11  * distributed under the License is distributed on an "AS IS" BASIS,
25  * It is still fairly new and problems may turn up - submit problem
32  *   - Proxy-Authorization-Info header is set by this module, but is
42  *       must be disabled. What we could do is the following:
44  *       The only problem is that it allows replay attacks when somebody
246      * Create a unique filename using our pid. This information is
347 #error APR random number support is missing
369     /* Note: this stuff is currently fixed for the lifetime of the server,
373      * client, can't be done. However, the alternative is a nightmare:
461      * let the core get at it too, which is why we decline at the end -
462      * this relies on the fact that http_core is last in the list.
466     /* we precompute the part of the nonce hash that is constant (well,
534         return "AuthDigestQop auth-int is not implemented";
565     return "AuthDigestNonceFormat is not implemented";
573                      "is not supported on platforms without shared-memory "
586                 "is not implemented";
677  * Each client is assigned a number, which is transferred in the opaque
679  * is just a simple counter which is incremented for each new client.
680  * Clients can't forge this number because it is hashed up into the
681  * server nonce, and that is checked.
688  * The clients are garbage collected whenever a new client is allocated
689  * but there is not enough space left in the shared memory segment. A
690  * simple semi-LRU is used for this: whenever a client entry is accessed
691  * it is moved to the beginning of the linked list in its bucket (this
698  * in each bucket). The major disadvantage is that you may be throwing
699  * entries out which are in active use. This is not tragic, as these
707  * above algorithm is really sufficient) a set of counters is kept
710  * out at each garbage collection run. Note that access to the counters is
712  * off by a few doesn't matter; and for the same reason no attempt is made
713  * to guarantee the num_renewed is correct in the face of clients spoofing
721  * Access to the list itself is synchronized via locks. However, access
722  * to the entry returned by get_client() is NOT synchronized. This means
810  * otherwise. This triggers the garbage collection if memory is low.
993  * matter what the final outcome of the request. Furthermore this is a
998  * r->proxyreq is set correctly.
1030 /* The hash part of the nonce is a SHA-1 hash of the time, realm, server host
1071         /* this counter is not synch'd, because it doesn't really matter
1342         /* qop is none, client must not send a nonce count */
1349         /* qop is none, cannot check nonce count */
1384                       "invalid nonce %s received - length is not %d",
1399                       "invalid nonce %s received - hash is not %s",
1518 /* These functions return 0 if client is OK, and proper error status
1521  * couldn't figure out how to tell if the client is authorized or not.
1529  * really is that user, if the nonce is correct, etc.
1631              * the workaround is to fake a query string match if in the proper
1633              * is that if MSIE ever fixes itself the simple match ought to
1635              * environment is set.
1663             /* check that server-port is default port if no port present */
1801     /* Note: this check is done last so that a "stale=true" can be
1802        generated if the nonce is old */
1828     /* 2069-style entity-digest is not supported (it's too hard, and
1930     NULL,                       /* dir merger --- default is to override */

Indexes created Tue Jul 24 14:28:13 CEST 2018