httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Torsten Krah <krah...@gmail.com>
Subject Re: [users@httpd] httpd 2.4 - mod_lua question: LuaHookAuthChecker hook is not called
Date Tue, 26 Sep 2017 07:28:30 GMT
Am Montag, den 25.09.2017, 10:29 -0400 schrieb Eric Covener:
> Sorry, a bit swamped today, but AFAICT that is not what an
> auth_checker is underlying httpd API, so I tentatively think that lua
> dev doc is incorrect.
> 
> Please have a look at include/http_request.h and server/request.c
> where the hooks are called.

Hi Eric,

btw thanks for answering ;). Continuing this topic:


Reading include/http_request.h (line number 505+):

/**                                                                   
 * Register a hook function that will analyze the request
headers,       
 * authenticate the user, and set the user information in the request
record.
 * @param pf A check_user_id hook function                            
 * @param aszPre A NULL-terminated array of strings that name modules
whose
 *               hooks should precede this one                        
 * @param aszSucc A NULL-terminated array of strings that name modules
whose
 *                hooks should succeed this one                       
 * @param nOrder An integer determining order before honouring aszPre
and
 *               aszSucc (for example, HOOK_MIDDLE)                   
 * @param type Internal request processing mode, either               
 *             AP_AUTH_INTERNAL_PER_URI or AP_AUTH_INTERNAL_PER_CONF  
 */                                                                   
AP_DECLARE(void) ap_hook_check_authn(ap_HOOK_check_user_id_t
*pf,        
                                     const char * const
*aszPre,         
                                     const char * const
*aszSucc,        
                                     int nOrder, int type);           


Imho this one reads like the hook which mod_lua should / can use to make
those examples correct, right?

But you're right - reading mod_lua.c:

LuaHookAuthChecker -> register_auth_checker_hook is used which does
that:

return register_named_file_function_hook("auth_checker", cmd, _cfg,
file, function,apr_hook_when);

which just uses auth_checker callback which reads:


/**                                                                   
 * This hook is used to check to see if the resource being requested  
 * is available for the authenticated user (r->user and
r->ap_auth_type).
 * It runs after the access_checker and check_user_id hooks. Note that
 * it will *only* be called if Apache determines that access control has
 * been applied to this resource (through a 'Require' directive). This
 * hook should be registered with ap_hook_check_authz().              
 *                                                                    
 * @param r the current request                                       
 * @return OK, DECLINED, or HTTP_...                                  
 * @ingroup hooks                                                     
 * @see ap_hook_check_authz                                           
 */                                                                   
AP_DECLARE_HOOK(int,auth_checker,(request_rec *r)) 


So this is a little pita ;-).

I thought and wanted to use what the docs are suggesting to use the
LuaHookAuthChecker to customize user authentication.
Implementation seems todo something else.

BUT there is the "ap_hook_check_authn" hook which reads like the
function i want to register with mod_lua.
Unfortunately it seems (via grep) that lua does not implement that hook.

Question: Who is in charge here? Are the docs correct and that is what
was planned to be implemented? In that case those other function should
be used (ap_hook_check_authn).
Or is there a need to support both usecases?

Can we extend mod_lua to support both or change the current code to use
the ap_hook_check_authn function?

kind regards

Torsten


Mime
View raw message