"AuthUserFIle not specified error" with FastCGI authorizer via mod_fcgid

[Jeff Trawick <trawick@xxxxxxxxx>]

On Thu, Aug 8, 2013 at 11:27 AM, <zstrebly@xxxxxxxxxxxxxx> wrote:

I am using Perl code from an old book that refers to mod_fastcgi but I have mod_fcgid installed. I had to comment out some code ( before exit) and change Accept() to eliminate some errors in conf/error_log. However, I still get a 500 instead of what is desired and a message saying: AuthUserFile not specified in the configuration. As I understand it, the script should take its place.
Thanks again.

I guess your script is getting called first and it does not successfully authenticate the user and mod_authn_file is also configured but it fails due to an incomplete configuration.

(somewhat of a guess; I don't see your configuration)

See http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html#fcgidauthenticatorauthoritative

Set that to Off so that no other authenticators are called.

 

#!/usr/bin/perl -Tw
use strict;
use FCGI;
my $lives=1000;
my $content="\nContent-type: text/plain\n\n";
my %status=(
        200 => "Status: 200 - OK". $content,
        401 => "Status: 401 - Unauthorized".$content,
        403 => "Status: 403 - Forbidden".$content
);
my $authfile="/usr/local/apache2/exmar/conf/passwd/passwords";
my %password;
unless (open USERS,$authfile) { die "Failed to open authfile - $!\n";}
while (<USERS>) {
        chomp;
        my ($user,$cryptpw)=split /:/;
        $password{$user}=$cryptpw;
}
close USERS;
#-------------------------------------------------------------------------------------------------
my $r = FCGI::Request(\*STDIN, \*STDOUT, \*STDERR);
while ($r->Accept()>=0) {
        foreach my $var (
        'FCGI_ROLE', 'FCGI_APACHE_ROLE', 'SCRIPT_NAME',
        'REMOTE_ADDR', 'REMOTE_USER', 'REMOTE_PASSWORD',
        'REQUEST_URI'
        ){ $ENV{$var}=~/(.*)/ and $ENV{$var}=$1 if exists $ENV{$var};}

if ($ENV{FCGI_ROLE} eq 'AUTHORIZER') {
        SWITCH: foreach ($ENV{FCGI_APACHE_ROLE}) {

        /^ACCESS_CHECKER/ and access_checker_role(),last SWITCH;
        /^AUTHENTICATOR/ and authenticator_role(),last SWITCH;
        /^AUTHORIZER/  and authorizer_role(),last SWITCH;

 }
} else {
        responder_role();
}
last unless $lives--;
#last if -M $ENV{SCRIPT_NAME} < 0 ;-----------------------------
#last if -M $ENV{$authfile} <  0 ;-----------------------------
}
exit 0;
#---------------------------------------------------------------------------------------
sub responder_role{
        print $status{500},
        "This is an authentication application!\n";
        "Configuring it as a responder is a server error\n";
}
sub access_checker_role {
        if ($ENV{REMOTE_ADDR} eq "::1") {
        print $status{200};
} else {
        print $status{401};
 }
}
#--------------------------------------------------------------------------------------------
sub authenticator_role {

        my $user=$ENV{REMOTE_USER};
        my $sent_password=$ENV{REMOTE_PASSWORD};
        if (defined($sent_password) and defined($user) and exists $password{$user}) {
                if (crypt $sent_password,$password{$user}) {
                        print $status{200};
                } else {
        }               print $status{401};

        } else {
            print $status{401};
        }
}
sub authorizer_role {
        my $user=$ENV{REMOTE_USER};

        if ($ENV{REQUEST_URI}=~m|/$user/|) {
                print $status{200};
} else {
        print $status{401};
}
}


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

--
Born in Roswell... married an alien...
http://emptyhammock.com/