You are not logged in.

#1 2008-10-30 01:32:14

arew264
Member
From: Friendswood, Texas, US
Registered: 2006-07-01
Posts: 394
Website

Crazy Trac Authentication

Okay, I'm trying to get some crazy authentication working in Trac and Apache. Basically, a user has a logon in a MySQL table that Apache finds to let the user view the project list. This works perfectly.
What I want to do, however, is have a separate column for what projects the user can access. I can use that table by playing with the SQL syntax so it's required to access a project. Here's what the current configuration looks like:

#Plain MySQL setup, no funny business here
<Location /dev>
  AuthType Digest
  AuthDigestProvider dbd
  AuthName "trac"
  # core authorization configuration
  Require valid-user
  AuthDBDUserRealmQuery "SELECT password FROM users WHERE username = %s"
 </Location>
#SVN access, this doesn't override any authentication
 <Location /dev/svn>
   DAV svn
   SVNParentPath /home/repo/svn
   SVNPathAuthz off
   SVNIndexXSLT "/repos-web/view/repos.xsl"
 </Location>
#Trac access, still no crazy authentication
 <Location /dev/trac>
   SetHandler mod_python
   PythonHandler trac.web.modpython_frontend
   PythonOption TracEnvParentDir /home/repo/trac
   PythonOption TracUriRoot /dev/trac
 </Location>
#this SHOULD override the SQL to make the dDHCPD project only available to users whose projects column contains the string "dDHCPD"
 <Location /dev/trac/dDHCPD>
   AuthDBDUserRealmQuery "SELECT password FROM users WHERE username = %s AND projects like '%dDHCPD%'"
 </Location>

This works for the trac project list and all other trac projects, but when I go to the dDHCPD project, Apache doesn't find the account. My test account is named debio, here's what the database shows:

mysql> select * from users;
+----------+----------------------------------+----------+
| username | password                         | projects |
+----------+----------------------------------+----------+
| debio    | 36ffcc59c758af979c382bad19a9fd71 | dDHCPD   |
+----------+----------------------------------+----------+
1 row in set (0.00 sec)

mysql>

Here's what I get when I fill in the crazy SQL query:

mysql> SELECT password FROM users WHERE username = 'debio' AND projects like '%dDHCPD%';
+----------------------------------+
| password                         |
+----------------------------------+
| 36ffcc59c758af979c382bad19a9fd71 |
+----------------------------------+
1 row in set (0.00 sec)

mysql>

As far as I can tell, this should all work. I can login as debio and navigate to anything in /dev except /dev/trac/dDHCPD, where Apache gives this:

[Wed Oct 29 20:19:48 2008] [error] [client 5.61.22.17] Digest: user `debio' in realm `trac' not found: /dev/trac/dDHCPD, referer: http://*IP ADDRESS*/dev/trac/

Any help would be appreciated, even if you just ask me to clarify something (I know I have a tendency to write cryptic posts). In fact, even if you just post up to tell me I'm an idiot for some reason, I'll probably thank you.

Last edited by arew264 (2008-10-30 01:34:32)

Offline

Board footer

Powered by FluxBB