[Bug 256360] New: Error handling proxy credentials like "domain\user"
https://bugzilla.novell.com/show_bug.cgi?id=256360 Summary: Error handling proxy credentials like "domain\user" Product: openSUSE 10.2 Version: Final Platform: All OS/Version: All Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: xeon@sysroot.eu QAContact: jsrain@novell.com I found an error in the way proxy credentials are handled by Yast and his related software manager tools. My network is: an host with openSUSE 10.2 fully patched, and an authenticated proxy which gives Internet access. Proxy credentials are validated to a domain. So users login name for the proxy is in the form "domain\user". If I specify proxy settings in Yast (Yast -> Network services -> Proxy), to make the button "Test Proxy Settings" work I have to specify username with double backslash (for example: domain\\user). But when I try to update or to install software the proxy reject me because other applications send the credentials to the proxy with a single backslash, because they interpret it. If I specify in the proxy settings the username with a single backslash (domain\user) the button "Test Proxy Settings" doesn't work (because it use the username literally, checked with wireshark), but I successfully reach the update servers. This misuse of the backslash can be found also in the "Online update configuration" tool: to search update mirrors it use the username literally, to connect to it and retrieve updates list it use the username interpreted. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 chrubis@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team- |mzugec@novell.com |screening@forge.provo.novell| |.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 kmachalkova@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|mzugec@novell.com |kmachalkova@novell.com Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 ------- Comment #1 from kmachalkova@novell.com 2007-03-28 11:03 MST ------- 'Test proxy settings' button uses 'curl' utility to test whether your proxy settings actually work. The command is passed to bash, and there, backslash character must be either escaped or quoted so that it is not interpreted by the shell. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 kmachalkova@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |xeon@sysroot.eu ------- Comment #2 from kmachalkova@novell.com 2007-03-29 03:03 MST ------- Claudio, could you please test a patch I'll attach shortly? (I've added some quoting to the command strings). Just apply it to file /usr/share/YaST/modules/Proxy.ycp and then do (as root) 'ycpc -c Proxy.ycp' ,run proxy module and see if it works. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 ------- Comment #3 from kmachalkova@novell.com 2007-03-29 03:05 MST ------- Created an attachment (id=127283) --> (https://bugzilla.novell.com/attachment.cgi?id=127283&action=view) Proposed patch -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 kmachalkova@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|xeon@sysroot.eu | ------- Comment #4 from kmachalkova@novell.com 2007-04-05 05:42 MST ------- OK, I'm going to check the fix in. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 kmachalkova@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- Comment #5 from kmachalkova@novell.com 2007-04-05 05:43 MST ------- Please try with yast2-network 2.15.25 or newer. You can reopen this bug if the problem persists. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 xeon@sysroot.eu changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | ------- Comment #6 from xeon@sysroot.eu 2007-05-08 06:47 MST ------- Hi, I'm sorry for the long wait. Here is the output from the "Test Proxy" button: * About to connect() to proxy 10.68.38.205 port 3128 * Trying 10.68.38.205... connected * Connected to 10.68.38.205 (10.68.38.205) port 3128 * Establish HTTP proxy tunnel to secure-www.novell.com --insecure:443 * Proxy auth using Basic with user '<USER REMOVED>'
CONNECT secure-www.novell.com --insecure:443 HTTP/1.0 Host: secure-www.novell.com --insecure:443 Proxy-Authorization: Basic ZGlyXHN5d3N1czAxOlNZV1NVUzAx User-Agent: curl/7.15.5 (i686-suse-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8d zlib/1.2.3 libidn/0.6.8 Proxy-Connection: Keep-Alive
< HTTP/1.1 200 OK < * Proxy replied OK to CONNECT request * successfully set certificate verify locations: * CAfile: /usr/share/curl/curl-ca-bundle.crt CApath: none * SSLv2, Client hello (1): error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol * Closing connection #0 curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol Hi don't know if the same happen with yast2-network 2.15.25. It is installable with a simple upgrade? Or I have to compile it by hand? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 kmachalkova@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |ASSIGNED ------- Comment #7 from kmachalkova@novell.com 2007-05-09 02:19 MST ------- You don't have to upgrade the whole package, just take a patch from comment #3, apply it to /usr/share/YaST/modules/Proxy.ycp and then compile proxy module alone ('ycpc -c Proxy.ycp'). That should help, however, I cannot test it myself, because I don't have access to any authenticated proxy. If that won't work, please try what happens if you do (from bash): curl --verbose --proxy http://your.proxy.url --proxy-user 'user:password' --connect-timeout 60 --url https://secure-www.novell.com --insecure (do not forget to quote user credentials) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 ------- Comment #8 from xeon@sysroot.eu 2007-05-09 02:47 MST ------- Maybe I haven't explained myself well, I'm sorry if that's the case, but the output I've posted in <a href="show_bug.cgi?id=256360#c6">comment #6</a> is the output from the "Test Proxy" button <u>after</u> applying the patch. Insted, the output from the curl command is in the attached log. It seems that it's working right curl from the command line. But I would like to point out a thing: domain credentials (domain\user like) should be, in my opinion, well supported in all system applications. An user shouldn't have to think twice about how write them, he should just write them as he would normally use them, not with two backslashes because some application interpret them and after a while change and write them with one backslash because another application doesn't interpret them, and so on. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 ------- Comment #9 from xeon@sysroot.eu 2007-05-09 02:53 MST ------- Created an attachment (id=138466) --> (https://bugzilla.novell.com/attachment.cgi?id=138466&action=view) Output from curl -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 kmachalkova@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |mmarek@novell.com ------- Comment #10 from kmachalkova@novell.com 2007-05-11 06:32 MST ------- Ok, then let's ask Michal for help here. Please have a look at error output from comment #6. What may be the likely cause of this curl error? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 kmachalkova@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #127283|0 |1 is obsolete| | ------- Comment #11 from kmachalkova@novell.com 2007-05-11 07:17 MST ------- Created an attachment (id=139337) --> (https://bugzilla.novell.com/attachment.cgi?id=139337&action=view) Another patch Meanwhile, let's try this new patch (I think there was one quote too many, but I'm not sure) and see if it helps -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 mmarek@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #138466|text/x-log |text/plain mime type| | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 mmarek@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mmarek@novell.com Status|NEEDINFO |ASSIGNED Info Provider|mmarek@novell.com | ------- Comment #12 from mmarek@novell.com 2007-05-15 07:00 MST ------- No idea. What was the command to invoke curl? BTW if you want to quote special characters properly you should also handle ' (eg in passwords) ;) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 ------- Comment #13 from xeon@sysroot.eu 2007-05-16 07:45 MST ------- Hi, here is the output witch the latest patch. Seems there is an error in SSL with curl, but now proxy credentials are handled correctly, the same behavior of first patch. * About to connect() to proxy 10.68.38.205 port 3128 * Trying 10.68.38.205... connected * Connected to 10.68.38.205 (10.68.38.205) port 3128 * Establish HTTP proxy tunnel to secure-www.novell.com --insecure:443 * Proxy auth using Basic with user 'domain\user'
CONNECT secure-www.novell.com --insecure:443 HTTP/1.0 Host: secure-www.novell.com --insecure:443 Proxy-Authorization: Basic <MANUALLY REMOVED> User-Agent: curl/7.15.5 (i686-suse-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8d zlib/1.2.3 libidn/0.6.8 Proxy-Connection: Keep-Alive
< HTTP/1.1 200 OK < * Proxy replied OK to CONNECT request * successfully set certificate verify locations: * CAfile: /usr/share/curl/curl-ca-bundle.crt CApath: none * SSLv2, Client hello (1): error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol * Closing connection #0 curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 kmachalkova@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |xeon@sysroot.eu ------- Comment #14 from kmachalkova@novell.com 2007-05-16 07:56 MST ------- Claudio, please try again ('Test your proxy settings' button) with the latest patch applied and attach Yast logs. y2log file is enough. Thanks -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 ------- Comment #15 from xeon@sysroot.eu 2007-05-18 03:36 MST ------- Here are the last two lines in y2log file: 2007-05-18 10:40:36 <1> toxic(9893) [YCP] Proxy.ycp:234 Done. 2007-05-18 10:40:36 <1> toxic(9893) [YCP] clients/proxy.ycp:173 Proxy HTTP test: HTTP/1.0 200 OK -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 ------- Comment #16 from kmachalkova@novell.com 2007-05-18 05:14 MST ------- I need the whole y2log file, it's really impossible to tell what went wrong from the last two lines. Please attach the whole file to this bug, if possible with Y2DEBUG output as well. http://en.opensuse.org/Bugs/YaST http://en.opensuse.org/Bugs/YaST#The_y2logs_don.27t_seem_to_show_my_problem.... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 kmachalkova@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|xeon@sysroot.eu | ------- Comment #17 from kmachalkova@novell.com 2007-05-22 05:32 MST ------- . -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 kmachalkova@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|kmachalkova@novell.com |mvidner@novell.com Status|ASSIGNED |NEW ------- Comment #18 from kmachalkova@novell.com 2007-05-22 05:54 MST ------- yast2-network 2.15.33 includes fix for 'Test Proxy' issue. All backslash characters are now escaped with '\'. However, there's maybe a problem hidden deeper in YaST core - inconsistency between behavior of bash and target.bash_output agent. In bash you get: echo test\string -> teststring echo 'test\string' -> test\string In target.bash_output agent respective stdout's read: echo test\string -> teststring echo 'test\string' -> teststring I'll attach a testcase shortly and reassign to mvidner to evaluate target.bash_output part, if applicable. Martin, if it's not an issue, feel free to close as FIXED then. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 ------- Comment #19 from kmachalkova@novell.com 2007-05-22 05:56 MST ------- Created an attachment (id=141450) --> (https://bugzilla.novell.com/attachment.cgi?id=141450&action=view) A testcase for target.bash_output agent You should get two different strings in bash, but you get two identical strings in target.bash_output -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 kmachalkova@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #141450|application/octet-stream |text/plain mime type| | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 mvidner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kmachalkova@novell.com ------- Comment #20 from mvidner@novell.com 2007-05-22 06:19 MST ------- No, remember that at first the backslashes are processed by the YCP parser, so string cmd1 = "echo test\string"; string cmd2 = "echo 'test\string'"; are equivalent to string cmd1 = "echo teststring"; string cmd2 = "echo 'teststring'"; so it is correct that .target.bash_output produces equal outputs. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 ------- Comment #21 from mvidner@novell.com 2007-05-22 06:22 MST ------- Created an attachment (id=141466) --> (https://bugzilla.novell.com/attachment.cgi?id=141466&action=view) pokus2.ycp see also this test case for how the backslashes work -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 mvidner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Comment #22 from mvidner@novell.com 2007-05-22 06:43 MST ------- Anyway, fixed. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=256360 ------- Comment #23 from xeon@sysroot.eu 2007-05-22 07:42 MST ------- Great. I anxiously wait for 10.3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com