Re: [libmicrohttpd] Out of band authentication with libmicrohttpd

[Evgeny Grin]

To make it clear: MHD follow HTTP specifications and do not allow to use
two responses for single request.

-- 
Best Wishes,
Evgeny Grin

On 01.12.2016 17:07, Evgeny Grin wrote:
> On 01.12.2016 16:30, Daniel Tweed, Mr wrote:
>> On 01.12.2016 3:04, Daniel Tweed, Mr wrote:
>>>> I'm really new to libmicrohttpd and the examples/tutorial have been
>>>> really helpful, but I can't figure out how to implement one specific
>>>> thing I need.
>>>>
>>>> What I am trying to achieved is:
>>>>
>>>>  1.
>>>>     Send http 102 to client who requested anydoc.html which requires
>>>>     authentication
>>> HTTP standards doesn't define response code 102.
>>> See https://tools.ietf.org/html/rfc7231#section-6
>>> and https://tools.ietf.org/html/rfc2616#section-6.1.1
>>
>> It was defined in RFC 2518, which was updated/obsoleted by RFC 4918 for
>> WebDAV.  Granted they removed http 102 from the specification (due to a
>> lack of implementation) and advise that its IANA registration should
>> continue to refer to RDF2518.
>> At a minimum, Firefox and IE respond correctly to this status code, and
>> it is implemented in libmicrohttpd as MHD_HTTP_PROCESSING
> 
> I highly recommend you not to use obsoleted specifications - support in
> existing application can be dropped in any moment and new application
> most probably will not work with this code.
> So you will need to re-do your work one more time when clients
> unexpectedly start to refuse your server responses.
> 
>>>>  2.
>>>>     Some processing on the serverside, including out of band
>> authentication
>>>>
>>>>  3.
>>>>     If authenticated, send response built from somedoc.html, otherwise
>>>>     generic not auth message
>>
>>> HTTP use request-response logic. If you already responded (your code
>>> 102) to some request then you can't add another response later.
>>
>> The purpose of the http102 message is so the client will not timeout
>> when waiting for a response if the request will take a long time.  Using
>> the MHD_HTTP_PROCESSING code requires some mechanism to first send a
>> response with this code and then send a final response.  I just figure
>> out how or if this functionality has ever been implemented in the library.
> 
> These is not grantee that client will wait more after 102.
> Moreover, chances of successful response even lower, if you take into
> account obsoleted nature of this status.
> 
>>>> I'm having a failure of understanding somewhere, in that I cannot seem
>>>> to figure out how to send the 102 and save the connection details so
>>>> that I can forward the response in step 3.   I had thought I could queue
>>>> a response then either enter a wait loop or suspend the connection, but
>>>> as far as I can tell I have to return from the
>>>> |MHD_AcceptPolicyCallback| for the response to be sent.   Then I cannot
>>>> figure out how to get back to the connection as I cannot suspend it and
>>>> save the pointer. I have looked at the request completed call back but
>>>> this still results in the 102 not being sent.
>>>>
>>>> I really can't figure out a process to achieve these steps from the
>>>> examples or the manual.  I'm sure I'm either missing something about
>>>> http processing or about libmicrohttpd any help or advice would be
>>>> appreciated.  I'm happy to share anything that would make my question
>>>> clearer, including more details on the overall application or specific
>>>> code I am working with.
>>
>>> MHD_AcceptPolicyCallback could be used to choose whether to process
>>> connection or does not process connection at all.
>>
>>> You should ether call MHD_queue_response() from your callback
>>> MHD_AccessHandlerCallback specified in MHD_start_daemon() parameter or,
>>> if your application need some time to generate response - call
>>> MHD_suspend_connection(). When application is ready to generate response
>>> - call MHD_resume_connection(), then MHD will call again your
>>> MHD_AccessHandlerCallback where you can call MHD_queue_response() to
>>> provide response to client.
>>
>>> If you need some kind of authorization, you can use MHD built-in functions.
>>> See examples:
>>> src/examples/authorization_example.c
>>> src/examples/digest_auth_example.c
>>> and
>>> doc/examples/tlsauthentication.c
>>
>> Thanks, I took a look at these but I'm specifically looking at
>> out-of-and authentication.  Since posting this, I found a discussion on
>> a similar topic on the IRC logs to use either keep-alive or
>> MHD_create_response_from_callback ().  My concern is that I cannot know
>> how long the out-of-band authentication will take and I need to advise
>> the client not to time out.  I need the http 102 message for other
>> reasons, but I could work around them, but it seems that this function
>> is implementable somehow, given that the code is defined, so I'm really
>> hoping not to have to rework my other applications around it.
> 
> You can use MHD_create_response_from_callback() with MHD_SIZE_UNKNOWN
> and generate response by chunks. This will prevent clients from
> detecting of timeout.
>