fcgi auth

Discussion in 'Install/Configuration' started by ginoitalo, Apr 19, 2005.

  1. ginoitalo

    ginoitalo New Member

    I have setup a fcgi authorizer like so,
    it's listening on the same box as the webserver on port 3456

    <extProcessor>
    <type>fcgiauth</type>
    <name>Chuck_Auth</name>
    <address>127.0.0.1:3456</address>
    <maxConns>2000</maxConns>
    <respBuffer>0</respBuffer>
    <backlog>50</backlog>
    <instances>1000</instances>
    </extProcessor>

    The problem is that I can't seem to get the http basic auth popup to display when browsing the website. (the rest of the install and setup is right out of the box)

    The perl script works on apache and zeus so I believe it's just a matter of incorrect server configuration on my part.
  2. mistwang

    mistwang LiteSpeed Staff

    You have done half of the configurations for fcgi authorizer, still need to put the authorizer in use by selecting the defined fcgi authorizer under the context that need to be protected.
    Value of "maxConns" and "instances" looks too high, unless you have a very slow authorizer and a busy web site, "20" is more than enough for most cases.
  3. ginoitalo

    ginoitalo New Member

    alright, now the webserver returns "No input file specified." to the browser with the fastcgi auth on.

    what "file" is it talking about ?

    Code:
      FCGI Context Definition
     
    URI / 
    Fast CGI App [Server Level]: phpFcgi 
    Allow Override N/A 
    Realm N/A 
    Authentication Name auth_name 
    Required N/A 
    Access Allowed N/A 
    Access Denied N/A 
    Authorizer [Server Level]: Chuck_Auth 
    Add Default Charset Off 
    Customized Default Charset N/A 
    
    

    Log:
    Code:
    2005-04-19 18:21:12.578 [DEBUG] [*:7777] New connection from 192.168.2.79:1407.
    2005-04-19 18:21:12.578 [DEBUG] [*:7777] 1 connections accepted!
    2005-04-19 18:21:12.613 [DEBUG] [192.168.2.79:1407-0] HttpIOLink::handleEvents() events=1!
    2005-04-19 18:21:12.613 [DEBUG] [192.168.2.79:1407-0] HttpConnection::onReadEx(), state: 0!
    2005-04-19 18:21:12.613 [DEBUG] [192.168.2.79:1407-0] readToHeaderBuf(). 
    2005-04-19 18:21:12.614 [DEBUG] [192.168.2.79:1407-0] Read from client: 318
    2005-04-19 18:21:12.615 [DEBUG] [192.168.2.79:1407-0] processHeader() return 0, header state: 3. 
    2005-04-19 18:21:12.615 [DEBUG] [192.168.2.79:1407-0#v_hosting] New request: 
            Method=[GET], URI=[/default.html],
            QueryString=[]
            Content Length=0
    2005-04-19 18:21:12.616 [DEBUG] [192.168.2.79:1407-0#v_hosting] processContextPath() return 0
    2005-04-19 18:21:12.616 [DEBUG] [192.168.2.79:1407-0#v_hosting] run fcgi processor.
    2005-04-19 18:21:12.616 [DEBUG] [uds://tmp/lshttpd/php.sock] connection available!
    2005-04-19 18:21:12.616 [DEBUG] [uds://tmp/lshttpd/php.sock] request [192.168.2.79:1407-0#v_hosting:fcgi] is assigned with connection!
    2005-04-19 18:21:12.616 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] FcgiConnection::doWrite()
    2005-04-19 18:21:12.616 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] FcgiConnection::beginRequest()
    2005-04-19 18:21:12.616 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] FcgiConnection::pendingWrite(),m_iCurStreamHeader=16
    2005-04-19 18:21:12.616 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] request header is done
    2005-04-19 18:21:12.616 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] FcgiConnection::beginReqBody()
    2005-04-19 18:21:12.616 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] FcgiConnection::pendingEndStream()
    2005-04-19 18:21:12.616 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] ExtConn::continueRead()
    2005-04-19 18:21:12.617 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] Request body done!
    2005-04-19 18:21:12.617 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] FcgiConnection::endOfReqBody()
    2005-04-19 18:21:12.617 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] FcgiConnection::pendingEndStream()
    2005-04-19 18:21:12.617 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] FcgiConnection::flush()
    2005-04-19 18:21:12.619 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] FcgiConnection::suspendWrite()
    2005-04-19 18:21:12.619 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] processNewReq() return 0. 
    2005-04-19 18:21:12.620 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] readToHeaderBuf() return 0. 
    2005-04-19 18:21:12.620 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] ExtConn::onRead()
    2005-04-19 18:21:12.621 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] FcgiConnection::doRead()
    2005-04-19 18:21:12.621 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] read 128 bytes from Fast CGI.
    2005-04-19 18:21:12.622 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] FCGI Header: 01060001005b0500
    2005-04-19 18:21:12.622 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] process STDOUT 91 bytes
    2005-04-19 18:21:12.623 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] response header finished!
    2005-04-19 18:21:12.623 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] FCGI Header: 0106000100000000
    2005-04-19 18:21:12.624 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] FCGI Header: 0103000100080000
    2005-04-19 18:21:12.624 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] [EXT] EndResponse( endCode=0, protocolStatus=0 )
    2005-04-19 18:21:12.624 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] release ExtProcessor!
    2005-04-19 18:21:12.625 [DEBUG] [uds://tmp/lshttpd/php.sock] add recycled connection to connection pool!
    2005-04-19 18:21:12.625 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] call pConn->writeRespBody() to write 25 bytes
    2005-04-19 18:21:12.625 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] Written to client: 212
    2005-04-19 18:21:12.626 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] pConn->writeRespBody() return 25
    2005-04-19 18:21:12.626 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] ReqBody: 0, RespBody: 25, HEC_COMPLETE!
    2005-04-19 18:21:12.626 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] m_pHandler->onWrite() return 0
    2005-04-19 18:21:12.626 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] HttpConnection::flush()!
    2005-04-19 18:21:12.626 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] HttpConnection::nextRequest()!
    2005-04-19 18:21:12.626 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] HttpExtConnector::cleanUp() ...
    2005-04-19 18:21:12.626 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] Non-KeepAlive, CLOSING!
    2005-04-19 18:21:12.626 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] HttpIOLink::continueWrite()...
    2005-04-19 18:21:12.626 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] write resumed!
    2005-04-19 18:21:12.626 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] HttpIOLink::handleEvents() events=4!
    2005-04-19 18:21:12.627 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] Shutting down out-bound socket ...
    2005-04-19 18:21:12.635 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] HttpIOLink::handleEvents() events=1!
    2005-04-19 18:21:12.636 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] Close socket ...
    
    I noticed from my fcgi logs that my authorizer never gets called.
  4. mistwang

    mistwang LiteSpeed Staff

    I think you should use a "static" context instead of a "fcgi" context for "/".
  5. ginoitalo

    ginoitalo New Member

    Do you mean the URI context "/" ?
    I tried "/www/chuck.cvstest2.com/safe/" and then the page was served as if there was no fastcgi auth at all.

    If that's not what you meant, please explain what you mean by a ' a "static" context '


    Thanks again for your time
  6. mistwang

    mistwang LiteSpeed Staff

  7. ginoitalo

    ginoitalo New Member

    All our servers are running FreeBSD

    Is there a release candidate for BSD ?
  8. mistwang

    mistwang LiteSpeed Staff

    Yes, uploaded, just replace linux with freebsd in the URL.
  9. ginoitalo

    ginoitalo New Member

    webserver keeps restarting ....

    Code:
    
    2005-04-20 12:19:41.242 [DEBUG] [*:7777] 1 connections accepted!
    2005-04-20 12:19:41.243 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] ExtConn::onWrite()
    2005-04-20 12:19:41.243 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] connected to [127.0.0.1:3460]!
    2005-04-20 12:19:41.243 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FcgiConnection::doWrite()
    2005-04-20 12:19:41.243 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FcgiConnection::beginRequest()
    2005-04-20 12:19:41.243 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FcgiConnection::pendingWrite(),m_iCurStreamHeader=16
    2005-04-20 12:19:41.243 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] request header is done
    2005-04-20 12:19:41.244 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FcgiConnection::beginReqBody()
    2005-04-20 12:19:41.244 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FcgiConnection::pendingEndStream()
    2005-04-20 12:19:41.244 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] ExtConn::continueRead()
    2005-04-20 12:19:41.244 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] Request body done!
    2005-04-20 12:19:41.245 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FcgiConnection::endOfReqBody()
    2005-04-20 12:19:41.245 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FcgiConnection::pendingEndStream()
    2005-04-20 12:19:41.245 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FcgiConnection::flush()
    2005-04-20 12:19:41.252 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FcgiConnection::suspendWrite()
    2005-04-20 12:19:41.295 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] ExtConn::onRead()
    2005-04-20 12:19:41.295 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FcgiConnection::doRead()
    2005-04-20 12:19:41.295 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] read 192 bytes from Fast CGI.
    2005-04-20 12:19:41.296 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FCGI Header: 01060001009d0300
    2005-04-20 12:19:41.296 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] process STDOUT 157 bytes
    2005-04-20 12:19:41.296 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] response header finished!
    2005-04-20 12:19:41.296 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] abort request... 
    2005-04-20 12:19:41.296 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FcgiConnection::abort()
    2005-04-20 12:19:41.296 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FCGI Header: 0106000100000000
    2005-04-20 12:19:41.296 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FCGI Header: 0103000100080000
    2005-04-20 12:19:41.296 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] [EXT] EndResponse( endCode=0, protocolStatus=0 )
    2005-04-20 12:19:41.296 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] release ExtProcessor!
    2005-04-20 12:19:41.296 [DEBUG] [127.0.0.1:3460] add recycled connection to connection pool!
    2005-04-20 12:19:41.296 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] HttpExtConnector::cleanUp() ...
    2005-04-20 12:19:41.297 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] processContextPath() return 0
    2005-04-20 12:19:41.299 [NOTICE] [AutoRestarter] child process with pid=16419 received signal=11, no core file is created!
    2005-04-20 12:19:41.347 [NOTICE] [AutoRestarter] cleanup children processes and unix sockets belong to process 16419 !
    2005-04-20 12:19:41.452 [DEBUG] [AutoRestarter] prepare to fork new child process to handle request!
    2005-04-20 12:19:41.454 [NOTICE] [AutoRestarter] new child process with pid=16425 is forked!
    2005-04-20 12:19:41.454 [DEBUG] try to give up super user privilege!
    2005-04-20 12:19:41.455 [NOTICE] [child: 16425] Successfully change current user to www
    2005-04-20 12:19:41.455 [NOTICE] [Child: 16425] Setup swapping space...
    2005-04-20 12:19:41.463 [NOTICE] [Child: 16425] LiteSpeed/2.1RC1 Standard starts successfully!
    
    
  10. mistwang

    mistwang LiteSpeed Staff

    Looks like authorization of fcgi authroizer has been passed.
    Do you get core dump if there is no authorizer configured? What is in the response of the authorizer?

    Is context for URI "/" a static context with location set to the document root of that virtual host?

    If you know how to let a setuid process dump a core on FreeBSD, (kernel configuration?), please send us the core file for analysis.

    Thanks.
    George
  11. ginoitalo

    ginoitalo New Member

    I'm working on getting the other answers to you,
    here's what I've gathered so far:

    on success the Perl FCGI responds like so:
    print(STDOUT "Set-Cookie: $c\n");
    print(STDOUT "Status: 200 Authorised\n");
    print(STDOUT "Variable-AUTH_USER_NAME: $user\n");
    print(STDOUT "\n\n");


    context URI: exp:safe
    last I tried "/" wasn't working but I'll try again.

    A hint on how to make the core file for you would be great.
  12. mistwang

    mistwang LiteSpeed Staff

    Thanks, I will write a similar test case.

    Please run the following command to let setuid program to dump a core
    Code:
    # sysctl -w kern.sugid_coredump=1
    Core file should be under /tmp/lshttpd

Share This Page