cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: introduced an auth callback

From: Joe Mason <jmason_at_rim.com>
Date: Fri, 11 May 2012 18:32:44 +0000

> From: curl-library-bounces_at_cool.haxx.se [curl-library-bounces_at_cool.haxx.se] on
> behalf of Joe Mason [jmason_at_rim.com]
> Sent: Tuesday, May 08, 2012 1:01 PM
> To: libcurl development
> Subject: RE: introduced an auth callback
>
> It does now! I just pushed my work-in-progress to
> https://github.com/JoeNotCharles/curl/commits/authcallback.
>
> I haven't updated with any of the API changes we discussed yet.

I've pushed an update with the new API to

https://github.com/JoeNotCharles/curl/commits/authcallback_api2_squashed

I removed the "pause" functionality since it's still contentious, which makes the patch quite a bit simpler. (This should be added as a separate patch anyway.)

The second patch from the top is the main implementation, which doesn't have any protection against returning "continue" from the auth callback with the same password over and over again. The top patch adds a check for repeated passwords. I'm still not sure which is better, but it's easy to drop the top patch if we decide not to use it.

Two other things to note about the code:

Curl_http_auth_act checks for 401 and 407 codes, but also has a condition that sets up both host and proxy auth: "conn->bits.authneg && data->req.httpcode < 300". I don't know what the authneg condition is or how to test this, so I didn't copy this test for the code that calls the auth callback on rejected credentials. Is this important?

The "realm" param is left as NULL for all auth types except Digest, because adding parsing for it out of all the other types of auth header is a big job that I haven't had time to do. (Some auth types, like NTLM, will keep it as NULL permanently because they don't have a concept of realm.)

So, what's the next step to get this into curl? Docs and unit tests - what else?

Joe
---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-05-11