1 Jul
2010
1 Jul
'10
9:32 p.m.
On Thu, Jul 1, 2010 at 3:13 PM, Juha Heinanen <jh(a)tutpro.com> wrote:
Jan Janak writes:
Yes. The function only creates the corresponding AVP, it does not add
anything to the reply itself. This is done in the configuration file
and there you can test the return value of proxy_authorize and either
send "403 Forbidden" or "407 Proxy Authorization Required".
So, you can return any reply you want, the proxy authorization header
will only be added if you call append_to_reply("%$digest_challenge");
-Jan
See the function "authenticate" in
modules_s/auth_db/authorize.c for
an example, grep for the string "build_challenge".
jan,
i see that this thing in the code builds the challenge (p-a header):
if (ret < 0) {
if (auth_api.build_challenge(msg, (cred ? cred->stale : 0), realm, NULL,
NULL, hftype) < 0) {
ERR("Error while creating challenge\n");
ret = -2;
}
is there a way to prevent p-a header from being added to reply in case
after proxy_authorize failure i want to reply with "403 Forbidden"
instead of "407 Proxy Authentication Required"?