The Wandering Shop

6 posts4 participants0 posts today

Felix Palmen :freebsd: :c64:I would claim that I'm *very* experienced with <a href="https://mastodon.bsd.cafe/tags/programming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#programming</a> in <a href="https://mastodon.bsd.cafe/tags/C" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#C</a>. But still, C gets annoyingly weird when it comes to <a href="https://mastodon.bsd.cafe/tags/pointers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pointers</a> *to* <a href="https://mastodon.bsd.cafe/tags/arrays" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#arrays</a>.Does the following code look sober to you? 🤔 (My compiler doesn't complain)Especially interested in the highlighted line, but also the block above trying to expand the array ...Context: I started work on a generic/configurable rate-limiter to add to <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#swad</a>.

Felix Palmen :freebsd: :c64:Earlier today, I added a "ProxyList" component to <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#swad</a> to get a list of proxies and, ideally, the "real" remote address for requests. It supports the custom (de-facto standard) X-Forwarded-For <a href="https://mastodon.bsd.cafe/tags/header" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#header</a> as well as the <a href="https://mastodon.bsd.cafe/tags/Forwarded" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Forwarded</a> header specified in <a href="https://mastodon.bsd.cafe/tags/RFC7239" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RFC7239</a>.Well, I just learned I'll have to revisit this implementation with these horrible issues with the standardized(!) flavor in mind:<a href="https://adam-p.ca/blog/2022/03/forwarded-header-sabotage/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://adam-p.ca/blog/2022/03/forwarded-header-sabotage/</a>

Felix Palmen :freebsd: :c64:I just added <a href="https://mastodon.bsd.cafe/tags/NAT64" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NAT64</a> support to <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#swad</a>. Really helps with readability of my logs here ... 😎 <a href="https://github.com/Zirias/swad/commit/730923ad55f4ff43f434bc1d885ad12b0d2860ee" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/Zirias/swad/commit/730923ad55f4ff43f434bc1d885ad12b0d2860ee</a>

Felix Palmen :freebsd: :c64:Also announced it on <a href="https://mastodon.bsd.cafe/tags/HackerNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HackerNews</a> now. Go there to read the background story how <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#swad</a> came to be 😆: <a href="https://news.ycombinator.com/item?id=43595388" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://news.ycombinator.com/item?id=43595388</a>

Felix Palmen :freebsd: :c64:Released: <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#swad</a> v0.1 🥳 Looking for a simple way to add <a href="https://mastodon.bsd.cafe/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a> to your <a href="https://mastodon.bsd.cafe/tags/nginx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nginx</a> reverse proxy? Then swad *could* be for you!swad is the "Simple Web Authentication Daemon", written in pure <a href="https://mastodon.bsd.cafe/tags/C" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#C</a> (+ <a href="https://mastodon.bsd.cafe/tags/POSIX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#POSIX</a>) with almost no external dependencies. <a href="https://mastodon.bsd.cafe/tags/TLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TLS</a> support requires <a href="https://mastodon.bsd.cafe/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSSL</a> (or <a href="https://mastodon.bsd.cafe/tags/LibreSSL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LibreSSL</a>). It's designed to work with nginx' "auth_request" module and offers authentication using a <a href="https://mastodon.bsd.cafe/tags/cookie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cookie</a> and a login form.Well, this is a first release and you can tell by the version number it isn't "complete" yet. Most notably, only one single credentials checker is implemented: <a href="https://mastodon.bsd.cafe/tags/PAM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PAM</a>. But as pam already allows pretty flexible configuration, I already consider this pretty useful 🙈If you want to know more, read here: <a href="https://github.com/Zirias/swad" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/Zirias/swad</a>

Felix Palmen :freebsd: :c64:DId lots of smaller improvements to <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#swad</a> ... but first, I had to hunt down a crash 🤯. Finally found it was caused by my <a href="https://mastodon.bsd.cafe/tags/poser" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#poser</a> lib (to be fixed later): A connection there can resolve the hostname of a remote end and does so in a thread job to avoid blocking. If the connection dies meanwhile, the job is canceled. Seems my canceling mechanism relying on a signal to the thread is, well, not reliable (the signal can arrive delayed). Ok, for now just disabled name resolution to sidestep that.Now, integration with <a href="https://mastodon.bsd.cafe/tags/nginx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nginx</a> is much better. I intrdoduced (optional) custom headers to transport the authentication realm and the redirect URI, plus state management in the session, so these can be passed to the "auth" endpoint. This requires to make sure nginx always passes the session <a href="https://mastodon.bsd.cafe/tags/cookie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cookie</a>, Unfortunately, I still need a "hacky" redirect configuration for login in nginx. If auth_request could just pass the response body, this would be unnecessary .... 🙄 The nginx configuration shows <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#swad</a> running on "files" and another nginx running on "wwwint" serving <a href="https://mastodon.bsd.cafe/tags/poudriere" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#poudriere</a> output there. This nginx instance helpfully adds cache hints, which I have to override, so a redirect works as expected when for example the swad session times out.<a href="https://mastodon.bsd.cafe/tags/C" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#C</a> <a href="https://mastodon.bsd.cafe/tags/coding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#coding</a>

Felix Palmen :freebsd: :c64:First "production test" successful 💪 ... after band-aid "deployment" (IOW, scp binaries to the prod jail).<a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#swad</a> integrates with <a href="https://mastodon.bsd.cafe/tags/nginx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nginx</a> exactly as I planned it. And <a href="https://mastodon.bsd.cafe/tags/PAM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PAM</a> authentication using a child process running as root also just works (while the main process dropped privileges). 🥳 So, I guess I can say goodbye to <a href="https://mastodon.bsd.cafe/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AI</a> <a href="https://mastodon.bsd.cafe/tags/bots" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bots</a> hammering my poor DSL connection just to download poudriere build logs.Still a lot to do for <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#swad</a>: Make it nicer. So many ideas. Best start would probably be to implement more credentials checking modules besides PAM.<a href="https://mastodon.bsd.cafe/tags/C" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#C</a> <a href="https://mastodon.bsd.cafe/tags/coding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#coding</a>

Recent searches

Search options

Administered by:

Server stats:

#swad