Article delegate-en/3964 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] DeleGata as http / sftp gateway, for WebDav purpose - problem.
28 Apr 2008 07:28:26 GMT Martin Osterlund <ppqhqbdyi-c4ifwxlfy25r.ml@ml.delegate.org>


Hi,

What I want to do is:

Provide webdav access for all users to their homedir.
To do this without compromising filesystem security,
(eg. webserver needs full access for all user files, or run suid root or
similar), I wish to use DeleGate to provide an https -> sftp gateway.


During experimenting I'am on a closed setup - will use http until I get
it working.

I start DeleGate 64 bit binary for linux with the following command:

./linux64-dg ADMIN=me@myhost.. -P80 SERVER=http MOUNT="/*
sftp://fileserver.fqdn" -v HTTPCONF=methods:"*"

Using above settings I can browse my homedir using a std. webrowser.
However trying to use webdav, client will reject the url -- last thing
  - Might be related to propfind?

Here's the output from delegate -- (hostnames and similar has been changed):

==================================================================

> ## Server startup ##
> 
> 04/25 15:03:25.42 [2936] 0+0: -- setCredhyCache /tmp/credhy_cache128 >> /var/lib/nobody/delegate/act/credhy_cache128
> 04/25 15:03:25.42 [2936] 0+0: command PATH: /opt/delegate-9.8.1/linux64-dg -> /opt/delegate-9.8.1/linux64-dg
> 04/25 15:03:25.42 [2936] 0+0: PORT> -P80
> 04/25 15:03:25.42 [2936] 0+0: ... testing resolver[SYS] with 'WWW.DeleGate.ORG'
> 04/25 15:03:25.42 [2936] 0+0: ... you can suppress this test by RES_WAIT=0
> 04/25 15:03:25.42 [2936] 0+0: ... gethostname(delegatehostname)
> 04/25 15:03:25.42 [2936] 0+0: configuring default RESOLV ...
> 04/25 15:03:25.42 [2936] 0+0: ... gethostname()='delegatehostname'
> 04/25 15:03:25.42 [2936] 0+0: ... SYS: delegatehostname -> delegatehost.ip
> 04/25 15:03:25.42 [2936] 0+0: ... DNS: delegatehost.ip -> delegatehostname.fqdn
> 04/25 15:03:25.42 [2936] 0+0: ... DNS available
> 04/25 15:03:25.42 [2936] 0+0: ... NIS domain: fqdn
> 04/25 15:03:25.42 [2936] 0+0: ... export RES_ORDER=CFND
> 04/25 15:03:25.42 [2936] 0+0: export RESOLV=cache,file,nis,dns (set by default)
> SRCSIGN=9.8.1:20071116133944+0900:15d6dc1a45e4b7fa:Author@DeleGate.ORG:VX7LJNDQUJxF68X6SEQQLEj+Ref6c0vaq4/9ckXm0V/++UQJ3VbTlAXCc3LASPa5hSM3WOv9K485dZ4n8tl3ohwESSm2J0D4tAYrbozVj91u+vUIsASn34oQ+won7Sdq4DQuFUCx75Wn3NmGVlpbq2haENIGOHEO91iEuXeI0ow=
> BLDSIGN=9.8.1:20071116134308+0900:15d6dc1a45e4b7fa::-
> 04/25 15:03:25.43 [2936] 0+0: --INITIALIZATION START-08042515+0100: 9.8.1 on Linux/2.6.16.46-0.12-smp--
> 04/25 15:03:25.43 [2936] 0+0: EXECDIR=/opt/delegate-9.8.1
> 04/25 15:03:25.43 [2936] 0+0: BINSHELL=/bin/sh
> 04/25 15:03:25.43 [2936] 0+0: MAXIMA=delegated:20 for small mem=150M
> 04/25 15:03:25.43 [2936] 0+0: server_open(delegate,:80,listen=20)
> 04/25 15:03:25.43 [2936] 0+0: server_open(delegate,:80) BOUND
> 04/25 15:03:25.43 [2936] 0+0: DGROOT=/var/lib/nobody/delegate^M
> 04/25 15:03:25.43 [2936] 0+0: <DeleGate/9.8.1> [2936] -P80 READY^M
> <DeleGate/9.8.1> [2936] -P80 READY
> Config: Linux/2.6.16.46-0.12-smp; FileSize-Bits=64/64,32/32,32; sockbuf=87380/16384; sockpair=126976/126976,1002++; thread=PThread; stty=tcsetattr; fmem=43/150/1002M
> DGROOT=/var/lib/nobody/delegate
> ADMIN=validuser@fqdn
> AIST-Product-ID: 2000-ETL-198715-01, H14PRO-049, H15PRO-165, H18PRO-443
> Copyright (c) 1994-2000 Yutaka Sato and ETL,AIST,MITI
> Copyright (c) 2001-2006 National Institute of Advanced Industrial Science and Technology (AIST)
> BLDSIGN=9.8.1:20071116134308+0900:15d6dc1a45e4b7fa::-
> 04/25 15:03:25.43 [2936] 0+0: PORT= 80/8 (0,80)

> 04/25 15:03:25.43 [2936] 0+0: OWNER=nobody => OWNER=nobody/nobody(nobody/nobody)
> 04/25 15:03:25.43 [2936] 0+0: REMITTABLE = http,https/{80,443},gopher,ftp,wais
> 04/25 15:03:25.43 [2936] 0+0: --- [z] 0 dglibz.so
> 04/25 15:03:25.43 [2936] 0+0: --- [z] 0 libz.so.0.9.8
> 04/25 15:03:25.43 [2936] 0+0: --- [z] 0 libz.so
> 04/25 15:03:25.43 [2936] 0+0: --- [/usr/lib/libz.so.1]
> 04/25 15:03:25.43 [2936] 0+0: --- [z] 8363188 /usr/lib/libz.so.1
> 04/25 15:03:25.43 [2936] 0+0: ---- [z] loaded 15 syms, unknown=0+0, already=0
> 04/25 15:03:25.43 [2936] 0+0: +++ loaded Zlib 1.2.3
> 04/25 15:03:25.43 [2936] 0+0: #### gzip/gunzip = dynamically linked
> 04/25 15:03:25.43 [2936] 0+0: ADMIN=validuser@fqdn protocol=http(specialist)
> 04/25 15:03:25.44 [2936] 0+0: #### CACHE DISABLED #### Cache directory seems not exist: /var/lib/nobody/delegate/cache
> 04/25 15:03:25.44 [2936] 0+0: MOUNT[0]X[3] /-/builtin/icons/* = default
> 04/25 15:03:25.44 [2936] 0+0: MOUNT[1]X[4] /-/* = forbidden,from=!.RELIABLE,default
> 04/25 15:03:25.44 [2936] 0+0: MOUNT[2]X[0] /-* = default
> 04/25 15:03:25.44 [2936] 0+0: MOUNT[3]X[1] /=* = default
> 04/25 15:03:25.44 [2936] 0+0: MOUNT[4]X[5] /favicon.ico builtin:icons/ysato/default.ico default,direction=fo,onerror=404,expires=15m
> 04/25 15:03:25.44 [2936] 0+0: MOUNT[5]X[2] /* sftp://sftphostname.fqdn/
> 04/25 15:03:25.44 [2936] 0+0: #### stack size limit = 800000 (000000X)
> 04/25 15:03:25.44 [2936] 0+0: Stay open PIDFILE for accept() lock[fd=10]
> 04/25 15:03:25.45 [2936] 0+0: StickyReport[11,12]127.0.0.127:65535><127.0.0.127:65535 126976/126976 126976/126976
> 04/25 15:03:25.45 [2936] 0+0: env[68] LIBPATH=.;/var/lib/nobody/delegate/adm/rejects/sftp;/var/lib/nobody/delegate/lib;/opt/delegate-9.8.1;/var/lib/nobody/delegate/etc
> 04/25 15:03:25.45 [2936] 0+0: env[70] RESOLV=cache,file,nis,dns
> 04/25 15:03:25.45 [2936] 0+0: arg[1] ADMIN=validuser@fqdn
> 04/25 15:03:25.45 [2936] 0+0: arg[3] SERVER=http
> 04/25 15:03:25.45 [2936] 0+0: arg[4] MOUNT=/* sftp://sftphostname.fqdn/
> 04/25 15:03:25.45 [2936] 0+0: arg[6] HTTPCONF=methods:*
> 04/25 15:03:25.45 [2936] 0+0: DELEGATE_Modified[0]: 4811ca4e 1209125454
> 04/25 15:03:25.45 [2936] 0+0: --INITIALIZATION DONE-08042515+0100: 9.8.1 on Linux/2.6.16.46-0.12-smp--
> 
> ## trying to connect, without sending user/password ##
> 
> 04/25 15:05:23.05 [2949] 1+0: -- Fork(SequentialServer): 2936 -> 2949
> 04/25 15:05:23.05 [2949] 1+1: (0) accepted [22] -@[clienthost.ip]clienthostname.fqdn:38928 (0.004s)(1)
> 04/25 15:05:23.05 [2949] 1+1: #HT11 Don't Keep-Alive [PROPFIND] with body: Content-Length: 303^M
> 04/25 15:05:23.05 [2949] 1+1: Proxy: host=clienthostname.fqdn; User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.1 (like Gecko); DIRECT
> 04/25 15:05:23.05 [2949] 1+1: HCKA:[0] Keep-Alive; host=clienthostname.fqdn; (User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.1 (like Gecko))
> 04/25 15:05:23.05 [2949] 1+1: REQUEST - PROPFIND / HTTP/1.1^M
> 04/25 15:05:23.05 [2949] 1+1: *** / => sftp://sftphostname.fqdn/ ***
> 04/25 15:05:23.05 [2949] 1+1: REQUEST +M sftp://sftphostname.fqdn/ HTTP/1.1^M
> 04/25 15:05:23.05 [2949] 1+1: HTTP GateWay > sftp://sftphostname.fqdn:22/PROPFIND / HTTP/1.1^M
> 04/25 15:05:23.05 [2949] 1+1: *** / => sftp://sftphostname.fqdn/ ***
> 04/25 15:05:23.05 [2949] 1+1: PATH> sftp://sftphostname.fqdn:22!delegatehostname.fqdn:80!clienthostname.fqdn:38928!anonymous@clienthostname.fqdn;1209128723
> 04/25 15:05:23.05 [2949] 1+1: REQUEST = (no-cache)[sftp://sftphostname.fqdn:22/] PROPFIND / HTTP/1.1^M
> 04/25 15:05:23.05 [2949] 1+1: XHost: (0,0,1) sftphostname.fqdn <= delegatehostname.fqdn
> 04/25 15:05:23.05 [2949] 1+1: FTP/HTTP: PROPFIND ftp://sftphostname.fqdn:22/ HTTP/1.1
> 04/25 15:05:23.05 [2949] 1+1: ## openHttpResponseFilter: clnt=1 will=0 chunk=1
> 04/25 15:05:23.05 [2950] 1+1: -- Fork(openFilter): 2949 -> 2950
> 04/25 15:05:23.05 [2949] 1+1: authorization user[anonymous] pass[validuser@fqdn(FTP/HTTP-DeleGate/9.8.1)]
> 04/25 15:05:23.05 [2949] 1+1: ---- CC connect got -1
> 04/25 15:05:23.05 [2951] 1+1: -- Fork(SftpGW): 2949 -> 2951
> 04/25 15:05:23.05 [2949] 1+1: FTP/HTTP: server opened [18]
> 04/25 15:05:23.19 [2951] 1+1: Kill(2952,15)
> 04/25 15:05:23.19 [2949] 1+1: bind_insock(11,delegatehost.ip,0) = 0, errno=0
> 04/25 15:05:23.19 [2949] 1+1: ### IDENT CONNECT(clienthostname.fqdn:113) TIMEOUT(1000ms) (111)
> 04/25 15:05:23.19 [2949] 1+1: FTP/HTTP: negotiation with the server failed^M
> 04/25 15:05:23.19 [2949] 1+1: E-P: No permission: clienthostname.fqdn:38928 => sftp://sftphostname.fqdn (anonymous:530 No (Login failed))
> 04/25 15:05:23.19 [2949] 1+1: ####LS cannot open /var/lib/nobody/delegate/act/delay/11/clienthost.ip:clienthostname.fqdn
> 04/25 15:05:23.19 [2950] 1+1: HTTP error request: PROPFIND / HTTP/1.1^M
> 04/25 15:05:23.19 [2950] 1+1: HTTP error status: 401 Unauthorized
> 04/25 15:05:23.19 [2949] 1+1/1: HCKA:[1] closed -- g:gateway for: sftp
> 04/25 15:05:23.19 [2949] 1+1/1: WaitShutdown 1/0 xpid=0 errno=0/10 1 0 0 0.000
> 04/25 15:05:23.20 [2950] 1+1: ClosedOnTimeout(1): time=1209128723/1209128753 ppid=2949/2936 pid=2950/2949
> 04/25 15:05:23.20 [2950] 1+1: HTTP error header: Date: Fri, 25 Apr 2008 13:05:23 GMT^M
> 04/25 15:05:23.20 [2950] 1+1: HTTP error header: Server: DeleGate/9.8.1^M
> 04/25 15:05:23.20 [2950] 1+1: HTTP error header: DeleGate-Ver: 9.8.1 (delay=0)^M
> 04/25 15:05:23.20 [2950] 1+1: HTTP error header: MIME-Version: 1.0^M
> 04/25 15:05:23.20 [2950] 1+1: HTTP error header: Content-Type: text/html^M
> 04/25 15:05:23.20 [2950] 1+1: HTTP error header: Content-Length: 82^M
> 04/25 15:05:23.20 [2950] 1+1: HTTP error header: Connection: close^M
> 04/25 15:05:23.20 [2950] 1+1: HTTP error header: WWW-Authenticate: Basic Realm="</>"^M
> 04/25 15:05:23.20 [2950] 1+1: #HT11 SERVER ver[HTTP/1.1] conn[close]
> 04/25 15:05:23.20 [2950] 1+1: HTTP error header: ^M
> 04/25 15:05:23.20 [2950] 1+1: HTTP/1.1 401 Content-{Type:text/html Encoding:[/] Leng:82} Server:DeleGate/9.8.1
> 04/25 15:05:23.20 [2950] 1+1: ####Gzip [0.000522] - 564 => 423 [16=>8]
> 04/25 15:05:23.20 [2950] 1+1: putMIMEmsg: Content-Length: 82 -> 423 (691 - 268) [x-gzip]
> 04/25 15:05:23.20 [2950] 1+1: #CEcl put Content-Encoding:x-gzip
> 04/25 15:05:23.20 [2950] 1+1: HTTP transmitted: 241head+624/82body=>0txt+0bin->423/423, 10i/2o/0f/0.1 ---z-
> 04/25 15:05:23.21 [2949] 1+1/1: WaitShutdown 1/0 xpid=2950 errno=0/10 1 0 0 0.017
> 04/25 15:05:23.24 [2949] 1+1/1: disconnected [22] -@[clienthost.ip]clienthostname.fqdn:38928 (0.191s)(0)
> clienthostname.fqdn - - [25/Apr/2008:15:05:23 +0100] "PROPFIND sftp://sftphostname.fqdn/ HTTP/1.1" 401 0 0*0.000+0.141:W:0g
> 04/25 15:05:23.24 [2949] 1+1: StickyServer done [nonStickyProtocol(http:sftp:sftp)] 1 req / 1+0/1 conn / 0 sec
> 
> ## Sending credentials ##
> 
> 04/25 15:13:14.42 [3036] 2+0: -- Fork(SequentialServer): 2936 -> 3036
> 04/25 15:13:14.42 [3036] 2+1: (0) accepted [33] -@[clienthost.ip]clienthostname.fqdn:40284 (0.007s)(1)
> 04/25 15:13:14.43 [3036] 2+1: #HT11 Don't Keep-Alive [PROPFIND] with body: Content-Length: 303^M
> 04/25 15:13:14.43 [3036] 2+1: Proxy: host=clienthostname.fqdn; User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.1 (like Gecko); DIRECT
> 04/25 15:13:14.43 [3036] 2+1: HCKA:[0] Keep-Alive; host=clienthostname.fqdn; (User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.1 (like Gecko))
> 04/25 15:13:14.44 [3036] 2+1: REQUEST - PROPFIND / HTTP/1.1^M
> 04/25 15:13:14.44 [3036] 2+1: *** / => sftp://sftphostname.fqdn/ ***
> 04/25 15:13:14.44 [3036] 2+1: REQUEST +M sftp://sftphostname.fqdn/ HTTP/1.1^M
> 04/25 15:13:14.44 [3036] 2+1: HTTP GateWay > sftp://sftphostname.fqdn:22/PROPFIND / HTTP/1.1^M
> 04/25 15:13:14.44 [3036] 2+1: *** / => sftp://sftphostname.fqdn/ ***
> 04/25 15:13:14.44 [3036] 2+1: PATH> sftp://sftphostname.fqdn:22!delegatehostname.fqdn:80!clienthostname.fqdn:40284!anonymous@clienthostname.fqdn;1209129194
> 04/25 15:13:14.44 [3036] 2+1: REQUEST = (no-cache)[sftp://sftphostname.fqdn:22/] PROPFIND / HTTP/1.1^M
> 04/25 15:13:14.44 [3036] 2+1: Authorization: Dont-Read/Write-Cache ON
> 04/25 15:13:14.44 [3036] 2+1: XHost: (0,0,1) sftphostname.fqdn <= delegatehostname.fqdn
> 04/25 15:13:14.44 [3036] 2+1: FTP/HTTP: PROPFIND ftp://sftphostname.fqdn:22/ HTTP/1.1
> 04/25 15:13:14.44 [3036] 2+1: ## openHttpResponseFilter: clnt=1 will=0 chunk=1
> 04/25 15:13:14.44 [3037] 2+1: -- Fork(openFilter): 3036 -> 3037
> 04/25 15:13:14.45 [3036] 2+1: authorization user[validuser] pass[********]
> 04/25 15:13:14.45 [3036] 2+1: [18] serverCC connect failed 127.0.0.1:59671 [0.00s] errno=111
> 04/25 15:13:14.45 [3036] 2+1: serverCC: salvaged [/var/lib/nobody/delegate/act/servers/cc/sftp-validuser-sftphostname.fqdn-22-0] 59671 2916
> 
> 04/25 15:13:14.45 [3036] 2+1: ---- CC connect got -1
> 04/25 15:13:14.45 [3038] 2+1: -- Fork(SftpGW): 3036 -> 3038
> 04/25 15:13:14.45 [3036] 2+1: FTP/HTTP: server opened [18]
> 04/25 15:13:14.84 [3036] 2+1: FTP-CACHE: RETR [] = [][]:0
> 04/25 15:13:14.84 [3038] 2+1: server_open(SftpGW,*:0,listen=1)
> 04/25 15:13:14.84 [3038] 2+1: server_open(SftpGW,*:0) BOUND
> 04/25 15:13:14.84 [3036] 2+1: ftp_conndata: connected 127.0.0.1:55084->localhost/0.0.0.0:37879 [11](0.0)
> 04/25 15:13:15.13 [3037] 2+1: ClosedOnTimeout(1): time=1209129195/1209129224 ppid=3036/2936 pid=3037/3036
> 04/25 15:13:15.13 [3037] 2+1: #HT11 SERVER ver[HTTP/1.1] conn[close]
> 04/25 15:13:15.13 [3037] 2+1: HTTP/1.1 200 Content-{Type:text/html Encoding:[/] Leng:0} Server:ETL-DeleGate/9.8.1 (as a FTP/HTTP gateway)
> 04/25 15:13:15.13 [3036] 2+1: FTP/HTTP DONE: GOT 3923 / 0 bytes
> 04/25 15:13:15.13 [3038] 2+1: server_open(serverCC,127.0.0.1:0,listen=1)
> 04/25 15:13:15.13 [3038] 2+1: server_open: 127.0.0.1:0
> 04/25 15:13:15.13 [3038] 2+1: server_open(serverCC,127.0.0.1:0) BOUND
> 04/25 15:13:15.13 [3038] 2+1: serverCC: wrote [/var/lib/nobody/delegate/act/servers/cc/sftp-validuser-sftphostname.fqdn-22-0] 36761 3038
> 04/25 15:13:15.13 [3038] 2+1: ---- CC accept got mysock=18
> 04/25 15:13:15.13 [3038] 2+1: ---- CC watching acc[18]con[8]pid[2936]
> 04/25 15:13:15.14 [3037] 2+1: ####Gzip [0.000764] - 3600 => 783 [16=>8]
> 04/25 15:13:15.14 [3037] 2+1: putMIMEmsg: Content-Length: 0 -> 783 (1022 - 239) [x-gzip]
> 04/25 15:13:15.14 [3037] 2+1: #CEcl put Content-Encoding:x-gzip
> 04/25 15:13:15.14 [3037] 2+1: HTTP transmitted: 202head+4317/0body=>0txt+0bin->783/783, 11i/2o/0f/0.7 ---z-
> 04/25 15:13:15.14 [3036] 2+1/1: HCKA:[1] closed -- g:gateway for: sftp
> 04/25 15:13:15.14 [3036] 2+1/1: WaitShutdown 1/0 xpid=0 errno=0/10 1 0 0 0.000
> 04/25 15:13:15.15 [3036] 2+1/1: WaitShutdown 1/0 xpid=0 errno=0/10 1 0 0 0.017
> 04/25 15:13:15.17 [3036] 2+1/1: WaitShutdown 1/0 xpid=0 errno=0/10 1 0 0 0.033
> 04/25 15:13:15.19 [3036] 2+1/1: WaitShutdown 1/0 xpid=0 errno=0/10 1 0 0 0.049
> 04/25 15:13:15.20 [3036] 2+1/1: WaitShutdown 1/0 xpid=0 errno=0/10 1 0 0 0.065
> 04/25 15:13:15.22 [3036] 2+1/1: WaitShutdown 1/0 xpid=0 errno=0/10 1 0 0 0.081
> 04/25 15:13:15.23 [3036] 2+1/1: WaitShutdown 1/0 xpid=0 errno=0/10 1 0 0 0.097
> 04/25 15:13:15.25 [3036] 2+1/1: WaitShutdown 1/0 xpid=0 errno=0/10 1 0 0 0.113
> 04/25 15:13:15.27 [3036] 2+1/1: WaitShutdown 1/0 xpid=0 errno=0/10 1 0 0 0.129
> 04/25 15:13:15.28 [3036] 2+1/1: WaitShutdown 1/0 xpid=0 errno=0/10 1 0 0 0.145
> 04/25 15:13:15.30 [3036] 2+1/1: disconnected [33] -@[clienthost.ip]clienthostname.fqdn:40284 (0.882s)(0)
> clienthostname.fqdn - validuser [25/Apr/2008:15:13:15 +0100] "PROPFIND sftp://sftphostname.fqdn/ HTTP/1.1" 200 3923 0*0.000+0.693:W:0g
> 04/25 15:13:15.30 [3036] 2+1: StickyServer done [nonStickyProtocol(http:sftp:sftp)] 1 req / 1+0/2 conn / 1 sec

==================================================================

Any advise, is appciated.

For direct email contact, please remove no- and -spam from the 
from/reply-to address.

If this, in some other way, was supposed to reach the maillinglist 
delegate-en, I'am sorry - I tried, but had no luck.

Best regards,

Martin OEsterlund,
System Administrator.

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V