bug#4883: 23.1; url-http: wrong server name used for pwd lookup during proxy authentication

unofficial mirror of bug-gnu-emacs@gnu.org 
 help / color / mirror / code / Atom feed

From: Kai Tetzlaff <kai.tetzlaff@web.de>
To: Ted Zlatanov <tzz@lifelogs.com>
Cc: bug-gnu-emacs@gnu.org
Subject: bug#4883: 23.1; url-http: wrong server name used for pwd lookup during proxy authentication
Date: Tue, 24 Nov 2009 07:36:43 +0100	[thread overview]
Message-ID: <4B0B7EFB.3030901@web.de> (raw)
In-Reply-To: <87vdhinnxw.fsf@lifelogs.com>

Hi Ted,

I'm not sure why, but also my last post below never made it to the list.
I also sent it to you directly but did not get any reply so i assume
that it also got lost. I don't get why, but i'm trying again.

In addition to what i wrote below, i've now actually tested the url code
with a double auth. scenario (proxy auth + auth at url target). It
actually works fine without any further changes!

When you wrote your message suggesting to rework the patch, what problem
did you had in mind? Is there some other scenario which needs testing?

BR,
Kai

At Tue, 17 Nov 2009 09:19:00 -0600,
Ted Zlatanov wrote:
> >
> > The following message is a courtesy copy of an article
> > that has been posted to gnu.emacs.bug as well.
> >
> > On Tue, 10 Nov 2009 14:07:39 -0600 Ted Zlatanov <tzz@lifelogs.com>
wrote:
> >
> > TZ> On Sat, 07 Nov 2009 12:43:01 +0100 Kai Tetzlaff
<kai.tetzlaff@web.de> wrote:
> > KT> There might be a better solution from someone who has a deeper
understanding
> > KT> of the code in the url lib. But the following solves the problem
- at least
> > KT> for my case:
> > KT> Index: lisp/url/url-http.el
> > KT> ===================================================================
> > KT> RCS file: /cvsroot/emacs/emacs/lisp/url/url-http.el,v
> > KT> retrieving revision 1.64
> > KT> diff -u -r1.64 url-http.el
> > KT> --- lisp/url/url-http.el	1 Oct 2009 02:06:55 -0000	1.64
> > KT> +++ lisp/url/url-http.el	6 Nov 2009 10:25:02 -0000
> > KT> @@ -315,12 +315,16 @@
> > KT> '("basic")))
> > KT> (type nil)
> > KT> (url (url-recreate-url url-current-object))
> > KT> -	(url-basic-auth-storage 'url-http-real-basic-auth-storage)
> > KT> +	(auth-url (url-recreate-url
> > KT> +		   (if (and proxy (boundp 'url-http-proxy))
> > KT> +		       url-http-proxy
> > KT> +		     url-current-object)))
> > KT> +	(url-basic-auth-storage (if proxy
> > KT> +				    ;; Cheating, but who cares?  :)
> > KT> +				    'url-http-proxy-basic-auth-storage
> > KT> +				  'url-http-real-basic-auth-storage))
> > KT> auth
> > KT> (strength 0))
> > KT> -    ;; Cheating, but who cares?  :)
> > KT> -    (if proxy
> > KT> -	(setq url-basic-auth-storage 'url-http-proxy-basic-auth-storage))
> >
> > KT> ;; find strongest supported auth
> > KT> (dolist (this-auth auths)
> > KT> @@ -347,7 +351,7 @@
> > KT> " send it to " url-bug-address ".<hr>")
> > KT> (setq status t))
> > KT> (let* ((args (url-parse-args (subst-char-in-string ?, ?\; auth)))
> > KT> -	     (auth (url-get-authentication url (cdr-safe (assoc
"realm" args))
> > KT> +	     (auth (url-get-authentication auth-url (cdr-safe (assoc
"realm" args))
> > KT> type t args)))
> > KT> (if (not auth)
> > KT> (setq success t)
> >
> > TZ> I introduced the auth-source hooks in url-http.el but the
question of
> > TZ> which URL needs to be authenticated is not something I
considered.  Can
> > TZ> we hook the auth at a lower point?  I'm concerned that if the
proxy and
> > TZ> the destination URL both need authentication, your proposal
won't work.
> >
> > Kai, can you please follow up with your opinion?
> >
> > Thanks
> > Ted
> >

Hi Ted,

thanks for lookin into this! I already send a reply a week ago - at
least i thought so. But somehow i now cannot find any trace of it.
Something must have gone wrong...

Back to the problem - i'm not sure what exactly is supposed to happen in
the situation where proxy and final destination URL both require
authentication. But i suppose, that the HTTP requests then need to
contain two sets of credentials. And you're probably right that this
currently would not work.

As i already wrote, i've so far just scratched at the surface of the
code in the url lib. More or less just enough to create aboves patch.
What did you have in mind with "...hook the auth at a lower point"? How
should we continue from here? For a start, I could just try what the
current url code actually does.

While looking at the previous problem, i was just using irfc to retrieve
RFC documents via HTTP through the proxy at work. To set up a test
environment for double authentication i could potentially just modify
the irfc configuration to point to a server that also requires
authentication. But there are probably better ways to do this? I also
wanted to ask if you know of a server which could be used for testing,
but then thought i'll check myself shortly. And - how could it be any
different - i actually found some sites which provide authentication
test pages (e.g. http://test.webdav.org/ (not sure if its really
working) or http://koivi.com/php-http-auth/).

Given that, it should not be difficult for me to do the first step (i.e.
just check how the current code deals with double auth). If, as is
expected, it does not work i could probably use some advice on how to
continue. Can you suggest a good entry point? Would you want to spent
some time on it yourself?

Kai

next prev parent reply	other threads:[~2009-11-24  6:36 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <mailman.10227.1257614108.2239.bug-gnu-emacs@gnu.org>
2009-11-10 20:07 ` bug#4883: 23.1; url-http: wrong server name used for pwd lookup during proxy authentication Ted Zlatanov
2009-11-17 15:19   ` Ted Zlatanov
2009-11-24  6:36   ` Kai Tetzlaff [this message]
     [not found]   ` <mailman.11385.1259045252.2239.bug-gnu-emacs@gnu.org>
2009-11-25 14:51     ` Ted Zlatanov
2009-11-27 21:37       ` Kai Tetzlaff
     [not found]       ` <mailman.11677.1259358453.2239.bug-gnu-emacs@gnu.org>
2009-12-01 15:20         ` Ted Zlatanov
2009-11-07 11:43 Kai Tetzlaff

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://www.gnu.org/software/emacs/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4B0B7EFB.3030901@web.de \
    --to=kai.tetzlaff@web.de \
    --cc=4883@emacsbugs.donarmstrong.com \
    --cc=bug-gnu-emacs@gnu.org \
    --cc=tzz@lifelogs.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).