iPXE discussion forum / iPXE user forums / General v / chain with "$macros" does not work anymore

Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
chain with "$macros" does not work anymore
2014-09-02, 14:09
Post: #3
mvogt1 Offline
iPXE User
**
 		Posts: 2
Joined: 2014-Aug
Reputation: 0
RE: chain with "$macros" does not work anymore
Hello,

I have modified the script:

Code:
#!gpxe
login
shell
chain http://${username:uristring}:${password:uristring}@server.com/menu.c32 menu.php

In the shell

Code:
echo "${username}"
martin
echo "${password}"
test123

then I entered the "chain" command on the commandline. This is what I get from tcpdump


Code:
$.-.GET /netboot/public/menu.c32 HTTP/1.1
User-Agent: iPXE/1.0.0+ (64dc)
Host: server.com

HTTP/1.1 200 OK
Date: Tue, 02 Sep 2014 11:30:39 GMT
Server: Apache/2.2.10 (Linux/SUSE)
Last-Modified: Mon, 08 Jun 2009 11:56:03 GMT
ETag: "f5e319-dfb4-46bd4ed297ac0"
Accept-Ranges: bytes
Content-Length: 57268
Content-Type: text/plain

And afterwards the generated pxelinux menu is the one for "not authorized" case.Sad

After reading through the source I have added a "private/forbidden" section on the server
with htpasswd/htaccess.

The url now is:

Code:
chain http://${username:uristring}:${password:uristring}@server.com/private/a.txt

and a.txt contains a sample pxelinux menu.
The captured tcpdump now contains:

Code:
GET /netboot/private/a.txt HTTP/1.1
User-Agent: iPXE/1.0.0+ (64dc)
Host: server.com

HTTP/1.1 401 Authorization Required
Date: Tue, 02 Sep 2014 11:41:15 GMT
Server: Apache/2.2.10 (Linux/SUSE)
WWW-Authenticate: Basic realm="Restricted Files"
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
Content-Language: en

User-Agent: iPXE/1.0.0+ (64dc)
Host: server.com
Authorization: Basic c2xnOnRlc3QxMjM

So here the Basic authorisation works, the a.txt files is delivered,
after the first GET command fails with "401".

As a result I would say:

The old gpxe code always send the Basic Auth, reagardless if the
server "needs" is or not.
The new ipxe code needs a 401, before it adds the authorisation.

I now have modified the php script and added a

Code:
if (! authenticated() ) {
     header ("HTTP/1.1 401 Unauthorized",TRUE,401);
     exit(0);
}

But now it looks that the menu.c32 is active, because it does not
send the "Basic Auth" in a second attempt. There is no second
attempt at all.Sad

It looks that if I'm using COMBOOT and http://${username}:${password}/
ipxe must always send the Basic Auth.
Maybe this can be done as a config option?

For example in a script
Code:
force_http_auth 1

which then sets a global setting.
I think I must prepare a patch for this.

regards,

Martin
Find all posts by this user
Quote this message in a reply
Post Reply 


Messages In This Thread
RE: chain with "$macros" does not work anymore - mvogt1 - 2014-09-02 14:09



User(s) browsing this thread: 1 Guest(s)

Contact Us | iPXE home page | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication