Closed michaelrsweet closed 20 years ago
michaelrsweet
commented
20 years ago CUPS.org User: mike
First, the CUPS HTTP functions are NOT guaranteed to support all HTTP functionality, and in fact they do not.
cnonce is provided by the client, the uri is the domain parameter, which is not use by CUPS. qop and algorithm are not used or supported by CUPS at this time.
Feel free to provide patches for CUPS 1.2, but we have no plans to support these optional parameters in CUPS at this time.
michaelrsweet
commented
20 years ago CUPS.org User: kawasima.rsk-kitami.grp.ricoh.co
There is a following description in the RFC2617. I think that digest-uri(uri="xxx") is mandatory item.
HTTP Authentication: Basic and Digest Access Authentication 3.2.2 The Authorization Request Header The client is expected to retry the request, passing an Authorization header line, which is defined according to the framework above, utilized as follows.
credentials = "Digest" digest-response
digest-response = 1#( username | realm | nonce | digest-uri
| response | [ algorithm ] | [cnonce] |
[opaque] | [message-qop] |
[nonce-count] | [auth-param] )
username = "username" "=" username-value
username-value = quoted-string
digest-uri = "uri" "=" digest-uri-value
digest-uri-value = request-uri ; As specified by HTTP/1.1
message-qop = "qop" "=" qop-value
cnonce = "cnonce" "=" cnonce-value
cnonce-value = nonce-value
nonce-count = "nc" "=" nc-value
nc-value = 8LHEX
response = "response" "=" request-digest
request-digest = <"> 32LHEX <">
LHEX = "0" | "1" | "2" | "3" |
"4" | "5" | "6" | "7" |
"8" | "9" | "a" | "b" |
"c" | "d" | "e" | "f"... digest-uri The URI from Request-URI of the Request-Line; duplicated here because proxies are allowed to change the Request-Line in transit. ... 3.5 Example
The following example assumes that an access-protected document is being requested from the server via a GET request. The URI of the document is "http://www.nowhere.org/dir/index.html". Both client and server know that the username for this document is "Mufasa", and the password is "Circle Of Life" (with one space between each of the three words).
The first time the client requests the document, no Authorization header is sent, so the server responds with:
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Digest
realm="testrealm@host.com",
qop="auth,auth-int",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
opaque="5ccc069c403ebaf9f0171e9517f40e41"The client may prompt the user for the username and password, after which it will respond with a new request, including the following Authorization header:
Authorization: Digest username="Mufasa",
realm="testrealm@host.com",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
uri="/dir/index.html",
qop=auth,
nc=00000001,
cnonce="0a4f113b",
response="6629fae49393a05397450978507c4ef1",
opaque="5ccc069c403ebaf9f0171e9517f40e41"Therefore, about cupsDoAuthentication() function, I think that should change the following underline part.
snprintf(http->authstring, sizeof(http->authstring),
"Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", "
"uri=\"%s\", response=\"%s\"", cupsUser(), realm, nonce,
~~~~~~~~~~~~
resource, encode);
~~~~~~~~~CUPS.org User: kawasima.rsk-kitami.grp.ricoh.co
Hi,
Please, try connection with Apache using CUPS1.1.20. I think that CUPS can not connect to Apache without "uri" block.
Thank you, Kawashima
michaelrsweet
commented
20 years ago CUPS.org User: mike
Fixed in CVS - the anonymous CVS repository will be updated at midnight EST.
Version: 1.1.20 CUPS.org User: kawasima.rsk-kitami.grp.ricoh.co
I tested connection with Apache server using the digest authentication but failed. I think that digest authentication request from client needs more digest information(underline part).
cups/auth.c cupsDoAuthentication() function ... /*
httpGetSubField(http, HTTP_FIELD_WWW_AUTHENTICATE, "realm", realm); httpGetSubField(http, HTTP_FIELD_WWW_AUTHENTICATE, "nonce", nonce);