Tcl Web Service with Authorization kills Tcl

Hi!

I am trying to use web services with authorization using wsdl on
tclhttpd 3.5.1, ActiveTcl8.4.18, WS::Server/Utils/Client 1.0.8. tls
1.50, tdom 0.8.2, SuSE Linux 10.0.

Are there any known issues using WSDL and authorization?

Server side is exactly the example in
http://members.cox.net/~gerald.lest...le.ht
ml

As client side is using authorization http headers are appended to
client commands. Reading the definitions of the offered services is fine.

::WS::Client::GetAndParseWsdl\
http://localhost:8015/service/wsExamples/wsdl\
{"Authorization" "Basic ZmlzOnNVc2VANi40"}

but executing

set results [::WS::Client::DoCall wsExamples SimpleEcho {TestString
{This is a test}} {"Authorization" "Basic ZmlzOnNVc2VANi40"}}

returns

Unexpected EOF received from Server

and the tclhttpd process aborts.

/home/sg/bin/sgw: line 4:  7550 Segmentation fault
${TCLSH:-"tclsh8.4"} /opt/tclhttpd3.5.1/bin/httpd.tcl -debug 1

TIA

Stefan

Stefan Finzel wrote:
> Hi!
>
> I am trying to use web services with authorization using wsdl on
> tclhttpd 3.5.1, ActiveTcl8.4.18, WS::Server/Utils/Client 1.0.8. tls
> 1.50, tdom 0.8.2, SuSE Linux 10.0.
>
> Are there any known issues using WSDL and authorization?

None that I know of.

I'll not have a chance to look at this for a while.  I suggest that you
attempt to debug/fix it on your own and file a bug report (with patch)
against the appropriate software.

>
> Server side is exactly the example in
> http://members.cox.net/~gerald.lest...le.
html
>
>
> As client side is using authorization http headers are appended to
> client commands. Reading the definitions of the offered services is fine.
>
>   ::WS::Client::GetAndParseWsdl\
>     http://localhost:8015/service/wsExamples/wsdl\
>    {"Authorization" "Basic ZmlzOnNVc2VANi40"}
>
> but executing
>
>   set results [::WS::Client::DoCall wsExamples SimpleEcho {TestString
> {This is a test}} {"Authorization" "Basic ZmlzOnNVc2VANi40"}}
>
> returns
>
> Unexpected EOF received from Server
>
> and the tclhttpd process aborts.
>
> /home/sg/bin/sgw: line 4:  7550 Segmentation fault ${TCLSH:-"tclsh8.4"}
> /opt/tclhttpd3.5.1/bin/httpd.tcl -debug 1
>
> TIA
>
> Stefan
>


--
+--------------------------------+---------------------------------------+
| Gerald W. Lester                                                       |
|"The man who fights for his ideals is the man who is alive." - Cervantes|
+------------------------------------------------------------------------+

On Mar 25, 7:52 am, Stefan Finzel <Stefan.G.R.Fin...@T-Online.de>
wrote:
> Hi!
>
> I am trying to use web services with authorization using wsdl on
> tclhttpd 3.5.1, ActiveTcl8.4.18, WS::Server/Utils/Client 1.0.8. tls
> 1.50, tdom 0.8.2, SuSE Linux 10.0.
>
> Are there any known issues using WSDL and authorization?
>
> Server side is exactly the example inhttp://members.cox.net/~gerald.lester
/WebServices/Tcl%20Web%20Service...
>
> As client side is using authorization http headers are appended to
> client commands. Reading the definitions of the offered services is fine.
>
>    ::WS::Client::GetAndParseWsdl\
>      http://localhost:8015/service/wsExamples/wsdl\
>     {"Authorization" "Basic ZmlzOnNVc2VANi40"}
>
> but executing
>
>    set results [::WS::Client::DoCall wsExamples SimpleEcho {TestString
> {This is a test}} {"Authorization" "Basic ZmlzOnNVc2VANi40"}}
>
> returns
>
> Unexpected EOF received from Server
>
> and the tclhttpd process aborts.
>
> /home/sg/bin/sgw: line 4:  7550 Segmentation fault
> ${TCLSH:-"tclsh8.4"} /opt/tclhttpd3.5.1/bin/httpd.tcl -debug 1


Whoa, a client request causes the server to seg fault? Not good.

My opinion is that tclhttpd is a disaster, and it is too bad that the
WS package relies on it. But this is a side issue. One thing that I
have noticed is that the WS package relies heavily on tDOM. This is a
C 'extension'. It is possible that something which doesn't exist is
referenced, or something is deleted twice. Chances are it has nothing
to do with the authorization, but who knows. Why use basic auth? First
see if it works without. Simplify the situation by removing basic
auth.

Stefan Finzel wrote:

<snip>

>
> As client side is using authorization http headers are appended to
> client commands. Reading the definitions of the offered services is fine.
>

<snip>

>
> and the tclhttpd process aborts.
>
> /home/sg/bin/sgw: line 4:  7550 Segmentation fault ${TCLSH:-"tclsh8.4"}
> /opt/tclhttpd3.5.1/bin/httpd.tcl -debug 1
>

I managed to make a tclhttpd process segfault by passing malformed
headers in the client request. In that particular case, tclhttpd didn't
handle the headers appropriately, but of course that's not an excuse for
segfaulting.

I reported that issue to c.l.t. on 4-Feb-2008 with a back trace
provided. You might want to see whether the back traces are similar.

Greetings,

Erik
--
leunissen@       nl | Merge the left part of these two lines into one,
e.          hccnet.   | respecting a character's position in a line.

tom.rmadilo wrote:

>
> Whoa, a client request causes the server to seg fault? Not good.
>
> My opinion is that tclhttpd is a disaster,

However, it can't be blamed for the segfault since tclhttpd itself is
Tcl only.


and it is too bad that the
> WS package relies on it. But this is a side issue. One thing that I
> have noticed is that the WS package relies heavily on tDOM. This is a
> C 'extension'. It is possible that something which doesn't exist is
> referenced, or something is deleted twice. Chances are it has nothing
> to do with the authorization, but who knows. Why use basic auth? First
> see if it works without. Simplify the situation by removing basic
> auth.
>


--
leunissen@       nl | Merge the left part of these two lines into one,
e.          hccnet.   | respecting a character's position in a line.

Just to create some more confusion:

The call for offered services also uses basic authorization and never
causes segmentation faults.

I also tested tcl8.4.17 on a 64 bit SuSE Linux 9.3 and there are no
segmentation faults.

But both tcl8.4.17/18 on a 32 bit SuSE Linux 10.0 crash tclhttpd.

My tclhttpd and applications have been running with authorization on
several productive servers for more than 5 years without any problems on
SunOS and Linux both with 32 and 64 bit so far.

Maybe i am in trouble due to an operating system issue.



Stefan Finzel schrieb:
> Hi!
>
> I am trying to use web services with authorization using wsdl on
> tclhttpd 3.5.1, ActiveTcl8.4.18, WS::Server/Utils/Client 1.0.8. tls
> 1.50, tdom 0.8.2, SuSE Linux 10.0.
>
> Are there any known issues using WSDL and authorization?
>
> Server side is exactly the example in
> http://members.cox.net/~gerald.lest...le.
html
>
>
> As client side is using authorization http headers are appended to
> client commands. Reading the definitions of the offered services is fine.
>
>   ::WS::Client::GetAndParseWsdl\
>     http://localhost:8015/service/wsExamples/wsdl\
>    {"Authorization" "Basic ZmlzOnNVc2VANi40"}
>
> but executing
>
>   set results [::WS::Client::DoCall wsExamples SimpleEcho {TestString
> {This is a test}} {"Authorization" "Basic ZmlzOnNVc2VANi40"}}
>
> returns
>
> Unexpected EOF received from Server
>
> and the tclhttpd process aborts.
>
> /home/sg/bin/sgw: line 4:  7550 Segmentation fault ${TCLSH:-"tclsh8.4"}
> /opt/tclhttpd3.5.1/bin/httpd.tcl -debug 1
>
> TIA
>
> Stefan
>

tom.rmadilo wrote:
> On Mar 25, 7:52 am, Stefan Finzel <Stefan.G.R.Fin...@T-Online.de>
> wrote:
>...
> My opinion is that tclhttpd is a disaster, and it is too bad that the
> WS package relies on it.

Tom,

I plan to have it play standalone and with WUB when I get the time (I don't
make use of that much of tclhttpd), but if someone wants to take a crack at
it first, that would be great (drop me a short email about it since I have
some ideas).

I'd ***love*** if you would help to get it to working with AOLserver!

--
+--------------------------------+---------------------------------------+
| Gerald W. Lester                                                       |
|"The man who fights for his ideals is the man who is alive." - Cervantes|
+------------------------------------------------------------------------+

Stefan Finzel wrote:
> Hi!
>
> I am trying to use web services with authorization using wsdl on
> tclhttpd 3.5.1, ActiveTcl8.4.18, WS::Server/Utils/Client 1.0.8. tls
> 1.50, tdom 0.8.2, SuSE Linux 10.0.
...

The best thing to do would be to try and get a C-level stack trace using
a debugger. I'm not sure if ActiveTcl comes with a symbols-enabled build
though. Of the extensions you list, my prime suspect would be tls.
Generally speaking Tcl is very stable, so I'd be surprised if it was a
pure Tcl script causing the crash. tdom is also pretty stable in my
experience: I don't believe I've ever had it crash on me. Are you using
tls at all in this crash scenario (i.e. https)?

-- Neil

ActiveTcl, SuSE Linux Tcl and self compiled Tcl 8.4.x complain

syntax error in expression "$childName in $matchList": extra tokens at
end of expression

as the 'in' operator semes to be available for tcl 8.5 only. I thougth
it was already available in a late 8.4 version, but i am wrong.


Gerald W. Lester schrieb:
> Stefan Finzel wrote: 
>
> Stefan,
>
> Go immediately to tcl.sf.net and file a bug report with as much detail
> as possible.
>
> Also see if the following little program blows up on you:
>
> set matchList [list a b c d]
> set childNmae a
> if {$childName in $matchList} {
>     puts {It is in!}
> } else {
>     puts {It is not in!}
> }
>

Looks like a NULL pointer in tdom.
Is there a way to get some more information using gdb?

gdb /opt/ActiveTcl-8.4.18/bin/tclsh 5138

...
Program received signal SIGSEGV, Segmentation fault.
0x00000000 in ?? ()
(gdb) bt
#0  0x00000000 in ?? ()
#1  0xb78fa6a4 in XML_ParseBuffer () from
/opt/ActiveTcl-8.4.18/lib/Tclexpat2.6/libTclexpat2.6.so
#2  0xb78fa63d in XML_Parse () from
/opt/ActiveTcl-8.4.18/lib/Tclexpat2.6/libTclexpat2.6.so
#3  0xb7888bd6 in domReadDocument () from
/opt/ActiveTcl-8.4.18/lib/tdom0.8.2/libtdom0.8.2.so
#4  0xbfeaa61c in ?? ()
#5  0x00000000 in ?? ()

strace -p 5138

...
[b7f13410] gettimeofday({1206543058, 685861}, {4294967236, 0}) = 0
[b7f13410] time(NULL)                   = 1206543058
[b7f13410] brk(0x8558000)               = 0x8558000
[b7f13410] gettimeofday({1206543058, 752029}, {4294967236, 0}) = 0
[b7f13410] gettimeofday({1206543058, 752071}, {4294967236, 0}) = 0
[b7f13410] gettimeofday({1206543058, 752355}, {4294967236, 0}) = 0
[b7f13410] gettimeofday({1206543058, 752396}, {4294967236, 0}) = 0
[b7f13410] gettimeofday({1206543058, 752458}, {4294967236, 0}) = 0
[b7f13410] gettimeofday({1206543058, 752489}, {4294967236, 0}) = 0
[b7f13410] select(5, [0 3 4], [], [], {0, 0}) = 0 (Timeout)
[b7f13410] gettimeofday({1206543058, 752559}, {4294967236, 0}) = 0
[b7f13410] gettimeofday({1206543058, 752585}, {4294967236, 0}) = 0
[b7f13410] gettimeofday({1206543058, 752612}, {4294967236, 0}) = 0
[b7f13410] gettimeofday({1206543058, 752637}, {4294967236, 0}) = 0
[b7f13410] gettimeofday({1206543058, 752958}, {4294967236, 0}) = 0
[b7f13410] gettimeofday({1206543058, 752986}, {4294967236, 0}) = 0
[b7f13410] mmap2(NULL, 1925189632, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x44bcb000
[00000000] --- SIGSEGV (Segmentation fault) @ 0 (0) ---



Neil Madden schrieb:
> Stefan Finzel wrote: 
> ...
>
> The best thing to do would be to try and get a C-level stack trace using
> a debugger. I'm not sure if ActiveTcl comes with a symbols-enabled build
> though. Of the extensions you list, my prime suspect would be tls.
> Generally speaking Tcl is very stable, so I'd be surprised if it was a
> pure Tcl script causing the crash. tdom is also pretty stable in my
> experience: I don't believe I've ever had it crash on me. Are you using
> tls at all in this crash scenario (i.e. https)?
>
> -- Neil