keith 2003/03/24 15:19:19
Modified: . RELEASE-NOTES-4.1.txt
catalina/src/share/org/apache/catalina/authenticator
DigestAuthenticator.java
catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Improve digest auth compatibility
PR: 9851
Submitted by: Carlos Quiroz <[EMAIL PROTECTED]>
Revision Changes Path
1.71 +3 -1 jakarta-tomcat-4.0/RELEASE-NOTES-4.1.txt
Index: RELEASE-NOTES-4.1.txt
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/RELEASE-NOTES-4.1.txt,v
retrieving revision 1.70
retrieving revision 1.71
diff -u -r1.70 -r1.71
--- RELEASE-NOTES-4.1.txt 19 Mar 2003 01:33:16 -0000 1.70
+++ RELEASE-NOTES-4.1.txt 24 Mar 2003 23:19:18 -0000 1.71
@@ -731,6 +731,8 @@
JDBCStore
Fix bug where first session in result set was skipped.
+[4.1.25] #9851
+ Improve Digest Authentication compatibility
----------------
Coyote Bug Fixes:
1.11 +15 -6
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/DigestAuthenticator.java
Index: DigestAuthenticator.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/DigestAuthenticator.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- DigestAuthenticator.java 19 Oct 2001 16:23:57 -0000 1.10
+++ DigestAuthenticator.java 24 Mar 2003 23:19:19 -0000 1.11
@@ -313,8 +313,14 @@
nc = currentTokenValue;
if ("cnonce".equals(currentTokenName))
cnonce = removeQuotes(currentTokenValue);
- if ("qop".equals(currentTokenName))
- qop = removeQuotes(currentTokenValue);
+ if ("qop".equals(currentTokenName)) {
+ //support both quoted and non-quoted
+ if (currentTokenValue.startsWith("\"") &&
+ currentTokenValue.endsWith("\""))
+ qop = removeQuotes(currentTokenValue);
+ else
+ qop = currentTokenValue;
+ }
if ("uri".equals(currentTokenName))
uri = removeQuotes(currentTokenValue);
if ("response".equals(currentTokenName))
@@ -323,6 +329,9 @@
if ( (userName == null) || (realmName == null) || (nOnce == null)
|| (uri == null) || (response == null) )
+ return null;
+
+ if (qop != null && (cnonce == null || nc == null))
return null;
// Second MD5 digest used to calculate the digest :
1.13 +10 -6
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/RealmBase.java
Index: RealmBase.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/RealmBase.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- RealmBase.java 9 Jun 2002 02:19:43 -0000 1.12
+++ RealmBase.java 24 Mar 2003 23:19:19 -0000 1.13
@@ -336,7 +336,7 @@
/**
* Return the Principal associated with the specified username, which
* matches the digest calculated using the given parameters using the
- * method described in RFC 2069; otherwise return <code>null</code>.
+ * method described in RFC 2617; otherwise return <code>null</code>.
*
* @param username Username of the Principal to look up
* @param clientDigest Digest which has been submitted by the client
@@ -369,7 +369,11 @@
String md5a1 = getDigest(username, realm);
if (md5a1 == null)
return null;
- String serverDigestValue = md5a1 + ":" + nOnce + ":" + nc + ":"
+ String serverDigestValue;
+ if (!"auth".equals(qop))
+ serverDigestValue = md5a1 + ":" + nOnce + ":" + md5a2;
+ else
+ serverDigestValue = md5a1 + ":" + nOnce + ":" + nc + ":"
+ cnonce + ":" + qop + ":" + md5a2;
String serverDigest =
md5Encoder.encode(md5Helper.digest(serverDigestValue.getBytes()));
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
