bug#12069: 24.1.50; [url] bugs in authenticated proxy handling

From: Jason Rumney
Subject: bug#12069: 24.1.50; [url] bugs in authenticated proxy handling
Date: Sat, 28 Jul 2012 01:09:02 +0800

I tried to use list-packages from behind a proxy which requires
authentication.  I was prompted for my user name and password for the
proxy, and after entering it, the package list download failed.  Trying
again, I was prompted for the password again, and the failure repeated.

Applying the patch below, I am only prompted the first time for my
password, and the second and subsequent attempts do not fail.  I am not
very familiar with the url package, so I am not sure this is the correct
fix for the issue of cached proxy passwords not being used. But before
the patch I saw multiple identical copies of my username/password for
the proxy stored in url-http-proxy-basic-auth-storage, while after the
patch only one copy is stored, and subsequent attempts do not prompt for
the password, so it seems correct.

There is still a bug occuring on the first attempt though.  It seems
that two buffers are created on that attempt - one containing the 407
response requesting proxy authentication, and another containing the
subsequent response from the target server after the proxy credentials
have been supplied.  The buffer returned to the package code is the
first one, but it needs the second.  I'm not sure whether this is a bug
in url, or in the way package.el uses it, and edebug seemed to have
problems with parts of the url package, so I could not investigate in

=== modified file 'lisp/url/url-http.el'
*** lisp/url/url-http.el        2012-07-11 23:13:41 +0000
--- lisp/url/url-http.el        2012-07-27 16:49:07 +0000
*** 239,245 ****
                       (let ((url-basic-auth-storage
!                        (url-get-authentication url-http-target-url nil 'any 
         (real-fname (url-filename url-http-target-url))
         (host (url-host url-http-target-url))
         (auth (if (cdr-safe (assoc "Authorization" url-http-extra-headers))
--- 239,245 ----
                       (let ((url-basic-auth-storage
!                        (url-get-authentication url-http-proxy nil 'any nil))))
         (real-fname (url-filename url-http-target-url))
         (host (url-host url-http-target-url))
         (auth (if (cdr-safe (assoc "Authorization" url-http-extra-headers))

In GNU Emacs (x86_64-unknown-linux-gnu, GTK+ Version 2.24.10)
 of 2012-07-18 on wanchan
Bzr revision: 109147 address@hidden
Windowing system distributor `The X.Org Foundation', version 11.0.11202902
Important settings:
  value of $LANG: en_NZ.utf8
  locale-coding-system: utf-8-unix
  default enable-multibyte-characters: t

Major mode: Emacs-Lisp

Minor modes in effect:
  shell-dirtrack-mode: t
  diff-auto-refine-mode: t
  show-paren-mode: t
  recentf-mode: t
  display-time-mode: t
  cua-mode: t
  global-semanticdb-minor-mode: t
  global-semantic-idle-scheduler-mode: t
  semantic-mode: t
  tooltip-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  line-number-mode: t
  transient-mark-mode: t

