Re: LWP::Authen::Digest update for RFC 2617

Fri, 19 Jan 2001 09:58:22 -0800 

Dave Dunkin <[EMAIL PROTECTED]> writes:

> My bad. Try this one.

[...]

> --- Digest.pm.latest  Fri Jan 19 03:02:43 2001
> +++ Digest.pm Fri Jan 19 03:09:32 2001
> @@ -3,6 +3,8 @@
>  
>  require MD5;
>  
> +my %nonce_count;
> +
>  sub authenticate
>  {
>      my($class, $ua, $proxy, $auth_param, $response,
> @@ -12,6 +14,10 @@
>                                                    $request->url, $proxy);
>      return $response unless defined $user and defined $pass;
>  
> +    $nonce_count{$auth_param->{nonce}}++;
> +    my $nc = sprintf "%08X", $nonce_count{$auth_param->{nonce}};
> +    my $cnonce = sprintf "%8x", time;
> +

I think the %nonce_count here should really be a $ua attribute.  If
you use multiple LWP::UserAgents then they should maintain different
sequences, because they are different clients.  Something like:

   $ua->{authen_md5_nounce_count}{$auth_param->{nonce}}++;

should be acceptable.

You should probably try to avoid warnings from perl about using undef
values if the response did not include any nonce value too.  LWP
really ought to have a test-suite entry for this code too.

>      my $uri = $request->url->path_query;
>      $uri = "/" unless length $uri;
>  
> @@ -24,7 +30,11 @@
>  
>      push(@digest, $auth_param->{nonce});
>  
> -    $md5->add(join(":", $request->method, $uri));
> +    if ($auth_param->{qop}) {
> +     push(@digest, $nc, $cnonce, $auth_param->{qop});
> +    }
> +
> +    $md5->add(join(":", $request->method, $request->url->path));

I believe you should not change the last parameter to $md5->add here.

>      push(@digest, $md5->hexdigest);
>      $md5->reset;
>  
> @@ -33,9 +43,13 @@
>      $md5->reset;
>  
>      my %resp = map { $_ => $auth_param->{$_} } qw(realm nonce opaque);
> -    @resp{qw(username uri response)} = ($user, $uri, $digest);
> +    @resp{qw(username uri response algorithm)} = ($user, $uri, $digest, "MD5");
> +
> +    if($auth_param->{qop} eq "auth") {
> +     @resp{qw(qop cnonce nc)} = ("auth", $cnonce, $nc);
> +    }
>  
> -    my(@order) = qw(username realm nonce uri response);
> +    my(@order) = qw(username realm qop algorithm uri nonce nc cnonce response);
>      if($request->method =~ /^(?:POST|PUT)$/) {
>       $md5->add($request->content);
>       my $content = $md5->hexdigest;

Reply via email to