W3C home > Mailing lists > Public > www-lib@w3.org > July to September 2004

Re: HTRequest only holds a single auth scheme

From: Steinar Bang <sb@dod.no>
Date: Thu, 01 Jul 2004 12:21:20 +0200
To: www-lib@w3.org
Message-ID: <87smccni3j.fsf@bayliss.computas.int>
>>>>> Steinar Bang <sb@dod.no>:

>>>>> Steinar Bang <sb@dod.no>:
>>>>> Steinar Bang <sb@dod.no>:
>>> The apache mod_auth_kerberos module by default has two
>>> WWW-Authenticate headers, one for "Negotiate", and one for "Basic".
>>> I believe this is the default behaviour for IIS as well.

>>> However the HTRequest structure only has room for a single
>>> authentication scheme, so the last WWW-Authentication header
>>> ("Basic" in this case) overwrites any previous values set.

>>> This means that my functions set with a call to HTAA_newModule(),
>>> are only called when I switch off password authentication.

>> Attached is my attempt at a patch for multiple auth schemes (diff
>> done against libwww CVS HEAD).  The idea is to iterate through the
>> list in the order the WWW-Authenticate headers occur in the HTTP
>> response, and if the implementation for a scheme returns HT_ERROR,
>> skip to the next one.

> The previous patch didn't build with MSVC7.1.  I had to declare
> local variables in a single block at the start of the functions.

In addition to the multiple auth schemes, I have changed the behaviour
for the authentication update filters: I set the context if present,
instead of just setting a null pointer.

This was neccessary to implement SPNEGO, because the response from the
server is needed to complete the authentication info.

The attached patch covers both changes, and is made against the
current CVS.



Received on Thursday, 1 July 2004 06:21:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 23 April 2007 18:18:44 GMT