The following warnings occurred:
Warning [2] count(): Parameter must be an array or an object that implements Countable - Line: 807 - File: showthread.php PHP 7.3.15 (Linux)
File Line Function
/showthread.php 807 errorHandler->error





Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
http authentication bug after daa8 commit?
2016-12-28, 13:24
Post: #1
http authentication bug after daa8 commit?
I'm trying to use HTTP Digest authentication using login example from http://ipxe.org/cmd/login, using the standard iso build

Code:
login
chain http://${username:uristring}:${password:uristring}@my.web.server/boot.ipxe

But the chain command returns with "Permission denied (http://ipxe.org/020c613c)

I thought that it could be a problem with the web server, but when I try the same URL in a browser or using 'wget' (with user and password options) it works without problems.

I used tshark to review the network, and I can see that:
- The iPXE client sends an HTTP get, and the server answers with a 401 reply
- The iPXE client then sends another HTTP with the user and password information, and the server replies with a 200 OK and the contents of the file

But even with the server sending the correct information, the iPXE client shows the "Permission denied" error.

I've tested this problem with Basic and Digest authentication.

Looking for information in the forums I've found that the HTTP Authentication was working, but that it has failed lately to at least another user (http://lists.ipxe.org/pipermail/ipxe-dev...05263.html) with the same symptoms (401 followed by 200 and still an error).

I've started to test older iso.pxe builds (downloaded from rom-o-matic), using Ctrl-b to enter the iPXE shell and then running:

Code:
dhcp
initrd http://user:hello@my.server/protected/file.ipxe

And I've found that with the commit

- https://git.ipxe.org/ipxe.git/commit/b99...d1e63230c9 (Disable TIVOLI_VMM_WORKAROUND in the qemu configuration) HTTP authentication worked OK
- but with the next build https://git.ipxe.org/ipxe.git/commit/daa...2c98b0a11a (Provide intf_reinit() to reinitialise nullified interfaces) the HTTP Authentication didn't work.

Please, could someone test this behaviour?

I reverted some changes in the httpcore.c and interface.c from the daa8 commit. Then recompiled the iso.pxe and it worked. It seems to be a problem with the http->content not being cleaned between the 401 and the 200 responses, but I really don't have the expertise with the code to provide a patch.

Will continue to use the b991 code by now.

And thanks for this fantastic project: it's incredible what you can achieve with it, and is been really a pleasure to work with.
Find all posts by this user
Quote this message in a reply
Post Reply 


Messages In This Thread
http authentication bug after daa8 commit? - murmansk - 2016-12-28 13:24



User(s) browsing this thread: 1 Guest(s)