Mailing List Archive

Updates:
Status: Started

Comment #1 on issue 313 by ste...@konink.de: Validator; pass through / dummy
http://code.google.com/p/cherokee/issues/detail?id=313

The biggest obstacle in the implementation in the last paragraph is the:

/* Look for authentication in the headers:
* It's done on demand because the directory maybe don't have
protection
*/

...this basically hinders any non-authenticated request actually falling
into a
garbage can that can be checked against.


My proposal would be:

Index: validator.c
===================================================================
--- validator.c (revision 2696)
+++ validator.c (working copy)
@@ -54,6 +54,8 @@
cherokee_buffer_init (&validator->cnonce);
cherokee_buffer_init (&validator->algorithm);
cherokee_buffer_init (&validator->nc);
+
+ validator->httpmethods = http_all_methods;

return ret_ok;
}
Index: validator.h
===================================================================
--- validator.h (revision 2696)
+++ validator.h (working copy)
@@ -60,6 +60,7 @@
/* Properties
*/
cherokee_http_auth_t support;
+ cherokee_http_method_t httpmethods;

/* Authentication info
*/

Index: connection.c
===================================================================
--- connection.c (revision 2696)
+++ connection.c (working copy)
@@ -1754,16 +1754,10 @@

/* Return, there is nothing to do here
*/
- if (config_entry->validator_new_func == NULL)
+
+ if (config_entry->validator_new_func == NULL)
return ret_ok;

- /* Look for authentication in the headers:
- * It's done on demand because the directory maybe don't have
protection
- */
- ret = cherokee_header_get_known (&conn->header,
header_authorization, &ptr,
&len);
- if (ret != ret_ok) {
- goto unauthorized;
- }

/* Create the validator object
*/
@@ -1773,6 +1767,17 @@
goto error;
}

+ if ((conn->validator->httpmethods & conn->header.method) == 0)
+ return ret_ok;
+
+ /* Look for authentication in the headers:
+ * It's done on demand because the directory maybe don't have
protection
+ */
+ ret = cherokee_header_get_known (&conn->header,
header_authorization, &ptr,
&len);
+ if (ret != ret_ok) {
+ goto unauthorized;
+ }
+
/* Read the header information
*/
ret = get_authorization (conn, config_entry->authentication,
conn->validator,
ptr, len);

(maybe a bit fat assert on header.method == 0, but then again, it is
unlikely it
arrives there)


If we all agree on the above or the Spanish polishing machine gets to work
on it. We
could implement a nice !GET = 0 etc. thing.

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev@lists.octality.com
http://lists.octality.com/listinfo/cherokee-dev

Comment #2 on issue 313 by skarcha: Validator; pass through / dummy
http://code.google.com/p/cherokee/issues/detail?id=313

> My fundamental problems is that I want auth on a PUT/POST but not on a
GET,
and don't want to duplicate cherokee_connection_check_authentication.

Mmmm... Couldn't it be done using merged or complex rules?


--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev@lists.octality.com
http://lists.octality.com/listinfo/cherokee-dev

Comment #3 on issue 313 by ste...@konink.de: Validator; pass through / dummy
http://code.google.com/p/cherokee/issues/detail?id=313

I think the check for authentication only on POST could be done by 'HTTP
method'. The
dummy validator to make the actual structure available in Cherokee is then
still an
open issue.

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev@lists.octality.com
http://lists.octality.com/listinfo/cherokee-dev

Comment #4 on issue 313 by ste...@konink.de: Validator; pass through / dummy
http://code.google.com/p/cherokee/issues/detail?id=313

skarcha; could you propose a sequence of rules that auths a specific
directory on PUT
and POST?

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev@lists.octality.com
http://lists.octality.com/listinfo/cherokee-dev

Comment #5 on issue 313 by skarcha: Validator; pass through / dummy
http://code.google.com/p/cherokee/issues/detail?id=313

This is my first try with complex rules, and I have not tested it, but is
inspired in
QA scripts:

vserver!1!rule!900!match = and
vserver!1!rule!900!match!left = method
vserver!1!rule!900!match!left!method = put
vserver!1!rule!900!match!right = directory
vserver!1!rule!900!match!right!directory = /onedir
vserver!1!rule!900!match!final = 1
vserver!1!rule!900!handler = cgi
vserver!1!rule!900!auth = htpasswd
vserver!1!rule!900!auth!methods = basic
vserver!1!rule!900!auth!passwdfile = .htpasswd
vserver!1!rule!900!auth!realm = Administration
vserver!1!rule!900!auth!users = admin

vserver!1!rule!800!match = and
vserver!1!rule!800!match!left = method
vserver!1!rule!800!match!left!method = post
vserver!1!rule!800!match!right = directory
vserver!1!rule!800!match!right!directory = /onedir
vserver!1!rule!800!match!final = 1
vserver!1!rule!800!handler = cgi
vserver!1!rule!800!auth = htpasswd
vserver!1!rule!800!auth!methods = basic
vserver!1!rule!800!auth!passwdfile = .htpasswd
vserver!1!rule!800!auth!realm = Administration
vserver!1!rule!800!auth!users = admin

I hope this inspire you.


--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev@lists.octality.com
http://lists.octality.com/listinfo/cherokee-dev

Comment #6 on issue 313 by alobbs: Validator; pass through / dummy
http://code.google.com/p/cherokee/issues/detail?id=313

Yeah, you can do that by using complex rules.
The only issue is that Cherokee-admin is still missing these rule modules.
It's going to be tough to rewrite the
rule support in order to support this stuff. :-mmm

Stefan, if you agree, please close the bug.

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev@lists.octality.com
http://lists.octality.com/listinfo/cherokee-dev

Comment #7 on issue 313 by ste...@konink.de: Validator; pass through / dummy
http://code.google.com/p/cherokee/issues/detail?id=313

I agree on the complex rules (I have it set up like that and it works!) But
I still
need to have a permanent solution for a dummy validator :)

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev@lists.octality.com
http://lists.octality.com/listinfo/cherokee-dev

Comment #8 on issue 313 by skarcha: Validator; pass through / dummy
http://code.google.com/p/cherokee/issues/detail?id=313

> I agree on the complex rules (I have it set up like that and it works!)

Good!, thanks for confirming... :)

> But I still need to have a permanent solution for a dummy validator :)

Sorry, but I don't understand why do you need it... Could you please
elaborate a
little bit more?


--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev@lists.octality.com
http://lists.octality.com/listinfo/cherokee-dev

Comment #9 on issue 313 by ste...@konink.de: Validator; pass through / dummy
http://code.google.com/p/cherokee/issues/detail?id=313

I want a validator that in principle throws up authentication, but always
returns
ret_ok in the check function.

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev@lists.octality.com
http://lists.octality.com/listinfo/cherokee-dev

Comment #10 on issue 313 by skarcha: Validator; pass through / dummy
http://code.google.com/p/cherokee/issues/detail?id=313

Ahhh... I see. :-)


--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev@lists.octality.com
http://lists.octality.com/listinfo/cherokee-dev

Comment #11 on issue 313 by ste...@konink.de: Validator; pass through /
dummy
http://code.google.com/p/cherokee/issues/detail?id=313

Not checked if it is correct; I would really love if someone could removed
autoconf/automake from this project and add something that actually allows
to test
new sources files :\

Attachments:
validator_dummy.c 2.0 KB
validator_dummy.h 1.6 KB

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev@lists.octality.com
http://lists.octality.com/listinfo/cherokee-dev

Updates:
Status: WaitingQA
Labels: -Priority-High Priority-Low

Comment #12 on issue 313 by ste...@konink.de: Validator; pass through /
dummy
http://code.google.com/p/cherokee/issues/detail?id=313

We can check this out later.

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev@lists.octality.com
http://lists.octality.com/listinfo/cherokee-dev

Comment #13 on issue 313 by ste...@konink.de: Validator; pass through /
dummy
http://code.google.com/p/cherokee/issues/detail?id=313

https://github.com/skinkie/webserver/commit/c5c0868130d2b57b1b05ac4d418340cf5fc17895

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev@lists.octality.com
http://lists.octality.com/listinfo/cherokee-dev