[Mailman-Developers] Failed authentication
J C Lawrence
claw@kanga.nu
Sun, 12 Mar 2000 00:19:18 -0800
Background data as this is also going to the Debian Mailman package
maintainer:
Mailman's web interface suddenly stopped working for me. The
forms would display but I am unable authenticate not matter what
browser (Netscape 4.05 and 4.7, Lynx, W3M or Mozilla M14) I use.
On Thu, 09 Mar 2000 13:11:06 -0800
J C Lawrence <claw@kanga.nu> wrote:
> On Thu, 9 Mar 2000 15:55:44 -0500 (EST) bwarsaw
> <bwarsaw@cnri.reston.va.us> wrote:
>>>>>>> "JCL" == J C Lawrence <claw@kanga.nu> writes:
JCL> Aye, what's especially odd is that forms are process properly
JCL> elsewhere (PHP for instance). So the Apache side and the
JCL> modules sides are Okay its just something with the Mailman CGI
JCL> wrapper. I guess.
>> I still want to know at what point the cgi data is getting
>> corrupted. Is it between Apache and the C wrapper? Is it
>> between the C wrapper and invoking the Python driver script? Is
>> it between the driver script and the specific Mailman/Cgi module?
> I'm really not sure, and I'm not too sure how to find out either.
> Could you give me some hints where to poke this?
I've done some more digging, implemented ScriptLog in Apache,
inserted sys.exit(1) in the admin script to force a failure right
after the FieldStorage call, and then instrumented pythonlib/cgi.py.
Findings: read_urlencoded never reads anything from stdin. Zero.
Zilch. Nada. There's nothing there. The key edits:
--<cut>--
def read_urlencoded(self):
"""Internal: read data in query string format."""
qs = self.fp.read(self.length)
qs=str(qs)
sys.stderr.write (qs)
sys.stderr.write ('=======')
sys.stderr.write (str(self.length))
...etc
--<cut>--
--<cut>--
%% [Sat Mar 11 23:58:57 2000] POST /lists/admin/library/ HTTP/1.0
%% 500 /var/lib/mailman/cgi-bin/admin
%request
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Charset: iso-8859-1,*,utf-8
Accept-Encoding: gzip
Accept-Language: en
Connection: Keep-Alive
Content-length: 40
Content-type: application/x-www-form-urlencoded
Cookie: mud-dev:admin="(lp1\012S'216.148.243.2'\012p2\012aI952846157\012aI952856957\012aI-96722254\012a."
Host: www.kanga.nu
Referer: http://www.kanga.nu/lists/admin/library/
User-Agent: Mozilla/4.7 [en] (X11; I; Linux 2.2.13 i686; Nav)
adminpw=xxxxx&request_login=Let+me+in...
%response
%stderr
=======40
--<cut>--
According to that Apache is sending all the right data, it just
ain't getting there. I've also upgraded libc6 recently (Debian
system FWIW with packages libc6_2.1.3-[567]_i386.deb (notice regex
range)). I downgraded libc6 to the package versions (5 and 6) that
were installed when it did work to no effect. I also rebuilt the
Mailman C based CGI programs under the installed version of libc6,
and copied them over (in case something odd was going on) to no
observed effect.
Note: Plopping the cgi.py in as a standalone cgi tests out as
working using GET methods (ie encode vars on the URL). I haven't
built a framework yet to test POST for that module. I guess the
next step is to either build that framework, or test-drive the C
CGIs to make sure stdin really has the right bumph sitting there
waiting.
--
J C Lawrence Home: claw@kanga.nu
----------(*) Other: coder@kanga.nu
--=| A man is as sane as he is dangerous to his environment |=--