I am testing my Radius server implementation but I'm not sure about the correct response code in the following cases:
1-Client Logging in without password
2-Client send bad request code
Do you have any idea?
According to RFC 2865 0-1 Instances of the User-Password are allowed in a given Access-Request, and one of either the User-Password, Chap-Password or State attributes must be present.
An Access-Request MUST contain either a User-Password or a
CHAP-Password or State. An Access-Request MUST NOT contain both a
User-Password and a CHAP-Password. If future extensions allow other
kinds of authentication information to be conveyed, the attribute for
that can be used in an Access-Request instead of User-Password or
CHAP-Password.
The RFC is silent on what should happen if none of these attributes are present, however.
If you wish to emulate popular RADIUS solutions (such as FreeRADIUS), you should return an Access-Reject in this instance.
This is dealt with in RFC 2865.
The Code field is one octet, and identifies the type of RADIUS
packet. When a packet is received with an invalid Code field, it
is silently discarded.
i.e. no response should be sent.
Related
I'm unable to implement request/reply pattern using rest protocol with solace.
I'm correctly receiving a request and I can see some headers like "solace-correlation-id" and "solace-message-id".
What I'm expecting is to return an http response with the body as message reply but I always get in my application:
org.apache.camel.ExchangeTimedOutException: The OUT message was not received within: 20000 millis due reply message with correlationID: xxxxx-1549904557890-0-26 not received on destination: #P2P/QTMP/v:cfdce68771f5/c9c4ba4a-a427-438a-9b7a-1f069608d13a.
Unfortunately the solace documentation only covers pub/sub pattern for rest but not the request/reply one.
There could be a few different things going on here.
Firstly try adding the log component between the "from" and "to" endpoints and again after the "to" endpoint as this will show you the headers of the reply, for example, using the Java DSL syntax:
from("{{fromSource}}" )
.to("log:all?level=INFO&showAll=true&multiline=true")
.to("{{toDest}}" )
.to("log:all?level=INFO&showAll=true&multiline=true")
;
I suspect the correlation id is not getting passed back. In my example I have a a NodeJS service so I set the following response header:
res.setHeader('solace-correlation-id', req.get('solace-correlation-id'));
With the additional logging, you should be able to see what is going wrong.
You are most likely missing the message ID or coorelation ID in your reply message.
https://docs.solace.com/RESTMessagingPrtl/Solace-REST-Message-Encoding.htm#2.2.6.1
When the Solace message broker receives a possible reply message routed to the HTTP client, it verifies that the reply message's message ID or correlation ID match those of the request message.
Specifically,
- the reply's message ID must match the request's message ID the
- reply's correlation ID must match the request's message ID, or the
- reply's correlation ID must match the request's correlation ID.
If any of those matches occur, the Solace message broker sends the reply message as an HTTP response to the HTTP client.
HTTP requires that there be exactly one HTTP response for each HTTP request, so each matching message ID or correlation ID can be used only in a single request-reply message exchange pattern.
If the reply message does not have a matching message ID or correlation ID as above, or if the reply message's matching message ID or correlation ID has already been consumed by an earlier reply message, the reply message is discarded.
I'm sending a POST request via Net as such:
http = Net::HTTP.new(mixpanel_endpoint.host, mixpanel_endpoint.port)
request = Net::HTTP::Post.new(mixpanel_endpoint.request_uri)
http.request(request)
The issue is that the request_uri is over the max limit. It's a BASE64 encoded string.
Does anybody know what to do about this?
<Net::HTTPRequestURITooLong 414 Request URI Too Long readbody=true>
Net::HTTPRequestURITooLong is a 414 HTTP code from the server, you will need to change the request to conform to what the endpoint allows.
10.4.15 414 Request-URI Too Long
The server is refusing to service the request because the Request-URI
is longer than the server is willing to interpret. This rare condition
is only likely to occur when a client has improperly converted a POST
request to a GET request with long query information, when the client
has descended into a URI "black hole" of redirection (e.g., a
redirected URI prefix that points to a suffix of itself), or when the
server is under attack by a client attempting to exploit security
holes present in some servers using fixed-length buffers for reading
or manipulating the Request-URI.
reference: https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
Are you adding the data directly to the URL?
Try splitting out the endpoint URL from the data. For example:
Net::HTTP::Post.new(request_endpoint, "whatever_param_value=#{base64_encoded_data}")
Is there any default media type when the query is not specified with any supported media types in RESTCONF ?
No. There is no standard default. This is server implementation dependent, so do not rely on it.
From draft-ietf-netconf-restconf-17, Section 5.3, Message Encoding:
The server MUST support the "Accept" header field and "406 Not
Acceptable" status-line, as defined in [RFC7231]. The response
output content encoding formats that the client will accept are
identified with the Accept header field in the request. If it is not
specified, the request input encoding format SHOULD be used, or the
server MAY choose any supported content encoding format.
If there was no request input, then the default output encoding is
XML or JSON, depending on server preference. File extensions encoded
in the request are not used to identify format encoding.
And from draft-ietf-netconf-restconf-17, Section 7.1, Error Response Message:
The client SHOULD specify the desired encoding(s) for response
messages by specifying the appropriate media-type(s) in the Accept
header. If the client did not specify an Accept header, then the
same structured syntax name suffix used in the request message SHOULD
be used, or the server MAY choose any supported message encoding
format. If there is no request message the server MUST select
"application/yang-data+xml" or "application/yang-data+json",
depending on server preference.
The final RFC stood by the draft, just as #predi said:
On Message Encoding, Section 5.2:
If there was no request input, then the default output encoding is
XML or JSON, depending on server preference. File extensions encoded
in the request are not used to identify format encoding.
And Error Message Response, Section 7.1
If the client did not specify an "Accept" header, then the same
structured syntax name suffix used in the request message SHOULD be
used, or the server MAY choose any supported message-encoding
format. If there is no request message, the server MUST select
"application/yang-data+xml" or "application/yang-data+json",
depending on server preference.
In a SCTP multihoming configuration, I have configured two sets - primary and secondary paths. My question is where is the INIT command sent by default on primary or secondary (assuming both the paths are up )?
Is there any condition that the INIT needs to be sent on primary path only if it is in UP state ?
Any SCTP packet, by default should be sent using primary path. This is what i found in RFC 4960 - Sec:6.4 - Para:III
By default, an endpoint SHOULD always transmit to the primary path,
unless the SCTP user explicitly specifies the destination transport
address (and possibly source transport address) to use.
Regarding second question - "Is there any condition that the INIT needs to be sent on primary path only if it is in UP state ?"
It does not look logical to send via an interface which is down. Below is the RFC 4960 - Sec:6.4.1 - Para:II
When there is outbound data to send and the primary path becomes
inactive (e.g., due to failures), or where the SCTP user explicitly
requests to send data to an inactive destination transport address,
before reporting an error to its ULP, the SCTP endpoint should try to
send the data to an alternate active destination transport address if
one exists.
Is there a length limit for the fragment part of an URL (also known as the hash)?
The hash is client side only, so the rules for HTTP may not apply to it.
It depends on the browser.
I found that in safari, chrome, and Firefox, an URL with a long hash is legal, but if it is a param send to the server, the browser will display an 414 or 413 error.
for example:
an URL like http://www.stackoverflow.com/?abc#{hash value with 100 thousand characters} will be ok. and you can use location.hash to get the hash value in javascript but an URL like http://www.stackoverflow.com/?abc&{query with 100 thousand characters} will be illegal, if you paste this link in the address bar, a 413 error code will be given and the message is the client issued a request that was too long. If that is a link in a web page, in my computer, Nginx response the 414 error message.
I don't know the situation in IE.
So I think, the limitation of the length of URL is just for transmission or HTTP server, the browser will check it sometimes, but not every time, and it will always be allowed to be used as a hash.
There is definitely a length for the whole url.
Read
RFC2616 - Hypertext Transfer Protocol
Maximum URL length is 2,083 characters in Internet Explorer