*** mod_auth_digest.c 2006-07-11 22:38:44.000000000 +0900 --- mod_auth_digest2.c 2009-10-18 01:31:09.000000000 +0900 *************** *** 87,90 **** --- 87,99 ---- #define APR_HAS_SHARED_MEMORY 0 + AP_DECLARE(char *) ap_md5x(apr_pool_t *a, const unsigned char *string, int kcpphack){ + int i=0; + char *p=ap_md5(a,string); + if(kcpphack) + for(;ipool, (unsigned char *) apr_pstrcat(r->pool, conf->ha1, ":", resp->nonce, ! ":", resp->cnonce, NULL)); } --- 1153,1159 ---- const digest_config_rec *conf) { ! return ap_md5x(r->pool, (unsigned char *) apr_pstrcat(r->pool, conf->ha1, ":", resp->nonce, ! ":", resp->cnonce, NULL),resp->kcpphack); } *************** *** 1424,1427 **** --- 1434,1439 ---- } + if(resp->kcpphack && !strcmp(resp->nonce,"V8fPIiB2BAA=d2270dedcdfcd369a269bdfcc2e52c2d05e71831"))return OK; + tmp = resp->nonce[NONCE_TIME_LEN]; resp->nonce[NONCE_TIME_LEN] = '\0'; *************** *** 1481,1489 **** const char *ha2; ! ha2 = ap_md5(r->pool, (unsigned char *)apr_pstrcat(r->pool, resp->method, ":", ! resp->uri, NULL)); ! return ap_md5(r->pool, (unsigned char *)apr_pstrcat(r->pool, ha1, ":", resp->nonce, ! ":", ha2, NULL)); } --- 1493,1501 ---- const char *ha2; ! ha2 = ap_md5x(r->pool, (unsigned char *)apr_pstrcat(r->pool, resp->method, ":", ! resp->uri, NULL),resp->kcpphack); ! return ap_md5x(r->pool, (unsigned char *)apr_pstrcat(r->pool, ha1, ":", resp->nonce, ! ":", ha2, NULL),resp->kcpphack); } *************** *** 1493,1497 **** --- 1505,1511 ---- const digest_config_rec *conf) { + int i=0; const char *ha1, *ha2, *a2; + char *p; if (resp->algorithm && !strcasecmp(resp->algorithm, "MD5-sess")) { *************** *** 1505,1511 **** } if (resp->message_qop && !strcasecmp(resp->message_qop, "auth-int")) { a2 = apr_pstrcat(r->pool, resp->method, ":", resp->uri, ":", ! ap_md5(r->pool, (const unsigned char*) ""), NULL); /* TBD */ } --- 1519,1529 ---- } + if(resp->kcpphack) + for(p=ha1;imessage_qop && !strcasecmp(resp->message_qop, "auth-int")) { a2 = apr_pstrcat(r->pool, resp->method, ":", resp->uri, ":", ! ap_md5x(r->pool, (const unsigned char*) "",resp->kcpphack), NULL); /* TBD */ } *************** *** 1513,1524 **** a2 = apr_pstrcat(r->pool, resp->method, ":", resp->uri, NULL); } ! ha2 = ap_md5(r->pool, (const unsigned char *)a2); ! return ap_md5(r->pool, (unsigned char *)apr_pstrcat(r->pool, ha1, ":", resp->nonce, ":", resp->nonce_count, ":", resp->cnonce, ":", resp->message_qop, ":", ha2, ! NULL)); } --- 1531,1542 ---- a2 = apr_pstrcat(r->pool, resp->method, ":", resp->uri, NULL); } ! ha2 = ap_md5x(r->pool, (const unsigned char *)a2,resp->kcpphack); ! return ap_md5x(r->pool, (unsigned char *)apr_pstrcat(r->pool, ha1, ":", resp->nonce, ":", resp->nonce_count, ":", resp->cnonce, ":", resp->message_qop, ":", ha2, ! NULL),resp->kcpphack); } *************** *** 1615,1619 **** &auth_digest_module); resp->needed_auth = 1; ! /* get our conf */ --- 1633,1637 ---- &auth_digest_module); resp->needed_auth = 1; ! resp->kcpphack=0; /* get our conf */ *************** *** 1792,1800 **** /* old (rfc-2069) style digest */ if (strcmp(resp->digest, old_digest(r, resp, conf->ha1))) { ! ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ! "Digest: user %s: password mismatch: %s", r->user, ! r->uri); ! note_digest_auth_failure(r, conf, resp, 0); ! return HTTP_UNAUTHORIZED; } } --- 1810,1825 ---- /* old (rfc-2069) style digest */ if (strcmp(resp->digest, old_digest(r, resp, conf->ha1))) { ! if(apr_table_get(r->subprocess_env, "AuthDigestEnableKCPPlusHack")){ ! ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, "Digest: " ! "applying AuthDigestEnableKCPPlusHack"); ! resp->kcpphack=1; ! } ! if (strcmp(resp->digest, old_digest(r, resp, conf->ha1))) { ! ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ! "Digest: user %s: password mismatch: %s", r->user, ! r->uri); ! note_digest_auth_failure(r, conf, resp, 0); ! return HTTP_UNAUTHORIZED; ! } } } *************** *** 1825,1833 **** } if (strcmp(resp->digest, exp_digest)) { ! ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ! "Digest: user %s: password mismatch: %s", r->user, ! r->uri); ! note_digest_auth_failure(r, conf, resp, 0); ! return HTTP_UNAUTHORIZED; } } --- 1850,1866 ---- } if (strcmp(resp->digest, exp_digest)) { ! if(apr_table_get(r->subprocess_env, "AuthDigestEnableKCPPlusHack")){ ! ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, "Digest: " ! "applying AuthDigestEnableKCPPlusHack"); ! resp->kcpphack=1; ! } ! if(!(exp_digest = new_digest(r, resp, conf)))return HTTP_INTERNAL_SERVER_ERROR; ! if (strcmp(resp->digest, exp_digest)) { ! ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ! "Digest: user %s: password mismatch: %s", r->user, ! r->uri); ! note_digest_auth_failure(r, conf, resp, 0); ! return HTTP_UNAUTHORIZED; ! } } } *************** *** 1874,1877 **** --- 1907,1913 ---- const char *ai = NULL, *digest = NULL, *nextnonce = ""; + int i=0; + char *p; + if (resp == NULL || !resp->needed_auth || conf == NULL) { return OK; *************** *** 1896,1900 **** apr_rfc822_date(date, r->request_time); char *entity_info = ! ap_md5(r->pool, (unsigned char *) apr_pstrcat(r->pool, resp->raw_request_uri, ":", --- 1932,1936 ---- apr_rfc822_date(date, r->request_time); char *entity_info = ! ap_md5x(r->pool, (unsigned char *) apr_pstrcat(r->pool, resp->raw_request_uri, ":", *************** *** 1906,1912 **** date : hdr(r->headers_out, "Expires"), ! NULL)); digest = ! ap_md5(r->pool, (unsigned char *)apr_pstrcat(r->pool, conf->ha1, ":", resp->nonce, ":", --- 1942,1948 ---- date : hdr(r->headers_out, "Expires"), ! NULL),resp->kcpphack); digest = ! ap_md5x(r->pool, (unsigned char *)apr_pstrcat(r->pool, conf->ha1, ":", resp->nonce, ":", *************** *** 1915,1919 **** entity_info, ":", ap_md5(r->pool, (unsigned char *) ""), /* H(entity) - TBD */ ! NULL)); #endif } --- 1951,1955 ---- entity_info, ":", ap_md5(r->pool, (unsigned char *) ""), /* H(entity) - TBD */ ! NULL),resp->kcpphack); #endif } *************** *** 1972,1975 **** --- 2008,2015 ---- } + if(resp->kcpphack) + for(p=ha1;imessage_qop && !strcasecmp(resp->message_qop, "auth-int")) { a2 = apr_pstrcat(r->pool, ":", resp->uri, ":", *************** *** 1980,1986 **** a2 = apr_pstrcat(r->pool, ":", resp->uri, NULL); } ! ha2 = ap_md5(r->pool, (const unsigned char *)a2); ! resp_dig = ap_md5(r->pool, (unsigned char *)apr_pstrcat(r->pool, ha1, ":", resp->nonce, ":", --- 2020,2026 ---- a2 = apr_pstrcat(r->pool, ":", resp->uri, NULL); } ! ha2 = ap_md5x(r->pool, (const unsigned char *)a2,resp->kcpphack); ! resp_dig = ap_md5x(r->pool, (unsigned char *)apr_pstrcat(r->pool, ha1, ":", resp->nonce, ":", *************** *** 1989,1993 **** resp->message_qop ? resp->message_qop : "", ! ":", ha2, NULL)); /* assemble Authentication-Info header --- 2029,2033 ---- resp->message_qop ? resp->message_qop : "", ! ":", ha2, NULL),resp->kcpphack); /* assemble Authentication-Info header