Completed implementation of ldap/ntlm/simple handlers

author: Stef Walter <stef@memberwebs.com> 2004-04-24 22:38:50 +0000
committer: Stef Walter <stef@memberwebs.com> 2004-04-24 22:38:50 +0000
commit: cbbe71752d7f9c6204ab0f16600fe7f10490f203 (patch)
tree: 365e6e472d239d117b5f849c45f3c08fc6617c0a /daemon/ntlm.c
parent: ff76efc3e5e1b0e4ca3b10b7402406f619509bba (diff)
1 files changed, 69 insertions, 46 deletions
diff --git a/daemon/ntlm.c b/daemon/ntlm.c
index 880ae9e..bdf2116 100644
--- a/daemon/ntlm.c
+++ b/daemon/ntlm.c
@@ -5,6 +5,8 @@
 #include "httpauthd.h"
 #include "hash.h"
 #include "defaults.h"
+#include "md5.h"
+#include "basic.h"
 
 #include <syslog.h>
 
@@ -15,8 +17,7 @@
  * Defaults and Constants
  */
 
-/* This needs to be the same as an MD5 hash length */
-#define NTLM_HASH_KEY_LEN 16
+#define NTLM_HASH_KEY_LEN MD5_LEN
 #define NTLM_ESTABLISHED  (void*)1
 
 
@@ -75,8 +76,7 @@ static ntlm_connection_t* getpending(ntlm_context_t* ctx, const void* key)
 
   ha_lock(NULL);
 
-    if(ret = (ntlm_connection_t*)hash_get(ctx->pending, key))
-      hash_rem(ctx->pending, key);
+    ret = (ntlm_connection_t*)hash_rem(ctx->pending, key);
 
   ha_unlock(NULL);
 
@@ -87,18 +87,18 @@ static int putpending(ntlm_context_t* ctx, const void* key, ntlm_connection_t* c
 {
   int r = 0;
 
-  ha_lock(NULL);
+  if(!hash_get(ctx->pending, key))
+  {
+    ha_lock(NULL);
 
-    if(hash_get(ctx->pending, key))
-    {
       if(!hash_set(ctx->pending, key, (void*)conn))
       {
         ha_messagex(LOG_ERR, "out of memory");
         r = -1;
       }
-    }
 
-  ha_unlock(NULL);
+    ha_unlock(NULL);
+  }
 
   return r;
 }
@@ -132,7 +132,7 @@ static ntlm_connection_t* makeconnection(ntlm_context_t* ctx)
   }
 }
 
-static void freeconnection(ntlm_context_t* ctx, ntlm_connection_t* conn)
+static void freeconnection(ntlm_connection_t* conn)
 {
   if(conn->handle)
   {
@@ -143,13 +143,20 @@ static void freeconnection(ntlm_context_t* ctx, ntlm_connection_t* conn)
   free(conn);
 }
 
+static void free_hash_object(void* arg, void* val)
+{
+  if(val)
+    freeconnection((ntlm_connection_t*)val);
+}
+
 int ntlm_auth_basic(ntlm_context_t* ctx, char* key, const char* header,
                     ha_response_t* resp, ha_buffer_t* buf)
 {
   ntlm_connection_t* conn;
   char* t;
-  ha_basic_header_t basic;
+  basic_header_t basic;
   const char* domain = NULL;
+  int found = 0;
 
   /*
    * We're doing basic authentication on the connection
@@ -158,15 +165,15 @@ int ntlm_auth_basic(ntlm_context_t* ctx, char* key, const char* header,
    */
   conn = getpending(ctx, key);
   if(conn)
-    freeconnection(ctx, conn);
+    freeconnection(conn);
 
-  if(ha_parsebasic(header, buf, &basic) == HA_ERROR)
+  if(basic_parse(header, buf, &basic) == HA_ERROR)
     return HA_ERROR;
 
   /* Check and see if this connection is in the cache */
   ha_lock(NULL);
 
-    if(hash_get(ctx->established, basic.key) == BASIC_ESTABLISHED)
+    if(hash_get(ctx->established, basic.key) == NTLM_ESTABLISHED)
       found = 1;
 
   ha_unlock(NULL);
@@ -204,18 +211,26 @@ int ntlm_auth_basic(ntlm_context_t* ctx, char* key, const char* header,
                            ctx->backup, domain) == NTV_NO_ERROR)
       {
          /* If valid then we return */
-         resp->code = HA_SERVER_ACCEPT;
+         found = 1;
       }
 
     ha_unlock(&g_smblib_mutex);
   }
 
-  if(resp->code = HA_SERVER_ACCEPT)
+  if(found)
   {
+    int r;
+    resp->code = HA_SERVER_ACCEPT;
     resp->detail = basic.user;
 
-    /* We put this connection into the successful connections */
-    if(!hash_set(ctx->established, basic.key, BASIC_ESTABLISHED))
+    ha_lock(NULL);
+
+      /* We put this connection into the successful connections */
+      r = hash_set(ctx->established, basic.key, NTLM_ESTABLISHED);
+
+    ha_unlock(NULL);
+
+    if(!r)
     {
       ha_messagex(LOG_CRIT, "out of memory");
       return HA_ERROR;
@@ -255,8 +270,7 @@ int ntlm_auth_ntlm(ntlm_context_t* ctx, void* key, const char* header,
    * is sending us.
    */
 
-  ha_bufnext(buf);
-  ha_bufdec64(buf, header);
+  ha_bufdec64(buf, header, 0);
   header = ha_bufdata(buf);
 
   if(ha_buferr(buf))
@@ -312,14 +326,11 @@ int ntlm_auth_ntlm(ntlm_context_t* ctx, void* key, const char* header,
       if(ctx->pending_max != -1)
       {
         ha_lock(NULL);
-          r = (hash_count(ctx->pending) >= ctx->pending_max);
-        ha_unlock(NULL);
 
-        if(r)
-        {
-          resp->code = HA_SERVER_BUSY;
-          goto finally;
-        }
+          if(hash_count(ctx->pending) >= ctx->pending_max)
+            hash_bump(ctx->pending);
+
+        ha_unlock(NULL);
       }
 
 
@@ -340,19 +351,20 @@ int ntlm_auth_ntlm(ntlm_context_t* ctx, void* key, const char* header,
       conn->flags = flags;
 
       /* Start building the header */
-      ha_bufnext(buf);
-      ha_bufcat(buf, NTLM_PREFIX);
+      ha_bufcpy(buf, HA_PREFIX_NTLM);
 
       if(win9x)
       {
         struct ntlm_msg2_win9x msg_win9x;
         ntlmssp_encode_msg2_win9x(conn->nonce, &msg_win9x, (char*)ctx->domain, flags);
+        ha_bufjoin(buf);
         ha_bufenc64(buf, (unsigned char*)&msg_win9x, sizeof(msg_win9x));
       }
       else
       {
         struct ntlm_msg2 msg;
         ntlmssp_encode_msg2(conn->nonce, &msg);
+        ha_bufjoin(buf);
         ha_bufenc64(buf, (unsigned char*)&msg, sizeof(msg));
       }
 
@@ -431,14 +443,25 @@ int ntlm_auth_ntlm(ntlm_context_t* ctx, void* key, const char* header,
       /* A successful login ends here */
       else
       {
-        resp->code = HA_SERVER_ACCEPT;
+        int r;
+        resp->detail = ntlmssp.user;
+
+        ha_lock(NULL);
 
-        /* We put this connection into the successful connections */
-        if(!hash_set(ctx->established, key, NTLM_ESTABLISHED))
+          /* We put this connection into the successful connections */
+          r = hash_set(ctx->established, key, NTLM_ESTABLISHED);
+
+        ha_unlock(NULL);
+
+        if(!r)
         {
           ha_messagex(LOG_CRIT, "out of memory");
           ret = HA_ERROR;
         }
+        else
+        {
+          ret = HA_OK;
+        }
       }
 
       goto finally;
@@ -456,7 +479,7 @@ finally:
     ret = HA_ERROR;
 
   if(conn)
-    freeconnection(ctx, conn);
+    freeconnection(conn);
 
   return ret;
 }
@@ -531,8 +554,8 @@ int ntlm_init(ha_context_t* context)
     }
 
     /* Initialize our tables */
-    if(!(ctx->pending = hash_create(NTLM_HASH_KEY_LEN)) ||
-       !(ctx->established = hash_create(NTLM_HASH_KEY_LEN)))
+    if(!(ctx->pending = hash_create(NTLM_HASH_KEY_LEN, free_hash_object, NULL)) ||
+       !(ctx->established = hash_create(NTLM_HASH_KEY_LEN, NULL, NULL)))
     {
       ha_messagex(LOG_CRIT, "out of memory");
       return HA_ERROR;
@@ -545,7 +568,7 @@ int ntlm_init(ha_context_t* context)
     /* Create the smblib mutex */
     if(pthread_mutexattr_init(&g_smblib_mutexattr) != 0 ||
        pthread_mutexattr_settype(&g_smblib_mutexattr, HA_MUTEX_TYPE) ||
-       pthread_mutex_init(&g_mutex, &g_smblib_mutexattr) != 0)
+       pthread_mutex_init(&g_smblib_mutex, &g_smblib_mutexattr) != 0)
     {
       ha_messagex(LOG_CRIT, "threading problem. can't create mutex");
       return HA_ERROR;
@@ -589,13 +612,11 @@ int ntlm_process(ha_context_t* context, ha_request_t* req,
   resp->code = -1;
 
   /* Hash the unique key */
-  ha_md5string(req->args[1], key);
+  md5_string(key, req->args[AUTH_ARG_CONN]);
 
 
   ha_lock(NULL);
 
-    XXX: These connections aren't being destroyed properly
-
     /*
      * Purge out stale connection stuff. This includes
      * authenticated connections which have expired as
@@ -608,9 +629,9 @@ int ntlm_process(ha_context_t* context, ha_request_t* req,
 
 
   /* Look for a NTLM header */
-  if(context->types & HA_TYPES_NTLM)
+  if(context->types & HA_TYPE_NTLM)
   {
-    header = ha_getheader(req, "Authorization", NTLM_PREFIX);
+    header = ha_getheader(req, "Authorization", HA_PREFIX_NTLM);
     if(header)
     {
       /* Trim off for decoding */
@@ -627,7 +648,7 @@ int ntlm_process(ha_context_t* context, ha_request_t* req,
   if(!header && context->types & HA_TYPE_BASIC)
   {
     /* Look for a Basic header */
-    header = ha_getheader(req, "Authorization", BASIC_PREFIX);
+    header = ha_getheader(req, "Authorization", HA_PREFIX_BASIC);
     if(header)
     {
       /* Trim off for decoding */
@@ -669,14 +690,16 @@ int ntlm_process(ha_context_t* context, ha_request_t* req,
     resp->code = HA_SERVER_DECLINE;
 
     if(context->types & HA_TYPE_NTLM)
-      ha_addheader(resp, "WWW-Authenticate", NTLM_PREFIX);
+      ha_addheader(resp, "WWW-Authenticate", HA_PREFIX_NTLM);
 
     if(context->types & HA_TYPE_BASIC)
     {
-      ha_bufnext(buf);
-      ha_bufcat(buf, BASIC_PREFIX, "realm=\"",
+      ha_bufmcat(buf, HA_PREFIX_BASIC, "realm=\"",
                 ctx->basic_realm ? ctx->basic_realm : "", "\"", NULL);
 
+      if(ha_buferr(buf))
+        return HA_ERROR;
+
       ha_addheader(resp, "WWW-Authenticate", ha_bufdata(buf));
     }
   }
@@ -697,7 +720,7 @@ ha_handler_t ntlm_handler =
   ntlm_destroy,            /* Uninitialization routine */
   ntlm_config,             /* Config routine */
   ntlm_process,            /* Processing routine */
-  ntlm_defaults,           /* Default settings */
+  &ntlm_defaults,           /* Default settings */
   sizeof(ntlm_context_t)
 };
author	Stef Walter <stef@memberwebs.com>	2004-04-24 22:38:50 +0000
committer	Stef Walter <stef@memberwebs.com>	2004-04-24 22:38:50 +0000
commit	cbbe71752d7f9c6204ab0f16600fe7f10490f203 (patch)
tree	365e6e472d239d117b5f849c45f3c08fc6617c0a /daemon/ntlm.c
parent	ff76efc3e5e1b0e4ca3b10b7402406f619509bba (diff)