fcgi auth

[ginoitalo]

I have setup a fcgi authorizer like so,
it's listening on the same box as the webserver on port 3456

<extProcessor>
<type>fcgiauth</type>
<name>Chuck_Auth</name>
<address>127.0.0.1:3456</address>
<maxConns>2000</maxConns>
<respBuffer>0</respBuffer>
<backlog>50</backlog>
<instances>1000</instances>
</extProcessor>

The problem is that I can't seem to get the http basic auth popup to display when browsing the website. (the rest of the install and setup is right out of the box)

The perl script works on apache and zeus so I believe it's just a matter of incorrect server configuration on my part.

 

[mistwang]

You have done half of the configurations for fcgi authorizer, still need to put the authorizer in use by selecting the defined fcgi authorizer under the context that need to be protected.
Value of "maxConns" and "instances" looks too high, unless you have a very slow authorizer and a busy web site, "20" is more than enough for most cases.

 

[ginoitalo]

alright, now the webserver returns "No input file specified." to the browser with the fastcgi auth on.

what "file" is it talking about ?

  FCGI Context Definition
 
URI / 
Fast CGI App [Server Level]: phpFcgi 
Allow Override N/A 
Realm N/A 
Authentication Name auth_name 
Required N/A 
Access Allowed N/A 
Access Denied N/A 
Authorizer [Server Level]: Chuck_Auth 
Add Default Charset Off 
Customized Default Charset N/A

Log:

2005-04-19 18:21:12.578 [DEBUG] [*:7777] New connection from 192.168.2.79:1407.
2005-04-19 18:21:12.578 [DEBUG] [*:7777] 1 connections accepted!
2005-04-19 18:21:12.613 [DEBUG] [192.168.2.79:1407-0] HttpIOLink::handleEvents() events=1!
2005-04-19 18:21:12.613 [DEBUG] [192.168.2.79:1407-0] HttpConnection::onReadEx(), state: 0!
2005-04-19 18:21:12.613 [DEBUG] [192.168.2.79:1407-0] readToHeaderBuf(). 
2005-04-19 18:21:12.614 [DEBUG] [192.168.2.79:1407-0] Read from client: 318
2005-04-19 18:21:12.615 [DEBUG] [192.168.2.79:1407-0] processHeader() return 0, header state: 3. 
2005-04-19 18:21:12.615 [DEBUG] [192.168.2.79:1407-0#v_hosting] New request: 
        Method=[GET], URI=[/default.html],
        QueryString=[]
        Content Length=0
2005-04-19 18:21:12.616 [DEBUG] [192.168.2.79:1407-0#v_hosting] processContextPath() return 0
2005-04-19 18:21:12.616 [DEBUG] [192.168.2.79:1407-0#v_hosting] run fcgi processor.
2005-04-19 18:21:12.616 [DEBUG] [uds://tmp/lshttpd/php.sock] connection available!
2005-04-19 18:21:12.616 [DEBUG] [uds://tmp/lshttpd/php.sock] request [192.168.2.79:1407-0#v_hosting:fcgi] is assigned with connection!
2005-04-19 18:21:12.616 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] FcgiConnection::doWrite()
2005-04-19 18:21:12.616 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] FcgiConnection::beginRequest()
2005-04-19 18:21:12.616 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] FcgiConnection::pendingWrite(),m_iCurStreamHeader=16
2005-04-19 18:21:12.616 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] request header is done
2005-04-19 18:21:12.616 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] FcgiConnection::beginReqBody()
2005-04-19 18:21:12.616 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] FcgiConnection::pendingEndStream()
2005-04-19 18:21:12.616 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] ExtConn::continueRead()
2005-04-19 18:21:12.617 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] Request body done!
2005-04-19 18:21:12.617 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] FcgiConnection::endOfReqBody()
2005-04-19 18:21:12.617 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] FcgiConnection::pendingEndStream()
2005-04-19 18:21:12.617 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] FcgiConnection::flush()
2005-04-19 18:21:12.619 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] FcgiConnection::suspendWrite()
2005-04-19 18:21:12.619 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] processNewReq() return 0. 
2005-04-19 18:21:12.620 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] readToHeaderBuf() return 0. 
2005-04-19 18:21:12.620 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] ExtConn::onRead()
2005-04-19 18:21:12.621 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] FcgiConnection::doRead()
2005-04-19 18:21:12.621 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] read 128 bytes from Fast CGI.
2005-04-19 18:21:12.622 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] FCGI Header: 01060001005b0500
2005-04-19 18:21:12.622 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] process STDOUT 91 bytes
2005-04-19 18:21:12.623 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] response header finished!
2005-04-19 18:21:12.623 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] FCGI Header: 0106000100000000
2005-04-19 18:21:12.624 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] FCGI Header: 0103000100080000
2005-04-19 18:21:12.624 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] [EXT] EndResponse( endCode=0, protocolStatus=0 )
2005-04-19 18:21:12.624 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] release ExtProcessor!
2005-04-19 18:21:12.625 [DEBUG] [uds://tmp/lshttpd/php.sock] add recycled connection to connection pool!
2005-04-19 18:21:12.625 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] call pConn->writeRespBody() to write 25 bytes
2005-04-19 18:21:12.625 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] Written to client: 212
2005-04-19 18:21:12.626 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] pConn->writeRespBody() return 25
2005-04-19 18:21:12.626 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] ReqBody: 0, RespBody: 25, HEC_COMPLETE!
2005-04-19 18:21:12.626 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] m_pHandler->onWrite() return 0
2005-04-19 18:21:12.626 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] HttpConnection::flush()!
2005-04-19 18:21:12.626 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] HttpConnection::nextRequest()!
2005-04-19 18:21:12.626 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] HttpExtConnector::cleanUp() ...
2005-04-19 18:21:12.626 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] Non-KeepAlive, CLOSING!
2005-04-19 18:21:12.626 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] HttpIOLink::continueWrite()...
2005-04-19 18:21:12.626 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] write resumed!
2005-04-19 18:21:12.626 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] HttpIOLink::handleEvents() events=4!
2005-04-19 18:21:12.627 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] Shutting down out-bound socket ...
2005-04-19 18:21:12.635 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] HttpIOLink::handleEvents() events=1!
2005-04-19 18:21:12.636 [DEBUG] [192.168.2.79:1407-0#v_hosting:fcgi] Close socket ...

I noticed from my fcgi logs that my authorizer never gets called.

 

[mistwang]

I think you should use a "static" context instead of a "fcgi" context for "/".

 

[ginoitalo]

Do you mean the URI context "/" ?
I tried "/www/chuck.cvstest2.com/safe/" and then the page was served as if there was no fastcgi auth at all.

If that's not what you meant, please explain what you mean by a ' a "static" context '


Thanks again for your time

 

[mistwang]

Please try http://www.litespeedtech.com/packages/2.0/lsws-2.1RC1-std-i386-linux.tar.gz
should be fixed.

 

[ginoitalo]

All our servers are running FreeBSD

Is there a release candidate for BSD ?

 

[mistwang]

Yes, uploaded, just replace linux with freebsd in the URL.

 

[ginoitalo]

webserver keeps restarting ....

2005-04-20 12:19:41.242 [DEBUG] [*:7777] 1 connections accepted!
2005-04-20 12:19:41.243 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] ExtConn::onWrite()
2005-04-20 12:19:41.243 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] connected to [127.0.0.1:3460]!
2005-04-20 12:19:41.243 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FcgiConnection::doWrite()
2005-04-20 12:19:41.243 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FcgiConnection::beginRequest()
2005-04-20 12:19:41.243 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FcgiConnection::pendingWrite(),m_iCurStreamHeader=16
2005-04-20 12:19:41.243 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] request header is done
2005-04-20 12:19:41.244 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FcgiConnection::beginReqBody()
2005-04-20 12:19:41.244 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FcgiConnection::pendingEndStream()
2005-04-20 12:19:41.244 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] ExtConn::continueRead()
2005-04-20 12:19:41.244 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] Request body done!
2005-04-20 12:19:41.245 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FcgiConnection::endOfReqBody()
2005-04-20 12:19:41.245 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FcgiConnection::pendingEndStream()
2005-04-20 12:19:41.245 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FcgiConnection::flush()
2005-04-20 12:19:41.252 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FcgiConnection::suspendWrite()
2005-04-20 12:19:41.295 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] ExtConn::onRead()
2005-04-20 12:19:41.295 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FcgiConnection::doRead()
2005-04-20 12:19:41.295 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] read 192 bytes from Fast CGI.
2005-04-20 12:19:41.296 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FCGI Header: 01060001009d0300
2005-04-20 12:19:41.296 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] process STDOUT 157 bytes
2005-04-20 12:19:41.296 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] response header finished!
2005-04-20 12:19:41.296 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] abort request... 
2005-04-20 12:19:41.296 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FcgiConnection::abort()
2005-04-20 12:19:41.296 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FCGI Header: 0106000100000000
2005-04-20 12:19:41.296 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] FCGI Header: 0103000100080000
2005-04-20 12:19:41.296 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] [EXT] EndResponse( endCode=0, protocolStatus=0 )
2005-04-20 12:19:41.296 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] release ExtProcessor!
2005-04-20 12:19:41.296 [DEBUG] [127.0.0.1:3460] add recycled connection to connection pool!
2005-04-20 12:19:41.296 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] HttpExtConnector::cleanUp() ...
2005-04-20 12:19:41.297 [DEBUG] [192.168.2.79:2152-0#v_hosting:fcgi] processContextPath() return 0
2005-04-20 12:19:41.299 [NOTICE] [AutoRestarter] child process with pid=16419 received signal=11, no core file is created!
2005-04-20 12:19:41.347 [NOTICE] [AutoRestarter] cleanup children processes and unix sockets belong to process 16419 !
2005-04-20 12:19:41.452 [DEBUG] [AutoRestarter] prepare to fork new child process to handle request!
2005-04-20 12:19:41.454 [NOTICE] [AutoRestarter] new child process with pid=16425 is forked!
2005-04-20 12:19:41.454 [DEBUG] try to give up super user privilege!
2005-04-20 12:19:41.455 [NOTICE] [child: 16425] Successfully change current user to www
2005-04-20 12:19:41.455 [NOTICE] [Child: 16425] Setup swapping space...
2005-04-20 12:19:41.463 [NOTICE] [Child: 16425] LiteSpeed/2.1RC1 Standard starts successfully!

 

[mistwang]

Looks like authorization of fcgi authroizer has been passed.
Do you get core dump if there is no authorizer configured? What is in the response of the authorizer?

Is context for URI "/" a static context with location set to the document root of that virtual host?

If you know how to let a setuid process dump a core on FreeBSD, (kernel configuration?), please send us the core file for analysis.

Thanks.
George

 

[ginoitalo]

I'm working on getting the other answers to you,
here's what I've gathered so far:

on success the Perl FCGI responds like so:
print(STDOUT "Set-Cookie: $c\n");
print(STDOUT "Status: 200 Authorised\n");
print(STDOUT "Variable-AUTH_USER_NAME: $user\n");
print(STDOUT "\n\n");


context URI: exp:safe
last I tried "/" wasn't working but I'll try again.

A hint on how to make the core file for you would be great.

 

[mistwang]

Thanks, I will write a similar test case.

Please run the following command to let setuid program to dump a core

# sysctl -w kern.sugid_coredump=1

Core file should be under /tmp/lshttpd