[mod_python] Setting req->user for mod_dav_svn

Graham Dumpleton grahamd at dscpl.com.au
Mon Jul 31 18:33:00 EDT 2006 

Deron Meranda wrote ..
> I am using a PythonAccessHandler for all my authentication and
> authorization needs; and it is based on an encrypted cookie technique
> rather than the normal HTTP aaa methods.  As such I have not
> been using any of the Apache Auth* or Require* directives.  As
> everything complex I've used until now has been Python based,
> I just pass the user credentials around inside the mod_python
> req object.

Are you using PythonAccessHandler at same time as PythonHandler?
Aren't you seeing the hideously bad memory leak finally uncovered
in the past day?

> But I'm now trying to set up a subversion mod_dav_svn module
> (C based), and I want my same authentication handler to also both
> guard access to the svn location (which I can do) as well as telling
> SVN what the username is (for it to record it in file revision logs, etc).
> That later is what I don't know how to do.  The svn module appears
> to get the username it uses from the Apache r->user pointer.
> 
> Can I set the req->user member from within mod_python (the docs
> say it is read-only),

In 3.2.8+ it is writable, the documentation is wrong. The documentation
in 3.3 is correct.

> and what do I need to look out for in attempting
> to do so.  I essentially want to synthesize a username in the
> Apache request structure, but I don't want any of the normal Apache
> Auth* stuff to be invoked.

Using 3.2.10, you will have to continue to use an PythonAccessHandler to do
what you want anyway, as it is impossible with mod_python prior to 3.3 to write
a correct authentication handler in the style that they are supposed to be
written when using Apache. This is because prior to mod_python 3.3, there was
no way to get the value associated with AuthType and AuthName directives. There
also was no way to properly set the value of req.ap_auth_type to correctly
indicate to later handlers who accepted the authentication credentials.
Finally, prior to mod_python 3.3 it was not possible to have stacked
authentication handlers as mod_python handlers as mod_python wasn't
interpreting the return status correctly for phases other than the response
handler.

Anyway, the only place I can think you might have problems is if subversion
expects req.ap_auth_type to be set correctly as you will not have that ability
when using mod_python 3.2.10.

Graham

More information about the Mod_python mailing list