[pve-devel] API: Problem with special characters in cookie ticket

Dietmar Maurer dietmar at proxmox.com
Fri Dec 30 09:47:14 CET 2011


Please an you open a bug at:

bugzilla.proxmox.com

- Dietmar

> -----Original Message-----
> From: pve-devel-bounces at pve.proxmox.com [mailto:pve-devel-
> bounces at pve.proxmox.com] On Behalf Of Floris Bos / Maxnet
> Sent: Montag, 26. Dezember 2011 15:13
> To: pve-devel at pve.proxmox.com
> Subject: [pve-devel] API: Problem with special characters in cookie ticket
> 
> Hi,
> 
> We noticed a problem when using the Zend_HTTP_Client class that comes with
> the Zend PHP framework to access the Proxmox 2 API.
> It seems Zend automatically urlencodes any cookie you set with
> ->setCookie(), and Proxmox does not accept that
> 
> ==
> GET /api2/json/nodes HTTP/1.1
> Host: 1.2.3.4:8006
> User-Agent: Zend_Http_Client
> Cookie:
> PVEAuthCookie=PVE%3Aroot%40pam%3A4EF87A2F%3A%3ASSccO4dTWRlF8Mt
> MGdPhUGjO16PoQ1XrN6Ywp0Q5j7t%2BXrKmLGXns0OcV98r%2FcAkF%2BdXMbl
> r%2FktZVmE3Y1LNAtvSs2VCV%2BOxA6HZ7JTmohvVLaGiBNYeGRvukUMzEHSG7
> LALD4L3IdCyWLVN%2B11BhWRCG44wIW%2B6kgOjcAD4tNTrGlb9ykpcVYu0Qn
> %2FwnstmIKEPkxMCcTXsMpnJnM9UIGFOzfUCRfXq5SrQ1xWAUG2ESnYXatwh7c
> nLuAwgpfhVvEMeM5Hd6ZW%2Frjw%2F8Kv4g0Z1QKbw1yiw1trsMKoisYHbltKqt6
> OBFx%2Fv%2FkGDYpXBpAAS6Q2zaSevB9JqqgtkfA%3D%3D;
> 
> HTTP/1.1 401 permission denied - invalid ticket
> ==
> 
> 
> Not sure if it is only Zend that does that, or if there might be other
> HTTP clients that do the same.
> But perhaps Proxmox could either avoid special characters in the ticket,
> or test if the value starts with "PVE%3A" and urldecode the cookie if
> that is the case, to avoid any interoperability issues?
> 
> --
> Yours sincerely,
> 
> Floris Bos
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel




More information about the pve-devel mailing list