Re: [Fwd: [Kannel 0000005]: sms-service HTTP Basic Authentication no longer working [1.3.1]]
Hiya, On Friday, March 7, 2003, at 11:39 AM, Bruno David Rodrigues wrote: Citando Stipe Tolj [EMAIL PROTECTED]: Hi Bruno, I see from http://www.kannel.org/cgi- bin/viewcvs.cgi/gateway/gwlib/http.c?annotate=1.184 that you added the following block to gwlib/http.c: ... 1158 davi1.154 for(i = at2 + 1; i at ; i++) 1159octstr_set_char(url, i, '*'); ... which does clear the HTTP basic auth password with stars ('*'). This breaks the HTTP basic auth function, see smsbox.log: Then, url was not used because you won't need it anymore, except for logging, and that's why I've hidden the password. Hiding the password like this does make sense, in case it gets logged or something. Is the code now trying to reuse url variable? I guess that's where the bug is. Yep. parse_url gets called twice. The first time it correctly returns the password and get_connection stuffs it in HTTPServer *trans's password member. Later on, in send_request, it calls parse_url again, nuking the password ;) Without fully understanding the flow of the code, it appears to me that it is not necessary to call parse_url in send_request again as the 'trans' structure is already filled out by get_connection so it already contains the correct password (and other info extracted from the url). So if these lines: if (parse_url(trans-url, trans-host, trans-port, path, trans-ssl, trans-username, trans-password) == -1) goto error; are removed from send_request, things should be ok. Of course, I'm assuming 'trans' is not cleared/overwritten by some other code that gets executed in the mean time. Also, there are two places from which send_request is called, not sure if it's ok to remove the above lines in both cases. Regards, Bas.
Re: [Fwd: [Kannel 0000005]: sms-service HTTP Basic Authentication no longer working [1.3.1]]
Bruno David Rodrigues wrote: I think Bas Schulte is right - second parse_url is not needed. Can you please remove it and test if it works ok ? right, I already worked this out. And will commit the change in a couple of minutes. Another alternative is to create an Octstr *logurl and have it with * and replace every error|debug|info with it. I've even started doing that here but I think first we need to solve the double parse_url. At lest, to prevent memory leaking, if it exists. I moved another value to the trans struct itself, the path (URI). See the cvsdiff when checked in. Stipe [EMAIL PROTECTED] --- Wapme Systems AG Vogelsanger Weg 80 40470 Düsseldorf Tel: +49-211-74845-0 Fax: +49-211-74845-299 E-Mail: [EMAIL PROTECTED] Internet: http://www.wapme-systems.de --- wapme.net - wherever you are
RE: [Fwd: [Kannel 0000005]: sms-service HTTP Basic Authentication no longer working [1.3.1]]
Funny thing is that I can't find what piece of Kannel is calling handle_transaction. I have a suspicion it's never called/used, may be it's an historic left-over? handle_transaction() is a callback function passed to the Conn layer. It is referenced through a pointer which is why it's hard to find. Its definitely not a left-over.
Re: [Fwd: [Kannel 0000005]: sms-service HTTP Basic Authentication no longer working [1.3.1]]
Paul, On Friday, March 7, 2003, at 02:56 PM, Paul Keogh wrote: Funny thing is that I can't find what piece of Kannel is calling handle_transaction. I have a suspicion it's never called/used, may be it's an historic left-over? handle_transaction() is a callback function passed to the Conn layer. It is referenced through a pointer which is why it's hard to find. Its definitely not a left-over. You're right. It is actually referenced from write_request_thread, I missed that one. In that case, the real solution is to remove to call to parse_url in send_request. In all cases, the call to parse_url is done in get_connection in write_request_thread. In both cases where send_request gets called, the code came from write_request_thread, and there parse_url gets called. In Stipe's recent commit, the check on whether the parsing has been done in get_connection: /* if the parsing has not yet been done, then do it now */ if (!trans-host trans-port == 0) { if (parse_url(trans-url, trans-host, trans-port, trans-uri, trans-ssl, trans-username, trans-password) == -1) goto error; } should not be needed (I think), as long as the 'trans' structure is kept around. Anyway, thanks all, I can go back to work ;)