Closed Bug 42008 Opened 24 years ago Closed 24 years ago

"basic" auth broken on linux again (but "Basic" works).

Categories

(Core :: Networking, defect, P3)

Product:
Core
Component:
Networking
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: anthony, Assigned: blizzard)

References

Details

Attachments

(4 files)

Make HTTP auth type selection case-insensitive
962 bytes, patch
Details | Diff | Splinter Review
fix case sensitivity for real, and fix trailing NUL (42782)
2.25 KB, patch
Details | Diff | Splinter Review
latest revision
3.83 KB, patch
Details | Diff | Splinter Review
patch 3
4.11 KB, patch
Details | Diff | Splinter Review 
As of the last couple of builds, any attempt to go to a page with
basic auth results in no change to the page. On stdout, I see

Error loading URL http://kahlua.lax.ekorp.com:9080/ekorp/bob/

(or whatever the URL you're trying is).

I can't see any other output. This breaks regardless of whether I try
to load the page from bookmarks, from a link on a page, from entering
it into the location box, or the 'open' popup.

It was working (sortof, see 40386) in 2000060108, but is broken in
2000060608. If I have time, I'll try a binary chop to figure out
exactly when it stopped working.

Box is a Redhat 6.2 machine.
*** Bug 42007 has been marked as a duplicate of this bug. ***
Ok, it broke between the builds 2000060108 and 2000060120.
Looking at the CVS logs, theres a slab o' checkins at 2000/06/01 17:23
by shaver@netscape.com to make HTTP auth pluggable - could this be related?

using a noon 6/10/2000 linux cvs build basic auth works for me


Well, it's still not working for me on 2000061214 - going to, e.g.
http://www.zope.org/Members/anthony/manage/
should bring up a basic auth popup, but it doesn't. If I type it
into the location box, on stdout, I see
Entry at index 0 is http://www.zope.org/Members/anthony/manage/
Document: Done (1.521 secs)
Error loading URL http://www.zope.org/Members/anthony/manage/
but no popup.
Testing on 061311 linux. Clicking on a link to:

http://freshmeat.net/lounge/ results in the throbber going for about .5 sec and
then nothing happens.

http://members.dhs.org/nic/hosts/ works fine.

Not sure what the difference is between the two sites (tried lynx -dump with no
auth, etc). anyone have a clue?

Ok, I've found it. 

If the server sends back
WWW-Authenticate: Basic realm="foo bar"
Mozilla works.

If it sends back 
WWW-Authenticate: basic realm="foo bar"

Mozilla misbehaves. This is undoubtedly related to the pluggable auth
changes I mentioned earlier in this bugreport.

The two URLs Decklin lists are good for demonstrating this.

The RFC says it should be spelt "Basic", not "basic", but there's a number
of servers out there that get it wrong.
Summary: basic auth broken on linux again → "basic" auth broken on linux again (but "Basic" works).
*** Bug 42795 has been marked as a duplicate of this bug. ***
This is Mozilla's fault. I already had filed bug #42795 when I found this one.
See that bug fore a testcase and details onwhere to fix.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Nice catch, Anthony.  I'll whip up a patch now.  (Wish we'd caught this before
M16.  Darn.)
Assignee: gagan → shaver
Target Milestone: --- → M17
The patch compiles, but I have to wait for my build to complete before I can
test it.

If anyone else would like to rebuild netwerk/http/protocol/src and netwerk/build
with this patch and give it a spin, I'd love it.
Status: NEW → ASSIGNED
I'm freaking lame, and have no Mozilla-tree access right now, so blizzard will
rescue you all from my idiocy.
Assignee: shaver → blizzard
Status: ASSIGNED → NEW
Blocks: 42782
I've attached a copy of the patch that works.

o normalizes the category service to lower case

o correctly assigns authLower from authType instead of authString ( which was
empty )

o passes 0 to the len argument of PL_Base64Encode() to let the function find the
length instead of relying on length - 1 which would have broken things is length
== 0.

Looking for a review on this.  It seems to work well for me.
Status: NEW → ASSIGNED
Attached patch patch 3Splinter Review 

    
    

    
  
shaver has an r= on this if I change the comment to say:

// we use length - 1 here to avoid encoding the trailing NUL

which I have in my tree.

    
    

    
  
Ok, have an r=valeski on this, too.
Keywords: approval

    
    

    
  
r=gagan and here's a dup... 

    
    

    
  
*** Bug 42881 has been marked as a duplicate of this bug. ***

    
    

    
  
-    PRUint32 length = cUser.Length() + (iPass ? (cPass.Length() + 2) : 1);
+    PRUint32 length = cUser.Length() + 1;
+    if (iPass)
+      length += cPass.Length() + 1;

Uber-nits:

- I hate it when length doesn't equate to strlen for a NUL-terminated char 
string, and prefer names like nbytes or size (as in char s[]="hi";sizeof(s)).  
Those names connote the fact that there's space for the terminator, which is not 
counted as part of the string's *length*.

- Your indentation of the last line is non-conforming.  When in Rome!

Fix these, and a=brendan@mozilla.org.

/be

    
    

    
  
Done.  Thanks!

    
    

    
  
Checked in.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED

    
    

    
  
Grabbed a nightly of 2000/06/27, 21:00. Tried it - works on everything
I can see. Yay!



    
    

    
  
reporter here, works fine for me too! now I can use Mozilla for
Zope management again... groovy!

    
    

    
  
verified by reporter.
Status: RESOLVED → VERIFIED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: