From c49acbb4d2d84c6cb2faacd18fa21ed5d12ed450 Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Tue, 7 Nov 2017 11:33:13 +0000 Subject: [http] Gracefully handle offers of multiple authentication schemes Servers may provide multiple WWW-Authenticate headers, each offering a different authentication scheme. We currently fail the request as soon as we encounter an unrecognised scheme, which prevents subsequent offers from succeeding. Fix by silently ignoring headers for schemes that we do not recognise. If no schemes are recognised then the request will eventually fail anyway due to the 401 response code. If multiple schemes are supported, arbitrarily choose the scheme appearing first within the response headers. Signed-off-by: Michael Brown --- src/net/tcp/httpauth.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/net/tcp/httpauth.c b/src/net/tcp/httpauth.c index fb6dcd03..bb327244 100644 --- a/src/net/tcp/httpauth.c +++ b/src/net/tcp/httpauth.c @@ -104,6 +104,7 @@ static struct http_www_authenticate_field http_www_auth_fields[] = { static int http_parse_www_authenticate ( struct http_transaction *http, char *line ) { struct http_www_authenticate_field *field; + struct http_authentication *auth; char *name; char *key; char *value; @@ -118,13 +119,19 @@ static int http_parse_www_authenticate ( struct http_transaction *http, } /* Identify scheme */ - http->response.auth.auth = http_authentication ( name ); - if ( ! http->response.auth.auth ) { + auth = http_authentication ( name ); + if ( ! auth ) { DBGC ( http, "HTTP %p unrecognised authentication scheme " "\"%s\"\n", http, name ); - return -ENOTSUP; + /* Ignore; the server may offer other schemes */ + return 0; } + /* Use first supported scheme */ + if ( http->response.auth.auth ) + return 0; + http->response.auth.auth = auth; + /* Process fields */ while ( ( key = http_token ( &line, &value ) ) ) { for ( i = 0 ; i < ( sizeof ( http_www_auth_fields ) / -- cgit v1.2.3-55-g7522