summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStef Walter <stef@memberwebs.com>2004-04-26 17:45:47 +0000
committerStef Walter <stef@memberwebs.com>2004-04-26 17:45:47 +0000
commit627c573af25b602ac64c36b01c8163c592cbb494 (patch)
tree935f8fd15e6c47ce0a47164b4476583dc3e44c27
parent7ede8b330f777a0ff5c960eaecc1850b84289620 (diff)
Debugging Fixes
-rw-r--r--common/buffer.c41
-rw-r--r--daemon/basic.c4
-rw-r--r--daemon/digest.c5
-rw-r--r--daemon/httpauthd.h4
-rw-r--r--daemon/ldap.c30
-rw-r--r--daemon/misc.c10
-rw-r--r--daemon/ntlm.c9
-rw-r--r--daemon/simple.c14
-rw-r--r--sample/httpauthd.conf8
9 files changed, 72 insertions, 53 deletions
diff --git a/common/buffer.c b/common/buffer.c
index db23d79..0cb045c 100644
--- a/common/buffer.c
+++ b/common/buffer.c
@@ -525,12 +525,13 @@ char* ha_bufenc64(ha_buffer_t* buf, const void* source, size_t len)
return buf->_pp;
}
-void* ha_bufdec64(ha_buffer_t* buf, const char* src, size_t bytes)
+void* ha_bufdec64(ha_buffer_t* buf, const char* src, size_t* bytes)
{
int state = 0;
int ch;
char* pos;
void* ret;
+ size_t todo = 0;
size_t done = 0;
ASSERT(buf && src);
@@ -540,10 +541,12 @@ void* ha_bufdec64(ha_buffer_t* buf, const char* src, size_t bytes)
BUF_NEW_BLOCK(buf);
- if(bytes == 0)
- bytes = ~0;
+ if(!bytes || *bytes == 0)
+ todo = ~0;
+ else
+ todo = *bytes;
- while((ch = *src++) != '\0' && done < bytes)
+ while((ch = *src++) != '\0' && done < todo)
{
if(isspace(ch)) /* Skip whitespace anywhere. */
continue;
@@ -594,9 +597,11 @@ void* ha_bufdec64(ha_buffer_t* buf, const char* src, size_t bytes)
/* TODO: Validate ending and return error if invalid somehow */
- /* If we were asked for a specific amount of bytes, then return null */
- if(bytes != ~0 && bytes != done)
- return NULL;
+ /* We always null terminate anyway */
+ *(buf->_rp++) = 0;
+
+ if(bytes)
+ *bytes = done;
ret = (void*)buf->_pp;
buf->_pp = buf->_rp;
@@ -635,23 +640,25 @@ char* ha_bufenchex(ha_buffer_t* buf, const void* source, size_t len)
return buf->_pp;
}
-void* ha_bufdechex(ha_buffer_t* buf, const char* src, size_t bytes)
+void* ha_bufdechex(ha_buffer_t* buf, const char* src, size_t* bytes)
{
unsigned short j;
- size_t done = 0;
int state = 0;
char* pos;
void* ret;
+ size_t done = 0;
+ size_t todo = 0;
ASSERT(buf && src);
- if(bytes != 0)
+ if(bytes && *bytes != 0)
{
- buffer_bump(buf, bytes + 1);
+ buffer_bump(buf, *bytes + 1);
+ todo = *bytes;
}
else
{
- bytes = ~0;
+ todo = ~0;
buffer_bump(buf, (strlen(src) / 2) + 1);
}
@@ -660,7 +667,7 @@ void* ha_bufdechex(ha_buffer_t* buf, const char* src, size_t bytes)
BUF_NEW_BLOCK(buf);
- while(src[0] && done < bytes)
+ while(src[0] && done < todo)
{
/* Find the position */
pos = strchr(HEXC, tolower(src[0]));
@@ -688,9 +695,11 @@ void* ha_bufdechex(ha_buffer_t* buf, const char* src, size_t bytes)
if(state != 0)
return NULL;
- /* If we were asked for a specific amount of bytes, then return null */
- if(bytes != ~0 && bytes != done)
- return NULL;
+ /* We always null terminate anyway */
+ *(buf->_rp++) = 0;
+
+ if(bytes)
+ *bytes = done;
ret = (void*)buf->_pp;
buf->_pp = buf->_rp;
diff --git a/daemon/basic.c b/daemon/basic.c
index ddce156..45e49cb 100644
--- a/daemon/basic.c
+++ b/daemon/basic.c
@@ -6,7 +6,6 @@
int basic_parse(const char* header, ha_buffer_t* buf, basic_header_t* rec)
{
char* t;
-
ASSERT(header && buf && rec);
memset(rec, 0, sizeof(*rec));
@@ -20,8 +19,7 @@ int basic_parse(const char* header, ha_buffer_t* buf, basic_header_t* rec)
*
* "Basic " B64(user ":" password)
*/
- ha_bufdec64(buf, header, 0);
- header = ha_bufdata(buf);
+ header = (const char*)ha_bufdec64(buf, header, NULL);
if(!header)
return HA_ERROR;
diff --git a/daemon/digest.c b/daemon/digest.c
index 099ca49..d1cfe20 100644
--- a/daemon/digest.c
+++ b/daemon/digest.c
@@ -241,9 +241,10 @@ int digest_parse(char* header, ha_buffer_t* buf, digest_header_t* rec,
if(rec->nonce)
{
- void* d = ha_bufdec64(buf, rec->nonce, DIGEST_NONCE_LEN);
+ size_t len = DIGEST_NONCE_LEN;
+ void* d = ha_bufdec64(buf, rec->nonce, &len);
- if(d != NULL)
+ if(d && len == DIGEST_NONCE_LEN)
memcpy(nonce, d, DIGEST_NONCE_LEN);
}
}
diff --git a/daemon/httpauthd.h b/daemon/httpauthd.h
index 7f51895..8693310 100644
--- a/daemon/httpauthd.h
+++ b/daemon/httpauthd.h
@@ -86,13 +86,13 @@ void* ha_bufmemdup(ha_buffer_t* buf, const void* src, size_t bytes);
char* ha_bufenc64(ha_buffer_t* buf, const void* src, size_t bytes);
/* Decode an array of bytes from base 64 */
-void* ha_bufdec64(ha_buffer_t* buf, const char* src, size_t bytes);
+void* ha_bufdec64(ha_buffer_t* buf, const char* src, size_t* bytes);
/* Encode an array of bytes in hex */
char* ha_bufenchex(ha_buffer_t* buf, const void* src, size_t bytes);
/* Decode an array of bytes in hex */
-void* ha_bufdechex(ha_buffer_t* buf, const char* src, size_t bytes);
+void* ha_bufdechex(ha_buffer_t* buf, const char* src, size_t* bytes);
diff --git a/daemon/ldap.c b/daemon/ldap.c
index c513ea7..b6da6d4 100644
--- a/daemon/ldap.c
+++ b/daemon/ldap.c
@@ -250,7 +250,7 @@ static const char* substitute_params(ldap_context_t* ctx, ha_buffer_t* buf,
const char* t;
ASSERT(ctx && buf && user && str);
-
+ /* TODO: We need to be escaping the user and realm properly */
/* This starts a new block to join */
ha_bufcpy(buf, "");
@@ -376,6 +376,8 @@ static const char* find_cleartext_password(ha_buffer_t* buf, const char** pws)
static int parse_ldap_ha1(ha_buffer_t* buf, struct berval* bv, unsigned char* ha1)
{
ASSERT(buf && bv && ha1);
+ size_t len;
+ void* d;
/* Raw binary */
if(bv->bv_len == MD5_LEN)
@@ -387,9 +389,10 @@ static int parse_ldap_ha1(ha_buffer_t* buf, struct berval* bv, unsigned char* ha
/* Hex encoded */
else if(bv->bv_len == (MD5_LEN * 2))
{
- void* d = ha_bufdechex(buf, bv->bv_val, MD5_LEN);
+ len = MD5_LEN;
+ d = ha_bufdechex(buf, bv->bv_val, &len);
- if(d)
+ if(d && len == MD5_LEN)
{
memcpy(ha1, d, MD5_LEN);
return HA_OK;
@@ -399,9 +402,10 @@ static int parse_ldap_ha1(ha_buffer_t* buf, struct berval* bv, unsigned char* ha
/* B64 Encoded */
else
{
- void* d = ha_bufdec64(buf, bv->bv_val, MD5_LEN);
+ len = MD5_LEN;
+ d = ha_bufdec64(buf, bv->bv_val, &len);
- if(d)
+ if(d && len == MD5_LEN)
{
memcpy(ha1, ha_bufdata(buf), MD5_LEN);
return HA_OK;
@@ -550,7 +554,7 @@ static LDAP* get_ldap_connection(ldap_context_t* ctx)
if(ctx->pool[i])
{
ld = ctx->pool[i];
- ctx->pool[i];
+ ctx->pool[i] = NULL;
return ld;
}
}
@@ -578,10 +582,9 @@ static LDAP* get_ldap_connection(ldap_context_t* ctx)
ldap_unbind_s(ld);
return NULL;
}
-
- ctx->pool_mark++;
}
+ ctx->pool_mark++;
return ld;
}
@@ -885,7 +888,7 @@ static int basic_ldap_response(ldap_context_t* ctx, const char* header,
}
/* It worked! */
- resp->code = HA_SERVER_ACCEPT;
+ found = 1;
}
@@ -897,7 +900,7 @@ static int basic_ldap_response(ldap_context_t* ctx, const char* header,
ret = validate_ldap_ha1(ctx, ld, entry, buf, basic.user, basic.password);
if(ret == HA_OK)
- resp->code = HA_SERVER_ACCEPT;
+ found = 1;
else
ha_messagex(LOG_WARNING, "invalid or unrecognized password for user: %s", basic.user);
@@ -912,8 +915,9 @@ finally:
if(results)
ldap_msgfree(results);
- if(resp->code == HA_SERVER_ACCEPT)
+ if(found && ret != HA_ERROR)
{
+ resp->code = HA_SERVER_ACCEPT;
resp->detail = basic.user;
/* We put this connection into the successful connections */
@@ -1232,7 +1236,7 @@ int ldap_inithand(ha_context_t* context)
}
/* Check for mandatory configuration */
- if(!ctx->servers || (!ctx->dnmap || !ctx->filter))
+ if(!ctx->servers || !(ctx->dnmap || ctx->filter))
{
ha_messagex(LOG_ERR, "Digest LDAP configuration incomplete. "
"Must have LDAPServers and either LDAPFilter or LDAPDNMap.");
@@ -1305,7 +1309,7 @@ void ldap_destroy(ha_context_t* context)
int ldap_process(ha_context_t* context, ha_request_t* req,
ha_response_t* resp, ha_buffer_t* buf)
{
- ldap_context_t* ctx = (ldap_context_t*)context;
+ ldap_context_t* ctx = (ldap_context_t*)context->data;
time_t t = time(NULL);
const char* header = NULL;
int ret;
diff --git a/daemon/misc.c b/daemon/misc.c
index 9dba389..15344ce 100644
--- a/daemon/misc.c
+++ b/daemon/misc.c
@@ -170,15 +170,15 @@ void ha_unlock(pthread_mutex_t* mtx)
int ha_confbool(const char* name, const char* conf, int* value)
{
- ASSERT(name && conf && value);
+ ASSERT(name && value);
- if(value == NULL ||
- value[0] == 0 ||
+ if(conf == NULL ||
+ conf[0] == 0 ||
strcasecmp(conf, "0") == 0 ||
strcasecmp(conf, "no") == 0 ||
strcasecmp(conf, "false") == 0 ||
strcasecmp(conf, "f") == 0 ||
- strcasecmp(conf, "off"))
+ strcasecmp(conf, "off") == 0)
{
*value = 0;
return HA_OK;
@@ -188,7 +188,7 @@ int ha_confbool(const char* name, const char* conf, int* value)
strcasecmp(conf, "yes") == 0 ||
strcasecmp(conf, "true") == 0 ||
strcasecmp(conf, "t") == 0 ||
- strcasecmp(conf, "on"))
+ strcasecmp(conf, "on") == 0)
{
*value = 1;
return HA_OK;
diff --git a/daemon/ntlm.c b/daemon/ntlm.c
index 28284b9..736ac28 100644
--- a/daemon/ntlm.c
+++ b/daemon/ntlm.c
@@ -265,6 +265,8 @@ int ntlm_auth_ntlm(ntlm_context_t* ctx, void* key, const char* header,
ntlm_connection_t* conn = NULL;
unsigned int flags = 0;
int ret = HA_FALSE;
+ size_t len = 0;
+ void* d;
int r;
ASSERT(ctx && key && header && resp && buf);
@@ -288,13 +290,12 @@ int ntlm_auth_ntlm(ntlm_context_t* ctx, void* key, const char* header,
* is sending us.
*/
- ha_bufdec64(buf, header, 0);
- header = ha_bufdata(buf);
+ d = ha_bufdec64(buf, header, &len);
- if(ha_buferr(buf))
+ if(!d || len == 0)
goto finally;
- r = ntlmssp_decode_msg(&ntlmssp, ha_bufdata(buf), ha_buflen(buf), &flags);
+ r = ntlmssp_decode_msg(&ntlmssp, d, len, &flags);
if(r != 0)
{
ha_messagex(LOG_ERR, "decoding NTLM message failed (error %d)", r);
diff --git a/daemon/simple.c b/daemon/simple.c
index e33e833..d2f8063 100644
--- a/daemon/simple.c
+++ b/daemon/simple.c
@@ -150,6 +150,7 @@ static int complete_digest_ha1(simple_context_t* ctx, digest_record_t* rec,
int found = 0;
char* t;
char* t2;
+ size_t len;
char line[SIMPLE_MAXLINE];
ASSERT(ctx && rec && buf && user && user[0] && code);
@@ -199,9 +200,11 @@ static int complete_digest_ha1(simple_context_t* ctx, digest_record_t* rec,
/* Check the realm */
if(strcmp(t, ctx->realm) == 0)
{
+ len = MD5_LEN;
+
/* Now try antd decode the ha1 */
- t = ha_bufdechex(buf, t2, MD5_LEN);
- if(t != NULL)
+ t = ha_bufdechex(buf, t2, &len);
+ if(t && len == MD5_LEN)
{
memcpy(rec->ha1, t, MD5_LEN);
found = 1;
@@ -233,6 +236,7 @@ static int validate_user_password(simple_context_t* ctx, ha_buffer_t* buf,
unsigned char ha1[MD5_LEN];
char* t;
char* t2;
+ size_t len;
ASSERT(ctx && buf && code);
ASSERT(user && user[0] && clearpw);
@@ -306,9 +310,11 @@ static int validate_user_password(simple_context_t* ctx, ha_buffer_t* buf,
/* Check the realm */
if(strcmp(t, ctx->realm) == 0)
{
+ len = MD5_LEN;
+
/* Now try antd decode the ha1 */
- t = ha_bufdechex(buf, t2, MD5_LEN);
- if(t && memcmp(ha1, t, MD5_LEN) == 0)
+ t = ha_bufdechex(buf, t2, &len);
+ if(t && len == MD5_LEN && memcmp(ha1, t, MD5_LEN) == 0)
{
found = 1;
break;
diff --git a/sample/httpauthd.conf b/sample/httpauthd.conf
index 1b12e4a..f08ebad 100644
--- a/sample/httpauthd.conf
+++ b/sample/httpauthd.conf
@@ -17,13 +17,13 @@ LDAPServers: authdev.ws.local
LDAPDoBind: True
LDAPDNMap: cn=%u,ou=test,dc=fam
DigestDomains: http://test.ws.local/
+
# LDAPFilter:
# LDAPBase:
# LDAPPWAttr:
# LDAPHA1Attr:
# LDAPUser:
# LDAPPassword:
-# LDAPScope
-
-
-LDAPDN
+# LDAPScope:
+# LDAPMax:
+# LDAPTimeout: