[CalendarServer-changes] [4053] CalendarServer/trunk/lib-patches/Twisted/twisted.web2.auth.digest. patch
source_changes at macosforge.org
source_changes at macosforge.org
Tue Apr 21 12:33:50 PDT 2009
Revision: 4053
http://trac.macosforge.org/projects/calendarserver/changeset/4053
Author: darla at apple.com
Date: 2009-04-21 12:33:49 -0700 (Tue, 21 Apr 2009)
Log Message:
-----------
Workaround to get digest auth to work in IE7.
Modified Paths:
--------------
CalendarServer/trunk/lib-patches/Twisted/twisted.web2.auth.digest.patch
Modified: CalendarServer/trunk/lib-patches/Twisted/twisted.web2.auth.digest.patch
===================================================================
--- CalendarServer/trunk/lib-patches/Twisted/twisted.web2.auth.digest.patch 2009-04-21 19:17:29 UTC (rev 4052)
+++ CalendarServer/trunk/lib-patches/Twisted/twisted.web2.auth.digest.patch 2009-04-21 19:33:49 UTC (rev 4053)
@@ -35,7 +35,26 @@
}
# DigestCalcHA1
-@@ -228,9 +237,9 @@
+@@ -153,7 +162,18 @@
+ calcHA1(algo, self.username, self.realm, password, nonce, cnonce),
+ algo, nonce, nc, cnonce, qop, self.method, uri, None
+ )
++
++ if expected == response:
++ return True
+
++ # IE7 sends cnonce and nc values, but auth fails if they are used.
++ # So try again without them...
++ # They can be omitted for backwards compatibility [RFC 2069].
++ expected = calcResponse(
++ calcHA1(algo, self.username, self.realm, password, nonce, cnonce),
++ algo, nonce, None, None, qop, self.method, uri, None
++ )
++
+ return expected == response
+
+ def checkHash(self, digestHash):
+@@ -228,9 +248,9 @@
# Now, what we do is encode the nonce, client ip and a timestamp
# in the opaque value with a suitable digest
key = "%s,%s,%s" % (nonce, clientip, str(int(self._getTime())))
@@ -47,7 +66,7 @@
def verifyOpaque(self, opaque, nonce, clientip):
"""
-@@ -274,7 +283,7 @@
+@@ -274,7 +294,7 @@
'Invalid response, incompatible opaque/nonce too old')
# Verify the digest
@@ -56,7 +75,7 @@
if digest != opaqueParts[0]:
raise error.LoginFailed('Invalid response, invalid opaque value')
-@@ -293,11 +302,12 @@
+@@ -293,11 +313,12 @@
c = self.generateNonce()
o = self.generateOpaque(c, peer.host)
@@ -74,7 +93,7 @@
def decode(self, response, request):
"""
-@@ -315,18 +325,18 @@
+@@ -315,18 +336,18 @@
@raise: L{error.LoginFailed} if the response does not contain a
username, a nonce, an opaque, or if the opaque is invalid.
"""
@@ -104,7 +123,7 @@
username = auth.get('username')
if not username:
raise error.LoginFailed('Invalid response, no username given.')
-@@ -342,7 +352,7 @@
+@@ -342,7 +363,7 @@
auth.get('nonce'),
request.remoteAddr.host):
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20090421/68fde02b/attachment.html>
More information about the calendarserver-changes
mailing list