Date: Wed, 23 Jun 2010 11:01:47 GMT From: Tom Evans <tevans.uk@googlemail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/148087: Fetch doesn't supply proxy auth credentials with the '-A' flag Message-ID: <201006231101.o5NB1lSH077457@www.freebsd.org> Resent-Message-ID: <201006231110.o5NBA5e0041732@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 148087 >Category: misc >Synopsis: Fetch doesn't supply proxy auth credentials with the '-A' flag >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Jun 23 11:10:05 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Tom Evans >Release: RELENG_7 >Organization: Mintel International >Environment: FreeBSD strangepork.mintel.co.uk 7.3-STABLE FreeBSD 7.3-STABLE #3: Fri May 14 18:27:38 BST 2010 root@strangepork.mintel.co.uk:/usr/FreeBSD/RELENG_7/obj/usr/FreeBSD/RELENG_7/src/sys/STRANGEPORK i386 >Description: libfetch/http.c tries to download files in a loop, so that each failure leads to the download being re-attempted, up to the number of retries specified. When going through a proxy, it first requests the file without proxy auth, adding credentials if the response to the first request demands it. When libfetch is passed the 'A' flag, it is supposed to not follow 302 temporary redirects. The actual effect is to limit the number of iterations in the download loop to only 1 and no attempt is made to attempt to fetch with the credentials supplied. Encountered on RELENG_7, same code exists in HEAD AFAICT. >How-To-Repeat: Configure a proxy to require basic authentication. Set HTTP_PROXY and HTTP_PROXY_AUTH such that fetch will use the proxy. Run fetch both with and without the -A flags (example mimics default ports fetch args) > # /usr/bin/fetch -ApRr -v -S 37867 http://googlecl.googlecode.com/files/googlecl-0.9.5.tar.gz looking up proxy connecting to proxy:3128 requesting http://googlecl.googlecode.com/files/googlecl-0.9.5.tar.gz proxy requires authorization fetch: http://googlecl.googlecode.com/files/googlecl-0.9.5.tar.gz: Proxy Authentication Required root@strangepork '12:13:28' '/usr/ports/net/googlecl' Without -A, it works as expected > # /usr/bin/fetch -pRr -v -S 37867 http://googlecl.googlecode.com/files/googlecl-0.9.5.tar.gz looking up proxy connecting to proxy:3128 requesting http://googlecl.googlecode.com/files/googlecl-0.9.5.tar.gz proxy requires authorization looking up proxy connecting to proxy:3128 requesting http://googlecl.googlecode.com/files/googlecl-0.9.5.tar.gz local size / mtime: 37867 / 1276839258 remote size / mtime: 37867 / 1276839258 >Fix: Apply supplied patch. Patch attached with submission follows: Index: /usr/src/lib/libfetch/http.c =================================================================== RCS file: /home/ncvs/src/lib/libfetch/http.c,v retrieving revision 1.78.2.5 diff -u -r1.78.2.5 http.c --- /usr/src/lib/libfetch/http.c 27 Jan 2010 14:54:48 -0000 1.78.2.5 +++ /usr/src/lib/libfetch/http.c 21 Jun 2010 11:30:32 -0000 @@ -1710,6 +1710,7 @@ goto ouch; } /* try again, but send the password this time */ + ++n; if (verbose) fetch_info("proxy requires authorization"); break; >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201006231101.o5NB1lSH077457>