Re: LWP::Authen::Digest update for RFC 2617

Dave Dunkin (dave_dunkin@hotmail.com)
19 Jan 2001 11:42:22 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Gisle Aas: "Re: LWP::Authen::Digest update for RFC 2617"
Previous message: Gisle Aas: "Re: LWP::Authen::Digest update for RFC 2617"
Next in thread: Gisle Aas: "Re: LWP::Authen::Digest update for RFC 2617"
Reply: Gisle Aas: "Re: LWP::Authen::Digest update for RFC 2617"

--=-IWR0GZXEWFsfQhLsh4MZ
Content-Type: text/plain

My bad. Try this one.

Dave

On 19 Jan 2001 08:50:35 -0800, Gisle Aas wrote:
> Dave Dunkin <dave_dunkin@hotmail.com> writes:
> 
> > In a project I'm currently working on, I need to authenticate with an NT
> > server which specifies qop="auth" in the WWW-Authenticate header. The
> > included patch allows this to happen, as specified in RFC 2617.
> 
> The patch seems ok, but it does not apply cleanly on top of the latest
> LWP. Could you try to redo it based on LWP-5.50?
> 
>   $ patch <patch
>   patching file `Digest.pm'
>   Hunk #2 succeeded at 17 with fuzz 2 (offset 3 lines).
>   Hunk #3 FAILED at 30.
>   Hunk #4 FAILED at 43.
>   2 out of 4 hunks FAILED -- saving rejects to Digest.pm.rej
> 
> 
> Regards,
> Gisle

--=-IWR0GZXEWFsfQhLsh4MZ
Content-Type: text/plain
Content-Disposition: attachment; filename=patch3
Content-Transfer-Encoding: 7bit

--- Digest.pm.latest	Fri Jan 19 03:02:43 2001
+++ Digest.pm	Fri Jan 19 03:09:32 2001
@@ -3,6 +3,8 @@
 
 require MD5;
 
+my %nonce_count;
+
 sub authenticate
 {
     my($class, $ua, $proxy, $auth_param, $response,
@@ -12,6 +14,10 @@
                                                   $request->url, $proxy);
     return $response unless defined $user and defined $pass;
 
+    $nonce_count{$auth_param->{nonce}}++;
+    my $nc = sprintf "%08X", $nonce_count{$auth_param->{nonce}};
+    my $cnonce = sprintf "%8x", time;
+
     my $uri = $request->url->path_query;
     $uri = "/" unless length $uri;
 
@@ -24,7 +30,11 @@
 
     push(@digest, $auth_param->{nonce});
 
-    $md5->add(join(":", $request->method, $uri));
+    if ($auth_param->{qop}) {
+	push(@digest, $nc, $cnonce, $auth_param->{qop});
+    }
+
+    $md5->add(join(":", $request->method, $request->url->path));
     push(@digest, $md5->hexdigest);
     $md5->reset;
 
@@ -33,9 +43,13 @@
     $md5->reset;
 
     my %resp = map { $_ => $auth_param->{$_} } qw(realm nonce opaque);
-    @resp{qw(username uri response)} = ($user, $uri, $digest);
+    @resp{qw(username uri response algorithm)} = ($user, $uri, $digest, "MD5");
+
+    if($auth_param->{qop} eq "auth") {
+	@resp{qw(qop cnonce nc)} = ("auth", $cnonce, $nc);
+    }
 
-    my(@order) = qw(username realm nonce uri response);
+    my(@order) = qw(username realm qop algorithm uri nonce nc cnonce response);
     if($request->method =~ /^(?:POST|PUT)$/) {
 	$md5->add($request->content);
 	my $content = $md5->hexdigest;

--=-IWR0GZXEWFsfQhLsh4MZ--

Next message: Gisle Aas: "Re: LWP::Authen::Digest update for RFC 2617"
Previous message: Gisle Aas: "Re: LWP::Authen::Digest update for RFC 2617"
Next in thread: Gisle Aas: "Re: LWP::Authen::Digest update for RFC 2617"
Reply: Gisle Aas: "Re: LWP::Authen::Digest update for RFC 2617"