W3C home > Mailing lists > Public > www-lib@w3.org > January to March 2009

Regarding authentication scheme handling

From: Pallavi Agrawal <pallavi.agrawal@wipro.com>
Date: Wed, 18 Mar 2009 19:59:40 +0530
To: <www-lib@w3.org>
Message-ID: <PNE-HJN-EX103LTkUD500000551@PNE-HJN-MBX02.wipro.com>
Hi,

 

I am working on libwww.

 

I have one query related to libwww handling of NTLM responses for
authentication.

Looking at the code in HTInit.c, it seems that only "basic" and "digest"
authentication schemes are supported.

 

PUBLIC void HTAAInit (void)

{

 

    HTAA_newModule ("basic", HTBasic_generate, HTBasic_parse, NULL,

                             HTBasic_delete);

#ifdef HT_MD5

    HTAA_newModule ("digest", HTDigest_generate, HTDigest_parse, 

                             HTDigest_updateInfo,  HTDigest_delete);

#endif /* HT_MD5 */

}

 

HTAuthInfoFilter function checks for the available modules(which are basic
and digest in this case). If the current scheme doesn't match with any of
them, it will return HT_ERROR. In HTNetcall_executeAfter, this return type
is not handled going further up.

 

PUBLIC int HTNetCall_executeAfter (HTList * list, HTRequest * request,

                                                   int status)

{

    int ret = HT_OK;

    if (status != HT_IGNORE) {

            HTParentAnchor * anchor = HTRequest_anchor(request);

            char * url = HTAnchor_physical(anchor);

            char * addr = url ? url : HTAnchor_address((HTAnchor *) anchor);

            HTResponse * response = HTRequest_response(request);

            if (list && request && addr) {

                AfterFilter * pres;

                while ((pres = (AfterFilter *) HTList_nextObject(list))) {

                        if ((pres->status == status || pres->status ==
HT_ALL) &&

                            (!pres->tmplate ||

                             (pres->tmplate && HTStrMatch(pres->tmplate,
addr)))) {

                            HTTRACE(CORE_TRACE, "Net After... calling %p
(request %p, response %p, status %d, context %p)\n" _ 

                                                pres->after _ request _
response _ 

                                                status _ pres->param);

                            ret = (*pres->after)(request, response,
pres->param, status);

                            if (ret != HT_OK) break;

 

                            /*

                            **  Update the address to match against if the
filter changed

                            **  the physical address.

                            */

                            if ((url = HTAnchor_physical(anchor))) addr =
url;

                        }

                }

            }

          

 

            if (!url) {

                        HT_FREE(addr); 

            }

    }

    return ret;

}

There are many places in code where the return type from this function is
not handled.

For example in function HTNet_newClient, following code doesn't handle the
return value:

if (HTEvent_isCallbacksRegistered() && !HTRequest_preemptive(request))

                createAfterFilterEvent(request, status);

            else

                HTNet_executeAfterAll(request, status);

            return YES;

This is resulting into browser getting hung and the select call in
HTEvtLst_loop doesn't return. 

 

Please let me know if we have any solution to this problem. 

 

Thanks and Regards,

Pallavi Agrawal,

Project Engineer

PDC-1 ,Wipro Technologies

 

 


Please do not print this email unless it is absolutely necessary. 

The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. 

www.wipro.com
Received on Thursday, 19 March 2009 01:32:47 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 19 March 2009 01:32:51 GMT