[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
address@hidden: Bug in url-get-authentication]
|
From: |
Richard Stallman |
|
Subject: |
address@hidden: Bug in url-get-authentication] |
|
Date: |
Sat, 15 Dec 2007 16:37:02 -0500 |
Would people please take a look at this and respond to John?
------- Start of forwarded message -------
X-Spam-Status: No, score=0.0 required=5.0 tests=SPF_PASS,UNPARSEABLE_RELAY
autolearn=failed version=3.1.0
Message-Id: <address@hidden>
From: John Wiegley <address@hidden>
To: address@hidden
Content-Type: multipart/mixed; boundary=Apple-Mail-10--38520107
Mime-Version: 1.0 (Apple Message framework v915)
Date: Mon, 10 Dec 2007 14:40:11 -0400
Subject: Bug in url-get-authentication
- --Apple-Mail-10--38520107
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
At the bottom of url-get-authentication, there is a sexp that looks
like this:
(if (and scheme (fboundp scheme))
(funcall scheme url prompt
(and prompt
(funcall scheme url nil nil realm args))
realm args))
What this says is that if the scheme succeeds, the same function is
called again and the user/pass authentication info overwrites whatever
was previously stored. However, if prompt is t, the user gets
prompted _every_ time a page requiring authentication is accessed --
even if they have already successfully authenticated. This is because
there is an (or (and (not retval) prompt) overwrite) sexp inside url-
digest-auth, meaning that overwrite true == show prompt, even if
authentication succeeded on the previous pass.
The solution to this is yet another version of url-digest-auth (which
includes my previous fix):
- --Apple-Mail-10--38520107
Content-Disposition: attachment;
filename=url-digest-auth.el
Content-Type: application/octet-stream;
x-unix-mode=0644;
name="url-digest-auth.el"
Content-Transfer-Encoding: 7bit
(defun url-digest-auth (url &optional prompt overwrite realm args)
"Get the username/password for the specified URL.
If optional argument PROMPT is non-nil, ask for the username/password
to use for the url and its descendants. If optional third argument
OVERWRITE is non-nil, overwrite the old username/password pair if it
is found in the assoc list. If REALM is specified, use that as the realm
instead of hostname:portnum."
(if args
(let* ((href (if (stringp url)
(url-generic-parse-url url)
url))
(server (url-host href))
(port (url-port href))
(path (url-filename href))
user pass byserv retval data)
(setq path (cond
(realm realm)
((string-match "/$" path) path)
(t (url-basepath path)))
server (format "%s:%d" server port)
byserv (cdr-safe (assoc server url-digest-auth-storage)))
(cond
((and prompt (not byserv))
(setq user (read-string (url-auth-user-prompt url realm)
(user-real-login-name))
pass (read-passwd "Password: ")
url-digest-auth-storage
(cons (list server
(cons path
(setq retval
(cons user
(url-digest-auth-create-key
user pass realm
(or url-request-method "GET")
url)))))
url-digest-auth-storage)))
(byserv
(setq retval (cdr-safe (assoc path byserv)))
(if (and (not retval) ; no exact match, check directories
(string-match "/" path)) ; not looking for a realm
(while (and byserv (not retval))
(setq data (car (car byserv)))
(if (or (not (string-match "/" data))
(and
(>= (length path) (length data))
(string= data (substring path 0 (length data)))))
(setq retval (cdr (car byserv))))
(setq byserv (cdr byserv))))
(if overwrite
(if (and (not retval) prompt)
(setq user (read-string (url-auth-user-prompt url realm)
(user-real-login-name))
pass (read-passwd "Password: ")
retval (setq retval
(cons user
(url-digest-auth-create-key
user pass realm
(or url-request-method "GET")
url)))
byserv (assoc server url-digest-auth-storage))
(setcdr byserv
(cons (cons path retval) (cdr byserv))))))
(t (setq retval nil)))
(if retval
(if (cdr-safe (assoc "opaque" args))
(let ((nonce (or (cdr-safe (assoc "nonce" args)) "nonegiven"))
(opaque (cdr-safe (assoc "opaque" args))))
(format
(concat "Digest username=\"%s\", realm=\"%s\","
"nonce=\"%s\", uri=\"%s\","
"response=\"%s\", opaque=\"%s\"")
(nth 0 retval) realm nonce (url-filename href)
(md5 (concat (nth 1 retval) ":" nonce ":"
(nth 2 retval))) opaque))
(let ((nonce (or (cdr-safe (assoc "nonce" args)) "nonegiven")))
(format
(concat "Digest username=\"%s\", realm=\"%s\","
"nonce=\"%s\", uri=\"%s\","
"response=\"%s\"")
(nth 0 retval) realm nonce (url-filename href)
(md5 (concat (nth 1 retval) ":" nonce ":"
(nth 2 retval))))))))))
- --Apple-Mail-10--38520107
Content-Type: text/plain;
charset=US-ASCII;
format=flowed
Content-Transfer-Encoding: 7bit
- --Apple-Mail-10--38520107--
------- End of forwarded message -------
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- address@hidden: Bug in url-get-authentication],
Richard Stallman <=