develooper Front page | perl.libwww | Postings from February 2017

LWP small fix required

From:
Ivan Ladygin
Date:
February 3, 2017 01:24
Subject:
LWP small fix required
Message ID:
df540213-09d5-2c3c-8309-cca9f8ce4099@srt-web.com
LWP Digest authorisation small bag, in case response contents 2 (or 
more) fields WWW-Authentificate like this:

/Server: Apache-Coyote/1.1//
//Vary: Accept-Encoding//
//WWW-Authenticate: Digest realm="1Realm", qop="auth", 
nonce="1485848015167:56976:56060fb913a12670c39d700055b7679d", 
opaque="ca05e8a9b744eb6c91c624ef9c61fb97"//
//WWW-Authenticate: Digest realm="2Realm", qop="auth", 
nonce="1485848015167:96504:777475a2092ab30b6a23349cdb139e75", 
opaque="ca05e8a9b744eb6c91c624ef9c61fb97"//
//Content-Length: 92//
//Content-Type: text/xml;charset=UTF-8/

in this case LWP will use first realm only, so if user provide "2realm" 
credentials this will be ignored by LWP. (bad authorization attempt)

My fix(add to LWP::UserAgent after line 393 in "sub request", before 
"return $class->authenticate"):

/   unless 
($self->{basic_authentication}{$request->uri_canonical->host_port}{$$challenge{realm}}){//
//       $response->header("Client-Warning" =>"Undefined authentication 
realm '$$challenge{realm}'");//
//       next CHALLENGE;//
//   }/

this fix fill compare user defined credentials with server first 
response and use it only if realm name is same.

Ivan Ladygin




nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About