Date: Tue, 22 Nov 2005 13:40:15 +1100 (EST) From: Edwin Groothuis <edwin@mavetju.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/89403: fetch(1) doesn't honour authentication credentials when going through a proxy Message-ID: <20051122024015.0759463A6@k7.mavetju> Resent-Message-ID: <200511220250.jAM2oNNr031341@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 89403 >Category: bin >Synopsis: fetch(1) doesn't honour authentication credentials when going through a proxy >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Nov 22 02:50:23 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Edwin Groothuis >Release: FreeBSD 5.4-RELEASE i386 >Organization: - >Environment: System: FreeBSD tinderbox.barnet.com.au 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Sun May 8 10:21:06 UTC 2005 root@harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: When trying this URL on a machine without HTTP_PROXY defined: $ fetch ftp://3dgr35g:mr23g239a@3dgamers.mirror.internode.on.net/3dgamers/games/quake4/foo fetch: ftp://3dgr35g:mr23g239a@3dgamers.mirror.internode.on.net/3dgamers/games/quake4/foo: File unavailable (e.g., file not found, no access) But when running it on a machine with HTTP_PROXY defined: $ fetch ftp://3dgr35g:mr23g239a@3dgamers.mirror.internode.on.net/3dgamers/games/quake4/foo fetch: ftp://3dgr35g:mr23g239a@3dgamers.mirror.internode.on.net/3dgamers/games/quake4/foo: Unauthorized Network trace gives this: T 10.192.1.5:61229 -> 202.83.176.9:8080 [AP] GET ftp://3dgamers.mirror.internode.on.net/3dgamers/games/quake4/foo HTTP/1.1.. ## T 10.192.1.5:61229 -> 202.83.176.9:8080 [AP] Host: 3dgamers.mirror.internode.on.net..Authorization: Basic M2RncjM1Zzptcj IzZzIzOWE=..User-Agent: fetch libfetch/2.0..Connection: close.... And towards the FTP server: T 203.16.214.173:21 -> 202.83.176.9:1982 [AP] 220 203.16.214.173 FTP server ready.. # T 202.83.176.9:1982 -> 203.16.214.173:21 [AP] USER anonymous.. ## T 203.16.214.173:21 -> 202.83.176.9:1982 [AP] 331 Password required for anonymous... # T 202.83.176.9:1982 -> 203.16.214.173:21 [AP] PASS Squid@.. When telnetting to the proxy and entering this command: GET ftp://3dgr35g:mr23g239a@3dgamers.mirror.internode.on.net/3dgamers/games/quake4/foo HTTP/1.1 I see this on the line: 220 203.16.214.173 FTP server ready.. # T 202.83.176.9:3880 -> 203.16.214.173:21 [AP] USER 3dgr35g.. ## T 203.16.214.173:21 -> 202.83.176.9:3880 [AP] 331 Password required for 3dgr35g... # T 202.83.176.9:3880 -> 203.16.214.173:21 [AP] PASS mr23g239a.. # T 203.16.214.173:21 -> 202.83.176.9:3880 [AP] 230 Anonymous access granted, restrictions apply... which is exactly what I expected in the first place. >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051122024015.0759463A6>