656077 – Proxy should allow all header from rfc2616

Bug 656077 - Proxy should allow all header from rfc2616

Summary: Proxy should allow all header from rfc2616

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite Proxy 5
Classification:	Red Hat
Component:	Server
Sub Component:
Version:	540
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	high
Target Milestone:	---
Assignee:	Miroslav Suchý
QA Contact:	Dimitar Yordanov
Docs Contact:
URL:
Whiteboard:
Depends On:	629552 658303
Blocks:	sat54-errata
TreeView+	depends on / blocked

Reported:	2010-11-23 01:16 UTC by Xixi
Modified:	2018-10-27 11:26 UTC (History)
CC List:	4 users (show)
Fixed In Version:	spacewalk-proxy-1.2.2-5
Doc Type:	Bug Fix
Doc Text:	Prior to this update, RHN Proxy Server 5.4 was capable of filtering only a minimal variety of headers, specifically, only 'X-*', 'content-length', 'user-agent', 'content-type', and 'range' headers. This prevented configuration file deployment via RHN Proxy Server 5.4 since the rhncfg-client and the rhncfg-manager actions did not work properly and resulted in the "500 Internal Server Error" or the "400 Bad Request" protocol error. With this update, other headers, namely headers defined by RFC 2616, are now supported.
Clone Of:	629552
Environment:
Last Closed:	2010-12-16 14:58:51 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
msuchy's fix fr spacealk git (1.56 KB, patch) 2010-11-23 04:38 UTC, Xixi	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2010:0990	0	normal	SHIPPED_LIVE	RHN Proxy Server 5.4 bug fix update	2010-12-16 14:58:46 UTC

Description Xixi 2010-11-23 01:16:57 UTC

Cloning for RHN proxy 5.4.

+++ This bug was initially created as a clone of Bug #629552 +++

Description of problem:
In commit 90b5ee52536c573227464260feb109fdb5b8a685 we filter only "good" headers. That was because wsgi bloat headers with a lot of garbage.
But currently we only allow X-*, 'content-length', 'user-agent', 'content-type', 'range'.
We should definitely allow other headers (like Last-Modified, If-Range...). In other words we should allow all headers from  rfc2616.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html

--- Additional comment from jpazdziora on 2010-10-27 04:32:26 EDT ---

Mass-aligning under space12, so that we don't lose track of this bugzilla. This however does not mean that we plan (will be able to) address this bug in Spacewalk 1.2.

--- Additional comment from jpazdziora on 2010-11-19 11:05:06 EST ---

Mass-moving to space13.

--- Additional comment from msuchy on 2010-11-19 19:17:39 EST ---

fixed in commit 4aca0eaac4c36bc18c4a2c3c6755b5fa8def388c

Comment 2 Xixi 2010-11-23 04:38:02 UTC

Created attachment 462227 [details]
msuchy's fix fr spacealk git

Comment 3 Xixi 2010-11-23 04:57:58 UTC

Public version of Comment #1, minus system names:

This bug prevents configuration file deployment (rhncfg-client and rhncfg-manager actions) via RHN proxy 5.4. The errors could either be 500 or 400 error as seen below:

[]# rhncfg-client list
XML-RPC call error: <ProtocolError for test.net
/CONFIG-MANAGEMENT: 500 Internal Server Error

from httpd error logs on RHN satellite - 
[Thu Nov 11 11:04:15 2010] [error] PythonHandler server.apacheServer::Handler:
Traceback (most recent call last):
[Thu Nov 11 11:04:15 2010] [error] PythonHandler server.apacheServer::Handler: 
 File "/usr/lib64/python2.4/site-packages/mod_python/apache.py", line 299, in
HandlerDispatch\n    result = object(req)
[Thu Nov 11 11:04:15 2010] [error] PythonHandler server.apacheServer::Handler: 
 File "/usr/share/rhn/server/apacheHandler.py", line 210, in handler\n    ret =
self._req_processor.process()
[Thu Nov 11 11:04:15 2010] [error] PythonHandler server.apacheServer::Handler: 
 File "/usr/share/rhn/server/apacheRequest.py", line 465, in process\n   
params, method = self.decode(_body)
[Thu Nov 11 11:04:15 2010] [error] PythonHandler server.apacheServer::Handler: 
 File "/usr/share/rhn/server/apacheRequest.py", line 389, in decode\n   
self.parser.feed(data)
[Thu Nov 11 11:04:15 2010] [error] PythonHandler server.apacheServer::Handler: 
 File "/usr/lib64/python2.4/xmlrpclib.py", line 527, in feed\n   
self._parser.Parse(data, 0)
[Thu Nov 11 11:04:15 2010] [error] PythonHandler server.apacheServer::Handler:
ExpatError: not well-formed (invalid token): line 1, column 0

[~]# rhncfg-client list
XML-RPC call error: <ProtocolError for test.com
/CONFIG-MANAGEMENT: 400 Bad Request>

from httpd error logs on RHN proxy:

2010/11/22 03:54:40 -04:00 6712 0.0.0.0: server/apacheRequest.process('ERROR',
'Got bad XML-RPC blob of len = 515')

Both are verified to be fixed by msuchy's patch above.

Comment 4 Miroslav Suchý 2010-11-23 13:24:25 UTC

Cherrypicked to satellite.git as commit 6efc63117c57484fb45e9ef619757984c1399ead

Comment 5 Miroslav Suchý 2010-11-23 13:41:21 UTC

How to test (Xixi fix me, if I'm wrong)
1. register client machine via RHN Proxy 5.4
2. Create configuration channel with some file, subcribe client to that channel.
3. run "rhncfg-client list" on client.

Comment 8 Xixi 2010-11-23 22:31:29 UTC

(In reply to comment #5)
> How to test (Xixi fix me, if I'm wrong)
This is correct Miroslav, just some additional notes in-line:

> 1. register client machine via RHN Proxy 5.4
We (customer and support) have only tested against Satellite 5.4 so far, so for QA please cover both Satellite and Hosted as upstream server for the RHN Proxy.

> 2. Create configuration channel with some file, subcribe client to that
> channel.
> 3. run "rhncfg-client list" on client.
... and rhncfg-client channels, diff, get, etc.. 
Also try rhncfg-manager list, diff, get, etc.. on the RHN Satellite.

Comment 9 Martin Prpič 2010-11-29 12:12:31 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Prior to this update, RHN Proxy Server 5.4 was capable of filtering only a minimal variety of headers, specifically, only 'X-*', 'content-length', 'user-agent', 'content-type', and 'range' headers. This prevented configuration file deployment via RHN Proxy Server 5.4 since the rhncfg-client and the rhncfg-manager actions did not work properly and resulted in the "500 Internal Server Error" or the "400 Bad Request" protocol error. With this update, other headers, namely headers defined by RFC 2616, are now supported.

Comment 10 Dimitar Yordanov 2010-12-07 18:40:45 UTC

VERIFIED

TESTS PASSED:
rh-tests-RHN-Satellite-FrontendAPI-Regression-testRHNManagerClient - tests rhncfg*
rh-tests-RHN-Satellite-FrontendAPI-Sanity-remote-package-profile-sync - tests API Calls 
rh-tests-RHN-Satellite-FrontendAPI-Sanity-remote-package-profile-sync_to_hosted - tests rhn-profile-sync and rhnreg_ks
rh-tests-RHN-Satellite-Server-create-custom-channel - tests rhnpush.


Dimi

Comment 12 errata-xmlrpc 2010-12-16 14:58:51 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2010-0990.html

Note You need to log in before you can comment on or make changes to this bug.