summaryrefslogtreecommitdiff
path: root/daemon
diff options
context:
space:
mode:
authorStef Walter <stef@memberwebs.com>2004-05-07 17:52:22 +0000
committerStef Walter <stef@memberwebs.com>2004-05-07 17:52:22 +0000
commit0bc8575dbfb281f5f5e9fb530247d29ba1f296fc (patch)
tree4e0eda73d880c01e9434b4f1ebb52f513119269b /daemon
parentc9b851b3194bf4bff6059e9ff471d125afc39c0f (diff)
Protocol:
- version added to initial Ready - Added SET command - Added 202 Accept response Some structure changes
Diffstat (limited to 'daemon')
-rw-r--r--daemon/digest.c2
-rw-r--r--daemon/digest.h2
-rw-r--r--daemon/httpauthd.c237
-rw-r--r--daemon/httpauthd.h37
-rw-r--r--daemon/ldap.c45
-rw-r--r--daemon/misc.c4
-rw-r--r--daemon/ntlm.c22
-rw-r--r--daemon/simple.c43
8 files changed, 213 insertions, 179 deletions
diff --git a/daemon/digest.c b/daemon/digest.c
index 5c53191..95f62f0 100644
--- a/daemon/digest.c
+++ b/daemon/digest.c
@@ -252,7 +252,7 @@ int digest_parse(char* header, ha_buffer_t* buf, digest_header_t* rec,
return HA_OK;
}
-int digest_check(digest_header_t* dg, digest_record_t* rec, ha_options_t* opts,
+int digest_check(digest_header_t* dg, digest_record_t* rec, const ha_context_opts_t* opts,
ha_buffer_t* buf, const char* method, const char* uri)
{
unsigned char hash[MD5_LEN];
diff --git a/daemon/digest.h b/daemon/digest.h
index 8eec901..de5dae3 100644
--- a/daemon/digest.h
+++ b/daemon/digest.h
@@ -42,7 +42,7 @@ int ha_digestparse(char* header, ha_buffer_t* buf, digest_header_t* rec,
int ha_digestnonce(time_t* tm, unsigned char* nonce);
-int digest_check(digest_header_t* dg, digest_record_t* rec, ha_options_t* opts,
+int digest_check(digest_header_t* dg, digest_record_t* rec, const ha_context_opts_t* opts,
ha_buffer_t* buf, const char* method, const char* uri);
const char* digest_respond(ha_buffer_t* buf, digest_header_t* dg,
diff --git a/daemon/httpauthd.c b/daemon/httpauthd.c
index 55092db..1092e94 100644
--- a/daemon/httpauthd.c
+++ b/daemon/httpauthd.c
@@ -67,7 +67,6 @@ httpauth_command_t;
const char* kAuthHeaders[] =
{
"Authorization",
- "Proxy-Authorization",
NULL
};
@@ -75,6 +74,7 @@ const char* kAuthHeaders[] =
const httpauth_command_t kCommands[] =
{
{ "auth", REQTYPE_AUTH, 4, kAuthHeaders },
+ { "set", REQTYPE_SET, 2, 0 },
{ "quit", REQTYPE_QUIT, 0, 0 },
{ NULL, -1, -1 }
};
@@ -723,7 +723,7 @@ static int httpauth_respond(int ofd, int scode, int ccode, const char* msg)
ASSERT(ccode == 0 || (ccode > 99 && ccode < 1000));
/* Can only have a client code when server code is 200 */
- ASSERT(ccode == 0 || scode == HA_SERVER_ACCEPT);
+ ASSERT(ccode == 0 || scode == HA_SERVER_OK);
sprintf(num, "%d ", scode);
@@ -777,7 +777,7 @@ static int httpauth_write(int ofd, ha_response_t* resp)
ASSERT(ofd != -1);
ASSERT(resp);
- if(httpauth_respond(ofd, HA_SERVER_ACCEPT, resp->code, resp->detail) < 0)
+ if(httpauth_respond(ofd, HA_SERVER_OK, resp->code, resp->detail) < 0)
return HA_CRITERROR;
for(i = 0; i < HA_MAX_HEADERS; i++)
@@ -841,31 +841,112 @@ static int httpauth_ready(int ofd, ha_buffer_t* buf)
/* We send a ready banner to our client */
+ if(ha_buferr(buf))
+ return httpauth_error(ofd, HA_CRITERROR);
+
+ else
+ return httpauth_respond(ofd, HA_SERVER_READY, 0, "HTTPAUTH/1.0");
+
+}
+
+static int httpauth_auth(int ofd, ha_request_t* req,
+ ha_response_t* resp, ha_buffer_t* outb)
+{
+ httpauth_loaded_t* h;
+ int processed = 0;
+ int r;
+
+ ASSERT(req && resp && outb);
+
+ /* Clear out our response */
+ memset(resp, 0, sizeof(*resp));
+
+ /* Check our connection argument */
+ if(!req->args[AUTH_ARG_CONN] || !(req->args[AUTH_ARG_CONN][0]))
+ {
+ ha_messagex(LOG_ERR, "missing connection ID in request");
+ return HA_BADREQ;
+ }
+
+ /* Check our uri argument */
+ if(!req->args[AUTH_ARG_URI] || !(req->args[AUTH_ARG_URI][0]))
+ {
+ ha_messagex(LOG_ERR, "missing URI in request");
+ return HA_BADREQ;
+ }
+
+ /* Check our connection arguments */
+ if(!req->args[AUTH_ARG_METHOD] || !(req->args[AUTH_ARG_METHOD][0]))
+ {
+ ha_messagex(LOG_ERR, "missing method in request");
+ return HA_BADREQ;
+ }
+
+ /* Find a handler for this type */
for(h = g_handlers; h; h = h->next)
{
- if(h != g_handlers)
- ha_bufjoin(buf);
+ if(strcasecmp(h->ctx.name, req->args[0]) == 0)
+ {
+ ha_messagex(LOG_INFO, "processing request with method: %s (%s)",
+ h->ctx.name, h->ctx.handler->type);
+
+ /* Now let the handler handle it */
+ ASSERT(h->ctx.handler->f_process);
- ha_bufmcat(buf, (h != g_handlers) ? " " : "",
- h->ctx.name, NULL);
+ processed = 1;
+ r = (h->ctx.handler->f_process)(&(h->ctx), req, resp, outb);
+ if(r < 0)
+ return r;
+ }
}
- if(ha_buferr(buf))
+ if(!processed)
{
- return httpauth_error(ofd, HA_CRITERROR);
+ ha_messagex(LOG_ERR, "unknown authentication type: %s", req->args[0]);
+ return HA_BADREQ;
+ }
+
+ if(httpauth_write(ofd, resp) < 0)
+ return HA_CRITERROR;
+
+ return HA_OK;
+}
+
+static int httpauth_set(int ofd, ha_request_t* req, ha_request_opts_t* opts,
+ ha_buffer_t* outb)
+{
+ const char* name = req->args[0];
+ const char* value = req->args[1];
+
+ /* Check our name argument */
+ if(!name || !*name)
+ {
+ ha_messagex(LOG_ERR, "missing name in SET request");
+ return HA_BADREQ;
+ }
+
+ if(strcasecmp(name, "Domain") == 0)
+ {
+ opts->digest_domains = value ? value : "";
}
+
else
{
- return httpauth_respond(ofd, HA_SERVER_READY, 0, ha_bufdata(buf));
+ ha_messagex(LOG_ERR, "bad option in SET request");
+ return HA_BADREQ;
}
+
+ return httpauth_respond(ofd, HA_SERVER_ACCEPTED, 0, NULL);
}
+
static int httpauth_processor(int ifd, int ofd)
{
ha_buffer_t inb;
ha_buffer_t outb;
ha_request_t req;
ha_response_t resp;
+ ha_request_opts_t opts;
int result = -1;
int r;
@@ -876,6 +957,10 @@ static int httpauth_processor(int ifd, int ofd)
ha_bufinit(&inb);
ha_bufinit(&outb);
+ /* Initialize default options */
+ memset(&opts, 0, sizeof(opts));
+ opts.digest_domains = "";
+
if(httpauth_ready(ofd, &outb) == -1)
{
result = 1;
@@ -908,56 +993,46 @@ static int httpauth_processor(int ifd, int ofd)
if(r == 0)
result = 0;
+ req.opts = &opts;
+
switch(req.type)
{
case REQTYPE_AUTH:
-
- r = process_auth(&req, &resp, &outb);
-
- if(g_quit)
- continue;
-
- if(ha_buferr(&outb))
- r = HA_CRITERROR;
-
- if(r < 0)
- {
- httpauth_error(ofd, r);
-
- if(r == HA_CRITERROR)
- result = 1;
-
- continue;
- }
-
- if(httpauth_write(ofd, &resp) < 0)
- {
- /* If writing failed then we don't bother notifying the client */
- result = 1;
- continue;
- }
-
+ r = httpauth_auth(ofd, &req, &resp, &outb);
break;
+ case REQTYPE_SET:
+ r = httpauth_set(ofd, &req, &opts, &outb);
+ break;
case REQTYPE_QUIT:
+ r = HA_OK;
result = 0;
break;
case REQTYPE_IGNORE:
+ r = HA_FALSE;
break;
default:
ha_messagex(LOG_WARNING, "received unknown command from client: %d", ifd);
-
- if(httpauth_respond(ofd, HA_SERVER_BADREQ, 0, "Unknown command") == -1)
- {
- result = -1;
- continue;
- }
-
+ r = httpauth_respond(ofd, HA_SERVER_BADREQ, 0, "Unknown command");
break;
};
+
+ if(g_quit)
+ continue;
+
+ if(ha_buferr(&outb))
+ r = HA_CRITERROR;
+
+ if(r < 0)
+ {
+ httpauth_error(ofd, r);
+
+ if(r == HA_CRITERROR)
+ result = 1;
+ }
}
if(ifd == ofd)
@@ -972,80 +1047,38 @@ finally:
return result;
}
-static int process_auth(ha_request_t* req, ha_response_t* resp,
- ha_buffer_t* outb)
-{
- httpauth_loaded_t* h;
-
- ASSERT(req && resp && outb);
-
- /* Clear out our response */
- memset(resp, 0, sizeof(*resp));
-
- /* Check our connection argument */
- if(!req->args[AUTH_ARG_CONN] || !(req->args[AUTH_ARG_CONN][0]))
- {
- ha_messagex(LOG_ERR, "missing connection ID in request");
- return HA_BADREQ;
- }
-
- /* Check our uri argument */
- if(!req->args[AUTH_ARG_URI] || !(req->args[AUTH_ARG_URI][0]))
- {
- ha_messagex(LOG_ERR, "missing URI in request");
- return HA_BADREQ;
- }
-
- /* Check our connection arguments */
- if(!req->args[AUTH_ARG_METHOD] || !(req->args[AUTH_ARG_METHOD][0]))
- {
- ha_messagex(LOG_ERR, "missing method in request");
- return HA_BADREQ;
- }
-
-
- /* Find a handler for this type */
- for(h = g_handlers; h; h = h->next)
- {
- if(strcasecmp(h->ctx.name, req->args[0]) == 0)
- {
- ha_messagex(LOG_INFO, "processing request with method: %s (%s)",
- h->ctx.name, h->ctx.handler->type);
-
- /* Now let the handler handle it */
- ASSERT(h->ctx.handler->f_process);
- return (h->ctx.handler->f_process)(&(h->ctx), req, resp, outb);
- }
- }
-
- ha_messagex(LOG_ERR, "unknown authentication type: %s", req->args[0]);
- return HA_BADREQ;
-}
-
/* -----------------------------------------------------------------------
* Configuration
*/
static ha_context_t* config_addhandler(ha_buffer_t* buf, const char* alias,
- ha_handler_t* handler, const ha_options_t* defaults)
+ ha_handler_t* handler, const ha_context_opts_t* defaults)
{
httpauth_loaded_t* loaded;
+ ha_context_opts_t* opts;
int len;
ASSERT(buf && alias && handler && defaults);
- len = sizeof(httpauth_loaded_t) + handler->context_size;
+ len = sizeof(httpauth_loaded_t) + sizeof(ha_context_opts_t) +
+ handler->context_size;
loaded = (httpauth_loaded_t*)ha_bufmalloc(buf, len);
if(!loaded)
errx(1, "out of memory");
memset(loaded, 0, len);
- memcpy(&(loaded->ctx.opts), defaults, sizeof(ha_options_t));
+
+ /* Setup the options */
+ opts = (ha_context_opts_t*)(((unsigned char*)loaded) +
+ sizeof(httpauth_loaded_t));
+
+ memcpy(opts, defaults, sizeof(ha_context_opts_t));
+ loaded->ctx.opts = opts;
if(handler->context_size)
{
- void* mem = ((unsigned char*)loaded) + sizeof(httpauth_loaded_t);
+ void* mem = ((unsigned char*)(opts)) + sizeof(ha_context_opts_t);
/* Initialize the defaults properly */
if(handler->context_default)
@@ -1090,7 +1123,7 @@ static ha_context_t* config_addhandler(ha_buffer_t* buf, const char* alias,
static int config_parse(const char* file, ha_buffer_t* buf)
{
- ha_options_t defaults;
+ ha_context_opts_t defaults;
ha_context_t* ctx = NULL;
int line = 0;
int fd;
@@ -1235,7 +1268,7 @@ static int config_parse(const char* file, ha_buffer_t* buf)
/* Options that are legal in both global and internal sections */
if(!recog)
{
- ha_options_t* opts = ctx ? &(ctx->opts) : &defaults;
+ ha_context_opts_t* opts = ctx ? (ha_context_opts_t*)(ctx->opts) : &defaults;
ASSERT(opts);
if(strcmp(name, "cachetimeout") == 0)
@@ -1324,12 +1357,6 @@ static int config_parse(const char* file, ha_buffer_t* buf)
recog = 1;
}
- else if(strcmp(name, "digestdomains") == 0)
- {
- opts->digest_domains = value;
- recog = 1;
- }
-
#ifdef _DEBUG
else if(strcmp(name, "digestdebugnonce") == 0)
{
diff --git a/daemon/httpauthd.h b/daemon/httpauthd.h
index d225e4b..ce5b21b 100644
--- a/daemon/httpauthd.h
+++ b/daemon/httpauthd.h
@@ -131,7 +131,7 @@ typedef int (*auth_config_t)(struct ha_context* ctx, const char* name, const cha
* for this handler. Note that all data access in this
* function must be thread-safe.
*/
-typedef int (*auth_process_t)(struct ha_context* ctx, struct ha_request* req,
+typedef int (*auth_process_t)(struct ha_context* ctx, const struct ha_request* req,
struct ha_response* resp, ha_buffer_t* mem);
/* An authentication handler */
@@ -143,7 +143,7 @@ typedef struct ha_handler
auth_config_t f_config; /* #0 Called for each config param */
auth_process_t f_process; /* #2 Called for each auth request */
const void* context_default; /* The default context */
- size_t context_size; /* Bytes of extra context needed */
+ const size_t context_size; /* Bytes of extra context needed */
}
ha_handler_t;
@@ -176,8 +176,8 @@ ha_handler_t;
-
-typedef struct ha_options
+/* Standard options for the current context */
+typedef struct ha_context_opts
{
/* Basic options */
unsigned int types;
@@ -190,18 +190,17 @@ typedef struct ha_options
/* For digest auth: */
unsigned int digest_ignoreuri : 1;
unsigned int digest_ignorenc : 1;
- const char* digest_domains;
const char* digest_debugnonce;
}
-ha_options_t;
+ha_context_opts_t;
-/* Context passed to the handler functions below */
+/* Context passed to the handler functions above */
typedef struct ha_context
{
- const char* name; /* A name assigned by the configuration file */
- ha_handler_t* handler; /* The original handler structure */
- ha_options_t opts; /* The options */
- void* data; /* Handler specific data */
+ const char* name; /* A name assigned by the configuration file */
+ const ha_handler_t* handler; /* The original handler structure */
+ const ha_context_opts_t* opts; /* The options */
+ void* data; /* Handler specific data */
}
ha_context_t;
@@ -246,23 +245,33 @@ ha_header_t;
#define REQTYPE_IGNORE 0
#define REQTYPE_QUIT 1
#define REQTYPE_AUTH 2
+#define REQTYPE_SET 3
#define AUTH_ARG_CONN 1
#define AUTH_ARG_METHOD 2
#define AUTH_ARG_URI 3
+/* Options for the current request */
+typedef struct ha_request_opts
+{
+ const char* digest_domains;
+}
+ha_request_opts_t;
+
/* A single request from client */
typedef struct ha_request
{
int type;
const char* args[HA_MAX_ARGS];
ha_header_t headers[HA_MAX_HEADERS];
+ const ha_request_opts_t* opts;
}
ha_request_t;
/* The various response codes for the client */
#define HA_SERVER_READY 100
-#define HA_SERVER_ACCEPT 200
+#define HA_SERVER_OK 200
+#define HA_SERVER_ACCEPTED 202
#define HA_SERVER_DECLINE 401
#define HA_SERVER_BADREQ 400
#define HA_SERVER_BUSY 500
@@ -277,8 +286,8 @@ typedef struct ha_response
ha_response_t;
/* Request functions */
-ha_header_t* ha_findheader(ha_request_t* req, const char* name);
-const char* ha_getheader(ha_request_t* req, const char* name, const char* prefix);
+const ha_header_t* ha_findheader(const ha_request_t* req, const char* name);
+const char* ha_getheader(const ha_request_t* req, const char* name, const char* prefix);
/* Response functions */
void ha_addheader(ha_response_t* resp, const char* name, const char* data);
diff --git a/daemon/ldap.c b/daemon/ldap.c
index 9fda424..9fd513f 100644
--- a/daemon/ldap.c
+++ b/daemon/ldap.c
@@ -73,7 +73,7 @@ typedef struct ldap_context
int ldap_max; /* Number of open connections allowed */
int ldap_timeout; /* Maximum amount of time to dedicate to an ldap query */
- ha_options_t* opts; /* Options from httpauthd.c */
+ const ha_context_opts_t* opts; /* Options from httpauthd.c */
/* Context ----------------------------------------------------------- */
hash_t* cache; /* Some cached records or basic */
@@ -252,12 +252,12 @@ static const char* escape_ldap(ha_buffer_t* buf, const char* str)
t += pos;
}
- while(*t && !strchr(LDAP_NO_ESCAPE, t))
+ while(*t && !strchr(LDAP_NO_ESCAPE, *t))
{
char hex[4];
hex[0] = '\\';
hex[1] = LDAP_HEX[*t >> 4 & 0xf];
- hex[2] = LDAP_HEX[*t 0xf];
+ hex[2] = LDAP_HEX[*t & 0xf];
hex[3] = '\0';
ha_bufjoin(buf);
@@ -999,7 +999,7 @@ finally:
if(found && ret >= 0)
{
- resp->code = HA_SERVER_ACCEPT;
+ resp->code = HA_SERVER_OK;
resp->detail = basic.user;
/* We put this connection into the successful connections */
@@ -1009,8 +1009,8 @@ finally:
return ret;
}
-static int digest_ldap_challenge(ldap_context_t* ctx, ha_response_t* resp,
- ha_buffer_t* buf, int stale)
+static int digest_ldap_challenge(ldap_context_t* ctx, const ha_request_t* req,
+ ha_response_t* resp, ha_buffer_t* buf, int stale)
{
unsigned char nonce[DIGEST_NONCE_LEN];
const char* nonce_str;
@@ -1037,7 +1037,7 @@ static int digest_ldap_challenge(ldap_context_t* ctx, ha_response_t* resp,
/* Now generate a message to send */
header = digest_challenge(buf, nonce_str, ctx->opts->realm,
- ctx->opts->digest_domains, stale);
+ req->opts->digest_domains, stale);
if(!header)
return HA_CRITERROR;
@@ -1051,8 +1051,7 @@ static int digest_ldap_challenge(ldap_context_t* ctx, ha_response_t* resp,
}
static int digest_ldap_response(ldap_context_t* ctx, const char* header,
- const char* method, const char* uri,
- ha_response_t* resp, ha_buffer_t* buf)
+ const ha_request_t* req, ha_response_t* resp, ha_buffer_t* buf)
{
unsigned char nonce[DIGEST_NONCE_LEN];
digest_header_t dg;
@@ -1063,7 +1062,7 @@ static int digest_ldap_response(ldap_context_t* ctx, const char* header,
int stale = 0;
int r;
- ASSERT(ctx && header && method && uri && resp && buf);
+ ASSERT(ctx && header && req && resp && buf);
/* We use this below to send a default response */
resp->code = -1;
@@ -1142,7 +1141,8 @@ static int digest_ldap_response(ldap_context_t* ctx, const char* header,
rec->nc++;
}
- ret = digest_check(&dg, rec, ctx->opts, buf, method, uri);
+ ret = digest_check(&dg, rec, ctx->opts, buf,
+ req->args[AUTH_ARG_METHOD], req->args[AUTH_ARG_URI]);
if(ret == HA_BADREQ)
{
@@ -1152,7 +1152,7 @@ static int digest_ldap_response(ldap_context_t* ctx, const char* header,
else if(ret == HA_OK)
{
- resp->code = HA_SERVER_ACCEPT;
+ resp->code = HA_SERVER_OK;
resp->detail = dg.username;
/* Figure out if we need a new nonce */
@@ -1193,7 +1193,7 @@ finally:
/* If nobody above responded then challenge the client again */
if(resp->code == -1)
- return digest_ldap_challenge(ctx, resp, buf, stale);
+ return digest_ldap_challenge(ctx, req, resp, buf, stale);
return ret;
}
@@ -1311,7 +1311,7 @@ int ldap_inithand(ha_context_t* context)
ASSERT(ctx);
/* Make sure there are some types of authentication we can do */
- if(!(context->opts.types & (HA_TYPE_BASIC | HA_TYPE_DIGEST)))
+ if(!(context->opts->types & (HA_TYPE_BASIC | HA_TYPE_DIGEST)))
{
ha_messagex(LOG_ERR, "ldap: module configured, but does not implement any "
"configured authentication type.");
@@ -1358,7 +1358,7 @@ int ldap_inithand(ha_context_t* context)
memset(ctx->pool, 0, sizeof(LDAP*) * ctx->ldap_max);
/* Copy some settings over for easy access */
- ctx->opts = &(context->opts);
+ ctx->opts = context->opts;
ha_messagex(LOG_INFO, "ldap: initialized handler");
}
@@ -1398,7 +1398,7 @@ void ldap_destroy(ha_context_t* context)
ha_messagex(LOG_INFO, "ldap: uninitialized handler");
}
-int ldap_process(ha_context_t* context, ha_request_t* req,
+int ldap_process(ha_context_t* context, const ha_request_t* req,
ha_response_t* resp, ha_buffer_t* buf)
{
ldap_context_t* ctx = (ldap_context_t*)context->data;
@@ -1425,21 +1425,20 @@ int ldap_process(ha_context_t* context, ha_request_t* req,
/* Check the headers and see if we got a response thingy */
- if(context->opts.types & HA_TYPE_DIGEST)
+ if(context->opts->types & HA_TYPE_DIGEST)
{
header = ha_getheader(req, "Authorization", HA_PREFIX_DIGEST);
if(header)
{
ha_messagex(LOG_DEBUG, "ldap: processing digest auth header");
- ret = digest_ldap_response(ctx, header, req->args[AUTH_ARG_METHOD],
- req->args[AUTH_ARG_URI], resp, buf);
+ ret = digest_ldap_response(ctx, header, req, resp, buf);
if(ret < 0)
return ret;
}
}
/* Or a basic authentication */
- if(!header && context->opts.types & HA_TYPE_BASIC)
+ if(!header && context->opts->types & HA_TYPE_BASIC)
{
header = ha_getheader(req, "Authorization", HA_PREFIX_BASIC);
if(header)
@@ -1457,7 +1456,7 @@ int ldap_process(ha_context_t* context, ha_request_t* req,
{
resp->code = HA_SERVER_DECLINE;
- if(context->opts.types & HA_TYPE_BASIC)
+ if(context->opts->types & HA_TYPE_BASIC)
{
ha_bufmcat(buf, "BASIC realm=\"", ctx->opts->realm , "\"", NULL);
@@ -1468,9 +1467,9 @@ int ldap_process(ha_context_t* context, ha_request_t* req,
ha_messagex(LOG_DEBUG, "ldap: sent basic auth request");
}
- if(context->opts.types & HA_TYPE_DIGEST)
+ if(context->opts->types & HA_TYPE_DIGEST)
{
- ret = digest_ldap_challenge(ctx, resp, buf, 0);
+ ret = digest_ldap_challenge(ctx, req, resp, buf, 0);
if(ret < 0)
return ret;
}
diff --git a/daemon/misc.c b/daemon/misc.c
index a38eda9..8e361be 100644
--- a/daemon/misc.c
+++ b/daemon/misc.c
@@ -81,7 +81,7 @@ void ha_message(int level, const char* msg, ...)
* Header Functionality
*/
-ha_header_t* ha_findheader(ha_request_t* req, const char* name)
+const ha_header_t* ha_findheader(const ha_request_t* req, const char* name)
{
int i;
@@ -99,7 +99,7 @@ ha_header_t* ha_findheader(ha_request_t* req, const char* name)
return NULL;
}
-const char* ha_getheader(ha_request_t* req, const char* name, const char* prefix)
+const char* ha_getheader(const ha_request_t* req, const char* name, const char* prefix)
{
int i, l;
diff --git a/daemon/ntlm.c b/daemon/ntlm.c
index bbbac5e..a46eecc 100644
--- a/daemon/ntlm.c
+++ b/daemon/ntlm.c
@@ -252,7 +252,7 @@ int ntlm_auth_basic(ntlm_context_t* ctx, char* key, const char* header,
if(found)
{
int r;
- resp->code = HA_SERVER_ACCEPT;
+ resp->code = HA_SERVER_OK;
resp->detail = basic.user;
ha_lock(NULL);
@@ -584,7 +584,7 @@ int ntlm_init(ha_context_t* context)
ASSERT(ctx);
/* Make sure there are some types of authentication we can do */
- if(!(context->opts.types & (HA_TYPE_BASIC | HA_TYPE_NTLM)))
+ if(!(context->opts->types & (HA_TYPE_BASIC | HA_TYPE_NTLM)))
{
ha_messagex(LOG_ERR, "NTLM module configured, but does not implement any "
"configured authentication type.");
@@ -655,7 +655,7 @@ void ntlm_destroy(ha_context_t* context)
}
}
-int ntlm_process(ha_context_t* context, ha_request_t* req,
+int ntlm_process(ha_context_t* context, const ha_request_t* req,
ha_response_t* resp, ha_buffer_t* buf)
{
ntlm_context_t* ctx = (ntlm_context_t*)(context->data);
@@ -682,7 +682,7 @@ int ntlm_process(ha_context_t* context, ha_request_t* req,
* well as half open connections which expire.
*/
r = hash_purge(ctx->pending, t - ctx->pending_timeout);
- r += hash_purge(ctx->established, t - context->opts.cache_timeout);
+ r += hash_purge(ctx->established, t - context->opts->cache_timeout);
ha_unlock(NULL);
@@ -690,7 +690,7 @@ int ntlm_process(ha_context_t* context, ha_request_t* req,
ha_messagex(LOG_DEBUG, "ntlm: purged info from cache: %d", r);
/* Look for a NTLM header */
- if(context->opts.types & HA_TYPE_NTLM)
+ if(context->opts->types & HA_TYPE_NTLM)
{
header = ha_getheader(req, "Authorization", HA_PREFIX_NTLM);
if(header)
@@ -707,7 +707,7 @@ int ntlm_process(ha_context_t* context, ha_request_t* req,
}
/* If basic is enabled, and no NTLM */
- if(!header && context->opts.types & HA_TYPE_BASIC)
+ if(!header && context->opts->types & HA_TYPE_BASIC)
{
/* Look for a Basic header */
header = ha_getheader(req, "Authorization", HA_PREFIX_BASIC);
@@ -739,12 +739,12 @@ int ntlm_process(ha_context_t* context, ha_request_t* req,
if(hash_get(ctx->established, key) == NTLM_ESTABLISHED)
{
hash_touch(ctx->established, key);
- resp->code = HA_SERVER_ACCEPT;
+ resp->code = HA_SERVER_OK;
}
ha_unlock(NULL);
- if(resp->code == HA_SERVER_ACCEPT)
+ if(resp->code == HA_SERVER_OK)
ha_messagex(LOG_NOTICE, "ntlm: validated user against connection cache");
/* TODO: We need to be able to retrieve the user here somehow */
@@ -757,15 +757,15 @@ int ntlm_process(ha_context_t* context, ha_request_t* req,
/* If authentication failed tell the browser about it */
resp->code = HA_SERVER_DECLINE;
- if(context->opts.types & HA_TYPE_NTLM)
+ if(context->opts->types & HA_TYPE_NTLM)
{
ha_addheader(resp, "WWW-Authenticate", HA_PREFIX_NTLM);
ha_messagex(LOG_DEBUG, "ntlm: sent ntlm auth request");
}
- if(context->opts.types & HA_TYPE_BASIC)
+ if(context->opts->types & HA_TYPE_BASIC)
{
- ha_bufmcat(buf, HA_PREFIX_BASIC, "realm=\"", context->opts.realm, "\"", NULL);
+ ha_bufmcat(buf, HA_PREFIX_BASIC, "realm=\"", context->opts->realm, "\"", NULL);
if(ha_buferr(buf))
return HA_CRITERROR;
diff --git a/daemon/simple.c b/daemon/simple.c
index d45668f..7165c9c 100644
--- a/daemon/simple.c
+++ b/daemon/simple.c
@@ -26,8 +26,8 @@ unsigned char g_simple_secret[DIGEST_SECRET_LEN];
typedef struct simple_context
{
/* Settings ----------------------------------------------------------- */
- const char* filename; /* The file name with the user names */
- ha_options_t* opts; /* Options from httpauthd.c */
+ const char* filename; /* The file name with the user names */
+ const ha_context_opts_t* opts; /* Options from httpauthd.c */
/* Context ----------------------------------------------------------- */
hash_t* cache; /* Some cached records or basic */
@@ -379,7 +379,7 @@ finally:
if(ret == HA_OK)
{
- resp->code = HA_SERVER_ACCEPT;
+ resp->code = HA_SERVER_OK;
resp->detail = basic.user;
/* We put this connection into the successful connections */
@@ -389,8 +389,8 @@ finally:
return ret;
}
-static int simple_digest_challenge(simple_context_t* ctx, ha_response_t* resp,
- ha_buffer_t* buf, int stale)
+static int simple_digest_challenge(simple_context_t* ctx, const ha_request_t* req,
+ ha_response_t* resp, ha_buffer_t* buf, int stale)
{
const char* nonce_str;
const char* header;
@@ -419,7 +419,7 @@ static int simple_digest_challenge(simple_context_t* ctx, ha_response_t* resp,
/* Now generate a message to send */
header = digest_challenge(buf, nonce_str, ctx->opts->realm,
- ctx->opts->digest_domains, stale);
+ req->opts->digest_domains, stale);
if(!header)
return HA_CRITERROR;
@@ -433,8 +433,7 @@ static int simple_digest_challenge(simple_context_t* ctx, ha_response_t* resp,
}
static int simple_digest_response(simple_context_t* ctx, const char* header,
- const char* method, const char* uri,
- ha_response_t* resp, ha_buffer_t* buf)
+ const ha_request_t* req, ha_response_t* resp, ha_buffer_t* buf)
{
unsigned char nonce[DIGEST_NONCE_LEN];
digest_header_t dg;
@@ -445,7 +444,7 @@ static int simple_digest_response(simple_context_t* ctx, const char* header,
int stale = 0;
int r;
- ASSERT(ctx && header && method && uri && resp && buf);
+ ASSERT(ctx && header && req && resp && buf);
/* We use this below to send a default response */
resp->code = -1;
@@ -525,7 +524,8 @@ static int simple_digest_response(simple_context_t* ctx, const char* header,
rec->nc++;
}
- ret = digest_check(&dg, rec, ctx->opts, buf, method, uri);
+ ret = digest_check(&dg, rec, ctx->opts, buf,
+ req->args[AUTH_ARG_METHOD], req->args[AUTH_ARG_URI]);
if(ret == HA_BADREQ)
{
@@ -535,7 +535,7 @@ static int simple_digest_response(simple_context_t* ctx, const char* header,
else if(ret == HA_OK)
{
- resp->code = HA_SERVER_ACCEPT;
+ resp->code = HA_SERVER_OK;
resp->detail = dg.username;
/* Figure out if we need a new nonce */
@@ -576,7 +576,7 @@ finally:
/* If nobody above responded then challenge the client again */
if(resp->code == -1)
- return simple_digest_challenge(ctx, resp, buf, stale);
+ return simple_digest_challenge(ctx, req, resp, buf, stale);
return ret;
}
@@ -619,7 +619,7 @@ int simple_init(ha_context_t* context)
ASSERT(ctx);
/* Make sure there are some types of authentication we can do */
- if(!(context->opts.types & (HA_TYPE_BASIC | HA_TYPE_DIGEST)))
+ if(!(context->opts->types & (HA_TYPE_BASIC | HA_TYPE_DIGEST)))
{
ha_messagex(LOG_ERR, "simple: module configured, but does not implement any "
"configured authentication type.");
@@ -654,7 +654,7 @@ int simple_init(ha_context_t* context)
}
/* Copy some settings over for easy access */
- ctx->opts = &(context->opts);
+ ctx->opts = context->opts;
ha_messagex(LOG_INFO, "simple: initialized handler");
}
@@ -677,7 +677,7 @@ void simple_destroy(ha_context_t* context)
}
}
-int simple_process(ha_context_t* context, ha_request_t* req,
+int simple_process(ha_context_t* context, const ha_request_t* req,
ha_response_t* resp, ha_buffer_t* buf)
{
simple_context_t* ctx = (simple_context_t*)(context->data);
@@ -706,21 +706,20 @@ int simple_process(ha_context_t* context, ha_request_t* req,
/* Check the headers and see if we got a response thingy */
- if(context->opts.types & HA_TYPE_DIGEST)
+ if(context->opts->types & HA_TYPE_DIGEST)
{
header = ha_getheader(req, "Authorization", HA_PREFIX_DIGEST);
if(header)
{
ha_messagex(LOG_DEBUG, "simple: processing digest auth header");
- ret = simple_digest_response(ctx, header, req->args[AUTH_ARG_METHOD],
- req->args[AUTH_ARG_URI], resp, buf);
+ ret = simple_digest_response(ctx, header, req, resp, buf);
if(ret < 0)
return ret;
}
}
/* Or a basic authentication */
- if(!header && context->opts.types & HA_TYPE_BASIC)
+ if(!header && context->opts->types & HA_TYPE_BASIC)
{
ha_messagex(LOG_DEBUG, "simple: processing basic auth header");
header = ha_getheader(req, "Authorization", HA_PREFIX_BASIC);
@@ -738,7 +737,7 @@ int simple_process(ha_context_t* context, ha_request_t* req,
{
resp->code = HA_SERVER_DECLINE;
- if(context->opts.types & HA_TYPE_BASIC)
+ if(context->opts->types & HA_TYPE_BASIC)
{
ha_bufmcat(buf, "BASIC realm=\"", ctx->opts->realm , "\"", NULL);
@@ -749,9 +748,9 @@ int simple_process(ha_context_t* context, ha_request_t* req,
ha_messagex(LOG_DEBUG, "simple: sent basic auth request");
}
- if(context->opts.types & HA_TYPE_DIGEST)
+ if(context->opts->types & HA_TYPE_DIGEST)
{
- ret = simple_digest_challenge(ctx, resp, buf, 0);
+ ret = simple_digest_challenge(ctx, req, resp, buf, 0);
if(ret < 0)
return ret;
}