]> git.ipfire.org Git - thirdparty/ipxe.git/commitdiff
projects / thirdparty / ipxe.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fc2f0dd)
[http] Gracefully handle offers of multiple authentication schemes
authorMichael Brown <mcb30@ipxe.org>
Tue, 7 Nov 2017 11:33:13 +0000 (11:33 +0000)
committerMichael Brown <mcb30@ipxe.org>
Sun, 12 Nov 2017 18:52:03 +0000 (18:52 +0000)
Servers may provide multiple WWW-Authenticate headers, each offering a
different authentication scheme.  We currently fail the request as
soon as we encounter an unrecognised scheme, which prevents subsequent
offers from succeeding.

Fix by silently ignoring headers for schemes that we do not recognise.
If no schemes are recognised then the request will eventually fail
anyway due to the 401 response code.

If multiple schemes are supported, arbitrarily choose the scheme
appearing first within the response headers.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
src/net/tcp/httpauth.c patch | blob | blame | history

diff --git a/src/net/tcp/httpauth.c b/src/net/tcp/httpauth.c
index fb6dcd035d2bafd97bc9f64af440ac2d8800f876..bb327244d7a9dd5e6e11318a25c963c47e125a12 100644 (file)
--- a/src/net/tcp/httpauth.c
+++ b/src/net/tcp/httpauth.c
@@ -104,6 +104,7 @@ static struct http_www_authenticate_field http_www_auth_fields[] = {
 static int http_parse_www_authenticate ( struct http_transaction *http,
                                         char *line ) {
        struct http_www_authenticate_field *field;
+       struct http_authentication *auth;
        char *name;
        char *key;
        char *value;
@@ -118,13 +119,19 @@ static int http_parse_www_authenticate ( struct http_transaction *http,
        }
 
        /* Identify scheme */
-       http->response.auth.auth = http_authentication ( name );
-       if ( ! http->response.auth.auth ) {
+       auth = http_authentication ( name );
+       if ( ! auth ) {
                DBGC ( http, "HTTP %p unrecognised authentication scheme "
                       "\"%s\"\n", http, name );
-               return -ENOTSUP;
+               /* Ignore; the server may offer other schemes */
+               return 0;
        }
 
+       /* Use first supported scheme */
+       if ( http->response.auth.auth )
+               return 0;
+       http->response.auth.auth = auth;
+
        /* Process fields */
        while ( ( key = http_token ( &line, &value ) ) ) {
                for ( i = 0 ; i < ( sizeof ( http_www_auth_fields ) /
Mirror of https://github.com/ipxe/ipxe.git