Bug 629 - SWAT handles incorrect password wrongly
Summary: SWAT handles incorrect password wrongly
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: SWAT (show other bugs)
Version: 3.0.0
Hardware: Other other
: P3 normal
Target Milestone: none
Assignee: John H Terpstra (mail address dead(
QA Contact:
URL:
Keywords:
: 793 (view as bug list)
Depends on:
Blocks:
 
Reported: 2003-10-15 05:17 UTC by Geoff Gibbs
Modified: 2005-08-24 10:19 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Geoff Gibbs 2003-10-15 05:17:27 UTC 
When an incorrect password is entered SWAT does not allow a second
chance to enter it correctly. It does not follow the http standard.
My colleague tells me :-

http://www.w3.org/Protocols/HTTP/1.0/spec.html#AA

The 401 (unauthorized) response message is used by an origin server to
challenge the authorization of a user agent. This response must include
a WWW-Authenticate header field containing at least one challenge
applicable to the requested resource.

...

If the server does not wish to accept the credentials sent with a request,
it should return a 403 (forbidden) response.


It's the server that's broken. According to the first fragment, you
must send the WWW-Authenticate header with a 401, and it doesn't do
so in the case that you supply incorrect credentials.
Comment 1 Gerald (Jerry) Carter (dead mail address) 2003-11-21 22:13:39 UTC 
*** Bug 793 has been marked as a duplicate of this bug. ***
Comment 2 Gerald (Jerry) Carter (dead mail address) 2003-11-21 22:14:49 UTC 
I think this is fixed now.  Please double check 
the latest SAMBA_3_0 cvs.
Comment 3 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:19:04 UTC 
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.