Bug 1173156

Summary: Native NTLM authentication on Linux unsupported
Product: Red Hat Enterprise Linux 6 Reporter: Pat Riehecky <riehecky>
Component: firefoxAssignee: Martin Stransky <stransky>
Status: CLOSED CURRENTRELEASE QA Contact: Desktop QE <desktop-qa-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.6CC: csieh, misterbonnie, riehecky, stransky, tpelka
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: firefox-31.4.0-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-01-19 15:58:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Requested debug log
none
more detailed logs none

Description Pat Riehecky 2014-12-11 14:49:05 UTC 
Description of problem:
Firefox's debug log shows NTLM Native does not work as it cannot find ntlm_auth.

It appears that ntlm_auth is being called without $PATH set correctly

Version-Release number of selected component (if applicable):firefox-31.3.0-3.el6_6.x86_64


How reproducible:100%


Steps to Reproduce:
1.yum install samba-winbind-clients
2.export NSPR_LOG_FILE=/tmp/moz.log
3.export NSPR_LOG_MODULES=negotiateauth:10,nsHttp:10
4.tail -f /tmp/moz.log & firefox
5.log complains native NTLM doesn't work

Actual results:
log complains native NTLM doesn't work

Expected results:
correctly uses ntlm_auth helper program

Additional info:
Comment 2 Martin Stransky 2014-12-19 16:14:09 UTC 
From upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=554122#c7

With Firefox 21.0 this was *sporadically* working for me. It turns out to be trying to run "ntlm_auth" with no path:

7113  execve("ntlm_auth", ["ntlm_auth", "--helper-protocol", "ntlmssp-client-1", "--use-cached-creds", "--username", "dwmw2"], [/* 88 vars */]) = -1 ENOENT (No such file or directory)

If I run firefox from /usr/bin then it works; from elsewhere it doesn't.
Comment 3 Martin Stransky 2014-12-22 10:08:54 UTC 
Can you please test latest package? Firefox-31.3.0. It uses PR_CreateProcess() for the ntlm_auth launch and should consider PATH variable.
Comment 4 Martin Stransky 2014-12-22 10:11:30 UTC 
Ahh, sorry, I missed the version in comment 0.
Comment 5 Martin Stransky 2014-12-22 10:14:26 UTC 
Can you please run firefox + ntlm_auth with strace ($strace -o debug.txt firefox) and reproduce the problem and attach the debug.txt file here? Thanks!
Comment 6 Pat Riehecky 2014-12-22 14:47:27 UTC 
Created attachment 972059 [details]
Requested debug log

I've compressed it with xz as the raw file was a few Mb.
Comment 7 Martin Stransky 2014-12-22 16:08:13 UTC 
Ahh, sorry, it needs to be run as "$strace -f -o debug.txt firefox" because the auth command is called from separated process and strace does not follow fork by default. So please run the modified command and attach all files (debug.txt.XXX) where XXX is a proccess number. Thanks!
Comment 8 Pat Riehecky 2014-12-22 16:25:12 UTC 
Created attachment 972082 [details]
more detailed logs

I've got the more detailed trace logs attached.

Pat
Comment 9 Martin Stransky 2014-12-22 16:33:22 UTC 
I guess you have ntlm_auth in /usr/bin and your PATH contains /usr/bin, right?
Comment 10 Pat Riehecky 2014-12-22 16:37:39 UTC 
Correct.

$ echo $PATH
/usr/krb5/bin:/usr/krb5/bin:/usr/lib64/qt-3.3/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/riehecky/bin

$ rpm -q samba-winbind-clients
samba-winbind-clients-3.6.23-12.el6.x86_64
Comment 12 Martin Stransky 2014-12-23 14:47:43 UTC 
Thanks, I'll ask you for testing when updated packages are available.
Comment 13 Martin Stransky 2015-01-19 15:58:39 UTC 
Should be fixed in latest update - firefox-31.4.0-1.