Stage 2:
This stage of the helper reply protocol upgrade adds kv-pair support
to the HelperReply object.
It uses the new Notes objects to hold any "key=value" syntax fields
received from the helper after the result code field. The values section
for these kv-pair may be token or quoted string. Helpers which
previously rfc1738 encoded the values may still do so but it is no
longer mandatory.
The response syntax for all helpers becomes:
[channel-ID SP ] result [ SP key-pair ...] [ SP other] EOL
The parser for HelperReply is also updated to map the old AF and NA
NTLM/Negotiate response fields into the HelperReply notes.
* "token=" is added to supply the NTLM and Negotiate server blob /
token field.
* "user=" is added to supply the user label field.
The relevant callback handlers are updated for these helpers to make use
of these new keys.
The bundled Digest authentication helpers are all upgraded to send the
new format responses. They now use ERR for failed lookup, BH for
internal errors, and OK with "ha1=" key added to supply a HA1 response.
The handler for Digest authentication is updated to process the new
HelperReply fields with failover the old format on Unknown result codes.
The external ACL handler is updated to pull its key=value pairs out of
the Notes list. The old parser loop becomes useless with this and is
removed. Taking with it support for several long deprecated keys
"login=", "passwd=", and "error=".
Any other keys MAY be sent on any response. However at this stage 2
patch they are ignored. As are repeated / secondary values for the
expected key names, only the first instance sent in the response is used.
Amos
This archive was generated by hypermail 2.2.0 : Tue Nov 27 2012 - 12:00:08 MST