SRX

Hi, I have a problem with the copy file command. I want to copy from URL to local file:

 

> copy file http://user:password@www.foo.bar/ /var/tmp/test.file

 

 where user is xy@foo.bar and password is password

 

The error message is: 

 

fetch-secure: xy@foo.bar:*@">http://xy@foo.bar:*@www.foo.bar/: parse error
error: file-fetch failed
error: could not fetch local copy of file

 

Junos seems to have problems to parse the user part. How to escape the user and password part so it works?

 

Greeting Jockel

That's because the format is ftp://ID:PASSWORD@host/path/file

 

basically, remove @foo.bar from your userid and it will work because the user will be authenticated by foo.bar.

The Problem is "@foo.bar" is part of the userid, so it can't be omitted. The URL works fine in firefox and internet explorer, but Junos doesn't seem to parse this "correctly".

 

Greeting

Actually, it isn't, it's an email address. Because if you enter scp://user@example.com@10.20.30.40:/var/tmp/asdf.conf the SCP parser does not allow '@' and ': in user names. if you have an account in a trusted domain, you could try scp://DOMAIN\userid:password@10.20.30.40/....

I was hacking on an event script for dyndns and the userid is the email address. I worked around this by changing dyndns provider so it's not a problem anymore. But it's still sad the parser in Junos for copy file isn't smarter or provides the means to escape the userid somehow. Greeting JK

RFC1738 speaks to this:

characters that are not required to be encoded 
(including alphanumerics) may be encoded within 
the scheme-specific part of a URL, as long as they 
are not being used for a reserved purpose...

While the syntax for the rest of the URL may vary 
depending on the particular scheme selected, URL 
schemes that involve the direct use of an IP-based 
protocol to a specified host on the Internet use a
common syntax for the scheme-specific data:

  //<user>:<password>@host>:<port>/<url-path>

Some or all of the parts "<user>:<password>@",
":<password>", ":<port>", and "/<url-path>" 
may be excluded.  The scheme specific data start with a 
double slash "//" to indicate that it complies with the 
common Internet scheme syntax. The different components 
obey the following rules:

 user
     An optional user name. Some schemes (e.g., ftp) allow the
     specification of a user name.

 password
     An optional password. If present, it follows the user
     name separated from it by a colon.

The user name (and password), if present, are followed by a
commercial at-sign "@". Within the user and password field, 
any ":", "@", or "/" must be encoded.

So, if Juniper is doing it right, it should work by encoding the "@" in the user name:

copy file http://xy%40foo.bar:password@www.foo.bar/ /var/tmp/test.file"

Thanks Mike, this works for me, the at-sign has to be encoded and Juniper is doing it right. Greeting JK