Hi!
I've deployed th:XmlRpcPlugin in a Trac 1.0 web site with logins powered by
th:AccountManagerPlugin digest auth store. I have setup apache2 auth this way
(further VirtualHost details omitted)
{{{#!apacheconf
<LocationMatch "/login/.+">
AuthType Digest
AuthName "realm"
AuthDigestDomain realm
AuthUserFile "/path/to/env/.htdigest"
Require valid-user
</LocationMatch>
}}}
On accessing /login/rpc using a browser RPC methods list is shown after
providing auth credentials. Target (TRAC_ADMIN) user is detected.
Nevertheless XML-RPC calls fail this way:
{{{#!sh
$ ipython
[...] # Digest transport preparation in verbose mode ... and other stuff
In [42]: p = ServerProxy('http://example.com/login/rpc', transport=t)
In [43]: p.wiki.getPage('WikiStart')
ProxyTransport URL: [http://example.com/login/rpc]
body: "<?xml
version='1.0'?>\n<methodResponse>\n<fault>\n<value><struct>\n<member>\n<name>faultCode</name>\n<value><int>403</int></value>\n</member>\n<member>\n<name>faultString</name>\n<value><string>XML_RPC
privileges are required to perform this operation. You don't have the
required
permissions.</string></value>\n</member>\n</struct></value>\n</fault>\n</methodResponse>\n"
---------------------------------------------------------------------------
Fault Traceback (most recent call last)
<ipython-input-43-cff533b5a58a> in <module>()
----> 1 p.wiki.getPage('WikiStart')
[...]
Fault: <Fault 403: "XML_RPC privileges are required to perform this
operation. You don't have the required permissions.">
}}}
Then I looked for relevant log entries and found the following
{{{
2013-07-22 04:13:59,481 Trac[main] DEBUG: Dispatching
<RequestWithSession "POST '/login/rpc'">
2013-07-22 04:13:59,497 Trac[web_ui] DEBUG: LoginModule._remote_user:
Authentication attempted for 'None'
2013-07-22 04:13:59,498 Trac[web_ui] WARNING:
LoginModule.authenticate: 'REMOTE_USER' was set to 'admin'
2013-07-22 04:13:59,498 Trac[web_ui] DEBUG: LoginModule.authenticate:
Set 'REMOTE_USER' = 'None'
[...]
2013-07-22 04:13:59,501 Trac[web_ui] DEBUG: RPC incoming request of
content type 'text/xml' dispatched to <tracrpc.xml_rpc.XmlRpcProtocol
object at 0x7f08098eecd0>
2013-07-22 04:13:59,501 Trac[web_ui] DEBUG: RPC(XML-RPC) call by
'anonymous' None
2013-07-22 04:13:59,502 Trac[xml_rpc] DEBUG: RPC(xml) call by
'anonymous', method 'wiki.getPage' with args: ('WikiStart',)
[...]
2013-07-22 04:13:59,511 Trac[web_ui] ERROR: RPC(XML-RPC) Error
Traceback (most recent call last):
File "/path/to/trac_rpc/trunk/tracrpc/web_ui.py", line 149, in _rpc_process
req.perm.require('XML_RPC') # Need at least XML_RPC
File "/path/to/trac/perm.py", line 601, in require
raise PermissionError(action, resource, self.env)
PermissionError
}}}
Considering 2nd-4th lines above based on th:AccountManager code my
interpretation is :
- There is no `user` arg in URL
- `environ_auth_overwrite` option was on
- ... so value for REMOTE_USER set by apache2 is cleared
RPC calls started to work after turning off `environ_auth_overwrite`
Therefore I performed the following changes in th:XmlRpcPlugin page
http://goo.gl/5IgGn
... because IMHO installing another plugin is:
- Unnecessary
- Confusing
I'm sending this message to trac-users ML so that others will be aware
of the fact
and provide feedback about whether this approach actually works on different
configurations. Feel free to revert the change or add notes if
problems are detected.
--
Regards,
Olemis.
Apacheā¢ Bloodhound contributor
http://issues.apache.org/bloodhound
Blog ES: http://simelo-es.blogspot.com/
Blog EN: http://simelo-en.blogspot.com/
Featured article:
--
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/trac-users.
For more options, visit https://groups.google.com/groups/opt_out.
