Lighttpd with authentication

Hello

I’m trying to build a http server with authentication. Can run the httpServer example.

Added the lines:
$LEGATO_BUILD/3rdParty/lighttpd/lib/mod_auth.so /modlibs/
$LEGATO_BUILD/3rdParty/lighttpd/lib/mod_authn_file.so /modlibs/
to leaf-data/wp76_dev/wp76-legato/components/3rdParty/lighttpd/Component.cdef to add missing modules like mod_auth.

Added something like this to lighttpd.conf:
server.modules += ( “mod_auth”, “mod_authn_file” )
auth.backend = “plain”
auth.backend.plain.userfile = “/tmp/lighttpd-plain.user”
auth.require = ( “” => (“method” => “basic”, “realm” => “example”, “require” => “valid-user”) )

But every time I include the mod_auth module in .conf the application fails.

Do I need to modify the lighttpd c files or upgrade them (v1.4.49 in legato 20.08)?
Or has anybody else made this work?

I saw in httpServer.adef which just directly called the

/app/bin/lighttpd -m /modlibs/ -D -f /cfg/lighttpd.conf

You can just run it in command line and see if that can work.
This can identify if it is related to legato problem.

Yes, that is another weird thing. If I start lighttpd manually:

root@swi-mdm9x28-wp:/legato/systems/current/appsWriteable/httpServer# app/bin/lighttpd -m modlibs/ -f cfg/lighttpd.conf

It then starts and runs and I got promted for username and password once, but now I only get “404 - Not Found”.

So why do I have to start it manually? httpServer only works sandboxed so it might be some rights issues?

And why do I get 404 after login when I start it manually?

Does logread give any hints?

For “404 - Not Found”, probably you need to find out what webpage lighttpd is finding

Not much info from logread:

Apr 15 10:34:54 swi-mdm9x28-wp user.notice kernel: [13878.168555] audit: type=1400 audit(1618475694.006:16): lsm=SMACK fn=smack_inode_getattr action=denied subject="app.httpServer" object="admin" requested=r pid=10097 comm="lighttpd" path="pipe:[98398]" dev="pipefs" ino=98398
Apr 15 10:34:54 swi-mdm9x28-wp user.info Legato:  INFO | supervisor[1029]/supervisor T=main | proc.c proc_SigChildHandler() 2079 | Process 'lighttpd' (PID: 10097) has exited with exit code 255.
Apr 15 10:34:54 swi-mdm9x28-wp user.warn Legato: -WRN- | supervisor[1029]/supervisor T=main | app.c app_SigChildHandler() 4165 | Process 'lighttpd' in app 'httpServer' faulted: Ignored.
Apr 15 10:34:54 swi-mdm9x28-wp user.info Legato:  INFO | supervisor[1029]/supervisor T=main | app.c app_StopComplete() 4862 | app 'httpServer' has stopped.
Apr 15 10:34:54 swi-mdm9x28-wp user.info Legato:  INFO | supervisor[1029]/supervisor T=main | apps.c DeactivateAppContainer() 374 | Application 'httpServer' has stopped.

upgraded to lighttpd v1.4.59 but still 404 error. From console:

GET http://192.168.68.117:8080/ 404 (Not Found)    192.168.68.117/:1 

Same if I try http://192.168.68.117:8080/index.html

The SMACK measage shows it is trying to access some files(/tmp/lighttpd-plain.user ???) in the file system, but it did not get the right permission

Tried to move the lighttpd-plain.user file to another folder within the app but the SMACK will not go away. Is there a way to check which file or folder that triggers the SMACK message?

You need to set the attribute, pls read the link above

Had no success with the SMACK rights so switched to unsandboxed and full system path in server.document-root (in lighttpd.config).
Now the 404 went away and login works.