Skip Menu |

This queue is for tickets about the Apache-AuthCookie CPAN distribution.

Report information
The Basics
Id: 85832
Status: resolved
Priority: 0/
Queue: Apache-AuthCookie

People
Owner: Nobody in particular
Requestors: gregoa [...] debian.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Needs porting for httpd 2.4
Date: Mon, 3 Jun 2013 17:44:50 +0200
To: bug-Apache-AuthCookie [...] rt.cpan.org
From: gregor herrmann <gregoa [...] debian.org>
Hi, Apache2::AuthCookie doesn't work anymore with httpd 2.4 due to API changes. For details cf. the Debian bug report: http://bugs.debian.org/666837#52 I'm aware that this is a difficult situation since there's no mod-perl release with support for httpd 2.4. What we are shipping in Debian is 2.0.8 plus the httpd24 branch. In case it helps, the git repo of the package is at http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libapache2-mod-perl2.git Sorry for the bad news :) Cheers, gregor, Debian Perl Group -- .''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06 : :' : Debian GNU/Linux user, admin, and developer - http://www.debian.org/ `. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe `- NP: Wilbert Harrison: Kansas City
Download signature.asc
application/pgp-signature 836b

Message body not shown because it is not plain text.

Subject: Re: [rt.cpan.org #85832] Needs porting for httpd 2.4
Date: Fri, 07 Jun 2013 10:48:43 -0500
To: bug-Apache-AuthCookie [...] rt.cpan.org
From: Michael Schout <mschout [...] gkg.net>
I've just begin to look at this. Its very difficult because at this time there is no mod_perl official release for 2.4. In addition, the authentication API in Apache 2.4 has changed drastically. Its going to take some time to figure out how to best integrate this into authcookie, and still be backwards compatible with 2.2. Probably I will just offer a patch at least until mod_perl 2.4 support stabilizes. Regards, Michael Schout
Subject: Re: [rt.cpan.org #85832] Needs porting for httpd 2.4
Date: Mon, 05 Aug 2013 11:12:33 -0500
To: bug-Apache-AuthCookie [...] rt.cpan.org
From: Michael Schout <mschout [...] gkg.net>
On 6/3/13 10:45 AM, gregor herrmann via RT wrote: Show quoted text
> Apache2::AuthCookie doesn't work anymore with httpd 2.4 due to API > changes.
I have implemented support for apache 2.4 on the httpd24 branch in the authcookie repo. I have attached a current diff from master of that branch. Please read the README.apache-2.4 file for details, and see t/conf/extra.conf.in for the configuration changes. Note that subclasses that use AuthCookie will all need to be updated for apache 2.4 due to the fact that autentication works differently in 2.4. Also note that this patched Apache::Test that adds -D APACHE24 support. You can find that patch at: https://rt.cpan.org/Ticket/Display.html?id=87620 Also note that although the tests all pass, this is an early release, and things could change before we see a final release of mod_perl for httpd 2.4. The patch attached will not work under versions other than Apache 2.4 at this time (e.g.: it breaks on 2.0, 2.2). This patch is only if you are desperate to use it under 2.4 at this time. Regards, Michael Schout

Message body is not shown because sender requested not to inline it.

RT-Send-CC: mschout [...] gkg.net
I used your apache 24 patch and got everything working. There is one strange behavior I'm curious about. My authz seems to run twice. first authz, then authenticate, then authz again. Here is what My setup looks like: PerlAddAuthzProvider video MQM::AuthCookieHandler->video <Location /protectedcontent> AuthType My::AuthCookieHandler AuthName Members PerlAuthenHandler My::AuthCookieHandler->authenticate <RequireAll> Require video Require valid-user </RequireAll> </Location> Notice I also did not use #PerlAddAuthzProvider user MQM::AuthCookieHandler->authz_handler as stated in the new 24 README file. It didn't seem to do anything. I have 2 subs in my lib: authen_ses_key() video() This is the same setup I've used for many years on apache 2.2, and it always validated the session before calling the authz. Now it is running video(), then authen_ses_key(), then video() again (video fails the first time naturally because no username is set in $r->user yet) I hope I've explained the situation well enough and you understand whats going on. Hope you can give me some direction here or if I need to help out and maybe work on a patch for your http24 branch. Based on github looks like you haven't worked on this branch in a while.
On Sat Jan 17 19:35:59 2015, CKFULTON wrote: Show quoted text
> I used your apache 24 patch and got everything working. There is one > strange behavior I'm curious about. My authz seems to run twice.
Sorry for not responding to this sooner. I believe this is normal behaviour. Your authz handler needs to check if $r->user is set, and if not, you are supposed to return Apache2::Const::AUTHZ_DENIED_NO_USER under Apache 2.4 See the authz_handler in AuthCookie.pm for example. Regards, Michael Schout