compare WWW-Authenticate auth schemes case-insensitively.

	* libsoup/soup-auth.c (soup_auth_new): compare WWW-Authenticate
	auth schemes case-insensitively.

	* libsoup/soup-auth-digest.c (update): allow Digest
	WWW-Authenticate header with no "qop" option. (The original RFC
	2069 style of Digest auth.)
	(soup_auth_digest_parse_qop): this returns a bitfield, so don't
	return -1 if there are no recognized values.

	* tests/httpd.conf.in: use "AuthDigestQop none" in /Digest/realm3
	so we test that

	Fixes #498484 (Digest auth against Apple's Calendar Server).

svn path=/trunk/; revision=1113

diff --git a/ChangeLog b/ChangeLog
index b7dce6c..9dc297f 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,19 @@
+2008-03-19  Dan Winship  <danw@gnome.org>
+
+       * libsoup/soup-auth.c (soup_auth_new): compare WWW-Authenticate
+       auth schemes case-insensitively.
+
+       * libsoup/soup-auth-digest.c (update): allow Digest
+       WWW-Authenticate header with no "qop" option. (The original RFC
+       2069 style of Digest auth.)
+       (soup_auth_digest_parse_qop): this returns a bitfield, so don't
+       return -1 if there are no recognized values.
+
+       * tests/httpd.conf.in: use "AuthDigestQop none" in /Digest/realm3
+       so we test that
+
+       Fixes #498484 (Digest auth against Apple's Calendar Server).
+
 2008-03-18  Dan Winship  <danw@gnome.org>
 
        * libsoup/soup-session.c (soup_session_class_init): Add a new

diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c
index be76e4d..0d60482 100644 (file)
--- a/libsoup/soup-auth-digest.c
+++ b/libsoup/soup-auth-digest.c
@@ -125,18 +125,16 @@ soup_auth_digest_parse_qop (const char *qop)
        GSList *qop_values, *iter;
        SoupAuthDigestQop out = 0;
 
-       if (qop) {
-               qop_values = soup_header_parse_list (qop);
-               for (iter = qop_values; iter; iter = iter->next) {
-                       if (!g_ascii_strcasecmp (iter->data, "auth"))
-                               out |= SOUP_AUTH_DIGEST_QOP_AUTH;
-                       else if (!g_ascii_strcasecmp (iter->data, "auth-int"))
-                               out |= SOUP_AUTH_DIGEST_QOP_AUTH_INT;
-                       else
-                               out = -1;
-               }
-               soup_header_free_list (qop_values);
+       g_return_val_if_fail (qop != NULL, 0);
+
+       qop_values = soup_header_parse_list (qop);
+       for (iter = qop_values; iter; iter = iter->next) {
+               if (!g_ascii_strcasecmp (iter->data, "auth"))
+                       out |= SOUP_AUTH_DIGEST_QOP_AUTH;
+               else if (!g_ascii_strcasecmp (iter->data, "auth-int"))
+                       out |= SOUP_AUTH_DIGEST_QOP_AUTH_INT;
        }
+       soup_header_free_list (qop_values);
 
        return out;
 }
@@ -162,7 +160,7 @@ static gboolean
 update (SoupAuth *auth, SoupMessage *msg, GHashTable *auth_params)
 {
        SoupAuthDigestPrivate *priv = SOUP_AUTH_DIGEST_GET_PRIVATE (auth);
-       const char *stale;
+       const char *stale, *qop;
        guint qop_options;
        gboolean ok = TRUE;
 
@@ -176,11 +174,15 @@ update (SoupAuth *auth, SoupMessage *msg, GHashTable *auth_params)
        priv->nonce = g_strdup (g_hash_table_lookup (auth_params, "nonce"));
        priv->opaque = g_strdup (g_hash_table_lookup (auth_params, "opaque"));
 
-       qop_options = soup_auth_digest_parse_qop (g_hash_table_lookup (auth_params, "qop"));
-       /* We're just going to do qop=auth for now */
-       if (qop_options == -1 || !(qop_options & SOUP_AUTH_DIGEST_QOP_AUTH))
-               ok = FALSE;
-       priv->qop = SOUP_AUTH_DIGEST_QOP_AUTH;
+       qop = g_hash_table_lookup (auth_params, "qop");
+       if (qop) {
+               qop_options = soup_auth_digest_parse_qop (qop);
+               /* We only support auth */
+               if (!(qop_options & SOUP_AUTH_DIGEST_QOP_AUTH))
+                       ok = FALSE;
+               priv->qop = qop_options;
+       } else
+               priv->qop = 0;
 
        priv->algorithm = soup_auth_digest_parse_algorithm (g_hash_table_lookup (auth_params, "algorithm"));
        if (priv->algorithm == -1)

diff --git a/libsoup/soup-auth.c b/libsoup/soup-auth.c
index 4da8636..9144ec0 100644 (file)
--- a/libsoup/soup-auth.c
+++ b/libsoup/soup-auth.c
@@ -212,7 +212,7 @@ soup_auth_new (GType type, SoupMessage *msg, const char *auth_header)
                             NULL);
 
        scheme = soup_auth_get_scheme_name (auth);
-       if (strncmp (auth_header, scheme, strlen (scheme)) != 0) {
+       if (g_ascii_strncasecmp (auth_header, scheme, strlen (scheme)) != 0) {
                g_object_unref (auth);
                return NULL;
        }

diff --git a/tests/httpd.conf.in b/tests/httpd.conf.in
index c2e5881..b893fdc 100644 (file)
--- a/tests/httpd.conf.in
+++ b/tests/httpd.conf.in
@@ -279,4 +279,6 @@ Alias /Digest @srcdir@
   AuthUserFile @srcdir@/htdigest
   AuthDigestDomain /Digest/realm3
   Require valid-user
+  # test RFC2069-style Digest
+  AuthDigestQop none
 </Location>