Coockie problems with proxies


#1

Hi

I have just installed RT with our ~20 people large helpdesk at SunSITE
Denmark. It works just fine, and have handled more than 20 requests in
the first hour. Great.

We have discovered two problems:

  • Our queue memebers get cookies to the web thingy based on their IP
    adress, right? Now, some of our queue members goes through a bunch
    of load-balancing proxies, so their IP adress changes constantly and
    hence is denied access. Is there any easy solution to that problem?

  • Our local characters (æøå - yes, I hate them too, but they are
    widely used!) is often transfered as Quoted Printable, and it works
    well if the MIME-Version along with Content-Transfer-Encoding
    headers was preserved, but RT seems to strip them when forwarding
    email.

Is any work going on in this direction, or should I start digging
myself? I use rt-1.1-CVS

Otherwise, that for the really nice product!

Best regards,
Karsten


#2

We have discovered two problems:

  • Our queue memebers get cookies to the web thingy based on their IP
    adress, right? Now, some of our queue members goes through a bunch
    of load-balancing proxies, so their IP adress changes constantly and
    hence is denied access. Is there any easy solution to that problem?

The easy answer is to hack into a file like lib/rt/ui/web/auth.pm or
whatever it was and remove the IP from the cookie.

Jesse, have you thought more about better authentication
for WebRT 2.0? (follow up to dev)

  • Our local characters (��� - yes, I hate them too, but they are
    widely used!)

��� is lovely … try fighting a bit with cyrrilic … that’s even worse
:slight_smile:

The worst thing is that the subject line gets scrambled and
hence broken. There is more people that are fighting with this problem.
There shouldn’t be much effort putting in a filter before RT that puts the
subject line into an 8-bit mix. Have anybody done anything like that?

RT 2.0 will probably be out in June and will fix those problems once and
forever… :slight_smile:

is often transfered as Quoted Printable, and it works
well

No, the subject line gets scrambled, RT doesn’t fix that.

For MIME attachments, take a look at the stripmime contribution.

Tobias Brox
aka TobiX
+47 22 925 871


#3

“Tobias” == Tobias Brox tobiasb@tobiasb.funcom.com writes:

Tobias> The easy answer is to hack into a file like
Tobias> lib/rt/ui/web/auth.pm or whatever it was and remove the IP
Tobias> from the cookie.

OK - thanks!

  • Our local characters (æøå - yes, I hate them too, but they are
    widely used!)

Tobias> æøå is lovely … try fighting a bit with cyrrilic … that’s
Tobias> even worse :slight_smile:

I can imagine that :slight_smile:

Tobias> The worst thing is that the subject line gets scrambled and
Tobias> hence broken. There is more people that are fighting with this
Tobias> problem. There shouldn’t be much effort putting in a filter
Tobias> before RT that puts the subject line into an 8-bit mix. Have
Tobias> anybody done anything like that?

I can live with broken subject lines, but when the content of the
message is unreadable, then I will get a hard time.

Tobias> RT 2.0 will probably be out in June and will fix those
Tobias> problems once and forever… :slight_smile:

Hmm…Sounds great. Let me get one thing straight. Is rt-1.1 from CVS
the one which will be released as 2.0? (if I will have to hack on
this, I would like to do it on the latest eddition)

is often transfered as Quoted Printable, and it works well

Tobias> No, the subject line gets scrambled, RT doesn’t fix that.

Tobias> For MIME attachments, take a look at the stripmime
Tobias> contribution.

Yes, but that is not a large problem in our situation…

Best regards
Karsten


#4

“Tobias” == Tobias Brox tobiasb@tobiasb.funcom.com writes:

Tobias> The easy answer is to hack into a file like
Tobias> lib/rt/ui/web/auth.pm or whatever it was and remove the IP
Tobias> from the cookie.

OK - thanks!

Or put less of the IP in the cookie - mask it with a network mask. This
was a recommended solution I saw somewhere - I can’t remember if it is in
the doco for CGI.pm, or in Apache documentaion, or in a Lincoln Stein book
I have…

Charlie Brady
Aurema Pty Ltd
PO Box 305, Strawberry Hills, NSW 2012, Australia
Email:charlieb@aurema.com, Tel: +61 2 9698 2322, Fax: +61 2 9699 9174
"I think it would be a good idea." Gandhi, on Western Civilisation.


#5

I can live with broken subject lines, but when the content of the
message is unreadable, then I will get a hard time.

You can, but RT can’t :slight_smile: I find it strange you haven’t encountered this
problem yet.

Hmm…Sounds great. Let me get one thing straight. Is rt-1.1 from CVS
the one which will be released as 2.0? (if I will have to hack on
this, I would like to do it on the latest eddition)

The rt-1-1 branch is the pre-2.0, yes.

Tobias Brox
aka TobiX
+47 22 925 871


#6

Or put less of the IP in the cookie - mask it with a network mask. This
was a recommended solution I saw somewhere - I can’t remember if it is in
the doco for CGI.pm, or in Apache documentaion, or in a Lincoln Stein book
I have…

There’s no guarantee that all proxies a user may appear through will
be in the same block, or that you’ll be able to guess an appropriately
wide netmask…

If you want security, don’t trust the source IP address… an attacker
trying to steal a session may be coming through the same proxy as the
victim…

Instead, use SSL …

					- Bill

#7

If you want security, don’t trust the source IP address… an attacker
trying to steal a session may be coming through the same proxy as the
victim…

Instead, use SSL …
- Bill
nod The goal of the current password hashing was to do something
that would be “slightly” better than http-basic. In production,
SSL is something that you can depend on.

jesse reed vincent – jrvincent@wesleyan.edujesse@fsck.com
pgp keyprint: 50 41 9C 03 D0 BC BC C8 2C B9 77 26 6F E1 EB 91
They’ll take my private key when they pry it from my cold dead fingers!


#8

Hello,

When I execute rtadmin the message below is returned

Can’t load '/usr/lib/perl5/site_perl/i386-linux/auto/DBD/mysql/mysql.so’
for module DBD::mysql: File not found at
/usr/lib/perl5/i386-linux/DynaLoader.pm line 169.

at /usr/lib/perl5/site_perl/i386-linux/Mysql.pm line 13 BEGIN
failed–compilation aborted at /usr/local/etc/rt/lib/rt/database.pm line
8.

I follow the instructions in README for installation but not work.
The modules Msql… DBI… Data-show… MD5… were installed.

What’s the problem ?

[]'s
Marcelo


#9

Did you install the mysql-devel package? (I assume you installed mysql
from RPMS)

jesseOn Fri, Apr 07, 2000 at 04:05:20PM -0300, Marcelo Rodrigues de Camargo wrote:

Hello,

When I execute rtadmin the message below is returned

Can’t load '/usr/lib/perl5/site_perl/i386-linux/auto/DBD/mysql/mysql.so’
for module DBD::mysql: File not found at
/usr/lib/perl5/i386-linux/DynaLoader.pm line 169.

at /usr/lib/perl5/site_perl/i386-linux/Mysql.pm line 13 BEGIN
failed–compilation aborted at /usr/local/etc/rt/lib/rt/database.pm line
8.

I follow the instructions in README for installation but not work.
The modules Msql… DBI… Data-show… MD5… were installed.

What’s the problem ?

[]'s
Marcelo


rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

jesse reed vincent – jrvincent@wesleyan.edujesse@fsck.com
pgp keyprint: 50 41 9C 03 D0 BC BC C8 2C B9 77 26 6F E1 EB 91
Any e-mail sent to the SLA will immediately become the intellectual property
of the SLA and the author of said message will enter into a period of
indentured servitude which will last for a period of time no less than seven
years.


#10

The modules Msql…
(…)
What’s the problem ?

Maybe the problem is that we use mysql and not msql?

Tobias Brox
aka TobiX
+47 22 925 871


#11

Dont know what is going on:
I am not able to install RT.
I am running FreeBSD-stable 4.1
This is perl, version 5.005_03 built for i386-freebsd

I configured the makefile and read the documentation.

When I try and do the initial make install as described in the README I
get the following error:

root@klingon: 05:20:41 -> make install
"Makefile", line 212: Need an operator
"Makefile", line 214: Need an operator
"Makefile", line 216: Need an operator
make: fatal errors encountered – cannot continue

I am installing rt version 1.04. I am sure I am missing something
obvious, for anyone to point me in the right direction would be great.

Thanks many,

Valerio Romano
Unix Fan


#12

One last bit:
Those lines are located below the user defined options.

No user servicable parts below this line. Frob at your own risk

ifdef DBADMIN_MYSQL_PASS <-----line 212
DBADMIN_MYSQL_PASS_STRING = -p$(DBADMIN_MYSQL_PASS)
else
DBADMIN_MYSQL_PASS_STRING =
endif

Valerio Romano
Unix FanOn Wed, 1 Nov 2000, Valerio Romano wrote:

Dont know what is going on:
I am not able to install RT.
I am running FreeBSD-stable 4.
This is perl, version 5.005_03 built for i386-freebsd

I configured the makefile and read the documentation.

When I try and do the initial make install as described in the README I
get the following error:

root@klingon: 05:20:41 -> make install
"Makefile", line 212: Need an operator
"Makefile", line 214: Need an operator
"Makefile", line 216: Need an operator
make: fatal errors encountered – cannot continue

I am installing rt version 1.04. I am sure I am missing something
obvious, for anyone to point me in the right direction would be great.

Thanks many,

Valerio Romano
Unix Fan


#13

I think you need gmake right?

Just a quick shot into the wormhole… greetings from deepspace 1
–From rt-users-admin@lists.fsck.com Wed Nov 1 17:43 PST 2000
–Delivered-To: rt-users@lists.fsck.com
–To: rt-users@lists.fsck.com
–MIME-Version: 1.0
–Subject: [rt-users] rt installation
–X-BeenThere: rt-users@lists.fsck.com
–X-Mailman-Version: 2.0beta5
–List-Id: For users of RT: Request Tracker <rt-users.lists.fsck.com>
–Dont know what is going on:
–I am not able to install RT.
–I am running FreeBSD-stable 4.1
–This is perl, version 5.005_03 built for i386-freebsd
–I configured the makefile and read the documentation.
–When I try and do the initial make install as described in the README I
–get the following error:
–root@klingon: 05:20:41 -> make install
–“Makefile”, line 212: Need an operator
–“Makefile”, line 214: Need an operator
–“Makefile”, line 216: Need an operator
–make: fatal errors encountered – cannot continue
–I am installing rt version 1.04. I am sure I am missing something
–obvious, for anyone to point me in the right direction would be great.
–Thanks many,
–Valerio Romano
–Unix Fan
–rt-users mailing list
--rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users


#14

| root@klingon: 05:20:41 -> make install
| “Makefile”, line 212: Need an operator
| “Makefile”, line 214: Need an operator
| “Makefile”, line 216: Need an operator
| make: fatal errors encountered – cannot continue
±–>8

Build gmake out of ports; BSD make won’t work with RT’s makefile.


#15

You need to use gnu make.On Wed, Nov 01, 2000 at 05:24:03PM -0800, Valerio Romano wrote:

Dont know what is going on:
I am not able to install RT.
I am running FreeBSD-stable 4.1
This is perl, version 5.005_03 built for i386-freebsd

I configured the makefile and read the documentation.

When I try and do the initial make install as described in the README I
get the following error:

root@klingon: 05:20:41 -> make install
"Makefile", line 212: Need an operator
"Makefile", line 214: Need an operator
"Makefile", line 216: Need an operator
make: fatal errors encountered – cannot continue

I am installing rt version 1.04. I am sure I am missing something
obvious, for anyone to point me in the right direction would be great.

Thanks many,

Valerio Romano
Unix Fan


rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

jesse reed vincent – root@eruditorum.orgjesse@fsck.com
70EBAC90: 2A07 FC22 7DB4 42C1 9D71 0108 41A3 3FB3 70EB AC90

Linux is like a Vorlon. It is incredibly powerful, gives terse,
cryptic answers and has a lot of things going on in the background.


#16

On Wed, Nov 01, 2000 at 05:24:03PM -0800, Valerio Romano emailed:

I am not able to install RT.
I am running FreeBSD-stable 4.1

are you using gmake, instead of make?
also you’ll need to replace the “chgrp -R root” commands
in the Makefile to chgrp wheel since it’s FreeBSD. the
only other FreeBSD gotcha is determining which mailer
you’ll be using since FreeBSD4 uses a mailwrapper and
/etc/mail/mailer.conf now instead of using sendmail by
default.

that’s all I remember off the top of my head.

–clark


#17

Yes gmake! I saw that I needed GNU make but assumed thats what I was using
with make.
Duh.
Thanks a lot for those that answered!

Valerio Romano
Unix FanOn Wed, 1 Nov 2000, Valerio Romano wrote:

One last bit:
Those lines are located below the user defined options.
####################################################################

No user servicable parts below this line. Frob at your own risk

####################################################################

ifdef DBADMIN_MYSQL_PASS <-----line 212
DBADMIN_MYSQL_PASS_STRING = -p$(DBADMIN_MYSQL_PASS)
else
DBADMIN_MYSQL_PASS_STRING =
endif

Valerio Romano
Unix Fan

On Wed, 1 Nov 2000, Valerio Romano wrote:

Dont know what is going on:
I am not able to install RT.
I am running FreeBSD-stable 4.
This is perl, version 5.005_03 built for i386-freebsd

I configured the makefile and read the documentation.

When I try and do the initial make install as described in the README I
get the following error:

root@klingon: 05:20:41 -> make install
"Makefile", line 212: Need an operator
"Makefile", line 214: Need an operator
"Makefile", line 216: Need an operator
make: fatal errors encountered – cannot continue

I am installing rt version 1.04. I am sure I am missing something
obvious, for anyone to point me in the right direction would be great.

Thanks many,

Valerio Romano
Unix Fan


#18

Another one,

I am having trouble with the rtadmin utility:

This command:
./rtadmin queue -create opsrequest

produces this:
DBD::mysql object version 2.0415 does not match bootstrap parameter 2.0414
at /usr/libdata/perl/5.00503/DynaLoader.pm line 188.
BEGIN failed–compilation aborted at /usr/local/rt/lib/rt/database.pm line
8

I went to CPAN and my DBD::mysql is now up to date but I still have the
problem.

I am running FreeBSD-stable 4.1
This is perl, version 5.005_03 built for i386-freebsd

Thanks many,

Valerio Romano
Unix Fan


#19

I am running FreeBSD-stable 4.1
This is perl, version 5.005_03 built for i386-freebsd

the other thing about FreeBSD 4-STABLE is that you have to
reinstall any perl modules if you have upgraded to STABLE
since you need to relink to the new perl.

–clark


#20

OKay I got hard core and upgraded perl to 5.6 and redid the bundle from
CPAN.
I removed the databse and reinstalled rt.
I am getting a slightly different error.
I wonder what I am missing:

root@klingon: 09:17:45 -> ./rtadmin queue -create opsrequest
DBD::mysql object version 2.0415 does not match bootstrap parameter 2.0414
at /usr/local/lib/perl5/5.6.0/i386-freebsd/DynaLoader.pm line 219.
Compilation failed in require at
/usr/local/lib/perl5/site_perl/5.005/i386-freebsd/Mysql.pm line 13.
Compilation failed in require at /usr/local/rt/lib/rt/database.pm line 8.
BEGIN failed–compilation aborted at /usr/local/rt/lib/rt/database.pm line
8.
Compilation failed in require at /usr/local/rt/lib/rt/database/admin.pm
line 8.
Compilation failed in require at /usr/local/rt/bin/rtmux.pl line 40.

Thanks for any input,

Valerio Romano
Unix FanOn Wed, 1 Nov 2000, root wrote:

On Wed, Nov 01, 2000 at 06:54:11PM -0800, Valerio Romano wrote:

I am running FreeBSD-stable 4.1
This is perl, version 5.005_03 built for i386-freebsd

the other thing about FreeBSD 4-STABLE is that you have to
reinstall any perl modules if you have upgraded to STABLE
since you need to relink to the new perl.

–clark