Bug 309291

Summary:	Automatic proxy configuration fails while setting proxy configuration URL works
Product:	[Unmaintained] kio	Reporter:	auxsvr
Component:	kioslave	Assignee:	Konqueror Developers <konq-bugs>
Status:	RESOLVED FIXED
Severity:	normal	CC:	adawit
Priority:	NOR
Version:	4.9.2
Target Milestone:	---
Platform:	openSUSE
OS:	Linux
Latest Commit:	http://commits.kde.org/kdelibs/9b1dc2999df1d3205a453a2c2e294fba79e1915d	Version Fixed In:	4.10.1
Sentry Crash Report:
Attachments:	simple test file... updated simple test file...

Description auxsvr 2012-10-31 07:42:28 UTC

I've set up both DHCP and DNS servers for WPAD, and chromium finds the proxy server automatically. However, when automatic proxy configuration is set in System Settings, a message "Could not find a usable proxy configuration script" appears, even though /usr/lib/kde4/libexec/kpac_dhcp_helper is setuid and correctly returns http://server.home/wpad.pac, and a DNS CNAME wpad.home is set in the DNS server. If I set the proxy auto configuration URL, then everything works fine. 

This problem is especially annoying, because, when auto configuration fails, the first DNS request for a domain name blocks the program for more than 10 seconds. This makes konqueror and akregator almost impossible to use.

Reproducible: Always

Steps to Reproduce:
1. Set automatic proxy configuration.
WPAD is known to work, as chromium finds proxy configuration automatically.
Actual Results:  
A message "Could not find a usable proxy configuration script" appears and direct connections are used. Some DNS requests make the program block for more than 10 seconds.

Expected Results:  
Proxy configuration should be detected automatically and used.

Comment 1 Dawit Alemayehu 2013-02-01 01:02:35 UTC

The filename 'wpad.pac' will only work for the DHCP setup. For DNS setups the filename has to be 'wpad.dat'. See https://projects.kde.org/projects/kde/kdelibs/repository/revisions/d122c2bb104b434cbe98b1e60b20a60e24631e4b/entry/kio/misc/kpac/README.wpad

The problem could be that the code that attempts to automatically discover the PAC could not successfully locate the kpac_dhcp_helper file. I have attached a small C++ file. Can you compile it on your system (you need to install gcc), run it and see if it outputs the same thing as running kpac_dhcp_helper ?

Comment 2 Dawit Alemayehu 2013-02-01 01:06:19 UTC

Created attachment 76852 [details]
simple test file...

instruction on how to compile is inside the file...

Comment 3 auxsvr 2013-02-01 12:56:29 UTC

> /usr/lib/kde4/libexec/kpac_dhcp_helper 
http://server.home/wpad.pac

> ./test_kstandarddir 
PATH: "/usr/lib/kde4/libexec/kpac_dhcp_helper"

However, both konqueror and rekonq freeze when resolving DNS the first time, and I'm fairly certain that the proxy settings are not followed, because kde applications connect to the proxy server only when the proxy auto configuration URL is set, while chromium connects via proxy always, using either wpad.dat or wpad.pac!

As reported previously, I've set both DHCP and DNS WPAD, and the web server serves both wpad.dat and wpad.pac, which are symlinked.

Comment 4 Christoph Feck 2013-02-07 23:59:14 UTC

Dawit, does comment #3 provide the requested information?

Comment 5 Dawit Alemayehu 2013-02-09 18:34:23 UTC

(In reply to comment #4)
> Dawit, does comment #3 provide the requested information?

Yes, but it does not really help isolate the problem. 

@reporter
If kpac_dhcp_helper returns the proper URL as you stated, then that URL should be downloaded and used to configure the proxy. For some reason that does not seem to be the case for you. Can you compile and post the output of the updated C++ program. Instructions are included in the file.

Comment 6 Dawit Alemayehu 2013-02-09 18:37:36 UTC

Created attachment 77061 [details]
updated simple test file...

Comment 7 auxsvr 2013-02-09 18:52:55 UTC

~> ./test_kstandarddir 
domain name: "home" 
kpac_dhcp_helper: "/usr/lib/kde4/libexec/kpac_dhcp_helper" 
http://server.home/wpad.pac
RESULT: ""

Comment 8 Dawit Alemayehu 2013-02-09 19:36:10 UTC

(In reply to comment #7)
> ~> ./test_kstandarddir 
> domain name: "home" 
> kpac_dhcp_helper: "/usr/lib/kde4/libexec/kpac_dhcp_helper" 
> http://server.home/wpad.pac
> RESULT: ""

Ahh. Now I see the problem. It is caused by how KProcess works! By default it forward the standard output and error channels to the respective channels of its parent process! We do not want that in our case or "RESULT" will be blank as your output shows.

Thanks for running the test program and providing the output.

Comment 9 Dawit Alemayehu 2013-02-09 19:50:34 UTC

Oh and the DNS based lookup also fails for you because your domain name does not contain a '.' ("home") which is also a silly logic error!

Comment 10 Dawit Alemayehu 2013-02-09 21:06:14 UTC

Git commit 9b1dc2999df1d3205a453a2c2e294fba79e1915d by Dawit Alemayehu.
Committed on 09/02/2013 at 20:56.
Pushed by adawit into branch 'KDE/4.10'.

Fixed both DHCP and DNS based PAC/PAD lookup.

The DHCP based lookup was completely broken while DNS based lookup only
worked if the domain name of your machine contained at least one '.'
FIXED-IN: 4.10.1

M  +8    -4    kio/misc/kpac/discovery.cpp
M  +1    -1    kio/misc/kpac/proxyscout.cpp

http://commits.kde.org/kdelibs/9b1dc2999df1d3205a453a2c2e294fba79e1915d

Comment 11 auxsvr 2014-01-05 18:28:46 UTC

Something that I found out recently: the fact that DNS based lookup works only for domain names with a dot may be a security feature according to http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol, because otherwise failure to set up a wpad name in the local network may open it to man-in-the-middle attacks, e.g. for the network under example.com the next step is wpad.com, which might be malicious.