PHP as FastCGI Authorizer

11 years ago by Anthony Pankov — view source

unread

Dear All!

Is there any chance to use php as FastCGI authorizer?

As i see, php-fpm has no options to use predefined script and support
only Responder role.

I tried php-cgi as authorizer as following:

Configure apache to use php-cgi as FastCGIServer (php-cgi under
FastCGI process management), than start php-cgi as "php-cgi -f
.../authscript.php".

I see this in sapi/cgi/cgi_main.c line 2246:
if (script_file) {
/* override path_translated if -f on command line */
So i used -f switch.

There no output (including errors) in any log and no evidence that script was launched.

May be there is a broken magic in determination of fastcgi mode:
sapi/cgi/fastcgi.c
if (getpeername(0, (struct sockaddr *)&sa, &len) != 0 && errno == ENOTCONN) {
fcgi_setup_signals();
return is_fastcgi = 1;
} else {
return is_fastcgi = 0;
}

Because of fcgi_listen contain unambiguous:
is_fastcgi = 1;

i tried next variant:

Configure apache to use php-cgi as FastCGIExternalServer. Php
used as
"php-cgi -b .../gsock -f .../authscript.php"

Socket is created, FastCGI report that connection is done.
But, again, no output in any log and no evidence that script was launched.

In every apache configuration script included as FastCGIAuthorizer , of course.

Any suggestion?

--
Best regards,
Anthony mailto:ant_mail@inbox.ru

11 years ago by Anthony Pankov — view source

unread

Please, anybody, explain the current FastCGI support status.

FastCGI specification provides 3 roles: responder, authorizer and
filter (http://www.fastcgi.com/drupal/node/6?q=node/22#S6).

PHP (and php-fpm) support only 1 of 3 - responder.

May be i missed something and PHP has support for Authorizer?

Dear All!

Is there any chance to use php as FastCGI authorizer?

As i see, php-fpm has no options to use predefined script and support
only Responder role.

I tried php-cgi as authorizer as following:

Configure apache to use php-cgi as FastCGIServer (php-cgi under
FastCGI process management), than start php-cgi as "php-cgi -f
.../authscript.php".

I see this in sapi/cgi/cgi_main.c line 2246:
if (script_file) {
/* override path_translated if -f on command line */
So i used -f switch.

There no output (including errors) in any log and no evidence that script was launched.

May be there is a broken magic in determination of fastcgi mode:
sapi/cgi/fastcgi.c
if (getpeername(0, (struct sockaddr *)&sa, &len) != 0 && errno == ENOTCONN) {
fcgi_setup_signals();
return is_fastcgi = 1;
} else {
return is_fastcgi = 0;
}

Because of fcgi_listen contain unambiguous:
is_fastcgi = 1;

i tried next variant:

Configure apache to use php-cgi as FastCGIExternalServer. Php
used as
"php-cgi -b .../gsock -f .../authscript.php"

Socket is created, FastCGI report that connection is done.
But, again, no output in any log and no evidence that script was launched.

In every apache configuration script included as FastCGIAuthorizer , of course.

Any suggestion?

--
Best regards,
Anthony mailto:ant_mail@inbox.ru

--
Best regards,
Anthony mailto:ant_mail@inbox.ru

11 years ago by Rasmus Lerdorf — view source

unread

Please, anybody, explain the current FastCGI support status.

FastCGI specification provides 3 roles: responder, authorizer and
filter (http://www.fastcgi.com/drupal/node/6?q=node/22#S6).

PHP (and php-fpm) support only 1 of 3 - responder.

May be i missed something and PHP has support for Authorizer?

Looks correct. Patches welcome. As far as I know nobody is working on this.

-Rasmus