summaryrefslogtreecommitdiff
path: root/daemon
diff options
context:
space:
mode:
authorStef Walter <stef@memberwebs.com>2004-04-26 16:41:54 +0000
committerStef Walter <stef@memberwebs.com>2004-04-26 16:41:54 +0000
commit6f493edb96610203727b35bbe45264a932bfa2a2 (patch)
treed85fed11082517fa3d6a434f8d6adc24c129d9a0 /daemon
parent570c17aa3bb6a39030ebefc5618f0c3fa8cf0089 (diff)
Added debug nonce support to the ldap handler.
Diffstat (limited to 'daemon')
-rw-r--r--daemon/ldap.c58
1 files changed, 48 insertions, 10 deletions
diff --git a/daemon/ldap.c b/daemon/ldap.c
index 440c531..3321c6a 100644
--- a/daemon/ldap.c
+++ b/daemon/ldap.c
@@ -83,6 +83,10 @@ typedef struct ldap_context
LDAP** pool; /* Pool of available connections */
int pool_mark; /* Amount of connections allocated */
+
+#ifdef _DEBUG
+ const char* debug_nonce;
+#endif
}
ldap_context_t;
@@ -110,6 +114,9 @@ static const ldap_context_t ldap_defaults =
NULL, /* cache */
NULL, /* pool */
0 /* pool_mark */
+#ifdef _DEBUG
+ , NULL /* debug_nonce */
+#endif
};
@@ -925,12 +932,22 @@ static int digest_ldap_challenge(ldap_context_t* ctx, ha_response_t* resp,
ASSERT(ctx && resp && buf);
- /* Generate an nonce */
- digest_makenonce(nonce, g_ldap_secret, NULL);
- nonce_str = ha_bufenchex(buf, nonce, DIGEST_NONCE_LEN);
+#ifdef _DEBUG
+ if(ctx->debug_nonce)
+ {
+ nonce_str = ctx->debug_nonce;
+ ha_messagex(LOG_WARNING, "using debug nonce. security non-existant.");
+ }
+ else
+#endif
+ {
+ unsigned char nonce[DIGEST_NONCE_LEN];
+ digest_makenonce(nonce, g_ldap_secret, NULL);
- if(!nonce_str)
- return HA_ERROR;
+ nonce_str = ha_bufenchex(buf, nonce, DIGEST_NONCE_LEN);
+ if(!nonce_str)
+ return HA_ERROR;
+ }
/* Now generate a message to send */
header = digest_challenge(buf, nonce_str, ctx->realm, ctx->domains, stale);
@@ -966,15 +983,36 @@ static int digest_ldap_response(ldap_context_t* ctx, const char* header,
if(digest_parse(header, buf, &dg, nonce) == HA_ERROR)
return HA_ERROR;
- r = digest_checknonce(nonce, g_ldap_secret, &expiry);
- if(r != HA_OK)
+#ifdef _DEBUG
+ if(ctx->debug_nonce)
{
- if(r == HA_FALSE)
+ if(dg.nonce && strcmp(dg.nonce, ctx->debug_nonce) != 0)
+ {
+ ret = HA_FALSE;
ha_messagex(LOG_WARNING, "digest response contains invalid nonce");
+ goto finally;
+ }
- ret = r;
- goto finally;
+ /* Do a rough hash into the real nonce, for use as a key */
+ md5_string(nonce, ctx->debug_nonce);
+
+ /* Debug nonce's never expire */
+ expiry = time(NULL);
}
+ else
+#endif
+ {
+ r = digest_checknonce(nonce, g_ldap_secret, &expiry);
+ if(r != HA_OK)
+ {
+ if(r == HA_FALSE)
+ ha_messagex(LOG_WARNING, "digest response contains invalid nonce");
+
+ ret = r;
+ goto finally;
+ }
+ }
+
rec = get_cached_digest(ctx, nonce);