![[staff profile]](https://www.dreamwidth.org/img/silk/identity/user_staff.png){kind=small}
![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
[dw-free] auth=digest qop="auth" not required (but is being enforced)
[commit: http://hg.dwscoalition.org/dw-free/rev/4308824569c9]
http://bugs.dwscoalition.org/show_bug.cgi?id=1784
Follow Digest protocol better; allows wget and tools to use auth=digest.
Patch by![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
exor674.
Files modified:
http://bugs.dwscoalition.org/show_bug.cgi?id=1784
Follow Digest protocol better; allows wget and tools to use auth=digest.
Patch by
exor674.Files modified:
- cgi-bin/ljlib.pl
--------------------------------------------------------------------------------
diff -r e39e8d9b5d68 -r 4308824569c9 cgi-bin/ljlib.pl
--- a/cgi-bin/ljlib.pl Tue Sep 29 18:05:38 2009 +0000
+++ b/cgi-bin/ljlib.pl Wed Sep 30 03:46:55 2009 +0000
@@ -938,7 +938,7 @@ sub auth_digest {
}
# sanity checks
- unless ($authname eq 'Digest' && $attrs{'qop'} eq 'auth' &&
+ unless ($authname eq 'Digest' && ( !defined $attrs{'qop'} || $attrs{'qop'} eq 'auth' ) &&
$attrs{'realm'} eq 'lj' && (!defined $attrs{'algorithm'} || $attrs{'algorithm'} eq 'MD5')) {
return $decline->(0);
}
@@ -976,11 +976,17 @@ sub auth_digest {
# recalculate the hash and compare to response
+ my $qop = $attrs{qop};
my $a1src = $u->user . ':lj:' . $u->password;
my $a1 = Digest::MD5::md5_hex($a1src);
my $a2src = $r->method . ":$attrs{'uri'}";
my $a2 = Digest::MD5::md5_hex($a2src);
- my $hashsrc = "$a1:$attrs{'nonce'}:$attrs{'nc'}:$attrs{'cnonce'}:$attrs{'qop'}:$a2";
+ my $hashsrc;
+ if ( $qop eq 'auth' ) {
+ $hashsrc = "$a1:$attrs{'nonce'}:$attrs{'nc'}:$attrs{'cnonce'}:$attrs{'qop'}:$a2";
+ } else {
+ $hashsrc = "$a1:$attrs{'nonce'}:$a2";
+ }
my $hash = Digest::MD5::md5_hex($hashsrc);
return $decline->(0)
--------------------------------------------------------------------------------