|
|
|
@ -1038,6 +1038,9 @@ static void mod_auth_digest_www_authenticate(buffer *b, time_t cur_ts, const str |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
__attribute_noinline__ |
|
|
|
static handler_t mod_auth_send_401_unauthorized_digest(request_st *r, const struct http_auth_require_t *require, int nonce_stale); |
|
|
|
|
|
|
|
static void mod_auth_digest_authentication_info(buffer *b, time_t cur_ts, const struct http_auth_require_t *require, int dalgo) { |
|
|
|
buffer_clear(b); |
|
|
|
buffer_append_string_len(b, CONST_STR_LEN("nextnonce=\"")); |
|
|
|
@ -1045,15 +1048,61 @@ static void mod_auth_digest_authentication_info(buffer *b, time_t cur_ts, const |
|
|
|
buffer_append_string_len(b, CONST_STR_LEN("\"")); |
|
|
|
} |
|
|
|
|
|
|
|
static handler_t |
|
|
|
mod_auth_digest_get (request_st * const r, void *p_d, const struct http_auth_require_t * const require, const struct http_auth_backend_t * const backend, http_auth_info_t * const ai) |
|
|
|
{ |
|
|
|
plugin_data * const p = p_d; |
|
|
|
splay_tree **sptree = p->conf.auth_cache |
|
|
|
? &p->conf.auth_cache->sptree |
|
|
|
: NULL; |
|
|
|
http_auth_cache_entry *ae = NULL; |
|
|
|
handler_t rc = HANDLER_GO_ON; |
|
|
|
int ndx = -1; |
|
|
|
if (sptree) { |
|
|
|
ndx = http_auth_cache_hash(require, ai->username, ai->ulen); |
|
|
|
ae = http_auth_cache_query(sptree, ndx); |
|
|
|
if (ae && ae->require == require |
|
|
|
&& ae->dalgo == ai->dalgo |
|
|
|
&& ae->dlen == ai->dlen |
|
|
|
&& ae->ulen == ai->ulen |
|
|
|
&& 0 == memcmp(ae->username, ai->username, ai->ulen)) { |
|
|
|
memcpy(ai->digest, ae->pwdigest, ai->dlen); |
|
|
|
} |
|
|
|
else /*(not found or hash collision)*/ |
|
|
|
ae = NULL; |
|
|
|
} |
|
|
|
|
|
|
|
if (NULL == ae) |
|
|
|
rc = backend->digest(r, backend->p_d, ai); |
|
|
|
|
|
|
|
switch (rc) { |
|
|
|
case HANDLER_GO_ON: |
|
|
|
break; |
|
|
|
case HANDLER_WAIT_FOR_EVENT: |
|
|
|
return HANDLER_WAIT_FOR_EVENT; |
|
|
|
case HANDLER_FINISHED: |
|
|
|
return HANDLER_FINISHED; |
|
|
|
case HANDLER_ERROR: |
|
|
|
default: |
|
|
|
r->keep_alive = -1; /*(disable keep-alive if unknown user)*/ |
|
|
|
return mod_auth_send_401_unauthorized_digest(r, require, 0); |
|
|
|
} |
|
|
|
|
|
|
|
if (sptree && NULL == ae) { /*(cache digest from backend)*/ |
|
|
|
ae = http_auth_cache_entry_init(require, ai->dalgo, ai->username, |
|
|
|
ai->ulen, (char *)ai->digest, ai->dlen); |
|
|
|
http_auth_cache_insert(sptree, ndx, ae, http_auth_cache_entry_free); |
|
|
|
} |
|
|
|
|
|
|
|
return rc; |
|
|
|
} |
|
|
|
|
|
|
|
typedef struct { |
|
|
|
const char *key; |
|
|
|
int key_len; |
|
|
|
char **ptr; |
|
|
|
} digest_kv; |
|
|
|
|
|
|
|
__attribute_noinline__ |
|
|
|
static handler_t mod_auth_send_401_unauthorized_digest(request_st *r, const struct http_auth_require_t *require, int nonce_stale); |
|
|
|
|
|
|
|
static handler_t mod_auth_check_digest(request_st * const r, void *p_d, const struct http_auth_require_t * const require, const struct http_auth_backend_t * const backend) { |
|
|
|
char *username = NULL; |
|
|
|
char *realm = NULL; |
|
|
|
@ -1307,51 +1356,11 @@ static handler_t mod_auth_check_digest(request_st * const r, void *p_d, const st |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
plugin_data * const p = p_d; |
|
|
|
splay_tree ** sptree = p->conf.auth_cache |
|
|
|
? &p->conf.auth_cache->sptree |
|
|
|
: NULL; |
|
|
|
http_auth_cache_entry *ae = NULL; |
|
|
|
handler_t rc = HANDLER_ERROR; |
|
|
|
int ndx = -1; |
|
|
|
if (sptree) { |
|
|
|
ndx = http_auth_cache_hash(require, ai.username, ai.ulen); |
|
|
|
ae = http_auth_cache_query(sptree, ndx); |
|
|
|
if (ae && ae->require == require |
|
|
|
&& ae->dalgo == ai.dalgo |
|
|
|
&& ae->dlen == ai.dlen |
|
|
|
&& ae->ulen == ai.ulen |
|
|
|
&& 0 == memcmp(ae->username, ai.username, ai.ulen)) { |
|
|
|
rc = HANDLER_GO_ON; |
|
|
|
memcpy(ai.digest, ae->pwdigest, ai.dlen); |
|
|
|
} |
|
|
|
else /*(not found or hash collision)*/ |
|
|
|
ae = NULL; |
|
|
|
} |
|
|
|
|
|
|
|
if (NULL == ae) |
|
|
|
rc = backend->digest(r, backend->p_d, &ai); |
|
|
|
|
|
|
|
switch (rc) { |
|
|
|
case HANDLER_GO_ON: |
|
|
|
break; |
|
|
|
case HANDLER_WAIT_FOR_EVENT: |
|
|
|
buffer_free(b); |
|
|
|
return HANDLER_WAIT_FOR_EVENT; |
|
|
|
case HANDLER_FINISHED: |
|
|
|
buffer_free(b); |
|
|
|
return HANDLER_FINISHED; |
|
|
|
case HANDLER_ERROR: |
|
|
|
default: |
|
|
|
r->keep_alive = -1; /*(disable keep-alive if unknown user)*/ |
|
|
|
handler_t rc; |
|
|
|
rc = mod_auth_digest_get(r, p_d, require, backend, &ai); |
|
|
|
if (__builtin_expect( (HANDLER_GO_ON != rc), 0)) { |
|
|
|
buffer_free(b); |
|
|
|
return mod_auth_send_401_unauthorized_digest(r, require, 0); |
|
|
|
} |
|
|
|
|
|
|
|
if (sptree && NULL == ae) { /*(cache digest from backend)*/ |
|
|
|
ae = http_auth_cache_entry_init(require, ai.dalgo, ai.username, ai.ulen, |
|
|
|
(char *)ai.digest, ai.dlen); |
|
|
|
http_auth_cache_insert(sptree, ndx, ae, http_auth_cache_entry_free); |
|
|
|
return rc; |
|
|
|
} |
|
|
|
|
|
|
|
const char *m = get_http_method_name(r->http_method); |
|
|
|
|
