Your message dated Thu, 12 Jan 2017 16:03:42 +0000
with message-id <[email protected]>
and subject line Bug#739566: fixed in dacs 1.4.38a-1
has caused the Debian Bug report #739566,
regarding dacs_signout interoperability papercuts
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
739566: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739566
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: dacs
Version: 1.4.27b-2
Severity: wishlist
Hello,
Thank you for maintaining dacs.
Today I have implemented logging a user out of all our DACS sites. An
example use case for it would be making sure that access is completely
revoked before allowing another family member to use my computer.
Since we do not have a single global cookie, but do auth transfer across
sites, logging out means giving each site a chance to talk to the
browser to expire its cookie.
My first idea was to build a redirect chain and then redirect to
something like this:
https://site1/dacs_signout?next=http%3A//site/dacs_signout2%3Fnext%3Dhttp%253A//site3/dacs_signout
But dacs_signout does not support beign passed a redirect url, and only
redirects to a single url as set in DACS configuration.
So, in my logout page, I created a cookie that contains the list of
dacs_signout urls to be visited, and then I rely on dacs_signout always
redirecting to my logout page.
That almost worked, but the redirect dance stops at the first site for
which the user had not transferred credentials: in that case,
dacs_signout would show an explanatory page, breaking the redirect
chain.
In the end, I implemented a dacs_signout wrapper, which checks if the
user if logged in before redirecting to dacs_signout. If the user was
not logged in, it redirects directly back to the logout page.
It works, but it means that logging out can require up to 3 redirect
steps for each domain to which we can potentially transfer auth.
If I could pass a redirect url to dacs_signout, and have it called
anyway, whether the user was logged in or not, then logging out could
require 1 redirect step per domain, with each dacs_signout redirecting
to the next dacs_signout in the chain, and that would be the optimal
numoer of redirects, since we do need to visit each domain at least
once.
Ciao,
Enrico
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: dacs
Source-Version: 1.4.38a-1
We believe that the bug you reported is fixed in the latest version of
dacs, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christoph Berg <[email protected]> (supplier of updated dacs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 12 Jan 2017 16:22:08 +0100
Source: dacs
Binary: dacs libapache2-mod-dacs libdacs1 libdacs-dev dacs-examples
Architecture: source
Version: 1.4.38a-1
Distribution: unstable
Urgency: medium
Maintainer: Christoph Berg <[email protected]>
Changed-By: Christoph Berg <[email protected]>
Description:
dacs - Distributed Access Control System (DACS)
dacs-examples - Distributed Access Control System (DACS) - example web root
libapache2-mod-dacs - Distributed Access Control System (DACS) - Apache Module
libdacs-dev - Distributed Access Control System (DACS) - development files
libdacs1 - Distributed Access Control System (DACS) - shared library
Closes: 703552 729410 739566 740413
Changes:
dacs (1.4.38a-1) unstable; urgency=medium
.
* New upstream version.
+ Do not check/set mode of a log file that does not exist or is not a
regular file. (Closes: #729410)
+ Added the DACS_SIGNOUT_RESULT parameter to a SIGNOUT_HANDLER URL and
extended SIGNOUT_HANDLER to explicitly allow a user-specified signout
handler URL to override a default URL. See dacs_signout(8) and
dacs.conf(5) for details. (Closes: #739566)
+ For Linux, use _DEFAULT_SOURCE instead of _BSD_SOURCE. (Closes: #703552)
+ Avoid producing a duplicate error message in dacs_auth_transfer.
(Closes: #740413)
Checksums-Sha1:
69dce5bc373b634e37d1c8fd55560fbdbf9d5789 2282 dacs_1.4.38a-1.dsc
2dbca938551af6df7aafaa903c7172541d4039b1 3197601 dacs_1.4.38a.orig.tar.bz2
c40743d9ade27f9a836dfa6f4aa2192b2e794128 18416 dacs_1.4.38a-1.debian.tar.xz
Checksums-Sha256:
32c77dc866d555afb5854e8a09672f8ab4cf67619ea06ac200f965643e186756 2282
dacs_1.4.38a-1.dsc
69f246417af111d66a570247bd682354721152961765a94df601de5bb5ae4ddc 3197601
dacs_1.4.38a.orig.tar.bz2
ec2897cc73ba59aac339589ad3cd598c1805e91c31422c6b27504caa994a3376 18416
dacs_1.4.38a-1.debian.tar.xz
Files:
2d6b50af4f75cfb064a54e2eae0a7dfa 2282 web optional dacs_1.4.38a-1.dsc
1281a876a1c1ab748b13d3d09d6e2529 3197601 web optional dacs_1.4.38a.orig.tar.bz2
da4384fa0d962cdc96be331f024b66a9 18416 web optional
dacs_1.4.38a-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAlh3pJ4ACgkQTFprqxLS
p66KHg/+NXDKslNCrjaYwMijLPeXA22s8ufNKiVkP5sj7EN6YFXiTALcdhCKp5HP
JoDAe3fH+P5Lqh7hQJpcYMTSeDx1M/GJPsCpTaYpYsPxjyWYe+Iy34vThWCZeLPU
qxVJSbTdWTeYdF52K9VL2RSjssURrNmDoEtWSh1jDZo7gUJV8aDCqhuP2N6/e+/9
YVYXNjA65/DweEYvY6Qa1IUf18b73KsrFwlNX2DU71WAY0oIitGooV5fCrLBa2we
yCt02/KtPNOa50g56BELroFbmCwQNv4M/yX6GWEuYi6a7xDHZTtOnOBK6twWmrM9
z4k+gIiLdEOMXXeXFKjFi8iDhOzFbe1DwCi+O9fn8IPSunCjkdEMCPDiiBqHNm4h
WLPzCisI4DXi9rDkN3e2mq6RlPyJsjU83sRKDrn6wolc1wMLi0/zkH0b55dmDq3Y
YLLvJNuDVgjl3Qb6cBkFcC0Ln5+0FvM3pZFdfJJdQKq/UNGwQ/3i+eSWkQ2W1+5b
X75wZqfa5lk4TPB+Hg3nrhqg3k19xa93cwTbOz4msASKentpYwVhASYxjloXWtYH
TZLWtYZgOM/w1nXcMHDzsIMMTMnP2AQR9FuuXKw/YqgYxeAiRrw74ABKrcoCRD2h
GcfA5bp0+bQncbQ3LKfB+pfWCMbVoZnLIJ/tM1ohvYzSNPxps5o=
=bAB5
-----END PGP SIGNATURE-----
--- End Message ---
