[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-bugs-dist
Subject: [Bug 64592] New: MD5 auth info added via kpasswdserver/addAuthInfo
From: Laurence Anderson <l.d.anderson () warwick ! ac ! uk>
Date: 2003-09-20 11:33:35
[Download RAW message or body]
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
http://bugs.kde.org/show_bug.cgi?id=64592
Summary: MD5 auth info added via kpasswdserver/addAuthInfo may
fail with fussy servers
Product: kio
Version: unspecified
Platform: Compiled Sources
OS/Version: Linux
Status: NEW
Severity: normal
Priority: NOR
Component: http
AssignedTo: bastian@kde.org
ReportedBy: l.d.anderson@warwick.ac.uk
Version: (using KDE Devel)
Installed from: Compiled sources
Compiler: gcc 3.2.3
OS: Linux
Problem:
Use addAuthInfo to add md5 auth info for www.host.com
kio_http connects to www.host.com
Gets to http.cc:2307 [Calling checkCachedAuthentication], finds cached \
authentication. Few lines on calls createDigestAuth, which trys to parse the previous \
requests' "Authorization: Digest" line (which doesn't exist, this was the first \
request to that host) Therefore realm, nonce, opaque & qop are empty, so later on \
calculateResponse creates invalid code Shouldn't be a problem, as 401 response should \
contain nonce etc, but some servers (IIS5?) just report a failure, without giving a \
WWW-Authenticate line.
Proposed solution:
if kio_http finds a cached md5 auth for a host, it should not send an Authorization \
header the first time, this will result in a 401, then the real authorization can be \
sent, because we now know what the nonce is etc.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic