[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [libmicrohttpd] Out of band authentication with libmicrohttpd
From: |
Evgeny Grin |
Subject: |
Re: [libmicrohttpd] Out of band authentication with libmicrohttpd |
Date: |
Thu, 1 Dec 2016 23:35:34 +0300 |
User-agent: |
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.5.0 |
At the bottom of official GNU libmicrohttpd page you will find
(incomplete) list of alternatives:
https://www.gnu.org/software/libmicrohttpd/
Not sure that any of them implemented such functionality for reasons
that I already described.
--
Best Wishes,
Evgeny Grin
On 01.12.2016 21:28, Daniel Tweed, Mr wrote:
> I'm sorry if it's rude to ask, but have you ever seen a library which
> implements the functions required for this status code? I chose
> libmicrohttpd almost solely based on the fact that I thought this
> function would be available, given the defines, whereas the others I had
> looked at (libhttpd, lievhtp libonion, etc) did not define the code at all.
>
>
> Best,
>
> Daniel
>
> ------------------------------------------------------------------------
> *From:* libmicrohttpd
> <address@hidden> on behalf of
> Christian Grothoff <address@hidden>
> *Sent:* Thursday, December 1, 2016 1:03:11 PM
> *To:* address@hidden
> *Subject:* Re: [libmicrohttpd] Out of band authentication with
> libmicrohttpd
>
> Dear Daniel,
>
> We just defined the status code (for completeness of the #defines), but
> never implemented its semantics. So you cannot actually use it with MHD.
>
> Happy hacking
>
> Christian
>
> On 12/01/2016 03:28 PM, Daniel Tweed, Mr wrote:
>> Dear Evgeny,
>>
>> My primary question is around the fact that libmicrohttpd implements the
>> http 102 code as MHD_HTTP_PROCESSING. The only meaningful use of this
>> code is to transmit it to the client and then send a follow up response
>> when the processing is complete. There is no other defined behaviour
>> for this code. So, what I'm trying to deduce is: Does libmicrohttpd
>> actually implement this functionality? If so, how would one go about
>> doing this? If not, why is the code implemented? Should it be removed
>> from the library?
>>
>> Thanks again for all your comments. I'm sorry if I wasn't clear before
>> but I am not working from obsoleted specifications, in RFC 4918 it
>> mentions that the for HTTP 102 continue to refer to RFC 2518, not that
>> the code is no longer supported. The RFC was obsoleted, not the the
>> code. It is still registered with IANA and is still supported with all
>> major browsers. I appreciate your attempts to educate me, but http1.1
>> supports what I am trying to do, I'm just trying to figure out if
>> libmicrohttpd does, as the definition of the status code would seem to
>> imply.
>>
>> Regards,
>> Daniel
>>
>> ------------------------------------------------------------------------
>> *From:* libmicrohttpd
>> <address@hidden> on behalf of
>> Evgeny Grin <address@hidden>
>> *Sent:* Thursday, December 1, 2016 9:18:17 AM
>> *To:* address@hidden
>> *Subject:* Re: [libmicrohttpd] Out of band authentication with
>> libmicrohttpd
>>
>> To make it clear: MHD follow HTTP specifications and do not allow to use
>> two responses for single request.
>>
>> --
>> Best Wishes,
>> Evgeny Grin
>>
>> On 01.12.2016 17:07, Evgeny Grin wrote:
>>> On 01.12.2016 16:30, Daniel Tweed, Mr wrote:
>>>> On 01.12.2016 3:04, Daniel Tweed, Mr wrote:
>>>>>> I'm really new to libmicrohttpd and the examples/tutorial have been
>>>>>> really helpful, but I can't figure out how to implement one specific
>>>>>> thing I need.
>>>>>>
>>>>>> What I am trying to achieved is:
>>>>>>
>>>>>> 1.
>>>>>> Send http 102 to client who requested anydoc.html which requires
>>>>>> authentication
>>>>> HTTP standards doesn't define response code 102.
>>>>> See https://tools.ietf.org/html/rfc7231#section-6
>>>>> and https://tools.ietf.org/html/rfc2616#section-6.1.1
>>>>
>>>> It was defined in RFC 2518, which was updated/obsoleted by RFC 4918 for
>>>> WebDAV. Granted they removed http 102 from the specification (due to a
>>>> lack of implementation) and advise that its IANA registration should
>>>> continue to refer to RDF2518.
>>>> At a minimum, Firefox and IE respond correctly to this status code, and
>>>> it is implemented in libmicrohttpd as MHD_HTTP_PROCESSING
>>>
>>> I highly recommend you not to use obsoleted specifications - support in
>>> existing application can be dropped in any moment and new application
>>> most probably will not work with this code.
>>> So you will need to re-do your work one more time when clients
>>> unexpectedly start to refuse your server responses.
>>>
>>>>>> 2.
>>>>>> Some processing on the serverside, including out of band
>>>> authentication
>>>>>>
>>>>>> 3.
>>>>>> If authenticated, send response built from somedoc.html, otherwise
>>>>>> generic not auth message
>>>>
>>>>> HTTP use request-response logic. If you already responded (your code
>>>>> 102) to some request then you can't add another response later.
>>>>
>>>> The purpose of the http102 message is so the client will not timeout
>>>> when waiting for a response if the request will take a long time. Using
>>>> the MHD_HTTP_PROCESSING code requires some mechanism to first send a
>>>> response with this code and then send a final response. I just figure
>>>> out how or if this functionality has ever been implemented in the library.
>>>
>>> These is not grantee that client will wait more after 102.
>>> Moreover, chances of successful response even lower, if you take into
>>> account obsoleted nature of this status.
>>>
>>>>>> I'm having a failure of understanding somewhere, in that I cannot seem
>>>>>> to figure out how to send the 102 and save the connection details so
>>>>>> that I can forward the response in step 3. I had thought I could queue
>>>>>> a response then either enter a wait loop or suspend the connection, but
>>>>>> as far as I can tell I have to return from the
>>>>>> |MHD_AcceptPolicyCallback| for the response to be sent. Then I cannot
>>>>>> figure out how to get back to the connection as I cannot suspend it and
>>>>>> save the pointer. I have looked at the request completed call back but
>>>>>> this still results in the 102 not being sent.
>>>>>>
>>>>>> I really can't figure out a process to achieve these steps from the
>>>>>> examples or the manual. I'm sure I'm either missing something about
>>>>>> http processing or about libmicrohttpd any help or advice would be
>>>>>> appreciated. I'm happy to share anything that would make my question
>>>>>> clearer, including more details on the overall application or specific
>>>>>> code I am working with.
>>>>
>>>>> MHD_AcceptPolicyCallback could be used to choose whether to process
>>>>> connection or does not process connection at all.
>>>>
>>>>> You should ether call MHD_queue_response() from your callback
>>>>> MHD_AccessHandlerCallback specified in MHD_start_daemon() parameter or,
>>>>> if your application need some time to generate response - call
>>>>> MHD_suspend_connection(). When application is ready to generate response
>>>>> - call MHD_resume_connection(), then MHD will call again your
>>>>> MHD_AccessHandlerCallback where you can call MHD_queue_response() to
>>>>> provide response to client.
>>>>
>>>>> If you need some kind of authorization, you can use MHD built-in
>>>>> functions.
>>>>> See examples:
>>>>> src/examples/authorization_example.c
>>>>> src/examples/digest_auth_example.c
>>>>> and
>>>>> doc/examples/tlsauthentication.c
>>>>
>>>> Thanks, I took a look at these but I'm specifically looking at
>>>> out-of-and authentication. Since posting this, I found a discussion on
>>>> a similar topic on the IRC logs to use either keep-alive or
>>>> MHD_create_response_from_callback (). My concern is that I cannot know
>>>> how long the out-of-band authentication will take and I need to advise
>>>> the client not to time out. I need the http 102 message for other
>>>> reasons, but I could work around them, but it seems that this function
>>>> is implementable somehow, given that the code is defined, so I'm really
>>>> hoping not to have to rework my other applications around it.
>>>
>>> You can use MHD_create_response_from_callback() with MHD_SIZE_UNKNOWN
>>> and generate response by chunks. This will prevent clients from
>>> detecting of timeout.
>>>
>>
>
- [libmicrohttpd] Out of band authentication with libmicrohttpd, Daniel Tweed, Mr, 2016/12/01
- Re: [libmicrohttpd] Out of band authentication with libmicrohttpd, Evgeny Grin, 2016/12/01
- Re: [libmicrohttpd] Out of band authentication with libmicrohttpd, Daniel Tweed, Mr, 2016/12/01
- Re: [libmicrohttpd] Out of band authentication with libmicrohttpd, Evgeny Grin, 2016/12/01
- Re: [libmicrohttpd] Out of band authentication with libmicrohttpd, Evgeny Grin, 2016/12/01
- Re: [libmicrohttpd] Out of band authentication with libmicrohttpd, Daniel Tweed, Mr, 2016/12/01
- Re: [libmicrohttpd] Out of band authentication with libmicrohttpd, Christian Grothoff, 2016/12/01
- Re: [libmicrohttpd] Out of band authentication with libmicrohttpd, Daniel Tweed, Mr, 2016/12/01
- Re: [libmicrohttpd] Out of band authentication with libmicrohttpd, Daniel Tweed, Mr, 2016/12/01
- Re: [libmicrohttpd] Out of band authentication with libmicrohttpd,
Evgeny Grin <=
- Re: [libmicrohttpd] Out of band authentication with libmicrohttpd, Christian Grothoff, 2016/12/02
- Re: [libmicrohttpd] Out of band authentication with libmicrohttpd, Christian Grothoff, 2016/12/03
- Re: [libmicrohttpd] Out of band authentication with libmicrohttpd, Christian Grothoff, 2016/12/03
- Re: [libmicrohttpd] Out of band authentication with libmicrohttpd, Evgeny Grin, 2016/12/01