Problems with Zinc and DigestAuthentication

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Problems with Zinc and DigestAuthentication

Dave
Hi,

There is something wrong with Zinc but I can't find how to solve it. It happens with Zinc and Digest Authentication, sometimes the debugger shows me a primitiveFailed, see the stack below

 --- The full stack ---
ByteString class(Object)>>primitiveFailed:
ByteString class(Object)>>primitiveFailed
ByteString class(Behavior)>>basicNew:
ByteString class(String class)>>new:
ByteString(SequenceableCollection)>>copyFrom:to:
[:fragment |
| tokens i key value |
tokens := fragment trimBoth.
        i := tokens indexOf: $=.
        i > 0
                ifTrue: [key := tokens copyFrom: 1 to: i - 1.
                        value := tokens copyFrom: i + 1 to: tokens size.
                        dict
                                at: key
                                put: (value copyFrom: 2 to: value size - 1)]] in ZnDigestAuthenticator class>>parseAuthRequest:
Array(SequenceableCollection)>>do:
ZnDigestAuthenticator class>>parseAuthRequest:
ZnDigestAuthenticator>>isRequestAuthenticated:
ZnDigestAuthenticator(ZnBasicAuthenticator)>>authenticateRequest:do:
ZnManagingMultiThreadedServer(ZnSingleThreadedServer)>>authenticateRequest:do:
ZnManagingMultiThreadedServer(ZnSingleThreadedServer)>>handleRequest:
ZnManagingMultiThreadedServer(ZnMultiThreadedServer)>>executeRequestResponseLoopOn:
[self executeRequestResponseLoopOn: stream] in [[self executeRequestResponseLoopOn: stream]
                ensure: [self log debug: 'Closing stream'.
                        self closeSocketStream: stream]] in [[[self executeRequestResponseLoopOn: stream]
                ensure: [self log debug: 'Closing stream'.
                        self closeSocketStream: stream]]
                ifCurtailed: [self log debug: 'Destroying socket'.
                        socket destroy]] in ZnManagingMultiThreadedServer(ZnMultiThreadedServer)>>serveConnectionsOn:
BlockClosure>>ensure:
[[self executeRequestResponseLoopOn: stream]
                ensure: [self log debug: 'Closing stream'.
                        self closeSocketStream: stream]] in [[[self executeRequestResponseLoopOn: stream]
                ensure: [self log debug: 'Closing stream'.
                        self closeSocketStream: stream]]
                ifCurtailed: [self log debug: 'Destroying socket'.
                        socket destroy]] in ZnManagingMultiThreadedServer(ZnMultiThreadedServer)>>serveConnectionsOn:
BlockClosure>>ifCurtailed:
[[[self executeRequestResponseLoopOn: stream]
                ensure: [self log debug: 'Closing stream'.
                        self closeSocketStream: stream]]
                ifCurtailed: [self log debug: 'Destroying socket'.
                        socket destroy]] in ZnManagingMultiThreadedServer(ZnMultiThreadedServer)>>serveConnectionsOn:
[self value.
        Processor terminateActive] in BlockClosure>>newProcess
-------------------------------------------------------------------------------


It seems when there are bots that go on the page. Can you help me please? If you need other info I can supply them of course

Dave
Reply | Threaded
Open this post in threaded view
|

Re: Problems with Zinc and DigestAuthentication

Sven Van Caekenberghe
Hi Dave,

On 21 May 2012, at 17:37, Dav wrote:

> Hi,
>
> There is something wrong with Zinc but I can't find how to solve it. It
> happens with Zinc and Digest Authentication, sometimes the debugger shows me
> a primitiveFailed, see the stack below
>
> --- The full stack ---
> ByteString class(Object)>>primitiveFailed:
> ByteString class(Object)>>primitiveFailed
> ByteString class(Behavior)>>basicNew:
> ByteString class(String class)>>new:
> ByteString(SequenceableCollection)>>copyFrom:to:
> [:fragment |
> | tokens i key value |
> tokens := fragment trimBoth.
> i := tokens indexOf: $=.
> i > 0
> ifTrue: [key := tokens copyFrom: 1 to: i - 1.
> value := tokens copyFrom: i + 1 to: tokens size.
> dict
> at: key
> put: (value copyFrom: 2 to: value size - 1)]] in ZnDigestAuthenticator
> class>>parseAuthRequest:
> Array(SequenceableCollection)>>do:
> ZnDigestAuthenticator class>>parseAuthRequest:
> ZnDigestAuthenticator>>isRequestAuthenticated:
> ZnDigestAuthenticator(ZnBasicAuthenticator)>>authenticateRequest:do:
> ZnManagingMultiThreadedServer(ZnSingleThreadedServer)>>authenticateRequest:do:
> ZnManagingMultiThreadedServer(ZnSingleThreadedServer)>>handleRequest:
> ZnManagingMultiThreadedServer(ZnMultiThreadedServer)>>executeRequestResponseLoopOn:
> [self executeRequestResponseLoopOn: stream] in [[self
> executeRequestResponseLoopOn: stream]
> ensure: [self log debug: 'Closing stream'.
> self closeSocketStream: stream]] in [[[self executeRequestResponseLoopOn:
> stream]
> ensure: [self log debug: 'Closing stream'.
> self closeSocketStream: stream]]
> ifCurtailed: [self log debug: 'Destroying socket'.
> socket destroy]] in
> ZnManagingMultiThreadedServer(ZnMultiThreadedServer)>>serveConnectionsOn:
> BlockClosure>>ensure:
> [[self executeRequestResponseLoopOn: stream]
> ensure: [self log debug: 'Closing stream'.
> self closeSocketStream: stream]] in [[[self executeRequestResponseLoopOn:
> stream]
> ensure: [self log debug: 'Closing stream'.
> self closeSocketStream: stream]]
> ifCurtailed: [self log debug: 'Destroying socket'.
> socket destroy]] in
> ZnManagingMultiThreadedServer(ZnMultiThreadedServer)>>serveConnectionsOn:
> BlockClosure>>ifCurtailed:
> [[[self executeRequestResponseLoopOn: stream]
> ensure: [self log debug: 'Closing stream'.
> self closeSocketStream: stream]]
> ifCurtailed: [self log debug: 'Destroying socket'.
> socket destroy]] in
> ZnManagingMultiThreadedServer(ZnMultiThreadedServer)>>serveConnectionsOn:
> [self value.
> Processor terminateActive] in BlockClosure>>newProcess
> -------------------------------------------------------------------------------
>
>
> It seems when there are bots that go on the page. Can you help me please? If
> you need other info I can supply them of course
>
> Dave

Some more context would be welcome, what specific versions of Smalltalk/Zinc are you using ?
What is your setup?
Can you get your hands on the argument to ZnDigestAuthenticator class>>parseAuthRequest: that crashes ?

Sven


_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: Problems with Zinc and DigestAuthentication

Dave
Hi Sven

You are right, here some more info:
Version: Pharo1.4 of 18 April 2012 update 14438 - Zinc HTTP Components 1.0

My setup is:

ZnZincServerAdaptor startOn:8080 .  

authenticator := ZnDigestAuthenticator new.
authenticator realm:'........'.
authenticator atUsername: '....' putPassword: '.....' .
ZnZincServerAdaptor default server authenticator: authenticator .


and finally I can post some more stack info:


-------------------------------------------------------------------------------

THERE_BE_DRAGONS_HERE
PrimitiveFailed: primitive #basicNew: in ByteString class failed


VM: unix - i686 - linux-gnu - CoInterpreter VMMaker-oscog-EstebanLorenzano.158 uuid: 82eded98-68af-4c80-a472-4f6de293adcf May  1 2012, StackToRegisterMappingCogit VMMaker-oscog-EstebanLorenzano.158 uuid: 82eded98-68af-4c80-a472-4f6de293adcf May  1 2012, https://git.gitorious.org/cogvm/blessed.git Commit: 6aa3fd0f1188078d3167dec1a53031a61b97b688 Date: Tue May 1 20:28:14 2012 +0200 By: Esteban Lorenzano <estebanlm@gmail.com>
Image: Pharo1.4 [Latest update: #14438]

ByteString class(Object)>>primitiveFailed:
        Receiver: ByteString
        Arguments and temporary variables:
                selector: #basicNew:
        Receiver's instance variables:
                superclass: String
                methodDict: a MethodDictionary(#asByteArray->(ByteString>>#asByteArray "a Compi...etc...
                format: 23554
                instanceVariables: nil
                organization: ('accessing' at: at:put: byteAt: byteAt:put: byteSize indexOfAnyO...etc...
                subclasses: nil
                name: #ByteString
                classPool: a Dictionary(#NonAsciiMap->#[0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0...etc...
                sharedPools: nil
                environment: a SystemDictionary(lots of globals)
                category: #'Collections-Strings'
                traitComposition: {}
                localSelectors: nil


ByteString class(Object)>>primitiveFailed
        Receiver: ByteString
        Arguments and temporary variables:

        Receiver's instance variables:
                superclass: String
                methodDict: a MethodDictionary(#asByteArray->(ByteString>>#asByteArray "a Compi...etc...
                format: 23554
                instanceVariables: nil
                organization: ('accessing' at: at:put: byteAt: byteAt:put: byteSize indexOfAnyO...etc...
                subclasses: nil
                name: #ByteString
                classPool: a Dictionary(#NonAsciiMap->#[0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0...etc...
                sharedPools: nil
                environment: a SystemDictionary(lots of globals)
                category: #'Collections-Strings'
                traitComposition: {}
                localSelectors: nil


ByteString class(Behavior)>>basicNew:
        Receiver: ByteString
        Arguments and temporary variables:
                sizeRequested: -2
        Receiver's instance variables:
                superclass: String
                methodDict: a MethodDictionary(#asByteArray->(ByteString>>#asByteArray "a Compi...etc...
                format: 23554
                instanceVariables: nil
                organization: ('accessing' at: at:put: byteAt: byteAt:put: byteSize indexOfAnyO...etc...
                subclasses: nil
                name: #ByteString
                classPool: a Dictionary(#NonAsciiMap->#[0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0...etc...
                sharedPools: nil
                environment: a SystemDictionary(lots of globals)
                category: #'Collections-Strings'
                traitComposition: {}
                localSelectors: nil


ByteString class(String class)>>new:
        Receiver: ByteString
        Arguments and temporary variables:
                sizeRequested: -2
        Receiver's instance variables:
                superclass: String
                methodDict: a MethodDictionary(#asByteArray->(ByteString>>#asByteArray "a Compi...etc...
                format: 23554
                instanceVariables: nil
                organization: ('accessing' at: at:put: byteAt: byteAt:put: byteSize indexOfAnyO...etc...
                subclasses: nil
                name: #ByteString
                classPool: a Dictionary(#NonAsciiMap->#[0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0...etc...
                sharedPools: nil
                environment: a SystemDictionary(lots of globals)
                category: #'Collections-Strings'
                traitComposition: {}
                localSelectors: nil


ByteString(SequenceableCollection)>>copyFrom:to:
        Receiver: ''
        Arguments and temporary variables:
                start: 2
                stop: -1
                newSize: -2
        Receiver's instance variables:
''

[:fragment |
| tokens i key value |
tokens := fragment trimBoth.
        i := tokens indexOf: $=.
        i > 0
                ifTrue: [key := tokens copyFrom: 1 to: i - 1.
                        value := tokens copyFrom: i + 1 to: tokens size.
                        dict
                                at: key
                                put: (value copyFrom: 2 to: value size - 1)]] in ZnDigestAuthenticator class>>parseAuthRequest:
        Receiver: ZnDigestAuthenticator
        Arguments and temporary variables:
                dict: ' algorithm='
                fragment: a Dictionary('nonce'->'hidden nonce' 'realm'->'hidden realm..etc...
                tokens: 'algorithm='
                i: 10
                key: 'algorithm'
                value: ''
        Receiver's instance variables:
                superclass: ZnBasicAuthenticator
                methodDict: a MethodDictionary(#a1for:->(ZnDigestAuthenticator>>#a1for: "a Comp...etc...
                format: 136
                instanceVariables: #('nonces')
                organization: ('accessing' nonces)
('public' authHeader)
('testing' isRequestAu...etc...
                subclasses: nil
                name: #ZnDigestAuthenticator
                classPool: nil
                sharedPools: nil
                environment: a SystemDictionary(lots of globals)
                category: #'Zinc-HTTP-Support'
                traitComposition: {}
                localSelectors: nil


Array(SequenceableCollection)>>do:
        Receiver: #('username=""' ' realm="hidden realm...
        Arguments and temporary variables:
                aBlock: [:fragment |
| tokens i key value |
tokens := fragment trimBoth.
        i :=...etc...
                index: 5
                indexLimiT: 10
        Receiver's instance variables:
#('username=""' ' realm="hidden realm...


As you can see username is empty string, realm and nonce are hidden by me. Unfortunately I tried to simulate the bug authenticating myself with empty string but no errors occurred

Cheers
 Dave


Sven Van Caekenberghe wrote
Some more context would be welcome, what specific versions of Smalltalk/Zinc are you using ?
What is your setup?
Can you get your hands on the argument to ZnDigestAuthenticator class>>parseAuthRequest: that crashes ?

Sven


_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: Problems with Zinc and DigestAuthentication

Sven Van Caekenberghe
Dave,

On 21 May 2012, at 18:49, Dav wrote:

> As you can see username is empty string, realm and nonce are hidden by me.
> Unfortunately I tried to simulate the bug authenticating myself with empty
> string but no errors occurred

It is a bit hard to debug without an actual example string, you will have to try to do that yourself.
Now what I can infer from the stacktrace is that #copyFrom:to: is called with args 2 and -1, the latter being an error of course.
ZnDigestAuthenticator class>>parseAuthRequest: is not very robust it seems, I think this can only happen if value size = 0 from a fragment like 'key='.
Maybe you can try putting an extra guard there when computing the value.

We always appreciate contributions, however small ;-)

Sven


_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: Problems with Zinc and DigestAuthentication

Dave
Sven I'm gonna send you an email about the issue.
Dave
Reply | Threaded
Open this post in threaded view
|

Re: Problems with Zinc and DigestAuthentication

Sven Van Caekenberghe
Dave,


On 21 May 2012, at 21:59, Dave wrote:

> Sven I'm gonna send you an email about the issue.
> Dave

Please try again after updating manually to the lastest Zn version:

==================== Summary ====================

Name: Zinc-HTTP-SvenVanCaekenberghe.278
Author: SvenVanCaekenberghe
Time: 22 May 2012, 10:48:12 am
UUID: 5c5f70f9-0f04-4941-a09a-cbf28ba154e4
Ancestors: Zinc-HTTP-SvenVanCaekenberghe.277

added multiline/continuation header line parsing to ZnHeaders;
added some extra guards to ZnDigestAuthenticator class>>#parseAuthRequest

==================== Summary ====================

Name: Zinc-Tests-SvenVanCaekenberghe.144
Author: SvenVanCaekenberghe
Time: 22 May 2012, 10:50:47 am
UUID: 5fd44833-78c7-4a88-9c52-d0f4b0737f76
Ancestors: Zinc-Tests-SvenVanCaekenberghe.143

added tests for multiline/continuation header line parsing to ZnHeadersTests;
added some ZnDigestAuthenticatorTests

============

Now, I hope this would help with your problem. ZnDigestAuthenticator needs more work, but at the moment, I do not have the time take a detailed look (I did not write this code, I would have to study the specs in details first).


HTH,


Sven


--
Sven Van Caekenberghe
http://stfx.eu
Smalltalk is the Red Pill

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: Problems with Zinc and DigestAuthentication

Dave
Thanks Sven,
I'm gonna try and feedback you.
D.


Sven Van Caekenberghe wrote
Dave,


On 21 May 2012, at 21:59, Dave wrote:

> Sven I'm gonna send you an email about the issue.
> Dave

Please try again after updating manually to the lastest Zn version: