howto setup Fast CGI Authorizer?? strange errors

nikss

Active Member
#1
I am using 4.0.12, no matter where i place authorizer file and no matter is it bash wrapper or php or perl fcgi I am getting still in error logs

Can not find handler with type: 7, name: $VH_NAME_authorizer.
Can not find External Application: $VH_NAME_authorizer, type: fcgiauth

and authentication is not working

What am I doing wrong??
 

NiteWave

Administrator
#2
need define a "Fast CGI Authorizer" External App.

here is an example:
Code:
#!/usr/bin/perl
use FCGI;
while (FCGI::accept >= 0)
{
if( $ENV{'REMOTE_USER' } eq "foo" &&
$ENV{'REMOTE_PASSWD'} eq "bar" )
{
print( "Status: 200\n\n" );
}
else
{
print( "Status: 401\n\n" );
print( "WWW-Authenticate: basic realm=\"foo\"\n\n" );
}
}
(source: http://support.zeus.com/zws/examples/2005/12/16/simple_auth_with_fastcgi)

save above file as(for example) /usr/local/lsws/fcgi-bin/fcgiauth.pl
define an "Fast CGI Authorizer" External App, pointing to it.

then in virtual hosts->Context, define a context(Servlet,Fast CGI, Proxy,Redirect etc), there is an "Authorizer" option, can select the "Fast CGI Authorizer" External App just defined.
 

nikss

Active Member
#3
need define a "Fast CGI Authorizer" External App.

here is an example:
Code:
#!/usr/bin/perl
use FCGI;
while (FCGI::accept >= 0)
{
if( $ENV{'REMOTE_USER' } eq "foo" &&
$ENV{'REMOTE_PASSWD'} eq "bar" )
{
print( "Status: 200\n\n" );
}
else
{
print( "Status: 401\n\n" );
print( "WWW-Authenticate: basic realm=\"foo\"\n\n" );
}
}
(source: http://support.zeus.com/zws/examples/2005/12/16/simple_auth_with_fastcgi)

save above file as(for example) /usr/local/lsws/fcgi-bin/fcgiauth.pl
define an "Fast CGI Authorizer" External App, pointing to it.

then in virtual hosts->Context, define a context(Servlet,Fast CGI, Proxy,Redirect etc), there is an "Authorizer" option, can select the "Fast CGI Authorizer" External App just defined.
hmm I did exactly what you said before
and get this error

I am creating Fast CGI Authorizer in vhost template

I also turn on the highest level on error logs but nothing beside

Can not find handler with type: 7, name: $VH_NAME_authorizerpl
Can not find External Application: $VH_NAME_authorizerpl, type: fcgiauth

gets logged

below excerpt from vhost template

<extProcessor>
<type>fcgiauth</type>
<name>$VH_NAME_authorizerpl</name>
<address>uds://tmp/lshttpd/$VH_NAME_authorizerpl.sock</address>
<note></note>
<maxConns>20</maxConns>
<initTimeout>20</initTimeout>
<retryTimeout>20</retryTimeout>
<persistConn></persistConn>
<pcKeepAliveTimeout></pcKeepAliveTimeout>
<respBuffer>0</respBuffer>
<autoStart>1</autoStart>
<path>/usr/local/lsws/fcgi-bin/authorizer.pl</path>
<backlog>10</backlog>
<instances>5</instances>
<extUser></extUser>
<extGroup></extGroup>
<runOnStartUp></runOnStartUp>
<extMaxIdleTime></extMaxIdleTime>
<priority></priority>
<memSoftLimit></memSoftLimit>
<memHardLimit></memHardLimit>
<procSoftLimit></procSoftLimit>
<procHardLimit></procHardLimit>
</extProcessor>
</extProcessorList>
 

NiteWave

Administrator
#4
here's my working example:

<extProcessor>
<type>fcgiauth</type>
<name>fcgiauth</name>
<address>uds://tmp/lshttpd/fcgiauth.sock</address>
<note></note>
<maxConns>10</maxConns>
<initTimeout>20</initTimeout>
<retryTimeout>0</retryTimeout>
<persistConn>1</persistConn>
<pcKeepAliveTimeout>60</pcKeepAliveTimeout>
<respBuffer>0</respBuffer>
<autoStart>1</autoStart>
<path>$SERVER_ROOT/fcgi-bin/fcgiauth.pl</path>
<backlog>10</backlog>
<instances>10</instances>
<extUser></extUser>
<extGroup></extGroup>
<runOnStartUp>0</runOnStartUp>
<extMaxIdleTime>60</extMaxIdleTime>
<priority></priority>
<memSoftLimit></memSoftLimit>
<memHardLimit></memHardLimit>
<procSoftLimit></procSoftLimit>
<procHardLimit></procHardLimit>
</extProcessor>

but, can't find any difference :confused:
 

nikss

Active Member
#5
which version of Litespeed? mine 4.0.12 Std., platform Debian Etch

I found out that
1.due to name convention VH_NAME (required in web admin when you configure fcgiauth) authorizer not working at all in virtual host templates
2.on single vhost I am getting something like that in error logs

2010-01-14 15:19:00.042 [INFO] [xxx] ExtConn timed out while processing.
2010-01-14 15:19:00.042 [INFO] [xxx] connection to [/tmp/lshttpd/fcgiauth2.sock] on request #0, confirmed, 0, associated process: -1, running: 0, error: Connection timed out!
2010-01-14 15:19:00.042 [NOTICE] [xxx] Suspicious request timeout, associated process: -1, running: 0.
2010-01-14 15:19:00.042 [NOTICE] [xxx] Max retries has been reached, 503!
2010-01-14 15:19:00.042 [NOTICE] [xxx] oops! 503 Service Unavailable

and error 503 pops out
 
Last edited:

nikss

Active Member
#7
Looks like your fastcgi does not run. Can you start it from command line?
of course - IT is working from command line perl, php, bash version of authorizer

to ease debugging (and learning) I try to log from authorizer too but it never write anything
 

NiteWave

Administrator
#8
I installed 4.0.12 std, and tested on a single vhost with your setting, looks working as well. just one warning:

[config:server:epsr:authorizerpl] Possible mis-configuration: 'Instances=5', 'Max connections=20', if one instance of your application is capable of handling multiple connections, you should add 'LSAPI_CHILDREN' environment varaible matches the value of 'Max connections'. If your application cannot handle more than one connections with one instance, you should set 'Instances' greater or equal to 'Max connections'.
so change instances=20 to match the max connections.

what's the "context" definition when you test the authorizer?
then in virtual hosts->Context, define a context(Servlet,Fast CGI, Proxy,Redirect etc), there is an "Authorizer" option, can select the "Fast CGI Authorizer" External App just defined.
 

nikss

Active Member
#9
I turned out debug error log at server level(my stupid mistake) and found out
premature.... in perl example

I fixed script(added header lines) and authorizer poput with access window

but then if i type anything it always return 401
f.e.
user=foo
pass=bar

like $ENV{'REMOTE_USER'}
$ENV{'REMOTE_PASSWD'}
doesnt exist

below modified script

#!/usr/bin/perl

use FCGI;

while (FCGI::accept >= 0)
{
if( $ENV{'REMOTE_USER'} eq "foo" && $ENV{'REMOTE_PASSWD'} eq "bar" )
{
print( "Status: 200\r\n" );
print( "\r\n");

}
else
{
print( "Status: 401\n" );
print( "WWW-Authenticate: basic realm=\"foo22\"\r\n" );
print( "\r\n");
}
}
 

nikss

Active Member
#11
REMOTE_PASSWD is not available, you have to get it from HTTP_AUTHENTICATION
in examples there is no such ENV variable

I print ENVs to file and get only interesting:

FCGI_ROLE="AUTHORIZER"
HTTP_AUTHORIZATION="Basic Zm9vOg=="

no USER OR PASSWD name
I found in forum that It should be easy but i think that it is not working at all
Can anybody can confirm working authorizer in litespeed?

I lost 1 week to get auth with no results
Is there any other way to authorize users with DB Mysql i litespeed?


OK i found out that after proper decoding of HTTP_AUTHORIZATION finally it works
still have no idea why in template vhost VH_NAME give errors
so i try simple editing by hand xml conf file and maybe it start work
 
Last edited:
Top