Bug#709637: wget: Credentials in URL not supported

Hannes Hörl Tue, 13 Aug 2013 10:27:37 -0700

Hi.

On 08/13/2013 06:05 PM, Noël Köthe wrote:

Am Freitag, den 24.05.2013, 17:39 +0200 schrieb Hannes Hoerl:

after the upgrade to wheezy wget (basic http) auth doesn't work like
e.g. in version 1.12 anymore.


Maybe the question from Tim didn't reach you:


Sorry, I didn't see Tim's message ...

Could you send us the output of --debug?


I just found out the problem appears to be dependent on the server:


1.) Boa server & --user/--password => OK (wget__bad_server__ok.log)

$ wget -d -O /dev/null --user=*user* --password=*password* \
... 'http://xxx.xxx.xxx.xxx:80/protected'


2.) Boa server & user:passwd@host => FAIL (wget__bad_server__fail.log)

$ wget -d -O /dev/null \
... 'http://*user*:*password*@xxx.xxx.xxx.xxx:80/protected'


3.) Apache server & user:passwd@host => OK (wget__good_server__ok.log)

$ wget -d -O /dev/null \
... 'https://*user*:*password*@yyy.yyy.yyy.yyy/protected'

In 1 and 2 both the client and the server are the same. In 3 the clientmachine is the same again but the server is on another machine and another implementation.



Thank you, Hannes

Setting --output-document (outputdocument) to /dev/null
Setting --user (user) to *user*
Setting --password (password) to ikwb
DEBUG output created by Wget 1.13.4 on linux-gnu.

URI encoding = `UTF-8'
--2013-08-13 18:15:24--  http://xxx.xxx.xxx.xxx/protected
Host `xxx.xxx.xxx.xxx' has not issued a general basic challenge.
Connecting to xxx.xxx.xxx.xxx:80... connected.
Created socket 4.
Releasing 0x0000000000d1e550 (new refcount 0).
Deleting unused 0x0000000000d1e550.

---request begin---
GET /protected HTTP/1.1
User-Agent: Wget/1.13.4 (linux-gnu)
Accept: */*
Host: xxx.xxx.xxx.xxx
Connection: Keep-Alive

---request end---
HTTP request sent, awaiting response... 
---response begin---
HTTP/1.0 401 Unauthorized
Date: Tue, 13 Aug 2013 08:15:23 GMT
Server: Boa/0.94.13
Connection: close
WWW-Authenticate: Basic realm="/"
Content-Type: text/html; charset=ISO-8859-1

---response end---
401 Unauthorized
Registered socket 4 for persistent reuse.
] done.
Inserted `xxx.xxx.xxx.xxx' into basic_authed_hosts
Disabling further reuse of socket 4.
Closed fd 4

---request begin---
GET /protected HTTP/1.1
User-Agent: Wget/1.13.4 (linux-gnu)
Accept: */*
Host: xxx.xxx.xxx.xxx
Connection: Keep-Alive
Authorization: Basic cm9vdDppa3di

---request end---
Failed writing HTTP request: Bad file descriptor.
Closed fd 4
Retrying.

--2013-08-13 18:15:25--  (try: 2)  http://xxx.xxx.xxx.xxx/protected
Found `xxx.xxx.xxx.xxx' in basic_authed_hosts.
Connecting to xxx.xxx.xxx.xxx:80... connected.
Created socket 4.
Releasing 0x0000000000d1ed10 (new refcount 0).
Deleting unused 0x0000000000d1ed10.

---request begin---
GET /protected HTTP/1.1
User-Agent: Wget/1.13.4 (linux-gnu)
Accept: */*
Authorization: Basic cm9vdDppa3di
Host: xxx.xxx.xxx.xxx
Connection: Keep-Alive

---request end---
HTTP request sent, awaiting response... 
---response begin---
HTTP/1.0 200 OK
Date: Tue, 13 Aug 2013 08:15:24 GMT
Server: Boa/0.94.13
Connection: close
Content-Length: 163072
Last-Modified: Tue, 13 Aug 2013 08:15:24 GMT
Content-Type: image/jpeg

---response end---
200 OK
Length: 163072 (159K) [image/jpeg]
Saving to: `/dev/null'

     0K .......... .......... .......... .......... .......... 31% 51.2K 2s
    50K .......... .......... .......... .......... .......... 62% 51.9K 1s
   100K .......... .......... .......... .......... .......... 94% 46.0K 0s
   150K .........                                             100%  118K=3.1s

Closed fd 4
2013-08-13 18:15:28 (51.3 KB/s) - `/dev/null' saved [163072/163072]

Setting --output-document (outputdocument) to /dev/null
DEBUG output created by Wget 1.13.4 on linux-gnu.

URI encoding = `UTF-8'
--2013-08-13 18:15:54--  http://*user*:*password*@xxx.xxx.xxx.xxx/protected
Connecting to xxx.xxx.xxx.xxx:80... connected.
Created socket 4.
Releasing 0x00000000024c3b90 (new refcount 0).
Deleting unused 0x00000000024c3b90.

---request begin---
GET /protected HTTP/1.1
User-Agent: Wget/1.13.4 (linux-gnu)
Accept: */*
Host: xxx.xxx.xxx.xxx
Connection: Keep-Alive

---request end---
HTTP request sent, awaiting response... 
---response begin---
HTTP/1.0 401 Unauthorized
Date: Tue, 13 Aug 2013 08:15:53 GMT
Server: Boa/0.94.13
Connection: close
WWW-Authenticate: Basic realm="/"
Content-Type: text/html; charset=ISO-8859-1

---response end---
401 Unauthorized
Registered socket 4 for persistent reuse.
] done.
Disabling further reuse of socket 4.
Closed fd 4

---request begin---
GET /protected HTTP/1.1
User-Agent: Wget/1.13.4 (linux-gnu)
Accept: */*
Host: xxx.xxx.xxx.xxx
Connection: Keep-Alive
Authorization: Basic cm9vdDppa3di

---request end---
Failed writing HTTP request: Bad file descriptor.
Closed fd 4
Retrying.

--2013-08-13 18:15:55--  (try: 2)  
http://*user*:*password*@xxx.xxx.xxx.xxx/protected
Connecting to xxx.xxx.xxx.xxx:80... connected.
Created socket 4.
Releasing 0x00000000024c34d0 (new refcount 0).
Deleting unused 0x00000000024c34d0.

---request begin---
GET /protected HTTP/1.1
User-Agent: Wget/1.13.4 (linux-gnu)
Accept: */*
Host: xxx.xxx.xxx.xxx
Connection: Keep-Alive

---request end---
HTTP request sent, awaiting response... 
---response begin---
HTTP/1.0 401 Unauthorized
Date: Tue, 13 Aug 2013 08:15:54 GMT
Server: Boa/0.94.13
Connection: close
WWW-Authenticate: Basic realm="/"
Content-Type: text/html; charset=ISO-8859-1

---response end---
401 Unauthorized
Registered socket 4 for persistent reuse.
] done.
Disabling further reuse of socket 4.
Closed fd 4

---request begin---
GET /protected HTTP/1.1
User-Agent: Wget/1.13.4 (linux-gnu)
Accept: */*
Host: xxx.xxx.xxx.xxx
Connection: Keep-Alive
Authorization: Basic cm9vdDppa3di

---request end---
Failed writing HTTP request: Bad file descriptor.
Closed fd 4
Retrying.

--2013-08-13 18:15:57--  (try: 3)  
http://*user*:*password*@xxx.xxx.xxx.xxx/protected
Connecting to xxx.xxx.xxx.xxx:80... connected.
Created socket 4.
Releasing 0x00000000024c3bb0 (new refcount 0).
Deleting unused 0x00000000024c3bb0.

---request begin---
GET /protected HTTP/1.1
User-Agent: Wget/1.13.4 (linux-gnu)
Accept: */*
Host: xxx.xxx.xxx.xxx
Connection: Keep-Alive

---request end---
HTTP request sent, awaiting response... 
---response begin---
HTTP/1.0 401 Unauthorized
Date: Tue, 13 Aug 2013 08:15:56 GMT
Server: Boa/0.94.13
Connection: close
WWW-Authenticate: Basic realm="/"
Content-Type: text/html; charset=ISO-8859-1

---response end---
401 Unauthorized
Registered socket 4 for persistent reuse.
] done.
Disabling further reuse of socket 4.
Closed fd 4

---request begin---
GET /protected HTTP/1.1
User-Agent: Wget/1.13.4 (linux-gnu)
Accept: */*
Host: xxx.xxx.xxx.xxx
Connection: Keep-Alive
Authorization: Basic cm9vdDppa3di

---request end---
Failed writing HTTP request: Bad file descriptor.
Closed fd 4
Giving up.

Setting --output-document (outputdocument) to /dev/null
Setting --check-certificate (checkcertificate) to 0
DEBUG output created by Wget 1.13.4 on linux-gnu.

URI encoding = `UTF-8'
--2013-08-13 18:47:01--  https://*user*:*password*@yyy.yyy.yyy.yyy/protected
Resolving yyy.yyy.yyy.yyy (yyy.yyy.yyy.yyy)... yyy.yyy.yyy.yyy
Caching yyy.yyy.yyy.yyy => yyy.yyy.yyy.yyy
Connecting to yyy.yyy.yyy.yyy (yyy.yyy.yyy.yyy)|yyy.yyy.yyy.yyy|:443... 
connected.
Created socket 5.
Releasing 0x00000000022e80c0 (new refcount 1).
WARNING: The certificate of `yyy.yyy.yyy.yyy' is not trusted.
The certificate has expired
The certificate's owner does not match hostname `yyy.yyy.yyy.yyy'

---request begin---
GET /protected HTTP/1.1
User-Agent: Wget/1.13.4 (linux-gnu)
Accept: */*
Host: yyy.yyy.yyy.yyy
Connection: Keep-Alive

---request end---
HTTP request sent, awaiting response... 
---response begin---
HTTP/1.1 401 Authorization Required
Date: Tue, 13 Aug 2013 16:47:01 GMT
Server: Apache/2.2.22 (Debian)
WWW-Authenticate: Basic realm="private area"
Vary: Accept-Encoding
Content-Length: 482
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

---response end---
401 Authorization Required
Registered socket 5 for persistent reuse.
Skipping 482 bytes of body: [<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<hr>
<address>Apache/2.2.22 (Debian) Server at yyy.yyy.yyy.yyy Port 443</address>
</body></html>
] done.
Reusing existing connection to yyy.yyy.yyy.yyy:443.
Reusing fd 5.

---request begin---
GET /protected HTTP/1.1
User-Agent: Wget/1.13.4 (linux-gnu)
Accept: */*
Host: yyy.yyy.yyy.yyy
Connection: Keep-Alive
Authorization: Basic YnVlbm9pOmtuZWRsYnJvdA==

---request end---
HTTP request sent, awaiting response... 
---response begin---
HTTP/1.0 200 OK
Date: Tue, 13 Aug 2013 16:47:01 GMT
Server: Apache/2.2.22 (Debian)
X-Powered-By: PHP/5.4.4-14+deb7u3
Set-Cookie: PHPSESSID=4phe2ktlaeosrv3a43jpvulf02; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 1778
Connection: close
Content-Type: text/html; charset=utf-8

---response end---
200 OK

Stored cookie yyy.yyy.yyy.yyy -1 (ANY) / <session> <insecure> [expiry none] 
PHPSESSID 4phe2ktlaeosrv3a43jpvulf02
URI content encoding = `utf-8'
Length: 1778 (1.7K) [text/html]
Saving to: `/dev/null'

     0K .                                                     100% 17.5M=0s

Disabling further reuse of socket 5.
2013-08-13 18:47:01 (17.5 MB/s) - `/dev/null' saved [1778/1778]

Bug#709637: wget: Credentials in URL not supported

Reply via email to