why unix | RBL service | netrs | please | ripcalc | linescroll
hosted services

hosted services

    This page is to hold snippets of code example that I have worked on to perform some rudimentary tasks. This doesn't cover as much as you would require to know to go and make a good module, but it should at least give some principle to a few methods.

    Much of the information here is fundamental and for anyone who has worked with Apache modules for any length of time could probably tell you that it's rather simple and nothing special. basic authentication

    One of the problems that I had recently was understanding the basic authentication in Apache. This is where the user name and password are sent in base64 plain text headers of the HTTP request. Lets look at an example request.

    GET /private_information.html HTTP/1.1
Host: www.s5h.net
Accept: text/html, image/png, image/jpeg, image/gif, */*;q=0.1
Accept-Language: en
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Authorization: Basic dXNlcm5hbWU6c2VjcmV0X3Bhc3N3b3Jk
Referer: http://www.s5h.net/
Cache-Control: no-cache

    In this example the header that is of importance is the Authorization header. The encoded string is the username:password pair. In this example we're using username:secret_password. Base64 is a two-way encoding. That means what is sent can be decoded without the need of any decryption data. So when using HTTP basic authentication be sure that it's over a secure socket layer encryption such as HTTPS - otherwise an eavesdropper could decode your data.

    The purposes that we require for our module is to authenticate against the user name that is sent against the system environment variable “petrol”. If this value is not 50p then the system should barf and disallow any more traffic.

    First lets start with our build environment. This will be quite a lot to take in but copy and paste this and take it at face value. Then we can add some functions to it.

    #include "http_protocol.h"
#include "ap_config.h"
#include "httpd.h"
#include "http_config.h"
#include "http_core.h"
#include "http_request.h"
#include "ap_provider.h"
#include "mod_auth.h"

static authn_status authn_petrol( request_rec *r, const char *user, const char *password ) {
}

static const authn_provider authn_petrol_provider = { &authn_petrol, NULL };

static void register_hooks( apr_pool_t *p ) {
    ap_register_provider( p, AUTHN_PROVIDER_GROUP, "petrol", "0", &authn_petrol_provider );
}

module AP_MODULE_DECLARE_DATA authn_petrol_module = 
{
    STANDARD20_MODULE_STUFF,
    NULL, /* dir config creater */
    NULL, /* dir merger --- default is to override */
    NULL, /* server config */
    NULL, /* merge server config */
    NULL, /* command apr_table_t */
    register_hooks /* register hooks */
};

    The standard build command is

    apxs2 -i -a -Wc,-g -c module_name.c

    This will build and attempt to install the module source code module_name.c.

    So lets take a look at the function authn_vchkpw first. This is passed three values, r, user and password. The value r is a handle to the request, this is where memory pools are provided for allocation of memory using the API call apr_malloc. This is a more efficient way to allocate memory since it avoids the requirement of using a syscall for allocation. There is no counter part for freeing memory, when out of scope the memory is marked as unused and can be reused by later hooks.

    To make a simple hook, just add the following to the

    static authn_status authn_vchkpw( request_rec *r, const char *user, const char *password ) {
    char *petrol;

    petrol = getenv( "PETROL" );

    if( petrol != NULL && strcncmp( petrol, "50p", 3 ) == 0 ) {
    return( AUTH_GRANTED );
    }
    return( AUTH_DENIED );
}

    As you can see from this simple snippet that we're only going to return either positive or negative verification.

    So, lets compile that using the above apxs command and we'll write the .htaccess file with the following:

    AllowOverride All
Order deny,allow
Deny from all
AuthType Basic
AuthName "petrol test"
AuthBasicProvider petrol
Require valid-user

    When you now attempt to access your directory then you will be promoted for password verification if your request does not contain a authorization header.