Re: LWP::Authen::Digest update for RFC 2617

Gisle Aas (gisle@activestate.com)
22 Jan 2001 18:45:02 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Gisle Aas: "Re: LWP::Authen::Digest update for RFC 2617"
Previous message: Gisle Aas: "Re: [URI 1.10] patch to URI/URL.pm"
In reply to: Dave Dunkin: "Re: LWP::Authen::Digest update for RFC 2617"

Dave Dunkin <dave_dunkin@hotmail.com> writes:

> Dang it. The previous patch didn't increment the nonce count properly. Here's one that does.

Applied.  Thanks!

Regards,
Gisle

> 
> On 21 Jan 2001 00:52:13 -0600, Dave Dunkin wrote:
> > On 19 Jan 2001 10:11:41 -0800, Gisle Aas wrote:
> > <snip>
> > > You should probably try to avoid warnings from perl about using undef
> > > values if the response did not include any nonce value too.  LWP
> > > really ought to have a test-suite entry for this code too.
> > 
> > The response header must contain the nonce value, according to RFC 2617.
> > I looked in the tests and didn't find anything related to the client
> > side of the authentication. Did I miss it, or is it not there? I've
> > attached an updated patch, taking into consideration the things you
> > pointed out.
> > 
> > Dave
> > 
> 
> --- Digest.pm.latest	Fri Jan 19 03:02:43 2001
> +++ Digest.pm	Sun Jan 21 00:58:08 2001
> @@ -12,6 +12,9 @@
>                                                    $request->url, $proxy);
>      return $response unless defined $user and defined $pass;
>  
> +    my $nc = sprintf "%08X", ++$ua->{authen_md5_nonce_count}{$auth_param->{nonce}};
> +    my $cnonce = sprintf "%8x", time;
> +
>      my $uri = $request->url->path_query;
>      $uri = "/" unless length $uri;
>  
> @@ -24,6 +27,10 @@
>  
>      push(@digest, $auth_param->{nonce});
>  
> +    if ($auth_param->{qop}) {
> +	push(@digest, $nc, $cnonce, $auth_param->{qop});
> +    }
> +
>      $md5->add(join(":", $request->method, $uri));
>      push(@digest, $md5->hexdigest);
>      $md5->reset;
> @@ -33,9 +40,13 @@
>      $md5->reset;
>  
>      my %resp = map { $_ => $auth_param->{$_} } qw(realm nonce opaque);
> -    @resp{qw(username uri response)} = ($user, $uri, $digest);
> +    @resp{qw(username uri response algorithm)} = ($user, $uri, $digest, "MD5");
> +
> +    if($auth_param->{qop} eq "auth") {
> +	@resp{qw(qop cnonce nc)} = ("auth", $cnonce, $nc);
> +    }
>  
> -    my(@order) = qw(username realm nonce uri response);
> +    my(@order) = qw(username realm qop algorithm uri nonce nc cnonce response);
>      if($request->method =~ /^(?:POST|PUT)$/) {
>  	$md5->add($request->content);
>  	my $content = $md5->hexdigest;

Next message: Gisle Aas: "Re: LWP::Authen::Digest update for RFC 2617"
Previous message: Gisle Aas: "Re: [URI 1.10] patch to URI/URL.pm"
In reply to: Dave Dunkin: "Re: LWP::Authen::Digest update for RFC 2617"