https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256677
Bug ID: 256677
Summary: libfetch pops for user credentials eventhough it does
not support the auth mechanism
Product: Base System
Version: 12.2-STABLE
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: bin
Assignee: [email protected]
Reporter: [email protected]
Running on: stable/12:4e2ae05c3
Consider the following:
> # curl https://deblndw011x.ad001.siemens.net/repos/websvn/ -I
> HTTP/1.1 401 Unauthorized
> Date: Thu, 17 Jun 2021 19:37:35 GMT
> Server: Apache
> X-Frame-Options: SAMEORIGIN
> WWW-Authenticate: Negotiate
> Content-Type: text/html; charset=iso-8859-1
fetch nags me:
> # fetch https://deblndw011x.ad001.siemens.net/repos/websvn/
> Authentication required for <https://deblndw011x.ad001.siemens.net:443/>!
> Login:
libfetch does not support SPNEGO authentication through the Heimdal library in
base, yet it still nags me giving a false sense of support.
The reason is here:
https://github.com/freebsd/freebsd-src/blob/68d3790ba0bce162f9fcaed09cfecd9adeab3943/lib/libfetch/http.c#L768-L796
It unconditionally sets cs.valid = 1 without even knowing whether it supports
the scheme or not.
This needs to be changed to something: if at least one AS is supported set
valid to 1 otherwise remain on 0.
May this would do the trick:
cs->valid = 0;
if (strcasecmp(key, "basic") == 0) {
cs->challenges[cs->count]->scheme = HTTPAS_BASIC;
cs->valid = 1;
} else if (strcasecmp(key, "digest") == 0) {
cs->challenges[cs->count]->scheme = HTTPAS_DIGEST;
cs->valid = 1;
--
You are receiving this mail because:
You are the assignee for the bug.
