Bug 1337796
| Summary: | wget couldn't support NTLM proxy or ignore system-wide proxy settings | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Mikhail <mikhail.v.gavrilov> | ||||
| Component: | wget | Assignee: | Tomáš Hozza <thozza> | ||||
| Status: | CLOSED WONTFIX | QA Contact: | qe-baseos-daemons | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 7.4 | CC: | fkrska, jkejda, mikhail.v.gavrilov | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | |||||||
| : | 1784794 (view as bug list) | Environment: | |||||
| Last Closed: | 2019-12-18 09:24:48 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
$ export declare -x http_proxy="http://east-kronospan\\edvglu:niva4x4\$\$\$@172.18.4.7:8080" declare -x https_proxy="http://east-kronospan\\edvglu:niva4x4\$\$\$@172.18.4.7:8080" From the man page:
--http-user=user
--http-password=password
Specify the username user and password password on an HTTP server. According to the type of the challenge, Wget will encode them using either the "basic"
(insecure), the "digest", or the Windows "NTLM" authentication scheme.
Another way to specify username and password is in the URL itself. Either method reveals your password to anyone who bothers to run "ps". To prevent the
passwords from being seen, store them in .wgetrc or .netrc, and make sure to protect those files from other users with "chmod". If the passwords are really
important, do not leave them lying in those files either---edit the files and delete them after Wget has started the download.
This means you should use --http-user and --http-password to specify the credentials for the proxy.
The http{,s}_proxy environment variables are used for getting the proxy URL, but not the username and password.
Please retest with the --http-user and --http-password options
You don't tell me about escape characters so I don't know how here correct write '\' and '$' symbols. so I tried both variants: [root@sinuf1 synergy]# wget -v --http-user=east-kronospan\\edvglu --http-password=niva4x4\$\$\$ http://rpms.remirepo.net/enterprise/remi-release-7.rpm --2016-05-21 15:58:05-- http://rpms.remirepo.net/enterprise/remi-release-7.rpm Connecting to 172.18.4.7:8080... connected. Proxy request sent, awaiting response... 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied. ) 2016-05-21 15:58:05 ERROR 407: Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied. ). [root@sinuf1 synergy]# wget -v --http-user=east-kronospan\edvglu --http-password=niva4x4$$$ http://rpms.remirepo.net/enterprise/remi-release-7.rpm --2016-05-21 15:58:54-- http://rpms.remirepo.net/enterprise/remi-release-7.rpm Connecting to 172.18.4.7:8080... connected. Proxy request sent, awaiting response... 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied. ) 2016-05-21 15:58:54 ERROR 407: Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied. ). As you see this is also not work for me. Created attachment 1160090 [details]
/etc/wgetrc
And also I try store password in wgetrc file without success too Red Hat Enterprise Linux version 7 entered the Maintenance Support 1 Phase in August 2019. In this phase only qualified Critical and Important Security errata advisories (RHSAs) and Urgent Priority Bug Fix errata advisories (RHBAs) may be released as they become available. Other errata advisories may be delivered as appropriate. This bug has been reviewed by Support and Engineering representative and does not meet the inclusion criteria for Maintenance Support 1 Phase. For more information about Red Hat Enterprise Linux Lifecycle, please see https://access.redhat.com/support/policy/updates/errata/ Development Management has reviewed and declined this request. You may appeal this decision by using your Red Hat support channels, who will make certain the issue receives the proper prioritization with product and development management. https://www.redhat.com/support/process/production/#howto |
Description of problem: wget couldn't support NTLM proxy, but curl support it with paramener --proxy-ntlm $ curl -V curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.19.1 Basic ECC zlib/1.2.7 libidn/1.28 libssh2/1.4.3 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz $ wget -V GNU Wget 1.14 built on linux-gnu. +digest +https +ipv6 +iri +large-file +nls +ntlm +opie +ssl/openssl Wgetrc: /etc/wgetrc (system) Locale: /usr/share/locale Compile: gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/etc/wgetrc" -DLOCALEDIR="/usr/share/locale" -I. -I../lib -I../lib -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic Link: gcc -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -lssl -lcrypto /usr/lib64/libssl.so /usr/lib64/libcrypto.so /usr/lib64/libz.so -ldl -lz -lz -lidn -luuid -lpcre ftp-opie.o openssl.o http-ntlm.o ../lib/libgnu.a Copyright (C) 2011 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://www.gnu.org/licenses/gpl.html>. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Originally written by Hrvoje Niksic <hniksic>. Please send bug reports and questions to <bug-wget>. # wget -v http://rpms.remirepo.net/enterprise/remi-release-7.rpm --2016-05-20 11:37:41-- http://rpms.remirepo.net/enterprise/remi-release-7.rpm Connecting to 172.18.4.7:8080... connected. Proxy request sent, awaiting response... 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied. ) 2016-05-20 11:37:41 ERROR 407: Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied. ). # curl -v --proxy-ntlm -I http://rpms.remirepo.net/enterprise/remi-release-7.rpm * About to connect() to proxy 172.18.4.7 port 8080 (#0) * Trying 172.18.4.7... * Connected to 172.18.4.7 (172.18.4.7) port 8080 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * Proxy auth using NTLM with user 'edvglu' > HEAD http://rpms.remirepo.net/enterprise/remi-release-7.rpm HTTP/1.1 > Proxy-Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= > User-Agent: curl/7.29.0 > Host: rpms.remirepo.net > Accept: */* > Proxy-Connection: Keep-Alive > < HTTP/1.1 407 Proxy Authentication Required ( Access is denied. ) HTTP/1.1 407 Proxy Authentication Required ( Access is denied. ) < Via:1.1 ISAEG Via:1.1 ISAEG < Proxy-Authenticate: NTLM TlRMTVNTUAACAAAADgAOADgAAAAGgokCXLtediV72KUAAAAAAAAAAKwArABGAAAABQLODgAAAA9FQVNULUtST05PU1BBTgIAHABFAEEAUwBUAC0ASwBSAE8ATgBPAFMAUABBAE4AAQAKAEkAUwBBAEUARwAEACQAZQBhAHMAdAAuAGsAcgBvAG4AbwBzAHAAYQBuAC4AaQBuAHQAAwAwAGkAcwBhAGUAZwAuAGUAYQBzAHQALgBrAHIAbwBuAG8AcwBwAGEAbgAuAGkAbgB0AAUAGgBrAHIAbwBuAG8AcwBwAGEAbgAuAGkAbgB0AAAAAAA= Proxy-Authenticate: NTLM TlRMTVNTUAACAAAADgAOADgAAAAGgokCXLtediV72KUAAAAAAAAAAKwArABGAAAABQLODgAAAA9FQVNULUtST05PU1BBTgIAHABFAEEAUwBUAC0ASwBSAE8ATgBPAFMAUABBAE4AAQAKAEkAUwBBAEUARwAEACQAZQBhAHMAdAAuAGsAcgBvAG4AbwBzAHAAYQBuAC4AaQBuAHQAAwAwAGkAcwBhAGUAZwAuAGUAYQBzAHQALgBrAHIAbwBuAG8AcwBwAGEAbgAuAGkAbgB0AAUAGgBrAHIAbwBuAG8AcwBwAGEAbgAuAGkAbgB0AAAAAAA= < Pragma: no-cache Pragma: no-cache < Cache-Control: no-cache Cache-Control: no-cache < Content-Type: text/html Content-Type: text/html < Content-Length: 0 Content-Length: 0 < * Connection #0 to host 172.18.4.7 left intact * Issue another request to this URL: 'http://rpms.remirepo.net/enterprise/remi-release-7.rpm' * Found bundle for host rpms.remirepo.net: 0x154be90 * Re-using existing connection! (#0) with host 172.18.4.7 * Connected to 172.18.4.7 (172.18.4.7) port 8080 (#0) * Proxy auth using NTLM with user 'edvglu' > HEAD http://rpms.remirepo.net/enterprise/remi-release-7.rpm HTTP/1.1 > Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAABgAGAHAAAAAJAAkAdgAAAAAAAAAAAAAABoKJAkblnXYcrg/BAAAAAAAAAAAAAAAAAAAAAF64tdRktf5NEf722Jvel8SnzH0EDfgk2GVkdmdsdWxvY2FsaG9zdA== > User-Agent: curl/7.29.0 > Host: rpms.remirepo.net > Accept: */* > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 OK HTTP/1.1 200 OK < Via: 1.1 ISAEG Via: 1.1 ISAEG < Content-Length: 7611 Content-Length: 7611 < Date: Fri, 20 May 2016 05:38:29 GMT Date: Fri, 20 May 2016 05:38:29 GMT < Content-Type: application/x-rpm Content-Type: application/x-rpm < Server: Apache/2.2.15 (CentOS) Server: Apache/2.2.15 (CentOS) < Last-Modified: Wed, 09 Dec 2015 09:15:19 GMT Last-Modified: Wed, 09 Dec 2015 09:15:19 GMT < ETag: "d82bb3-1dbb-52673877157c0" ETag: "d82bb3-1dbb-52673877157c0" < Accept-Ranges: bytes Accept-Ranges: bytes < * Connection #0 to host 172.18.4.7 left intact