Closed Bug 213282 Opened 21 years ago Closed 21 years ago

mozilla not sending basic authorization header

Categories

(Core :: Networking: HTTP, defect, P1)

Product:
Core
Component:
Networking: HTTP
Platform:
x86
Windows 2000
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.5beta

People

(Reporter: pkures, Assigned: darin.moz)

References

Details

(Keywords: regression)

Attachments

(3 files)

httplog with older Mozilla build (20030630) - working
298.26 KB, text/plain
Details
http log with Mozilla build (20030719) - fails
58.15 KB, text/plain
Details
v1 patch
1.43 KB, patch
dwitte
: review+
bzbarsky
: superreview+
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5a) Gecko/20030720 Mozilla Firebird/0.5 StumbleUpon/1.63
Build Identifier: http://ftp.mozilla.org/pub/mozilla/nightly/2003-07-19-04-trunk/

In recent Mozilla (and Mozilla Firebird) builds (tested with Mozilla
2003071008,2003071904 and MozillaFirebird from 20030711) NetWare Remote Manager
(Netware 6 + SP3) https access does not work. After entering username and
password, I get three blank frames instead of management portal. In builds
before (including) 20030630 it has worked. I have created http debug log and in
newer builds Authorization header is sent only in first request and not in
subsequent requests.
I'll attach debug log files with http headers.

Reproducible: Always

Steps to Reproduce:
1. enter netware management portal address (https://)
2. enter username and password

Actual Results:  
Only frameset with three empty frames have loaded.

Expected Results:  
NetWare management portal should have loaded.

I have deleted profile and mozilla instalation directory completely before testing.
This is the http debug log created with Mozilla 20030630, to login to Netware
Management Portal works without problem with this builds (and maybe few after
this date).
In this build login to management portal never finishes. Mozilla is trying to
load frames and CSS, but since no authorization header is sent, the management
protal just redirects the browser to https://192.168.0.2:8009/_LOGIN_SERVER_.
Can Netware use NTLM authentication ?
Summary: mozilla not sending basic authorization header → mozilla not sending basic authorization header
If this server is using NTLM (Netware 6, or 5.1 with access pack), then you
might have to have to enter the name as domain\username. We don't have a
separate field for the domainname yet, see bug 199674.
No, it uses basic authentication over SSL. 
The problem is not in the authentication credentials, they are generated ok and
accepted by the server, but the Authorization header is being sent only in the
first request (GET /)after authentication and not in subsequent requestes (like
GET /SYS/LOGIN/portal.css).
this looks like a major regression to me... probably resulting from the fix for
bug 143575 :(
Status: UNCONFIRMED → ASSIGNED
Depends on: 143575
Ever confirmed: true
Keywords: regression
Priority: -- → P1
Target Milestone: --- → mozilla1.5beta
You are right. The problem is result of fixing bug 143575.
The problem is in nsHttpChannel.cpp and have been caused by this change (maybe
there are more problems, but I tested only this):

     rv = authCache->GetAuthEntryForPath(host, port, path, &entry);
     if (NS_SUCCEEDED(rv)) {
+        // if we are trying to add a header for origin server auth and if the
+        // URL contains an explicit username, then be sure to try the given
+        // username first.
+        if (header == nsHttp::Authorization) {
+            nsHttpAuthIdentity temp;
+            GetIdentityFromURI(0, temp);
+            if (nsCRT::strcmp(temp.User(), entry->Identity().User()) != 0)
+                return; // different username; let the server challenge us.
+        }

GetIdentityFromURI returns empty nsHttpAuthIdentity. This means that temp.User()
is not the same as entry->Identity().User() and the function returns without
setting Authorization header. I replaced the return; line with:

LOG(("usernames do not match (%x,%x)\n",temp.User(),entry->Identity().User()));

and I've got this line in my http log:

usernames do not match (0,21a26d8)

With this modification the login have succeeded.

ok, so probably we just need to equate an empty string with a null string.  no
surprise now that i think about it.  this sort of problem has always plagued the
HTTP auth code :-/

patch coming up...
I think that we need to check if temp.User() is empty (this means no
username:password in URI) and in that case just continue and use username and
password from entry->Identity().User(). In the case that temp.User() contains
username that have been parsed from the URI, compare it with
entry->Identity.User() and return if not equal.

So the code should probably (IMHO) look like this:

if (header == nsHttp::Authorization) {
  nsHttpAuthIdentity temp;
  GetIdentityFromURI(0, temp);
  if (temp.User() && nsCRT::strcmp(temp.User(), entry->Identity().User()) != 0)
        return; // different username; let the server challenge us.
}
Attached patch v1 patchSplinter Review 
petr: can you please test this out?
I have applied your patch and executed:

cd /netwerk/protocol/http/src
make
cd /netwerk/build
make

Is this the right way to rebuild just the modified component ?

I have tested mozilla with newly built necko.dll and the authentication to the
portal now works.


excellent, thank you petr!  (yes, you rebuilt necko correctly.)
Attachment #128332 - Flags: superreview?(bzbarsky)
Attachment #128332 - Flags: review?(dougt)
Attachment #128332 - Flags: superreview?(bzbarsky) → superreview+
*** Bug 214138 has been marked as a duplicate of this bug. ***
Attachment #128332 - Flags: review?(dougt) → review?(dwitte)
Attachment #128332 - Flags: review?(dwitte) → review+
fixed-on-trunk
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
*** Bug 216979 has been marked as a duplicate of this bug. ***
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: