[Yum] HTTP basic auth patch (was Re: Basic auth fails in 1.97, works in previous versions)

Joe Cooper joe at swelltech.com
Tue May 20 05:49:46 UTC 2003


seth vidal wrote:
>>Hi Seth,
>>
>>Thanks for your quick reply.  I'm going to tackle it myself, since I 
>>have to have it in order to roll out Red Hat 9 to clients.
> 
> 
> gotcha.
>
> internally I think urlgrab should look to see if it is http, ftp or file
> urls
> 
> if http - build up the basicauthhandler
> if ftp put them inline ftp://user:pass@foo.com/path/bar/
> if file ignore them and maybe even complain that the user is a moron.
> 
> 
> Then that should be able to deal with it nicely and not require dragging
> a lot of data around.
> 
> Joe - you might be wise to smack Jack Neely in the head and see if you
> two can merge your patch for this into his failover patches. It would
> make my life easier b/c y'all are working on more or less the same
> section(s) of code.

Hi Seth and all,

I've attached a patch that adds HTTP basic auth to yum 1.97 using the 
urllib2 HTTPBasicAuthHandler.  It adds three new configuration file 
directives (user, password, and realm).  All three appear to be required 
for the urllib2 auth support to work (I would so love to kill the realm 
directive but I can find no documentation that explains how to get by 
without it, and a couple of hours of testing and searching resulted only 
in frustration--if anyone has a clue on this point, I'd be very happy to 
hear it).

I haven't added in the FTP support yet, but it is harmless to all of the 
other schemes (file and ftp), as far as I know.

I've tested all of the yum commands against a server that does require 
and a server that does not require authentication and they all work, but 
I'm sure it is still buggy.

One comment, which is probably more of a statement of my Python 
ignorance than a useful criticism:  The keepalive bit at the top of 
urlgrabber forces some extra extraneous checks into the auth code, 
because it doesn't guarantee that an opener comes into existence.  This 
seems like it could lead to bugs.  If the way the keepalive setup works 
changes, auth setup breaks...I'm probably in the wrong on this, but I 
couldn't figure out a way to check for the existence of the opener 
object (and believe me I tried).  I guess another try/except, of some 
sort, might be the solution to this.

I'm just posting for comments, as I plan to add FTP support before I 
start campaigning for Seth to add this to the real yum.  But I welcome 
any criticisms, as long as you've got a better way and tell me what it 
is.  ;-)
-- 
Joe Cooper <joe at swelltech.com>
Web caching appliances and support.
http://www.swelltech.com
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: yum-1.97-auth.patch
Url: http://lists.baseurl.org/pipermail/yum/attachments/20030520/14b530b1/attachment-0001.diff 


More information about the Yum mailing list