Bug 656077 - Proxy should allow all header from rfc2616
Proxy should allow all header from rfc2616
Status: CLOSED ERRATA
Product: Red Hat Satellite Proxy 5
Classification: Red Hat
Component: Server (Show other bugs)
540
All Linux
urgent Severity high
: ---
: ---
Assigned To: Miroslav Suchý
Dimitar Yordanov
:
Depends On: 629552 658303
Blocks: sat54-errata
  Show dependency treegraph
 
Reported: 2010-11-22 20:16 EST by Xixi
Modified: 2010-12-16 09:58 EST (History)
4 users (show)

See Also:
Fixed In Version: spacewalk-proxy-1.2.2-5
Doc Type: Bug Fix
Doc Text:
Prior to this update, RHN Proxy Server 5.4 was capable of filtering only a minimal variety of headers, specifically, only 'X-*', 'content-length', 'user-agent', 'content-type', and 'range' headers. This prevented configuration file deployment via RHN Proxy Server 5.4 since the rhncfg-client and the rhncfg-manager actions did not work properly and resulted in the "500 Internal Server Error" or the "400 Bad Request" protocol error. With this update, other headers, namely headers defined by RFC 2616, are now supported.
Story Points: ---
Clone Of: 629552
Environment:
Last Closed: 2010-12-16 09:58:51 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
msuchy's fix fr spacealk git (1.56 KB, patch)
2010-11-22 23:38 EST, Xixi
no flags Details | Diff

  None (edit)
Description Xixi 2010-11-22 20:16:57 EST
Cloning for RHN proxy 5.4.

+++ This bug was initially created as a clone of Bug #629552 +++

Description of problem:
In commit 90b5ee52536c573227464260feb109fdb5b8a685 we filter only "good" headers. That was because wsgi bloat headers with a lot of garbage.
But currently we only allow X-*, 'content-length', 'user-agent', 'content-type', 'range'.
We should definitely allow other headers (like Last-Modified, If-Range...). In other words we should allow all headers from  rfc2616.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html

--- Additional comment from jpazdziora@redhat.com on 2010-10-27 04:32:26 EDT ---

Mass-aligning under space12, so that we don't lose track of this bugzilla. This however does not mean that we plan (will be able to) address this bug in Spacewalk 1.2.

--- Additional comment from jpazdziora@redhat.com on 2010-11-19 11:05:06 EST ---

Mass-moving to space13.

--- Additional comment from msuchy@redhat.com on 2010-11-19 19:17:39 EST ---

fixed in commit 4aca0eaac4c36bc18c4a2c3c6755b5fa8def388c
Comment 2 Xixi 2010-11-22 23:38:02 EST
Created attachment 462227 [details]
msuchy's fix fr spacealk git
Comment 3 Xixi 2010-11-22 23:57:58 EST
Public version of Comment #1, minus system names:

This bug prevents configuration file deployment (rhncfg-client and rhncfg-manager actions) via RHN proxy 5.4. The errors could either be 500 or 400 error as seen below:

[]# rhncfg-client list
XML-RPC call error: <ProtocolError for test.net
/CONFIG-MANAGEMENT: 500 Internal Server Error

from httpd error logs on RHN satellite - 
[Thu Nov 11 11:04:15 2010] [error] PythonHandler server.apacheServer::Handler:
Traceback (most recent call last):
[Thu Nov 11 11:04:15 2010] [error] PythonHandler server.apacheServer::Handler: 
 File "/usr/lib64/python2.4/site-packages/mod_python/apache.py", line 299, in
HandlerDispatch\n    result = object(req)
[Thu Nov 11 11:04:15 2010] [error] PythonHandler server.apacheServer::Handler: 
 File "/usr/share/rhn/server/apacheHandler.py", line 210, in handler\n    ret =
self._req_processor.process()
[Thu Nov 11 11:04:15 2010] [error] PythonHandler server.apacheServer::Handler: 
 File "/usr/share/rhn/server/apacheRequest.py", line 465, in process\n   
params, method = self.decode(_body)
[Thu Nov 11 11:04:15 2010] [error] PythonHandler server.apacheServer::Handler: 
 File "/usr/share/rhn/server/apacheRequest.py", line 389, in decode\n   
self.parser.feed(data)
[Thu Nov 11 11:04:15 2010] [error] PythonHandler server.apacheServer::Handler: 
 File "/usr/lib64/python2.4/xmlrpclib.py", line 527, in feed\n   
self._parser.Parse(data, 0)
[Thu Nov 11 11:04:15 2010] [error] PythonHandler server.apacheServer::Handler:
ExpatError: not well-formed (invalid token): line 1, column 0

[~]# rhncfg-client list
XML-RPC call error: <ProtocolError for test.com
/CONFIG-MANAGEMENT: 400 Bad Request>

from httpd error logs on RHN proxy:

2010/11/22 03:54:40 -04:00 6712 0.0.0.0: server/apacheRequest.process('ERROR',
'Got bad XML-RPC blob of len = 515')

Both are verified to be fixed by msuchy's patch above.
Comment 4 Miroslav Suchý 2010-11-23 08:24:25 EST
Cherrypicked to satellite.git as commit 6efc63117c57484fb45e9ef619757984c1399ead
Comment 5 Miroslav Suchý 2010-11-23 08:41:21 EST
How to test (Xixi fix me, if I'm wrong)
1. register client machine via RHN Proxy 5.4
2. Create configuration channel with some file, subcribe client to that channel.
3. run "rhncfg-client list" on client.
Comment 8 Xixi 2010-11-23 17:31:29 EST
(In reply to comment #5)
> How to test (Xixi fix me, if I'm wrong)
This is correct Miroslav, just some additional notes in-line:

> 1. register client machine via RHN Proxy 5.4
We (customer and support) have only tested against Satellite 5.4 so far, so for QA please cover both Satellite and Hosted as upstream server for the RHN Proxy.

> 2. Create configuration channel with some file, subcribe client to that
> channel.
> 3. run "rhncfg-client list" on client.
... and rhncfg-client channels, diff, get, etc.. 
Also try rhncfg-manager list, diff, get, etc.. on the RHN Satellite.
Comment 9 Martin Prpic 2010-11-29 07:12:31 EST
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Prior to this update, RHN Proxy Server 5.4 was capable of filtering only a minimal variety of headers, specifically, only 'X-*', 'content-length', 'user-agent', 'content-type', and 'range' headers. This prevented configuration file deployment via RHN Proxy Server 5.4 since the rhncfg-client and the rhncfg-manager actions did not work properly and resulted in the "500 Internal Server Error" or the "400 Bad Request" protocol error. With this update, other headers, namely headers defined by RFC 2616, are now supported.
Comment 10 Dimitar Yordanov 2010-12-07 13:40:45 EST
VERIFIED

TESTS PASSED:
rh-tests-RHN-Satellite-FrontendAPI-Regression-testRHNManagerClient - tests rhncfg*
rh-tests-RHN-Satellite-FrontendAPI-Sanity-remote-package-profile-sync - tests API Calls 
rh-tests-RHN-Satellite-FrontendAPI-Sanity-remote-package-profile-sync_to_hosted - tests rhn-profile-sync and rhnreg_ks
rh-tests-RHN-Satellite-Server-create-custom-channel - tests rhnpush.


Dimi
Comment 12 errata-xmlrpc 2010-12-16 09:58:51 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2010-0990.html

Note You need to log in before you can comment on or make changes to this bug.