Closed Bug 42008 Opened 24 years ago Closed 24 years ago

"basic" auth broken on linux again (but "Basic" works).

Categories

(Core :: Networking, defect, P3)

Product:
Core
Component:
Networking
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: anthony, Assigned: blizzard)

References

Details

Attachments

(4 files)

Make HTTP auth type selection case-insensitive
962 bytes, patch
Details | Diff | Splinter Review
fix case sensitivity for real, and fix trailing NUL (42782)
2.25 KB, patch
Details | Diff | Splinter Review
latest revision
3.83 KB, patch
Details | Diff | Splinter Review
patch 3
4.11 KB, patch
Details | Diff | Splinter Review
As of the last couple of builds, any attempt to go to a page with basic auth results in no change to the page. On stdout, I see Error loading URL http://kahlua.lax.ekorp.com:9080/ekorp/bob/ (or whatever the URL you're trying is). I can't see any other output. This breaks regardless of whether I try to load the page from bookmarks, from a link on a page, from entering it into the location box, or the 'open' popup. It was working (sortof, see 40386) in 2000060108, but is broken in 2000060608. If I have time, I'll try a binary chop to figure out exactly when it stopped working. Box is a Redhat 6.2 machine.
*** Bug 42007 has been marked as a duplicate of this bug. ***
Ok, it broke between the builds 2000060108 and 2000060120. Looking at the CVS logs, theres a slab o' checkins at 2000/06/01 17:23 by shaver@netscape.com to make HTTP auth pluggable - could this be related?
using a noon 6/10/2000 linux cvs build basic auth works for me
Well, it's still not working for me on 2000061214 - going to, e.g. http://www.zope.org/Members/anthony/manage/ should bring up a basic auth popup, but it doesn't. If I type it into the location box, on stdout, I see Entry at index 0 is http://www.zope.org/Members/anthony/manage/ Document: Done (1.521 secs) Error loading URL http://www.zope.org/Members/anthony/manage/ but no popup.
Testing on 061311 linux. Clicking on a link to: http://freshmeat.net/lounge/ results in the throbber going for about .5 sec and then nothing happens. http://members.dhs.org/nic/hosts/ works fine. Not sure what the difference is between the two sites (tried lynx -dump with no auth, etc). anyone have a clue?
Ok, I've found it. If the server sends back WWW-Authenticate: Basic realm="foo bar" Mozilla works. If it sends back WWW-Authenticate: basic realm="foo bar" Mozilla misbehaves. This is undoubtedly related to the pluggable auth changes I mentioned earlier in this bugreport. The two URLs Decklin lists are good for demonstrating this. The RFC says it should be spelt "Basic", not "basic", but there's a number of servers out there that get it wrong.
Summary: basic auth broken on linux again → "basic" auth broken on linux again (but "Basic" works).
*** Bug 42795 has been marked as a duplicate of this bug. ***
This is Mozilla's fault. I already had filed bug #42795 when I found this one. See that bug fore a testcase and details onwhere to fix.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Nice catch, Anthony. I'll whip up a patch now. (Wish we'd caught this before M16. Darn.)
Assignee: gagan → shaver
Target Milestone: --- → M17
The patch compiles, but I have to wait for my build to complete before I can test it. If anyone else would like to rebuild netwerk/http/protocol/src and netwerk/build with this patch and give it a spin, I'd love it.
Status: NEW → ASSIGNED
I'm freaking lame, and have no Mozilla-tree access right now, so blizzard will rescue you all from my idiocy.
Assignee: shaver → blizzard
Status: ASSIGNED → NEW
Blocks: 42782
I've attached a copy of the patch that works. o normalizes the category service to lower case o correctly assigns authLower from authType instead of authString ( which was empty ) o passes 0 to the len argument of PL_Base64Encode() to let the function find the length instead of relying on length - 1 which would have broken things is length == 0. Looking for a review on this. It seems to work well for me.
Status: NEW → ASSIGNED
Attached patch patch 3Splinter Review
shaver has an r= on this if I change the comment to say: // we use length - 1 here to avoid encoding the trailing NUL which I have in my tree.
Ok, have an r=valeski on this, too.
Keywords: approval
r=gagan and here's a dup...
*** Bug 42881 has been marked as a duplicate of this bug. ***
- PRUint32 length = cUser.Length() + (iPass ? (cPass.Length() + 2) : 1); + PRUint32 length = cUser.Length() + 1; + if (iPass) + length += cPass.Length() + 1; Uber-nits: - I hate it when length doesn't equate to strlen for a NUL-terminated char string, and prefer names like nbytes or size (as in char s[]="hi";sizeof(s)). Those names connote the fact that there's space for the terminator, which is not counted as part of the string's *length*. - Your indentation of the last line is non-conforming. When in Rome! Fix these, and a=brendan@mozilla.org. /be
Done. Thanks!
Checked in.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Grabbed a nightly of 2000/06/27, 21:00. Tried it - works on everything I can see. Yay!
reporter here, works fine for me too! now I can use Mozilla for Zope management again... groovy!
verified by reporter.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: