Question

I have installed TWiki on Redhat Linux 9.0. The TWiki appeared to run very well when testing with localhost. I was able to add new users, new links, edit pages, and add attachments. Before getting a DNS entry, I decided to use just the address returned by the DHCP service. All seemed to work well until I tried to add a user. The problem is that registration fails with a Server Error 500 (see attached WebHome.html). I am using the TWikiRegistrationPub.txt as the TWikiRegistration.txt so that passwords can be added for edit authentication. The password, entered during registration, appears in the .htpasswd file, but no user home page is constructed. To test I have been having to edit the .htpasswd file to remove the password, else register thinks that the user is in the system.

My take on the subject is that the issue seems to be associated with Perl's perception of tainting during the connect() subroutine. Line 114 of the Sockets.pm is identified as the problem child by the error_log.

I do not know Perl well enough to understand exactly what the issue is with the code, and we currently cannot add additional users without putting the service on localhost.

I have provided the attachments that indicate the symptoms that I am seeing with the issue. If you need additional information, do not hesitate to ask.

Your help is greatly appreciated.

Thanks in advance.

Environment

TWiki version:	TWikiRelease01Feb2003
TWiki plugins:	DefaultPlugin
Server OS:	Redhat Linux 9.0
Web server:	Apache 2.0
Perl version:	5.8.0
Client OS:	MS Windows XP
Web Browser:	Mozilla

-- ClaytonHuntsman - 04 Sep 2003

Answer

Thanks for all the info, particularly the error_log. Some ideas:

• Try removing the -T switch from first line of register - not a good idea in long term though
• Are you using Apache 2.0 Digest authentication? There was a message about this in the error log.
  • There have been issues here but since it works OK on localhost this is probably not the problem. Have a look at IssuesWithApache2dot0, FailedAuthenticationWithApache2OnWinNT, ConfigurablePasswordFileHandling and IssuesWithPerl5dot8 just in case though.
• Are you on a dynamic address using DHCP? This could really confuse things if the lease changes.

Is there some way to get register to report more info when it dies, I wonder? Normally CPAN:CGI::Carp makes this happen but it's not working here for some reason, perhaps due to the redirects in various places. If this is too much hassle, just put in some writeDebug statements in various places until you figure out where it is dying and why.

The Socket.pm part is probably related to sending the confirmation email, so check your config, post your TWiki.cfg, and make sure that mailnotify works when sending email. Again, a more detailed backtrace would help explain this, CGI::Carp's carpout may help here (divert error output to a supplementary file writable by CGI programs). Commenting out the email sending part is also an option.

-- RichardDonkin - 04 Sep 2003

---

KevinHudson and I tried removing the -T from the register script. Lo' and behold, the registration worked--including the notification email.

After restoring the -T, we used TWiki::writeDebug() statements to try to isolate the location where the tainting (or absence of untainting) is causing the issue.

The following snippet from register ....

TWiki::writeDebug("Right before sendEmail happens");

    my $senderr = &TWiki::Net::sendEmail( $text );

TWiki::writeDebug("Right after sendEmail happens");

Yielded this in the last line of the debug.txt file ...

04 Sep 2003 - 15:39 Right before sendEmail happens

as a result of the registration attempt. So, it would appear that the problem is associated with the sendEmail call. We are doing what we can to continue to isolate the problem. However, any guidance you can give at this point would be appreciated.

cheers.

-- ClaytonHuntsman - 04 Sep 2003

---

We have figured out what the problem is. I have attached lib/TWiki/Net.pm. This has debugging statements in it. I have also attached the debug.txt, as it should appear when all goes well. The problem appears to be that $mailHost is considered tainted. I think that there is also a problem with the $helloHost as well, but the variable is not set in our system. We are not PERL programmers, but cobbled together some untainting that gets Net.pm working. I would really appreciate the return of a Net.pm that has been code reviewed with the best way to do the untainting.

You were absolutely correct about the Socket usage during email confirmation. I hadn't even noticed that the email confirmation was not working correctly, since we could send emails through the link on the user page and through 'mail' on the command line. Thanks so much for your guidance on this point.

I now feel a little more confident about exploring issues. So, I had better start learning PERL!

Thanks again for your help.

PS: If you need additional info, just write.

cheers.

Programmers 1, Bugs 0 -- how long is the game anyway?

-- ClaytonHuntsman - 04 Sep 2003

Glad it's working! It would be good to see your TWiki.cfg and TWikiPreferences to understand what configuration is driving this. I'm curious to figure out why you are seeing this and nobody else - could perhaps be that most Linux/Unix users use sendmail rather than CPAN:Net::SMTP.

See PerlTips for some links on Perl...

-- RichardDonkin - 05 Sep 2003

---

I have attached the files you requested. Hope they indicate what we are doing incorrectly.

Thanks again.

-- ClaytonHuntsman - 05 Sep 2003

Try setting the SMTP sender host in TWikiPreferences. It's possible that Net::SMTP's guessing the sending host is confused by the fact you are on DHCP and don't yet have a DNS entry. Also, try setting a hostname for your current IP address in /etc/hosts and make sure that /etc/nsswitch.conf or whatever it's called is set to check the hosts file.

If that doesn't help, make sure that this and the SMTP mail host are full domain names, in case that helps.

Alternatively, just avoid using Net::SMTP and use sendmail instead - this would require a change to TWiki/Net.pm before the if ( $useNetSmtp ) { line, to set $useNetSmtp to 0. There's no clean way of turning this off, unfortunately, which is something of a bug considering the Perl administrator could install this module without telling the TWiki administrator...

-- RichardDonkin - 05 Sep 2003

---

I noticed same problem too with mailnotify. It used to work before, but now it didn't. I am not sure what has changed, at least Perl modules have been updated (I have Redhat 8). Forcing Net.pm to use sendmail instead of Net::SMTP helped.

-- HarriVartiainen - 07 Oct 2003

I was having the same problem after upgrading my perl from 5.6 to 5.8.1. Once I made the change to $useNetSmtp to be 0 it started working again.

-- KevinGagel - 07 Jan 2004

There's no need to change TWiki/Net.pm to deactivate Net::SMTP. One only needs to clear the SMTP sender host value in TWikiPreferences.

-- PatriceFournier - 13 Jul 2004

Actually, I tried unsetting SMTPSENDERHOST, and it still whined about the -T switch. i set $useNetSmtp = 0; and only then did it work. Dunno why it did this shenanigan, but it did. I ran it from the CLI though, via su $web_daemon_user -c "mailnotify -q". I don't know if that makes a difference or not from running from the cron job i set up for it. FYI, this came up when i was just running the mailnoitfy -q job to gather info on what topics changed (it's a daily cron run, as suggested by the docs).

-- EricCote - 13 Feb 2005

Similar Question

I have installed TWiki on Redhat Linux 9.0. I do not have a DNS for the twiki server. Now the issue arises when I try to register as a new user on twiki. I submit the page and get error 500. However the user appears in the list of registered users and in the .htpasswdfile. I can not register with this user now. When I use this to login I can't see the logged in pages and registration form is displayed.

I simply need to disable Guest editing on this wiki. We are also evaluating MediaWiki and would like to see twiki in action as well.

Amresh

Thanks in advance.