Handle out-of-order parameters to http digest auth

nselib/sasl.lua

@@ -85,8 +85,9 @@ if HAVE_SSL then
  -- regardless of what RFC says
  parseChallenge = function(self)
  local results = {}
- local start, stop = 0,0
  if self.chall then
+ local start, stop = self.chall:find("^[Dd][Ii][Gg][Ee][Ss][Tt]%s+")
+ stop = stop or 0
  while(true) do
  local name, value
  start, stop, name = self.chall:find("([^=]*)=%s*", stop + 1)
@@ -97,7 +98,7 @@ if HAVE_SSL then
  start, stop, value = self.chall:find("([^,]*)", stop + 1)
  end
  name = name:lower()
- if name == "digest realm" then name="realm" end
+ --if name == "digest realm" then name="realm" end
  self.challnvs[name] = value
  start, stop = self.chall:find("%s*,%s*", stop + 1)
  if ( not(start) ) then break end
@@ -458,4 +459,51 @@ Helper = {
  end,
 }
 
+local unittest = require "unittest"
+
+if not unittest.testing() then
+ return _ENV
+end
+
+test_suite = unittest.TestSuite:new()
+
+local _ = "ignored"
+
+local object = DigestMD5:new('Digest realm="test", domain="/HTTP/Digest",\z
+ nonce="c8563a5b367e66b3693fbb07a53a30ba"',
+ _, _, _, _)
+test_suite:add_test(unittest.keys_equal(
+ object.challnvs,
+ {
+ nonce='c8563a5b367e66b3693fbb07a53a30ba',
+ realm='test',
+ domain='/HTTP/Digest',
+ }
+ ))
+
+object = DigestMD5:new('Digest nonce="9e4ab724d272474ab13b64d75300a47b", \z
+ opaque="de40b82666bd5fe631a64f3b2d5a019e", \z
+ realm="[email protected]", qop=auth',
+ _, _, _, _)
+test_suite:add_test(unittest.keys_equal(
+ object.challnvs,
+ {
+ nonce='9e4ab724d272474ab13b64d75300a47b',
+ opaque='de40b82666bd5fe631a64f3b2d5a019e',
+ realm='[email protected]',
+ qop='auth',
+ }
+ ))
+
+object = DigestMD5:new('realm=test, domain="/HTTP/Digest",\tnonce=c8563a5b367e66b3693fbb07a53a30ba',
+ _, _, _, _)
+test_suite:add_test(unittest.keys_equal(
+ object.challnvs,
+ {
+ nonce='c8563a5b367e66b3693fbb07a53a30ba',
+ realm='test',
+ domain='/HTTP/Digest',
+ }
+ ))
+
 return _ENV;