Project

General

Profile

[Solved] mod_extforward doesn't set mod_magnet lighty.r.req_env['REMOTE_USER']

Added by blz 3 months ago

Please do not RTFM me, but I did not managed to get it to work.

print(r.req_header['Forwarded']) shows
for=xx.xx.xx.xx;by="yy.yy.yy.yy:443";proto=https;remote_user="PROPER_USERNAME"
but print(r.req_env['REMOTE_USER']) shows (null)

config values:
extforward.headers = ("Forwarded", "X-Forwarded-For")
extforward.forwarder = ( "all" => "trust")
extforward.params = ( "host" => 0, # overwrite "Host" with Forwarded value
"remote_user" => 1, # set REMOTE_USER with Forwarded value
)


Replies (4)

RE: mod_extforward doesn't set r.req_env['REMOTE_USER'] - Added by gstrauss 3 months ago

Has this every worked for you or are you trying for the first time?

Provide better context besides saying: "Please do not RTFM me, but I did not managed (sic) to get it to work."

What is "it"? Are you using mod_magnet? Did you say that anywhere? Do you expect me to read your mind?

Here's your RTFM: clearly you have failed to read: How to get support and the very important link on that page for how to ask a good technical question.

Read my mind: Don't waste my time, or else I won't respond.

Something is not working and you're asking for help, but you have only provided a small part of your config. If you knew what the problem was, you wouldn't be asking for help. If you're asking for help, it is because you don't know the answer. Yet, you're clearly not smart enough to realize that you don't know enough to provide me with only a snippet of your lighttpd config. Provide your full lighttpd config when you ask configuration questions.

RE: mod_extforward doesn't set r.req_env['REMOTE_USER'] - Added by gstrauss 3 months ago

Looks like extforward.params has been ignored since lighttpd 1.4.56. That is a bug in lighttpd.

--- a/src/mod_extforward.c
+++ b/src/mod_extforward.c
@@ -380,6 +380,7 @@ SETDEFAULTS_FUNC(mod_extforward_set_defaults) {
                 cpv->v.u = mod_extforward_parse_opts(srv, cpv->v.a);
                 if (UINT_MAX == cpv->v.u)
                     return HANDLER_ERROR;
+                cpv->vtype = T_CONFIG_LOCAL;
                 break;
               case 3: /* extforward.hap-PROXY */
                 if (cpv->v.u) hap_PROXY = 1;

RE: mod_extforward doesn't set r.req_env['REMOTE_USER'] - Added by blz 3 months ago

Please believe me, I'm smart enough to strip all irrelevant info. Well but if I have to bloat this issue, let's start.

After discovering mod_extforward I decided to remove all the Lua code parsing Forwarded headers for the remote address and remote user. That was happened on a some kind of production server with a big old configs so I stripped all the stuff. I guess «Lua code» implied mod_magnet?
Lua code is not relevant to the issue because print(r.req_env['REMOTE_USER']) was put as close as possible to the beginning of the script.

Here's lighttpd -V

To be 100% sure I did the test again using another host (oh, forgot to mention, Linux too), using different lighttpd version, minimal config and host:port link between frontend and backend instead of unix socket. Here's lighttpd -V

backend config
frontend config
I've stripped mime parts from configs, sorry for that

download-test.lua:

print(string.format('r.req_attr["physical.path"] = %s', r.req_attr["physical.path"])) 
print(string.format('r.req_item.http_status = %q', r.req_item.http_status))           
print(string.format('r.req_header["Forwarded"] = %s', r.req_header["Forwarded"]))     
print(string.format('r.req_env["REMOTE_USER"] = %q', r.req_env['REMOTE_USER']))

Here's what was in the log after invoking wget --bind-address=127.0.0.255 --user=myuser --password=mypassword http://localhost:910/wget-1.21.4.tar.gz -O /dev/null

(lua-print) r.req_attr["physical.path"] = /tmp/wget-1.21.4.tar.gz
(lua-print) r.req_item.http_status = 0
(lua-print) r.req_header["Forwarded"] = for=127.0.0.255;by="127.0.0.1:910";proto=http;remote_user="myuser" 
(lua-print) r.req_env["REMOTE_USER"] = nil

As we can see here, REMOTE_USER was not parsed (or set) from the Forwarded header, though I believe it should (according to the "remote_user" => 1 in extforward.params.

What else?
r.req_attr['request.remote-addr'] was fine in all tests.
– tried all (available in my distro) lighttpd versions (.68-.71) but all was the same
– carefully read mod_extforward documentation about REMOTE_USER, found nothing except «"remote_user" => 1, # set REMOTE_USER with Forwarded value»
– tried socket link instead of host:port (btw, extforward.forwarder = ( "/path/to/socket" => "trust") is working though that isn't mentioned in docs

Revised all described above and saw nothing useful. All that needed to reproduce this issue was in the first post.
Oh, I've checked lighttpd build logs too and found small discrepancies about enabling mmap though it was because of distro maintainers.

RE: mod_extforward doesn't set r.req_env['REMOTE_USER'] - Added by blz 3 months ago

Thanks for the patch, now the issue is resolved.

    (1-4/4)