SmbGate: Almost entirely not frustrating

Submitted by gwolf on Thu, 12/07/2006 - 16:11
I've been working a bit over a week on writing SmbGate, a simple and quite braindead Web app giving my users web access (read-only for now at least) their home shares in a Samba server from outside the Institute, which will be basically closed for vacations/moving to a new building for over a month. It went quite smoothly. Even using a quite ugly API (Filesys::SmbClient - It works, but in an ugly fashion), getting the basic app to work took me only two days, and I've been beautifying bits of it for around a week. I even got around to write a user manual, which -to my surprise and astonishement- has been followed by the users. Wow, I'm productive! I even think this can be useful to other people, so I'll put the code online soon - As soon as I get the workplace-specific things weeded out to a configuration file. Of course, everything has its ups and downs. Yesterday, I found a bug. Today, a user reported the bug to me. And, of course, it seems to depend on MSIE's weirdness. I really, really hate my users experiencing browser incompatibilities - That's why I installed W2k under qemu (which, when used with the non-free but downloable with no fee required kqemu kernel module is perfectly speed-comparable with the completely-non-free VMware - Go try qemu now!). I tested thoroughly the system from the guest W2k system to my development machine (which is, incidentally, the same physical box), and it worked perfectly. Of course, locally, I didn't care about setting it up in a SSL-protected area. For my users, of course, access to their files is SSL-protected. I tested the production system from Linux, using Firefox. Works like a charm. So, why am I bitching? Because browsing the directories works correctly from MSIE, but downloading the files doesn't (it says, in such a Spanish that I don't really understand the error message, that the file does not exist or the site is unavailable). Of course, debugging a HTTP request over a SSL session is not feasible. I installed an instance of this system in my regular unencrypted HTTP server - But, surprise surprise, it now works fine under MSIE. Exactly the same URL, only with the https replaced by http So... I am almost entirely non frustrated. I have hit a bug which does not like being debugged. Joy, joy. But, I promise, victory will be mine.
( categories: )
Joachim Breitner's picture

Re: SmbGate: Almost entirely not frustrating

This might be old news for your, but you could try to debug it like this: Run openssl s_server in place of the webserver, then follow the link to the file. Now you have the request. Using openssl s_client, you can then pass that request to the real server and see what happens. This should be modelling the real thing pretty closely (different ssl certificates, probably, but I hope that is not causing trouble)
Javier's picture

Re: SmbGate: Almost entirely not frustrating

Debugging HTTPS applications is really simple if you use the Webscarab application (from the OWASP project, see http://www.owasp.org/index.php/OWASP_WebScarab_Project) WebScarab acts as an inline proxy, you just have to configure your web browser to point to it and it will provide a fake certificate if using SSL (of course the browser will complain but you can approve it manually). The good thing is that sessions are saved and you have full control of the session (can intercept and change any parameter).
garaged's picture

Re: SmbGate: Almost entirely not frustrating

So you are planning to post your changes for windows to the M$ dev team ? :P
vicm3's picture

Re: SmbGate: Almost entirely not frustrating

My guess is to how is handled the accented characters and spaced ones... really not know for sure, but working with M$ machines... give me that idea... Regards.