Send modauthtkt-users mailing list submissions to
modauthtkt-users@lists.sourceforge.net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/modauthtkt-users
or, via email, send a message with subject or body 'help' to
modauthtkt-users-requ...@lists.sourceforge.net
You can reach the person managing the list at
modauthtkt-users-ow...@lists.sourceforge.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of modauthtkt-users digest..."
Today's Topics:
1. Re: Query arg separator in generated URLs (Peter Karman)
2. Re: ipv6 hashing support patch (Gavin Carr)
3. Re: Query arg separator in generated URLs (Gavin Carr)
4. Re: Query arg separator in generated URLs (Michael Peters)
5. Can't run test suite (Michael Peters)
6. Re: Can't run test suite (Michael Peters)
7. Re: Query arg separator in generated URLs (Gavin Carr)
----------------------------------------------------------------------
Message: 1
Date: Wed, 10 Aug 2011 20:54:11 -0500
From: Peter Karman <pe...@peknet.com>
Subject: Re: [modauthtkt-users] Query arg separator in generated URLs
To: Michael Peters <mpet...@plusthree.com>, mod_auth_tkt list
<modauthtkt-users@lists.sourceforge.net>
Message-ID: <4e433643.6080...@peknet.com>
Content-Type: text/plain; charset=ISO-8859-1
Michael Peters wrote on 8/9/11 9:51 AM:
> Would there be any interest in having an extra configuration directive
> that mod_auth_tkt could use to specify the separator, falling back to
> the semi-colon if not specified? TktAuthQuerySeparator?
>
+1 to that idea.
--
Peter Karman . http://peknet.com/ . pe...@peknet.com
------------------------------
Message: 2
Date: Thu, 11 Aug 2011 17:15:57 +1000
From: Gavin Carr <ga...@openfusion.com.au>
Subject: Re: [modauthtkt-users] ipv6 hashing support patch
To: Chad Lavoie <lavo...@gmail.com>
Cc: modauthtkt-users@lists.sourceforge.net
Message-ID: <20110811071556.ga32...@openfusion.com.au>
Content-Type: text/plain; charset=us-ascii; format=flowed
Hi Chad,
On Sun, Jul 24, 2011 at 07:59:18PM -0400, Chad Lavoie wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Hello,
>
>I have completed writing the patch I mentioned earlier for ipv6 ip
>hashing support, that will correctly hash the IP rather then cause a
>segfault. I have applied this patch on my box, and my tests with ipv4
>and ipv6 have indicated that it does what its supposed to do.
>
>I am not sure that the way I have done it is correct(tm), and I am open
>to any suggestions/comments/insults.
Thanks a lot for the patch, and for raising this issue. Sorry for the
slow response.
Some initial comments:
- we should definitely fix the segfault with ipv6. I'd love a patch to
just treat an ipv6 address as 0.0.0.0 initially (perhaps with a
warning in the log?), while we figure out what else to do.
- I'm not sure how to handle ipv6 properly. However we do it we're going
to be changing our ticket format, I guess, which will break existing
client/library code. So will require a version bump, and some careful
review to make sure we don't introduce any security issues.
- if we are going to change the ticket format, we should probably fix
the timestamp as well, since that's only 32-bits as well, and is
therefore prone to the Year 2038 overflow problem.
- is there a normalisation problem with ipv6? My understanding is ipv6
ips can be shortened in various ways, all of which represent the same
ip. Can we rely on the webserver giving us a normalised version, or do
we need to handle that explicitly ourselves?
This is more a braindump than specific questions for you Chad. ;-)
FWIW, I've been moving to git along with the rest of the world. My
mod_auth_tkt tree is now here:
https://github.com/gavincarr/mod_auth_tkt
Cheers,
Gavin
------------------------------
Message: 3
Date: Thu, 11 Aug 2011 17:18:40 +1000
From: Gavin Carr <ga...@openfusion.com.au>
Subject: Re: [modauthtkt-users] Query arg separator in generated URLs
To: Peter Karman <pe...@peknet.com>
Cc: mod_auth_tkt list <modauthtkt-users@lists.sourceforge.net>,
Michael Peters <mpet...@plusthree.com>
Message-ID: <20110811071840.gb32...@openfusion.com.au>
Content-Type: text/plain; charset=us-ascii; format=flowed
On Wed, Aug 10, 2011 at 08:54:11PM -0500, Peter Karman wrote:
>Michael Peters wrote on 8/9/11 9:51 AM:
>
>> Would there be any interest in having an extra configuration directive
>> that mod_auth_tkt could use to specify the separator, falling back to
>> the semi-colon if not specified? TktAuthQuerySeparator?
>>
>
>+1 to that idea.
Sure, I guess, if it's causing issues. Though I don't quite see where
Facebook is fitting into your request flow Michael? Can you elaborate?
FWIW, I've moved the code to github, for your patching pleasure:
https://github.com/gavincarr/mod_auth_tkt
Cheers,
Gavin
------------------------------
Message: 4
Date: Thu, 11 Aug 2011 10:03:39 -0400
From: Michael Peters <mpet...@plusthree.com>
Subject: Re: [modauthtkt-users] Query arg separator in generated URLs
To: Peter Karman <pe...@peknet.com>, mod_auth_tkt list
<modauthtkt-users@lists.sourceforge.net>
Message-ID: <4e43e13b.30...@plusthree.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 08/11/2011 03:18 AM, Gavin Carr wrote:
> Sure, I guess, if it's causing issues. Though I don't quite see where
> Facebook is fitting into your request flow Michael? Can you elaborate?
It's not intentionally fitting into our request flow :) We run a lot of
different sites and our clients can set up protected portions of their
sites and behind the scenes our code generates mod_auth_tktk .htaccess
files, etc. Some of our client's members sometimes shared protected
articles on facebook, etc with other members. Facebook doesn't just let
people click through links, they are passed through their own tracking
system and their system is making of mess of links with query strings
that have semi-colons.
So even if the other person who sees it on facebook is a member they
can't see the content because it gets mangled by facebook.
Facebook is just the latest example for us of a third party site getting
those kinds of query strings wrong. And they're probably the biggest
which is why we've been able to ignore it until now. But some of our
clients are starting to complain even if it is facebook's fault.
--
Michael Peters
Plus Three, LP
------------------------------
Message: 5
Date: Thu, 11 Aug 2011 16:59:48 -0400
From: Michael Peters <mpet...@plusthree.com>
Subject: [modauthtkt-users] Can't run test suite
To: mod_auth_tkt list <modauthtkt-users@lists.sourceforge.net>
Message-ID: <4e4442c4.4000...@plusthree.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
I'm trying to make sure I can run the test suite before doing some other
development on mod_auth_tkt and I can't seem to get it to work.
First I tried:
./configure --apxs=/path/to/apxs
make
make test
And that fails with this error:
sed: can't read
/home/mpeters/tmp/mod_auth_tkt/t/modules/mod_auth_tkt.la: No such file
or directory
sed: can't read
/home/mpeters/tmp/mod_auth_tkt/t/modules/mod_auth_tkt.la: No such file
or directory
Warning! dlname not found in
/home/mpeters/tmp/mod_auth_tkt/t/modules/mod_auth_tkt.la.
Assuming installing a .so rather than a libtool archive.
chmod 755 /home/mpeters/tmp/mod_auth_tkt/t/modules/mod_auth_tkt.so
chmod: cannot access
`/home/mpeters/tmp/mod_auth_tkt/t/modules/mod_auth_tkt.so': No such file
or directory
apxs:Error: Command failed with rc=65536
So I did a:
mkdir t/modules
make test
And then using my test_shebang_env branch on github
(https://github.com/mpeters/mod_auth_tkt/tree/test_shebang_env) I get
test failures:
[warning] Using random number seed: 1295402170 (autogenerated)
t/40_htaccess.t ................ ok
t/10_cookie_expiry.t ........... 1/28 # Failed test 3 in
t/10_cookie_expiry.t at line 37
# Failed test 6 in t/10_cookie_expiry.t at line 52
# Failed test 9 in t/10_cookie_expiry.t at line 66
# Failed test 12 in t/10_cookie_expiry.t at line 80
# Failed test 15 in t/10_cookie_expiry.t at line 94
# Failed test 18 in t/10_cookie_expiry.t at line 108
# Failed test 21 in t/10_cookie_expiry.t at line 122
# Failed test 24 in t/10_cookie_expiry.t at line 136
# Failed test 27 in t/10_cookie_expiry.t at line 150
t/10_cookie_expiry.t ........... Failed 9/28 subtests
t/22_timeout_guest_fallback.t .. skipped: env variable MAT_TEST_TIMEOUTS
not set
t/31_vhost_global_secret.t ..... ok
t/21_timeout_refresh.t ......... skipped: env variable MAT_TEST_TIMEOUTS
not set
t/07_guest_login_nocookie.t .... 1/11 # Failed test 3 in
t/07_guest_login_nocookie.t at line 46
# Failed test 5 in t/07_guest_login_nocookie.t at line 52
# Failed test 8 in t/07_guest_login_nocookie.t at line 64
# Failed test 10 in t/07_guest_login_nocookie.t at line 70
t/07_guest_login_nocookie.t .... Failed 4/11 subtests
t/05_tokens.t .................. ok
t/12_cookie_secure.t ........... 1/8 # Failed test 3 in
t/12_cookie_secure.t at line 37
# Failed test 6 in t/12_cookie_secure.t at line 49
t/12_cookie_secure.t ........... Failed 2/8 subtests
t/20_timeout.t ................. skipped: env variable MAT_TEST_TIMEOUTS
not set
t/01_relative.t ................ ok
t/00_public.t .................. ok
t/02_bad.t ..................... ok
t/30_vhost_local_secret.t ...... ok
t/08_guest_user.t .............. 1/22 # Failed test 3 in
t/08_guest_user.t at line 47
# Failed test 5 in t/08_guest_user.t at line 53
# Failed test 8 in t/08_guest_user.t at line 73
# Failed test 10 in t/08_guest_user.t at line 83
# Failed test 12 in t/08_guest_user.t at line 92
# Failed test 14 in t/08_guest_user.t at line 103
# Failed test 16 in t/08_guest_user.t at line 113
# Failed test 18 in t/08_guest_user.t at line 124
# Failed test 20 in t/08_guest_user.t at line 134
# Failed test 22 in t/08_guest_user.t at line 144
t/08_guest_user.t .............. Failed 10/22 subtests
t/15_secret_old.t .............. ok
t/50_bug_cookie_name.t ......... ok
t/07_guest_login.t ............. 1/6 # Failed test 3 in
t/07_guest_login.t at line 46
# Failed test 5 in t/07_guest_login.t at line 52
t/07_guest_login.t ............. Failed 2/6 subtests
t/03_ignore_ip.t ............... ok
t/01_basic.t ................... ok
t/09_guest_not_allowed.t ....... 1/5 # Failed test 5 in
t/09_guest_not_allowed.t at line 50
t/09_guest_not_allowed.t ....... Failed 1/5 subtests
Test Summary Report
-------------------
t/10_cookie_expiry.t (Wstat: 0 Tests: 28 Failed: 9)
Failed tests: 3, 6, 9, 12, 15, 18, 21, 24, 27
t/07_guest_login_nocookie.t (Wstat: 0 Tests: 11 Failed: 4)
Failed tests: 3, 5, 8, 10
t/12_cookie_secure.t (Wstat: 0 Tests: 8 Failed: 2)
Failed tests: 3, 6
t/08_guest_user.t (Wstat: 0 Tests: 22 Failed: 10)
Failed tests: 3, 5, 8, 10, 12, 14, 16, 18, 20, 22
t/07_guest_login.t (Wstat: 0 Tests: 6 Failed: 2)
Failed tests: 3, 5
t/09_guest_not_allowed.t (Wstat: 0 Tests: 5 Failed: 1)
Failed test: 5
Files=20, Tests=162, 7 wallclock secs ( 0.11 usr 0.04 sys + 4.96 cusr
0.83 csys = 5.94 CPU)
Result: FAIL
Failed 6/20 test programs. 28/162 subtests failed.
[warning] server localhost.localdomain:8529 shutdown
[ error] error running tests (please examine t/logs/error_log)
make[1]: *** [test_md5] Error 1
make[1]: Leaving directory `/home/mpeters/development/mod_auth_tkt/t'
make: *** [test] Error 2
I'm not sure how to run the tests to get more output (I tried what I
thought was standard "make test TEST_VERBOSE=1" but that didn't work).
Any help would be appreciated.
Thanks,
--
Michael Peters
Plus Three, LP
------------------------------
Message: 6
Date: Thu, 11 Aug 2011 17:02:41 -0400
From: Michael Peters <mpet...@plusthree.com>
Subject: Re: [modauthtkt-users] Can't run test suite
To: mod_auth_tkt list <modauthtkt-users@lists.sourceforge.net>
Message-ID: <4e444371.9080...@plusthree.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Funny enough, when I ran it again it did pass:
[warning] Using random number seed: 1215909723 (autogenerated)
t/30_vhost_local_secret.t ...... ok
t/07_guest_login.t ............. ok
t/05_tokens.t .................. ok
t/21_timeout_refresh.t ......... skipped: env variable MAT_TEST_TIMEOUTS
not set
t/50_bug_cookie_name.t ......... ok
t/02_bad.t ..................... ok
t/07_guest_login_nocookie.t .... ok
t/12_cookie_secure.t ........... ok
t/15_secret_old.t .............. ok
t/03_ignore_ip.t ............... ok
t/22_timeout_guest_fallback.t .. skipped: env variable MAT_TEST_TIMEOUTS
not set
t/01_relative.t ................ ok
t/00_public.t .................. ok
t/20_timeout.t ................. skipped: env variable MAT_TEST_TIMEOUTS
not set
t/31_vhost_global_secret.t ..... ok
t/09_guest_not_allowed.t ....... ok
t/10_cookie_expiry.t ........... ok
t/08_guest_user.t .............. ok
t/40_htaccess.t ................ ok
t/01_basic.t ................... ok
All tests successful.
Files=20, Tests=162, 7 wallclock secs ( 0.10 usr 0.03 sys + 5.06 cusr
0.84 csys = 6.03 CPU)
Result: PASS
Are the test order dependent? That seems to be the difference between
the 2 runs.
--
Michael Peters
Plus Three, LP
------------------------------
Message: 7
Date: Fri, 12 Aug 2011 07:46:46 +1000
From: Gavin Carr <ga...@openfusion.com.au>
Subject: Re: [modauthtkt-users] Query arg separator in generated URLs
To: Michael Peters <mpet...@plusthree.com>
Cc: mod_auth_tkt list <modauthtkt-users@lists.sourceforge.net>
Message-ID: <20110811214646.gb13...@openfusion.com.au>
Content-Type: text/plain; charset=us-ascii; format=flowed
On Thu, Aug 11, 2011 at 10:03:39AM -0400, Michael Peters wrote:
>On 08/11/2011 03:18 AM, Gavin Carr wrote:
>
>> Sure, I guess, if it's causing issues. Though I don't quite see where
>> Facebook is fitting into your request flow Michael? Can you elaborate?
>
>It's not intentionally fitting into our request flow :) We run a lot of
>different sites and our clients can set up protected portions of their
>sites and behind the scenes our code generates mod_auth_tktk .htaccess
>files, etc. Some of our client's members sometimes shared protected
>articles on facebook, etc with other members. Facebook doesn't just let
>people click through links, they are passed through their own tracking
>system and their system is making of mess of links with query strings
>that have semi-colons.
>
>So even if the other person who sees it on facebook is a member they
>can't see the content because it gets mangled by facebook.
>
>Facebook is just the latest example for us of a third party site getting
>those kinds of query strings wrong. And they're probably the biggest
>which is why we've been able to ignore it until now. But some of our
>clients are starting to complain even if it is facebook's fault.
Lovely explanation, thanks. :-)
Cheers,
Gavin
------------------------------
------------------------------------------------------------------------------
Get a FREE DOWNLOAD! and learn more about uberSVN rich system,
user administration capabilities and model configuration. Take
the hassle out of deploying and managing Subversion and the
tools developers use with it.
http://p.sf.net/sfu/wandisco-dev2dev
------------------------------
_______________________________________________
modauthtkt-users mailing list
modauthtkt-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/modauthtkt-users
End of modauthtkt-users Digest, Vol 26, Issue 2
***********************************************
