curl-library
DIGEST authentication with a proxy server
Date: Thu, 03 Jun 2004 12:29:31 +0200
Hi all,
I'm using libcurl C API 7.12.0 on my RedHat 8 box. I fetch web pages
through a Squid proxy server configured with DIGEST authentication. I
found out that the authentication is successfull only if I set the same
user:password (the one that is requested by Squid) in both
CURLOPT_PROXYUSERPWD and CURLOPT_USERPWD.
If I do not set CURLOPT_USERPWD, it won't succeed : Squid refuses the
connection.
Note that the web server that I try to reach through Squid does not
request any authentication (so CURLOPT_USERPWD should not be usefull).
I went through "http_digest.c" code and I think I found the origin of
the problem (even if "proxy" is true, the user/password data used in
authentication are "conn->user" and "conn->passwd" instead of the
proxy's ones).
Here is a patch that works fine for me (inspired from "http_ntlm.c" code).
Am I on the right way, or did I miss something ?
Vincent
--- lib/http_digest.c.sav 2004-06-03 11:43:01.000000000 +0200
+++ lib/http_digest.c 2004-06-03 11:56:30.000000000 +0200
@@ -221,23 +221,37 @@
char *cnonce;
char *tmp = NULL;
struct timeval now;
+
+ char **allocuserpwd;
+ char *userp;
+ char *passwdp;
struct auth *authp;
- char **userp;
struct SessionHandle *data = conn->data;
struct digestdata *d;
if(proxy) {
d = &data->state.proxydigest;
+ allocuserpwd = &conn->allocptr.proxyuserpwd;
+ userp = conn->proxyuser;
+ passwdp = conn->proxypasswd;
authp = &data->state.authproxy;
- userp = &conn->allocptr.proxyuserpwd;
}
else {
d = &data->state.digest;
+ allocuserpwd = &conn->allocptr.userpwd;
+ userp = conn->user;
+ passwdp = conn->passwd;
authp = &data->state.authhost;
- userp = &conn->allocptr.userpwd;
}
+ /* not set means empty */
+ if(!userp)
+ userp=(char *)"";
+
+ if(!passwdp)
+ passwdp=(char *)"";
+
if(!d->nonce) {
authp->done = FALSE;
return CURLE_OK;
@@ -269,7 +283,7 @@
*/
md5this = (unsigned char *)
- aprintf("%s:%s:%s", conn->user, d->realm, conn->passwd);
+ aprintf("%s:%s:%s", userp, d->realm, passwdp);
if(!md5this)
return CURLE_OUT_OF_MEMORY;
Curl_md5it(md5buf, md5this);
@@ -347,10 +361,10 @@
nonce="1053604145", uri="/64",
response="c55f7f30d83d774a3d2dcacf725abaca"
*/
- Curl_safefree(conn->allocptr.userpwd);
+ Curl_safefree(*allocuserpwd);
if (d->qop) {
- *userp =
+ *allocuserpwd =
aprintf( "%sAuthorization: Digest "
"username=\"%s\", "
"realm=\"%s\", "
@@ -361,7 +375,7 @@
"qop=\"%s\", "
"response=\"%s\"",
proxy?"Proxy-":"",
- conn->user,
+ userp,
d->realm,
d->nonce,
uripath, /* this is the PATH part of the URL */
@@ -376,7 +390,7 @@
same nonce in the qop=auth mode. */
}
else {
- *userp =
+ *allocuserpwd =
aprintf( "%sAuthorization: Digest "
"username=\"%s\", "
"realm=\"%s\", "
@@ -384,40 +398,40 @@
"uri=\"%s\", "
"response=\"%s\"",
proxy?"Proxy-":"",
- conn->user,
+ userp,
d->realm,
d->nonce,
uripath, /* this is the PATH part of the URL */
request_digest);
}
- if(!*userp)
+ if(!*allocuserpwd)
return CURLE_OUT_OF_MEMORY;
/* Add optional fields */
if(d->opaque) {
/* append opaque */
- tmp = aprintf("%s, opaque=\"%s\"", *userp, d->opaque);
+ tmp = aprintf("%s, opaque=\"%s\"", *allocuserpwd, d->opaque);
if(!tmp)
return CURLE_OUT_OF_MEMORY;
- free(*userp);
- *userp = tmp;
+ free(*allocuserpwd);
+ *allocuserpwd = tmp;
}
if(d->algorithm) {
/* append algorithm */
- tmp = aprintf("%s, algorithm=\"%s\"", *userp, d->algorithm);
+ tmp = aprintf("%s, algorithm=\"%s\"", *allocuserpwd, d->algorithm);
if(!tmp)
return CURLE_OUT_OF_MEMORY;
- free(*userp);
- *userp = tmp;
+ free(*allocuserpwd);
+ *allocuserpwd = tmp;
}
/* append CRLF to the userpwd header */
- tmp = (char*) realloc(*userp, strlen(*userp) + 3 + 1);
+ tmp = (char*) realloc(*allocuserpwd, strlen(*allocuserpwd) + 3 + 1);
if(!tmp)
return CURLE_OUT_OF_MEMORY;
strcat(tmp, "\r\n");
- *userp = tmp;
+ *allocuserpwd = tmp;
return CURLE_OK;
}
Received on 2004-06-03