httpd-37566

Version:

2.0.55

Failure report link:  

https://issues.apache.org/bugzilla/show_bug.cgi?id=37566

Symptom:

Server returned 500 (Internal Server Error) when it shouldn’t. (it’s actually caused by a configuration error).

In the bug report, the user complained:

“Today I hunted 20 minutes for a typo in the filename of an AuthGroupFile
setting, because I got only an Internal Server Error when accessing the
protected location,
but no message in the error log.”

Background:

Apache httpd webserver has enabled mod_auth module, that is to protect a page with password. The passwords are stored in a password file, specified in the httpd.conf. The authentication can also be controlled by group. Apache can specify a group of users that has the access of a certain webpage.

How to reproduce the failure:

1. Introduce a config error in ./conf/httpd.conf

<Directory /Apache_install_path/htdocs/secret>

AuthType Basic

AuthName "By Invitation Only"

AuthUserFile /Apache_install_path/passwd/passwords

AuthGroupFile /Apache_install_path/password/groups_typo

Require group TestGroup

</Directory>

Note: “passwd/passwords” and “passwd/groups” should be valid password and group files. But above we introduced a typo so httpd cannot find the right path to groups file. Details on how to create these files see:

http://httpd.apache.org/docs/2.0/howto/auth.html

Here, the configuration error is that the group file name is wrong.

2. Start Apache server.

./bin/apachectl start

Then access:

http://url-to-httpd-server:port/secret/

It will ask you to input username/passwd. Input the correct username and password, you will see the 500 error page returned. The correct behavior should be to display a regular webpage.

Root cause:

filename in ‘AuthGroupFile’ contains a typo! But apache didn’t print any message and failed silently!!! Later developers actually checked in a patch whose only purpose is to add an error message!!!

Index: modules/aaa/mod_auth.c

===================================================================

--- modules/aaa/mod_auth.c        (Revision 345601)

+++ modules/aaa/mod_auth.c        (Arbeitskopie)

static apr_table_t *groups_for_user(apr_pool_t *p, char *user, char *grpfile)  {

    …

@@ -123,8 +124,8 @@

    apr_status_t status;

    if ((status = ap_pcfg_openfile(&f, p, grpfile)) != APR_SUCCESS) {

+         ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,

+                       "Could not open group file: %s", grpfile);

        return NULL;

    }

}

ap_pcfg_openfile eventually will call system call ‘open’.

Is there any log message?

No.

Can Errlog anticipate the error?

Yes. system call return pattern -- open.