Re: [Fwd: [Kannel 0000005]: sms-service HTTP Basic Authentication no longer working [1.3.1]]
Hiya,
On Friday, March 7, 2003, at 11:39 AM, Bruno David Rodrigues wrote:
Citando Stipe Tolj [EMAIL PROTECTED]:
Hi Bruno,
I see from
http://www.kannel.org/cgi-
bin/viewcvs.cgi/gateway/gwlib/http.c?annotate=1.184
that you added the following block to gwlib/http.c:
...
1158 davi1.154 for(i = at2 + 1; i at ; i++)
1159octstr_set_char(url, i, '*');
...
which does clear the HTTP basic auth password with stars ('*'). This
breaks the HTTP basic auth function, see smsbox.log:
Then, url was not used because you won't need it anymore, except for
logging,
and that's why I've hidden the password.
Hiding the password like this does make sense, in case it gets logged or
something.
Is the code now trying to reuse url variable? I guess that's where the
bug is.
Yep. parse_url gets called twice. The first time it correctly returns
the password and get_connection stuffs it in HTTPServer *trans's
password member. Later on, in send_request, it calls parse_url again,
nuking the password ;)
Without fully understanding the flow of the code, it appears to me that
it is not necessary to call parse_url in send_request again as the
'trans' structure is already filled out by get_connection so it already
contains the correct password (and other info extracted from the url).
So if these lines:
if (parse_url(trans-url, trans-host, trans-port, path,
trans-ssl,
trans-username, trans-password) == -1)
goto error;
are removed from send_request, things should be ok. Of course, I'm
assuming 'trans' is not cleared/overwritten by some other code that gets
executed in the mean time. Also, there are two places from which
send_request is called, not sure if it's ok to remove the above lines in
both cases.
Regards,
Bas.
Re: [Fwd: [Kannel 0000005]: sms-service HTTP Basic Authentication no longer working [1.3.1]]
Bruno David Rodrigues wrote: I think Bas Schulte is right - second parse_url is not needed. Can you please remove it and test if it works ok ? right, I already worked this out. And will commit the change in a couple of minutes. Another alternative is to create an Octstr *logurl and have it with * and replace every error|debug|info with it. I've even started doing that here but I think first we need to solve the double parse_url. At lest, to prevent memory leaking, if it exists. I moved another value to the trans struct itself, the path (URI). See the cvsdiff when checked in. Stipe [EMAIL PROTECTED] --- Wapme Systems AG Vogelsanger Weg 80 40470 Düsseldorf Tel: +49-211-74845-0 Fax: +49-211-74845-299 E-Mail: [EMAIL PROTECTED] Internet: http://www.wapme-systems.de --- wapme.net - wherever you are
RE: [Fwd: [Kannel 0000005]: sms-service HTTP Basic Authentication no longer working [1.3.1]]
Funny thing is that I can't find what piece of Kannel is calling handle_transaction. I have a suspicion it's never called/used, may be it's an historic left-over? handle_transaction() is a callback function passed to the Conn layer. It is referenced through a pointer which is why it's hard to find. Its definitely not a left-over.
Re: [Fwd: [Kannel 0000005]: sms-service HTTP Basic Authentication no longer working [1.3.1]]
Paul,
On Friday, March 7, 2003, at 02:56 PM, Paul Keogh wrote:
Funny thing is that I can't find what piece of Kannel is calling
handle_transaction. I have a suspicion it's never called/used, may be
it's an historic left-over?
handle_transaction() is a callback function passed to the Conn layer.
It is referenced through a pointer which is why it's hard to find.
Its definitely not a left-over.
You're right. It is actually referenced from write_request_thread, I
missed that one.
In that case, the real solution is to remove to call to parse_url in
send_request. In all cases, the call to parse_url is done in
get_connection in write_request_thread. In both cases where send_request
gets called, the code came from write_request_thread, and there
parse_url gets called.
In Stipe's recent commit, the check on whether the parsing has been done
in get_connection:
/* if the parsing has not yet been done, then do it now */
if (!trans-host trans-port == 0) {
if (parse_url(trans-url, trans-host, trans-port,
trans-uri, trans-ssl,
trans-username, trans-password) == -1)
goto error;
}
should not be needed (I think), as long as the 'trans' structure is kept
around.
Anyway, thanks all, I can go back to work ;)
