From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Richard Stallman Newsgroups: gmane.emacs.devel Subject: [gotoh@taiyo.co.jp: url-http-handle-authentication does not handle multiple WWW-Authenticate: lines.] Date: Thu, 02 Nov 2006 16:46:48 -0500 Message-ID: Reply-To: rms@gnu.org NNTP-Posting-Host: main.gmane.org Content-Type: text/plain; charset=ISO-8859-15 X-Trace: sea.gmane.org 1162504068 8793 80.91.229.2 (2 Nov 2006 21:47:48 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Thu, 2 Nov 2006 21:47:48 +0000 (UTC) Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Nov 02 22:47:45 2006 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by ciao.gmane.org with esmtp (Exim 4.43) id 1GfkPT-0003dJ-0P for ged-emacs-devel@m.gmane.org; Thu, 02 Nov 2006 22:47:39 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1GfkPS-000736-55 for ged-emacs-devel@m.gmane.org; Thu, 02 Nov 2006 16:47:38 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1GfkOh-00062V-SB for emacs-devel@gnu.org; Thu, 02 Nov 2006 16:46:51 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1GfkOg-0005zz-4y for emacs-devel@gnu.org; Thu, 02 Nov 2006 16:46:50 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1GfkOf-0005zg-Rj for emacs-devel@gnu.org; Thu, 02 Nov 2006 16:46:49 -0500 Original-Received: from [199.232.76.164] (helo=fencepost.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.52) id 1GfkOf-0004t8-Ub for emacs-devel@gnu.org; Thu, 02 Nov 2006 16:46:50 -0500 Original-Received: from rms by fencepost.gnu.org with local (Exim 4.34) id 1GfkOe-0007Gj-Rw; Thu, 02 Nov 2006 16:46:48 -0500 Original-To: emacs-devel@gnu.org X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:61629 Archived-At: We can install this without papers, but is it correct? Would someone please DTRT, then ack? ------- Start of forwarded message ------- To: emacs-pretest-bug@gnu.org From: Shun-ichi GOTO Date: Wed, 01 Nov 2006 18:41:43 +0900 Mime-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Subject: url-http-handle-authentication does not handle multiple WWW-Authenticate: lines. X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=failed version=3.0.4 I found a problem of authentication in url-http.el which handles only first WWW-Authenticate: line and give-up authentication when first one is not supported auth scheme although next one is supported. For example, one page returns following two lines. That page is configured with enabling NTLM (by mod_auth_sspi) and BASIC auth. ...snip... WWW-Authenticate: NTLM WWW-Authenticate: Basic realm="TAIYO domain" ...snip... Because url-http-handle-authentication gets unsupported scheme NTLM from first line and gives up asking and storing authentication information, so we never be able to get the page. Attached patch is to fix this issue by checking all the lines and use first one supported. Index: url-http.el =================================================================== - --- url-http.el (revision 4177) +++ url-http.el (working copy) @@ -303,21 +303,29 @@ (declare (special status success url-http-method url-http-data url-callback-function url-callback-arguments)) (url-http-debug "Handling %s authentication" (if proxy "proxy" "normal")) - - (let ((auth (or (mail-fetch-field (if proxy "proxy-authenticate" "www-authenticate")) - - "basic")) + (let ((auths (or (nreverse + (mail-fetch-field + (if proxy "proxy-authenticate" "www-authenticate") + nil nil t)) + '("basic"))) (type nil) (url (url-recreate-url url-current-object)) (url-basic-auth-storage 'url-http-real-basic-auth-storage) - - ) - - + auth) ;; Cheating, but who cares? :) (if proxy (setq url-basic-auth-storage 'url-http-proxy-basic-auth-storage)) - - (setq auth (url-eat-trailing-space (url-strip-leading-spaces auth))) - - (if (string-match "[ \t]" auth) - - (setq type (downcase (substring auth 0 (match-beginning 0)))) - - (setq type (downcase auth))) + ;; find first supported auth + (while auths + (setq auth (url-eat-trailing-space (url-strip-leading-spaces (car auths)))) + (if (string-match "[ \t]" auth) + (setq type (downcase (substring auth 0 (match-beginning 0)))) + (setq type (downcase auth))) + (if (url-auth-registered type) + (setq auths nil) ; no more check + (setq auth nil + auths (cdr auths)))) (if (not (url-auth-registered type)) (progn - --- Regards, Shun-ichi Goto R&D Group, TAIYO Corp., Tokyo, JAPAN _______________________________________________ emacs-pretest-bug mailing list emacs-pretest-bug@gnu.org http://lists.gnu.org/mailman/listinfo/emacs-pretest-bug ------- End of forwarded message -------