Mailinglist Archive: opensuse-buildservice (306 mails)

< Previous Next >
RE: [opensuse-buildservice] anonymous access support
  • From: "Zhang, Vivian" <vivian.zhang@xxxxxxxxx>
  • Date: Wed, 30 Jun 2010 14:50:56 +0800
  • Message-id: <625BA99ED14B2D499DC4E29D8138F15034266EA353@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Specify the ip addr as "webui_host" can solve anonymous access issue.
You should set webui_host the same as request.env['REMOTE_ADDR'] ] to pass the
check, like :
webui_host: "::ffff:10.239.36.25"

But the fixing imports another issue. :) The osc client will login as the
_nobody_ by default which caused permission issues.
And my request.env.inspect:
request.env.inspect =
{"rack.session"=>{:session_id=>"f7b1177cf432f9bf9e8019b41bb36c51"},
"HTTP_HOST"=>"api.obstest.sh.intel.com", "HTTP_ACCEPT"=>"*/*",
"SERVER_NAME"=>"api.obstest.sh.intel.com", "REQUEST_PATH"=>"/",
"rack.url_scheme"=>"http", "HTTP_USER_AGENT"=>"buildservice-webclient/1.0",
"action_controller.request.request_parameters"=>{},
"rack.errors"=>#<FCGI::Stream:0xb6758954>, "CONTENT_TYPE"=>"text/plain",
"SERVER_PROTOCOL"=>"HTTP/1.1", "FCGI_ROLE"=>"RESPONDER", "rack.version"=>[1,
0], "rack.run_once"=>false, "REMOTE_ADDR"=>"::ffff:10.239.36.25",
"SERVER_SOFTWARE"=>"lighttpd/1.4.20", "SCRIPT_NAME"=>"/dispatch.fcgi",
"SERVER_ADDR"=>"::ffff:10.239.36.25", "HTTP_VERSION"=>"HTTP/1.1",
"rack.multithread"=>false,
"action_controller.request.path_parameters"=>{"action"=>"workerstatus",
"controller"=>"status"}, "rack.multiprocess"=>true,
"REQUEST_URI"=>"/status/workerstatus", "REMOTE_PORT"=>"39996",
"rack.request.query_hash"=>{}, "SERVER_PORT"=>"80",
"rack.session.options"=>{:domain=>nil, :expire_after=>nil, :key=>"_session_id",
:id=>"f7b1177cf432f9bf9e8019b41bb36c51", :httponly=>true, :path=>"/"},
"REQUEST_METHOD"=>"GET", "DOCUMENT_ROOT"=>"/srv/www/obs/api/public",
"action_controller.request.query_parameters"=>{},
"action_controller.rescue.request"=>#<ActionController::Request:0xb67576e4
@env={...}, @request_method=:get, @content_type=#<Mime::Type:0xb6d584d0
@string="text/plain", @synonyms=[], @symbol=:text>,
@parameters={"action"=>"workerstatus", "controller"=>"status"}>,
"SCRIPT_FILENAME"=>"/srv/www/obs/api/public/dispatch.fcgi",
"rack.request.query_string"=>"",
"action_controller.rescue.response"=>#<ActionController::Response:0xb6757568
@request=#<ActionController::Request:0xb67576e4 @env={...},
@request_method=:get, @content_type=#<Mime::Type:0xb6d584d0
@string="text/plain", @synonyms=[], @symbol=:text>,
@parameters={"action"=>"workerstatus", "controller"=>"status"}>,
@session={:session_id=>"f7b1177cf432f9bf9e8019b41bb36c51"},
@header={"X-Opensuse-APIVersion"=>"1.9", "Cache-Control"=>"no-cache"},
@writer=#<Proc:0xb66f3ce8@/usr/lib/ruby/gems/1.8/gems/actionpack-2.3.5/lib/action_controller/response.rb:46>,
@redirected_to=nil, @template=#<ActionView::Base:0xb6757388
@helpers=#<ActionView::Base::ProxyModule:0xb675734c>,
@controller=#<StatusController:0xb675743c
@_request=#<ActionController::Request:0xb67576e4 @env={...},
@request_method=:get, @content_type=#<Mime::Type:0xb6d584d0
@string="text/plain", @synonyms=[], @symbol=:text>,
@parameters={"action"=>"workerstatus", "controller"=>"status"}>,
@performed_redirect=false, @request_origin="::ffff:10.239.36.25 at 2010-06-30
14:05:41", @_headers={"X-Opensuse-APIVersion"=>"1.9",
"Cache-Control"=>"no-cache"}, @template=#<ActionView::Base:0xb6757388 ...>,
@_response=#<ActionController::Response:0xb6757568 ...>,
@before_filter_chain_aborted=false,
@_session={:session_id=>"f7b1177cf432f9bf9e8019b41bb36c51"},
@performed_render=false, @action_name="workerstatus",
@_params={"action"=>"workerstatus", "controller"=>"status"},
@url=#<ActionController::UrlRewriter:0xb6755b8c
@request=#<ActionController::Request:0xb67576e4 @env={...},
@request_method=:get, @content_type=#<Mime::Type:0xb6d584d0
@string="text/plain", @synonyms=[], @symbol=:text>,
@parameters={"action"=>"workerstatus", "controller"=>"status"}>,
@parameters={"action"=>"workerstatus", "controller"=>"status"}>,
@real_format=nil, @auth_method=:basic>, @_current_render=nil,
@view_paths=["/srv/www/obs/api/app/views"], @assigns_added=nil,
@_first_render=nil, @assigns={}>, @body=["", []], @block=nil, @status=200,
@assigns=[]>, "rack.input"=>#<Rack::RewindableInput:0xb675829c
@io=#<FCGI::Stream:0xb675897c>, @unlinked=false, @rewindable_io=nil>,
"REDIRECT_STATUS"=>"200", "QUERY_STRING"=>"", "GATEWAY_INTERFACE"=>"CGI/1.1"}

Thanks.
vivian

-----Original Message-----
From: Jan Engelhardt [mailto:jengelh@xxxxxxxxxx]
Sent: Wednesday, June 30, 2010 2:27 PM
To: Adrian Schröter
Cc: opensuse-buildservice@xxxxxxxxxxxx; Zhang, Vivian
Subject: Re: [opensuse-buildservice] anonymous access support


On Wednesday 2010-06-30 07:57, Adrian Schröter wrote:
On Wednesday 30 June 2010 05:15:25 Zhang, Vivian wrote:
Hi,
I have setup OBS 2.0.1 on my local machine and tried to enable anonymous
access.

Here is my config in /srv/www/obs/api/config/options.xml:

allow_anonymous: true
webui_host: build.obstest.sh.intel.com

Unfortunately, it does not work, the log reports :
Processing StatusController#workerstatus (for ::ffff:10.239.36.25 at
2010-06-30 11:09:50) [GET]
[D|# 8304] AUTH:
[D|# 8304] remote_host:
[D|# 8304] remote_addr: ::ffff:10.239.36.25
[D|# 8304] no authentication string was sent

Seems the request.env['REMOTE_HOST'] is NULL and it failed at the host check
at:
[...app/controllers/application_controller.rb]
if @http_user.nil? and CONFIG['allow_anonymous'] and CONFIG['webui_host']
and [ request.env['REMOTE_HOST'], request.env['REMOTE_ADDR'] ].include?(
CONFIG['webui_host'] )

Any comments?

Try to specify the ip addr as "webui_host". lighttpd 1.4 seems to
require that since it does no dns lookup for that.

Putting the address into webui_host doesn't change the situation
here, either.

If that does not help, I would be interessted in the output of
"request.env.inspect" near this code line.

08:20 ares:../obs/api # grep -r request.env.inspect .
grep: ./tmp/sockets/fcgi.socket-4: No such device or address
grep: ./tmp/sockets/fcgi.socket-7: No such device or address
grep: ./tmp/sockets/fcgi.socket-10: No such device or address
grep: ./tmp/sockets/fcgi.socket-1: No such device or address
grep: ./tmp/sockets/fcgi.socket-0: No such device or address
grep: ./tmp/sockets/fcgi.socket-9: No such device or address
grep: ./tmp/sockets/fcgi.socket-3: No such device or address
grep: ./tmp/sockets/fcgi.socket-8: No such device or address
grep: ./tmp/sockets/fcgi.socket-6: No such device or address
grep: ./tmp/sockets/fcgi.socket-5: No such device or address
grep: ./tmp/sockets/fcgi.socket-2: No such device or address
grep: ./tmp/sockets/fcgi.socket-11: No such device or address

N�����r��y隊Z)z{.����Wlz��qﮞ˛���m�)z{.��+�Z+i�b�*'jW(�f�vǦj)h����Ǜ�)]����Ǿ��i�������
< Previous Next >