Mailinglist Archive: opensuse-buildservice (332 mails)

< Previous Next >
Re: [opensuse-buildservice] anonymous access support
  • From: Jan Engelhardt <jengelh@xxxxxxxxxx>
  • Date: Tue, 6 Jul 2010 10:54:40 +0200 (CEST)
  • Message-id: <alpine.LSU.2.01.1007061054110.22139@xxxxxxxxxxxxxxx>

On Tuesday 2010-07-06 10:37, Thomas Schmidt wrote:
The root cause of "osc ci" permission failure is caused by the double http
request for the remote resource access:
For the normal process with allow_anonymous disabled:
1. osc client sends the normal request without authentication header,
then server will give a 401 response with authentication requirement for
real "API login".
2. osc client sends the same request again with authentication header
which includes the username and password, e.g.:
"Authorization: Basic amZkaW5nOm1vYmxpbjEyMw=="

Then when allow_anonymous is enabled with IP_ADDR:
1. osc client sends the normal request without authentication header, it
passed the anonymous access check since the api server has the same IP_ADDR
as the webui server, it will login with _nobody_.

Maybe it would be a good idea if the osc client always sends the
authentication header by default?

I think so too, yes. That is what "most" other SCMs do.
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >