On 4/2/19 7:15 PM, Ken Murchison wrote: > > On 4/2/19 1:02 PM, Jean-Christophe Delaye wrote: >> Hello, >> >> We're testing Cyrus3.0.9 in a murder configuration. >> It works fine for imap/imaps services. I can access mailboxes from >> differents frontend, and move mailboxes from on backend to another ! >> >> I'm now blocked with the calendar features in this configuration. >> It works fine in both read and write mode directly from the backend. >> >> http://backend.eurecom.fr/dav/calendars/user/xxxx/Default/ >> >> PUT >> /dav/calendars/user/xxxx/Default/8d6377bb-7c3f-4a55-a183-a05dae6fce0d.ics >> HTTP/1.1" (if-match="970dfe515581407e1f4eeaa887316530b3ef3020") => >> "HTTP/1.1 204 No Content" >> >> I've configured http/https also on the frontend to enable accessing >> calendars from there: >> >> http://frontend.eurecom.fr/dav/calendars/user/xxxx/Default/ >> >> It work perfectly in read only mode from the frontend, but if I try to >> do some changes, it does not complete with Forbidden message. >> >> "PUT >> /dav/calendars/user/xxxx/Default/8d6377bb-7c3f-4a55-a183-a05dae6fce0d.ics >> HTTP/1.1" (if-match="970dfe515581407e1f4eeaa887316530b3ef3020") => >> "HTTP/1.1 403 Forbidden" > Thanks for your reply. I've activated telemetry and debug mode on both frontend and backend. My feeling is that the frontend do not forward to selected backend when operate in WRITE mode [:method: PUT] (can't see authentication request on the backend nor network activity between them while monitored with snoop). But it works fine when just accessing and browsing the calendar without modification [:method: PROPFIND] or even delete events [:method: DELETE] http log for user xxxx on backend: <1554373427<REPORT /dav/calendars/user/xxxx/Default/ HTTP/1.1 Host: backend.eurecom.fr Via: 2 frontend.eurecom.fr (Cyrus/3.0.9) Forwarded: proto=https;host=backend.eurecom.fr;for=172.17.20.150;for=192.168.106.207 I've attached the complete http sequence on the frontend before and after the 403 response. Thank you. > > Is there any body in the 403 response with more information? You might > have to enable telemetry on the backend. > > Is the frontend proxy authenticating as the owner of the calendar? > Check the cyrus log on the backend. > > >> I've compiled backend and frontend with the same options >> >> Server: Cyrus-HTTP/3.0.9 Cyrus-SASL/2.1.26 OpenSSL/1.0.0 Nghttp2/1.35.0 >> Zlib/1.2.11 LibXML2.9.5 SQLite/3.24.0 LibiCal/3.0 ICU4C/59.1 Jansson/2.10 >> WWW-Authenticate: Basic realm="frontend.eurecom.fr" >> DAV: 1, 2, 3, access-control, extended-mkcol, resource-sharing >> DAV: calendar-access, calendar-auto-schedule >> DAV: calendar-query-extended, calendar-availability, >> calendar-managed-attachments >> DAV: calendarserver-sharing, inbox-availability >> DAV: addressbook >> Allow: OPTIONS, GET, HEAD, POST, PUT, PATCH, DELETE, TRACE >> Allow: PROPFIND, REPORT, COPY, MOVE, PROPPATCH, MKCOL, LOCK, UNLOCK, ACL >> Allow: MKCALENDAR >> Content-Length: 0 >> >> The question is: >> Is there specific configuration parameters to enable proxy http/https in >> murder configuration ? I can't find usefull informations in the >> documentation. I've seen the Interactive HTTP test program httptest, but >> can't find parameters to simulate calendar clients. >> >> Thank you >> >> ---- >> Cyrus Home Page: http://www.cyrusimap.org/ >> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >> To Unsubscribe: >> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > > > ---- > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus >
cyrus/https[1651]: [ID 560950 local3.debug] tls_client_ca_dir=(NULL) tls_client_ca_file=/global/cyrus/etc/ssl/DigiCertCA.crt cyrus/https[1651]: [ID 810032 local3.debug] tls_server_cert=/global/cyrus/etc/ssl/imap_eurecom_fr.crt tls_server_key=/global/cyrus/etc/ssl/imap.eurecom.fr.key cyrus/https[1651]: [ID 817102 local3.notice] inittls: Loading hard-coded DH parameters cyrus/https[1651]: [ID 495959 local3.debug] Set client CA list: Client cert requested, not required cyrus/https[1651]: [ID 704172 local3.debug] TLS Server Name Indication (SNI) Extension: "imap.eurecom.fr" cyrus/https[1651]: [ID 574029 local3.debug] SSL_accept() incomplete -> wait cyrus/https[1651]: [ID 867439 local3.debug] SSL_accept() succeeded -> done cyrus/https[1651]: [ID 702911 local3.notice] starttls: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits new) no authentication; application protocol = h2 cyrus/https[1651]: [ID 652924 local3.debug] http2_send_cb(15): 0 cyrus/https[1651]: [ID 739106 local3.debug] ret: 0, eof: 0, want read: 1 cyrus/https[1651]: [ID 545980 local3.debug] http2_recv_cb(16384): n = 148, eof = 0, err = '', errno = 0 cyrus/https[1651]: [ID 545980 local3.debug] http2_recv_cb(16384): n = 430, eof = 0, err = '', errno = 0 cyrus/https[1651]: [ID 611534 local3.debug] http2_begin_headers_cb(id=15, type=1) cyrus/https[1651]: [ID 235260 local3.debug] http2_header_cb(:method: PUT) cyrus/https[1651]: [ID 235260 local3.debug] http2_header_cb(:path: /dav/calendars/user/xxxx/Default/040000008200E00074C5B7101A82E008000000006007B06BAC90D40100000000000000001000000007FC4F557397EF40A2F49271F210CC15.ics) cyrus/https[1651]: [ID 235260 local3.debug] http2_header_cb(:authority: imap.eurecom.fr) cyrus/https[1651]: [ID 235260 local3.debug] http2_header_cb(:scheme: https) cyrus/https[1651]: [ID 235260 local3.debug] http2_header_cb(user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 Lightning/6.2.5) cyrus/https[1651]: [ID 235260 local3.debug] http2_header_cb(accept: text/xml) cyrus/https[1651]: [ID 235260 local3.debug] http2_header_cb(accept-language: en-GB,en;q=0.5) cyrus/https[1651]: [ID 235260 local3.debug] http2_header_cb(accept-encoding: gzip, deflate, br) cyrus/https[1651]: [ID 235260 local3.debug] http2_header_cb(accept-charset: utf-8,*;q=0.1) cyrus/https[1651]: [ID 235260 local3.debug] http2_header_cb(content-length: 9332) cyrus/https[1651]: [ID 235260 local3.debug] http2_header_cb(content-type: text/calendar; charset=utf-8) cyrus/https[1651]: [ID 235260 local3.debug] http2_header_cb(if-match: "50ab3d1a71c68976f2738e4c7a8276f8d41d4468") cyrus/https[1651]: [ID 235260 local3.debug] http2_header_cb(cookie: SESS2f0096f341f49daa238064955414f109=k69uvq1krqi679tguccttm2qs0) cyrus/https[1651]: [ID 235260 local3.debug] http2_header_cb(authorization: Basic c3RhbmRhcmQ6SGVyc2VsLg==) cyrus/https[1651]: [ID 235260 local3.debug] http2_header_cb(pragma: no-cache) cyrus/https[1651]: [ID 235260 local3.debug] http2_header_cb(cache-control: no-cache) cyrus/https[1651]: [ID 572367 local3.debug] http2_frame_recv_cb(id=15, type=1, flags=0x24 cyrus/https[1651]: [ID 364641 local3.debug] conn flags: 0 upgrade flags: 0 tls req: 0 cyrus/https[1651]: [ID 909740 local3.debug] http_auth: status=0 scheme='' creds='Basic <response>' cyrus/https[1651]: [ID 796571 local3.debug] http_auth: find client scheme cyrus/https[1651]: [ID 113398 local3.debug] http_auth: found matching scheme: Basic cyrus/https[1651]: [ID 564409 local3.notice] login: anjou.eurecom.fr [172.17.20.150] xxxx Basic+TLS User logged in SESSIONID=<cyrus-1651-1554383568-1-6250751509654826835> cyrus/https[1651]: [ID 572367 local3.debug] http2_frame_recv_cb(id=15, type=8, flags=0 cyrus/https[1651]: [ID 545980 local3.debug] http2_recv_cb(16384): n = 4096, eof = 0, err = '', errno = 0 cyrus/https[1651]: [ID 809992 local3.debug] http2_data_chunk_recv_cb(id=15, len=4087, txnflags=0) cyrus/https[1651]: [ID 545980 local3.debug] http2_recv_cb(16384): n = 4096, eof = 0, err = '', errno = 0 cyrus/https[1651]: [ID 809992 local3.debug] http2_data_chunk_recv_cb(id=15, len=4096, txnflags=0) cyrus/https[1651]: [ID 545980 local3.debug] http2_recv_cb(16384): n = 1149, eof = 0, err = '', errno = 0 cyrus/https[1651]: [ID 809992 local3.debug] http2_data_chunk_recv_cb(id=15, len=1149, txnflags=0) cyrus/https[1651]: [ID 572367 local3.debug] http2_frame_recv_cb(id=15, type=0, flags=0x1 cyrus/https[1651]: [ID 133476 local3.debug] write_body(code = -1964266992, flags.te = 0, len = 0) cyrus/https[1651]: [ID 204120 local3.debug] simple_hdr(:status: 403) cyrus/https[1651]: [ID 204120 local3.debug] simple_hdr(Date: Thu, 04 Apr 2019 13:12:49 GMT) cyrus/https[1651]: [ID 204120 local3.debug] simple_hdr(Strict-Transport-Security: max-age=600) cyrus/https[1651]: [ID 204120 local3.debug] simple_hdr(Cache-Control: no-cache) cyrus/https[1651]: [ID 204120 local3.debug] simple_hdr(Content-Length: 0) cyrus/https[1651]: [ID 518894 local3.debug] end_resp_headers(code = -1964266992, len = 0, flags.te = 0) cyrus/https[1651]: [ID 829378 local3.debug] nghttp2_submit headers(id=15, flags=0x1) cyrus/https[1651]: [ID 702911 local3.info] anjou.eurecom.fr [172.17.20.150] as "xxxx" with "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 Lightning/6.2.5"; "PUT /dav/calendars/user/xxxx/Default/040000008200E00074C5B7101A82E008000000006007B06BAC90D40100000000000000001000000007FC4F557397EF40A2F49271F210CC15.ics HTTP/2" (if-match="50ab3d1a71c68976f2738e4c7a8276f8d41d4468") => "HTTP/2 403 Forbidden" cyrus/https[1651]: [ID 334236 local3.debug] nghttp2_submit_data(id=15, len=0, outlen=0, flags=0x1) cyrus/https[1651]: [ID 652924 local3.debug] http2_send_cb(9): 0 cyrus/https[1651]: [ID 652924 local3.debug] http2_send_cb(63): 0 cyrus/https[1651]: [ID 640762 local3.debug] http2_stream_close_cb(id=15) cyrus/https[1651]: [ID 545980 local3.debug] http2_recv_cb(16384): n = 9, eof = 0, err = '', errno = 0 cyrus/https[1651]: [ID 545980 local3.debug] http2_recv_cb(16384): n = -504, eof = 0, err = '', errno = 11
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus