|
 |
ad4e62 |
--- a/modules/aaa/mod_auth_digest.c 2019/03/12 09:24:19 1855297
|
|
|
ad4e62 |
+++ b/modules/aaa/mod_auth_digest.c 2019/03/12 09:24:26 1855298
|
|
|
ad4e62 |
@@ -92,7 +92,6 @@
|
|
|
ad4e62 |
int check_nc;
|
|
|
ad4e62 |
const char *algorithm;
|
|
|
ad4e62 |
char *uri_list;
|
|
|
ad4e62 |
- const char *ha1;
|
|
|
ad4e62 |
} digest_config_rec;
|
|
|
ad4e62 |
|
|
|
ad4e62 |
|
|
|
ad4e62 |
@@ -153,6 +152,7 @@
|
|
|
ad4e62 |
apr_time_t nonce_time;
|
|
|
ad4e62 |
enum hdr_sts auth_hdr_sts;
|
|
|
ad4e62 |
int needed_auth;
|
|
|
ad4e62 |
+ const char *ha1;
|
|
|
ad4e62 |
client_entry *client;
|
|
|
ad4e62 |
} digest_header_rec;
|
|
|
ad4e62 |
|
|
|
ad4e62 |
@@ -1304,7 +1304,7 @@
|
|
|
ad4e62 |
*/
|
|
|
ad4e62 |
|
|
|
ad4e62 |
static authn_status get_hash(request_rec *r, const char *user,
|
|
|
ad4e62 |
- digest_config_rec *conf)
|
|
|
ad4e62 |
+ digest_config_rec *conf, const char **rethash)
|
|
|
ad4e62 |
{
|
|
|
ad4e62 |
authn_status auth_result;
|
|
|
ad4e62 |
char *password;
|
|
|
ad4e62 |
@@ -1356,7 +1356,7 @@
|
|
|
ad4e62 |
} while (current_provider);
|
|
|
ad4e62 |
|
|
|
ad4e62 |
if (auth_result == AUTH_USER_FOUND) {
|
|
|
ad4e62 |
- conf->ha1 = password;
|
|
|
ad4e62 |
+ *rethash = password;
|
|
|
ad4e62 |
}
|
|
|
ad4e62 |
|
|
|
ad4e62 |
return auth_result;
|
|
|
ad4e62 |
@@ -1483,25 +1483,24 @@
|
|
|
ad4e62 |
|
|
|
ad4e62 |
/* RFC-2069 */
|
|
|
ad4e62 |
static const char *old_digest(const request_rec *r,
|
|
|
ad4e62 |
- const digest_header_rec *resp, const char *ha1)
|
|
|
ad4e62 |
+ const digest_header_rec *resp)
|
|
|
ad4e62 |
{
|
|
|
ad4e62 |
const char *ha2;
|
|
|
ad4e62 |
|
|
|
ad4e62 |
ha2 = ap_md5(r->pool, (unsigned char *)apr_pstrcat(r->pool, resp->method, ":",
|
|
|
ad4e62 |
resp->uri, NULL));
|
|
|
ad4e62 |
return ap_md5(r->pool,
|
|
|
ad4e62 |
- (unsigned char *)apr_pstrcat(r->pool, ha1, ":", resp->nonce,
|
|
|
ad4e62 |
- ":", ha2, NULL));
|
|
|
ad4e62 |
+ (unsigned char *)apr_pstrcat(r->pool, resp->ha1, ":",
|
|
|
ad4e62 |
+ resp->nonce, ":", ha2, NULL));
|
|
|
ad4e62 |
}
|
|
|
ad4e62 |
|
|
|
ad4e62 |
/* RFC-2617 */
|
|
|
ad4e62 |
static const char *new_digest(const request_rec *r,
|
|
|
ad4e62 |
- digest_header_rec *resp,
|
|
|
ad4e62 |
- const digest_config_rec *conf)
|
|
|
ad4e62 |
+ digest_header_rec *resp)
|
|
|
ad4e62 |
{
|
|
|
ad4e62 |
const char *ha1, *ha2, *a2;
|
|
|
ad4e62 |
|
|
|
ad4e62 |
- ha1 = conf->ha1;
|
|
|
ad4e62 |
+ ha1 = resp->ha1;
|
|
|
ad4e62 |
|
|
|
ad4e62 |
a2 = apr_pstrcat(r->pool, resp->method, ":", resp->uri, NULL);
|
|
|
ad4e62 |
ha2 = ap_md5(r->pool, (const unsigned char *)a2);
|
|
|
ad4e62 |
@@ -1514,7 +1513,6 @@
|
|
|
ad4e62 |
NULL));
|
|
|
ad4e62 |
}
|
|
|
ad4e62 |
|
|
|
ad4e62 |
-
|
|
|
ad4e62 |
static void copy_uri_components(apr_uri_t *dst,
|
|
|
ad4e62 |
apr_uri_t *src, request_rec *r) {
|
|
|
ad4e62 |
if (src->scheme && src->scheme[0] != '\0') {
|
|
|
ad4e62 |
@@ -1759,7 +1757,7 @@
|
|
|
ad4e62 |
return HTTP_UNAUTHORIZED;
|
|
|
ad4e62 |
}
|
|
|
ad4e62 |
|
|
|
ad4e62 |
- return_code = get_hash(r, r->user, conf);
|
|
|
ad4e62 |
+ return_code = get_hash(r, r->user, conf, &resp->ha1);
|
|
|
ad4e62 |
|
|
|
ad4e62 |
if (return_code == AUTH_USER_NOT_FOUND) {
|
|
|
ad4e62 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01790)
|
|
|
ad4e62 |
@@ -1789,7 +1787,7 @@
|
|
|
ad4e62 |
|
|
|
ad4e62 |
if (resp->message_qop == NULL) {
|
|
|
ad4e62 |
/* old (rfc-2069) style digest */
|
|
|
ad4e62 |
- if (strcmp(resp->digest, old_digest(r, resp, conf->ha1))) {
|
|
|
ad4e62 |
+ if (strcmp(resp->digest, old_digest(r, resp))) {
|
|
|
ad4e62 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01792)
|
|
|
ad4e62 |
"user %s: password mismatch: %s", r->user,
|
|
|
ad4e62 |
r->uri);
|
|
|
ad4e62 |
@@ -1819,7 +1817,7 @@
|
|
|
ad4e62 |
return HTTP_UNAUTHORIZED;
|
|
|
ad4e62 |
}
|
|
|
ad4e62 |
|
|
|
ad4e62 |
- exp_digest = new_digest(r, resp, conf);
|
|
|
ad4e62 |
+ exp_digest = new_digest(r, resp);
|
|
|
ad4e62 |
if (!exp_digest) {
|
|
|
ad4e62 |
/* we failed to allocate a client struct */
|
|
|
ad4e62 |
return HTTP_INTERNAL_SERVER_ERROR;
|
|
|
ad4e62 |
@@ -1903,7 +1901,7 @@
|
|
|
ad4e62 |
|
|
|
ad4e62 |
/* calculate rspauth attribute
|
|
|
ad4e62 |
*/
|
|
|
ad4e62 |
- ha1 = conf->ha1;
|
|
|
ad4e62 |
+ ha1 = resp->ha1;
|
|
|
ad4e62 |
|
|
|
ad4e62 |
a2 = apr_pstrcat(r->pool, ":", resp->uri, NULL);
|
|
|
ad4e62 |
ha2 = ap_md5(r->pool, (const unsigned char *)a2);
|