Re: Authentication Enhancements



On 12/17/2012 04:54 PM, Matthew Metnetsky wrote:
> All,

Hey. Sorry for the delay... holidays, etc...

> I'm looking into adding Windows support for NTLM/Negotiate and was
> hoping to receive some general guidance so that its done in a way that
> honors your existing goals and design.

Cool. You might want to look at
https://bugzilla.gnome.org/show_bug.cgi?id=587145, which is about adding
Negotiate support on Linux, which is vaguely related...

I actually did a bunch of hacking on this at the WebKitGTK+ Hackfest
last month, and over Christmas/New Year's vacation, so you should check
at the latest git master; a bunch of stuff has moved around (hopefully
in ways that will help you).

> With that said, the current NTLM support built on-top of Samba tries to
> grab the username from the environment, which doesn't seem as versatile
> as it should be. I would like to start by having a way to send
> user[/pass] down through the objects. However, the only way I see to go
> about setting the "Authorization" header is either explicitly, or
> through the "authenticate" signal. The former requires redundant code,
> whereas the latter is reactionary.

You can also pass a username and password in via the request-URI. Eg:

  msg = soup_message_new ("GET",
"http://alice:sEcReT example com/test.html");
  soup_session_send_message (session, msg);
  ...

though it's possible that doesn't currently work right with NTLM, or
with NTLM-if-you're-using-samba...

> I noticed the `soup_message_[get|set]_auth` functions which will set
> "Authorization", but they're private. Is there a harm to making these
> methods public or should "Authorization" be handled purely on
> SoupSession? If so, how?

So, actually, part of the new stuff I just committed is a function
soup_auth_manager_use_auth(), which should let you do:

  auth_manager = SOUP_AUTH_MANAGER (soup_session_get_feature_by_type
(session, SOUP_TYPE_AUTH_MANAGER));
  uri = soup_uri_new ("http://example.com/test.html";);
  auth = g_object_new (SOUP_TYPE_AUTH_NTLM, NULL);
  soup_auth_authenticate (auth, "alice", "sEcReT");
  soup_auth_manager_use_auth (auth_manager, uri, auth);
  g_object_unref (auth);
  soup_uri_free (uri);

(though, as above, it's possible that this doesn't quite work yet. But
that would be a bug, and we could fix it).

-- Dan



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]