From edwin@mavetju.org  Tue Nov 22 02:40:50 2005
Return-Path: <edwin@mavetju.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 71C1016A420
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 22 Nov 2005 02:40:50 +0000 (GMT)
	(envelope-from edwin@mavetju.org)
Received: from mail3out.barnet.com.au (mail3out.barnet.com.au [202.83.176.17])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 378E343D49
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 22 Nov 2005 02:40:19 +0000 (GMT)
	(envelope-from edwin@mavetju.org)
Received: by mail3out.barnet.com.au (Postfix, from userid 27)
	id D677E877CAD; Tue, 22 Nov 2005 13:40:16 +1100 (EST)
Received: from mail3-auth.barnet.com.au (mail3.barnet.com.au [202.83.176.16])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "*.barnet.com.au", Issuer "BarNet Root Certificate Authority" (verified OK))
	by mail3.barnet.com.au (Postfix) with ESMTP id B26DC877CA9
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 22 Nov 2005 13:40:16 +1100 (EST)
Received: from k7.mavetju (edwin-3.int.barnet.com.au [10.10.12.2])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "edwin.adsl.barnet.com.au", Issuer "BarNet Root Certificate Authority" (not verified))
	by mail3-auth.barnet.com.au (Postfix) with ESMTP id 377FB877CA4
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 22 Nov 2005 13:40:16 +1100 (EST)
Received: by k7.mavetju (Postfix, from userid 1001)
	id 0759463A6; Tue, 22 Nov 2005 13:40:15 +1100 (EST)
Message-Id: <20051122024015.0759463A6@k7.mavetju>
Date: Tue, 22 Nov 2005 13:40:15 +1100 (EST)
From: Edwin Groothuis <edwin@mavetju.org>
Reply-To: Edwin Groothuis <edwin@mavetju.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: fetch(1) doesn't honour authentication credentials when going through a proxy
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         89403
>Category:       bin
>Synopsis:       fetch(1) doesn't honour authentication credentials when going through a proxy
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 22 02:50:23 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Edwin Groothuis
>Release:        FreeBSD 5.4-RELEASE i386
>Organization:
-
>Environment:
System: FreeBSD tinderbox.barnet.com.au 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Sun May  8 10:21:06 UTC 2005     root@harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386

>Description:

When trying this URL on a machine without HTTP_PROXY defined:
$ fetch ftp://3dgr35g:mr23g239a@3dgamers.mirror.internode.on.net/3dgamers/games/quake4/foo
fetch: ftp://3dgr35g:mr23g239a@3dgamers.mirror.internode.on.net/3dgamers/games/quake4/foo: File unavailable (e.g., file not found, no access)

But when running it on a machine with HTTP_PROXY defined:
$ fetch ftp://3dgr35g:mr23g239a@3dgamers.mirror.internode.on.net/3dgamers/games/quake4/foo
fetch: ftp://3dgr35g:mr23g239a@3dgamers.mirror.internode.on.net/3dgamers/games/quake4/foo: Unauthorized

Network trace gives this:
T 10.192.1.5:61229 -> 202.83.176.9:8080 [AP]
  GET ftp://3dgamers.mirror.internode.on.net/3dgamers/games/quake4/foo HTTP/1.1..
##
T 10.192.1.5:61229 -> 202.83.176.9:8080 [AP]
  Host: 3dgamers.mirror.internode.on.net..Authorization: Basic M2RncjM1Zzptcj
  IzZzIzOWE=..User-Agent: fetch libfetch/2.0..Connection: close....          

And towards the FTP server:
T 203.16.214.173:21 -> 202.83.176.9:1982 [AP]
  220 203.16.214.173 FTP server ready..                                      
#
T 202.83.176.9:1982 -> 203.16.214.173:21 [AP]
  USER anonymous..                                                           
##
T 203.16.214.173:21 -> 202.83.176.9:1982 [AP]
  331 Password required for anonymous...                                     
#
T 202.83.176.9:1982 -> 203.16.214.173:21 [AP]
  PASS Squid@..                                                              

When telnetting to the proxy and entering this command:
GET ftp://3dgr35g:mr23g239a@3dgamers.mirror.internode.on.net/3dgamers/games/quake4/foo HTTP/1.1

I see this on the line:
  220 203.16.214.173 FTP server ready..                                      
#
T 202.83.176.9:3880 -> 203.16.214.173:21 [AP]
  USER 3dgr35g..                                                             
##
T 203.16.214.173:21 -> 202.83.176.9:3880 [AP]
  331 Password required for 3dgr35g...                                       
#
T 202.83.176.9:3880 -> 203.16.214.173:21 [AP]
  PASS mr23g239a..                                                           
#
T 203.16.214.173:21 -> 202.83.176.9:3880 [AP]
  230 Anonymous access granted, restrictions apply...                        

which is exactly what I expected in the first place.

>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
