mirror of
https://github.com/moparisthebest/wget
synced 2024-07-03 16:38:41 -04:00
Select most secure challenge from WWW-Authenticate
This patch also adds support for multiple challenges per WWW-Authenticate header line. The test Test-auth-both.py now succeeds and thus is taken away from XFAIL_TESTS (expected to fail tests).
This commit is contained in:
parent
007bee88d8
commit
5edc97f3f8
@ -1,3 +1,8 @@
|
|||||||
|
2014-11-26 Tim Ruehsen <tim.ruehsen@gmx.de>
|
||||||
|
|
||||||
|
* http.c: Select strongest challenge from WWW-Authenticate,
|
||||||
|
support multiple challenges per header line.
|
||||||
|
|
||||||
2014-11-26 Tim Ruehsen <tim.ruehsen@gmx.de>
|
2014-11-26 Tim Ruehsen <tim.ruehsen@gmx.de>
|
||||||
|
|
||||||
* gnutls.c (ssl_connect_wget): Implement missing code for
|
* gnutls.c (ssl_connect_wget): Implement missing code for
|
||||||
|
61
src/http.c
61
src/http.c
@ -2381,26 +2381,64 @@ read_header:
|
|||||||
the value "negotiate", and other(s) with data. Loop over
|
the value "negotiate", and other(s) with data. Loop over
|
||||||
all the occurrences and pick the one we recognize. */
|
all the occurrences and pick the one we recognize. */
|
||||||
int wapos;
|
int wapos;
|
||||||
|
char *buf;
|
||||||
|
const char *www_authenticate = NULL;
|
||||||
const char *wabeg, *waend;
|
const char *wabeg, *waend;
|
||||||
char *www_authenticate = NULL;
|
const char *digest = NULL, *basic = NULL, *ntlm = NULL;
|
||||||
for (wapos = 0;
|
for (wapos = 0; !ntlm
|
||||||
(wapos = resp_header_locate (resp, "WWW-Authenticate", wapos,
|
&& (wapos = resp_header_locate (resp, "WWW-Authenticate", wapos,
|
||||||
&wabeg, &waend)) != -1;
|
&wabeg, &waend)) != -1;
|
||||||
++wapos)
|
++wapos)
|
||||||
if (known_authentication_scheme_p (wabeg, waend))
|
|
||||||
{
|
{
|
||||||
BOUNDED_TO_ALLOCA (wabeg, waend, www_authenticate);
|
param_token name, value;
|
||||||
|
|
||||||
|
BOUNDED_TO_ALLOCA (wabeg, waend, buf);
|
||||||
|
www_authenticate = buf;
|
||||||
|
|
||||||
|
for (;!ntlm;)
|
||||||
|
{
|
||||||
|
/* extract the auth-scheme */
|
||||||
|
while (c_isspace (*www_authenticate)) www_authenticate++;
|
||||||
|
name.e = name.b = www_authenticate;
|
||||||
|
while (*name.e && !c_isspace (*name.e)) name.e++;
|
||||||
|
|
||||||
|
if (name.b == name.e)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
DEBUGP (("Auth scheme found '%.*s'\n", (int) (name.e - name.b), name.b));
|
||||||
|
|
||||||
|
if (known_authentication_scheme_p (name.b, name.e))
|
||||||
|
{
|
||||||
|
if (BEGINS_WITH (name.b, "NTLM"))
|
||||||
|
{
|
||||||
|
ntlm = name.b;
|
||||||
|
break; /* this is the most secure challenge, stop here */
|
||||||
|
}
|
||||||
|
else if (!digest && BEGINS_WITH (name.b, "Digest"))
|
||||||
|
digest = name.b;
|
||||||
|
else if (!basic && BEGINS_WITH (name.b, "Basic"))
|
||||||
|
basic = name.b;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!www_authenticate)
|
/* now advance over the auth-params */
|
||||||
|
www_authenticate = name.e;
|
||||||
|
DEBUGP (("Auth param list '%s'\n", www_authenticate));
|
||||||
|
while (extract_param (&www_authenticate, &name, &value, ',', NULL) && name.b && value.b)
|
||||||
|
{
|
||||||
|
DEBUGP (("Auth param %.*s=%.*s\n",
|
||||||
|
(int) (name.e - name.b), name.b, (int) (value.e - value.b), value.b));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!basic && !digest && !ntlm)
|
||||||
{
|
{
|
||||||
/* If the authentication header is missing or
|
/* If the authentication header is missing or
|
||||||
unrecognized, there's no sense in retrying. */
|
unrecognized, there's no sense in retrying. */
|
||||||
logputs (LOG_NOTQUIET, _("Unknown authentication scheme.\n"));
|
logputs (LOG_NOTQUIET, _("Unknown authentication scheme.\n"));
|
||||||
}
|
}
|
||||||
else if (!basic_auth_finished
|
else if (!basic_auth_finished
|
||||||
|| !BEGINS_WITH (www_authenticate, "Basic"))
|
|| !basic)
|
||||||
{
|
{
|
||||||
char *pth = url_full_path (u);
|
char *pth = url_full_path (u);
|
||||||
const char *value;
|
const char *value;
|
||||||
@ -2408,6 +2446,15 @@ read_header:
|
|||||||
auth_stat = xmalloc (sizeof (uerr_t));
|
auth_stat = xmalloc (sizeof (uerr_t));
|
||||||
*auth_stat = RETROK;
|
*auth_stat = RETROK;
|
||||||
|
|
||||||
|
if (ntlm)
|
||||||
|
www_authenticate = ntlm;
|
||||||
|
else if (digest)
|
||||||
|
www_authenticate = digest;
|
||||||
|
else
|
||||||
|
www_authenticate = basic;
|
||||||
|
|
||||||
|
logprintf (LOG_NOTQUIET, _("Authentication selected: %s\n"), www_authenticate);
|
||||||
|
|
||||||
value = create_authorization_line (www_authenticate,
|
value = create_authorization_line (www_authenticate,
|
||||||
user, passwd,
|
user, passwd,
|
||||||
request_method (req),
|
request_method (req),
|
||||||
|
@ -1,3 +1,7 @@
|
|||||||
|
2014-11-26 Tim Ruehsen <tim.ruehsen@gmx.de>
|
||||||
|
|
||||||
|
* Makefile.am: Removed Test-auth-both.py from XFAIL_TESTS
|
||||||
|
|
||||||
2014-11-21 Tim Ruehsen <tim.ruehsen@gmx.de>
|
2014-11-21 Tim Ruehsen <tim.ruehsen@gmx.de>
|
||||||
|
|
||||||
* server/http/http_server.py: Fixed typo Blackisted to Blacklisted
|
* server/http/http_server.py: Fixed typo Blackisted to Blacklisted
|
||||||
|
@ -53,7 +53,8 @@ if HAVE_PYTHON3
|
|||||||
Test-504.py \
|
Test-504.py \
|
||||||
Test--spider-r.py
|
Test--spider-r.py
|
||||||
|
|
||||||
XFAIL_TESTS = Test-auth-both.py
|
# added test cases expected to fail here and under TESTS
|
||||||
|
XFAIL_TESTS =
|
||||||
endif
|
endif
|
||||||
|
|
||||||
EXTRA_DIST = certs conf exc misc server test README $(TESTS) $(XFAIL_TESTS)
|
EXTRA_DIST = certs conf exc misc server test README $(TESTS) $(XFAIL_TESTS)
|
||||||
|
@ -207,8 +207,8 @@ class _Handler (BaseHTTPRequestHandler):
|
|||||||
def send_challenge (self, auth_type):
|
def send_challenge (self, auth_type):
|
||||||
auth_type = auth_type.lower()
|
auth_type = auth_type.lower()
|
||||||
if auth_type == "both":
|
if auth_type == "both":
|
||||||
self.send_challenge ("digest")
|
|
||||||
self.send_challenge ("basic")
|
self.send_challenge ("basic")
|
||||||
|
self.send_challenge ("digest")
|
||||||
return
|
return
|
||||||
if auth_type == "basic":
|
if auth_type == "basic":
|
||||||
challenge_str = 'BasIc realm="Wget-Test"'
|
challenge_str = 'BasIc realm="Wget-Test"'
|
||||||
|
Loading…
Reference in New Issue
Block a user