Bug 69023

Summary: http basic authentication broken in htdig-3.2.0b4-011302
Product: [Retired] Red Hat Linux Reporter: F Harvell <fharvell>
Component: htdigAssignee: Phil Knirsch <pknirsch>
Status: CLOSED RAWHIDE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3CC: grdetil, rvokal
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-09-02 12:50:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
pretested patch for authentication problem none

Description F Harvell 2002-07-17 05:55:25 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1a) Gecko/20020610

Description of problem:
The basic authentication code is broken in the htdig-3.2.0b4-011302 version of
htdig included in 7.3 (and currently available as a security update for other
versions).

Version-Release number of selected component (if applicable):
htdig-web-3.2.0-2.011302
htdig-3.2.0-2.011302

How reproducible:
Always

Steps to Reproduce:
1.Set up a website with basic authentication.
2.Add an authorization: <username>:<password> line to htdig.conf
3.Run rundig.


Actual Results:  rundig (actually htdig) doesn't dig the protected pages.

Expected Results:  rundig to load and index the protected pages.

Additional info:

I found this problem described at:

http://www.geocrawler.com/archives/3/8822/2002/1/150/7586782/

Excerpted:

I did some more digging on the issue of broken basic auth
in the htdig-3.2.0b4-011302 snapshot.

> According to Roman Maeder:
> > > Well, what would you consider a recent code change?  Or more specifically,
> > > what was the last version that you had running on your system?  The HTTP
> > > > the one installed and known to work is htdig-3.2.0b4-111801.
> > I didn't test authentication with htdig-3.2.0b4-122301, because it
> > had other problems.
> > Well, that's strange.  I looked through the recent changes to
> htnet/HtHTTP.cc since late November, and I don't see anything there that
> would break basic authentication.  The only thing even remotely related
> to it would be the addition of "const" keywords on lines 919 and 934 of
> that file (the SetCredentials method), but I don't see what harm that
> would cause.

looks like this change broke it after all, because it was not done
in the base class as well, so the method was no longer overridden, but
a different one was defined, but the inherited one was used.
Comment 1 Lloyd Parkes 2002-08-01 23:56:47 UTC 
Created attachment 68404 [details]
pretested patch for authentication problem
Comment 2 Lloyd Parkes 2002-08-04 21:26:21 UTC 
This was fixed in the htdig CVS source repository on Jan 18, 2002.
Comment 3 Gilles Detillieux 2002-08-09 18:21:22 UTC 
I'm one of the ht://Dig developers.  We get a lot of complaints
about this problem on the htdig-general mailing list.  Even though
the bug existed only for a week in the CVS code tree, it's been
"immortalized" by Red Hat.  That's the problem with basing a
standard package on a pre-release snapshot of a beta version.

We still recommend to users that they stick to the 3.1.6 stable
release of ht://Dig, unless they really need the features of the
3.2 betas (like phrase searching).  However, if Red Hat really
would prefer to stick with a beta that's still under development,
I'd recommend grabbing the upcoming Aug. 11, 2002 snapshot,
which fixes quite a few problems in addition to the one with
basic authentication.

By the way, this problem isn't just in 7.3, but also the update
rpms of htdig for 7.2 and 7.1, also based on the buggy 011302
snapshot.
Comment 4 Phil Knirsch 2002-12-10 17:19:45 UTC 
I've updated our htdig packages to the latest snapshot of 20021103.

If you could give it a shot and verify that it fixes the problem i'd greately
appreciate it.

Read ya, Phil
Comment 5 Phil Knirsch 2003-09-02 12:50:09 UTC 
No response in over 1 year, assume this bug to be closed.

Read ya, Phil