Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

basicAuth filter panics when htpasswd file does not exist #3327

Open
AlexanderYastrebov opened this issue Dec 4, 2024 · 2 comments
Open

basicAuth filter panics when htpasswd file does not exist #3327

AlexanderYastrebov opened this issue Dec 4, 2024 · 2 comments
Labels
bug good first issue

Comments

@AlexanderYastrebov
Copy link
Member

Describe the bug

basicAuth filter panics when htpasswd file does not exist

To Reproduce

$ bin/skipper -inline-routes='*-> basicAuth("/does-not-exist") -> inlineContent("OK\n") -> <shunt>'
[APP]INFO[0000] Expose metrics in codahale format            
[APP]INFO[0000] enable swarm: false                          
[APP]INFO[0000] Replacing tee filter specification           
[APP]INFO[0000] Replacing teenf filter specification         
[APP]INFO[0000] Replacing lua filter specification           
[APP]INFO[0000] route settings, reset, route: : * -> basicAuth("/does-not-exist") -> inlineContent("OK\n") -> <shunt> 
[APP]INFO[0000] route settings received, id: 1               
[APP]INFO[0000] support listener on :9911                    
[APP]INFO[0000] route settings applied, id: 1                
[APP]INFO[0000] Dataclients are updated once, first load complete 
[APP]INFO[0000] Listen on :9090                              
[APP]INFO[0000] TLS settings not found, defaulting to HTTP

Make a request:

$ curl -v test:test@localhost:9090
* Host localhost:9090 was resolved.
* IPv6: ::1
* IPv4: 127.0.0.1
*   Trying [::1]:9090...
* Connected to localhost (::1) port 9090
* Server auth using Basic with user 'test'
> GET / HTTP/1.1
> Host: localhost:9090
> Authorization: Basic dGVzdDp0ZXN0
> User-Agent: curl/8.5.0
> Accept: */*
> 
< HTTP/1.1 500 Internal Server Error
< Content-Length: 22
< Content-Type: text/plain; charset=utf-8
< Server: Skipper
< X-Content-Type-Options: nosniff
< Date: Wed, 04 Dec 2024 12:02:37 GMT
< 
Internal Server Error
* Connection #0 to host localhost left intact

Observe panic message in the logs:

[APP]ERRO[0090] stacktrace of panic caused by: stat /does-not-exist: no such file or directory:
goroutine 57 [running]:
github.com/zalando/skipper/proxy.stack()
        /home/ayastrebov/src/github.com/zalando/skipper/proxy/proxy.go:1167 +0x5e
github.com/zalando/skipper/proxy.(*Proxy).do.func1.1()
        /home/ayastrebov/src/github.com/zalando/skipper/proxy/proxy.go:1179 +0x3c
golang.org/x/time/rate.(*Sometimes).Do(0xc000470c30, 0xc00054f0a8)
        /home/ayastrebov/go/pkg/mod/golang.org/x/time@v0.6.0/rate/sometimes.go:63 +0xf0
github.com/zalando/skipper/proxy.(*Proxy).do.func1()
        /home/ayastrebov/src/github.com/zalando/skipper/proxy/proxy.go:1178 +0x96
panic({0x23d8200?, 0xc0004a0bd0?})
        /usr/local/go/src/runtime/panic.go:785 +0x132
github.com/abbot/go-http-auth.(*File).ReloadIfNeeded(0xc000382050)
        /home/ayastrebov/go/pkg/mod/github.com/abbot/go-http-auth@v0.4.0/users.go:32 +0x159
github.com/zalando/skipper/filters/auth.(*basicSpec).CreateFilter.HtpasswdFileProvider.func2({0xc000014190, 0x4}, {0x2901e10?, 0x1?})
        /home/ayastrebov/go/pkg/mod/github.com/abbot/go-http-auth@v0.4.0/users.go:145 +0x2f
github.com/abbot/go-http-auth.(*BasicAuth).CheckAuth(0xc000524e20, 0xe38daa?)
        /home/ayastrebov/go/pkg/mod/github.com/abbot/go-http-auth@v0.4.0/basic.go:83 +0x118
github.com/zalando/skipper/filters/auth.(*basic).Request(0xc0004580c0, {0x2948a30, 0xc0006a0100})
        /home/ayastrebov/src/github.com/zalando/skipper/filters/auth/basic.go:34 +0x3d
github.com/zalando/skipper/proxy.(*Proxy).applyFiltersToRequest(0xc000470b40, {0xc000330130, 0x2, 0x392b340?}, 0xc0006a0100)
        /home/ayastrebov/src/github.com/zalando/skipper/proxy/proxy.go:893 +0x2d8
github.com/zalando/skipper/proxy.(*Proxy).do(0xc000470b40, 0xc0006a0100, {0x29433e0, 0x3959a20})
        /home/ayastrebov/src/github.com/zalando/skipper/proxy/proxy.go:1226 +0x752
github.com/zalando/skipper/proxy.(*Proxy).ServeHTTP(0xc000470b40, {0x292b3e0, 0xc00043a380}, 0xc0000e2b40)
        /home/ayastrebov/src/github.com/zalando/skipper/proxy/proxy.go:1620 +0x7fe
github.com/zalando/skipper/net.(*ValidateQueryHandler).ServeHTTP(0xc0003303b0, {0x292b3e0, 0xc00043a380}, 0xc0000e2640)
        /home/ayastrebov/src/github.com/zalando/skipper/net/query.go:19 +0x8c
github.com/zalando/skipper/net.(*ValidateQueryLogHandler).ServeHTTP(0xc0003303d0, {0x292b3e0, 0xc00043a380}, 0xc0000e2640)
        /home/ayastrebov/src/github.com/zalando/skipper/net/query.go:30 +0x172
github.com/zalando/skipper/net.(*ConnManager).serveHTTP(0xc0004a06f0, {0x292b3e0, 0xc00043a380}, 0xc0000e2640)
        /home/ayastrebov/src/github.com/zalando/skipper/net/connmanager.go:77 +0x2b3
net/http.HandlerFunc.ServeHTTP(0xe4f219?, {0x292b3e0?, 0xc00043a380?}, 0xc00054fb70?)
        /usr/local/go/src/net/http/server.go:2220 +0x29
net/http.serverHandler.ServeHTTP({0xc0004a08a0?}, {0x292b3e0?, 0xc00043a380?}, 0x6?)
        /usr/local/go/src/net/http/server.go:3210 +0x8e
net/http.(*conn).serve(0xc0004341b0, {0x2930488, 0xc0004a0810})
        /usr/local/go/src/net/http/server.go:2092 +0x5d0
created by net/http.(*Server).Serve in goroutine 1
        /usr/local/go/src/net/http/server.go:3360 +0x485 
[APP]ERRO[0090] error while proxying after 481.157µs, route  with backend shunt ://, status code 500: dialing failed false: panic caused by: stat /does-not-exist: no such file or directory, remote host: ::1, request: "GET / HTTP/1.1", host: localhost:9090, user agent: "curl/8.5.0" 
::1 - - [04/Dec/2024:13:02:37 +0100] "GET / HTTP/1.1" 500 22 "-" "curl/8.5.0" 0 localhost:9090 - -

Expected behavior

  • no panic
  • access denied

Observed behavior

  • panic
  • 500 Server error response
AlexanderYastrebov added a commit to zalando-incubator/kubernetes-on-aws that referenced this issue Dec 4, 2024
@AlexanderYastrebov
skipper: disable basicAuth filter
3ba8e96 
[basicAuth](https://github.com/zalando/skipper/blob/master/docs/reference/filters.md#basicauth) filter
requires htpasswd file that is not available in the ingress setup.

See related zalando/skipper#3327

Signed-off-by: Alexander Yastrebov <alexander.yastrebov@zalando.de>
@AlexanderYastrebov AlexanderYastrebov mentioned this issue Dec 4, 2024
Merged
@wassafshahzad
Copy link

Can I pick this up

@MustafaSaber
Copy link
Member

Can I pick this up

Please, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug good first issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@AlexanderYastrebov @wassafshahzad @MustafaSaber