)  {
        cfg->uid_function_pointer = &check_user_id_1;
    } else {
        cfg->uid_function_pointer = &check_user_id_2;
    }
        
}

static int my_check_user (request_rec *r) {
   return cfg->uid_function_pointer(r);
}

   The code dynamically assigns ONE function to 
be called in a later hook, of course.  Better would
be for uid_function_pointer to be an array, list, 
or table of some kind.  Implementing that is left 
as an exercise for the reader.  If you're wanting 
to do the same thing as an existing function in 
mod_perl, you could look at the source of mod_perl 
to see how they did it.  That might give you some
ideas.
--
Ray Morris
support@bettercgi.com

Strongbox - The next generation in site security:
http://www.bettercgi.com/strongbox/

Throttlebox - Intelligent Bandwidth Control
http://www.bettercgi.com/throttlebox/

Strongbox / Throttlebox affiliate program:
http://www.bettercgi.com/affiliates/user/register.php


On 07/22/2009 04:43:08 AM, Ben Davies wrote:
> Okay, so upon further inspection, it appears that there may not be an
> equivalent function for mod_perls set_handlers().
> 
> This leads me to a problem: how do I "turn off" a hook, especially, 
> as
> the
> check_user() hook expects the r->user property to contain the
> username,
> meaning that the sending of a 403 happens before the check_user() 
> hook
> is
> called. Whatever it is I need to do, I need to do in the access()
> hook.
> 
> I was hoping it might be something as simple as removing my require
> entry
> from the require array. Has anyone had any experience with this? If
> so,
> could you comment on techniques?
> 
> Cheers,
> 
> Ben
> 
> 
> -----Original Message-----
> From: Ben Davies [mailto:bdavies@stickyeyes.com] 
> Sent: 21 July 2009 14:49
> To: modules-dev@httpd.apache.org
> Subject: RE: Dynamicly insert 'require' into request
> 
> > mod_perl just exposes the API to Perl programmers.  Translate their 
> 
> > example
> > to C and it'll work without mod_perl.
> 
> Excellent! Just what I was hoping for! Any clues as to the C
> equivalent of
> set_handler()? I've been looking in the apache header files and not
> found
> anything yet that matches.
> 
> > You want C, my book takes you  
> > through
> > developing a custom authentication/authorization handler.
> 
> I know. I've been doing exactly that :) Great book by the way :)
> 
> > If I understood your original question ("... conditional  
> > authentication ... if
> > public access is granted"??)  I could perhaps say something more  
> > specific.
> 
> A quick overview of what I want: if user requests a resource with a
> particular method, and that method is in a list of public accessible
> methods, then auth is not required. If not, then authn/authz is
> required.
> Simple as.
> 
> I know there are other ways of doing this with Limit, for example, 
> but
> my
> module adds a few bits and bobs to make management a bit easier (and
> extensible). I would however, appreciate your comments on the subject
> :)
> 
> Cheers for confirming,
> 
> Ben
> 
> 
> -----Original Message-----
> From: Nick Kew [mailto:niq@apache.org] 
> Sent: 21 July 2009 14:36
> To: modules-dev@httpd.apache.org
> Subject: Re: Dynamicly insert 'require' into request
> 
> 
> On 21 Jul 2009, at 13:44, Ben Davies wrote:
> 
> > I've just found something that does pretty much what I want but 
> with
> > mod_perl. For an example, see 13.5 in the following chapter  
> > (warning: link
> > is a PDF)
> 
> mod_perl just exposes the API to Perl programmers.  Translate their  
> example
> to C and it'll work without mod_perl.  You want C, my book takes you  
> through
> developing a custom authentication/authorization handler.
> 
> If I understood your original question ("... conditional  
> authentication ... if
> public access is granted"??)  I could perhaps say something more  
> specific.
> 
> -- 
> Nick Kew
> 
> 



Mime
View raw message