28 May
2011
28 May
'11
2:35 a.m.
Martin Hoffmann writes:
My plan was to eventually start a branch of my own in
git. Haven't
gotten round to it yet.
why is that? i now have,
if (!radius_proxy_authorize("$var(uri_domain)", "$var(uri_user)"))
{
switch ($rc) {
...
case -4:
xlog("L_INFO", "$rm <$ru> by <$var(uri)> has stale
nonce\n");
www_challenge("$td", "1");
exit;
the only thing i would need to change is www_challenge flag parameter
value from "1" to "9".
currently README says:
1.4.2. www_challenge(realm, flags)
...
* flags - Value of this parameter can be a bitmask of following:
+ 1 - build challenge header with qop=auth
+ 2 - build challenge header with qop=auth-int
+ 4 - do not send '500 Internal Server Error' reply
automatically in failure cases (error code is returned to
config)
so i propose adding this:
+ 8 - build challenge header with stale=true
it would be a simple, fully backwards compatible new feature.
-- juha
i would do it so that if www or proxy_authorize
function returns -4
(stale nonce) then i would call www or proxy_challenge with stale flag
on. it would then cause stale=true to be added to the header.
That would be an option, too, but IMHO it makes the whole authorization bit
in the config unnecessarily messy.