|
Graham Dumpleton
grahamd at dscpl.com.au
Thu Apr 20 22:15:17 EDT 2006
Add to config: AuthAuthoritative Off Require dummy The value to Require cannot be: valid-user user ??? group ??? it has to be something of your own creation that your authz handler then interprets. I am noting that authzhandler() can't return DECLINED, but must be OK, or presumable HTTP_UNAUTHORIZED. Returning DECLINED results in 500 error and: [Fri Apr 21 12:10:43 2006] [crit] [client ::1] configuration error: couldn't check access. No groups file?: /~grahamd/authz/index.py Graham Graham Dumpleton wrote .. > Jim Gallacher wrote .. > > I've been pulling my hair out all day trying to get PythonAuthzHandler > > to work and I'm either missing something obvious or there is a problem > > with mod_python. What the heck is the magic required to make Apache call > > my authzhander? Using Apache 2.0.55 with the latest 3.3.0-dev, all my > > handlers including authenhandler get called, *except* for authzhandler. > > > > <Directory /srv/projects/aos/html/aos-admin/> > > DirectoryIndex index.py > > AllowOverride None > > AddHandler mod_python .py > > > > AuthType PyCookie > > AuthName "Restricted" > > Require valid-user > > Require admin > > > > PythonAccessHandler mprest.authtest > > PythonAuthenHandler mprest.authtest > > PythonAuthzHandler mprest.authtest > > PythonHandler mprest.authtest > > > > </Directory> > > > > authtest.py contains the appropriate handlers that do nothing more than > > call req.log_error(). > > > > To aid in my efforts I modified python_handler in mod_python.c to log > > the status of each phase. > > > > Simplified error_log output: > > > > $ cut -f 4 -d "]" error.log > > mod_python.c python_handler: DECLINED PythonInitHandler phase > > mod_python.c python_handler: DECLINED PythonPostReadRequestHandler phase > > mod_python.c python_handler: DECLINED PythonTransHandler phase > > mod_python.c python_handler: DECLINED PythonHeaderParserHandler phase > > mod_python.c python_handler: PROCESS PythonAccessHandler phase > > authtest.py accesshandler called > > mod_python.c python_handler: PROCESS PythonAuthenHandler phase > > authtest.py authenhandler called > > mod_python.c python_handler: DECLINED PythonFixupHandler phase > > mod_python.c python_handler: PROCESS PythonHandler phase > > authtest.py handler called > > mod_python.c python_handler: DECLINED PythonLogHandler phase > > mod_python.c python_handler: DECLINED PythonCleanupHandler phase > > > > > > Please save me before I've gone completely bald. Otherwise at that point > > I'll have to start poking myself with a pointed stick. Madness can't > be > > too far off in my future. :) > > Behaviour confirmed. > > I don't have much hair left already. > > What is stranger is that if you use: > > #PythonAccessHandler handlers > #PythonAuthenHandler handlers > #PythonAuthzHandler handlers > #PythonHandler handlers > PythonHandlerModule handlers > > you get a 500 error and the Apache log file says: > > [Fri Apr 21 11:45:13 2006] [crit] [client ::1] configuration error: couldn't > check user. No user file?: /~grahamd/authz/index.py > > Using the new module importer with its slightly different treatment of > handler responses makes no difference. > > Note that I have the following in my authenhandler(). > > req.user = "dummy" > req.ap_auth_type = "dummy" > > If I don't, I get a 500 error and: > > [Fri Apr 21 11:48:25 2006] [error] [client ::1] python_handler: After PythonAuthenHandler > req->user is NULL. Assign something to req.user if returning OK to avoid > this error. > > This error is actually from mod_python and was originally a fudge from > some problem with Apache from back in time. Maybe it should be > removed as comments suggest it should have been at some point. > > Time to start augmenting Apache itself with some debug logging > as it all does make a great deal of sense. :-( > > More later. > > Graham > _______________________________________________ > Mod_python mailing list > Mod_python at modpython.org > http://mailman.modpython.org/mailman/listinfo/mod_python
|