diff options
| author | Stef Walter <stef@memberwebs.com> | 2004-04-26 16:41:54 +0000 | 
|---|---|---|
| committer | Stef Walter <stef@memberwebs.com> | 2004-04-26 16:41:54 +0000 | 
| commit | 6f493edb96610203727b35bbe45264a932bfa2a2 (patch) | |
| tree | d85fed11082517fa3d6a434f8d6adc24c129d9a0 /daemon | |
| parent | 570c17aa3bb6a39030ebefc5618f0c3fa8cf0089 (diff) | |
Added debug nonce support to the ldap handler.
Diffstat (limited to 'daemon')
| -rw-r--r-- | daemon/ldap.c | 58 | 
1 files changed, 48 insertions, 10 deletions
| diff --git a/daemon/ldap.c b/daemon/ldap.c index 440c531..3321c6a 100644 --- a/daemon/ldap.c +++ b/daemon/ldap.c @@ -83,6 +83,10 @@ typedef struct ldap_context    LDAP** pool;            /* Pool of available connections */    int pool_mark;          /* Amount of connections allocated */ + +#ifdef _DEBUG +  const char* debug_nonce; +#endif  }  ldap_context_t; @@ -110,6 +114,9 @@ static const ldap_context_t ldap_defaults =    NULL,               /* cache */    NULL,               /* pool */    0                   /* pool_mark */ +#ifdef _DEBUG +  , NULL              /* debug_nonce */ +#endif  }; @@ -925,12 +932,22 @@ static int digest_ldap_challenge(ldap_context_t* ctx, ha_response_t* resp,    ASSERT(ctx && resp && buf); -  /* Generate an nonce */ -  digest_makenonce(nonce, g_ldap_secret, NULL); -  nonce_str = ha_bufenchex(buf, nonce, DIGEST_NONCE_LEN); +#ifdef _DEBUG +  if(ctx->debug_nonce) +  { +    nonce_str = ctx->debug_nonce; +    ha_messagex(LOG_WARNING, "using debug nonce. security non-existant."); +  } +  else +#endif +  { +    unsigned char nonce[DIGEST_NONCE_LEN]; +    digest_makenonce(nonce, g_ldap_secret, NULL); -  if(!nonce_str) -    return HA_ERROR; +    nonce_str = ha_bufenchex(buf, nonce, DIGEST_NONCE_LEN); +    if(!nonce_str) +      return HA_ERROR; +  }    /* Now generate a message to send */    header = digest_challenge(buf, nonce_str, ctx->realm, ctx->domains, stale); @@ -966,15 +983,36 @@ static int digest_ldap_response(ldap_context_t* ctx, const char* header,    if(digest_parse(header, buf, &dg, nonce) == HA_ERROR)      return HA_ERROR; -  r = digest_checknonce(nonce, g_ldap_secret, &expiry); -  if(r != HA_OK) +#ifdef _DEBUG +  if(ctx->debug_nonce)    { -    if(r == HA_FALSE) +    if(dg.nonce && strcmp(dg.nonce, ctx->debug_nonce) != 0) +    { +      ret = HA_FALSE;        ha_messagex(LOG_WARNING, "digest response contains invalid nonce"); +      goto finally; +    } -    ret = r; -    goto finally; +    /* Do a rough hash into the real nonce, for use as a key */ +    md5_string(nonce, ctx->debug_nonce); + +    /* Debug nonce's never expire */ +    expiry = time(NULL);    } +  else +#endif +  { +    r = digest_checknonce(nonce, g_ldap_secret, &expiry); +    if(r != HA_OK) +    { +      if(r == HA_FALSE) +        ha_messagex(LOG_WARNING, "digest response contains invalid nonce"); + +      ret = r; +      goto finally; +    } +  } +    rec = get_cached_digest(ctx, nonce); | 
