Can one of the developers perhaps give some hints about the necessary settings to delete a distributed node on the retrieving server through Content Distribution?

Current status:
#1 distributes a node to #2
Node deleted on #1 -> Error message >No node to delete on #2< & node is NOT deleted on #2

#1 active modules
Distributor Service
Content Distributor
Services
Key Authentication
XMLRPC Server
Comment Service
File Service
Node Service
System Service
Taxonomy Service
User Service
Views Service

#2 active modules
Distributor Service
Content Retriever
Taxonomy Parser
Services
Key Authentication
XMLRPC Server
Comment Service
File Service
Node Service
System Service
Taxonomy Service
User Service

Are there other modules or a special permission necessary? Thanks in advance!

CommentFileSizeAuthor
704082.content_distribution.removing-delete-service-superuser.patch2.47 KBjoachim

Comments

greg.harvey’s picture

greg.harvey
Primary language English
Location Occitanie, France
commented

I'm not sure without checking, and it's been a while, but my gut feeling is the content type on #2 lacks the CCK field required to store the original NID. I can't remember if this is still a CCK field. It shouldn't be (not for Joachim! ;-) but it was, and if it's missing then #2 has no way to link it's "distributed" node back to the original node, because the NIDs will be different.

That *might* be it... =/

joachim’s picture

joachim commented

Original nids / local nids are stored in a special table {content_retriever}, from prior to my involvement.

greg.harvey’s picture

greg.harvey
Primary language English
Location Occitanie, France
commented
Category: support » bug

Ok, so we must've used CCK when we prototyped it and then made it a "proper" node field later. Told you my memory was fuzzy!

Then that's weird. Sounds like a bug. Would need to test.

joachim’s picture

joachim commented
Version: 6.x-1.2 » 6.x-2.x-dev
Priority: Normal » Critical

Bumping the version.

But I just tested this, and it does work properly. Granted, there are some things to tidy up:

- no docs on how to set this up
- services are called with no API key. Is this a security hole?
- for that matter, they are called with no login. XMLRPC is still black magic to me -- so what stops ANYONE from hitting your site with an XMLRPC call to node.deleteDistributedNode, a nid at random, and deleting a node?

greg.harvey’s picture

greg.harvey
Primary language English
Location Occitanie, France
commented

Nothing, I think. Or rather, in the case of the production site I think the firewall does.

But this should use keys. At the time API key support in Services was pretty broken. It works now and we should use it.

joachim’s picture

joachim commented

What if we just check that the incoming Service method call to delete a node comes from the defined $endpoint domain, by looking at
$_SERVER['SERVER_NAME'] and comparing with the setting? Would that be sufficient?

greg.harvey’s picture

greg.harvey
Primary language English
Location Occitanie, France
commented

Actually, thinking about it, the firewall can't. Hmm. Are you *sure* it doesn't use API key?

joachim’s picture

joachim commented

[replying to myself in #6]

... because writing a UI on the Distributor to save an API key for every Retriever site is going to be rather tedious.
At this right, it would be more efficient to move to become a Clients plugin, which (in theory, when it's ready) will handle all the Services connection setup for us.

joachim’s picture

joachim commented

@#7 -- look at distributor_service_delete_node() and content_distribution_nodeapi() op 'delete'. I see no key there!

joachim’s picture

joachim commented

In the meantime, I think the hole can be closed by not enabling Services on the Retriever, and not enabling node.deleteDistributedNode for the Distributor's API key. It does mean you lose the deletion feature.

joachim’s picture

joachim commented
Priority: Critical » Normal

And we can downgrade this from critical now.