View | Details | Raw Unified | Return to bug 63124
Collapse All | Expand All

(-)httpd-2.4.37/modules/aaa/mod_auth_digest.c (-13 / +13 lines)
Lines 92-98 Link Here
92
    int          check_nc;
92
    int          check_nc;
93
    const char  *algorithm;
93
    const char  *algorithm;
94
    char        *uri_list;
94
    char        *uri_list;
95
    const char  *ha1;
96
} digest_config_rec;
95
} digest_config_rec;
97
96
98
97
Lines 153-158 Link Here
153
    apr_time_t            nonce_time;
152
    apr_time_t            nonce_time;
154
    enum hdr_sts          auth_hdr_sts;
153
    enum hdr_sts          auth_hdr_sts;
155
    int                   needed_auth;
154
    int                   needed_auth;
155
    const char           *ha1;
156
    client_entry         *client;
156
    client_entry         *client;
157
} digest_header_rec;
157
} digest_header_rec;
158
158
Lines 1304-1310 Link Here
1304
 */
1304
 */
1305
1305
1306
static authn_status get_hash(request_rec *r, const char *user,
1306
static authn_status get_hash(request_rec *r, const char *user,
1307
                             digest_config_rec *conf)
1307
                             digest_config_rec *conf, char **rethash)
1308
{
1308
{
1309
    authn_status auth_result;
1309
    authn_status auth_result;
1310
    char *password;
1310
    char *password;
Lines 1356-1362 Link Here
1356
    } while (current_provider);
1356
    } while (current_provider);
1357
1357
1358
    if (auth_result == AUTH_USER_FOUND) {
1358
    if (auth_result == AUTH_USER_FOUND) {
1359
        conf->ha1 = password;
1359
        *rethash = password;
1360
    }
1360
    }
1361
1361
1362
    return auth_result;
1362
    return auth_result;
Lines 1483-1507 Link Here
1483
1483
1484
/* RFC-2069 */
1484
/* RFC-2069 */
1485
static const char *old_digest(const request_rec *r,
1485
static const char *old_digest(const request_rec *r,
1486
                              const digest_header_rec *resp, const char *ha1)
1486
                              const digest_header_rec *resp)
1487
{
1487
{
1488
    const char *ha2;
1488
    const char *ha2;
1489
1489
1490
    ha2 = ap_md5(r->pool, (unsigned char *)apr_pstrcat(r->pool, resp->method, ":",
1490
    ha2 = ap_md5(r->pool, (unsigned char *)apr_pstrcat(r->pool, resp->method, ":",
1491
                                                       resp->uri, NULL));
1491
                                                       resp->uri, NULL));
1492
    return ap_md5(r->pool,
1492
    return ap_md5(r->pool,
1493
                  (unsigned char *)apr_pstrcat(r->pool, ha1, ":", resp->nonce,
1493
                  (unsigned char *)apr_pstrcat(r->pool, resp->ha1, ":",
1494
                                              ":", ha2, NULL));
1494
                                               resp->nonce, ":", ha2, NULL));
1495
}
1495
}
1496
1496
1497
/* RFC-2617 */
1497
/* RFC-2617 */
1498
static const char *new_digest(const request_rec *r,
1498
static const char *new_digest(const request_rec *r,
1499
                              digest_header_rec *resp,
1499
                              digest_header_rec *resp)
1500
                              const digest_config_rec *conf)
1501
{
1500
{
1502
    const char *ha1, *ha2, *a2;
1501
    const char *ha1, *ha2, *a2;
1503
1502
1504
    ha1 = conf->ha1;
1503
    ha1 = resp->ha1;
1505
1504
1506
    a2 = apr_pstrcat(r->pool, resp->method, ":", resp->uri, NULL);
1505
    a2 = apr_pstrcat(r->pool, resp->method, ":", resp->uri, NULL);
1507
    ha2 = ap_md5(r->pool, (const unsigned char *)a2);
1506
    ha2 = ap_md5(r->pool, (const unsigned char *)a2);
Lines 1512-1517 Link Here
1512
                                               resp->cnonce, ":",
1511
                                               resp->cnonce, ":",
1513
                                               resp->message_qop, ":", ha2,
1512
                                               resp->message_qop, ":", ha2,
1514
                                               NULL));
1513
                                               NULL));
1514
1515
}
1515
}
1516
1516
1517
1517
Lines 1767-1773 Link Here
1767
        return HTTP_UNAUTHORIZED;
1767
        return HTTP_UNAUTHORIZED;
1768
    }
1768
    }
1769
1769
1770
    return_code = get_hash(r, r->user, conf);
1770
    return_code = get_hash(r, r->user, conf, &resp->ha1);
1771
1771
1772
    if (return_code == AUTH_USER_NOT_FOUND) {
1772
    if (return_code == AUTH_USER_NOT_FOUND) {
1773
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01790)
1773
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01790)
Lines 1797-1803 Link Here
1797
1797
1798
    if (resp->message_qop == NULL) {
1798
    if (resp->message_qop == NULL) {
1799
        /* old (rfc-2069) style digest */
1799
        /* old (rfc-2069) style digest */
1800
        if (strcmp(resp->digest, old_digest(r, resp, conf->ha1))) {
1800
        if (strcmp(resp->digest, old_digest(r, resp))) {
1801
            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01792)
1801
            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01792)
1802
                          "user %s: password mismatch: %s", r->user,
1802
                          "user %s: password mismatch: %s", r->user,
1803
                          r->uri);
1803
                          r->uri);
Lines 1827-1833 Link Here
1827
            return HTTP_UNAUTHORIZED;
1827
            return HTTP_UNAUTHORIZED;
1828
        }
1828
        }
1829
1829
1830
        exp_digest = new_digest(r, resp, conf);
1830
        exp_digest = new_digest(r, resp);
1831
        if (!exp_digest) {
1831
        if (!exp_digest) {
1832
            /* we failed to allocate a client struct */
1832
            /* we failed to allocate a client struct */
1833
            return HTTP_INTERNAL_SERVER_ERROR;
1833
            return HTTP_INTERNAL_SERVER_ERROR;
Lines 1911-1917 Link Here
1911
1911
1912
        /* calculate rspauth attribute
1912
        /* calculate rspauth attribute
1913
         */
1913
         */
1914
        ha1 = conf->ha1;
1914
        ha1 = resp->ha1;
1915
1915
1916
        a2 = apr_pstrcat(r->pool, ":", resp->uri, NULL);
1916
        a2 = apr_pstrcat(r->pool, ":", resp->uri, NULL);
1917
        ha2 = ap_md5(r->pool, (const unsigned char *)a2);
1917
        ha2 = ap_md5(r->pool, (const unsigned char *)a2);

Return to bug 63124