libmicrohttpd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] Out of band authentication with libmicrohttpd


From: Daniel Tweed, Mr
Subject: Re: [libmicrohttpd] Out of band authentication with libmicrohttpd
Date: Thu, 1 Dec 2016 18:19:34 +0000

Thanks Christian.  That's the answer I was expecting, to the question I was asking.


I should have examined the library more closely before I started working with it, but I saw the code was defined so assumed there must be a way to implement the required behaviour.  


Best regards,

Daniel


From: libmicrohttpd <libmicrohttpd-bounces+address@hidden> on behalf of Christian Grothoff <address@hidden>
Sent: Thursday, December 1, 2016 1:03:11 PM
To: address@hidden
Subject: Re: [libmicrohttpd] Out of band authentication with libmicrohttpd
 
Dear Daniel,

We just defined the status code (for completeness of the #defines), but
never implemented its semantics.  So you cannot actually use it with MHD.

Happy hacking

Christian

On 12/01/2016 03:28 PM, Daniel Tweed, Mr wrote:
> Dear Evgeny,
>
> My primary question is around the fact that libmicrohttpd implements the
> http 102 code as MHD_HTTP_PROCESSING.  The only meaningful use of this
> code is to transmit it to the client and then send a follow up response
> when the processing is complete.  There is no other defined behaviour
> for this code.  So, what I'm trying to deduce is: Does libmicrohttpd
> actually implement this functionality?  If so, how would one go about
> doing this?  If not, why is the code implemented?  Should it be removed
> from the library?
>
> Thanks again for all your comments.  I'm sorry if I wasn't clear before
> but I am not working from obsoleted specifications, in RFC 4918 it
> mentions that the for HTTP 102 continue to refer to RFC 2518, not that
> the code is no longer supported.  The RFC was obsoleted, not the the
> code.  It is still registered with IANA and is still supported with all
> major browsers.  I appreciate your attempts to educate me, but http1.1
> supports what I am trying to do, I'm just trying to figure out if
> libmicrohttpd does, as the definition of the status code would seem to
> imply.
>
> Regards,
> Daniel
>
> ------------------------------------------------------------------------
> *From:* libmicrohttpd
> <libmicrohttpd-bounces+address@hidden> on behalf of
> Evgeny Grin <address@hidden>
> *Sent:* Thursday, December 1, 2016 9:18:17 AM
> *To:* address@hidden
> *Subject:* Re: [libmicrohttpd] Out of band authentication with
> libmicrohttpd

> To make it clear: MHD follow HTTP specifications and do not allow to use
> two responses for single request.
>
> --
> Best Wishes,
> Evgeny Grin
>
> On 01.12.2016 17:07, Evgeny Grin wrote:
>> On 01.12.2016 16:30, Daniel Tweed, Mr wrote:
>>> On 01.12.2016 3:04, Daniel Tweed, Mr wrote:
>>>>> I'm really new to libmicrohttpd and the examples/tutorial have been
>>>>> really helpful, but I can't figure out how to implement one specific
>>>>> thing I need.
>>>>>
>>>>> What I am trying to achieved is:
>>>>>
>>>>>  1.
>>>>>     Send http 102 to client who requested anydoc.html which requires
>>>>>     authentication
>>>> HTTP standards doesn't define response code 102.
>>>> See https://tools.ietf.org/html/rfc7231#section-6
>>>> and https://tools.ietf.org/html/rfc2616#section-6.1.1
>>>
>>> It was defined in RFC 2518, which was updated/obsoleted by RFC 4918 for
>>> WebDAV.  Granted they removed http 102 from the specification (due to a
>>> lack of implementation) and advise that its IANA registration should
>>> continue to refer to RDF2518.
>>> At a minimum, Firefox and IE respond correctly to this status code, and
>>> it is implemented in libmicrohttpd as MHD_HTTP_PROCESSING
>>
>> I highly recommend you not to use obsoleted specifications - support in
>> existing application can be dropped in any moment and new application
>> most probably will not work with this code.
>> So you will need to re-do your work one more time when clients
>> unexpectedly start to refuse your server responses.
>>
>>>>>  2.
>>>>>     Some processing on the serverside, including out of band
>>> authentication
>>>>>
>>>>>  3.
>>>>>     If authenticated, send response built from somedoc.html, otherwise
>>>>>     generic not auth message
>>>
>>>> HTTP use request-response logic. If you already responded (your code
>>>> 102) to some request then you can't add another response later.
>>>
>>> The purpose of the http102 message is so the client will not timeout
>>> when waiting for a response if the request will take a long time.  Using
>>> the MHD_HTTP_PROCESSING code requires some mechanism to first send a
>>> response with this code and then send a final response.  I just figure
>>> out how or if this functionality has ever been implemented in the library.
>>
>> These is not grantee that client will wait more after 102.
>> Moreover, chances of successful response even lower, if you take into
>> account obsoleted nature of this status.
>>
>>>>> I'm having a failure of understanding somewhere, in that I cannot seem
>>>>> to figure out how to send the 102 and save the connection details so
>>>>> that I can forward the response in step 3.   I had thought I could queue
>>>>> a response then either enter a wait loop or suspend the connection, but
>>>>> as far as I can tell I have to return from the
>>>>> |MHD_AcceptPolicyCallback| for the response to be sent.   Then I cannot
>>>>> figure out how to get back to the connection as I cannot suspend it and
>>>>> save the pointer. I have looked at the request completed call back but
>>>>> this still results in the 102 not being sent.
>>>>>
>>>>> I really can't figure out a process to achieve these steps from the
>>>>> examples or the manual.  I'm sure I'm either missing something about
>>>>> http processing or about libmicrohttpd any help or advice would be
>>>>> appreciated.  I'm happy to share anything that would make my question
>>>>> clearer, including more details on the overall application or specific
>>>>> code I am working with.
>>>
>>>> MHD_AcceptPolicyCallback could be used to choose whether to process
>>>> connection or does not process connection at all.
>>>
>>>> You should ether call MHD_queue_response() from your callback
>>>> MHD_AccessHandlerCallback specified in MHD_start_daemon() parameter or,
>>>> if your application need some time to generate response - call
>>>> MHD_suspend_connection(). When application is ready to generate response
>>>> - call MHD_resume_connection(), then MHD will call again your
>>>> MHD_AccessHandlerCallback where you can call MHD_queue_response() to
>>>> provide response to client.
>>>
>>>> If you need some kind of authorization, you can use MHD built-in functions.
>>>> See examples:
>>>> src/examples/authorization_example.c
>>>> src/examples/digest_auth_example.c
>>>> and
>>>> doc/examples/tlsauthentication.c
>>>
>>> Thanks, I took a look at these but I'm specifically looking at
>>> out-of-and authentication.  Since posting this, I found a discussion on
>>> a similar topic on the IRC logs to use either keep-alive or
>>> MHD_create_response_from_callback ().  My concern is that I cannot know
>>> how long the out-of-band authentication will take and I need to advise
>>> the client not to time out.  I need the http 102 message for other
>>> reasons, but I could work around them, but it seems that this function
>>> is implementable somehow, given that the code is defined, so I'm really
>>> hoping not to have to rework my other applications around it.
>>
>> You can use MHD_create_response_from_callback() with MHD_SIZE_UNKNOWN
>> and generate response by chunks. This will prevent clients from
>> detecting of timeout.
>>
>


reply via email to

[Prev in Thread] Current Thread [Next in Thread]