Closed Bug 1320999 Opened 5 years ago Closed 5 years ago
Asking twice for NTLM proxy password when prompting also for WWW NTLM auth
Bug 1315332 and bug 1309438 introduced closing of a sticky connection when user is prompted for credentials. scenario: - we are asked for creds for NTLM proxy - user enters it, it's correct, it's cached - server now asks for NTLM auth - we throw the sticky connection away (which also kills the proxy connection), ask user for the creds - user provides it - we create a new connection - and now we have to auth to the proxy again as well ( the sequence looks like 407, 407, 401, 407 ) problem: - we don't reuse the cached creds for the second proxy auth and ask again the user cause: - ntlm::ChallengeReceived returns identInvalid = true (expected and correct) - but, the mProxyIdent is Equal() to the cached entry in nsHttpChannelAuthProvider::GetCredentialsForChallenge -> hence, we consider it as invalid (believing the proxy rejects these credentials), clear it from the cache and ask again the user fix: - throw the proxy ident from http channel auth provider away when the proxy authenticated connection is closed, what forces reuse of the cached entry for the proxy credentials, which is expected to work (pass the proxy authentication) ; it's highly unlikely the proxy credentials would change in the meantime ;)
Assignee: nobody → honzab.moz
Status: NEW → ASSIGNED
Explanation in the patch and in bugzilla. Not tested (will ask Gary). https://treeherder.mozilla.org/#/jobs?repo=try&revision=7fac59ae31d4db2b01f9205dee6e6962b5490258
Gary, please retest your cases (specially the case 2) from  with the patch from this bug. Thanks.  https://bugzilla.mozilla.org/show_bug.cgi?id=1309438#c16
Comment on attachment 8815390 [details] [diff] [review] v1 (drop mProxyIdent when dropping sticky conn because of WWW auth dialog) Jason, I'm asking you since Patrick was not very responsive the last time (probably busy). Feel free to forward to anyone else.
Attachment #8815390 - Flags: review?(jduell.mcbugs)
Applied patch and re ran tests, it appears to be fixed.
(In reply to Gary Lockyer from comment #4) > Applied patch and re ran tests, it appears to be fixed. Thank you!
Comment on attachment 8815390 [details] [diff] [review] v1 (drop mProxyIdent when dropping sticky conn because of WWW auth dialog) Review of attachment 8815390 [details] [diff] [review]: ----------------------------------------------------------------- Good comment!
Attachment #8815390 - Flags: review?(jduell.mcbugs) → review+
Pushed by firstname.lastname@example.org: https://hg.mozilla.org/integration/mozilla-inbound/rev/eb6839ca47ea Avoid double NTLM proxy auth prompt by not keeping nsHttpChannelAuthProvider::mProxyIdent when the sticky connection is threw away during NTLM WWW authentication prompt, r=jduell
Whiteboard: [necko-active] → [necko-active][ntlm]
You need to log in before you can comment on or make changes to this bug.