Article delegate-en/2913 of [1-5109] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
 
Re: _Re:_[DeleGate-En:2910]_Re:_Re:_[DeleGate-En]_Re:_[DeleGate-En:2906]_cookie_handling_in_sslway
Wed, 13 Apr 2005    


Hi Yutaka San,

it seems that the patch was compiled into the delegate, but i still get
no connection. I still get an cookie with the secure flag set on the
client side. 

04/13 14:08:38.58 [3460] 2+1/1: HTTP => (some_ssl_server.de:443) GET
/directory/index.jsp HTTP/1.1^M
04/13 14:08:38.58 [3460] 2+1/1: KeepAlive[8] = 1
04/13 14:08:38.58 [3460] 2+1/1: #CEsv THRU Accept-Encoding:gzip, deflate
04/13 14:08:38.58 [3462] 2+1/1: -- Fork(FSV): 3460 -> 3462
04/13 14:08:38.58 [3462] 2+1/1: #### execFilter[FSV]
/usr/local/netaccess/lib/sslway -cert /usr/local/netaccess/lib/test.pem
-pass pass:XXXXX
04/13 14:08:38.58 [3462] 2+1/1: FSV arg[0] /bin/sh
04/13 14:08:38.59 [3462] 2+1/1: FSV arg[1] -c
04/13 14:08:38.59 [3462] 2+1/1: FSV arg[2]
/usr/local/netaccess/lib/sslway -cert /usr/local/netaccess/lib/test.pem
-pass pass:XXXXX
04/13 14:08:38.58 [3460] 2+1/1: HTTP relayed request 375head
## SSLway[3462](PC1) server's cert. = **subject<> ..... 
04/13 14:08:38.98 [3460] 2+1/1: #CEcl disable chunk for Content-Encoding
04/13 14:08:38.98 [3460] 2+1/1: connDelay: 0.04sec, firstResp: 0.40sec
04/13 14:08:38.98 [3460] 2+1/1: URL BASE = 5/14 [directory/index.jsp]
04/13 14:08:38.98 [3460] 2+1/1: LINGER: [27] 30 8{1,30}
04/13 14:08:38.98 [3460] 2+1/1: #CEcl DO-response-buffering for
Content-Encoding
04/13 14:08:38.98 [3460] 2+1/1: getTmpFile: fd=-1
[-1]->[3460]HTTP-respBuff
04/13 14:08:38.98 [3460] 2+1/1: TMPFILE(HTTP-respBuff) = (20)
/usr/local/netaccess/tmp/dg3460.3.1113394118
04/13 14:08:38.98 [3460] 2+1/1: >>>TMPFILE(HTTP-respBuff)>>>8217748[20]
04/13 14:08:38.98 [3460] 2+1/1: Set-Cookie:
####
>>>>>>> DST_PROTO[https]/ CLNT_PROTO[http]
>>>>>>> HTTPS / HTTP
04/13 14:08:38.98 [3460] 2+1/1: MOUNT DIRMATCH patn[directory/]
url[directory] 4
04/13 14:08:38.98 [3460] 2+1/1: ** /directory/ UNMOUNTED FROM
https://some_ssl_server.de/directory/ **
04/13 14:08:38.98 [3460] 2+1/1: rewriten-Cookie>
####
04/13 14:08:38.98 [3460] 2+1/1: #HT11 SERVER ver[HTTP/1.1] conn[]
04/13 14:08:38.98 [3460] 2+1/1: #HT11 server KEEP-ALIVE
04/13 14:08:38.98 [3460] 2+1/1: HTTP/1.1 200 Content-{Type:text/html
Encoding:[/] Leng:319} Server:Microsoft-IIS/5.0
04/13 14:08:38.99 [3460] 2+1/1: #HT11 --Length=319 = 0 + 319
04/13 14:08:38.99 [3460] 2+1/1: ** /directory/ UNMOUNTED FROM
https://some_ssl_server.de/directory/ **
04/13 14:08:38.99 [3460] 2+1/1: #HT11 --Length=319 = 319 + 0
04/13 14:08:38.99 [3460] 2+1/1: Content-Length: 319 -> 319 (699 - 380)
04/13 14:08:38.99 [3460] 2+1/1: HTTP RESPONSE FLUSH: DO (HCKA=1)
04/13 14:08:38.99 [3460] 2+1/1: TCP_NODELAY[27] 0 -> 1
04/13 14:08:38.99 [3460] 2+1/1: TCP_NODELAY[27] 1 -> 0
04/13 14:08:38.99 [3460] 2+1/1: HTTP transmitted:
225head+319/319body=>0txt+0bin->319/319, 7i/2o/0f/0.0
04/13 14:08:38.99 [3460] 2+1/1:
####
Path=/directory; Secure][Cache-Control:]
04/13 14:08:38.99 [3460] 2+1/1: No Last-Modified:
04/13 14:08:38.99 [3460] 2+1/1: relay_response()=-10005, cache=0,
httpStat=W DontTruncate=0
04/13 14:08:38.99 [3460] 2+1/1: #HT11 EOF from the server
04/13 14:08:38.99 [3460] 2+1/1: #HT11 close svsokcs[18,19]
04/13 14:08:39.00 [3460] 2+1/2: HCKA:[2] KeepAlive: GET W =>1
04/13 14:08:39.00 [3460] 2+1/2: CFI process [3462] done
04/13 14:08:39.00 [3460] 2+1/2: TCP_NODELAY[27] 0 -> 1
04/13 14:08:39.00 [3460] 2+1/2: TCP_NODELAY[27] 1 -> 0
04/13 14:08:39.01 [3460] 2+1/2: #CEcl prepare ContEncoding:gzip, deflate
04/13 14:08:39.01 [3460] 2+1/2: Accept-Language: de
04/13 14:08:39.01 [3460] 2+1/2: HTTP Relay_request_head (496 bytes/9
lines)
04/13 14:08:39.01 [3460] 2+1/2: Proxy: host=PC1; User-Agent: Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.0); DIRECT
04/13 14:08:39.01 [3460] 2+1/2: HTTP Relay_request done (496 bytes/9
lines)
04/13 14:08:39.01 [3460] 2+1/2: Host: 10.10.10.2:8080
04/13 14:08:39.01 [3460] 2+1/2: REQUEST - GET /directory/jsp/Login.jsp
HTTP/1.1^M
04/13 14:08:39.01 [3460] 2+1/2: ImMaster? 0 

04/13 14:08:39.01 [3460] 2+1/2: *** /directory/ MOUNTED TO[4]
https://some_ssl_server.de/directory/ ***
04/13 14:08:39.01 [3460] 2+1/2: *** /directory/jsp/Login.jsp =>
https://some_ssl_server.de/directory/jsp/Login.jsp ***
04/13 14:08:39.01 [3460] 2+1/2: REQUEST +M
https://some_ssl_server.de/directory/jsp/Login.jsp HTTP/1.1^M
04/13 14:08:39.01 [3460] 2+1/2: To another server or proxy, THRU >>>
https://some_ssl_server.de/directory/jsp/Login.jsp HTTP/1.1^M
04/13 14:08:39.01 [3460] 2+1/2: REMOTE > GET /directory/jsp/Login.jsp
HTTP/1.1^M
04/13 14:08:39.01 [3460] 2+1/2: [4] URL Matched but not for
MovedTo[20000]:/directory/jsp/Login.jsp
04/13 14:08:39.01 [3460] 2+1/2: [4] URL Matched but not for
MovedTo[40000]:/directory/jsp/Login.jsp
04/13 14:08:39.01 [3460] 2+1/2: *** /directory/ MOUNTED TO[4]
https://some_ssl_server.de/directory/ ***
04/13 14:08:39.01 [3460] 2+1/2: *** /directory/jsp/Login.jsp =>
https://some_ssl_server.de/directory/jsp/Login.jsp ***
04/13 14:08:39.01 [3460] 2+1/2: PATH>
https://some_ssl_server.de:443!local_proxy:8080!PC1:2572!anonymous@PC1;1113394118
04/13 14:08:39.01 [3460] 2+1/2: REQUEST =
[https://some_ssl_server.de:443/] GET /directory/jsp/Login.jsp
HTTP/1.1^M
04/13 14:08:39.02 [3460] 2+1/2: PERMITTED: https://some_ssl_server.de
04/13 14:08:39.02 [3460] 2+1/2: Cookie:
####
04/13 14:08:39.02 [3460] 2+1/2: XHost: (0,0,1) some_ssl_server.de <=
10.10.10.2:8080
04/13 14:08:39.02 [3460] 2+1/2: PERMITTED: https://some_ssl_server.de
04/13 14:08:39.02 [3460] 2+1/2: ConnectToServer connect
https://some_ssl_server.de:443
04/13 14:08:39.05 [3460] 2+1/2: ConnectToServer connected [8]
{193.22.162.79:443 <- 10.10.10.2:1027} [0.034s]
04/13 14:08:39.05 [3460] 2+1/2: KeepAlive[8] = 1
04/13 14:08:39.05 [3460] 2+1/2: PATH_TRANSLATED=
04/13 14:08:39.06 [3463] 2+1/2: -- Fork(FSV): 3460 -> 3463
04/13 14:08:39.06 [3460] 2+1/2: HTTP => (some_ssl_server.de:443) GET
/directory/jsp/Login.jsp HTTP/1.1^M
04/13 14:08:39.06 [3460] 2+1/2: KeepAlive[8] = 1
04/13 14:08:39.06 [3460] 2+1/2: *** /directory/ MOUNTED TO[4]
https://some_ssl_server.de/directory/ ***
04/13 14:08:39.06 [3460] 2+1/2: *** /directory/index.jsp =>
https://some_ssl_server.de/directory/index.jsp ***
04/13 14:08:39.06 [3460] 2+1/2: MOUNTED:
https://some_ssl_server.de/directory/index.jsp
04/13 14:08:39.06 [3460] 2+1/2: rewritten Referer:
https://some_ssl_server.de/directory/index.jsp
04/13 14:08:39.06 [3460] 2+1/2: #CEsv THRU Accept-Encoding:gzip, deflate
04/13 14:08:39.06 [3460] 2+1/2: HTTP relayed request 428head
04/13 14:08:39.06 [3463] 2+1/2: #### execFilter[FSV]
/usr/local/netaccess/lib/sslway -cert /usr/local/netaccess/lib/test.pem
-pass pass:XXXXX
04/13 14:08:39.06 [3463] 2+1/2: FSV arg[0] /bin/sh
04/13 14:08:39.06 [3463] 2+1/2: FSV arg[1] -c
04/13 14:08:39.07 [3463] 2+1/2: FSV arg[2]
/usr/local/netaccess/lib/sslway -cert /usr/local/netaccess/lib/test.pem
-pass pass:XXXXX
04/13 14:08:39.12 [3458] 1+1/2: CFI process remaining (1/1)
050413-140837.3457.1+1.0 PC1 - - [13/Apr/2005:14:08:37 +0100] "GET
http://some_ssl_server.de:443/directory HTTP/1.1" 302 541 ""
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
050413-140837.3457.1+1.1 PC1 - - [13/Apr/2005:14:08:38 +0100] "GET
https://some_ssl_server.de/directory/ HTTP/1.1" 500 0 "" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.0)"
04/13 14:08:39.12 [3458] 1+1: StickyServer done
[nonStickyProtocol(http:https:https)] 2 req / 1 conn / 2 sec
04/13 14:08:39.12 [3457] 2+0: AcceptByMain: got Sticky REPORT 1/1
04/13 14:08:39.12 [3457] 2+0: (1) process [3458] dead
## SSLway[3463](PC1) server's cert. = **subject<> ....
04/13 14:08:39.46 [3460] 2+1/2: #CEcl disable chunk for Content-Encoding
04/13 14:08:39.46 [3460] 2+1/2: connDelay: 0.04sec, firstResp: 0.40sec
04/13 14:08:39.46 [3460] 2+1/2: URL BASE = 9/18
[directory/jsp/Login.jsp]
04/13 14:08:39.46 [3460] 2+1/2: LINGER: [27] 30 8{1,30}
04/13 14:08:39.46 [3460] 2+1/2: #CEcl DO-response-buffering for
Content-Encoding
04/13 14:08:39.46 [3460] 2+1/2: getTmpFile: fd=21
[3460]HTTP-respBuff->[3460]HTTP-respBuff
04/13 14:08:39.46 [3460] 2+1/2: Set-Cookie:
####
>>>>>>> DST_PROTO[https]/ CLNT_PROTO[http]
>>>>>>> HTTPS / HTTP
04/13 14:08:39.46 [3460] 2+1/2: MOUNT DIRMATCH patn[directory/]
url[directory] 4
04/13 14:08:39.46 [3460] 2+1/2: ** /directory/ UNMOUNTED FROM
https://some_ssl_server.de/directory/ **
04/13 14:08:39.46 [3460] 2+1/2: rewriten-Cookie>
####
04/13 14:08:39.46 [3460] 2+1/2: #HT11 SERVER ver[HTTP/1.1] conn[]
04/13 14:08:39.46 [3460] 2+1/2: #HT11 server KEEP-ALIVE
04/13 14:08:39.47 [3460] 2+1/2: HTTP/1.1 200 Content-{Type:text/html
Encoding:[/] Leng:1756} Server:Microsoft-IIS/5.0
04/13 14:08:39.47 [3460] 2+1/2: #HT11 --Length=1756 = 0 + 1756
04/13 14:08:39.47 [3460] 2+1/2: ** /directory/ UNMOUNTED FROM
https://some_ssl_server.de/directory/ **
04/13 14:08:39.47 [3460] 2+1/2: ** /directory/ UNMOUNTED FROM
https://some_ssl_server.de/directory/ **
04/13 14:08:39.47 [3460] 2+1/2: #HT11 --Length=1756 = 1077 + 679
04/13 14:08:39.47 [3460] 2+1/2: #HT11 --Length=1756 = 1756 + 0
04/13 14:08:39.47 [3460] 2+1/2: Content-Length: 1756 -> 1762 (2143 -
381)
04/13 14:08:39.48 [3460] 2+1/2: HTTP RESPONSE FLUSH: DO (HCKA=1)
04/13 14:08:39.48 [3460] 2+1/2: TCP_NODELAY[27] 0 -> 1
04/13 14:08:39.48 [3460] 2+1/2: TCP_NODELAY[27] 1 -> 0
04/13 14:08:39.48 [3460] 2+1/2: HTTP transmitted:
226head+1756/1756body=>0txt+0bin->1762/1762, 8i/2o/0f/0.0
04/13 14:08:39.48 [3460] 2+1/2:
####
Path=/directory; Secure][Cache-Control:]
04/13 14:08:39.48 [3460] 2+1/2: No Last-Modified:
04/13 14:08:39.48 [3460] 2+1/2: relay_response()=-10005, cache=0,
httpStat=W DontTruncate=0
04/13 14:08:39.48 [3460] 2+1/2: #HT11 EOF from the server
04/13 14:08:39.48 [3460] 2+1/2: #HT11 close svsokcs[20,22]
04/13 14:08:39.48 [3460] 2+1/3: HCKA:[3] KeepAlive: GET W =>1
04/13 14:08:39.48 [3460] 2+1/3: CFI process [3463] done
04/13 14:08:39.48 [3460] 2+1/3: TCP_NODELAY[27] 0 -> 1
04/13 14:08:39.48 [3460] 2+1/3: TCP_NODELAY[27] 1 -> 0

Cheers,

Jon

Yutaka Sato schrieb am 13.04.2005, 04:39:58:
> Hi,
> 
> In message  on 04/11/05(20:24:06)
> you  wrote:
>  |here is a part of the logfile, witch may clarify the problem we have
> ...
>  |04/11 13:09:42.64 [26961] 1+1/2/1: Set-Cookie:
>  |JSESSIONID=xxxx; Path=/directory; Secure
>  |04/11 13:09:42.64 [26961] 1+1/2/1: ** / UNMOUNTED FROM https://some_ssl_server/ **
>  |04/11 13:09:42.64 [26961] 1+1/2/1: rewriten-Cookie>
>  |JSESSIONID=xxxx; Path=/directory; Secure
> 
> As I thought in the former message, the Cookie from the server includes
> Path and Secure attributes.  But your DeleGate seems not to be modified
> with my former patch.  It is obvious that the message "rewriten-Cookie>"
> is put in the rewriteCookie() called from  MountCookieResponse(), 
> but there is no message which should be put by the line in the function:
> 
>   + fprintf(stderr,">>>>>>> HTTPS / HTTP\n");
> 
> So I have a doubt if the patch has been applied to your DeleGate.  The
> patch enclosed this time has one more line:
> 
>   + fprintf(stderr,">>>>>>> DST_PROTO[%s]/ CLNT_PROTO[%
s]\n",DST_PROTO,CLNT_PROTO);
> 
> With this patch, we can confirm if or not the patch is applied, and if
> it is applied, we can see why the inserted code is not activated.
> 
> Cheers,
> Yutaka
> --
>   D G   Yutaka Sato  http://delegate.org/y.sato/
>  ( - )  National Institute of Advanced Industrial Science and Technology
> _<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
> Do the more with the less -- B. Fuller
> 
> 
> *** dist/delegate8.11.2/src/httphead.c	Tue Mar 15 00:06:19 2005
> --- src/httphead.c	Wed Apr 13 11:24:00 2005
> ***************
> *** 1024,1069 ****
> --- 1024,1111 ----
>   	const char *dp;
>   	CStr(opath,1024);
>   	CStr(url,URLSZ);
>   	CStr(valb,256);
>   
>   	lineScan(value,valb);
>   	sv1log("Cookie: %s\n",valb);
>   
>   #ifdef RWCOOKIEREQ
>   	HTTP_originalURLPath(Conn,opath);
>   	if( !getsetDomPath(value,domain,opath,0) )
>   		return;
>   
>   	strcpy(url,opath);
>   	if( CTX_mount_url_to(Conn,Conn->cl_myhp,REQ_METHOD,url) )
>   		rewriteCookie(value,url);
>   #endif
>   }
> + 
> + int delParam(PVStr(params),PCStr(name)){
> + 	refQStr(pp,params);
> + 	const char *dp;
> + 	CStr(name1,32);
> + 	CStr(val1,URLSZ);
> + 	int ndel = 0;
> + 
> + 	pp = params;
> + 	while( *pp != 0 ){
> + 		dp = wordscanY(pp,AVStr(name1),sizeof(name1),"^=;");
> + 		if( *dp == '=' ){
> + 			dp = valuescanX(dp+1,AVStr(val1),sizeof(val1));
> + 			if( *dp == '"' )
> + 				dp++;
> + 		}
> + 		if( *dp == ';' )
> + 			dp++;
> + 		if( *dp == ' ' )
> + 			dp++;
> + 		if( strcaseeq(name1,name) ){
> + 			ovstrcpy((char*)pp,dp);
> + 			ndel++;
> + 		}else{
> + 			pp = dp;
> + 		}
> + 	}
> + 	return ndel;
> + }
> + 
>   void MountCookieResponse(Connection *Conn,PCStr(request),PVStr(value))
>   {	CStr(dom,1024);
>   	CStr(login,1024);
>   	CStr(myhp,1024);
>   	CStr(opath,1024);
>   	CStr(url,URLSZ);
>   	CStr(valb,256);
>   
>   	lineScan(value,valb);
>   	sv1log("Set-Cookie: %s\n",valb);
> + 
> + fprintf(stderr,">>>>>>> DST_PROTO[%s]/ CLNT_PROTO[%s]
\n",DST_PROTO,CLNT_PROTO);
> + 	if( strcaseeq(DST_PROTO,"https") && strcaseeq(CLNT_PROTO,"http") )
> + {
> + fprintf(stderr,">>>>>>> HTTPS / HTTP\n");
> + 	if( strcasestr(value,"Secure") )
> + 	{
> + 		if( delParam(AVStr(value),"Secure") ){
> + 			sv1log("Removed Secure attribute ... %s\n",value);
> + 		}
> + 	}
> + }
>   
>   	HTTP_originalURLPath(Conn,AVStr(opath));
>   	if( !getsetDomPath(AVStr(value),AVStr(dom),AVStr(opath),0) )
>   		return;
>   
>   	HTTP_ClientIF_HP(Conn,AVStr(myhp));
>   	HostPort(AVStr(login),DST_PROTO,DST_HOST,DST_PORT);
>   	if( opath[0] == '/' )
>   		ovstrcpy(opath,opath+1);
>   
>   	if( DO_DELEGATE ){
>   		sprintf(url,"%s://%s/-_-%s://%s/%s",
>   			CLNT_PROTO,myhp,DST_PROTO,login,opath);
>   		rewriteCookie(AVStr(value),url);
>   	}else
>   	if( CTX_mount_url_fromL(Conn,AVStr(url),DST_PROTO,login,opath,NULL,CLNT_PROTO,myhp) )
>   		rewriteCookie(AVStr(value),url);
>   }
  search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V