Closed
Bug 1320999
Opened 8 years ago
Closed 8 years ago
Asking twice for NTLM proxy password when prompting also for WWW NTLM auth
Categories
(Core :: Networking: HTTP, defect)
Tracking
()
RESOLVED
FIXED
mozilla53
Tracking | Status | |
---|---|---|
firefox53 | --- | fixed |
People
(Reporter: mayhemer, Assigned: mayhemer)
References
Details
(Whiteboard: [necko-active][ntlm])
Attachments
(1 file)
2.08 KB,
patch
|
jduell.mcbugs
:
review+
|
Details | Diff | Splinter Review |
Bug 1315332 and bug 1309438 introduced closing of a sticky connection when user is prompted for credentials.
scenario:
- we are asked for creds for NTLM proxy
- user enters it, it's correct, it's cached
- server now asks for NTLM auth
- we throw the sticky connection away (which also kills the proxy connection), ask user for the creds
- user provides it
- we create a new connection
- and now we have to auth to the proxy again as well
( the sequence looks like 407, 407, 401, 407 )
problem:
- we don't reuse the cached creds for the second proxy auth and ask again the user
cause:
- ntlm::ChallengeReceived returns identInvalid = true (expected and correct)
- but, the mProxyIdent is Equal() to the cached entry in nsHttpChannelAuthProvider::GetCredentialsForChallenge
-> hence, we consider it as invalid (believing the proxy rejects these credentials), clear it from the cache and ask again the user
fix:
- throw the proxy ident from http channel auth provider away when the proxy authenticated connection is closed, what forces reuse of the cached entry for the proxy credentials, which is expected to work (pass the proxy authentication) ; it's highly unlikely the proxy credentials would change in the meantime ;)
Assignee | ||
Updated•8 years ago
|
Assignee: nobody → honzab.moz
Status: NEW → ASSIGNED
Assignee | ||
Comment 1•8 years ago
|
||
Explanation in the patch and in bugzilla. Not tested (will ask Gary).
https://treeherder.mozilla.org/#/jobs?repo=try&revision=7fac59ae31d4db2b01f9205dee6e6962b5490258
Assignee | ||
Comment 2•8 years ago
|
||
Gary, please retest your cases (specially the case 2) from [1] with the patch from this bug.
Thanks.
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1309438#c16
Flags: needinfo?(gary)
Assignee | ||
Comment 3•8 years ago
|
||
Comment on attachment 8815390 [details] [diff] [review]
v1 (drop mProxyIdent when dropping sticky conn because of WWW auth dialog)
Jason, I'm asking you since Patrick was not very responsive the last time (probably busy). Feel free to forward to anyone else.
Attachment #8815390 -
Flags: review?(jduell.mcbugs)
Comment 4•8 years ago
|
||
Applied patch and re ran tests, it appears to be fixed.
Flags: needinfo?(gary)
Assignee | ||
Comment 5•8 years ago
|
||
(In reply to Gary Lockyer from comment #4)
> Applied patch and re ran tests, it appears to be fixed.
Thank you!
Updated•8 years ago
|
Whiteboard: [necko-active]
Comment 6•8 years ago
|
||
Comment on attachment 8815390 [details] [diff] [review]
v1 (drop mProxyIdent when dropping sticky conn because of WWW auth dialog)
Review of attachment 8815390 [details] [diff] [review]:
-----------------------------------------------------------------
Good comment!
Attachment #8815390 -
Flags: review?(jduell.mcbugs) → review+
Assignee | ||
Updated•8 years ago
|
Keywords: checkin-needed
Pushed by cbook@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/eb6839ca47ea
Avoid double NTLM proxy auth prompt by not keeping nsHttpChannelAuthProvider::mProxyIdent when the sticky connection is threw away during NTLM WWW authentication prompt, r=jduell
Keywords: checkin-needed
Comment 8•8 years ago
|
||
bugherder landing |
Comment 9•8 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla53
Assignee | ||
Updated•8 years ago
|
Whiteboard: [necko-active] → [necko-active][ntlm]
You need to log in
before you can comment on or make changes to this bug.
Description
•