Re: Username and password in URL stopped working with proxy

Mike Crowe via curl-library Sat, 03 Aug 2019 13:45:51 -0700

On Saturday 03 August 2019 at 21:32:12 +0200, Daniel Stenberg wrote:
> On Sat, 3 Aug 2019, Daniel Stenberg via curl-library wrote:
> 
> > > curl --proxy http://proxy:3128/ --anyauth http://unittest:password@host/
> > 
> > And you're using curl 7.65.3 ?


No, I was using the current state of master yesterday:
decefd5778f0b1f3b0e1178f2264b39f3c294f10, but I believe that curl v7.64.0
in Debian Buster behaves the same way.

I've attached two logs. One from my build of master, and one from the
Debian Stretch version of curl (7.52.1.) It looks like v7.52.1 passes the
username and password on to the proxy in the URL, whereas master does not:

(master) * Issue another request to this URL: 
'http://cam-unittest-fixture.brightsign/~unittest/cgi-bin/auth-digest/make-large2.rb?maxage=0&bytes=310'

vs

(7.52.1) * Issue another request to this URL: 
'http://unittest:password@cam-unittest-fixture.brightsign/~unittest/cgi-bin/auth-digest/make-large2.rb?maxage=0&bytes=310'

I hope this makes things clearer.

Mike.

$ ./curl --version
curl 7.66.0-DEV (Linux) libcurl/7.66.0-DEV OpenSSL/1.1.1c zlib/1.2.11
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtsp 
smb smbs smtp smtps telnet tftp 
Features: AsynchDNS HTTPS-proxy IPv6 Largefile libz NTLM SSL UnixSockets

$ ./curl -4 -v --proxy http://elite:3128/ --anyauth --fail 
'http://unittest:password@cam-unittest-fixture.brightsign/~unittest/cgi-bin/auth-digest/make-large2.rb?maxage=0&bytes=310'
*   Trying 172.30.1.1:3128...
* TCP_NODELAY set
* Connected to elite (172.30.1.1) port 3128 (#0)
> GET 
> http://cam-unittest-fixture.brightsign/~unittest/cgi-bin/auth-digest/make-large2.rb?maxage=0&bytes=310
>  HTTP/1.1
> Host: cam-unittest-fixture.brightsign
> User-Agent: curl/7.66.0-DEV
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 401 Unauthorized
< Date: Sat, 03 Aug 2019 20:29:09 GMT
< Server: Apache/2.4.25 (Debian)
< WWW-Authenticate: Digest realm="Unit test realm", 
nonce="O3jHUzyPBQA=850b0ffa9bc084fd1caa41a11f4a18aa90efa8db", algorithm=MD5, 
qop="auth"
< Content-Length: 478
< Content-Type: text/html; charset=iso-8859-1
< X-Cache: MISS from elite
< X-Cache-Lookup: HIT from elite:3128
< Via: 1.1 elite (squid/3.5.23)
< Connection: keep-alive
< 
* Ignoring the response-body
* Connection #0 to host elite left intact
* Issue another request to this URL: 
'http://cam-unittest-fixture.brightsign/~unittest/cgi-bin/auth-digest/make-large2.rb?maxage=0&bytes=310'
* Found bundle for host elite: 0x560216d66f00 [serially]
* Hostname elite was found in DNS cache
*   Trying 172.30.1.1:3128...
* TCP_NODELAY set
* Connected to elite (172.30.1.1) port 3128 (#1)
> GET 
> http://cam-unittest-fixture.brightsign/~unittest/cgi-bin/auth-digest/make-large2.rb?maxage=0&bytes=310
>  HTTP/1.1
> Host: cam-unittest-fixture.brightsign
> User-Agent: curl/7.66.0-DEV
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
* Mark bundle as not supporting multiuse
* The requested URL returned error: 401 Unauthorized
* Closing connection 1
curl: (22) The requested URL returned error: 401 Unauthorized

$ curl --version
curl 7.52.1 (i686-pc-linux-gnu) libcurl/7.52.1 OpenSSL/1.0.2s zlib/1.2.8 
libidn2/0.16 libpsl/0.17.0 (+libidn2/0.16) libssh2/1.7.0 nghttp2/1.18.1 
librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 
pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL 
libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL 

$ curl -4 -v --proxy http://elite:3128/ --anyauth --fail 
'http://unittest:password@cam-unittest-fixture.brightsign/~unittest/cgi-bin/auth-digest/make-large2.rb?maxage=0&bytes=3'
*   Trying 172.30.1.1...
* TCP_NODELAY set
* Connected to (nil) (172.30.1.1) port 3128 (#0)
> GET 
> http://unittest:password@cam-unittest-fixture.brightsign/~unittest/cgi-bin/auth-digest/make-large2.rb?maxage=0&bytes=310
>  HTTP/1.1
> Host: cam-unittest-fixture.brightsign
> User-Agent: curl/7.52.1
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 401 Unauthorized
< Date: Sat, 03 Aug 2019 20:25:13 GMT
< Server: Apache/2.4.25 (Debian)
< WWW-Authenticate: Digest realm="Unit test realm", 
nonce="daWsRTyPBQA=af0f54dd56ec977de84277e3bdea682d83f4971f", algorithm=MD5, 
qop="auth"
< Content-Length: 478
< Content-Type: text/html; charset=iso-8859-1
< X-Cache: MISS from elite
< X-Cache-Lookup: HIT from elite:3128
< Via: 1.1 elite (squid/3.5.23)
< Connection: keep-alive
< 
* Ignoring the response-body
* Curl_http_done: called premature == 0
* Connection #0 to host (nil) left intact
* Issue another request to this URL: 
'http://unittest:password@cam-unittest-fixture.brightsign/~unittest/cgi-bin/auth-digest/make-large2.rb?maxage=0&bytes=310'
* Found bundle for host cam-unittest-fixture.brightsign: 0x574fee98 [can 
pipeline]
* Re-using existing connection! (#0) with proxy (nil)
* Connected to (nil) (172.30.1.1) port 3128 (#0)
* Server auth using Digest with user 'unittest'
> GET 
> http://unittest:password@cam-unittest-fixture.brightsign/~unittest/cgi-bin/auth-digest/make-large2.rb?maxage=0&bytes=310
>  HTTP/1.1
> Host: cam-unittest-fixture.brightsign
> Authorization: Digest username="unittest", realm="Unit test realm", 
> nonce="daWsRTyPBQA=af0f54dd56ec977de84277e3bdea682d83f4971f", 
> uri="/~unittest/cgi-bin/auth-digest/make-large2.rb?maxage=0&bytes=310", 
> cnonce="YWFiZmUwMGM5NGRjODE4ODcwMmQyZDJmNmJjNWEyMWU=", nc=00000001, qop=auth, 
> response="eadd69ed87b6033cc97699175ebff64e", algorithm="MD5"
> User-Agent: curl/7.52.1
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 200 OK
< Date: Sat, 03 Aug 2019 20:25:13 GMT
< Server: Apache/2.4.25 (Debian)
< Accept-Ranges: bytes
< Cache-Control: no-cache
< Rendered: 2019-08-03 21:25:13 +0100
< Authentication-Info: rspauth="df0cfcfc7e3314e60cf31bca453fe078", 
cnonce="YWFiZmUwMGM5NGRjODE4ODcwMmQyZDJmNmJjNWEyMWU=", nc=00000001, qop=auth
< Content-Length: 310
< Content-Type: text/test
< X-Cache: MISS from elite
< X-Cache-Lookup: HIT from elite:3128
< Via: 1.1 elite (squid/3.5.23)
< Connection: keep-alive
< 
* Curl_http_done: called premature == 0
* Connection #0 to host (nil) left intact
0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Username and password in URL stopped working with proxy

Reply via email to