[mod_python] PythonAuthzHandler not working

Graham Dumpleton grahamd at dscpl.com.au
Thu Apr 20 22:31:22 EDT 2006 

Graham Dumpleton wrote ..
> Add to config:
> 
>   AuthAuthoritative Off
>   Require dummy
> 
> The value to Require cannot be:
> 
>   valid-user
>   user ???
>   group ???
> 
> it has to be something of your own creation that your authz handler then
> interprets.
> 
> I am noting that authzhandler() can't return DECLINED, but must be OK,
> or presumable HTTP_UNAUTHORIZED. Returning DECLINED results in 500
> error and:
> 
> [Fri Apr 21 12:10:43 2006] [crit] [client ::1] configuration error:  couldn't
> check access.  No groups file?: /~grahamd/authz/index.py 

This last issue still occurs with PythonHandlersModule even with the changes
I gave above, so something definitely wrong with how mod_python does
things when that directive is used. That whole directive is a pain in the neck
and I very doubt it gets used anyway. Wish we could nuke it. :-)

Graham
 
> Graham Dumpleton wrote ..
> > Jim Gallacher wrote ..
> > > I've been pulling my hair out all day trying to get PythonAuthzHandler
> > > to work and I'm either missing something obvious or there is a problem
> > > with mod_python. What the heck is the magic required to make Apache
> call
> > > my authzhander? Using Apache 2.0.55 with the latest 3.3.0-dev, all
> my
> > > handlers including authenhandler get called, *except* for authzhandler.
> > > 
> > > <Directory /srv/projects/aos/html/aos-admin/>
> > >    DirectoryIndex index.py
> > >    AllowOverride None
> > >    AddHandler mod_python .py
> > > 
> > >    AuthType PyCookie
> > >    AuthName "Restricted"
> > >    Require valid-user
> > >    Require admin
> > > 
> > >    PythonAccessHandler mprest.authtest
> > >    PythonAuthenHandler mprest.authtest
> > >    PythonAuthzHandler mprest.authtest
> > >    PythonHandler mprest.authtest
> > > 
> > > </Directory>
> > > 
> > > authtest.py contains the appropriate handlers that do nothing more
> than
> > > call req.log_error().
> > > 
> > > To aid in my efforts I modified python_handler in mod_python.c to log
> > > the status of each phase.
> > > 
> > > Simplified error_log output:
> > > 
> > > $ cut -f 4 -d "]"  error.log
> > > mod_python.c python_handler: DECLINED PythonInitHandler phase
> > > mod_python.c python_handler: DECLINED PythonPostReadRequestHandler
> phase
> > > mod_python.c python_handler: DECLINED PythonTransHandler phase
> > > mod_python.c python_handler: DECLINED PythonHeaderParserHandler phase
> > > mod_python.c python_handler: PROCESS  PythonAccessHandler phase
> > > authtest.py  accesshandler called
> > > mod_python.c python_handler: PROCESS  PythonAuthenHandler phase
> > > authtest.py  authenhandler called
> > > mod_python.c python_handler: DECLINED PythonFixupHandler phase
> > > mod_python.c python_handler: PROCESS  PythonHandler phase
> > > authtest.py  handler called
> > > mod_python.c python_handler: DECLINED PythonLogHandler phase
> > > mod_python.c python_handler: DECLINED PythonCleanupHandler phase
> > > 
> > > 
> > > Please save me before I've gone completely bald. Otherwise at that
> point
> > > I'll have to start poking myself with a pointed stick. Madness can't
> > be
> > > too far off in my future. :)
> > 
> > Behaviour confirmed.
> > 
> > I don't have much hair left already.
> > 
> > What is stranger is that if you use:
> > 
> > #PythonAccessHandler handlers
> > #PythonAuthenHandler handlers
> > #PythonAuthzHandler handlers
> > #PythonHandler handlers
> > PythonHandlerModule handlers
> > 
> > you get a 500 error and the Apache log file says:
> > 
> > [Fri Apr 21 11:45:13 2006] [crit] [client ::1] configuration error: 
> couldn't
> > check user.  No user file?: /~grahamd/authz/index.py
> > 
> > Using the new module importer with its slightly different treatment of
> > handler responses makes no difference.
> > 
> > Note that I have the following in my authenhandler().
> > 
> >   req.user = "dummy"
> >   req.ap_auth_type = "dummy"
> > 
> > If I don't, I get a 500 error and:
> > 
> > [Fri Apr 21 11:48:25 2006] [error] [client ::1] python_handler: After
> PythonAuthenHandler
> > req->user is NULL. Assign something to req.user if returning OK to avoid
> > this error.
> > 
> > This error is actually from mod_python and was originally a fudge from
> > some problem with Apache from back in time. Maybe it should be
> > removed as comments suggest it should have been at some point.
> > 
> > Time to start augmenting Apache itself with some debug logging
> > as it all does make a great deal of sense. :-(
> > 
> > More later.
> > 
> > Graham
> > _______________________________________________
> > Mod_python mailing list
> > Mod_python at modpython.org
> > http://mailman.modpython.org/mailman/listinfo/mod_python

More information about the Mod_python mailing list