[Bug 788763] New: zypper doesn't work with HTTP proxy with basic authentication
https://bugzilla.novell.com/show_bug.cgi?id=788763 https://bugzilla.novell.com/show_bug.cgi?id=788763#c0 Summary: zypper doesn't work with HTTP proxy with basic authentication Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: i586 OS/Version: openSUSE 12.1 Status: NEW Severity: Normal Priority: P5 - None Component: libzypp AssignedTo: zypp-maintainers@forge.provo.novell.com ReportedBy: doerges@pre-sense.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0 Proxy support was configured via YaST. Hitting the test button in YaST showed everything to be working fine ("Proxy settings work correctly."). Calling 'zypper ref' does not work, however. It gives me a Error code: HTTP response: 407. 'zypper ref' *without* configuring a proxy does work fine. Using curl *with* the proxy works fine, too. zypper does extract the username from /root/.curlrc, but it apparently ignores the password. BTW, I feel that /root/.curlrc is a rather awkward place to store system wide proxy configuration. My expectation would be that a system wide configuration is available for normal users as well. Reproducible: Always Steps to Reproduce: 1. Configure proxy in YaST (URL, username, password) 2. zypper ref Actual Results: HTTP response: 407 Expected Results: Refreshed repository information. System information ------------------ zaxxon:~ # egrep -v '^($|#)' /etc/sysconfig/proxy PROXY_ENABLED="yes" HTTP_PROXY="http://10.9.0.103:3129/" HTTPS_PROXY="http://10.9.0.103:3129/" FTP_PROXY="" NO_PROXY="" zaxxon:~ # echo $http_proxy http://10.9.0.103:3129/ zaxxon:~ # cat /root/.curlrc # Changed by YaST2 module proxy 11/08/12 --proxy-user "wdsbasic:mypassword" --proxy "http://10.9.0.103:3129/" Using the proxy --------------- zaxxon:~ # curl http://myinternalmirror.intern.pre-sense.de/repositories/opensuse/12.1/repo/... CONTENTSTYLE 11 [...] KEY SHA256 3134346a088478994ea0932cd6114820bbfd62ea633120217766f6b5c4ef95d9 gpg-pubkey-9c800aca-4be01999.asc zaxxon:~ # zypper ref Download (curl) error for 'http://myinternalmirror.intern.pre-sense.de/repositories/opensuse/12.1/repo/...': Error code: HTTP response: 407 Error message: The requested URL returned error: 407 Abort, retry, ignore? [a/r/i/?] (a): ^C zaxxon:~ # /var/log/zypper.log ------------------- 2012-11-08 15:17:30 <1> zaxxon(4185) [zypp] ProductFileReader.cc(parse):242 ---0 - /etc/products.d/baseproduct[_eF_] 2012-11-08 15:17:30 <1> zaxxon(4185) [zypp] ProxyInfoLibproxy.cc(getProxyFactory):66 Build Libproxy Factory from /etc/sysconfig/proxy 2012-11-08 15:17:30 <1> zaxxon(4185) [zypp++] MediaCurl.cc(setupEasy):638 Proxy: 'http://10.9.0.103:3129' 2012-11-08 15:17:30 <1> zaxxon(4185) [zypp] CurlConfig.cc(parseConfig):44 Going to parse /root/.curlrc 2012-11-08 15:17:30 <1> zaxxon(4185) [zypp++] CurlConfig.cc(parseConfig):106 GOT: proxy-user 2012-11-08 15:17:30 <1> zaxxon(4185) [zypp++] CurlConfig.cc(parseConfig):106 GOT: proxy 2012-11-08 15:17:30 <1> zaxxon(4185) [zypp++] CurlConfig.cc(setParameter):178 Ignoring option proxy 2012-11-08 15:17:30 <1> zaxxon(4185) [zypp++] MediaCurl.cc(setupEasy):659 Proxy: using proxy-user from ~/.curlrc 2012-11-08 15:17:30 <1> zaxxon(4185) [zypp] MediaCurl.cc(setupEasy):714 HEADER X-ZYpp-AnonymousId: 9bf1c0ef-6aa8-4730-aa55-bab8b4dd5024 2012-11-08 15:17:30 <1> zaxxon(4185) [zypp] MediaCurl.cc(setupEasy):714 HEADER X-ZYpp-DistributionFlavor: dvd 2012-11-08 15:17:30 <1> zaxxon(4185) [zypp] MediaCurl.cc(setupEasy):714 HEADER Pragma: 2012-11-08 15:17:30 <1> zaxxon(4185) [zypp] MediaHandler.cc(attach):665 Attached: http://myinternalmirror.intern.pre-sense.de/repositories/opensuse/12.1/repo/... attached; localRoot "/var/adm/mount/AP_0x9QLzEj" 2012-11-08 15:17:30 <1> zaxxon(4185) [zypp++] MediaManager.cc(checkDesired):109 checkDesired(2): desired (report by zypp::media::NoVerifier) 2012-11-08 15:17:30 <1> zaxxon(4185) [zypp++] MediaManager.cc(checkDesired):112 checkDesired(2): desired (cached) 2012-11-08 15:17:30 <1> zaxxon(4185) [zypp++] MediaManager.cc(checkDesired):112 checkDesired(2): desired (cached) 2012-11-08 15:17:30 <1> zaxxon(4185) [zypp++] MediaMultiCurl.cc(doGetFileCopy):1266 dest: /var/adm/mount/AP_0x9QLzEj/content 2012-11-08 15:17:30 <1> zaxxon(4185) [zypp++] MediaMultiCurl.cc(doGetFileCopy):1267 temp: /var/adm/mount/AP_0x9QLzEj/content.new.zypp.ikPO4i 2012-11-08 15:17:30 <1> zaxxon(4185) [zypp++] MediaCurl.cc(doGetFileCopyFile):1343 /content 2012-11-08 15:17:30 <1> zaxxon(4185) [zypp++] MediaCurl.cc(doGetFileCopyFile):1353 URL: http://myinternalmirror.intern.pre-sense.de/repositories/opensuse/12.1/repo/... 2012-11-08 15:17:30 <3> zaxxon(4185) [zypp] MediaCurl.cc(doGetFileCopyFile):1417 curl error: 22: The requested URL returned error: 407, temp file size 0 bytes. 2012-11-08 15:17:30 <1> zaxxon(4185) [zypp++] MediaCurl.cc(evaluateCurlCode):970 HTTP response: 407 (URL: http://myinternalmirror.intern.pre-sense.de/repositories/opensuse/12.1/repo/...) 2012-11-08 15:17:30 <5> zaxxon(4185) [zypp] Exception.cc(log):137 MediaCurl.cc(evaluateCurlCode):971 THROW: Download (curl) error for 'http://myinternalmirror.intern.pre-sense.de/repositories/opensuse/12.1/repo/...': 2012-11-08 15:17:30 <5> zaxxon(4185) [zypp] Exception.cc(log):137 Error code: HTTP response: 407 2012-11-08 15:17:30 <5> zaxxon(4185) [zypp] Exception.cc(log):137 Error message: The requested URL returned error: 407 Access Logs from Proxy (squid) ------------------------------ (curl, OK) 10.9.0.80:32855 -> 10.9.0.103:3129 || - wdsbasic wdsbasic - || [08/Nov/2012:15:16:40 +0100] "GET http://myinternalmirror.intern.pre-sense.de/repositories/opensuse/12.1/repo/... HTTP/1.1" 200 3021 "-" "curl/7.22.0 (i686-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.0e zlib/1.2.5 c-ares/1.7.5 libidn/1.22 libssh2/1.2.9" TCP_MEM_HIT:NONE (zypper ref, 407) 10.9.0.80:32856 -> 10.9.0.103:3129 || - - - - || [08/Nov/2012:15:17:31 +0100] "GET http://myinternalmirror.intern.pre-sense.de/repositories/opensuse/12.1/repo/... HTTP/1.1" 407 4217 "-" "ZYpp 10.4.5 (curl 7.22.0) openSUSE-12.1-i586" TCP_DENIED:NONE 10.9.0.80:32856 -> 10.9.0.103:3129 || - wdsbasic wdsbasic - || [08/Nov/2012:15:17:31 +0100] "GET http://myinternalmirror.intern.pre-sense.de/repositories/opensuse/12.1/repo/... HTTP/1.0" 407 4542 "-" "ZYpp 10.4.5 (curl 7.22.0) openSUSE-12.1-i586" TCP_DENIED:NONE -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=788763 https://bugzilla.novell.com/show_bug.cgi?id=788763#c1 Michael Andres <ma@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |doerges@pre-sense.de --- Comment #1 from Michael Andres <ma@suse.com> 2012-11-09 16:14:55 CET --- Just guessing: There might be something wrong with the unquoting of special chars in the password line found in curlrc: --proxy-user "wdsbasic:mypassword" I assume 'mypassword' isn't the real password, so if curl is able to handle it, it may be zypp is doing something wrong here. I see a chance to wrongly decode the 'mpassword' string, if it contains a '%' followed by 2 hexdigits (0123456789ABCDEF). Maybe you can tell me if this is the case? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=788763 https://bugzilla.novell.com/show_bug.cgi?id=788763#c2 Till Dörges <doerges@pre-sense.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|doerges@pre-sense.de | --- Comment #2 from Till Dörges <doerges@pre-sense.de> 2012-11-09 16:40:18 UTC --- 'mpassword' is not the real one, but my test password contained only lowercase letters and not very many. Certainly no '%'. JFTR, if there's no UN/PW in /root/.curlrc, zypper does seem to understand something like 'http://username:password@host:port' for HTTP_PROXY in /etc/sysconfig/proxy. But again with the same problem (it gets the username right but not the password). So that should probably be fixed, too. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=788763 https://bugzilla.novell.com/show_bug.cgi?id=788763#c3 Michael Andres <ma@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |doerges@pre-sense.de --- Comment #3 from Michael Andres <ma@suse.com> 2012-11-12 10:17:17 CET --- Then it's more likely a problem in communication with the proxy. The "wdsbasic:mypassword" string is passed to libcurl as a whole. User and password parts are not processed separately. /etc/sysconfig/proxy parsing is completely different, if this was broken as well, we would have more reports like this. Could you please set 'ZYPP_MEDIA_CURL_DEBUG=1' in the environemt, reproduce the issue with zypper and attach the /var/log/zypper.log. The log will then contain the http headers and server responses. Maybe it gives a hint. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=788763 https://bugzilla.novell.com/show_bug.cgi?id=788763#c4 --- Comment #4 from Till Dörges <doerges@pre-sense.de> 2012-11-13 21:31:52 UTC --- Created an attachment (id=512985) --> (http://bugzilla.novell.com/attachment.cgi?id=512985) Logfile for 'zypper ref' with ZYPP_MEDIA_CURL_DEBUG=1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=788763 https://bugzilla.novell.com/show_bug.cgi?id=788763#c5 Till Dörges <doerges@pre-sense.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|doerges@pre-sense.de | --- Comment #5 from Till Dörges <doerges@pre-sense.de> 2012-11-13 21:46:20 UTC --- The logfile doesn't say anything about the password, but it does say this: --- snip --- 2012-11-13 22:28:19 <1> zaxxon(16748) [zypp++] MediaCurl.cc(log_curl):110 * Proxy auth using Digest with user 'wdsbasic' --- snap --- The proxy only understands basic auth. Digest auth won't work. If I configure a different proxy which understands digest auth via YaST, 'zypper ref' does work. But then the connection test in YaST fails. So for one the YaST proxy test and zypper should probably use the same auth mechanism(s) to avoid confusion. And ideally both applications would automagically determine and then use the right auth mechanism (at least for auth none, basic auth and digest auth). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=788763 https://bugzilla.novell.com/show_bug.cgi?id=788763#c6 --- Comment #6 from Till Dörges <doerges@pre-sense.de> 2012-11-13 21:49:38 UTC --- FTR. curl (using /root/.curlrc) doesn't work either with digest auth. Which makes sense because at least the option '--digest' is missing. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=788763 https://bugzilla.novell.com/show_bug.cgi?id=788763#c7 Michael Andres <ma@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |vcizek@suse.com --- Comment #7 from Michael Andres <ma@suse.com> 2012-11-14 09:32:17 CET --- (In reply to comment #5)
And ideally both applications would automagically determine and then use the right auth mechanism (at least for auth none, basic auth and digest auth).
But this is what zypp does, or better what libcurl does. We set: SET_OPTION(CURLOPT_PROXYAUTH, CURLAUTH_BASIC|CURLAUTH_DIGEST|CURLAUTH_NTLM ); AFAIK there's nothing else to do; libcurl will query the proxy to see what authentication methods it supports and then pick the best one we allowed. @Vitezslav: To me it looks like either a bug in libcurl or in the proxy. Any known bug in curl (openSUSE-12.1,curl-7.22.0)? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=788763 https://bugzilla.novell.com/show_bug.cgi?id=788763#c8 Michael Andres <ma@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED InfoProvider|vcizek@suse.com | Resolution| |NORESPONSE --- Comment #8 from Michael Andres <ma@suse.com> 2013-09-30 16:57:00 CEST --- no reponse -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com