mod_auth_digest.c revision 0f081398cf0eef8cc7c66a535d450110a92dc8ae
/* ====================================================================
* Copyright (c) 1995-1999 The Apache Group. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the Apache Group
* for use in the Apache HTTP server project (http://www.apache.org/)."
*
* 4. The names "Apache Server" and "Apache Group" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache"
* nor may "Apache" appear in their names without prior written
* permission of the Apache Group.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the Apache Group
* for use in the Apache HTTP server project (http://www.apache.org/)."
*
* THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Group and was originally based
* on public domain software written at the National Center for
* Supercomputing Applications, University of Illinois, Urbana-Champaign.
* For more information on the Apache Group and the Apache HTTP server
* project, please see <http://www.apache.org/>.
*
*/
/*
* mod_auth_digest: MD5 digest authentication
*
* Originally by Alexei Kosut <akosut@nueva.pvt.k12.ca.us>
* Updated to RFC-2617 by Ronald Tschal�r <ronald@innovation.ch>
* based on mod_auth, by Rob McCool and Robert S. Thau
*
* This module an updated version of modules/standard/mod_digest.c
* However, it has not been extensively tested yet, and is therefore
* currently marked experimental. Send problem reports to me
* (ronald@innovation.ch)
*
* available for instance from
*
* Open Issues:
* - qop=auth-int (when streams and trailer support available)
* - nonce-format configurability
* - Proxy-Authorization-Info header is set by this module, but is
* currently ignored by mod_proxy (needs patch to mod_proxy)
* - generating the secret takes a while (~ 8 seconds) if using the
* truerand library
* - shared-mem not completely tested yet. Seems to work ok for me,
* but... (definitely won't work on Windoze)
*/
/* The section for the Configure script:
* MODULE-DEFINITION-START
* Name: digest_auth_module
* ConfigStart
if [ "$RULE_DEV_RANDOM" = "default" ]; then
else
RULE_DEV_RANDOM="truerand"
if helpers/TestCompile func randbyte; then
:
elif helpers/TestCompile lib rand randbyte; then
:
else
echo " (mod_auth_digest) truerand library missing!"
echo "** This will most probably defeat successful compilation."
echo "** See Rule DEV_RANDOM in src/Configuration.tmpl for more information."
fi
fi
fi
if [ "$RULE_DEV_RANDOM" = "truerand" ]; then
echo " using truerand library (-lrand) for the random seed"
else
echo " using $RULE_DEV_RANDOM for the random seed"
CFLAGS="$CFLAGS -DDEV_RANDOM=$RULE_DEV_RANDOM"
fi
* ConfigEnd
* MODULE-DEFINITION-END
*/
#include "httpd.h"
#include "http_config.h"
#include "http_conf_globals.h"
#include "http_core.h"
#include "http_request.h"
#include "http_log.h"
#include "http_protocol.h"
#include "ap_config.h"
#include "ap_ctype.h"
#include "util_uri.h"
#include "util_md5.h"
#include "ap_sha1.h"
#ifdef HAVE_SHMEM_MM
#include "mm.h"
#endif /* HAVE_SHMEM_MM */
/* struct to hold the configuration info */
typedef struct digest_config_struct {
const char *dir_name;
const char *pwfile;
const char *grpfile;
const char *realm;
const char **qop_list;
long nonce_lifetime;
const char *nonce_format;
int check_nc;
const char *algorithm;
char *uri_list;
const char *ha1;
#define DFLT_ALGORITHM "MD5"
#define DFLT_NONCE_LIFE 300L
#define NEXTNONCE_DELTA 30
#define NONCE_HASH_LEN 40
#define SECRET_LEN 20
/* client list definitions */
typedef struct hash_entry {
unsigned long key; /* the key for this entry */
unsigned long nonce_count; /* for nonce-count checking */
} client_entry;
static struct hash_table {
unsigned long tbl_len;
unsigned long num_entries;
unsigned long num_created;
unsigned long num_removed;
unsigned long num_renewed;
} *client_list;
/* struct to hold a parsed Authorization header */
typedef struct digest_header_struct {
const char *scheme;
const char *realm;
const char *username;
char *nonce;
const char *uri;
const char *digest;
const char *algorithm;
const char *cnonce;
const char *opaque;
unsigned long opaque_num;
const char *message_qop;
const char *nonce_count;
/* the following fields are not (directly) from the header */
enum hdr_sts auth_hdr_sts;
int needed_auth;
/* (mostly) nonce stuff */
typedef union time_union {
} time_rec;
static unsigned char secret[SECRET_LEN];
static int call_cnt = 0;
#ifdef HAVE_SHMEM_MM
/* opaque stuff */
static unsigned long *opaque_cntr;
static MM *otn_count_mm;
#define NUM_BUCKETS 15UL
#else /* HAVE_SHMEM_MM */
#endif /* HAVE_SHMEM_MM */
/*
* initialization code
*/
#ifdef HAVE_SHMEM_MM
static void cleanup_tables(void *not_used)
{
if (client_mm) {
}
if (opaque_mm) {
}
if (otn_count_mm) {
otn_count_mm = NULL;
}
}
#endif /* HAVE_SHMEM_MM */
static void initialize_secret(server_rec *s)
{
#ifdef DEV_RANDOM
#else
extern int randbyte(void); /* from the truerand library */
unsigned int idx;
#endif
"Digest: generating secret for digest authentication ...");
#ifdef DEV_RANDOM
#define XSTR(x) #x
}
}
}
}
#else /* use truerand */
/* this will increase the startup time of the server, unfortunately...
* (generating 20 bytes takes about 8 seconds)
*/
#endif /* DEV_RANDOM */
}
#ifdef HAVE_SHMEM_MM
static void initialize_tables(server_rec *s)
{
unsigned long idx;
/* set up client list */
goto failed;
#ifdef MPE
if (geteuid() == 1) {
#else
if (geteuid() == 0) {
#endif
goto failed;
}
sizeof(client_entry*)*NUM_BUCKETS);
if (!client_list) goto failed;
client_list->num_entries = 0;
/* setup opaque */
goto failed;
#ifdef MPE
if (geteuid() == 1) {
#else
if (geteuid() == 0) {
#endif
goto failed;
}
if (opaque_cntr == NULL)
goto failed;
*opaque_cntr = 1UL;
/* setup one-time-nonce counter */
if (otn_count_mm == NULL)
goto failed;
#ifdef MPE
if (geteuid() == 1) {
#else
if (geteuid() == 0) {
#endif
goto failed;
}
if (otn_counter == NULL)
goto failed;
*otn_counter = 0;
/* success */
return;
|| (opaque_cntr && !otn_count_mm))
"Digest: failed to create shared memory segments; reason "
"was `%s' - all nonce-count checking, one-time nonces, "
"and MD5-sess algorithm disabled", mm_error());
else
"Digest: failed to allocate shared mem; reason was `%s' "
"- all nonce-count checking, one-time nonces, and "
"MD5-sess algorithm disabled", mm_error());
}
#endif /* HAVE_SHMEM_MM */
{
/* keep from doing the init more than once at startup, and delay
* the init until the second round
*/
if (++call_cnt < 2)
return;
/* only initialize the secret on startup, not on restarts */
if (call_cnt == 2)
#ifdef HAVE_SHMEM_MM
/* Note: this stuff is currently fixed for the lifetime of the server,
* i.e. even across restarts. This means that A) any shmem-size
* configuration changes are ignored, and B) certain optimizations,
* such as only allocating the smallest necessary entry for each
* client, can't be done. However, the alternative is a nightmare:
* we can't call mm_destroy on a graceful restart because there will
* be children using the tables, and we also don't know when the
* last child dies. Therefore we can never clean up the old stuff,
* creating a creeping memory leak.
*/
/* atexit(cleanup_tables); */
#endif /* HAVE_SHMEM_MM */
}
/*
* configuration code
*/
{
if (conf) {
}
return conf;
}
{
/* The core already handles the realm, but it's just too convenient to
* grab it ourselves too and cache some setups. However, we need to
* let the core get at it too, which is why we decline at the end -
* this relies on the fact that http_core is last in the list.
*/
/* we precompute the part of the nonce hash that is constant (well,
* the host:port would be too, but that varies for .htaccess files
* and directives outside a virtual host section)
*/
return DECLINE_CMD;
}
const char *file)
{
return NULL;
}
const char *file)
{
return NULL;
}
{
const char **tmp;
int cnt;
}
return NULL;
}
"Digest: WARNING: qop `auth-int' currently only works "
"correctly for responses with no entity");
;
return NULL;
}
const char *t)
{
char *endptr;
long lifetime;
return NULL;
}
const char *fmt)
{
return "AuthDigestNonceFormat is not implemented (yet)";
}
{
return NULL;
}
{
#ifdef HAVE_SHMEM_MM
;
#else /* HAVE_SHMEM_MM */
"Digest: WARNING: algorithm `MD5-sess' is currently not "
"correctly implemented");
#endif /* HAVE_SHMEM_MM */
return NULL;
}
{
if (c->uri_list) {
}
else
return NULL;
}
static const command_rec digest_cmds[] =
{
"The authentication realm (e.g. \"Members Only\")"},
"The name of the file containing the usernames and password hashes"},
"The name of the file containing the group names and members"},
"A list of quality-of-protection options"},
"Maximum lifetime of the server nonce (seconds)"},
"The format to use when generating the server nonce"},
"Whether or not to check the nonce-count sent by the client"},
"The algorithm used for the hash calculation"},
"A list of URI's which belong to the same protection space as the current URI"},
{NULL}
};
#ifdef HAVE_SHMEM_MM
/*
* client list code
*
* Each client is assigned a number, which is transfered in the opaque
* field of the WWW-Authenticate and Authorization headers. The number
* is just a simple counter which is incremented for each new client.
* Clients can't forge this number because it is hashed up into the
* server nonce, and that is checked.
*
* The clients are kept in a simple hash table, which consists of an
* array of client_entry's, each with a linked list of entries hanging
* off it. The client's number modulo the size of the array gives the
* bucket number.
*
* The clients are garbage collected whenever a new client is allocated
* but there is not enough space left in the shared memory segment. A
* simple semi-LRU is used for this: whenever a client entry is accessed
* it is moved to the beginning of the linked list in its bucket (this
* also makes for faster lookups for current clients). The garbage
* collecter then just removes the oldest entry (i.e. the one at the
* end of the list) in each bucket.
*
* The main advantages of the above scheme are that it's easy to implement
* and it keeps the hash table evenly balanced (i.e. same number of entries
* in each bucket). The major disadvantage is that you may be throwing
* entries out which are in active use. This is not tragic, as these
* clients will just be sent a new client id (opaque field) and nonce
* with a stale=true (i.e. it will just look like the nonce expired,
* thereby forcing an extra round trip). If the shared memory segment
* has enough headroom over the current client set size then this should
* not occur too often.
*
* To help tune the size of the shared memory segment (and see if the
* above algorithm is really sufficient) a set of counters is kept
* indicating the number of clients held, the number of garbage collected
* clients, and the number of erroneously purged clients. These are printed
* out at each garbage collection run. Note that access to the counters is
* not synchronized because they are just indicaters, and whether they are
* off by a few doesn't matter; and for the same reason no attempt is made
* to guarantee the num_renewed is correct in the face of clients spoofing
* the opaque field.
*/
/*
* Get the client given its client number (the key). Returns the entry,
* or NULL if its not found.
*
* Access to the list itself is synchronized via locks. However, access
* to the entry returned by get_client() is NOT synchronized. This means
* that there are potentially problems if a client uses multiple,
* simultaneous connections to access url's within the same protection
* space. However, these problems are not new: when using multiple
* connections you have no guarantee of the order the requests are
* processed anyway, so you have problems with the nonce-count and
* one-time nonces anyway.
*/
{
int bucket;
}
}
if (entry)
"get_client(): client %lu found", key);
else
"get_client(): client %lu not found", key);
return entry;
}
/* A simple garbage-collecter to remove unused clients. It removes the
* last entry in each bucket and updates the counters. Returns the
* number of removed entries.
*/
static long gc(void)
{
unsigned long num_removed = 0, idx;
/* garbage collect all last entries */
}
if (entry) { /* remove entry */
num_removed++;
}
}
/* update counters and log */
return num_removed;
}
/*
* Add a new client to the list. Returns the entry if successful, NULL
* otherwise. This triggers the garbage collection is memory is low.
*/
server_rec *s)
{
int bucket;
/* try to allocate a new entry */
if (!entry) {
long num_removed = gc();
"Digest: gc'd %ld client entries. Total new clients: "
"%ld; Total removed clients: %ld; Total renewed clients: "
"%ld", num_removed,
}
/* now add the entry */
"allocated new client %lu", key);
return entry;
}
#else /* HAVE_SHMEM_MM */
{
return NULL;
}
#endif /* HAVE_SHMEM_MM */
/*
* Authorization header parser code
*/
/* Parse the Authorization header, if it exists */
{
r->proxyreq ? "Proxy-Authorization"
: "Authorization");
size_t l;
if (!auth_line) {
return !OK;
}
return !OK;
}
while (auth_line[0] != '\0') {
/* find key */
vk = 0;
/* find value */
if (auth_line[0] == '=') {
auth_line++;
vv = 0;
auth_line++;
auth_line++; /* escaped char */
}
}
else { /* token */
&& !ap_isspace(auth_line[0]))
}
}
}
return !OK;
}
return OK;
}
/* Because the browser may preemptively send auth info, incrementing the
* nonce-count when it does, and because the client does not get notified
* if the URI didn't need authentication after all, we need to be sure to
* update the nonce-count each time we receive an Authorization header no
* matter what the final outcome of the request. Furthermore this is a
* convenient place to get the request-uri (before any subrequests etc
* are initiated) and to initialize the request_config.
*
* Note that this must be called after mod_proxy had its go so that
* r->proxyreq is set correctly.
*/
static int update_nonce_count(request_rec *r)
{
int res;
if (!ap_is_initial_req(r))
return DECLINED;
resp->needed_auth = 0;
return DECLINED;
}
/*
* Nonce generation code
*/
/* The hash part of the nonce is a SHA-1 hash of the time, realm, opaque,
* and our secret.
*/
const server_rec *server,
const digest_config_rec *conf)
{
const char *hex = "0123456789abcdef";
unsigned char sha1[SHA_DIGESTSIZE];
int idx;
if (opaque)
}
*hash++ = '\0';
}
/* The nonce has the format b64(time)+hash .
*/
const server_rec *server,
const digest_config_rec *conf)
{
time_rec t;
if (conf->nonce_lifetime != 0)
else
#ifdef HAVE_SHMEM_MM
/* this counter is not synch'd, because it doesn't really matter
* if it counts exactly.
*/
t.time = (*otn_counter)++;
#else /* HAVE_SHMEM_MM */
t.time = 42;
#endif /* HAVE_SHMEM_MM */
return nonce;
}
/*
* Opaque and hash-table management
*/
#ifdef HAVE_SHMEM_MM
/*
* Generate a new client entry, add it to the list, and return the
* entry. Returns NULL if failed.
*/
{
unsigned long op;
if (!opaque_mm) return 0;
op = (*opaque_cntr)++;
"Digest: failed to allocate client entry - ignoring "
"client");
return NULL;
}
return entry;
}
#else /* HAVE_SHMEM_MM */
#endif /* HAVE_SHMEM_MM */
/*
* MD5-sess code.
*
* If you want to use algorithm=MD5-sess you must write get_userpw_hash()
* yourself (see below). The dummy provided here just returns the hash
* from the auth-file, i.e. it is only useful for testing client
* implementations of MD5-sess .
*/
/*
* get_userpw_hash() will be called each time a new session needs to be
* generated and is expected to return the equivalent of
*
* ap_md5(r->pool,
* ap_pstrcat(r->pool, username, ":", ap_auth_name(r), ":", passwd))
*
* You must implement this yourself, and will probably consist of code
* contacting the password server and retrieving the hash from it.
*
* TBD: This function should probably be in a seperate source file so that
* people need not modify mod_auth_digest.c each time they install a new version
* of apache.
*/
static const char *get_userpw_hash(const request_rec *r,
const digest_header_rec *resp,
const digest_config_rec *conf)
{
/* for now, just get it from pwfile */
}
static const char *get_session(const request_rec *r,
const digest_config_rec *conf)
{
/* get ha1 from client list */
/* generate new session if necessary */
}
return ha1;
}
{
}
/*
* Authorization challenge generation code (for WWW-Authenticate)
*/
const char *dir)
{
const char *u, *f;
/* Because of things like mod_alias and mod_rewrite and the fact that
* protection is often on a directory basis (not a location basis) it
* is hard to determine the uri to put in the domain attribute.
*
* What we do is the following: first we see if the directory is
* a prefix for the uri - if this is the case we assume that therefore
* a <Location> directive was protecting this uri and we can use it
* for the domain.
*/
return dir;
/* Now we check for <Files ...>, and if we find one we send back a
* dummy uri - this is the only way to specify that the protection
* space only covers a single uri.
*/
if (dir[0] != '/')
/* This doesn't work for Amaya (ok, it's of arguable validity in
* the first place), so just return the file name instead
return "http://0.0.0.0/";
*/
return dir;
/* Next we find the largest common common suffix of the request-uri
* and the final file name, ignoring any extensions; this gives us a
* hint as to where any rewriting could've occured (assuming that some
* prefix of the uri is rewritten, not a suffix).
*/
while (u > uri && *u != '/') u--;
while (*u && *u != '.') u++;
if (*u == '.') u--;
if (*u == '/') u--;
while (f > filename && *f != '/') f--;
while (*f && *f != '.') f++;
if (*f == '.') f--;
if (*f == '/') f--;
f++; u++;
while (*f && *f != '/') f++, u++; /* suffix must start with / */
/* Now, if the directory reaches into this common suffix then we can
* take the uri with the same reach.
*/
return tmp;
}
return ""; /* give up */
}
{
if (num != 0)
else
return "";
}
static void note_digest_auth_failure(request_rec *r,
const digest_config_rec *conf,
{
int cnt;
/* Setup qop */
qop = ", qop=\"auth\"";
qop = "";
else {
}
/* MD5-sess stuff */
/* Setup opaque */
/* new client */
else
}
/* client info was gc'd */
stale = 1;
}
else
}
else {
/* we're generating a new nonce, so reset the nonce-count */
}
if (opaque[0])
else
opaque_param = NULL;
/* Setup nonce */
/* setup domain attribute. We want to send this attribute wherever
* possible so that the client won't send the Authorization header
* unneccessarily (it's usually > 200 bytes!).
*/
else {
/* They didn't specify any domain, so let's guess at it */
else
}
"algorithm=%s%s%s%s%s",
}
/*
* Authorization header verification code
*/
const char *realm, const char *auth_pwfile)
{
configfile_t *f;
char l[MAX_STRING_LEN];
const char *rpw;
char *w, *x;
"Digest: Could not open password file: %s", auth_pwfile);
return NULL;
}
while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) {
if ((l[0] == '#') || (!l[0]))
continue;
rpw = l;
ap_cfg_closefile(f);
}
}
ap_cfg_closefile(f);
return NULL;
}
const digest_config_rec *conf)
{
unsigned long nc;
char *endptr;
"Digest: invalid nc %s received - not a number", snc);
return !OK;
}
return !OK;
"nonce-count check failed: %lu != %lu", nc,
return !OK;
}
}
return OK;
}
const digest_config_rec *conf)
{
double dt;
"Digest: invalid nonce %s received - length is not %d",
return AUTH_REQUIRED;
}
"Digest: invalid nonce %s received - hash is not %s",
return AUTH_REQUIRED;
}
"Digest: invalid nonce %s received - user attempted "
return AUTH_REQUIRED;
}
if (conf->nonce_lifetime > 0) {
"Digest: user %s: nonce expired - sending new nonce",
r->connection->user);
return AUTH_REQUIRED;
}
}
"Digest: user %s: one-time-nonce mismatch - sending "
return AUTH_REQUIRED;
}
}
/* else (lifetime < 0) => never expires */
return OK;
}
/* The actual MD5 code... whee */
static const char *old_digest(const request_rec *r,
{
const char *ha2;
/* rfc-2069 */
}
static const char *new_digest(const request_rec *r,
const digest_config_rec *conf)
{
/* draft-ietf-http-authentication-03 */
else
else
NULL));
}
/* These functions return 0 if client is OK, and proper error status
* if not... either AUTH_REQUIRED, if we made a check, and it failed, or
* SERVER_ERROR, if things are so totally confused that we couldn't
* figure out how to tell if the client is authorized or not.
*
* If they return DECLINED, and all other modules also decline, that's
* treated by the server core as a configuration error, logged and
* reported as such.
*/
/* Determine user ID, and check if the attributes are correct, if it
* really is that user, if the nonce is correct, etc.
*/
static int authenticate_digest_user(request_rec *r)
{
const char *t;
int res;
/* do we require Digest auth for this URI? */
return DECLINED;
if (!ap_auth_name(r)) {
"Digest: need AuthName: %s", r->uri);
return SERVER_ERROR;
}
/* get the client response and mark */
mainreq = r;
/* get our conf */
/* check for existence and syntax of Auth header */
"Digest: client used wrong authentication scheme "
"Digest: missing user, realm, nonce, uri, or digest "
"in authorization header: %s", r->uri);
/* else (resp->auth_hdr_sts == NO_HEADER) */
return AUTH_REQUIRED;
}
/* check the auth attributes */
) {
"Digest: uri mismatch - <%s> does not match "
return BAD_REQUEST;
}
}
"Digest: received invalid opaque - got `%s'",
return AUTH_REQUIRED;
}
"Digest: realm mismatch - got `%s' but expected `%s'",
return AUTH_REQUIRED;
}
"Digest: unknown algorithm `%s' received: %s",
return AUTH_REQUIRED;
}
return DECLINED;
"Digest: user `%s' in realm `%s' not found: %s",
return AUTH_REQUIRED;
}
/* old (rfc-2069) style digest */
r->uri);
return AUTH_REQUIRED;
}
}
else {
match = 1;
break;
}
}
if (!match
"Digest: invalid qop `%s' received: %s",
return AUTH_REQUIRED;
}
r->uri);
return AUTH_REQUIRED;
}
}
return AUTH_REQUIRED;
}
/* Note: this check is done last so that a "stale=true" can be
generated if the nonce is old */
return res;
return OK;
}
/*
* Checking ID
*/
const char *grpfile)
{
configfile_t *f;
char l[MAX_STRING_LEN];
const char *group_name, *ll, *w;
"Digest: Could not open group file: %s", grpfile);
return NULL;
}
while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) {
if ((l[0] == '#') || (!l[0]))
continue;
ll = l;
while (ll[0]) {
break;
}
}
}
ap_cfg_closefile(f);
return grps;
}
static int digest_check_auth(request_rec *r)
{
const digest_config_rec *conf =
int m = r->method_number;
int method_restricted = 0;
register int x;
const char *t, *w;
const array_header *reqs_arr;
return DECLINED;
reqs_arr = ap_requires(r);
/* If there is no "requires" directive, then any user will do.
*/
if (!reqs_arr)
return OK;
else
continue;
method_restricted = 1;
t = reqs[x].requirement;
w = ap_getword_white(r->pool, &t);
if (!strcasecmp(w, "valid-user"))
return OK;
else if (!strcasecmp(w, "user")) {
while (t[0]) {
w = ap_getword_conf(r->pool, &t);
return OK;
}
}
else if (!strcasecmp(w, "group")) {
if (!grpstatus)
return DECLINED;
while (t[0]) {
w = ap_getword_conf(r->pool, &t);
if (ap_table_get(grpstatus, w))
return OK;
}
}
else {
"Digest: access to %s failed, reason: unknown require "
return DECLINED;
}
}
if (!method_restricted)
return OK;
"Digest: access to %s failed, reason: user %s not allowed access",
0);
return AUTH_REQUIRED;
}
/*
* Authorization-Info header code
*/
#ifdef SEND_DIGEST
{
if (val)
return val;
else
return "";
}
#endif
static int add_auth_info(request_rec *r)
{
const digest_config_rec *conf =
return OK;
/* rfc-2069 digest
*/
/* old client, so calc rfc-2069 digest */
#ifdef SEND_DIGEST
/* most of this totally bogus because the handlers don't set the
* headers until the final handler phase (I wonder why this phase
* is called fixup when there's almost nothing you can fix up...)
*
* Because it's basically impossible to get this right (e.g. the
* Content-length is never set yet when we get here, and we can't
* calc the entity hash) it's best to just leave this #def'd out.
*/
char *entity_info =
(unsigned char *) ap_pstrcat(r->pool,
NULL));
digest =
r->method, ":",
entity_info, ":",
NULL));
#endif
}
/* setup nextnonce
*/
if (conf->nonce_lifetime > 0) {
/* send nextnonce if current nonce will expire in less than 30 secs */
"\"", NULL);
}
}
conf);
}
/* else nonce never expires, hence no nextnonce */
/* do rfc-2069 digest
*/
/* use only RFC-2069 format */
if (digest)
else
}
else {
/* calculate rspauth attribute
*/
else
else
resp->message_qop ?
/* assemble Authentication-Info header
*/
"",
NULL);
}
r->proxyreq ? "Proxy-Authentication-Info" :
"Authentication-Info",
ai);
return OK;
}
{
initialize_module, /* initializer */
create_digest_dir_config, /* dir config creater */
NULL, /* dir merger --- default is to override */
NULL, /* server config */
NULL, /* merge server config */
digest_cmds, /* command table */
NULL, /* handlers */
NULL, /* filename translation */
authenticate_digest_user, /* check_user_id */
digest_check_auth, /* check auth */
NULL, /* check access */
NULL, /* type_checker */
add_auth_info, /* fixups */
NULL, /* logger */
NULL, /* header parser */
NULL, /* child_init */
NULL, /* child_exit */
update_nonce_count /* post read-request */
};