[Dachs-support] UWS and user access control

Markus Demleitner msdemlei at ari.uni-heidelberg.de
Wed May 4 09:31:26 CEST 2016


Hi Ivan,

On Tue, May 03, 2016 at 06:28:58PM +0200, Ivan Zolotukhin wrote:
> Tested, all works as expected now, except a new bug was discovered
> when accessing a job xml created with HTTP auth headers:
> 
> In gavo serve debug:
> 
> 2016-05-03 18:14:46+0200 [-] *X*X* Can only pass-through bytes on
> Python 2 (see info for traceback)
> 2016-05-03 18:14:46+0200 [-] "10.120.0.14" - - [03/May/2016:16:14:46
> +0000] "GET /stop/lvg/r/uws.xml/7dmR7W HTTP/1.1" 500 530 "-" "-"
> 
> ... and then nothing happens until HTTP timeout is reached.

Ah -- the background here is that if you pass in a unicode string
(hence the mention of python 2 -- the problem is probably gone in
python 3) to any header field in twisted web 1 (which nevow and hence
DaCHS build upon), the whole header is encoded in (IIRC) UCS-32 --
which of course (and rightly) confuses HTTP clients.

In my patch yesterday I forgot to guard against unicode leaking in
the location.  I claim this is fixed in rev. 5028.

If a similar thing happens again (in which case I might not be so
sure where unicode has crept in), you can help me by running

  sudo ngrep -d lo -x ".*" port 8080

repeating the request and sending me the output of the ngrep.

[unsolicited testimonial: ngrep is a terribly useful tool anyway]

Thanks,

      Markus



More information about the Dachs-support mailing list