0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

b980ad7fdc218b4855cde9f75a747527f50c554dwrowe#include "apr_sha1.h"

b980ad7fdc218b4855cde9f75a747527f50c554dwrowe#include "apr_base64.h"

694e8dc146faadc46b2455f3bd0998121fc76c5drbb#include "apr_lib.h"

c7d0205ec1649076e7742d72a25ac53779768312stoddard#include "apr_time.h"

c7d0205ec1649076e7742d72a25ac53779768312stoddard#include "apr_errno.h"

29c30db45f6a469017e16b606611e460cc1a1f2caaron#include "apr_global_mutex.h"

032b8a34c3911bbc5ad5385ca40af65af273bff9wrowe#include "apr_strings.h"

e33b627b40578d0166fdb79ce0487f9e46586befgstein

cd9f429ff62d134cdf6ec903c33430c5ebae12f0trawick#define APR_WANT_STRFUNC

cd9f429ff62d134cdf6ec903c33430c5ebae12f0trawick#include "apr_want.h"

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

e33b627b40578d0166fdb79ce0487f9e46586befgstein#include "ap_config.h"

e33b627b40578d0166fdb79ce0487f9e46586befgstein#include "httpd.h"

e33b627b40578d0166fdb79ce0487f9e46586befgstein#include "http_config.h"

e33b627b40578d0166fdb79ce0487f9e46586befgstein#include "http_core.h"

e33b627b40578d0166fdb79ce0487f9e46586befgstein#include "http_request.h"

e33b627b40578d0166fdb79ce0487f9e46586befgstein#include "http_log.h"

e33b627b40578d0166fdb79ce0487f9e46586befgstein#include "http_protocol.h"

864c5615d55b8ebbde24e72043f6325741335a74fielding#include "apr_uri.h"

e33b627b40578d0166fdb79ce0487f9e46586befgstein#include "util_md5.h"

11f2c481e1d57bedb3f758565307501e9a2730ddtrawick#include "util_mutex.h"

26dfa083a1662d57ba7cc410eec4e0696b9be469wrowe#include "apr_shm.h"

26dfa083a1662d57ba7cc410eec4e0696b9be469wrowe#include "apr_rmm.h"

e9f8410b788ef1e6f1baed6c706ffdf3da395a16jerenkrantz#include "ap_provider.h"

e33b627b40578d0166fdb79ce0487f9e46586befgstein

322b350d0f1ac750b112ec15481a33efc92d182cjerenkrantz#include "mod_auth.h"

322b350d0f1ac750b112ec15481a33efc92d182cjerenkrantz

97d20d37d21b8d427a920e211858172f0a82427epoirier#if APR_HAVE_UNISTD_H

97d20d37d21b8d427a920e211858172f0a82427epoirier#include <unistd.h>

97d20d37d21b8d427a920e211858172f0a82427epoirier#endif

8ec8f1c8f0f37ca3f5ebb0e0b491dd07481dccbfronald

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefieldingtypedef struct digest_config_struct {

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding const char *dir_name;

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz authn_provider_list *providers;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding const char *realm;

fd9b4a0b713bc4816b9b80f52d567f5c2ac06bafsf apr_array_header_t *qop_list;

b980ad7fdc218b4855cde9f75a747527f50c554dwrowe apr_sha1_ctx_t nonce_ctx;

1ccd992d37d62c8cb2056126f2234f64ec189bfddougm apr_time_t nonce_lifetime;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding int check_nc;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding const char *algorithm;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding char *uri_list;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding const char *ha1;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding} digest_config_rec;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron#define DFLT_ALGORITHM "MD5"

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

e0fe4de2016336428729a620ac0034cd1198ad7awrowe#define DFLT_NONCE_LIFE apr_time_from_sec(300)

e0fe4de2016336428729a620ac0034cd1198ad7awrowe#define NEXTNONCE_DELTA apr_time_from_sec(30)

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron#define NONCE_TIME_LEN (((sizeof(apr_time_t)+2)/3)*4)

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron#define NONCE_HASH_LEN (2*APR_SHA1_DIGESTSIZE)

ec486beb201583aafddf7c7ee9009727a3ade0aafielding#define NONCE_LEN (int )(NONCE_TIME_LEN + NONCE_HASH_LEN)

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

c7de1955eb0eaeabf7042902476397692672d549sf#define SECRET_LEN 20

8ea968d7e798635ab742673e5d5eef35798259c9sf#define RETAINED_DATA_ID "mod_auth_digest"

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefieldingtypedef struct hash_entry {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron unsigned long key; /* the key for this entry */

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron struct hash_entry *next; /* next entry in the bucket */

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron unsigned long nonce_count; /* for nonce-count checking */

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron char last_nonce[NONCE_LEN+1]; /* for one-time nonce's */

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding} client_entry;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefieldingstatic struct hash_table {

dc80439e9fba60c753cd145cb6799409ffea9b71ronald client_entry **table;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding unsigned long tbl_len;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding unsigned long num_entries;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding unsigned long num_created;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding unsigned long num_removed;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding unsigned long num_renewed;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding} *client_list;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefieldingenum hdr_sts { NO_HEADER, NOT_DIGEST, INVALID, VALID };

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefieldingtypedef struct digest_header_struct {

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding const char *scheme;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding const char *realm;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding const char *username;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding char *nonce;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding const char *uri;

7ddfd45e4d3d13de264931df8eb27ee7619fdb0ejerenkrantz const char *method;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding const char *digest;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding const char *algorithm;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding const char *cnonce;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding const char *opaque;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding unsigned long opaque_num;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding const char *message_qop;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding const char *nonce_count;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding /* the following fields are not (directly) from the header */

dc80439e9fba60c753cd145cb6799409ffea9b71ronald const char *raw_request_uri;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron apr_uri_t *psd_request_uri;

78b8e4dd910f03af0a602bc4b63ad7bc69868ee3sf apr_time_t nonce_time;

78b8e4dd910f03af0a602bc4b63ad7bc69868ee3sf enum hdr_sts auth_hdr_sts;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding int needed_auth;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding client_entry *client;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding} digest_header_rec;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefieldingtypedef union time_union {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron apr_time_t time;

1ccd992d37d62c8cb2056126f2234f64ec189bfddougm unsigned char arr[sizeof(apr_time_t)];

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding} time_rec;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

c7de1955eb0eaeabf7042902476397692672d549sfstatic unsigned char *secret;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

26dfa083a1662d57ba7cc410eec4e0696b9be469wrowestatic apr_shm_t *client_shm = NULL;

26dfa083a1662d57ba7cc410eec4e0696b9be469wrowestatic apr_rmm_t *client_rmm = NULL;

26dfa083a1662d57ba7cc410eec4e0696b9be469wrowestatic unsigned long *opaque_cntr;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaronstatic apr_time_t *otn_counter; /* one-time-nonce counter */

29c30db45f6a469017e16b606611e460cc1a1f2caaronstatic apr_global_mutex_t *client_lock = NULL;

29c30db45f6a469017e16b606611e460cc1a1f2caaronstatic apr_global_mutex_t *opaque_lock = NULL;

43997561b2302d13dee973998e77743a3ddd2374trawickstatic const char *client_mutex_type = "authdigest-client";

43997561b2302d13dee973998e77743a3ddd2374trawickstatic const char *opaque_mutex_type = "authdigest-opaque";

97d20d37d21b8d427a920e211858172f0a82427epoirierstatic const char *client_shm_filename;

dc80439e9fba60c753cd145cb6799409ffea9b71ronald

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron#define DEF_SHMEM_SIZE 1000L /* ~ 12 entries */

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron#define DEF_NUM_BUCKETS 15L

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron#define HASH_DEPTH 5

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

4c25fdfa5f370d29e55aea846eb9fe6c1d51ede3wrowestatic apr_size_t shmem_size = DEF_SHMEM_SIZE;

4c25fdfa5f370d29e55aea846eb9fe6c1d51ede3wrowestatic unsigned long num_buckets = DEF_NUM_BUCKETS;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

138c8f7cb8254e035c6f45288e3909cd9c21be5cmartinmodule AP_MODULE_DECLARE_DATA auth_digest_module;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

1ccd992d37d62c8cb2056126f2234f64ec189bfddougmstatic apr_status_t cleanup_tables(void *not_used)

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding{

185aa71728867671e105178b4c66fbc22b65ae26sf ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, APLOGNO(01756)

678a15e91d6a44569c956445442731bb64a98a63sf "cleaning up shared memory");

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

97d20d37d21b8d427a920e211858172f0a82427epoirier if (client_rmm) {

97d20d37d21b8d427a920e211858172f0a82427epoirier apr_rmm_destroy(client_rmm);

97d20d37d21b8d427a920e211858172f0a82427epoirier client_rmm = NULL;

97d20d37d21b8d427a920e211858172f0a82427epoirier }

97d20d37d21b8d427a920e211858172f0a82427epoirier

dc80439e9fba60c753cd145cb6799409ffea9b71ronald if (client_shm) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron apr_shm_destroy(client_shm);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron client_shm = NULL;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

dc80439e9fba60c753cd145cb6799409ffea9b71ronald if (client_lock) {

29c30db45f6a469017e16b606611e460cc1a1f2caaron apr_global_mutex_destroy(client_lock);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron client_lock = NULL;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

dc80439e9fba60c753cd145cb6799409ffea9b71ronald if (opaque_lock) {

29c30db45f6a469017e16b606611e460cc1a1f2caaron apr_global_mutex_destroy(opaque_lock);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron opaque_lock = NULL;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding }

d0a225bdac006f3361e80bfc1be7e6f9b0e81f80ronald

92108a6c4fd7ca6e9acc94d2485920436763e491sf client_list = NULL;

92108a6c4fd7ca6e9acc94d2485920436763e491sf

d0a225bdac006f3361e80bfc1be7e6f9b0e81f80ronald return APR_SUCCESS;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding}

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

1ccd992d37d62c8cb2056126f2234f64ec189bfddougmstatic void log_error_and_cleanup(char *msg, apr_status_t sts, server_rec *s)

dc80439e9fba60c753cd145cb6799409ffea9b71ronald{

185aa71728867671e105178b4c66fbc22b65ae26sf ap_log_error(APLOG_MARK, APLOG_ERR, sts, s, APLOGNO(01760)

58c74a790988c0c63b08d15f9af6908b36f3efd8jailletc "%s - all nonce-count checking and one-time nonces "

f7376afc33a9e035921be9114c0e246820d7c8besf "disabled", msg);

dc80439e9fba60c753cd145cb6799409ffea9b71ronald

dc80439e9fba60c753cd145cb6799409ffea9b71ronald cleanup_tables(NULL);

dc80439e9fba60c753cd145cb6799409ffea9b71ronald}

dc80439e9fba60c753cd145cb6799409ffea9b71ronald

a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein#if APR_HAS_SHARED_MEMORY

a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein

97d20d37d21b8d427a920e211858172f0a82427epoirierstatic int initialize_tables(server_rec *s, apr_pool_t *ctx)

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding{

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding unsigned long idx;

1ccd992d37d62c8cb2056126f2234f64ec189bfddougm apr_status_t sts;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding /* set up client list */

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

97d20d37d21b8d427a920e211858172f0a82427epoirier /* Create the shared memory segment */

97d20d37d21b8d427a920e211858172f0a82427epoirier

5bfaaf573bacb45c1cf290ce85ecc676587e8a64jim /*

1124a56faf0228410656abbe08451d7330d906e8trawick client_shm_filename = ap_runtime_dir_relative(ctx, "authdigest_shm");

1124a56faf0228410656abbe08451d7330d906e8trawick client_shm_filename = ap_append_pid(ctx, client_shm_filename, ".");

97d20d37d21b8d427a920e211858172f0a82427epoirier

97d20d37d21b8d427a920e211858172f0a82427epoirier /* Now create that segment */

97d20d37d21b8d427a920e211858172f0a82427epoirier sts = apr_shm_create(&client_shm, shmem_size,

97d20d37d21b8d427a920e211858172f0a82427epoirier client_shm_filename, ctx);

97d20d37d21b8d427a920e211858172f0a82427epoirier if (APR_SUCCESS != sts) {

185aa71728867671e105178b4c66fbc22b65ae26sf ap_log_error(APLOG_MARK, APLOG_ERR, sts, s, APLOGNO(01762)

5bfaaf573bacb45c1cf290ce85ecc676587e8a64jim "Failed to create shared memory segment on file %s",

97d20d37d21b8d427a920e211858172f0a82427epoirier client_shm_filename);

97d20d37d21b8d427a920e211858172f0a82427epoirier log_error_and_cleanup("failed to initialize shm", sts, s);

97d20d37d21b8d427a920e211858172f0a82427epoirier return HTTP_INTERNAL_SERVER_ERROR;

97d20d37d21b8d427a920e211858172f0a82427epoirier }

97d20d37d21b8d427a920e211858172f0a82427epoirier

97d20d37d21b8d427a920e211858172f0a82427epoirier sts = apr_rmm_init(&client_rmm,

97d20d37d21b8d427a920e211858172f0a82427epoirier NULL, /* no lock, we'll do the locking ourselves */

97d20d37d21b8d427a920e211858172f0a82427epoirier apr_shm_baseaddr_get(client_shm),

97d20d37d21b8d427a920e211858172f0a82427epoirier shmem_size, ctx);

dc80439e9fba60c753cd145cb6799409ffea9b71ronald if (sts != APR_SUCCESS) {

97d20d37d21b8d427a920e211858172f0a82427epoirier log_error_and_cleanup("failed to initialize rmm", sts, s);

97d20d37d21b8d427a920e211858172f0a82427epoirier return !OK;

dc80439e9fba60c753cd145cb6799409ffea9b71ronald }

dc80439e9fba60c753cd145cb6799409ffea9b71ronald

97d20d37d21b8d427a920e211858172f0a82427epoirier client_list = apr_rmm_addr_get(client_rmm, apr_rmm_malloc(client_rmm, sizeof(*client_list) +

97d20d37d21b8d427a920e211858172f0a82427epoirier sizeof(client_entry*)*num_buckets));

dc80439e9fba60c753cd145cb6799409ffea9b71ronald if (!client_list) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron log_error_and_cleanup("failed to allocate shared memory", -1, s);

97d20d37d21b8d427a920e211858172f0a82427epoirier return !OK;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding client_list->table = (client_entry**) (client_list + 1);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron for (idx = 0; idx < num_buckets; idx++) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron client_list->table[idx] = NULL;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

dc80439e9fba60c753cd145cb6799409ffea9b71ronald client_list->tbl_len = num_buckets;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding client_list->num_entries = 0;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

024e70e05386a6367eb45d0d1cc406764520ff4cwrowe sts = ap_global_mutex_create(&client_lock, NULL, client_mutex_type, NULL,

024e70e05386a6367eb45d0d1cc406764520ff4cwrowe s, ctx, 0);

dc80439e9fba60c753cd145cb6799409ffea9b71ronald if (sts != APR_SUCCESS) {

29c30db45f6a469017e16b606611e460cc1a1f2caaron log_error_and_cleanup("failed to create lock (client_lock)", sts, s);

97d20d37d21b8d427a920e211858172f0a82427epoirier return !OK;

dc80439e9fba60c753cd145cb6799409ffea9b71ronald }

dc80439e9fba60c753cd145cb6799409ffea9b71ronald

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding /* setup opaque */

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

97d20d37d21b8d427a920e211858172f0a82427epoirier opaque_cntr = apr_rmm_addr_get(client_rmm, apr_rmm_malloc(client_rmm, sizeof(*opaque_cntr)));

dc80439e9fba60c753cd145cb6799409ffea9b71ronald if (opaque_cntr == NULL) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron log_error_and_cleanup("failed to allocate shared memory", -1, s);

97d20d37d21b8d427a920e211858172f0a82427epoirier return !OK;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding *opaque_cntr = 1UL;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

024e70e05386a6367eb45d0d1cc406764520ff4cwrowe sts = ap_global_mutex_create(&opaque_lock, NULL, opaque_mutex_type, NULL,

024e70e05386a6367eb45d0d1cc406764520ff4cwrowe s, ctx, 0);

dc80439e9fba60c753cd145cb6799409ffea9b71ronald if (sts != APR_SUCCESS) {

29c30db45f6a469017e16b606611e460cc1a1f2caaron log_error_and_cleanup("failed to create lock (opaque_lock)", sts, s);

97d20d37d21b8d427a920e211858172f0a82427epoirier return !OK;

dc80439e9fba60c753cd145cb6799409ffea9b71ronald }

dc80439e9fba60c753cd145cb6799409ffea9b71ronald

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding /* setup one-time-nonce counter */

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

97d20d37d21b8d427a920e211858172f0a82427epoirier otn_counter = apr_rmm_addr_get(client_rmm, apr_rmm_malloc(client_rmm, sizeof(*otn_counter)));

dc80439e9fba60c753cd145cb6799409ffea9b71ronald if (otn_counter == NULL) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron log_error_and_cleanup("failed to allocate shared memory", -1, s);

97d20d37d21b8d427a920e211858172f0a82427epoirier return !OK;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding *otn_counter = 0;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron /* no lock here */

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding /* success */

97d20d37d21b8d427a920e211858172f0a82427epoirier return OK;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding}

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein#endif /* APR_HAS_SHARED_MEMORY */

a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein

11f2c481e1d57bedb3f758565307501e9a2730ddtrawickstatic int pre_init(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp)

11f2c481e1d57bedb3f758565307501e9a2730ddtrawick{

11f2c481e1d57bedb3f758565307501e9a2730ddtrawick apr_status_t rv;

8ea968d7e798635ab742673e5d5eef35798259c9sf void *retained;

11f2c481e1d57bedb3f758565307501e9a2730ddtrawick

43997561b2302d13dee973998e77743a3ddd2374trawick rv = ap_mutex_register(pconf, client_mutex_type, NULL, APR_LOCK_DEFAULT, 0);

f7376afc33a9e035921be9114c0e246820d7c8besf if (rv != APR_SUCCESS)

f7376afc33a9e035921be9114c0e246820d7c8besf return !OK;

f7376afc33a9e035921be9114c0e246820d7c8besf rv = ap_mutex_register(pconf, opaque_mutex_type, NULL, APR_LOCK_DEFAULT, 0);

f7376afc33a9e035921be9114c0e246820d7c8besf if (rv != APR_SUCCESS)

f7376afc33a9e035921be9114c0e246820d7c8besf return !OK;

8ea968d7e798635ab742673e5d5eef35798259c9sf

8ea968d7e798635ab742673e5d5eef35798259c9sf retained = ap_retained_data_get(RETAINED_DATA_ID);

8ea968d7e798635ab742673e5d5eef35798259c9sf if (retained == NULL) {

8ea968d7e798635ab742673e5d5eef35798259c9sf retained = ap_retained_data_create(RETAINED_DATA_ID, SECRET_LEN);

8ea968d7e798635ab742673e5d5eef35798259c9sf ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL, APLOGNO(01757)

8ea968d7e798635ab742673e5d5eef35798259c9sf "generating secret for digest authentication");

8ea968d7e798635ab742673e5d5eef35798259c9sf#if APR_HAS_RANDOM

8ea968d7e798635ab742673e5d5eef35798259c9sf rv = apr_generate_random_bytes(retained, SECRET_LEN);

8ea968d7e798635ab742673e5d5eef35798259c9sf#else

8ea968d7e798635ab742673e5d5eef35798259c9sf#error APR random number support is missing

8ea968d7e798635ab742673e5d5eef35798259c9sf#endif

8ea968d7e798635ab742673e5d5eef35798259c9sf if (rv != APR_SUCCESS) {

8ea968d7e798635ab742673e5d5eef35798259c9sf ap_log_error(APLOG_MARK, APLOG_CRIT, rv, NULL, APLOGNO(01758)

8ea968d7e798635ab742673e5d5eef35798259c9sf "error generating secret");

8ea968d7e798635ab742673e5d5eef35798259c9sf return !OK;

8ea968d7e798635ab742673e5d5eef35798259c9sf }

8ea968d7e798635ab742673e5d5eef35798259c9sf }

8ea968d7e798635ab742673e5d5eef35798259c9sf secret = retained;

11f2c481e1d57bedb3f758565307501e9a2730ddtrawick return OK;

11f2c481e1d57bedb3f758565307501e9a2730ddtrawick}

a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein

9d0665da83d1e22c0ea0e5f6f940f70f75bf5237ianhstatic int initialize_module(apr_pool_t *p, apr_pool_t *plog,

e1753aabf5df187b5b04e72a958af4b65b1a125daaron apr_pool_t *ptemp, server_rec *s)

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding{

e1753aabf5df187b5b04e72a958af4b65b1a125daaron /* initialize_module() will be called twice, and if it's a DSO

59d316b83d42d2a07e25c20d8c35a07b369618bdsf if (ap_state_query(AP_SQ_MAIN_STATE) == AP_SQ_MS_CREATE_PRE_CONFIG)

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron return OK;

59d316b83d42d2a07e25c20d8c35a07b369618bdsf

dc80439e9fba60c753cd145cb6799409ffea9b71ronald#if APR_HAS_SHARED_MEMORY

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding /* Note: this stuff is currently fixed for the lifetime of the server,

97d20d37d21b8d427a920e211858172f0a82427epoirier if (initialize_tables(s, p) != OK) {

97d20d37d21b8d427a920e211858172f0a82427epoirier return !OK;

97d20d37d21b8d427a920e211858172f0a82427epoirier }

97d20d37d21b8d427a920e211858172f0a82427epoirier /* Call cleanup_tables on exit or restart */

066877f1a045103acfdd376d48cdd473c33f409bdougm apr_pool_cleanup_register(p, NULL, cleanup_tables, apr_pool_cleanup_null);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron#endif /* APR_HAS_SHARED_MEMORY */

9d0665da83d1e22c0ea0e5f6f940f70f75bf5237ianh return OK;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding}

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

1ccd992d37d62c8cb2056126f2234f64ec189bfddougmstatic void initialize_child(apr_pool_t *p, server_rec *s)

dc80439e9fba60c753cd145cb6799409ffea9b71ronald{

1ccd992d37d62c8cb2056126f2234f64ec189bfddougm apr_status_t sts;

dc80439e9fba60c753cd145cb6799409ffea9b71ronald

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (!client_shm) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron return;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

dc80439e9fba60c753cd145cb6799409ffea9b71ronald

97d20d37d21b8d427a920e211858172f0a82427epoirier /* Get access to rmm in child */

97d20d37d21b8d427a920e211858172f0a82427epoirier sts = apr_rmm_attach(&client_rmm,

97d20d37d21b8d427a920e211858172f0a82427epoirier NULL,

97d20d37d21b8d427a920e211858172f0a82427epoirier apr_shm_baseaddr_get(client_shm),

97d20d37d21b8d427a920e211858172f0a82427epoirier p);

97d20d37d21b8d427a920e211858172f0a82427epoirier if (sts != APR_SUCCESS) {

97d20d37d21b8d427a920e211858172f0a82427epoirier log_error_and_cleanup("failed to attach to rmm", sts, s);

97d20d37d21b8d427a920e211858172f0a82427epoirier return;

97d20d37d21b8d427a920e211858172f0a82427epoirier }

97d20d37d21b8d427a920e211858172f0a82427epoirier

11f2c481e1d57bedb3f758565307501e9a2730ddtrawick sts = apr_global_mutex_child_init(&client_lock,

11f2c481e1d57bedb3f758565307501e9a2730ddtrawick apr_global_mutex_lockfile(client_lock),

11f2c481e1d57bedb3f758565307501e9a2730ddtrawick p);

29c30db45f6a469017e16b606611e460cc1a1f2caaron if (sts != APR_SUCCESS) {

29c30db45f6a469017e16b606611e460cc1a1f2caaron log_error_and_cleanup("failed to create lock (client_lock)", sts, s);

29c30db45f6a469017e16b606611e460cc1a1f2caaron return;

29c30db45f6a469017e16b606611e460cc1a1f2caaron }

11f2c481e1d57bedb3f758565307501e9a2730ddtrawick sts = apr_global_mutex_child_init(&opaque_lock,

11f2c481e1d57bedb3f758565307501e9a2730ddtrawick apr_global_mutex_lockfile(opaque_lock),

11f2c481e1d57bedb3f758565307501e9a2730ddtrawick p);

29c30db45f6a469017e16b606611e460cc1a1f2caaron if (sts != APR_SUCCESS) {

29c30db45f6a469017e16b606611e460cc1a1f2caaron log_error_and_cleanup("failed to create lock (opaque_lock)", sts, s);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron return;

dc80439e9fba60c753cd145cb6799409ffea9b71ronald }

dc80439e9fba60c753cd145cb6799409ffea9b71ronald}

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

1ccd992d37d62c8cb2056126f2234f64ec189bfddougmstatic void *create_digest_dir_config(apr_pool_t *p, char *dir)

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding{

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding digest_config_rec *conf;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (dir == NULL) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron return NULL;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

1ccd992d37d62c8cb2056126f2234f64ec189bfddougm conf = (digest_config_rec *) apr_pcalloc(p, sizeof(digest_config_rec));

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding if (conf) {

fd9b4a0b713bc4816b9b80f52d567f5c2ac06bafsf conf->qop_list = apr_array_make(p, 2, sizeof(char *));

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron conf->nonce_lifetime = DFLT_NONCE_LIFE;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron conf->dir_name = apr_pstrdup(p, dir);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron conf->algorithm = DFLT_ALGORITHM;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding return conf;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding}

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefieldingstatic const char *set_realm(cmd_parms *cmd, void *config, const char *realm)

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding{

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding digest_config_rec *conf = (digest_config_rec *) config;

19f9bc5e12b4e6178eb4709779c28af45012c205rjung#ifdef AP_DEBUG

c7de1955eb0eaeabf7042902476397692672d549sf int i;

c7de1955eb0eaeabf7042902476397692672d549sf

c7de1955eb0eaeabf7042902476397692672d549sf /* check that we got random numbers */

c7de1955eb0eaeabf7042902476397692672d549sf for (i = 0; i < SECRET_LEN; i++) {

c7de1955eb0eaeabf7042902476397692672d549sf if (secret[i] != 0)

c7de1955eb0eaeabf7042902476397692672d549sf break;

c7de1955eb0eaeabf7042902476397692672d549sf }

c7de1955eb0eaeabf7042902476397692672d549sf ap_assert(i < SECRET_LEN);

c7de1955eb0eaeabf7042902476397692672d549sf#endif

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding /* The core already handles the realm, but it's just too convenient to

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding conf->realm = realm;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding /* we precompute the part of the nonce hash that is constant (well,

066877f1a045103acfdd376d48cdd473c33f409bdougm apr_sha1_init(&conf->nonce_ctx);

c7de1955eb0eaeabf7042902476397692672d549sf apr_sha1_update_binary(&conf->nonce_ctx, secret, SECRET_LEN);

066877f1a045103acfdd376d48cdd473c33f409bdougm apr_sha1_update_binary(&conf->nonce_ctx, (const unsigned char *) realm,

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron strlen(realm));

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding return DECLINE_CMD;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding}

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

322b350d0f1ac750b112ec15481a33efc92d182cjerenkrantzstatic const char *add_authn_provider(cmd_parms *cmd, void *config,

322b350d0f1ac750b112ec15481a33efc92d182cjerenkrantz const char *arg)

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding{

322b350d0f1ac750b112ec15481a33efc92d182cjerenkrantz digest_config_rec *conf = (digest_config_rec*)config;

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz authn_provider_list *newp;

322b350d0f1ac750b112ec15481a33efc92d182cjerenkrantz

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz newp = apr_pcalloc(cmd->pool, sizeof(authn_provider_list));

05a5d2147e0dadae69d00691f814049dc9999efdsf newp->provider_name = arg;

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz /* lookup and cache the actual provider now */

e9f8410b788ef1e6f1baed6c706ffdf3da395a16jerenkrantz newp->provider = ap_lookup_provider(AUTHN_PROVIDER_GROUP,

2e242dca7111f99d54dd144b7b8418d88d560032chrisd newp->provider_name,

2e242dca7111f99d54dd144b7b8418d88d560032chrisd AUTHN_PROVIDER_VERSION);

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz if (newp->provider == NULL) {

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz /* by the time they use it, the provider should be loaded and

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz return apr_psprintf(cmd->pool,

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz "Unknown Authn provider: %s",

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz newp->provider_name);

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz }

322b350d0f1ac750b112ec15481a33efc92d182cjerenkrantz

75031befec2825183c13931fc3266b56ed575c3dcovener if (!newp->provider->get_realm_hash) {

6e45872b4a23d493887830d82a2759b4c00b10b2wsanchez /* if it doesn't provide the appropriate function, reject it */

6e45872b4a23d493887830d82a2759b4c00b10b2wsanchez return apr_psprintf(cmd->pool,

6e45872b4a23d493887830d82a2759b4c00b10b2wsanchez "The '%s' Authn provider doesn't support "

941fcca87a4607a388e88cff3fd0cdefc29bb81cjerenkrantz "Digest Authentication", newp->provider_name);

6e45872b4a23d493887830d82a2759b4c00b10b2wsanchez }

6e45872b4a23d493887830d82a2759b4c00b10b2wsanchez

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz /* Add it to the list now. */

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz if (!conf->providers) {

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz conf->providers = newp;

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz }

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz else {

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz authn_provider_list *last = conf->providers;

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz while (last->next) {

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz last = last->next;

322b350d0f1ac750b112ec15481a33efc92d182cjerenkrantz }

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz last->next = newp;

322b350d0f1ac750b112ec15481a33efc92d182cjerenkrantz }

322b350d0f1ac750b112ec15481a33efc92d182cjerenkrantz

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding return NULL;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding}

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefieldingstatic const char *set_qop(cmd_parms *cmd, void *config, const char *op)

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding{

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding digest_config_rec *conf = (digest_config_rec *) config;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding if (!strcasecmp(op, "none")) {

fd9b4a0b713bc4816b9b80f52d567f5c2ac06bafsf apr_array_clear(conf->qop_list);

fd9b4a0b713bc4816b9b80f52d567f5c2ac06bafsf *(const char **)apr_array_push(conf->qop_list) = "none";

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron return NULL;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (!strcasecmp(op, "auth-int")) {

44a02fb58380bb801585f586ad3c7569de11840dpoirier return "AuthDigestQop auth-int is not implemented";

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron else if (strcasecmp(op, "auth")) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron return apr_pstrcat(cmd->pool, "Unrecognized qop: ", op, NULL);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron

fd9b4a0b713bc4816b9b80f52d567f5c2ac06bafsf *(const char **)apr_array_push(conf->qop_list) = op;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding return NULL;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding}

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefieldingstatic const char *set_nonce_lifetime(cmd_parms *cmd, void *config,

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron const char *t)

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding{

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding char *endptr;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding long lifetime;

dc80439e9fba60c753cd145cb6799409ffea9b71ronald

e8f95a682820a599fe41b22977010636be5c2717jim lifetime = strtol(t, &endptr, 10);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (endptr < (t+strlen(t)) && !apr_isspace(*endptr)) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron return apr_pstrcat(cmd->pool,

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron "Invalid time in AuthDigestNonceLifetime: ",

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron t, NULL);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

e0fe4de2016336428729a620ac0034cd1198ad7awrowe ((digest_config_rec *) config)->nonce_lifetime = apr_time_from_sec(lifetime);

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding return NULL;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding}

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefieldingstatic const char *set_nonce_format(cmd_parms *cmd, void *config,

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron const char *fmt)

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding{

f7376afc33a9e035921be9114c0e246820d7c8besf return "AuthDigestNonceFormat is not implemented";

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding}

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefieldingstatic const char *set_nc_check(cmd_parms *cmd, void *config, int flag)

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding{

e5db2522dbe503cbf5399094b6239c88c246a8c5poirier#if !APR_HAS_SHARED_MEMORY

e5db2522dbe503cbf5399094b6239c88c246a8c5poirier if (flag) {

e5db2522dbe503cbf5399094b6239c88c246a8c5poirier return "AuthDigestNcCheck: ERROR: nonce-count checking "

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron "is not supported on platforms without shared-memory "

e5db2522dbe503cbf5399094b6239c88c246a8c5poirier "support";

ac2eb54bac2d978c323ab346161b8591d134100cpoirier }

e5db2522dbe503cbf5399094b6239c88c246a8c5poirier#endif

dc80439e9fba60c753cd145cb6799409ffea9b71ronald

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding ((digest_config_rec *) config)->check_nc = flag;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding return NULL;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding}

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefieldingstatic const char *set_algorithm(cmd_parms *cmd, void *config, const char *alg)

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding{

dc80439e9fba60c753cd145cb6799409ffea9b71ronald if (!strcasecmp(alg, "MD5-sess")) {

e5db2522dbe503cbf5399094b6239c88c246a8c5poirier return "AuthDigestAlgorithm: ERROR: algorithm `MD5-sess' "

f7376afc33a9e035921be9114c0e246820d7c8besf "is not implemented";

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron else if (strcasecmp(alg, "MD5")) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron return apr_pstrcat(cmd->pool, "Invalid algorithm in AuthDigestAlgorithm: ", alg, NULL);

dc80439e9fba60c753cd145cb6799409ffea9b71ronald }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding ((digest_config_rec *) config)->algorithm = alg;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding return NULL;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding}

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefieldingstatic const char *set_uri_list(cmd_parms *cmd, void *config, const char *uri)

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding{

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding digest_config_rec *c = (digest_config_rec *) config;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding if (c->uri_list) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron c->uri_list[strlen(c->uri_list)-1] = '\0';

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron c->uri_list = apr_pstrcat(cmd->pool, c->uri_list, " ", uri, "\"", NULL);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron else {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron c->uri_list = apr_pstrcat(cmd->pool, ", domain=\"", uri, "\"", NULL);

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding return NULL;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding}

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

dc80439e9fba60c753cd145cb6799409ffea9b71ronaldstatic const char *set_shmem_size(cmd_parms *cmd, void *config,

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron const char *size_str)

dc80439e9fba60c753cd145cb6799409ffea9b71ronald{

dc80439e9fba60c753cd145cb6799409ffea9b71ronald char *endptr;

dc80439e9fba60c753cd145cb6799409ffea9b71ronald long size, min;

dc80439e9fba60c753cd145cb6799409ffea9b71ronald

e8f95a682820a599fe41b22977010636be5c2717jim size = strtol(size_str, &endptr, 10);

10a4cdd68ef1ca0e54af296fe1d08ac00150c90bwrowe while (apr_isspace(*endptr)) endptr++;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (*endptr == '\0' || *endptr == 'b' || *endptr == 'B') {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron ;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron else if (*endptr == 'k' || *endptr == 'K') {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron size *= 1024;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron else if (*endptr == 'm' || *endptr == 'M') {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron size *= 1048576;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron else {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron return apr_pstrcat(cmd->pool, "Invalid size in AuthDigestShmemSize: ",

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron size_str, NULL);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

dc80439e9fba60c753cd145cb6799409ffea9b71ronald

dc80439e9fba60c753cd145cb6799409ffea9b71ronald min = sizeof(*client_list) + sizeof(client_entry*) + sizeof(client_entry);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (size < min) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron return apr_psprintf(cmd->pool, "size in AuthDigestShmemSize too small: "

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron "%ld < %ld", size, min);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

dc80439e9fba60c753cd145cb6799409ffea9b71ronald

dc80439e9fba60c753cd145cb6799409ffea9b71ronald shmem_size = size;

dc80439e9fba60c753cd145cb6799409ffea9b71ronald num_buckets = (size - sizeof(*client_list)) /

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron (sizeof(client_entry*) + HASH_DEPTH * sizeof(client_entry));

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (num_buckets == 0) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron num_buckets = 1;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

185aa71728867671e105178b4c66fbc22b65ae26sf ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, APLOGNO(01763)

678a15e91d6a44569c956445442731bb64a98a63sf "Set shmem-size: %" APR_SIZE_T_FMT ", num-buckets: %ld",

6217bba0eab68d7d4c407ed3aedc76e1cc2bbb9atrawick shmem_size, num_buckets);

dc80439e9fba60c753cd145cb6799409ffea9b71ronald

dc80439e9fba60c753cd145cb6799409ffea9b71ronald return NULL;

dc80439e9fba60c753cd145cb6799409ffea9b71ronald}

dc80439e9fba60c753cd145cb6799409ffea9b71ronald

0f081398cf0eef8cc7c66a535d450110a92dc8aefieldingstatic const command_rec digest_cmds[] =

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding{

e8f95a682820a599fe41b22977010636be5c2717jim AP_INIT_TAKE1("AuthName", set_realm, NULL, OR_AUTHCFG,

090a954a1fe65b29a6f4a696f0136ef12ea0f1b1rbb "The authentication realm (e.g. \"Members Only\")"),

1df208eeb79b689410598b0f6fd1ac3fb2401c44nd AP_INIT_ITERATE("AuthDigestProvider", add_authn_provider, NULL, OR_AUTHCFG,

322b350d0f1ac750b112ec15481a33efc92d182cjerenkrantz "specify the auth providers for a directory or location"),

e8f95a682820a599fe41b22977010636be5c2717jim AP_INIT_ITERATE("AuthDigestQop", set_qop, NULL, OR_AUTHCFG,

090a954a1fe65b29a6f4a696f0136ef12ea0f1b1rbb "A list of quality-of-protection options"),

e8f95a682820a599fe41b22977010636be5c2717jim AP_INIT_TAKE1("AuthDigestNonceLifetime", set_nonce_lifetime, NULL, OR_AUTHCFG,

090a954a1fe65b29a6f4a696f0136ef12ea0f1b1rbb "Maximum lifetime of the server nonce (seconds)"),

e8f95a682820a599fe41b22977010636be5c2717jim AP_INIT_TAKE1("AuthDigestNonceFormat", set_nonce_format, NULL, OR_AUTHCFG,

090a954a1fe65b29a6f4a696f0136ef12ea0f1b1rbb "The format to use when generating the server nonce"),

e8f95a682820a599fe41b22977010636be5c2717jim AP_INIT_FLAG("AuthDigestNcCheck", set_nc_check, NULL, OR_AUTHCFG,

090a954a1fe65b29a6f4a696f0136ef12ea0f1b1rbb "Whether or not to check the nonce-count sent by the client"),

e8f95a682820a599fe41b22977010636be5c2717jim AP_INIT_TAKE1("AuthDigestAlgorithm", set_algorithm, NULL, OR_AUTHCFG,

090a954a1fe65b29a6f4a696f0136ef12ea0f1b1rbb "The algorithm used for the hash calculation"),

e8f95a682820a599fe41b22977010636be5c2717jim AP_INIT_ITERATE("AuthDigestDomain", set_uri_list, NULL, OR_AUTHCFG,

090a954a1fe65b29a6f4a696f0136ef12ea0f1b1rbb "A list of URI's which belong to the same protection space as the current URI"),

e8f95a682820a599fe41b22977010636be5c2717jim AP_INIT_TAKE1("AuthDigestShmemSize", set_shmem_size, NULL, RSRC_CONF,

090a954a1fe65b29a6f4a696f0136ef12ea0f1b1rbb "The amount of shared memory to allocate for keeping track of clients"),

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding {NULL}

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding};

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefieldingstatic client_entry *get_client(unsigned long key, const request_rec *r)

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding{

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding int bucket;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding client_entry *entry, *prev = NULL;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

dc80439e9fba60c753cd145cb6799409ffea9b71ronald if (!key || !client_shm) return NULL;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding bucket = key % client_list->tbl_len;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding entry = client_list->table[bucket];

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

29c30db45f6a469017e16b606611e460cc1a1f2caaron apr_global_mutex_lock(client_lock);

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron while (entry && key != entry->key) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron prev = entry;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron entry = entry->next;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (entry && prev) { /* move entry to front of list */

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron prev->next = entry->next;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron entry->next = client_list->table[bucket];

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron client_list->table[bucket] = entry;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

29c30db45f6a469017e16b606611e460cc1a1f2caaron apr_global_mutex_unlock(client_lock);

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (entry) {

185aa71728867671e105178b4c66fbc22b65ae26sf ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01764)

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron "get_client(): client %lu found", key);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron else {

185aa71728867671e105178b4c66fbc22b65ae26sf ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01765)

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron "get_client(): client %lu not found", key);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding return entry;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding}

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefieldingstatic long gc(void)

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding{

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding client_entry *entry, *prev;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding unsigned long num_removed = 0, idx;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding /* garbage collect all last entries */

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron for (idx = 0; idx < client_list->tbl_len; idx++) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron entry = client_list->table[idx];

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron prev = NULL;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron while (entry->next) { /* find last entry */

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron prev = entry;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron entry = entry->next;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (prev) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron prev->next = NULL; /* cut list */

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron else {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron client_list->table[idx] = NULL;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (entry) { /* remove entry */

97d20d37d21b8d427a920e211858172f0a82427epoirier apr_rmm_free(client_rmm, apr_rmm_offset_get(client_rmm, entry));

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron num_removed++;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding /* update counters and log */

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding client_list->num_entries -= num_removed;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding client_list->num_removed += num_removed;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding return num_removed;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding}

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

dc80439e9fba60c753cd145cb6799409ffea9b71ronaldstatic client_entry *add_client(unsigned long key, client_entry *info,

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron server_rec *s)

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding{

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding int bucket;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding client_entry *entry;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (!key || !client_shm) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron return NULL;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding bucket = key % client_list->tbl_len;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

29c30db45f6a469017e16b606611e460cc1a1f2caaron apr_global_mutex_lock(client_lock);

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding /* try to allocate a new entry */

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

97d20d37d21b8d427a920e211858172f0a82427epoirier entry = apr_rmm_addr_get(client_rmm, apr_rmm_malloc(client_rmm, sizeof(client_entry)));

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding if (!entry) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron long num_removed = gc();

185aa71728867671e105178b4c66fbc22b65ae26sf ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(01766)

678a15e91d6a44569c956445442731bb64a98a63sf "gc'd %ld client entries. Total new clients: "

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron "%ld; Total removed clients: %ld; Total renewed clients: "

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron "%ld", num_removed,

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron client_list->num_created - client_list->num_renewed,

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron client_list->num_removed, client_list->num_renewed);

97d20d37d21b8d427a920e211858172f0a82427epoirier entry = apr_rmm_addr_get(client_rmm, apr_rmm_malloc(client_rmm, sizeof(client_entry)));

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (!entry) {

185aa71728867671e105178b4c66fbc22b65ae26sf ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01767)

97d20d37d21b8d427a920e211858172f0a82427epoirier "unable to allocate new auth_digest client");

97d20d37d21b8d427a920e211858172f0a82427epoirier apr_global_mutex_unlock(client_lock);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron return NULL; /* give up */

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding /* now add the entry */

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

dc80439e9fba60c753cd145cb6799409ffea9b71ronald memcpy(entry, info, sizeof(client_entry));

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding entry->key = key;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding entry->next = client_list->table[bucket];

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding client_list->table[bucket] = entry;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding client_list->num_created++;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding client_list->num_entries++;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

29c30db45f6a469017e16b606611e460cc1a1f2caaron apr_global_mutex_unlock(client_lock);

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

185aa71728867671e105178b4c66fbc22b65ae26sf ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01768)

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron "allocated new client %lu", key);

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding return entry;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding}

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefieldingstatic int get_digest_rec(request_rec *r, digest_header_rec *resp)

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding{

dc80439e9fba60c753cd145cb6799409ffea9b71ronald const char *auth_line;

58fd79b56eb624bf011772994e9761d3c2e228c1orlikowski apr_size_t l;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding int vk = 0, vv = 0;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding char *key, *value;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

1ccd992d37d62c8cb2056126f2234f64ec189bfddougm auth_line = apr_table_get(r->headers_in,

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron (PROXYREQ_PROXY == r->proxyreq)

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron ? "Proxy-Authorization"

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron : "Authorization");

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding if (!auth_line) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron resp->auth_hdr_sts = NO_HEADER;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron return !OK;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding resp->scheme = ap_getword_white(r->pool, &auth_line);

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding if (strcasecmp(resp->scheme, "Digest")) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron resp->auth_hdr_sts = NOT_DIGEST;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron return !OK;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding l = strlen(auth_line);

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

1ccd992d37d62c8cb2056126f2234f64ec189bfddougm key = apr_palloc(r->pool, l+1);

1ccd992d37d62c8cb2056126f2234f64ec189bfddougm value = apr_palloc(r->pool, l+1);

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding while (auth_line[0] != '\0') {

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron /* find key */

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron while (apr_isspace(auth_line[0])) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron auth_line++;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron vk = 0;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron while (auth_line[0] != '=' && auth_line[0] != ','

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron && auth_line[0] != '\0' && !apr_isspace(auth_line[0])) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron key[vk++] = *auth_line++;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron key[vk] = '\0';

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron while (apr_isspace(auth_line[0])) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron auth_line++;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron /* find value */

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (auth_line[0] == '=') {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron auth_line++;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron while (apr_isspace(auth_line[0])) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron auth_line++;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron vv = 0;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (auth_line[0] == '\"') { /* quoted string */

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron auth_line++;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron while (auth_line[0] != '\"' && auth_line[0] != '\0') {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (auth_line[0] == '\\' && auth_line[1] != '\0') {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron auth_line++; /* escaped char */

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron value[vv++] = *auth_line++;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (auth_line[0] != '\0') {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron auth_line++;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron else { /* token */

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron while (auth_line[0] != ',' && auth_line[0] != '\0'

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron && !apr_isspace(auth_line[0])) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron value[vv++] = *auth_line++;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron value[vv] = '\0';

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron while (auth_line[0] != ',' && auth_line[0] != '\0') {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron auth_line++;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (auth_line[0] != '\0') {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron auth_line++;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (!strcasecmp(key, "username"))

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron resp->username = apr_pstrdup(r->pool, value);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron else if (!strcasecmp(key, "realm"))

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron resp->realm = apr_pstrdup(r->pool, value);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron else if (!strcasecmp(key, "nonce"))

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron resp->nonce = apr_pstrdup(r->pool, value);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron else if (!strcasecmp(key, "uri"))

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron resp->uri = apr_pstrdup(r->pool, value);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron else if (!strcasecmp(key, "response"))

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron resp->digest = apr_pstrdup(r->pool, value);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron else if (!strcasecmp(key, "algorithm"))

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron resp->algorithm = apr_pstrdup(r->pool, value);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron else if (!strcasecmp(key, "cnonce"))

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron resp->cnonce = apr_pstrdup(r->pool, value);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron else if (!strcasecmp(key, "opaque"))

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron resp->opaque = apr_pstrdup(r->pool, value);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron else if (!strcasecmp(key, "qop"))

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron resp->message_qop = apr_pstrdup(r->pool, value);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron else if (!strcasecmp(key, "nc"))

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron resp->nonce_count = apr_pstrdup(r->pool, value);

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding if (!resp->username || !resp->realm || !resp->nonce || !resp->uri

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron || !resp->digest

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron || (resp->message_qop && (!resp->cnonce || !resp->nonce_count))) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron resp->auth_hdr_sts = INVALID;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron return !OK;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (resp->opaque) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron resp->opaque_num = (unsigned long) strtol(resp->opaque, NULL, 16);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding resp->auth_hdr_sts = VALID;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding return OK;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding}

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

d0a225bdac006f3361e80bfc1be7e6f9b0e81f80ronaldstatic int parse_hdr_and_update_nc(request_rec *r)

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding{

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding digest_header_rec *resp;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding int res;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (!ap_is_initial_req(r)) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron return DECLINED;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

1ccd992d37d62c8cb2056126f2234f64ec189bfddougm resp = apr_pcalloc(r->pool, sizeof(digest_header_rec));

dc80439e9fba60c753cd145cb6799409ffea9b71ronald resp->raw_request_uri = r->unparsed_uri;

dc80439e9fba60c753cd145cb6799409ffea9b71ronald resp->psd_request_uri = &r->parsed_uri;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding resp->needed_auth = 0;

7ddfd45e4d3d13de264931df8eb27ee7619fdb0ejerenkrantz resp->method = r->method;

138c8f7cb8254e035c6f45288e3909cd9c21be5cmartin ap_set_module_config(r->request_config, &auth_digest_module, resp);

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding res = get_digest_rec(r, resp);

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding resp->client = get_client(resp->opaque_num, r);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (res == OK && resp->client) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron resp->client->nonce_count++;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding return DECLINED;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding}

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefieldingstatic void gen_nonce_hash(char *hash, const char *timestr, const char *opaque,

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron const server_rec *server,

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron const digest_config_rec *conf)

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding{

b980ad7fdc218b4855cde9f75a747527f50c554dwrowe unsigned char sha1[APR_SHA1_DIGESTSIZE];

b980ad7fdc218b4855cde9f75a747527f50c554dwrowe apr_sha1_ctx_t ctx;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding memcpy(&ctx, &conf->nonce_ctx, sizeof(ctx));

dc80439e9fba60c753cd145cb6799409ffea9b71ronald /*

066877f1a045103acfdd376d48cdd473c33f409bdougm apr_sha1_update_binary(&ctx, (const unsigned char *) timestr, strlen(timestr));

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (opaque) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron apr_sha1_update_binary(&ctx, (const unsigned char *) opaque,

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron strlen(opaque));

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

066877f1a045103acfdd376d48cdd473c33f409bdougm apr_sha1_final(sha1, &ctx);

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

3adacd72419923c0eb3c2373d063d1a792181a88sf ap_bin2hex(sha1, APR_SHA1_DIGESTSIZE, hash);

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding}

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

1ccd992d37d62c8cb2056126f2234f64ec189bfddougmstatic const char *gen_nonce(apr_pool_t *p, apr_time_t now, const char *opaque,

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron const server_rec *server,

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron const digest_config_rec *conf)

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding{

1ccd992d37d62c8cb2056126f2234f64ec189bfddougm char *nonce = apr_palloc(p, NONCE_LEN+1);

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding time_rec t;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (conf->nonce_lifetime != 0) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron t.time = now;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron else if (otn_counter) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron /* this counter is not synch'd, because it doesn't really matter

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron t.time = (*otn_counter)++;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron else {

953ffc322984217eb04f911e041b40b7a91b54aawrowe /* XXX: WHAT IS THIS CONSTANT? */

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron t.time = 42;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

a9a941ed6ca86039137d64bdc7b1c4fda9d07d12sf apr_base64_encode_binary(nonce, t.arr, sizeof(t.arr));

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding gen_nonce_hash(nonce+NONCE_TIME_LEN, nonce, opaque, server, conf);

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding return nonce;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding}

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefieldingstatic client_entry *gen_client(const request_rec *r)

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding{

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding unsigned long op;

f7376afc33a9e035921be9114c0e246820d7c8besf client_entry new_entry = { 0, NULL, 0, "" }, *entry;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (!opaque_cntr) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron return NULL;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

29c30db45f6a469017e16b606611e460cc1a1f2caaron apr_global_mutex_lock(opaque_lock);

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding op = (*opaque_cntr)++;

97d20d37d21b8d427a920e211858172f0a82427epoirier apr_global_mutex_unlock(opaque_lock);

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

dc80439e9fba60c753cd145cb6799409ffea9b71ronald if (!(entry = add_client(op, &new_entry, r->server))) {

185aa71728867671e105178b4c66fbc22b65ae26sf ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01769)

678a15e91d6a44569c956445442731bb64a98a63sf "failed to allocate client entry - ignoring client");

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron return NULL;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding return entry;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding}

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

1ccd992d37d62c8cb2056126f2234f64ec189bfddougmstatic const char *ltox(apr_pool_t *p, unsigned long num)

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding{

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (num != 0) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron return apr_psprintf(p, "%lx", num);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron else {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron return "";

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding}

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefieldingstatic void note_digest_auth_failure(request_rec *r,

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron const digest_config_rec *conf,

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron digest_header_rec *resp, int stale)

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding{

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding const char *qop, *opaque, *opaque_param, *domain, *nonce;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding /* Setup qop */

fd9b4a0b713bc4816b9b80f52d567f5c2ac06bafsf if (apr_is_empty_array(conf->qop_list)) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron qop = ", qop=\"auth\"";

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

fd9b4a0b713bc4816b9b80f52d567f5c2ac06bafsf else if (!strcasecmp(*(const char **)(conf->qop_list->elts), "none")) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron qop = "";

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron else {

fd9b4a0b713bc4816b9b80f52d567f5c2ac06bafsf qop = apr_pstrcat(r->pool, ", qop=\"",

fd9b4a0b713bc4816b9b80f52d567f5c2ac06bafsf apr_array_pstrcat(r->pool, conf->qop_list, ','),

fd9b4a0b713bc4816b9b80f52d567f5c2ac06bafsf "\"",

fd9b4a0b713bc4816b9b80f52d567f5c2ac06bafsf NULL);

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding /* Setup opaque */

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding if (resp->opaque == NULL) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron /* new client */

f7376afc33a9e035921be9114c0e246820d7c8besf if ((conf->check_nc || conf->nonce_lifetime == 0)

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron && (resp->client = gen_client(r)) != NULL) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron opaque = ltox(r->pool, resp->client->key);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron else {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron opaque = ""; /* opaque not needed */

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding else if (resp->client == NULL) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron /* client info was gc'd */

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron resp->client = gen_client(r);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (resp->client != NULL) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron opaque = ltox(r->pool, resp->client->key);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron stale = 1;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron client_list->num_renewed++;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron else {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron opaque = ""; /* ??? */

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding else {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron opaque = resp->opaque;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron /* we're generating a new nonce, so reset the nonce-count */

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron resp->client->nonce_count = 0;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (opaque[0]) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron opaque_param = apr_pstrcat(r->pool, ", opaque=\"", opaque, "\"", NULL);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron else {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron opaque_param = NULL;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding /* Setup nonce */

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding nonce = gen_nonce(r->pool, r->request_time, opaque, r->server, conf);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron if (resp->client && conf->nonce_lifetime == 0) {

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron memcpy(resp->client->last_nonce, nonce, NONCE_LEN+1);

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding /* setup domain attribute. We want to send this attribute wherever

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

e8f95a682820a599fe41b22977010636be5c2717jim

820be4f3a1a5b0565a072b0bf582d19fb791b68dnd /* don't send domain

820be4f3a1a5b0565a072b0bf582d19fb791b68dnd if (r->proxyreq || !conf->uri_list) {

e8f95a682820a599fe41b22977010636be5c2717jim domain = NULL;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding else {

820be4f3a1a5b0565a072b0bf582d19fb791b68dnd domain = conf->uri_list;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding }

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

1ccd992d37d62c8cb2056126f2234f64ec189bfddougm apr_table_mergen(r->err_headers_out,

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron (PROXYREQ_PROXY == r->proxyreq)

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron ? "Proxy-Authenticate" : "WWW-Authenticate",

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron apr_psprintf(r->pool, "Digest realm=\"%s\", "

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron "nonce=\"%s\", algorithm=%s%s%s%s%s",

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron ap_auth_name(r), nonce, conf->algorithm,

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron opaque_param ? opaque_param : "",

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron domain ? domain : "",

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron stale ? ", stale=true" : "", qop));

c7d0205ec1649076e7742d72a25ac53779768312stoddard

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding}

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

a44d29a3794110c558c940bd903a1930d717a7d7sfstatic int hook_note_digest_auth_failure(request_rec *r, const char *auth_type)

a44d29a3794110c558c940bd903a1930d717a7d7sf{

a44d29a3794110c558c940bd903a1930d717a7d7sf request_rec *mainreq;

a44d29a3794110c558c940bd903a1930d717a7d7sf digest_header_rec *resp;

a44d29a3794110c558c940bd903a1930d717a7d7sf digest_config_rec *conf;

a44d29a3794110c558c940bd903a1930d717a7d7sf

a44d29a3794110c558c940bd903a1930d717a7d7sf if (strcasecmp(auth_type, "Digest"))

a44d29a3794110c558c940bd903a1930d717a7d7sf return DECLINED;

a44d29a3794110c558c940bd903a1930d717a7d7sf

a44d29a3794110c558c940bd903a1930d717a7d7sf /* get the client response and mark */

a44d29a3794110c558c940bd903a1930d717a7d7sf

a44d29a3794110c558c940bd903a1930d717a7d7sf mainreq = r;

a44d29a3794110c558c940bd903a1930d717a7d7sf while (mainreq->main != NULL) {

a44d29a3794110c558c940bd903a1930d717a7d7sf mainreq = mainreq->main;

a44d29a3794110c558c940bd903a1930d717a7d7sf }

a44d29a3794110c558c940bd903a1930d717a7d7sf while (mainreq->prev != NULL) {

a44d29a3794110c558c940bd903a1930d717a7d7sf mainreq = mainreq->prev;

a44d29a3794110c558c940bd903a1930d717a7d7sf }

a44d29a3794110c558c940bd903a1930d717a7d7sf resp = (digest_header_rec *) ap_get_module_config(mainreq->request_config,

a44d29a3794110c558c940bd903a1930d717a7d7sf &auth_digest_module);

a44d29a3794110c558c940bd903a1930d717a7d7sf resp->needed_auth = 1;

a44d29a3794110c558c940bd903a1930d717a7d7sf

a44d29a3794110c558c940bd903a1930d717a7d7sf

a44d29a3794110c558c940bd903a1930d717a7d7sf /* get our conf */

a44d29a3794110c558c940bd903a1930d717a7d7sf

a44d29a3794110c558c940bd903a1930d717a7d7sf conf = (digest_config_rec *) ap_get_module_config(r->per_dir_config,

a44d29a3794110c558c940bd903a1930d717a7d7sf &auth_digest_module);

a44d29a3794110c558c940bd903a1930d717a7d7sf

a44d29a3794110c558c940bd903a1930d717a7d7sf note_digest_auth_failure(r, conf, resp, 0);

a44d29a3794110c558c940bd903a1930d717a7d7sf

a44d29a3794110c558c940bd903a1930d717a7d7sf return OK;

a44d29a3794110c558c940bd903a1930d717a7d7sf}

a44d29a3794110c558c940bd903a1930d717a7d7sf

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

f78505c7d260473bf11002f5028186f27d0ed8a0geoffstatic authn_status get_hash(request_rec *r, const char *user,

f78505c7d260473bf11002f5028186f27d0ed8a0geoff digest_config_rec *conf)

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding{

322b350d0f1ac750b112ec15481a33efc92d182cjerenkrantz authn_status auth_result;

322b350d0f1ac750b112ec15481a33efc92d182cjerenkrantz char *password;

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz authn_provider_list *current_provider;

0f081398cf0eef8cc7c66a535d450110a92dc8aefielding

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz current_provider = conf->providers;

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz do {

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz const authn_provider *provider;

0ec6007a40ac877a7c8d87767ca8e306d89f6595aaron

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz /* For now, if a provider isn't set, we'll be nice and use the file

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz if (!current_provider) {

e9f8410b788ef1e6f1baed6c706ffdf3da395a16jerenkrantz provider = ap_lookup_provider(AUTHN_PROVIDER_GROUP,

2e242dca7111f99d54dd144b7b8418d88d560032chrisd AUTHN_DEFAULT_PROVIDER,

2e242dca7111f99d54dd144b7b8418d88d560032chrisd AUTHN_PROVIDER_VERSION);

6e45872b4a23d493887830d82a2759b4c00b10b2wsanchez

6e45872b4a23d493887830d82a2759b4c00b10b2wsanchez if (!provider || !provider->get_realm_hash) {

185aa71728867671e105178b4c66fbc22b65ae26sf ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01770)

6e45872b4a23d493887830d82a2759b4c00b10b2wsanchez "No Authn provider configured");

6e45872b4a23d493887830d82a2759b4c00b10b2wsanchez auth_result = AUTH_GENERAL_ERROR;

6e45872b4a23d493887830d82a2759b4c00b10b2wsanchez break;

6e45872b4a23d493887830d82a2759b4c00b10b2wsanchez }

33b444dee16ba708960701c5b1ceb69df1548017pquerna apr_table_setn(r->notes, AUTHN_PROVIDER_NAME_NOTE, AUTHN_DEFAULT_PROVIDER);

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz }

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz else {

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz provider = current_provider->provider;

33b444dee16ba708960701c5b1ceb69df1548017pquerna apr_table_setn(r->notes, AUTHN_PROVIDER_NAME_NOTE, current_provider->provider_name);

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz }

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz

69c1e98e10528ac12ed3f56a811c57fc1c9e31e5bnicholes

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz /* We expect the password to be md5 hash of user:realm:password */

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz auth_result = provider->get_realm_hash(r, user, conf->realm,

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz &password);

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz

69c1e98e10528ac12ed3f56a811c57fc1c9e31e5bnicholes apr_table_unset(r->notes, AUTHN_PROVIDER_NAME_NOTE);

69c1e98e10528ac12ed3f56a811c57fc1c9e31e5bnicholes

4d4953238984d603c574511f35ef8d5bdbc70862wsanchez /* Something occured. Stop checking. */

4d4953238984d603c574511f35ef8d5bdbc70862wsanchez if (auth_result != AUTH_USER_NOT_FOUND) {

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz break;

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz }

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz /* If we're not really configured for providers, stop now. */

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz if (!conf->providers) {

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz break;

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz }

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz

bdfba727693ab86e9914ca90af68e62896946755jerenkrantz current_provider = current_provider->next;