php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55639 Digest autentication dont work
Submitted: 2011-09-08 09:48 UTC Modified: 2016-07-13 02:23 UTC
Votes:10
Avg. Score:4.7 ± 0.6
Reproduced:7 of 8 (87.5%)
Same Version:4 (57.1%)
Same OS:4 (57.1%)
From: kolya at telepark dot ua Assigned:
Status: Closed Package: SOAP related
PHP Version: Irrelevant OS: Fedora 15
Private report: No CVE-ID: None
 [2011-09-08 09:48 UTC] kolya at telepark dot ua
Description:
------------
PHP version 5.3.6 (last in Fedora 15)

When connecting to GlassFish v3.1.1 using authentication method digest, can`t pass authentication. SOAP client trying to connect, recieving 401 and crash. Test script, backtrace and dump attached.



Test script:
---------------
<?php                                                                           $wsdl='http://localhost:8080/test/wsdl/test?wsdl';

$username = 'username';
$password = 'password';

$options = array(
                'trace' => true,
                'login' => $username,
                'password' => $password,
                'authentication' => SOAP_AUTHENTICATION_DIGEST);

$client = new SoapClient ($wsdl, $options); /* Crash on that */
?>


Expected result:
----------------
When connecting with a browser work`s fine. Dump attached:

Request:
GET /test/wsdl/test?wsdl HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive

Response:
HTTP/1.1 401 Unauthorized
X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.1 Java/Sun Microsystems Inc./1.6)
Server: GlassFish Server Open Source Edition 3.1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 03:00:00 EET
WWW-Authenticate: Digest realm="TestDigest", qop="auth", nonce="1315474646044:036fa2718bf426f31c210334331803530a404129b4f3e039e14320c9dc4261ec", opaque="AB1BD94DCADA400497D1D3937FB1B05E", stale=true
Content-Type: text/html
Content-Length: 1069
Date: Thu, 08 Sep 2011 09:37:26 GMT

Request:
GET /test/wsdl/test?wsdl HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
Authorization: Digest username="username", realm="TestDigest", nonce="1315474646044:036fa2718bf426f31c210334331803530a404129b4f3e039e14320c9dc4261ec", uri="/test/wsdl/test?wsdl", response="d1fd9d5da8ccb8f4e0ed8323abf7e90b", opaque="AB1BD94DCADA400497D1D3937FB1B05E", qop=auth, nc=00000001, cnonce="50a68c2945330a48"

Response:
HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.1 Java/Sun Microsystems Inc./1.6)
Server: GlassFish Server Open Source Edition 3.1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 03:00:00 EET
Content-Type: text/xml;charset=utf-8
Transfer-Encoding: chunked
Date: Thu, 08 Sep 2011 09:37:26 GMT

Actual result:
--------------
Backtrace:

PHP Fatal error:  SOAP-ERROR: Parsing WSDL: Couldn't load from 'http://localhost:8080/test/wsdl/test?wsdl' : failed to load external entity "http://localhost:8080/test/wsdl/test?wsdl"
 in /home/.../s.php on line 13
PHP Fatal error:  Uncaught SoapFault exception: [WSDL] SOAP-ERROR: Parsing WSDL: Couldn't load from 'http://localhost:8080/test/wsdl/test?wsdl' : failed to load external entity "http://localhost:8080/test/wsdl/test?wsdl"
 in /home/.../s.php:13
Stack trace:
#0 /home/.../s.php(13): SoapClient->SoapClient('http://localhos...', Array)
#1 {main}
  thrown in /home/.../s.php on line 13

Dump:

Request:
GET /test/wsdl/test?wsdl HTTP/1.1
Host: localhost:8080
Connection: close

Response:
HTTP/1.1 401 Unauthorized
X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.1 Java/Sun Microsystems Inc./1.6)
Server: GlassFish Server Open Source Edition 3.1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 03:00:00 EET
WWW-Authenticate: Digest realm="TestDigest", qop="auth", nonce="1315473998656:8518d519a4b05322c78d4de91d6c51dd549a7ee91e4104dab11fd04e7ce02d11", opaque="AB1BD94DCADA400497D1D3937FB1B05E"
Content-Type: text/html
Content-Length: 1069
Date: Thu, 08 Sep 2011 09:26:38 GMT
Connection: close

Patches

php-5.3.3-soap.patch (last revision 2012-01-27 10:34 UTC by kolya at telepark dot ua)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-01-27 10:33 UTC] kolya at telepark dot ua
Margins qop and nc should not be quoted (defined by RFC)
 [2016-07-13 02:23 UTC] kalle@php.net
-Type: Documentation Problem +Type: Bug
 [2024-07-17 17:34 UTC] git@php.net
Automatic comment on behalf of nielsdos
Revision: https://github.com/php/php-src/commit/911dc5b46c6778ad9a71aa11923a3db879da1828
Log: Fix bug #55639: Digest autentication dont work
 [2024-07-17 17:34 UTC] git@php.net
-Status: Open +Status: Closed
 [2024-09-09 12:49 UTC] git@php.net
Automatic comment on behalf of nielsdos
Revision: https://github.com/php/php-src-security/commit/911dc5b46c6778ad9a71aa11923a3db879da1828
Log: Fix bug #55639: Digest autentication dont work
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Dec 03 17:01:29 2024 UTC