On Tuesday 06 July 2010 10:12:48 Zhang, Vivian wrote:
The root cause of "osc ci" permission failure is caused by the double http
request for the remote resource access:
For the normal process with allow_anonymous disabled:
1. osc client sends the normal request without authentication header, then server
will give a 401 response with authentication requirement for real "API login".
2. osc client sends the same request again with authentication header which includes
the username and password, e.g.:
"Authorization: Basic amZkaW5nOm1vYmxpbjEyMw=="
Then when allow_anonymous is enabled with IP_ADDR:
1. osc client sends the normal request without authentication header, it passed the
anonymous access check since the api server has the same IP_ADDR as the webui server, it
will login with _nobody_.
So you run osc on the system where your webui is running ?
I have not tested that, I have to admit ...
Here is a workaround:
Adding one line for http_headers in ~/.oscrc, e.g.
+ http_headers: Authorization: Basic amZkaW5nOm1vYmxpbjEyMw==
The encoded string after "Basic" is the base64 encoded
"username:passwd", or you can get it from command:
#echo -n username:passwd | base64
Anyway, it is a workaround from osc client side. Any good solution on the
authentication check in server side?
Maybe checking for the client and only accept the anonymouse mode, if the webui is doing
From: Jan Engelhardt [mailto:email@example.com]
Sent: Thursday, July 01, 2010 5:46 PM
To: Adrian Schr?ter
Cc: Zhang, Vivian; Robert Xu; opensuse-buildservice(a)opensuse.org
Subject: Re: [opensuse-buildservice] anonymous access support
On Thursday 2010-07-01 11:37, Adrian Schröter wrote:
On Thursday 01 July 2010 10:59:19 Zhang, Vivian
Then to clarify it, "enabling anon access
breaks osc ci " is a expected behavior or a new issue caused by using ip_addr?
No, our instance api.opensuse.org
is running fine with anonymous support.
11:44 ares:../osc2/osc > osc ci -m .
WARNING: validator directory /usr/lib/osc/source_validators configured,
but not existing. Skipping ...
Server returned an error: HTTP Error 403: Forbidden
no permission to execute command 'copy'
And this 403 goes away if I disable allow_anonymous.
SUSE Linux Products GmbH
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org