From 45f1fd73d0b62ce6422365a935abc317718ea142 Mon Sep 17 00:00:00 2001 From: Varun Varma Date: Thu, 14 May 2026 17:20:28 +0200 Subject: Warn if auth.conf is unreadable (LP: #2150631) LP: #2150631 is a bug where trying to access an authentication-locked repo without root sends a 401 error, which is misleading since the authentication information could be in auth.conf.d, but just inaccessible without root. This adds a warning in that scenario, as well as an integration test. --- methods/basehttp.cc | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'methods/basehttp.cc') diff --git a/methods/basehttp.cc b/methods/basehttp.cc index db0ed228f..8dd596f8f 100644 --- a/methods/basehttp.cc +++ b/methods/basehttp.cc @@ -506,6 +506,18 @@ BaseHttpMethod::DealWithHeaders(FetchResult &Res, RequestState &Req) std::string err; strprintf(err, "HttpError%u", Req.Result); SetFailReason(err); + if (Req.Result == 401 && inaccessibleAuthConfs.empty() == false) + { + std::string conflist; + std::string msg; + for (auto const &path : inaccessibleAuthConfs) + conflist += (conflist.empty() ? "" : ", ") + path; + strprintf(msg, _("Authentication credentials may be configured in %s, " + "but the file(s) are not readable by the current user. " + "Try running this command as root."), + conflist.c_str()); + Warning(std::move(msg)); + } _error->Error("%u %s", Req.Result, Req.Code); } if (Req.haveContent == HaveContent::TRI_TRUE) -- cgit v1.2.3-70-g09d2