[CalendarServer-changes] [4053] CalendarServer/trunk/lib-patches/Twisted/twisted.web2.auth.digest. patch

source_changes at macosforge.org source_changes at macosforge.org
Tue Apr 21 12:33:50 PDT 2009 

Revision: 4053
          http://trac.macosforge.org/projects/calendarserver/changeset/4053
Author:   darla at apple.com
Date:     2009-04-21 12:33:49 -0700 (Tue, 21 Apr 2009)
Log Message:
-----------
Workaround to get digest auth to work in IE7.

Modified Paths:
--------------
    CalendarServer/trunk/lib-patches/Twisted/twisted.web2.auth.digest.patch

Modified: CalendarServer/trunk/lib-patches/Twisted/twisted.web2.auth.digest.patch
===================================================================
--- CalendarServer/trunk/lib-patches/Twisted/twisted.web2.auth.digest.patch	2009-04-21 19:17:29 UTC (rev 4052)
+++ CalendarServer/trunk/lib-patches/Twisted/twisted.web2.auth.digest.patch	2009-04-21 19:33:49 UTC (rev 4053)
@@ -35,7 +35,26 @@
  }
  
  # DigestCalcHA1
-@@ -228,9 +237,9 @@
+@@ -153,7 +162,18 @@
+             calcHA1(algo, self.username, self.realm, password, nonce, cnonce),
+             algo, nonce, nc, cnonce, qop, self.method, uri, None
+         )
++        
++        if expected == response:
++            return True
+ 
++        # IE7 sends cnonce and nc values, but auth fails if they are used.
++        # So try again without them...
++        # They can be omitted for backwards compatibility [RFC 2069].
++        expected = calcResponse(
++            calcHA1(algo, self.username, self.realm, password, nonce, cnonce),
++            algo, nonce, None, None, qop, self.method, uri, None
++        )
++
+         return expected == response
+ 
+     def checkHash(self, digestHash):
+@@ -228,9 +248,9 @@
          # Now, what we do is encode the nonce, client ip and a timestamp
          # in the opaque value with a suitable digest
          key = "%s,%s,%s" % (nonce, clientip, str(int(self._getTime())))
@@ -47,7 +66,7 @@
  
      def verifyOpaque(self, opaque, nonce, clientip):
          """
-@@ -274,7 +283,7 @@
+@@ -274,7 +294,7 @@
                  'Invalid response, incompatible opaque/nonce too old')
  
          # Verify the digest
@@ -56,7 +75,7 @@
          if digest != opaqueParts[0]:
              raise error.LoginFailed('Invalid response, invalid opaque value')
  
-@@ -293,11 +302,12 @@
+@@ -293,11 +313,12 @@
          c = self.generateNonce()
          o = self.generateOpaque(c, peer.host)
  
@@ -74,7 +93,7 @@
  
      def decode(self, response, request):
          """
-@@ -315,18 +325,18 @@
+@@ -315,18 +336,18 @@
          @raise: L{error.LoginFailed} if the response does not contain a
              username, a nonce, an opaque, or if the opaque is invalid.
          """
@@ -104,7 +123,7 @@
          username = auth.get('username')
          if not username:
              raise error.LoginFailed('Invalid response, no username given.')
-@@ -342,7 +352,7 @@
+@@ -342,7 +363,7 @@
                               auth.get('nonce'),
                               request.remoteAddr.host):
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20090421/68fde02b/attachment.html>

More information about the calendarserver-changes mailing list