libmicrohttpd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] Out of band authentication with libmicrohttpd

From: Daniel Tweed, Mr
Subject: Re: [libmicrohttpd] Out of band authentication with libmicrohttpd
Date: Thu, 1 Dec 2016 13:30:34 +0000

Hi Evgeny,


Thank you for your response. I'm sorry if I was unclear, but please see my inline comments:


From: libmicrohttpd <libmicrohttpd-bounces+address@hidden> on behalf of Evgeny Grin <address@hidden>
Sent: Thursday, December 1, 2016 7:14 AM
To: address@hidden
Subject: Re: [libmicrohttpd] Out of band authentication with libmicrohttpd
 
Hi Daniel,

On 01.12.2016 3:04, Daniel Tweed, Mr wrote:
>> I'm really new to libmicrohttpd and the examples/tutorial have been
>> really helpful, but I can't figure out how to implement one specific
> > thing I need.
> >
> > What I am trying to achieved is:
> >
> >  1.
> >     Send http 102 to client who requested anydoc.html which requires
> >     authentication
> HTTP standards doesn't define response code 102.
> See https://tools.ietf.org/html/rfc7231#section-6
> and https://tools.ietf.org/html/rfc2616#section-6.1.1

It was defined in RFC 2518, which was updated/obsoleted by RFC 4918 for WebDAV.  Granted they removed http 102 from the specification (due to a lack of implementation) and advise that its IANA registration should continue to refer to RDF2518.

At a minimum, Firefox and IE respond correctly to this status code, and it is implemented in libmicrohttpd as MHD_HTTP_PROCESSING

> >  2.
> >     Some processing on the serverside, including out of band authentication
> >
> >  3.
> >     If authenticated, send response built from somedoc.html, otherwise
> >     generic not auth message

>HTTP use request-response logic. If you already responded (your code
> 102) to some request then you can't add another response later.

The purpose of the http102 message is so the client will not timeout when waiting for a response if the request will take a long time.  Using the MHD_HTTP_PROCESSING code requires some mechanism to first send a response with this code and then send a final response.  I just figure out how or if this functionality has ever been implemented in the library.

> > I'm having a failure of understanding somewhere, in that I cannot seem
> > to figure out how to send the 102 and save the connection details so
> > that I can forward the response in step 3.   I had thought I could queue
> > a response then either enter a wait loop or suspend the connection, but
> > as far as I can tell I have to return from the
> > |MHD_AcceptPolicyCallback| for the response to be sent.   Then I cannot
> > figure out how to get back to the connection as I cannot suspend it and
> > save the pointer. I have looked at the request completed call back but
> > this still results in the 102 not being sent.
> >
> > I really can't figure out a process to achieve these steps from the
> > examples or the manual.  I'm sure I'm either missing something about
>> http processing or about libmicrohttpd any help or advice would be
>> appreciated.  I'm happy to share anything that would make my question
>> clearer, including more details on the overall application or specific
>> code I am working with.

> MHD_AcceptPolicyCallback could be used to choose whether to process
> connection or does not process connection at all.

> You should ether call MHD_queue_response() from your callback
> MHD_AccessHandlerCallback specified in MHD_start_daemon() parameter or,
> if your application need some time to generate response - call
> MHD_suspend_connection(). When application is ready to generate response
> - call MHD_resume_connection(), then MHD will call again your
> MHD_AccessHandlerCallback where you can call MHD_queue_response() to
> provide response to client.

> If you need some kind of authorization, you can use MHD built-in functions.
> See examples:
> src/examples/authorization_example.c
> src/examples/digest_auth_example.c
> and
> doc/examples/tlsauthentication.c

Thanks, I took a look at these but I'm specifically looking at out-of-and authentication.  Since posting this, I found a discussion on a similar topic on the IRC logs to use either keep-alive or MHD_create_response_from_callback ().  My concern is that I cannot know how long the out-of-band authentication will take and I need to advise the client not to time out.  I need the http 102 message for other reasons, but I could work around them, but it seems that this function is implementable somehow, given that the code is defined, so I'm really hoping not to have to rework my other applications around it.

>--
>Best Wishes,
>Evgeny Grin

Thanks again,
Daniel

reply via email to
[Prev in Thread] Current Thread [Next in Thread]