taky icon indicating copy to clipboard operation
taky copied to clipboard

Published 20 hours ago verified publisher icon tkuester

401 errors from taky_dps

Open dceejay opened this issue 1 year ago • 4 comments

Hi Tim

I'm trying to use Taky 0.9 - and All I get when try to use taky_dps with no ssl is errors like

"GET /Marti/sync/search?keywords=missionpackage&tool=public HTTP/1.1" 401 317 "-"
"GET /Marti/sync/missionquery?hash=7b13f9342048b665008f669dff278d04c5afd107468c09690fbdcfa638bbe453 HTTP/1.1" 401 317 "-"
"GET /Marti/api/clientEndPoints HTTP/1.1" 401 317 "-"
"GET /Marti/api/version/config HTTP/1.1" 200 112 "-"

Only the get version seems to work... What am I missing ?

the relevant part of taky.conf is

[dp_server]
upload_path = /var/taky/dp-user

[ssl]
enabled = false
client_cert_required = False

In the changelog I see mention of DPS endpoints that don't require client certificates - where are these documented ? How would you set a device to use them if they are on a different path as my device only lets me specify the base server.

dceejay avatar Sep 14 '23 12:09 dceejay

I "think" the issue is that there is now authorisation checks all over the place - but no way to turn them off in the config... I think there should probably be some config check around here https://github.com/tkuester/taky/blob/73116b824edef58823c0eaa0856b6e0ef2c66a75/taky/dps/init.py#L18

dceejay avatar Sep 14 '23 17:09 dceejay

Hey! Sorry I've been away for so long on this.

I'm trying to think of a way to provide access to this in a bit more of a fine grained way. Would you consider something like an option to allow certain IP addresses (ie: 127.0.0.1) access without providing credentials?

tkuester avatar Sep 29 '23 17:09 tkuester

Sure. But I'd also like to allow ranges eg a local subnet eg 192.168.1.*

dceejay avatar Sep 30 '23 06:09 dceejay

I ran into this issue today. I think what needs to be done is that before the headers are checked, it should check to see if SSL is on or not. If it is, fine, check the headers. But if its not (like in my case), don't check the headers because we know none are to be had.

Once I get the time I'll see what I can do - this seems like it would be a simple (enough) fix given time and focus.

EDIT: I found the time, and is quite rewarding considering I need to be able to sync files from EUD's this week to save face at work, but yet another reason to use OSS. Please find my fixes in #94. For the meantime, my fork is located at thebarracksarmy/taky and I'll keep it abreast of changes here until this issue gets fixed.

lucasburlingham avatar Mar 18 '24 02:03 lucasburlingham