Howdy folks,
Hopefully this won't come across as being too strange. I'll try and
explain it in a way that makes sense. I've set up, using mod_auth_any,
a system that authenticates users based on the following steps:
1. Users are auth'd against a local database (works fine)
2. If a valid user/password is given, DOCUMENT_URI is
checked. DOCUMENT_URI *must* either be /, or a
URI beginning with the directory /user/, where user
is the username given.
For example, if user "foo" authenticates with the system, he/she must
either be accessing / (or /index.shtml), or /foo/*
My mod_auth_any program *does* work as expected in all other ways, so
it's not mod_auth_any that I'm concerned about. My program, however,
does NOT get the DOCUMENT_URI environment variable (null value). That
bit of code shouldn't be in question, as it works from the command
line if DOCUMENT_URI is set in the shell. I have since coded my auth
program to write a syslog(3) message if various error conditions
happen, and, when it is invoked from Apache, syslog reports that
DOCUMENT_URI is not set. The apache error logs simply show access
denied for user foo URI: / (which is the expected result, if
DOCUMENT_URI is not set).
I'm using Apache 1.3.22. I had something almost identical working
under 1.3.20. Is it possible that something changed between versions
that would effect how the CGI vars get passed? Or has my config become
mangled?
If it is a config issue (I bet it is :-), how can I tell Apache to
definitely pass the standard CGI vars to my Auth program?
Here's the vhost:
<VirtualHost 192.168.0.1>
ServerAdmin webmaster@host.com
DocumentRoot /foo/stats
ServerName stats.host.com
<Directory /foo/stats>
Options Indexes Includes
AuthName "Web Statistics"
AuthType Basic
AuthAnyUserProg /usr/local/internal/authweb
require valid-user
</Directory>
</VirtualHost>
With the syslog output that I've added to "authweb", Apache/
mod_auth_any is definitely invoking it for every browser request on
this vhost... and authweb reports in syslog that the user/password is
OK, but DOCUMENT_URI is not set... thus, by design, my program denies
access.
So... Any thoughts on why this "authweb" of mine might not be getting
the DOCUMENT_URI variable any more?
Thanks!
- Ryan
--
Ryan Thompson <ryan@sasknow.com>
Network Administrator, Accounts
SaskNow Technologies - http://www.sasknow.com
#106-380 3120 8th St E - Saskatoon, SK - S7H 0W2
Tel: 306-664-3600 Fax: 306-664-1161 Saskatoon
Toll-Free: 877-727-5669 (877-SASKNOW) North America
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Hopefully this won't come across as being too strange. I'll try and
explain it in a way that makes sense. I've set up, using mod_auth_any,
a system that authenticates users based on the following steps:
1. Users are auth'd against a local database (works fine)
2. If a valid user/password is given, DOCUMENT_URI is
checked. DOCUMENT_URI *must* either be /, or a
URI beginning with the directory /user/, where user
is the username given.
For example, if user "foo" authenticates with the system, he/she must
either be accessing / (or /index.shtml), or /foo/*
My mod_auth_any program *does* work as expected in all other ways, so
it's not mod_auth_any that I'm concerned about. My program, however,
does NOT get the DOCUMENT_URI environment variable (null value). That
bit of code shouldn't be in question, as it works from the command
line if DOCUMENT_URI is set in the shell. I have since coded my auth
program to write a syslog(3) message if various error conditions
happen, and, when it is invoked from Apache, syslog reports that
DOCUMENT_URI is not set. The apache error logs simply show access
denied for user foo URI: / (which is the expected result, if
DOCUMENT_URI is not set).
I'm using Apache 1.3.22. I had something almost identical working
under 1.3.20. Is it possible that something changed between versions
that would effect how the CGI vars get passed? Or has my config become
mangled?
If it is a config issue (I bet it is :-), how can I tell Apache to
definitely pass the standard CGI vars to my Auth program?
Here's the vhost:
<VirtualHost 192.168.0.1>
ServerAdmin webmaster@host.com
DocumentRoot /foo/stats
ServerName stats.host.com
<Directory /foo/stats>
Options Indexes Includes
AuthName "Web Statistics"
AuthType Basic
AuthAnyUserProg /usr/local/internal/authweb
require valid-user
</Directory>
</VirtualHost>
With the syslog output that I've added to "authweb", Apache/
mod_auth_any is definitely invoking it for every browser request on
this vhost... and authweb reports in syslog that the user/password is
OK, but DOCUMENT_URI is not set... thus, by design, my program denies
access.
So... Any thoughts on why this "authweb" of mine might not be getting
the DOCUMENT_URI variable any more?
Thanks!
- Ryan
--
Ryan Thompson <ryan@sasknow.com>
Network Administrator, Accounts
SaskNow Technologies - http://www.sasknow.com
#106-380 3120 8th St E - Saskatoon, SK - S7H 0W2
Tel: 306-664-3600 Fax: 306-664-1161 Saskatoon
Toll-Free: 877-727-5669 (877-SASKNOW) North America
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org