[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    [Bug 64592] New: MD5 auth info added via kpasswdserver/addAuthInfo
From:       Laurence Anderson <l.d.anderson () warwick ! ac ! uk>
Date:       2003-09-20 11:33:35
[Download RAW message or body]

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
     
http://bugs.kde.org/show_bug.cgi?id=64592     
           Summary: MD5 auth info added via kpasswdserver/addAuthInfo may
                    fail with fussy servers
           Product: kio
           Version: unspecified
          Platform: Compiled Sources
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: NOR
         Component: http
        AssignedTo: bastian@kde.org
        ReportedBy: l.d.anderson@warwick.ac.uk


Version:            (using KDE Devel)
Installed from:    Compiled sources
Compiler:          gcc 3.2.3 
OS:          Linux

Problem:
Use addAuthInfo to add md5 auth info for www.host.com
kio_http connects to www.host.com
Gets to http.cc:2307 [Calling checkCachedAuthentication], finds cached \
authentication. Few lines on calls createDigestAuth, which trys to parse the previous \
requests' "Authorization: Digest" line (which doesn't exist, this was the first \
request to that host) Therefore realm, nonce, opaque & qop are empty, so later on \
calculateResponse creates invalid code Shouldn't be a problem, as 401 response should \
contain nonce etc, but some servers (IIS5?) just report a failure, without giving a \
WWW-Authenticate line.

Proposed solution:
if kio_http finds a cached md5 auth for a host, it should not send an Authorization \
header the first time, this will result in a 401, then the real authorization can be \
sent, because we now know what the nonce is etc.


[prev in list] [next in list] [prev in thread] [next in thread]