perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steven Lembark <lemb...@jeeves.wrkhors.com>
Subject Problem with Apache::AuthCookie
Date Thu, 06 Dec 2001 17:00:43 GMT
Getting multiple header entries from AuthCookie returned to the
client. This happens even if I stub out the authen_cred and
authen_ses_key to return "foo". Other thing I notice after
adding logging to the authentication and authorization sub's
is that the $r->connection->user set by authentication isn't
available in $r->connection->user in authorization. As a 
result of the undef $r->connection->user in authorization
it's sending back a FORBIDDEN which [I think?] causes the
problems.

The examples I've seen of login_form code use a simple print to
get things on the screen (e.g., Apache::AuthTicket).
I've tried this and various combinations of sending the headers
and form with no luck.

Ideally Apache::AuthCookie should only require the login_form,
authen_cred and authen_ses_key sub's to function with the 
addition of login_screen to use a location rather rather than
#!-ed code for the login form.

Does anyone know of a simple, working example of deriving a 
class from Apache::AuthTicket or some specific documentation
for a complete class? The code that comes with it is only
useful for testing

Below are the relavant error_log items (showing the user 
available in authenticate and undef in authorize).


thanx.
sl

########################################################################
# Authorization cookie handler.
########################################################################

PerlModule Cdr::AuthCookie;

PerlSetVar CDRPath			/foo

PerlSetVar CDRLoginScript	/cdrloginform
PerlSetVar CDRLoginHandler	/cdrlogin

#PerlSetVar	CDRExpires		+8h

PerlSetVar	AuthCookieDebug	9

# this shows the login form.

<Location /cdrloginform>

	SetHandler perl-script  
	PerlHandler Cdr::AuthCookie->login_form

</Location>
       
# handle posted data from the login form.

<location /cdrlogin>

	SetHandler			perl-script

	AuthType			Cdr::AuthCookie
	AuthName			CDR 

	PerlHandler			Cdr::AuthCookie->login

</Location>

<Location /foo>

	SetHandler			perl-script

	AuthType			Cdr::AuthCookie
	AuthName			CDR

	PerlAuthenHandler	Cdr::AuthCookie->authenticate
	PerlAuthzHandler	Cdr::AuthCookie->authorize

	PerlHandler			Cdr::Hello

	require 			valid-user

</Location>

<Location /foo/bar>

	SetHandler			perl-script

	AuthType			Cdr::AuthCookie
	AuthName			CDR

	PerlAuthenHandler	Cdr::AuthCookie->authenticate
	PerlAuthzHandler	Cdr::AuthCookie->authorize

	PerlHandler			Cdr::Hello

	require 			valid-user

</Location>

###########################################################################
# Cdr::AuthCookie.pm
###########################################################################

package Cdr::AuthCookie;

use strict;

use base qw( Apache::AuthCookie );

local $\ = "\n";
local $, = "\n";

# CPAN modules

use Carp;

use Apache::Constants qw(:common M_GET M_POST FORBIDDEN REDIRECT);
use Apache::Log;

use Digest::MD5 qw( &md5_hex );

# used for sharing and generating the shared secret
# used in the authrization process.

use IPC::SysV;
use IPC::Shareable;

use Digest::MD5 qw( &md5_hex );

use Data::Dumper;
	$Data::Dumper::Purity		= 1;
	$Data::Dumper::Terse		= 1;
	$Data::Dumper::Indent		= 1;
	$Data::Dumper::Deepcopy		= 0;
	$Data::Dumper::Quotekeys	= 0;

# homegrown modules

use Cdr::Reportz;
use Cdr::Shared qw( &logrequest &sendreply );

########################################################################
# package variables
########################################################################

# initialize the untied variable to false, use $key to check the status.

our $secret = '';
our $key = '';

# amount of time before a cookie times out.
# currently set to 8 hours (28 800 sec).
#
# 10 sec for testing only, probably useful in production.

my $timeout = 30; #28800;

# login screen returns this to the caller.

my $loginform = <<'END';

<html>

<head>
	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
	<base href="$ENV{BASEURL}" >
</head>
<body>

<form method="get" action="/cdrlogin" >

<!-- Login form for an Cdr::AuthCookie -->

<input type=hidden name="destination" value="DEST" >

	<table>

	<tr>
		<th align=center colspan=2 >Please Enter Your Username and Password to log in:"

	<tr>
		<th align=right >Username:
		<td align=left > <input type="text" name="credential_0" size=12 maxlenth=12 >

	<tr>
		<th align=right >Password:
		<td align=left > <input type="password" name="credential_1" size=12 maxlenth=12
>

	<tr>
		<td><!-- filler -->
		<td align=left ><input type="submit" value=" Log In " >

	</table>

</form>

</body>

END

########################################################################
# subroutines 
########################################################################

=head2 sub B<hashcookie>

Trick here is to hash the information with a secret and then 
hash the hash with the values. This makes it virtually 
impossible for someone to tickle bits in the original items
to get a matching hash. It also makes it nearly impossible
for someone to guess the secret since the hash that includes
the secret is hashed again with the data a second time.

This is used both to validate the string and to generate
a new one.

=cut

sub hashcookie
{
	join  '-', @_, md5_hex( join '', @_, md5_hex( join '', @_, $secret ) );
}

# stubbed out authen_cred and authen_ses_key. these definatly always
# return a key and always return a userid. only problem is that they
# don't work...

sub authen_cred( $$\@ ) { "foo" }

sub authen_ses_key( $$$ ) { "foo" }

=head1 sub B<login_form>

Generate login screen.

This has to define where the user was headed when they
bounced into the Authorization handler and put this into
the hidden field "destination".

=cut

sub login_form
{
	my( $class, $request ) = @_;

	my $log = logrequest $request, __PACKAGE__ . '::login_form';

	my $desturi = $request->uri;

	( my $form = $loginform ) =~ s{DEST}{$desturi};

	$request->no_cache( 1 );

	$log->debug( "Reply:\n\n$form\n" );

	$request->send_http_header( 'text/html' );
	$request->print( $form );

	OK
}

# override the standard version in order to pass the second argument
# to login_form.

sub authenticate ($$)
{
	my ($auth_type, $r) = @_;
	my ($authen_script, $auth_user);
	my $debug = $r->dir_config("AuthCookieDebug") || 0;

	my $log = logrequest $r, __PACKAGE__ . '::authenticate';

	$r->log_error("auth_type " . $auth_type) if ($debug >= 3);

	# Only authenticate the first internal request

	return OK unless $r->is_initial_req;

	if ($r->auth_type ne $auth_type)
	{
		# This location requires authentication because we are being called,
		# but we don't handle this AuthType.

		$r->log_error("AuthType mismatch: $auth_type =/= ".$r->auth_type) if $debug >=
3;
		return DECLINED;
	}

	# Ok, the AuthType is $auth_type which we handle, what's
	# the authentication realm's name?

	my $auth_name = $r->auth_name;

	$r->log_error("auth_name " . $auth_name) if $debug >= 2;

	unless ($auth_name)
	{
		$r->log_reason("AuthName not set, AuthType=$auth_type", $r->uri);

		return SERVER_ERROR;
	}

	# Get the Cookie header. If there is a session key for this realm, strip
	# off everything but the value of the cookie.

	my ($ses_key_cookie) =
		($r->header_in("Cookie") || "") =~ /$auth_type\_$auth_name=([^;]+)/;

	$ses_key_cookie = "" unless defined($ses_key_cookie);

	$r->log_error("ses_key_cookie " . $ses_key_cookie) if ($debug >= 1);

	$r->log_error("uri " . $r->uri) if ($debug >= 2);

	if ($ses_key_cookie)
	{
		if ($auth_user = $auth_type->authen_ses_key($r, $ses_key_cookie))
		{
			# We have a valid session key, so we return with an OK value.
			# Tell the rest of Apache what the authentication method and
			# user is.

			$r->log_error("user authenticated as $auth_user")	if $debug >= 1;

			$r->connection->auth_type($auth_type);
			$r->connection->user($auth_user);

			$r->log_error("user set to " . $r->connection->user );

			return OK;
		}
		else
		{
			# There was a session key set, but it's invalid for some reason. So,
			# remove it from the client now so when the credential data is posted
			# we act just like it's a new session starting.

			my $str =	
				$auth_type->cookie_string
				(
					request => $r,
					key     => "$auth_type\_$auth_name",
					value   => '',
					expires => 'Mon, 21-May-1971 00:00:00 GMT'
				);

			$r->err_headers_out->add("Set-Cookie" => "$str");
			$r->log_error("set_cookie " . $r->err_header_out("Set-Cookie")) if $debug >= 2;
			$r->subprocess_env('AuthCookieReason', 'bad_cookie');
		}
	}
	else
	{
		$r->log_error("no cookie" ) if $debug >= 2;
		$r->subprocess_env('AuthCookieReason', 'no_cookie');
	}

	# They aren't authenticated, and they tried to get a protected
	# document.  Send them the authen form.

	return $auth_type->login_form( $r );
}
  
sub authorize ($$)
{
	my ($auth_type, $r) = @_;
	my $debug = $r->dir_config("AuthCookieDebug") || 0;

	my $log = logrequest $r, __PACKAGE__ . '::authorize', { user => $r->connection->user
};

	return OK unless $r->is_initial_req; #only the first internal request

	if ($r->auth_type ne $auth_type)
	{
		$r->log_error($auth_type . " auth type is " .  $r->auth_type)
			if ($debug >= 3);

		return DECLINED;
	}

	my $reqs_arr = $r->requires or return DECLINED;

	my $user = $r->connection->user;

	unless ($user)
	{
		# user is either undef or =0 which means the authentication failed

		$r->log_reason("No user authenticated.", $r->uri);

		return FORBIDDEN;
	}

	my ($forbidden);

	foreach my $req (@$reqs_arr)
	{
		my ($requirement, $args) = split /\s+/, $req->{requirement}, 2;
		$args = '' unless defined $args;
		$r->log_error("requirement := $requirement, $args") if $debug >= 2;

		next if $requirement eq 'valid-user';
		if($requirement eq 'user')
		{
			next if $args =~ m/\b$user\b/;
			$forbidden = 1;
			next;
		}

		# Call a custom method
		my $ret_val = $auth_type->$requirement($r, $args);
		$r->log_error("$auth_type->$requirement returned $ret_val") if $debug >= 3;
		next if $ret_val == OK;

		# Nothing succeeded, deny access to this user.
		$forbidden = 1;
		last;
	}

	return $forbidden ? FORBIDDEN : OK;
}

sub login ($$)
{
	my ($self, $r) = @_;
	my $debug = $r->dir_config("AuthCookieDebug") || 0;

	my ($auth_type, $auth_name) = ($r->auth_type, $r->auth_name);

	my %args = $r->method eq 'POST' ? $r->content : $r->args;

	my $log = logrequest $r, __PACKAGE__ . '::login', \%args;

	unless (exists $args{'destination'})
	{
		$r->log_error("No key 'destination' found in posted data");
		return SERVER_ERROR;
	}

	# Get the credentials from the data posted by the client.
	# sch. xform avoids problems with users skipping numbers
	# in their sequences (e.g., qw(credential_1, credential_3)).

	my @credkeyz = 
		map { $_->[0] }
		sort{ $a->[1] <=> $b->[1] } 
		map{ /credential_(\d+)/ ? [ $_, $1 ] : () }
		keys %args;

	my @credentials = @args{@credkeyz};

	$r->log_error( "Credential keys:\n", Dumper \@credkeyz ) if $debug >2;
	$r->log_error( "Credential vals:\n", Dumper \@credentials ) if $debug >2;

	# Exchange the credentials for a session key.

	my $ses_key = $self->authen_cred($r, @credentials);

	$r->log_error("ses_key " . $ses_key) if ($debug >= 2);

	$self->send_cookie($ses_key);

	if ($r->method eq 'POST')
	{
		$r->method('GET');
		$r->method_number(M_GET);
		$r->headers_in->unset('Content-Length');
	}
	unless ($r->dir_config("${auth_name}Cache"))
	{
		$r->no_cache(1);
		$r->err_header_out("Pragma" => "no-cache");
	}

	$r->header_out("Location" => $args{'destination'});
	return REDIRECT;
}

########################################################################
# junk included to show what the logging does
########################################################################

sub logrequest
{
	my ( $request, $package, $argz ) = @_;
	my $log = $request->log;

	# useful for detecting whether the proper module handled
	# the request in the first place.

	$log->debug( "Handled by $package" );

	# store file access as info, full http request as debug for now.
	# stop debug level output via setting log level in httpd.conf.

	$log->debug( "request:\n\n" . $request->as_string . "\n" );

	$log->debug( "args:\n", Dumper $argz ) if ref $argz;

	if( my %cookyz = CGI::Cookie->parse( $request->headers_in->{'Cookie'} ) )
	{
		$log->debug( "old cookie:", map { "$_ => " . $cookyz{$_}->as_string } sort keys
%cookyz );
	}

	# hand back the log item -- saves a few lines of code in each module.

	$log
}


# keep the use pragma happy

1

__DATA__

########################################################################
# ./logs/error_log
########################################################################

GET /foo HTTP/1.1
Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Cache-Control: no-cache
Connection: Keep-Alive
Host: cdr_dev.lit.alltel.com:8081
Pragma: no-cache
User-Agent: Opera/5.0 (Linux 2.2.18.ae i686; U)  [en]

HTTP/1.1 (null)

[Thu Dec  6 15:16:22 2001] [error] auth_type Cdr::AuthCookie
[Thu Dec  6 15:16:22 2001] [error] auth_name CDR
[Thu Dec  6 15:16:22 2001] [error] ses_key_cookie 
[Thu Dec  6 15:16:22 2001] [error] uri /foo
[Thu Dec  6 15:16:22 2001] [error] no cookie
[Thu Dec  6 15:16:22 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(92):
[client 10.53.28.218] Handled by Cdr::AuthCookie::login_form
[Thu Dec  6 15:16:22 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(97):
[client 10.53.28.218] request:

GET /foo HTTP/1.1
Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Cache-Control: no-cache
Connection: Keep-Alive
Host: cdr_dev.lit.alltel.com:8081
Pragma: no-cache
User-Agent: Opera/5.0 (Linux 2.2.18.ae i686; U)  [en]

HTTP/1.1 (null)



[Thu Dec  6 15:16:22 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(99):
[client 10.53.28.218] args:
{
  class => 'Cdr::AuthCookie',
  uri => '/foo'
}

[Thu Dec  6 15:16:22 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(142):
[client 10.53.28.218] Reply:

		<html>
		<head>
		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
		<base href="" >
		</head>
<body>
<form method="get" action="/cdrlogin" >

<!-- Login form for an Cdr::AuthCookie -->

<input type=hidden name="destination" value="/foo" >

	<table>

	<tr>
		<th align=center colspan=2 >Please Enter Your Username and Password to log in:"

	<tr>
		<th align=right >Username:
		<td align=left > <input type="text" name="credential_0" size=12 maxlenth=12 >

	<tr>
		<th align=right >Password:
		<td align=left > <input type="password" name="credential_1" size=12 maxlenth=12
>

	<tr>
		<td><!-- filler -->
		<td align=left ><input type="submit" value=" Log In " >

	</table>

</form>

</body></html>

[Thu Dec  6 15:16:22 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(92):
[client 10.53.28.218] Handled by Cdr::AuthCookie::authorize
[Thu Dec  6 15:16:22 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(97):
[client 10.53.28.218] request:

GET /foo HTTP/1.1
Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Cache-Control: no-cache
Connection: Keep-Alive
Host: cdr_dev.lit.alltel.com:8081
Pragma: no-cache
User-Agent: Opera/5.0 (Linux 2.2.18.ae i686; U)  [en]

HTTP/1.1 200 OK
Pragma: no-cache
Cache-control: no-cache
Keep-Alive: timeout=15, max=1024
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
Expires: Thu, 06 Dec 2001 21:16:22 GMT



[Thu Dec  6 15:16:22 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(99):
[client 10.53.28.218] args:
{
  user => undef
}

[Thu Dec  6 15:16:22 2001] [error] access to /foo failed for 10.53.28.218, reason: No user
authenticated.
[Thu Dec  6 15:16:33 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(92):
[client 10.53.28.218] Handled by Cdr::AuthCookie::login
[Thu Dec  6 15:16:33 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(97):
[client 10.53.28.218] request:

GET /cdrlogin?destination=%2Ffoo&credential_0=asdf&credential_1=asdf HTTP/1.1
Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Connection: Keep-Alive, TE
Host: cdr_dev.lit.alltel.com:8081
Referer: http://cdr_dev.lit.alltel.com:8081/foo
TE: deflate, gzip, chunked, identity, trailers
User-Agent: Opera/5.0 (Linux 2.2.18.ae i686; U)  [en]

HTTP/1.1 (null)



[Thu Dec  6 15:16:33 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(99):
[client 10.53.28.218] args:
{
  credential_0 => 'asdf',
  credential_1 => 'asdf',
  destination => '/foo'
}

[Thu Dec  6 15:16:33 2001] [error] Credential keys:
[
  'credential_0',
  'credential_1'
]

[Thu Dec  6 15:16:33 2001] [error] Credential vals:
[
  'asdf',
  'asdf'
]

[Thu Dec  6 15:16:33 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(92):
[client 10.53.28.218] Handled by Cdr::AuthCookie::authen-cred
[Thu Dec  6 15:16:33 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(97):
[client 10.53.28.218] request:

GET /cdrlogin?destination=%2Ffoo&credential_0=asdf&credential_1=asdf HTTP/1.1
Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Connection: Keep-Alive, TE
Host: cdr_dev.lit.alltel.com:8081
Referer: http://cdr_dev.lit.alltel.com:8081/foo
TE: deflate, gzip, chunked, identity, trailers
User-Agent: Opera/5.0 (Linux 2.2.18.ae i686; U)  [en]

HTTP/1.1 (null)



[Thu Dec  6 15:16:33 2001] [error] ses_key asdf-10.53.28.218-1007673423-a8613661ccbf2cda1ee31aed97f3eba2
[Thu Dec  6 15:16:35 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(92):
[client 10.53.28.218] Handled by Cdr::AuthCookie::authenticate
[Thu Dec  6 15:16:35 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(97):
[client 10.53.28.218] request:

GET /foo HTTP/1.1
Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Connection: Keep-Alive, TE
Cookie: Cdr::AuthCookie_CDR=asdf-10.53.28.218-1007673423-a8613661ccbf2cda1ee31aed97f3eba2
Cookie2: $Version="1"
Host: cdr_dev.lit.alltel.com:8081
Referer: http://cdr_dev.lit.alltel.com:8081/foo
TE: deflate, gzip, chunked, identity, trailers
User-Agent: Opera/5.0 (Linux 2.2.18.ae i686; U)  [en]

HTTP/1.1 (null)



[Thu Dec  6 15:16:35 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(101):
[client 10.53.28.218] old cookie:Cdr::AuthCookie_CDR => Cdr%3A%3AAuthCookie_CDR=asdf-10.53.28.218-1007673423-a8613661ccbf2cda1ee31aed97f3eba2;
path=/
[Thu Dec  6 15:16:35 2001] [error] auth_type Cdr::AuthCookie
[Thu Dec  6 15:16:35 2001] [error] auth_name CDR
[Thu Dec  6 15:16:35 2001] [error] ses_key_cookie asdf-10.53.28.218-1007673423-a8613661ccbf2cda1ee31aed97f3eba2
[Thu Dec  6 15:16:35 2001] [error] uri /foo
[Thu Dec  6 15:16:35 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(92):
[client 10.53.28.218] Handled by Cdr::AuthCookie::authen_ses_key
[Thu Dec  6 15:16:35 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(97):
[client 10.53.28.218] request:

GET /foo HTTP/1.1
Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Connection: Keep-Alive, TE
Cookie: Cdr::AuthCookie_CDR=asdf-10.53.28.218-1007673423-a8613661ccbf2cda1ee31aed97f3eba2
Cookie2: $Version="1"
Host: cdr_dev.lit.alltel.com:8081
Referer: http://cdr_dev.lit.alltel.com:8081/foo
TE: deflate, gzip, chunked, identity, trailers
User-Agent: Opera/5.0 (Linux 2.2.18.ae i686; U)  [en]

HTTP/1.1 (null)



[Thu Dec  6 15:16:35 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(101):
[client 10.53.28.218] old cookie:Cdr::AuthCookie_CDR => Cdr%3A%3AAuthCookie_CDR=asdf-10.53.28.218-1007673423-a8613661ccbf2cda1ee31aed97f3eba2;
path=/
[Thu Dec  6 15:16:35 2001] [debug] Cdr/AuthCookie.pm(302): [client 10.53.28.218] Processing
cookie: asdf-10.53.28.218-1007673423-a8613661ccbf2cda1ee31aed97f3eba2
[Thu Dec  6 15:16:35 2001] [debug] Cdr/AuthCookie.pm(303): [client 10.53.28.218] Processed
values: asdf, 10.53.28.218, 1007673423
[Thu Dec  6 15:16:35 2001] [debug] Cdr/AuthCookie.pm(329): [client 10.53.28.218] 17472: Cookie
has expired: 1007673423
[Thu Dec  6 15:16:35 2001] [error] user authenticated as asdf
[Thu Dec  6 15:16:35 2001] [error] user set to asdf
[Thu Dec  6 15:16:35 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(92):
[client 10.53.28.218] Handled by Cdr::AuthCookie::authorize
[Thu Dec  6 15:16:35 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(97):
[client 10.53.28.218] request:

GET /foo HTTP/1.1
Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Connection: Keep-Alive, TE
Cookie: Cdr::AuthCookie_CDR=asdf-10.53.28.218-1007673423-a8613661ccbf2cda1ee31aed97f3eba2
Cookie2: $Version="1"
Host: cdr_dev.lit.alltel.com:8081
Referer: http://cdr_dev.lit.alltel.com:8081/foo
TE: deflate, gzip, chunked, identity, trailers
User-Agent: Opera/5.0 (Linux 2.2.18.ae i686; U)  [en]

HTTP/1.1 (null)



[Thu Dec  6 15:16:35 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(99):
[client 10.53.28.218] args:
{
  user => 'asdf'
}

[Thu Dec  6 15:16:35 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(101):
[client 10.53.28.218] old cookie:Cdr::AuthCookie_CDR => Cdr%3A%3AAuthCookie_CDR=asdf-10.53.28.218-1007673423-a8613661ccbf2cda1ee31aed97f3eba2;
path=/
[Thu Dec  6 15:16:35 2001] [error] requirement := valid-user, 
[Thu Dec  6 15:16:35 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(92):
[client 10.53.28.218] Handled by Cdr::Hello
[Thu Dec  6 15:16:35 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(97):
[client 10.53.28.218] request:

GET /foo HTTP/1.1
Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Connection: Keep-Alive, TE
Cookie: Cdr::AuthCookie_CDR=asdf-10.53.28.218-1007673423-a8613661ccbf2cda1ee31aed97f3eba2
Cookie2: $Version="1"
Host: cdr_dev.lit.alltel.com:8081
Referer: http://cdr_dev.lit.alltel.com:8081/foo
TE: deflate, gzip, chunked, identity, trailers
User-Agent: Opera/5.0 (Linux 2.2.18.ae i686; U)  [en]

HTTP/1.1 (null)



[Thu Dec  6 15:16:35 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(101):
[client 10.53.28.218] old cookie:Cdr::AuthCookie_CDR => Cdr%3A%3AAuthCookie_CDR=asdf-10.53.28.218-1007673423-a8613661ccbf2cda1ee31aed97f3eba2;
path=/
[Thu Dec  6 15:16:35 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(142):
[client 10.53.28.218] Reply:


		<html>
		<head>
		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
		<base href="" >
		</head>
<body>Hello, world! from /foo</body></html>

[Thu Dec  6 15:18:16 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(92):
[client 10.53.28.218] Handled by Cdr::AuthCookie::authenticate
[Thu Dec  6 15:18:16 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(97):
[client 10.53.28.218] request:

GET /foo HTTP/1.1
Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Cache-Control: no-cache
Connection: Keep-Alive, TE
Cookie: Cdr::AuthCookie_CDR=asdf-10.53.28.218-1007673423-a8613661ccbf2cda1ee31aed97f3eba2
Cookie2: $Version="1"
Host: cdr_dev.lit.alltel.com:8081
Referer: http://cdr_dev.lit.alltel.com:8081/foo
TE: deflate, gzip, chunked, identity, trailers
User-Agent: Opera/5.0 (Linux 2.2.18.ae i686; U)  [en]

HTTP/1.1 (null)



[Thu Dec  6 15:18:16 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(101):
[client 10.53.28.218] old cookie:Cdr::AuthCookie_CDR => Cdr%3A%3AAuthCookie_CDR=asdf-10.53.28.218-1007673423-a8613661ccbf2cda1ee31aed97f3eba2;
path=/
[Thu Dec  6 15:18:16 2001] [error] auth_type Cdr::AuthCookie
[Thu Dec  6 15:18:16 2001] [error] auth_name CDR
[Thu Dec  6 15:18:16 2001] [error] ses_key_cookie asdf-10.53.28.218-1007673423-a8613661ccbf2cda1ee31aed97f3eba2
[Thu Dec  6 15:18:16 2001] [error] uri /foo
[Thu Dec  6 15:18:16 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(92):
[client 10.53.28.218] Handled by Cdr::AuthCookie::authen_ses_key
[Thu Dec  6 15:18:16 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(97):
[client 10.53.28.218] request:

GET /foo HTTP/1.1
Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Cache-Control: no-cache
Connection: Keep-Alive, TE
Cookie: Cdr::AuthCookie_CDR=asdf-10.53.28.218-1007673423-a8613661ccbf2cda1ee31aed97f3eba2
Cookie2: $Version="1"
Host: cdr_dev.lit.alltel.com:8081
Referer: http://cdr_dev.lit.alltel.com:8081/foo
TE: deflate, gzip, chunked, identity, trailers
User-Agent: Opera/5.0 (Linux 2.2.18.ae i686; U)  [en]

HTTP/1.1 (null)



[Thu Dec  6 15:18:16 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(101):
[client 10.53.28.218] old cookie:Cdr::AuthCookie_CDR => Cdr%3A%3AAuthCookie_CDR=asdf-10.53.28.218-1007673423-a8613661ccbf2cda1ee31aed97f3eba2;
path=/
[Thu Dec  6 15:18:16 2001] [debug] Cdr/AuthCookie.pm(302): [client 10.53.28.218] Processing
cookie: asdf-10.53.28.218-1007673423-a8613661ccbf2cda1ee31aed97f3eba2
[Thu Dec  6 15:18:16 2001] [debug] Cdr/AuthCookie.pm(303): [client 10.53.28.218] Processed
values: asdf, 10.53.28.218, 1007673423
[Thu Dec  6 15:18:16 2001] [error] set_cookie Cdr::AuthCookie_CDR=; expires=Mon, 21-May-1971
00:00:00 GMT; path=/foo
[Thu Dec  6 15:18:16 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(92):
[client 10.53.28.218] Handled by Cdr::AuthCookie::login_form
[Thu Dec  6 15:18:16 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(97):
[client 10.53.28.218] request:

GET /foo HTTP/1.1
Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Cache-Control: no-cache
Connection: Keep-Alive, TE
Cookie: Cdr::AuthCookie_CDR=asdf-10.53.28.218-1007673423-a8613661ccbf2cda1ee31aed97f3eba2
Cookie2: $Version="1"
Host: cdr_dev.lit.alltel.com:8081
Referer: http://cdr_dev.lit.alltel.com:8081/foo
TE: deflate, gzip, chunked, identity, trailers
User-Agent: Opera/5.0 (Linux 2.2.18.ae i686; U)  [en]

HTTP/1.1 (null)
Set-Cookie: Cdr::AuthCookie_CDR=; expires=Mon, 21-May-1971 00:00:00 GMT; path=/foo



[Thu Dec  6 15:18:16 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(99):
[client 10.53.28.218] args:
{
  class => 'Cdr::AuthCookie',
  uri => '/foo'
}

[Thu Dec  6 15:18:16 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(101):
[client 10.53.28.218] old cookie:Cdr::AuthCookie_CDR => Cdr%3A%3AAuthCookie_CDR=asdf-10.53.28.218-1007673423-a8613661ccbf2cda1ee31aed97f3eba2;
path=/
[Thu Dec  6 15:18:16 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(142):
[client 10.53.28.218] Reply:


		<html>
		<head>
		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
		<base href="" >
		</head>
<body>
<form method="get" action="/cdrlogin" >

<!-- Login form for an Cdr::AuthCookie -->

<input type=hidden name="destination" value="/foo" >

	<table>

	<tr>
		<th align=center colspan=2 >Please Enter Your Username and Password to log in:"

	<tr>
		<th align=right >Username:
		<td align=left > <input type="text" name="credential_0" size=12 maxlenth=12 >

	<tr>
		<th align=right >Password:
		<td align=left > <input type="password" name="credential_1" size=12 maxlenth=12
>

	<tr>
		<td><!-- filler -->
		<td align=left ><input type="submit" value=" Log In " >

	</table>

</form>

</body></html>

[Thu Dec  6 15:18:16 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(92):
[client 10.53.28.218] Handled by Cdr::AuthCookie::authorize
[Thu Dec  6 15:18:16 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(97):
[client 10.53.28.218] request:

GET /foo HTTP/1.1
Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Cache-Control: no-cache
Connection: Keep-Alive, TE
Cookie: Cdr::AuthCookie_CDR=asdf-10.53.28.218-1007673423-a8613661ccbf2cda1ee31aed97f3eba2
Cookie2: $Version="1"
Host: cdr_dev.lit.alltel.com:8081
Referer: http://cdr_dev.lit.alltel.com:8081/foo
TE: deflate, gzip, chunked, identity, trailers
User-Agent: Opera/5.0 (Linux 2.2.18.ae i686; U)  [en]

HTTP/1.1 200 OK
Set-Cookie: Cdr::AuthCookie_CDR=; expires=Mon, 21-May-1971 00:00:00 GMT; path=/foo
Pragma: no-cache
Cache-control: no-cache
Keep-Alive: timeout=15, max=1024
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
Expires: Thu, 06 Dec 2001 21:18:16 GMT
Set-Cookie: Cdr::AuthCookie_CDR=; expires=Mon, 21-May-1971 00:00:00 GMT; path=/foo



[Thu Dec  6 15:18:16 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(99):
[client 10.53.28.218] args:
{
  user => undef
}

[Thu Dec  6 15:18:16 2001] [debug] /home/lembark/sandbox/cdr//code/app/website/Cdr/Shared.pm(101):
[client 10.53.28.218] old cookie:Cdr::AuthCookie_CDR => Cdr%3A%3AAuthCookie_CDR=asdf-10.53.28.218-1007673423-a8613661ccbf2cda1ee31aed97f3eba2;
path=/
[Thu Dec  6 15:18:16 2001] [error] access to /foo failed for 10.53.28.218, reason: No user
authenticated.

########################################################################
# net result on the screen -- problem is the pair of messages that
# get sent.
########################################################################

		<html>
		<head>
		<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
		<base href="" >
		</head>
<body>
<form method="get" action="/cdrlogin" >

<!-- Login form for an Cdr::AuthCookie -->

<input type=hidden name="destination" value="/foo" >

	<table>

	<tr>
		<th align=center colspan=2 >Please Enter Your Username and Password to log in:"

	<tr>
		<th align=right >Username:
		<td align=left > <input type="text" name="credential_0" size=12 maxlenth=12 >

	<tr>
		<th align=right >Password:
		<td align=left > <input type="password" name="credential_1" size=12 maxlenth=12
>

	<tr>
		<td><!-- filler -->
		<td align=left ><input type="submit" value=" Log In " >

	</table>

</form>

</body></html>HTTP/1.1 200 OK
Date: Thu, 06 Dec 2001 21:18:16 GMT
Server: Apache/1.3.20 (Unix) mod_perl/1.26
Set-Cookie: Cdr::AuthCookie_CDR=; expires=Mon, 21-May-1971 00:00:00 GMT; path=/foo
Keep-Alive: timeout=15, max=1023
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
Expires: Thu, 06 Dec 2001 21:18:16 GMT

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>200 OK</TITLE>
</HEAD><BODY>
<H1>OK</H1>
You don't have permission to access /foo
on this server.<P>
<HR>
<ADDRESS>Apache/1.3.20 Server at AlltelViewer Port 8081</ADDRESS>
</BODY></HTML>

Mime
View raw message