http authentication bug after daa8 commit? - Printable Version +- iPXE discussion forum (https://forum.ipxe.org) +-- Forum: iPXE user forums (/forumdisplay.php?fid=1) +--- Forum: General (/forumdisplay.php?fid=2) +--- Thread: http authentication bug after daa8 commit? (/showthread.php?tid=8273) |
http authentication bug after daa8 commit? - murmansk - 2016-12-28 13:24 I'm trying to use HTTP Digest authentication using login example from http://ipxe.org/cmd/login, using the standard iso build Code: login But the chain command returns with "Permission denied (http://ipxe.org/020c613c) I thought that it could be a problem with the web server, but when I try the same URL in a browser or using 'wget' (with user and password options) it works without problems. I used tshark to review the network, and I can see that: - The iPXE client sends an HTTP get, and the server answers with a 401 reply - The iPXE client then sends another HTTP with the user and password information, and the server replies with a 200 OK and the contents of the file But even with the server sending the correct information, the iPXE client shows the "Permission denied" error. I've tested this problem with Basic and Digest authentication. Looking for information in the forums I've found that the HTTP Authentication was working, but that it has failed lately to at least another user (http://lists.ipxe.org/pipermail/ipxe-devel/2016-November/005263.html) with the same symptoms (401 followed by 200 and still an error). I've started to test older iso.pxe builds (downloaded from rom-o-matic), using Ctrl-b to enter the iPXE shell and then running: Code: dhcp And I've found that with the commit - https://git.ipxe.org/ipxe.git/commit/b991c67c1d91574ef22336cc3a5944d1e63230c9 (Disable TIVOLI_VMM_WORKAROUND in the qemu configuration) HTTP authentication worked OK - but with the next build https://git.ipxe.org/ipxe.git/commit/daa8ed9274d91a157dc049f00792f62c98b0a11a (Provide intf_reinit() to reinitialise nullified interfaces) the HTTP Authentication didn't work. Please, could someone test this behaviour? I reverted some changes in the httpcore.c and interface.c from the daa8 commit. Then recompiled the iso.pxe and it worked. It seems to be a problem with the http->content not being cleaned between the 401 and the 200 responses, but I really don't have the expertise with the code to provide a patch. Will continue to use the b991 code by now. And thanks for this fantastic project: it's incredible what you can achieve with it, and is been really a pleasure to work with. RE: http authentication bug after daa8 commit? - robinsmidsrod - 2017-01-02 11:48 There was a patch recently that made it possible to disable the Tivoli workaround with a configuration change. You might want to try it with the Tivoli workaround disabled. RE: http authentication bug after daa8 commit? - murmansk - 2017-01-03 01:38 (2017-01-02 11:48)robinsmidsrod Wrote: There was a patch recently that made it possible to disable the Tivoli workaround with a configuration change. You might want to try it with the Tivoli workaround disabled. There is no problem with the Tivoli workaround. It's the next commit "Provide intf_reinit() to reinitialise nullified interfaces" (https://git.ipxe.org/ipxe.git/commit/daa8ed9274d91a157dc049f00792f62c98b0a11a) the one that introduces the bug. After the "Provide intf_reinit() to reinitialise nullified interfaces" commit, the HTTP request always return with the the "Permission denied" error. RE: http authentication bug after daa8 commit? - vtwaldo21 - 2017-01-31 23:00 Same issue here. Always get permission denied even when using correct URIs RE: http authentication bug after daa8 commit? - NiKiZe - 2017-02-02 22:36 I think mcb30 pushed a fix for this a few hours ago: https://git.ipxe.org/ipxe.git/commit/4a4da573dd8ffabff881ee52c2d1151c15d1730e RE: http authentication bug after daa8 commit? - murmansk - 2017-02-03 15:32 Tested with undionly.kpxe and ipxe.pxe. Working OK. Thanks!! |