[spambayes-dev] Dibbler.py digest auth splitting fix

ian ian at ibygrave.no-ip.org
Sun Jan 11 19:35:15 EST 2004 

Hello,

I'm new to spambayes. I've been spam-free for just a week :)

I did have one problem with the web interface.
Here is a patch I made to version 1.0a7

I found that the showclues pages failed with digest authentication.

Where the browser sent an authorization lines like this for /home

Authorization: Digest username="admin", realm="SpamBayes Web Interface",
nonce="TW9uIEphbiAxMiAwMDoxMjo0MiAyMDA0", uri="/helmet.gif",
algorithm=MD5, response="6cfc0f78933be05c07022772fcba4a5b",
opaque="0000000000000000", qop=auth, nc=00000001,
cnonce="4661a408d8400972".

A line like this was sent for the failing pages

Authorization: Digest username="admin", realm="SpamBayes Web Interface",
nonce="TW9uIEphbiAxMiAwMDoyMDoyMCAyMDA0",
uri="/showclues?key=1073651941-2&subject=spam,Desire%20more%20confidence?",
algorithm=MD5, response="2c5c42fcd3d633e394d7d0c1bb1e8af3",
opaque="0000000000000000", qop=auth, nc=00000001,
cnonce="7e0a86e43b19e87b".

The commas inside the uri value caused an exception in
_HTTPHandler._digestAuthentication()
when it tried to split the line on commas.

--IAN

-------------- next part --------------
--- /usr/lib/python2.2/site-packages/spambayes/Dibbler.py	2003-11-04 10:02:42.000000000 +0000
+++ spambayes/Dibbler.py	2004-01-11 23:34:52.000000000 +0000
@@ -340,6 +340,10 @@
     for each incoming request, and does the job of decoding the HTTP traffic
     and driving the plugins."""
 
+    # RE to extract option="value" fields from
+    # digest auth login field
+    _login_splitter = re.compile('([a-zA-Z])+=(".*?"|.*?),?')
+
     def __init__(self, clientSocket, server, context):
         # Grumble: asynchat.__init__ doesn't take a 'map' argument,
         # hence the two-stage construction.
@@ -609,7 +613,7 @@
         def stripQuotes(s):
             return (s[0] == '"' and s[-1] == '"') and s[1:-1] or s
         
-        options  = dict([s.split('=') for s in login.split(", ")])
+        options  = dict(self._login_splitter.findall(login))
         userName = stripQuotes(options["username"])
         password = self._server.getPasswordForUser(userName)
         nonce    = stripQuotes(options["nonce"])

More information about the spambayes-dev mailing list