mod_auth_digest.c revision 58c74a790988c0c63b08d15f9af6908b36f3efd8
1982fbecb99335961659b9961d47f2425bf142abgryzor/* Licensed to the Apache Software Foundation (ASF) under one or more
1982fbecb99335961659b9961d47f2425bf142abgryzor * contributor license agreements. See the NOTICE file distributed with
1982fbecb99335961659b9961d47f2425bf142abgryzor * this work for additional information regarding copyright ownership.
a99c5d4cc3cab6a62b04d52000dbc22ce1fa2d94coar * The ASF licenses this file to You under the Apache License, Version 2.0
1982fbecb99335961659b9961d47f2425bf142abgryzor * (the "License"); you may not use this file except in compliance with
1982fbecb99335961659b9961d47f2425bf142abgryzor * the License. You may obtain a copy of the License at
1982fbecb99335961659b9961d47f2425bf142abgryzor * Unless required by applicable law or agreed to in writing, software
1982fbecb99335961659b9961d47f2425bf142abgryzor * distributed under the License is distributed on an "AS IS" BASIS,
1982fbecb99335961659b9961d47f2425bf142abgryzor * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1982fbecb99335961659b9961d47f2425bf142abgryzor * See the License for the specific language governing permissions and
1982fbecb99335961659b9961d47f2425bf142abgryzor * limitations under the License.
1982fbecb99335961659b9961d47f2425bf142abgryzor * mod_auth_digest: MD5 digest authentication
1982fbecb99335961659b9961d47f2425bf142abgryzor * Originally by Alexei Kosut <akosut@nueva.pvt.k12.ca.us>
1982fbecb99335961659b9961d47f2425bf142abgryzor * Updated to RFC-2617 by Ronald Tschal�r <ronald@innovation.ch>
1982fbecb99335961659b9961d47f2425bf142abgryzor * based on mod_auth, by Rob McCool and Robert S. Thau
1982fbecb99335961659b9961d47f2425bf142abgryzor * This module an updated version of modules/standard/mod_digest.c
1982fbecb99335961659b9961d47f2425bf142abgryzor * It is still fairly new and problems may turn up - submit problem
1982fbecb99335961659b9961d47f2425bf142abgryzor * reports to the Apache bug-database, or send them directly to me
1982fbecb99335961659b9961d47f2425bf142abgryzor * at ronald@innovation.ch.
1982fbecb99335961659b9961d47f2425bf142abgryzor * Open Issues:
1982fbecb99335961659b9961d47f2425bf142abgryzor * - qop=auth-int (when streams and trailer support available)
1982fbecb99335961659b9961d47f2425bf142abgryzor * - nonce-format configurability
1982fbecb99335961659b9961d47f2425bf142abgryzor * - Proxy-Authorization-Info header is set by this module, but is
1982fbecb99335961659b9961d47f2425bf142abgryzor * currently ignored by mod_proxy (needs patch to mod_proxy)
1982fbecb99335961659b9961d47f2425bf142abgryzor * - The source of the secret should be run-time directive (with server
1982fbecb99335961659b9961d47f2425bf142abgryzor * scope: RSRC_CONF)
1982fbecb99335961659b9961d47f2425bf142abgryzor * - shared-mem not completely tested yet. Seems to work ok for me,
1982fbecb99335961659b9961d47f2425bf142abgryzor * but... (definitely won't work on Windoze)
1ef910e5e65cfbfc2455c230d8ddd6453a31a427lgentis * - Sharing a realm among multiple servers has following problems:
1ef910e5e65cfbfc2455c230d8ddd6453a31a427lgentis * o Server name and port can't be included in nonce-hash
1982fbecb99335961659b9961d47f2425bf142abgryzor * (we need two nonce formats, which must be configured explicitly)
1982fbecb99335961659b9961d47f2425bf142abgryzor * o Nonce-count check can't be for equal, or then nonce-count checking
1982fbecb99335961659b9961d47f2425bf142abgryzor * must be disabled. What we could do is the following:
1982fbecb99335961659b9961d47f2425bf142abgryzor * (expected < received) ? set expected = received : issue error
1982fbecb99335961659b9961d47f2425bf142abgryzor * The only problem is that it allows replay attacks when somebody
1982fbecb99335961659b9961d47f2425bf142abgryzor * captures a packet sent to one server and sends it to another
1982fbecb99335961659b9961d47f2425bf142abgryzor * one. Should we add "AuthDigestNcCheck Strict"?
1982fbecb99335961659b9961d47f2425bf142abgryzor * - expired nonces give amaya fits.
1982fbecb99335961659b9961d47f2425bf142abgryzor * - MD5-sess and auth-int are not yet implemented. An incomplete
1982fbecb99335961659b9961d47f2425bf142abgryzor * implementation has been removed and can be retrieved from svn history.
1982fbecb99335961659b9961d47f2425bf142abgryzor/* struct to hold the configuration info */
1982fbecb99335961659b9961d47f2425bf142abgryzortypedef struct digest_config_struct {
1982fbecb99335961659b9961d47f2425bf142abgryzor const char *dir_name;
1ef910e5e65cfbfc2455c230d8ddd6453a31a427lgentis const char *realm;
1ef910e5e65cfbfc2455c230d8ddd6453a31a427lgentis const char *algorithm;
1982fbecb99335961659b9961d47f2425bf142abgryzor const char *ha1;
1982fbecb99335961659b9961d47f2425bf142abgryzor#define NONCE_LEN (int )(NONCE_TIME_LEN + NONCE_HASH_LEN)
1982fbecb99335961659b9961d47f2425bf142abgryzor/* client list definitions */
1982fbecb99335961659b9961d47f2425bf142abgryzortypedef struct hash_entry {
1982fbecb99335961659b9961d47f2425bf142abgryzor struct hash_entry *next; /* next entry in the bucket */
1982fbecb99335961659b9961d47f2425bf142abgryzor unsigned long nonce_count; /* for nonce-count checking */
1982fbecb99335961659b9961d47f2425bf142abgryzor char last_nonce[NONCE_LEN+1]; /* for one-time nonce's */
1982fbecb99335961659b9961d47f2425bf142abgryzorstatic struct hash_table {
1982fbecb99335961659b9961d47f2425bf142abgryzor unsigned long tbl_len;
1982fbecb99335961659b9961d47f2425bf142abgryzor unsigned long num_entries;
1982fbecb99335961659b9961d47f2425bf142abgryzor unsigned long num_created;
1982fbecb99335961659b9961d47f2425bf142abgryzor unsigned long num_removed;
1982fbecb99335961659b9961d47f2425bf142abgryzor unsigned long num_renewed;
1982fbecb99335961659b9961d47f2425bf142abgryzor/* struct to hold a parsed Authorization header */
1982fbecb99335961659b9961d47f2425bf142abgryzorenum hdr_sts { NO_HEADER, NOT_DIGEST, INVALID, VALID };
1982fbecb99335961659b9961d47f2425bf142abgryzortypedef struct digest_header_struct {
1982fbecb99335961659b9961d47f2425bf142abgryzor const char *scheme;
1982fbecb99335961659b9961d47f2425bf142abgryzor const char *realm;
1982fbecb99335961659b9961d47f2425bf142abgryzor const char *username;
1982fbecb99335961659b9961d47f2425bf142abgryzor const char *uri;
1982fbecb99335961659b9961d47f2425bf142abgryzor const char *method;
1982fbecb99335961659b9961d47f2425bf142abgryzor const char *digest;
1982fbecb99335961659b9961d47f2425bf142abgryzor const char *algorithm;
1982fbecb99335961659b9961d47f2425bf142abgryzor const char *cnonce;
1982fbecb99335961659b9961d47f2425bf142abgryzor const char *opaque;
1982fbecb99335961659b9961d47f2425bf142abgryzor unsigned long opaque_num;
1982fbecb99335961659b9961d47f2425bf142abgryzor /* the following fields are not (directly) from the header */
1982fbecb99335961659b9961d47f2425bf142abgryzor/* (mostly) nonce stuff */
1982fbecb99335961659b9961d47f2425bf142abgryzortypedef union time_union {
1982fbecb99335961659b9961d47f2425bf142abgryzorstatic unsigned char *secret;
1982fbecb99335961659b9961d47f2425bf142abgryzor/* client-list, opaque, and one-time-nonce stuff */
1982fbecb99335961659b9961d47f2425bf142abgryzorstatic unsigned long *opaque_cntr;
1982fbecb99335961659b9961d47f2425bf142abgryzorstatic apr_time_t *otn_counter; /* one-time-nonce counter */
1982fbecb99335961659b9961d47f2425bf142abgryzorstatic const char *client_mutex_type = "authdigest-client";
1982fbecb99335961659b9961d47f2425bf142abgryzorstatic const char *opaque_mutex_type = "authdigest-opaque";
1982fbecb99335961659b9961d47f2425bf142abgryzorstatic const char *client_shm_filename;
1982fbecb99335961659b9961d47f2425bf142abgryzor * initialization code
1982fbecb99335961659b9961d47f2425bf142abgryzor ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, APLOGNO(01756)
1982fbecb99335961659b9961d47f2425bf142abgryzor "cleaning up shared memory");
1982fbecb99335961659b9961d47f2425bf142abgryzorstatic void log_error_and_cleanup(char *msg, apr_status_t sts, server_rec *s)
1982fbecb99335961659b9961d47f2425bf142abgryzor ap_log_error(APLOG_MARK, APLOG_ERR, sts, s, APLOGNO(01760)
1982fbecb99335961659b9961d47f2425bf142abgryzor "%s - all nonce-count checking and one-time nonces "
1982fbecb99335961659b9961d47f2425bf142abgryzorstatic int initialize_tables(server_rec *s, apr_pool_t *ctx)
1982fbecb99335961659b9961d47f2425bf142abgryzor unsigned long idx;
1982fbecb99335961659b9961d47f2425bf142abgryzor /* set up client list */
1982fbecb99335961659b9961d47f2425bf142abgryzor /* Create the shared memory segment */
1982fbecb99335961659b9961d47f2425bf142abgryzor * Create a unique filename using our pid. This information is
1982fbecb99335961659b9961d47f2425bf142abgryzor * stashed in the global variable so the children inherit it.
1982fbecb99335961659b9961d47f2425bf142abgryzor client_shm_filename = ap_runtime_dir_relative(ctx, "authdigest_shm");
06e80fa0dffc17ae61bca1715c96e08ea90d53cblgentis client_shm_filename = ap_append_pid(ctx, client_shm_filename, ".");
1982fbecb99335961659b9961d47f2425bf142abgryzor /* Now create that segment */
1982fbecb99335961659b9961d47f2425bf142abgryzor ap_log_error(APLOG_MARK, APLOG_ERR, sts, s, APLOGNO(01762)
1982fbecb99335961659b9961d47f2425bf142abgryzor "Failed to create shared memory segment on file %s",
1982fbecb99335961659b9961d47f2425bf142abgryzor log_error_and_cleanup("failed to initialize shm", sts, s);
1982fbecb99335961659b9961d47f2425bf142abgryzor log_error_and_cleanup("failed to initialize rmm", sts, s);
1982fbecb99335961659b9961d47f2425bf142abgryzor client_list = apr_rmm_addr_get(client_rmm, apr_rmm_malloc(client_rmm, sizeof(*client_list) +
1982fbecb99335961659b9961d47f2425bf142abgryzor log_error_and_cleanup("failed to allocate shared memory", -1, s);
1982fbecb99335961659b9961d47f2425bf142abgryzor client_list->table = (client_entry**) (client_list + 1);
1982fbecb99335961659b9961d47f2425bf142abgryzor sts = ap_global_mutex_create(&client_lock, NULL, client_mutex_type, NULL,
1982fbecb99335961659b9961d47f2425bf142abgryzor log_error_and_cleanup("failed to create lock (client_lock)", sts, s);
1982fbecb99335961659b9961d47f2425bf142abgryzor /* setup opaque */
1982fbecb99335961659b9961d47f2425bf142abgryzor opaque_cntr = apr_rmm_addr_get(client_rmm, apr_rmm_malloc(client_rmm, sizeof(*opaque_cntr)));
1982fbecb99335961659b9961d47f2425bf142abgryzor log_error_and_cleanup("failed to allocate shared memory", -1, s);
06e80fa0dffc17ae61bca1715c96e08ea90d53cblgentis sts = ap_global_mutex_create(&opaque_lock, NULL, opaque_mutex_type, NULL,
06e80fa0dffc17ae61bca1715c96e08ea90d53cblgentis log_error_and_cleanup("failed to create lock (opaque_lock)", sts, s);
1982fbecb99335961659b9961d47f2425bf142abgryzor /* setup one-time-nonce counter */
1982fbecb99335961659b9961d47f2425bf142abgryzor otn_counter = apr_rmm_addr_get(client_rmm, apr_rmm_malloc(client_rmm, sizeof(*otn_counter)));
1982fbecb99335961659b9961d47f2425bf142abgryzor log_error_and_cleanup("failed to allocate shared memory", -1, s);
2f44538c88c5310bebb17a39b171487315a45624lgentis /* no lock here */
2f44538c88c5310bebb17a39b171487315a45624lgentis /* success */
2f44538c88c5310bebb17a39b171487315a45624lgentis#endif /* APR_HAS_SHARED_MEMORY */
1982fbecb99335961659b9961d47f2425bf142abgryzorstatic int pre_init(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp)
1982fbecb99335961659b9961d47f2425bf142abgryzor rv = ap_mutex_register(pconf, client_mutex_type, NULL, APR_LOCK_DEFAULT, 0);
1982fbecb99335961659b9961d47f2425bf142abgryzor rv = ap_mutex_register(pconf, opaque_mutex_type, NULL, APR_LOCK_DEFAULT, 0);
00ce3c4e13e755c33b63f45c5d3ae69eccd977b1lgentis retained = ap_retained_data_create(RETAINED_DATA_ID, SECRET_LEN);
00ce3c4e13e755c33b63f45c5d3ae69eccd977b1lgentis ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL, APLOGNO(01757)
00ce3c4e13e755c33b63f45c5d3ae69eccd977b1lgentis "generating secret for digest authentication");
00ce3c4e13e755c33b63f45c5d3ae69eccd977b1lgentis rv = apr_generate_random_bytes(retained, SECRET_LEN);
1982fbecb99335961659b9961d47f2425bf142abgryzor ap_log_error(APLOG_MARK, APLOG_CRIT, rv, NULL, APLOGNO(01758)
1982fbecb99335961659b9961d47f2425bf142abgryzor "error generating secret");
1982fbecb99335961659b9961d47f2425bf142abgryzorstatic int initialize_module(apr_pool_t *p, apr_pool_t *plog,
1982fbecb99335961659b9961d47f2425bf142abgryzor /* initialize_module() will be called twice, and if it's a DSO
1982fbecb99335961659b9961d47f2425bf142abgryzor * then all static data from the first call will be lost. Only
1982fbecb99335961659b9961d47f2425bf142abgryzor * set up our static data on the second call. */
1982fbecb99335961659b9961d47f2425bf142abgryzor if (ap_state_query(AP_SQ_MAIN_STATE) == AP_SQ_MS_CREATE_PRE_CONFIG)
fb25b82560b7fcaffa006cb4738d86acc561b6f4lgentis /* Note: this stuff is currently fixed for the lifetime of the server,
fb25b82560b7fcaffa006cb4738d86acc561b6f4lgentis * i.e. even across restarts. This means that A) any shmem-size
1982fbecb99335961659b9961d47f2425bf142abgryzor * configuration changes are ignored, and B) certain optimizations,
1982fbecb99335961659b9961d47f2425bf142abgryzor * such as only allocating the smallest necessary entry for each
1982fbecb99335961659b9961d47f2425bf142abgryzor * client, can't be done. However, the alternative is a nightmare:
1982fbecb99335961659b9961d47f2425bf142abgryzor * we can't call apr_shm_destroy on a graceful restart because there
1982fbecb99335961659b9961d47f2425bf142abgryzor * will be children using the tables, and we also don't know when the
1982fbecb99335961659b9961d47f2425bf142abgryzor * last child dies. Therefore we can never clean up the old stuff,
1982fbecb99335961659b9961d47f2425bf142abgryzor * creating a creeping memory leak.
fb25b82560b7fcaffa006cb4738d86acc561b6f4lgentis /* Call cleanup_tables on exit or restart */
fb25b82560b7fcaffa006cb4738d86acc561b6f4lgentis apr_pool_cleanup_register(p, NULL, cleanup_tables, apr_pool_cleanup_null);
fb25b82560b7fcaffa006cb4738d86acc561b6f4lgentis#endif /* APR_HAS_SHARED_MEMORY */
06e80fa0dffc17ae61bca1715c96e08ea90d53cblgentisstatic void initialize_child(apr_pool_t *p, server_rec *s)
1982fbecb99335961659b9961d47f2425bf142abgryzor /* Get access to rmm in child */
1982fbecb99335961659b9961d47f2425bf142abgryzor log_error_and_cleanup("failed to attach to rmm", sts, s);
1982fbecb99335961659b9961d47f2425bf142abgryzor log_error_and_cleanup("failed to create lock (client_lock)", sts, s);
1982fbecb99335961659b9961d47f2425bf142abgryzor log_error_and_cleanup("failed to create lock (opaque_lock)", sts, s);
06e80fa0dffc17ae61bca1715c96e08ea90d53cblgentis * configuration code
1982fbecb99335961659b9961d47f2425bf142abgryzorstatic void *create_digest_dir_config(apr_pool_t *p, char *dir)
1982fbecb99335961659b9961d47f2425bf142abgryzor conf = (digest_config_rec *) apr_pcalloc(p, sizeof(digest_config_rec));
1982fbecb99335961659b9961d47f2425bf142abgryzor conf->qop_list = apr_array_make(p, 2, sizeof(char *));
fb25b82560b7fcaffa006cb4738d86acc561b6f4lgentisstatic const char *set_realm(cmd_parms *cmd, void *config, const char *realm)
fb25b82560b7fcaffa006cb4738d86acc561b6f4lgentis digest_config_rec *conf = (digest_config_rec *) config;
1982fbecb99335961659b9961d47f2425bf142abgryzor /* check that we got random numbers */
1982fbecb99335961659b9961d47f2425bf142abgryzor for (i = 0; i < SECRET_LEN; i++) {
1982fbecb99335961659b9961d47f2425bf142abgryzor if (secret[i] != 0)
1982fbecb99335961659b9961d47f2425bf142abgryzor /* The core already handles the realm, but it's just too convenient to
1982fbecb99335961659b9961d47f2425bf142abgryzor * grab it ourselves too and cache some setups. However, we need to
1982fbecb99335961659b9961d47f2425bf142abgryzor * let the core get at it too, which is why we decline at the end -
1982fbecb99335961659b9961d47f2425bf142abgryzor * this relies on the fact that http_core is last in the list.
1982fbecb99335961659b9961d47f2425bf142abgryzor /* we precompute the part of the nonce hash that is constant (well,
1982fbecb99335961659b9961d47f2425bf142abgryzor * the host:port would be too, but that varies for .htaccess files
1982fbecb99335961659b9961d47f2425bf142abgryzor * and directives outside a virtual host section)
1982fbecb99335961659b9961d47f2425bf142abgryzor apr_sha1_update_binary(&conf->nonce_ctx, secret, SECRET_LEN);
1982fbecb99335961659b9961d47f2425bf142abgryzor apr_sha1_update_binary(&conf->nonce_ctx, (const unsigned char *) realm,
1982fbecb99335961659b9961d47f2425bf142abgryzorstatic const char *add_authn_provider(cmd_parms *cmd, void *config,
06e80fa0dffc17ae61bca1715c96e08ea90d53cblgentis const char *arg)
06e80fa0dffc17ae61bca1715c96e08ea90d53cblgentis digest_config_rec *conf = (digest_config_rec*)config;
1982fbecb99335961659b9961d47f2425bf142abgryzor newp = apr_pcalloc(cmd->pool, sizeof(authn_provider_list));
1982fbecb99335961659b9961d47f2425bf142abgryzor /* lookup and cache the actual provider now */
1982fbecb99335961659b9961d47f2425bf142abgryzor newp->provider = ap_lookup_provider(AUTHN_PROVIDER_GROUP,
1982fbecb99335961659b9961d47f2425bf142abgryzor /* by the time they use it, the provider should be loaded and
1982fbecb99335961659b9961d47f2425bf142abgryzor registered with us. */
1982fbecb99335961659b9961d47f2425bf142abgryzor "Unknown Authn provider: %s",
1982fbecb99335961659b9961d47f2425bf142abgryzor /* if it doesn't provide the appropriate function, reject it */
1982fbecb99335961659b9961d47f2425bf142abgryzor "The '%s' Authn provider doesn't support "
1982fbecb99335961659b9961d47f2425bf142abgryzor /* Add it to the list now. */
1982fbecb99335961659b9961d47f2425bf142abgryzorstatic const char *set_qop(cmd_parms *cmd, void *config, const char *op)
06e80fa0dffc17ae61bca1715c96e08ea90d53cblgentis digest_config_rec *conf = (digest_config_rec *) config;
1982fbecb99335961659b9961d47f2425bf142abgryzor *(const char **)apr_array_push(conf->qop_list) = "none";
1982fbecb99335961659b9961d47f2425bf142abgryzor return "AuthDigestQop auth-int is not implemented";
1982fbecb99335961659b9961d47f2425bf142abgryzor return apr_pstrcat(cmd->pool, "Unrecognized qop: ", op, NULL);
1982fbecb99335961659b9961d47f2425bf142abgryzorstatic const char *set_nonce_lifetime(cmd_parms *cmd, void *config,
1982fbecb99335961659b9961d47f2425bf142abgryzor const char *t)
1982fbecb99335961659b9961d47f2425bf142abgryzor if (endptr < (t+strlen(t)) && !apr_isspace(*endptr)) {
1982fbecb99335961659b9961d47f2425bf142abgryzor "Invalid time in AuthDigestNonceLifetime: ",
fb25b82560b7fcaffa006cb4738d86acc561b6f4lgentis ((digest_config_rec *) config)->nonce_lifetime = apr_time_from_sec(lifetime);
1982fbecb99335961659b9961d47f2425bf142abgryzorstatic const char *set_nonce_format(cmd_parms *cmd, void *config,
1982fbecb99335961659b9961d47f2425bf142abgryzor const char *fmt)
1982fbecb99335961659b9961d47f2425bf142abgryzor return "AuthDigestNonceFormat is not implemented";
1982fbecb99335961659b9961d47f2425bf142abgryzorstatic const char *set_nc_check(cmd_parms *cmd, void *config, int flag)
1982fbecb99335961659b9961d47f2425bf142abgryzor return "AuthDigestNcCheck: ERROR: nonce-count checking "
1982fbecb99335961659b9961d47f2425bf142abgryzor "is not supported on platforms without shared-memory "
00ce3c4e13e755c33b63f45c5d3ae69eccd977b1lgentisstatic const char *set_algorithm(cmd_parms *cmd, void *config, const char *alg)
1ef910e5e65cfbfc2455c230d8ddd6453a31a427lgentis return "AuthDigestAlgorithm: ERROR: algorithm `MD5-sess' "
1982fbecb99335961659b9961d47f2425bf142abgryzor "is not implemented";
db158bb207b0f01432bfc00b3df488226b87532dlgentis return apr_pstrcat(cmd->pool, "Invalid algorithm in AuthDigestAlgorithm: ", alg, NULL);
db158bb207b0f01432bfc00b3df488226b87532dlgentisstatic const char *set_uri_list(cmd_parms *cmd, void *config, const char *uri)
db158bb207b0f01432bfc00b3df488226b87532dlgentis digest_config_rec *c = (digest_config_rec *) config;
db158bb207b0f01432bfc00b3df488226b87532dlgentis c->uri_list = apr_pstrcat(cmd->pool, c->uri_list, " ", uri, "\"", NULL);
db158bb207b0f01432bfc00b3df488226b87532dlgentis c->uri_list = apr_pstrcat(cmd->pool, ", domain=\"", uri, "\"", NULL);
06e80fa0dffc17ae61bca1715c96e08ea90d53cblgentisstatic const char *set_shmem_size(cmd_parms *cmd, void *config,
06e80fa0dffc17ae61bca1715c96e08ea90d53cblgentis const char *size_str)
db158bb207b0f01432bfc00b3df488226b87532dlgentis if (*endptr == '\0' || *endptr == 'b' || *endptr == 'B') {
fb25b82560b7fcaffa006cb4738d86acc561b6f4lgentis return apr_pstrcat(cmd->pool, "Invalid size in AuthDigestShmemSize: ",
1982fbecb99335961659b9961d47f2425bf142abgryzor min = sizeof(*client_list) + sizeof(client_entry*) + sizeof(client_entry);
1982fbecb99335961659b9961d47f2425bf142abgryzor return apr_psprintf(cmd->pool, "size in AuthDigestShmemSize too small: "
1982fbecb99335961659b9961d47f2425bf142abgryzor (sizeof(client_entry*) + HASH_DEPTH * sizeof(client_entry));
020366f830905b6b5dfccfa03373379ae6a13e7blgentis ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, APLOGNO(01763)
020366f830905b6b5dfccfa03373379ae6a13e7blgentis "Set shmem-size: %" APR_SIZE_T_FMT ", num-buckets: %ld",
020366f830905b6b5dfccfa03373379ae6a13e7blgentis AP_INIT_TAKE1("AuthName", set_realm, NULL, OR_AUTHCFG,
020366f830905b6b5dfccfa03373379ae6a13e7blgentis "The authentication realm (e.g. \"Members Only\")"),
020366f830905b6b5dfccfa03373379ae6a13e7blgentis AP_INIT_ITERATE("AuthDigestProvider", add_authn_provider, NULL, OR_AUTHCFG,
09796a508c72a6aba33aa486753bb8cdea806d43lgentis "specify the auth providers for a directory or location"),
1982fbecb99335961659b9961d47f2425bf142abgryzor AP_INIT_ITERATE("AuthDigestQop", set_qop, NULL, OR_AUTHCFG,
1982fbecb99335961659b9961d47f2425bf142abgryzor "A list of quality-of-protection options"),
1982fbecb99335961659b9961d47f2425bf142abgryzor AP_INIT_TAKE1("AuthDigestNonceLifetime", set_nonce_lifetime, NULL, OR_AUTHCFG,
576c49cd335618ad4b5351bd1c5f2cfd7584dba4lgentis "Maximum lifetime of the server nonce (seconds)"),
1982fbecb99335961659b9961d47f2425bf142abgryzor AP_INIT_TAKE1("AuthDigestNonceFormat", set_nonce_format, NULL, OR_AUTHCFG,
1982fbecb99335961659b9961d47f2425bf142abgryzor "The format to use when generating the server nonce"),
1982fbecb99335961659b9961d47f2425bf142abgryzor AP_INIT_FLAG("AuthDigestNcCheck", set_nc_check, NULL, OR_AUTHCFG,
b228078ccfac4cc568b6723f4d1b9a2317d67d5elgentis "Whether or not to check the nonce-count sent by the client"),
b228078ccfac4cc568b6723f4d1b9a2317d67d5elgentis AP_INIT_TAKE1("AuthDigestAlgorithm", set_algorithm, NULL, OR_AUTHCFG,
b228078ccfac4cc568b6723f4d1b9a2317d67d5elgentis "The algorithm used for the hash calculation"),
b228078ccfac4cc568b6723f4d1b9a2317d67d5elgentis AP_INIT_ITERATE("AuthDigestDomain", set_uri_list, NULL, OR_AUTHCFG,
1982fbecb99335961659b9961d47f2425bf142abgryzor "A list of URI's which belong to the same protection space as the current URI"),
06e80fa0dffc17ae61bca1715c96e08ea90d53cblgentis AP_INIT_TAKE1("AuthDigestShmemSize", set_shmem_size, NULL, RSRC_CONF,
1982fbecb99335961659b9961d47f2425bf142abgryzor "The amount of shared memory to allocate for keeping track of clients"),
1ef910e5e65cfbfc2455c230d8ddd6453a31a427lgentis * client list code
1982fbecb99335961659b9961d47f2425bf142abgryzor * Each client is assigned a number, which is transferred in the opaque
1982fbecb99335961659b9961d47f2425bf142abgryzor * field of the WWW-Authenticate and Authorization headers. The number
1982fbecb99335961659b9961d47f2425bf142abgryzor * is just a simple counter which is incremented for each new client.
1982fbecb99335961659b9961d47f2425bf142abgryzor * Clients can't forge this number because it is hashed up into the
1982fbecb99335961659b9961d47f2425bf142abgryzor * server nonce, and that is checked.
1982fbecb99335961659b9961d47f2425bf142abgryzor * The clients are kept in a simple hash table, which consists of an
1982fbecb99335961659b9961d47f2425bf142abgryzor * array of client_entry's, each with a linked list of entries hanging
1982fbecb99335961659b9961d47f2425bf142abgryzor * off it. The client's number modulo the size of the array gives the
1982fbecb99335961659b9961d47f2425bf142abgryzor * bucket number.
1982fbecb99335961659b9961d47f2425bf142abgryzor * The clients are garbage collected whenever a new client is allocated
1982fbecb99335961659b9961d47f2425bf142abgryzor * but there is not enough space left in the shared memory segment. A
1982fbecb99335961659b9961d47f2425bf142abgryzor * simple semi-LRU is used for this: whenever a client entry is accessed
1982fbecb99335961659b9961d47f2425bf142abgryzor * it is moved to the beginning of the linked list in its bucket (this
1982fbecb99335961659b9961d47f2425bf142abgryzor * also makes for faster lookups for current clients). The garbage
1982fbecb99335961659b9961d47f2425bf142abgryzor * collecter then just removes the oldest entry (i.e. the one at the
1982fbecb99335961659b9961d47f2425bf142abgryzor * end of the list) in each bucket.
1982fbecb99335961659b9961d47f2425bf142abgryzor * The main advantages of the above scheme are that it's easy to implement
1982fbecb99335961659b9961d47f2425bf142abgryzor * and it keeps the hash table evenly balanced (i.e. same number of entries
1982fbecb99335961659b9961d47f2425bf142abgryzor * in each bucket). The major disadvantage is that you may be throwing
1982fbecb99335961659b9961d47f2425bf142abgryzor * entries out which are in active use. This is not tragic, as these
1982fbecb99335961659b9961d47f2425bf142abgryzor * clients will just be sent a new client id (opaque field) and nonce
1982fbecb99335961659b9961d47f2425bf142abgryzor * with a stale=true (i.e. it will just look like the nonce expired,
1ef910e5e65cfbfc2455c230d8ddd6453a31a427lgentis * thereby forcing an extra round trip). If the shared memory segment
1982fbecb99335961659b9961d47f2425bf142abgryzor * has enough headroom over the current client set size then this should
1982fbecb99335961659b9961d47f2425bf142abgryzor * not occur too often.
1982fbecb99335961659b9961d47f2425bf142abgryzor * To help tune the size of the shared memory segment (and see if the
1982fbecb99335961659b9961d47f2425bf142abgryzor * above algorithm is really sufficient) a set of counters is kept
1982fbecb99335961659b9961d47f2425bf142abgryzor * indicating the number of clients held, the number of garbage collected
1982fbecb99335961659b9961d47f2425bf142abgryzor * clients, and the number of erroneously purged clients. These are printed
1982fbecb99335961659b9961d47f2425bf142abgryzor * out at each garbage collection run. Note that access to the counters is
1982fbecb99335961659b9961d47f2425bf142abgryzor * not synchronized because they are just indicaters, and whether they are
1982fbecb99335961659b9961d47f2425bf142abgryzor * off by a few doesn't matter; and for the same reason no attempt is made
1982fbecb99335961659b9961d47f2425bf142abgryzor * to guarantee the num_renewed is correct in the face of clients spoofing
1982fbecb99335961659b9961d47f2425bf142abgryzor * the opaque field.
1982fbecb99335961659b9961d47f2425bf142abgryzor * Get the client given its client number (the key). Returns the entry,
1ef910e5e65cfbfc2455c230d8ddd6453a31a427lgentis * or NULL if it's not found.
1bd10e3ff5b2478df23af4caa517b489df38a82clgentis * Access to the list itself is synchronized via locks. However, access
1982fbecb99335961659b9961d47f2425bf142abgryzor * to the entry returned by get_client() is NOT synchronized. This means
1bd10e3ff5b2478df23af4caa517b489df38a82clgentis * that there are potentially problems if a client uses multiple,
1bd10e3ff5b2478df23af4caa517b489df38a82clgentis * simultaneous connections to access url's within the same protection
1bd10e3ff5b2478df23af4caa517b489df38a82clgentis * space. However, these problems are not new: when using multiple
1982fbecb99335961659b9961d47f2425bf142abgryzor * connections you have no guarantee of the order the requests are
1bd10e3ff5b2478df23af4caa517b489df38a82clgentis * processed anyway, so you have problems with the nonce-count and
1982fbecb99335961659b9961d47f2425bf142abgryzor * one-time nonces anyway.
1982fbecb99335961659b9961d47f2425bf142abgryzorstatic client_entry *get_client(unsigned long key, const request_rec *r)
1982fbecb99335961659b9961d47f2425bf142abgryzor if (entry && prev) { /* move entry to front of list */
1982fbecb99335961659b9961d47f2425bf142abgryzor ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01764)
1982fbecb99335961659b9961d47f2425bf142abgryzor ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01765)
1982fbecb99335961659b9961d47f2425bf142abgryzor/* A simple garbage-collecter to remove unused clients. It removes the
1982fbecb99335961659b9961d47f2425bf142abgryzor * last entry in each bucket and updates the counters. Returns the
1982fbecb99335961659b9961d47f2425bf142abgryzor * number of removed entries.
1982fbecb99335961659b9961d47f2425bf142abgryzorstatic long gc(void)
1982fbecb99335961659b9961d47f2425bf142abgryzor /* garbage collect all last entries */
1982fbecb99335961659b9961d47f2425bf142abgryzor apr_rmm_free(client_rmm, apr_rmm_offset_get(client_rmm, entry));
1982fbecb99335961659b9961d47f2425bf142abgryzor /* update counters and log */
1982fbecb99335961659b9961d47f2425bf142abgryzor * Add a new client to the list. Returns the entry if successful, NULL
1982fbecb99335961659b9961d47f2425bf142abgryzor * otherwise. This triggers the garbage collection if memory is low.
576c49cd335618ad4b5351bd1c5f2cfd7584dba4lgentisstatic client_entry *add_client(unsigned long key, client_entry *info,
1ef910e5e65cfbfc2455c230d8ddd6453a31a427lgentis /* try to allocate a new entry */
1982fbecb99335961659b9961d47f2425bf142abgryzor entry = apr_rmm_addr_get(client_rmm, apr_rmm_malloc(client_rmm, sizeof(client_entry)));
1982fbecb99335961659b9961d47f2425bf142abgryzor ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(01766)
1982fbecb99335961659b9961d47f2425bf142abgryzor "gc'd %ld client entries. Total new clients: "
1982fbecb99335961659b9961d47f2425bf142abgryzor "%ld; Total removed clients: %ld; Total renewed clients: "
1982fbecb99335961659b9961d47f2425bf142abgryzor entry = apr_rmm_addr_get(client_rmm, apr_rmm_malloc(client_rmm, sizeof(client_entry)));
1982fbecb99335961659b9961d47f2425bf142abgryzor ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01767)
1982fbecb99335961659b9961d47f2425bf142abgryzor "unable to allocate new auth_digest client");
1982fbecb99335961659b9961d47f2425bf142abgryzor /* now add the entry */
1982fbecb99335961659b9961d47f2425bf142abgryzor ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01768)
b228078ccfac4cc568b6723f4d1b9a2317d67d5elgentis * Authorization header parser code
b228078ccfac4cc568b6723f4d1b9a2317d67d5elgentis/* Parse the Authorization header, if it exists */
1982fbecb99335961659b9961d47f2425bf142abgryzorstatic int get_digest_rec(request_rec *r, digest_header_rec *resp)
1ef910e5e65cfbfc2455c230d8ddd6453a31a427lgentis const char *auth_line;
1982fbecb99335961659b9961d47f2425bf142abgryzor ? "Proxy-Authorization"
1982fbecb99335961659b9961d47f2425bf142abgryzor : "Authorization");
1982fbecb99335961659b9961d47f2425bf142abgryzor resp->scheme = ap_getword_white(r->pool, &auth_line);
1982fbecb99335961659b9961d47f2425bf142abgryzor /* find key */
1982fbecb99335961659b9961d47f2425bf142abgryzor && auth_line[0] != '\0' && !apr_isspace(auth_line[0])) {
1982fbecb99335961659b9961d47f2425bf142abgryzor /* find value */
1982fbecb99335961659b9961d47f2425bf142abgryzor while (auth_line[0] != '\"' && auth_line[0] != '\0') {
020366f830905b6b5dfccfa03373379ae6a13e7blgentis else { /* token */
020366f830905b6b5dfccfa03373379ae6a13e7blgentis while (auth_line[0] != ',' && auth_line[0] != '\0') {
1982fbecb99335961659b9961d47f2425bf142abgryzor if (!resp->username || !resp->realm || !resp->nonce || !resp->uri
1982fbecb99335961659b9961d47f2425bf142abgryzor || (resp->message_qop && (!resp->cnonce || !resp->nonce_count))) {
1982fbecb99335961659b9961d47f2425bf142abgryzor resp->opaque_num = (unsigned long) strtol(resp->opaque, NULL, 16);
1982fbecb99335961659b9961d47f2425bf142abgryzor/* Because the browser may preemptively send auth info, incrementing the
4721c0c3564368123b87ba96db0bde5e3dd44357lgentis * nonce-count when it does, and because the client does not get notified
4721c0c3564368123b87ba96db0bde5e3dd44357lgentis * if the URI didn't need authentication after all, we need to be sure to
1982fbecb99335961659b9961d47f2425bf142abgryzor * update the nonce-count each time we receive an Authorization header no
1982fbecb99335961659b9961d47f2425bf142abgryzor * matter what the final outcome of the request. Furthermore this is a
1982fbecb99335961659b9961d47f2425bf142abgryzor * convenient place to get the request-uri (before any subrequests etc
1982fbecb99335961659b9961d47f2425bf142abgryzor * are initiated) and to initialize the request_config.
1982fbecb99335961659b9961d47f2425bf142abgryzor * Note that this must be called after mod_proxy had its go so that
06e80fa0dffc17ae61bca1715c96e08ea90d53cblgentis * r->proxyreq is set correctly.
06e80fa0dffc17ae61bca1715c96e08ea90d53cblgentis resp = apr_pcalloc(r->pool, sizeof(digest_header_rec));
1982fbecb99335961659b9961d47f2425bf142abgryzor ap_set_module_config(r->request_config, &auth_digest_module, resp);
06e80fa0dffc17ae61bca1715c96e08ea90d53cblgentis * Nonce generation code
1982fbecb99335961659b9961d47f2425bf142abgryzor/* The hash part of the nonce is a SHA-1 hash of the time, realm, server host
1982fbecb99335961659b9961d47f2425bf142abgryzor * and port, opaque, and our secret.
1982fbecb99335961659b9961d47f2425bf142abgryzorstatic void gen_nonce_hash(char *hash, const char *timestr, const char *opaque,
1982fbecb99335961659b9961d47f2425bf142abgryzor apr_sha1_update_binary(&ctx, (const unsigned char *) server->server_hostname,
1982fbecb99335961659b9961d47f2425bf142abgryzor strlen(server->server_hostname));
1982fbecb99335961659b9961d47f2425bf142abgryzor apr_sha1_update_binary(&ctx, (const unsigned char *) &server->port,
1982fbecb99335961659b9961d47f2425bf142abgryzor sizeof(server->port));
1982fbecb99335961659b9961d47f2425bf142abgryzor apr_sha1_update_binary(&ctx, (const unsigned char *) timestr, strlen(timestr));
1982fbecb99335961659b9961d47f2425bf142abgryzor apr_sha1_update_binary(&ctx, (const unsigned char *) opaque,
1982fbecb99335961659b9961d47f2425bf142abgryzor/* The nonce has the format b64(time)+hash .
1982fbecb99335961659b9961d47f2425bf142abgryzorstatic const char *gen_nonce(apr_pool_t *p, apr_time_t now, const char *opaque,
1982fbecb99335961659b9961d47f2425bf142abgryzor /* this counter is not synch'd, because it doesn't really matter
1982fbecb99335961659b9961d47f2425bf142abgryzor * if it counts exactly.
fb25b82560b7fcaffa006cb4738d86acc561b6f4lgentis /* XXX: WHAT IS THIS CONSTANT? */
fb25b82560b7fcaffa006cb4738d86acc561b6f4lgentis apr_base64_encode_binary(nonce, t.arr, sizeof(t.arr));
fb25b82560b7fcaffa006cb4738d86acc561b6f4lgentis gen_nonce_hash(nonce+NONCE_TIME_LEN, nonce, opaque, server, conf);
1982fbecb99335961659b9961d47f2425bf142abgryzor * Opaque and hash-table management
1982fbecb99335961659b9961d47f2425bf142abgryzor * Generate a new client entry, add it to the list, and return the
1982fbecb99335961659b9961d47f2425bf142abgryzor * entry. Returns NULL if failed.
1982fbecb99335961659b9961d47f2425bf142abgryzor unsigned long op;
020366f830905b6b5dfccfa03373379ae6a13e7blgentis if (!(entry = add_client(op, &new_entry, r->server))) {
020366f830905b6b5dfccfa03373379ae6a13e7blgentis ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01769)
020366f830905b6b5dfccfa03373379ae6a13e7blgentis "failed to allocate client entry - ignoring client");
020366f830905b6b5dfccfa03373379ae6a13e7blgentis * Authorization challenge generation code (for WWW-Authenticate)
020366f830905b6b5dfccfa03373379ae6a13e7blgentisstatic const char *ltox(apr_pool_t *p, unsigned long num)
020366f830905b6b5dfccfa03373379ae6a13e7blgentis if (num != 0) {
1982fbecb99335961659b9961d47f2425bf142abgryzor const char *qop, *opaque, *opaque_param, *domain, *nonce;
1982fbecb99335961659b9961d47f2425bf142abgryzor /* Setup qop */
1982fbecb99335961659b9961d47f2425bf142abgryzor else if (!strcasecmp(*(const char **)(conf->qop_list->elts), "none")) {
1982fbecb99335961659b9961d47f2425bf142abgryzor /* Setup opaque */
1982fbecb99335961659b9961d47f2425bf142abgryzor /* new client */
1982fbecb99335961659b9961d47f2425bf142abgryzor /* client info was gc'd */
1982fbecb99335961659b9961d47f2425bf142abgryzor /* we're generating a new nonce, so reset the nonce-count */
1982fbecb99335961659b9961d47f2425bf142abgryzor opaque_param = apr_pstrcat(r->pool, ", opaque=\"", opaque, "\"", NULL);
1982fbecb99335961659b9961d47f2425bf142abgryzor /* Setup nonce */
return DECLINED;
mainreq = r;
return OK;
char *password;
if (!current_provider) {
&password);
} while (current_provider);
return auth_result;
unsigned long nc;
char *endptr;
return OK;
return OK;
snc);
return !OK;
return OK;
return !OK;
return !OK;
return !OK;
return OK;
return HTTP_UNAUTHORIZED;
return HTTP_UNAUTHORIZED;
return HTTP_UNAUTHORIZED;
return HTTP_UNAUTHORIZED;
return HTTP_UNAUTHORIZED;
return OK;
const char *ha2;
NULL));
int res;
return DECLINED;
if (!ap_auth_name(r)) {
return HTTP_INTERNAL_SERVER_ERROR;
mainreq = r;
r->uri);
return HTTP_UNAUTHORIZED;
return HTTP_BAD_REQUEST;
return HTTP_BAD_REQUEST;
return HTTP_BAD_REQUEST;
return HTTP_UNAUTHORIZED;
return HTTP_UNAUTHORIZED;
return HTTP_UNAUTHORIZED;
return HTTP_UNAUTHORIZED;
return HTTP_UNAUTHORIZED;
return HTTP_UNAUTHORIZED;
return r->status;
return HTTP_INTERNAL_SERVER_ERROR;
r->uri);
return HTTP_UNAUTHORIZED;
const char *exp_digest;
++tmp;
if (!match
return HTTP_UNAUTHORIZED;
if (!exp_digest) {
return HTTP_INTERNAL_SERVER_ERROR;
r->uri);
return HTTP_UNAUTHORIZED;
return HTTP_UNAUTHORIZED;
return res;
return OK;
return OK;
conf);
NULL);
ai);
return OK;