[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
address@hidden: url-http-handle-authentication does not handle multiple
|
From: |
Richard Stallman |
|
Subject: |
address@hidden: url-http-handle-authentication does not handle multiple WWW-Authenticate: lines.] |
|
Date: |
Thu, 02 Nov 2006 16:46:48 -0500 |
We can install this without papers, but is it correct?
Would someone please DTRT, then ack?
------- Start of forwarded message -------
To: address@hidden
From: Shun-ichi GOTO <address@hidden>
Date: Wed, 01 Nov 2006 18:41:43 +0900
Mime-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Subject: url-http-handle-authentication does not handle multiple
WWW-Authenticate: lines.
X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=failed
version=3.0.4
I found a problem of authentication in url-http.el
which handles only first WWW-Authenticate: line and
give-up authentication when first one is not supported auth scheme
although next one is supported.
For example, one page returns following two lines.
That page is configured with enabling NTLM (by mod_auth_sspi)
and BASIC auth.
...snip...
WWW-Authenticate: NTLM
WWW-Authenticate: Basic realm="TAIYO domain"
...snip...
Because url-http-handle-authentication<f> gets unsupported scheme NTLM
from first line and gives up asking and storing authentication
information, so we never be able to get the page.
Attached patch is to fix this issue by checking all the lines and use
first one supported.
�
Index: url-http.el
===================================================================
- --- url-http.el (revision 4177)
+++ url-http.el (working copy)
@@ -303,21 +303,29 @@
(declare (special status success url-http-method url-http-data
url-callback-function url-callback-arguments))
(url-http-debug "Handling %s authentication" (if proxy "proxy" "normal"))
- - (let ((auth (or (mail-fetch-field (if proxy "proxy-authenticate"
"www-authenticate"))
- - "basic"))
+ (let ((auths (or (nreverse
+ (mail-fetch-field
+ (if proxy "proxy-authenticate" "www-authenticate")
+ nil nil t))
+ '("basic")))
(type nil)
(url (url-recreate-url url-current-object))
(url-basic-auth-storage 'url-http-real-basic-auth-storage)
- - )
- -
+ auth)
;; Cheating, but who cares? :)
(if proxy
(setq url-basic-auth-storage 'url-http-proxy-basic-auth-storage))
- - (setq auth (url-eat-trailing-space (url-strip-leading-spaces auth)))
- - (if (string-match "[ \t]" auth)
- - (setq type (downcase (substring auth 0 (match-beginning 0))))
- - (setq type (downcase auth)))
+ ;; find first supported auth
+ (while auths
+ (setq auth (url-eat-trailing-space (url-strip-leading-spaces (car
auths))))
+ (if (string-match "[ \t]" auth)
+ (setq type (downcase (substring auth 0 (match-beginning 0))))
+ (setq type (downcase auth)))
+ (if (url-auth-registered type)
+ (setq auths nil) ; no more check
+ (setq auth nil
+ auths (cdr auths))))
(if (not (url-auth-registered type))
(progn
�
- --- Regards,
Shun-ichi Goto <address@hidden>
R&D Group, TAIYO Corp., Tokyo, JAPAN
_______________________________________________
emacs-pretest-bug mailing list
address@hidden
http://lists.gnu.org/mailman/listinfo/emacs-pretest-bug
------- End of forwarded message -------
- address@hidden: url-http-handle-authentication does not handle multiple WWW-Authenticate: lines.],
Richard Stallman <=