diff options
| -rw-r--r-- | common/buffer.c | 42 | ||||
| -rw-r--r-- | daemon/basic.c | 2 | ||||
| -rw-r--r-- | daemon/digest.c | 26 | ||||
| -rw-r--r-- | daemon/httpauthd.c | 58 | ||||
| -rw-r--r-- | daemon/ldap.c | 74 | ||||
| -rw-r--r-- | daemon/misc.c | 25 | ||||
| -rw-r--r-- | daemon/ntlm.c | 39 | ||||
| -rw-r--r-- | daemon/simple.c | 31 |
8 files changed, 263 insertions, 34 deletions
diff --git a/common/buffer.c b/common/buffer.c index a5b18a7..0bba3bf 100644 --- a/common/buffer.c +++ b/common/buffer.c @@ -18,6 +18,8 @@ void buffer_bump(ha_buffer_t* buf, int count) { + ASSERT(buf && count); + if(ha_buferr(buf)) return; @@ -49,12 +51,15 @@ void buffer_bump(ha_buffer_t* buf, int count) void ha_bufinit(ha_buffer_t* buf) { + ASSERT(buf); memset(buf, 0, sizeof(*buf)); ha_bufreset(buf); } void ha_bufreset(ha_buffer_t* buf) { + ASSERT(buf); + if(!buf->_dt || buf->_al == 0) { buf->_dt = (char*)reallocf(buf->_dt, 256 * sizeof(char)); @@ -75,6 +80,8 @@ void ha_bufreset(ha_buffer_t* buf) void ha_buffree(ha_buffer_t* buf) { + ASSERT(buf); + if(buf->_dt) free(buf->_dt); @@ -87,6 +94,9 @@ int ha_bufreadline(int fd, ha_buffer_t* buf) { int l; + ASSERT(buf); + ASSERT(fd != -1); + if(ha_buferr(buf)) return 0; @@ -142,6 +152,8 @@ char* ha_bufparseword(ha_buffer_t* buf, const char* delims) { char* word = NULL; + ASSERT(buf && delims); + if(ha_buferr(buf)) return NULL; @@ -191,6 +203,8 @@ char* ha_bufparseline(ha_buffer_t* buf, int trim) char* t; char* line = NULL; + ASSERT(buf); + if(ha_buferr(buf)) return NULL; @@ -237,6 +251,8 @@ char* ha_bufmcat(ha_buffer_t* buf, ...) const char* str; va_list ap; + ASSERT(buf); + va_start(ap, buf); if(ha_buferr(buf)) @@ -267,12 +283,18 @@ char* ha_bufmcat(ha_buffer_t* buf, ...) char* ha_bufcpy(ha_buffer_t* buf, const char* src) { - size_t len = strlen(src); + size_t len; + + ASSERT(buf && src); + + len = strlen(src); return ha_bufncpy(buf, src, len); } char* ha_bufncpy(ha_buffer_t* buf, const char* src, size_t len) { + ASSERT(buf && src); + if(ha_buferr(buf)) return NULL; @@ -296,6 +318,8 @@ void* ha_bufmalloc(ha_buffer_t* buf, size_t sz) { void* ret; + ASSERT(buf && sz); + if(ha_buferr(buf)) return NULL; @@ -315,9 +339,13 @@ void* ha_bufmalloc(ha_buffer_t* buf, size_t sz) void* ha_bufmemdup(ha_buffer_t* buf, const void* src, size_t bytes) { - void* mem = ha_bufmalloc(buf, bytes); - if(mem) + void* mem; + + ASSERT(buf && src && bytes); + + if((mem = ha_bufmalloc(buf, bytes)) != NULL) memcpy(mem, src, bytes); + return mem; } @@ -357,6 +385,8 @@ char* ha_bufenc64(ha_buffer_t* buf, const void* source, size_t len) unsigned char* src = (unsigned char*)source; size_t i; + ASSERT(buf && source && len); + if(ha_buferr(buf)) return NULL; @@ -422,6 +452,8 @@ void* ha_bufdec64(ha_buffer_t* buf, const char* src, size_t bytes) char* pos; size_t done = 0; + ASSERT(buf && src); + if(ha_buferr(buf)) return NULL; @@ -491,6 +523,8 @@ char* ha_bufenchex(ha_buffer_t* buf, const void* source, size_t len) unsigned char* src = (unsigned char*)source; unsigned char j; + ASSERT(buf && source && len); + buffer_bump(buf, (len * 2) + 1); if(ha_buferr(buf)) @@ -524,6 +558,8 @@ void* ha_bufdechex(ha_buffer_t* buf, const char* src, size_t bytes) size_t done = 0; char* pos; + ASSERT(buf && src); + if(bytes != 0) { buffer_bump(buf, bytes + 1); diff --git a/daemon/basic.c b/daemon/basic.c index da73682..ddce156 100644 --- a/daemon/basic.c +++ b/daemon/basic.c @@ -7,6 +7,8 @@ int basic_parse(const char* header, ha_buffer_t* buf, basic_header_t* rec) { char* t; + ASSERT(header && buf && rec); + memset(rec, 0, sizeof(*rec)); /* Trim the white space */ diff --git a/daemon/digest.c b/daemon/digest.c index 51120a0..79b4ff3 100644 --- a/daemon/digest.c +++ b/daemon/digest.c @@ -22,6 +22,7 @@ void digest_makenonce(unsigned char* nonce, unsigned char* secret, unsigned char internal_nonce_t in; md5_ctx_t md5; + ASSERT(nonce && secret); ASSERT(sizeof(internal_nonce_t) == DIGEST_NONCE_LEN); if(old) @@ -51,6 +52,7 @@ int digest_checknonce(unsigned char* nonce, unsigned char* secret, time_t* tm) { internal_nonce_t in; + ASSERT(nonce && secret); ASSERT(sizeof(internal_nonce_t) == DIGEST_NONCE_LEN); digest_makenonce((unsigned char*)&in, secret, nonce); @@ -69,6 +71,9 @@ int digest_checknonce(unsigned char* nonce, unsigned char* secret, time_t* tm) digest_record_t* digest_makerec(unsigned char* nonce, const char* user) { digest_record_t* rec = (digest_record_t*)malloc(sizeof(*rec)); + + ASSERT(nonce && user); + if(!rec) { ha_messagex(LOG_CRIT, "out of memory"); @@ -85,8 +90,7 @@ digest_record_t* digest_makerec(unsigned char* nonce, const char* user) const char* digest_challenge(ha_buffer_t* buf, unsigned char* nonce, const char* realm, const char* domains, int stale) { - ASSERT(realm); - ASSERT(nonce); + ASSERT(buf && realm && nonce); ha_bufmcat(buf, HA_PREFIX_DIGEST, " realm=\"", realm, "\", nonce=\"", NULL); ha_bufjoin(buf); @@ -128,15 +132,12 @@ const char* digest_challenge(ha_buffer_t* buf, unsigned char* nonce, int digest_parse(char* header, ha_buffer_t* buf, digest_header_t* rec, unsigned char* nonce) { - /* - * This function destroys the contents of header by - * terminating strings in it all over the place. - */ - char next; char* key; char* value; + ASSERT(header && buf && rec); + header = ha_bufcpy(buf, header); if(!header) @@ -258,6 +259,10 @@ int digest_check(const char* realm, const char* method, const char* uri, const char* digest; const char* t; + ASSERT(realm && method && uri && buf && dg && rec); + + /* TODO: Many of these should somehow communicate BAD REQ back to the client */ + /* Check for digest */ if(!dg->digest || !dg->digest[0]) { @@ -448,6 +453,8 @@ const char* digest_respond(ha_buffer_t* buf, digest_header_t* dg, const char* nextnonce = NULL; const char* t; + ASSERT(buf && dg && rec); + if(next) { nextnonce = ha_bufenc64(buf, next, DIGEST_NONCE_LEN); @@ -523,6 +530,9 @@ void digest_makeha1(unsigned char* digest, const char* user, const char* realm, const char* password) { md5_ctx_t md5; + + ASSERT(digest && user && realm && password); + md5_init(&md5); md5_update(&md5, user, strlen(user)); md5_update(&md5, ":", 1); @@ -530,4 +540,4 @@ void digest_makeha1(unsigned char* digest, const char* user, md5_update(&md5, ":", 1); md5_update(&md5, password, strlen(password)); md5_final(digest, &md5); -}
\ No newline at end of file +} diff --git a/daemon/httpauthd.c b/daemon/httpauthd.c index 2b74586..f640b5d 100644 --- a/daemon/httpauthd.c +++ b/daemon/httpauthd.c @@ -373,9 +373,12 @@ int usage() void* httpauth_thread(void* arg) { - int fd = (int)arg; - int r = httpauth_processor(fd, fd); - return (void*)r; + int fd, r; + + ASSERT(arg); + + fd = (int)arg; + return (void*)httpauth_processor(fd, fd); } /* ----------------------------------------------------------------------- @@ -390,6 +393,9 @@ int httpauth_read(int ifd, ha_request_t* req, int i, r; int more = 1; + ASSERT(req && buf); + ASSERT(ifd != -1); + /* Clean up the request header */ memset(req, 0, sizeof(*req)); req->type = -1; @@ -536,6 +542,9 @@ int write_data(int ofd, const char* data) { int r; + ASSERT(data); + ASSERT(ofd != -1); + while(*data != 0) { r = write(ofd, data, strlen(data)); @@ -564,6 +573,9 @@ int httpauth_respond(int ofd, int code, const char* msg) const char* t; char num[16]; + ASSERT(ofd != -1); + ASSERT(code > 99 && code < 1000); + sprintf(num, "%d", code); if(write_data(ofd, num) == -1 || @@ -607,6 +619,9 @@ int httpauth_write(int ofd, ha_response_t* resp) int i; int wrote = 0; + ASSERT(ofd != -1); + ASSERT(resp); + if(httpauth_respond(ofd, resp->code, resp->detail) == -1) return -1; @@ -635,6 +650,9 @@ int httpauth_ready(int ofd, ha_buffer_t* buf) const char* t; httpauth_loaded_t* h; + ASSERT(ofd != -1); + ASSERT(buf); + /* We send a ready banner to our client */ for(h = g_handlers; h; h = h->next) @@ -661,6 +679,9 @@ int httpauth_processor(int ifd, int ofd) int result = -1; int r; + ASSERT(ifd != -1); + ASSERT(ofd != -1); + /* Initialize the memory buffers */ ha_bufinit(&inb); ha_bufinit(&outb); @@ -742,11 +763,13 @@ int process_auth(ha_request_t* req, ha_response_t* resp, { httpauth_loaded_t* h; + ASSERT(req && resp && outb); + /* Clear out our response */ memset(resp, 0, sizeof(*resp)); /* Check our connection argument */ - if(!req->args[1] || !(req->args[1][0])) + if(!req->args[AUTH_ARG_CONN] || !(req->args[AUTH_ARG_CONN][0])) { ha_messagex(LOG_ERR, "Missing connection ID in request"); resp->detail = "Missing connection ID"; @@ -754,6 +777,25 @@ int process_auth(ha_request_t* req, ha_response_t* resp, return 0; } + /* Check our uri argument */ + if(!req->args[AUTH_ARG_URI] || !(req->args[AUTH_ARG_URI][0])) + { + ha_messagex(LOG_ERR, "Missing URI in request"); + resp->detail = "Missing URI"; + resp->code = HA_SERVER_BADREQ; + return 0; + } + + /* Check our connection arguments */ + if(!req->args[AUTH_ARG_METHOD] || !(req->args[AUTH_ARG_METHOD][0])) + { + ha_messagex(LOG_ERR, "Missing method in request"); + resp->detail = "Missing method"; + resp->code = HA_SERVER_BADREQ; + return 0; + } + + /* Find a handler for this type */ for(h = g_handlers; h; h = h->next) { @@ -781,7 +823,11 @@ ha_context_t* config_addhandler(ha_buffer_t* buf, const char* alias, ha_handler_t* handler, const ha_context_t* defaults) { httpauth_loaded_t* loaded; - int len = sizeof(httpauth_loaded_t) + handler->context_size; + int len; + + ASSERT(buf && alias && handler && defaults); + + len = sizeof(httpauth_loaded_t) + handler->context_size; loaded = (httpauth_loaded_t*)ha_bufmalloc(buf, len); if(!loaded) @@ -848,6 +894,8 @@ int config_parse(const char* file, ha_buffer_t* buf) int recog; int r, i; + ASSERT(file && buf); + /* Open the configuration file */ fd = open(file, O_RDONLY); if(fd == -1) diff --git a/daemon/ldap.c b/daemon/ldap.c index 59af797..3ed7199 100644 --- a/daemon/ldap.c +++ b/daemon/ldap.c @@ -123,6 +123,8 @@ static void free_hash_object(void* arg, void* val) static int report_ldap(const char* msg, int code, ha_response_t* resp) { + ASSERT(code != LDAP_SUCCESS); + if(!msg) msg = "ldap error"; @@ -145,6 +147,8 @@ static digest_record_t* get_cached_digest(ldap_context_t* ctx, unsigned char* no { digest_record_t* rec; + ASSERT(ctx && nonce); + if(ctx->cache_max == 0) return NULL; @@ -166,6 +170,8 @@ static int have_cached_basic(ldap_context_t* ctx, unsigned char* key) { int ret = 0; + ASSERT(ctx && key); + ha_lock(NULL); ret = (hash_get(ctx->cache, key) == BASIC_ESTABLISHED); @@ -179,6 +185,8 @@ static int save_cached_digest(ldap_context_t* ctx, digest_record_t* rec) { int r; + ASSERT(ctx && rec); + if(ctx->cache_max == 0) return HA_FALSE; @@ -204,6 +212,8 @@ static int add_cached_basic(ldap_context_t* ctx, unsigned char* key) { int r; + ASSERT(ctx && key); + if(ctx->cache_max == 0) return HA_FALSE; @@ -230,6 +240,8 @@ static const char* substitute_params(ldap_context_t* ctx, ha_buffer_t* buf, { const char* t; + ASSERT(ctx && buf && user && str); + /* This starts a new block to join */ ha_bufcpy(buf, ""); @@ -274,6 +286,8 @@ static const char* make_password_md5(ha_buffer_t* buf, const char* clearpw) md5_ctx_t md5; unsigned char digest[MD5_LEN]; + ASSERT(buf && clearpw); + md5_init(&md5); md5_update(&md5, clearpw, strlen(clearpw)); md5_final(digest, &md5); @@ -286,6 +300,8 @@ static const char* make_password_sha(ha_buffer_t* buf, const char* clearpw) sha1_ctx_t sha; unsigned char digest[SHA1_LEN]; + ASSERT(buf && clearpw); + sha1_init(&sha); sha1_update(&sha, clearpw, strlen(clearpw)); sha1_final(digest, &sha); @@ -335,6 +351,8 @@ static int parse_ldap_password(const char** password) static const char* find_cleartext_password(ha_buffer_t* buf, const char** pws) { + ASSERT(buf); + for(; pws && *pws; pws++) { const char* pw = *pws; @@ -348,6 +366,8 @@ static const char* find_cleartext_password(ha_buffer_t* buf, const char** pws) static int parse_ldap_ha1(ha_buffer_t* buf, struct berval* bv, unsigned char* ha1) { + ASSERT(buf && bv && ha1); + /* Raw binary */ if(bv->bv_len == MD5_LEN) { @@ -466,6 +486,8 @@ static int validate_ldap_ha1(ldap_context_t* ctx, LDAP* ld, LDAPMessage* entry, int r, first = 1; int res = HA_FALSE; + ASSERT(ctx && ld && entry && buf && user && clearpw); + if(!ctx->ha1_attr) return HA_FALSE; @@ -511,6 +533,8 @@ static LDAP* get_ldap_connection(ldap_context_t* ctx) LDAP* ld; int i, r; + ASSERT(ctx); + for(i = 0; i < ctx->ldap_max; i++) { /* An open connection in the pool */ @@ -556,6 +580,8 @@ static void save_ldap_connection(ldap_context_t* ctx, LDAP* ld) { int i, e; + ASSERT(ctx); + if(!ld) return; @@ -600,6 +626,8 @@ static int retrieve_user_entry(ldap_context_t* ctx, ha_buffer_t* buf, LDAP* ld, const char* attrs[3]; int r; + ASSERT(ctx && buf && ld && user && dn && entry && result); + if(ctx->filter) { /* Filters can also have %u and %r */ @@ -661,6 +689,8 @@ static int complete_digest_ha1(ldap_context_t* ctx, digest_record_t* rec, const char* dn; int r; + ASSERT(ctx && rec && buf && user && code); + ld = get_ldap_connection(ctx); if(!ld) { @@ -890,6 +920,8 @@ static int digest_ldap_challenge(ldap_context_t* ctx, ha_response_t* resp, unsigned char nonce[DIGEST_NONCE_LEN]; const char* header; + ASSERT(ctx && resp && buf); + /* Generate an nonce */ digest_makenonce(nonce, g_ldap_secret, NULL); @@ -919,6 +951,8 @@ static int digest_ldap_response(ldap_context_t* ctx, const char* header, int stale = 0; int r; + ASSERT(ctx && header && method && uri && resp && buf); + /* We use this below to send a default response */ resp->code = -1; @@ -1014,8 +1048,6 @@ finally: } - - /* ------------------------------------------------------------------------------- * Handler Functions */ @@ -1024,6 +1056,8 @@ int ldap_config(ha_context_t* context, const char* name, const char* value) { ldap_context_t* ctx = (ldap_context_t*)(context->data); + ASSERT(name && value && value[0]); + if(strcmp(name, "ldapservers") == 0) { ctx->servers = value; @@ -1139,6 +1173,8 @@ int ldap_inithand(ha_context_t* context) { ldap_context_t* ctx = (ldap_context_t*)(context->data); + ASSERT(ctx); + /* Make sure there are some types of authentication we can do */ if(!(context->types & (HA_TYPE_BASIC | HA_TYPE_DIGEST))) { @@ -1155,6 +1191,8 @@ int ldap_inithand(ha_context_t* context) return HA_ERROR; } + ASSERT(!ctx->cache); + /* The cache for digest records and basic */ if(!(ctx->cache = hash_create(MD5_LEN, free_hash_object, NULL))) { @@ -1162,6 +1200,9 @@ int ldap_inithand(ha_context_t* context) return HA_ERROR; } + ASSERT(!ctx->pool); + ASSERT(ctx->ldap_max > 0); + /* * Our connection pool. It's the size of our maximum * amount of pending connections as that's the max @@ -1187,23 +1228,28 @@ void ldap_destroy(ha_context_t* context) if(!context) return; + /* Note: We don't need to be thread safe here anymore */ ldap_context_t* ctx = (ldap_context_t*)(context->data); - /* Note: We don't need to be thread safe here anymore */ - hash_free(ctx->cache); + ASSERT(data); - /* Close any connections we have open */ - for(i = 0; i < ctx->ldap_max; i++) + if(ctx->cache) + hash_free(ctx->cache); + + if(ctx->pool) { - if(ctx->pool[i]) - ldap_unbind_s(ctx->pool[i]); - } + /* Close any connections we have open */ + for(i = 0; i < ctx->ldap_max; i++) + { + if(ctx->pool[i]) + ldap_unbind_s(ctx->pool[i]); + } - /* And free the connection pool */ - free(ctx->pool); + /* And free the connection pool */ + free(ctx->pool); + } } - int ldap_process(ha_context_t* context, ha_request_t* req, ha_response_t* resp, ha_buffer_t* buf) { @@ -1212,6 +1258,10 @@ int ldap_process(ha_context_t* context, ha_request_t* req, const char* header = NULL; int ret; + ASSERT(req && resp && buf); + ASSERT(req->args[AUTH_ARG_METHOD]); + ASSERT(req->args[AUTH_ARG_URI]); + ha_lock(NULL); /* Purge out stale connection stuff. */ diff --git a/daemon/misc.c b/daemon/misc.c index b585d8b..c3f5ff4 100644 --- a/daemon/misc.c +++ b/daemon/misc.c @@ -25,6 +25,8 @@ void ha_messagex(int level, const char* msg, ...) va_list ap; va_start(ap, msg); + ASSERT(msg); + /* Either to syslog or stderr */ if(g_daemonized) vsyslog(level, msg, ap); @@ -43,6 +45,8 @@ void ha_message(int level, const char* msg, ...) va_list ap; va_start(ap, msg); + ASSERT(msg); + /* Either to syslog or stderr */ if(g_daemonized) { @@ -75,6 +79,8 @@ ha_header_t* ha_findheader(ha_request_t* req, const char* name) { int i; + ASSERT(req && name); + for(i = 0; i < MAX_HEADERS; i++) { if(req->headers[i].name) @@ -91,6 +97,8 @@ const char* ha_getheader(ha_request_t* req, const char* name, const char* prefix { int i, l; + ASSERT(req && name); + for(i = 0; i < MAX_HEADERS; i++) { if(req->headers[i].name) @@ -114,6 +122,9 @@ const char* ha_getheader(ha_request_t* req, const char* name, const char* prefix void ha_addheader(ha_response_t* resp, const char* name, const char* data) { int i = 0; + + ASSERT(resp && name && data); + for(i = 0; i < MAX_HEADERS; i++) { if(!(resp->headers[i].name)) @@ -159,6 +170,8 @@ void ha_unlock(pthread_mutex_t* mtx) int ha_confbool(const char* name, const char* conf, int* value) { + ASSERT(name && conf && value); + if(value == NULL || value[0] == 0 || strcasecmp(conf, "0") == 0 || @@ -188,6 +201,10 @@ int ha_confbool(const char* name, const char* conf, int* value) int ha_confint(const char* name, const char* conf, int min, int max, int* value) { char* p; + + ASSERT(name && conf && value); + ASSERT(min <= max); + errno = 0; *value = strtol(conf, &p, 10); @@ -208,6 +225,8 @@ int ha_confint(const char* name, const char* conf, int min, int max, int* value) char* ha_uriformat(ha_buffer_t* buf, const ha_uri_t* uri) { + ASSERT(buf && uri); + /* This creates a new block */ ha_bufcpy(buf, ""); @@ -269,6 +288,8 @@ int ha_uriparse(ha_buffer_t* buf, const char* suri, ha_uri_t* uri) int port; int v6_offset1 = 0; + ASSERT(buf && suri && uri); + /* Copy the memory */ str = ha_bufcpy(buf, suri); @@ -502,6 +523,8 @@ int ha_uricmp(ha_uri_t* one, ha_uri_t* two) { int r; + ASSERT(one && two); + /* We don't compare user or password */ /* The scheme */ @@ -520,6 +543,8 @@ int ha_genrandom(unsigned char* data, size_t len) { int r, dd; + ASSERT(data && len > 0); + dd = open("/dev/urandom", O_RDONLY); if(dd == -1) { diff --git a/daemon/ntlm.c b/daemon/ntlm.c index bdf2116..d567fe2 100644 --- a/daemon/ntlm.c +++ b/daemon/ntlm.c @@ -74,6 +74,8 @@ static ntlm_connection_t* getpending(ntlm_context_t* ctx, const void* key) { ntlm_connection_t* ret; + ASSERT(ctx && key); + ha_lock(NULL); ret = (ntlm_connection_t*)hash_rem(ctx->pending, key); @@ -87,6 +89,9 @@ static int putpending(ntlm_context_t* ctx, const void* key, ntlm_connection_t* c { int r = 0; + ASSERT(ctx && key && conn); + ASSERT(conn->handle); + if(!hash_get(ctx->pending, key)) { ha_lock(NULL); @@ -107,6 +112,8 @@ static ntlm_connection_t* makeconnection(ntlm_context_t* ctx) { ntlm_connection_t* conn; + ASSERT(ctx); + conn = (ntlm_connection_t*)malloc(sizeof(ntlm_connection_t)); if(!conn) { @@ -130,10 +137,14 @@ static ntlm_connection_t* makeconnection(ntlm_context_t* ctx) free(conn); return NULL; } + + return conn; } static void freeconnection(ntlm_connection_t* conn) { + ASSERT(conn); + if(conn->handle) { ntlmssp_disconnect(conn->handle); @@ -146,7 +157,10 @@ static void freeconnection(ntlm_connection_t* conn) static void free_hash_object(void* arg, void* val) { if(val) + { + ASSERT(val != NTLM_ESTABLISHED); freeconnection((ntlm_connection_t*)val); + } } int ntlm_auth_basic(ntlm_context_t* ctx, char* key, const char* header, @@ -158,6 +172,8 @@ int ntlm_auth_basic(ntlm_context_t* ctx, char* key, const char* header, const char* domain = NULL; int found = 0; + ASSERT(ctx && key && header && resp && buf); + /* * We're doing basic authentication on the connection * which invalidates any NTLM authentication we've started @@ -201,7 +217,7 @@ int ntlm_auth_basic(ntlm_context_t* ctx, char* key, const char* header, /* Make sure above did not fail */ if(!found && basic.user && basic.user[0] && basic.password && - basic.password[0] && domain && domain[0]) + domain && domain[0]) { /* We need to lock to go into smblib */ ha_lock(&g_smblib_mutex); @@ -251,6 +267,8 @@ int ntlm_auth_ntlm(ntlm_context_t* ctx, void* key, const char* header, int ret = HA_FALSE; int r; + ASSERT(ctx && key && header && resp && buf); + /* * Retrieve and remove the connection from the pending bag. * We add it back again below if that's necessary. @@ -493,6 +511,8 @@ int ntlm_config(ha_context_t* context, const char* name, const char* value) { ntlm_context_t* ctx = (ntlm_context_t*)(context->data); + ASSERT(name && value && value[0]); + if(strcmp(name, "ntlmserver") == 0) { ctx->server = value; @@ -537,6 +557,8 @@ int ntlm_init(ha_context_t* context) { ntlm_context_t* ctx = (ntlm_context_t*)(context->data); + ASSERT(ctx); + /* Make sure there are some types of authentication we can do */ if(!(context->types & (HA_TYPE_BASIC | HA_TYPE_NTLM))) { @@ -553,6 +575,9 @@ int ntlm_init(ha_context_t* context) return HA_ERROR; } + ASSERT(!ctx->pending); + ASSERT(!ctx->established); + /* Initialize our tables */ if(!(ctx->pending = hash_create(NTLM_HASH_KEY_LEN, free_hash_object, NULL)) || !(ctx->established = hash_create(NTLM_HASH_KEY_LEN, NULL, NULL))) @@ -583,11 +608,14 @@ void ntlm_destroy(ha_context_t* context) /* Per context destroy */ if(context) { + /* Note: We don't need to be thread safe here anymore */ ntlm_context_t* ctx = (ntlm_context_t*)(context->data); - /* Note: We don't need to be thread safe here anymore */ - hash_free(ctx->pending); - hash_free(ctx->established); + if(ctx->pending) + hash_free(ctx->pending); + + if(ctx->established) + hash_free(ctx->established); } /* Global Destroy */ @@ -609,6 +637,9 @@ int ntlm_process(ha_context_t* context, ha_request_t* req, time_t t = time(NULL); int ret; + ASSERT(context && req && resp && buf); + ASSERT(req->args[AUTH_ARG_CONN]); + resp->code = -1; /* Hash the unique key */ diff --git a/daemon/simple.c b/daemon/simple.c index cd1b812..fdaa0e0 100644 --- a/daemon/simple.c +++ b/daemon/simple.c @@ -60,6 +60,8 @@ static digest_record_t* get_cached_digest(simple_context_t* ctx, unsigned char* { digest_record_t* rec; + ASSERT(ctx && nonce); + if(ctx->cache_max == 0) return NULL; @@ -81,6 +83,8 @@ static int have_cached_basic(simple_context_t* ctx, unsigned char* key) { int ret = 0; + ASSERT(ctx && key); + ha_lock(NULL); ret = (hash_get(ctx->cache, key) == BASIC_ESTABLISHED); @@ -94,6 +98,8 @@ static int save_cached_digest(simple_context_t* ctx, digest_record_t* rec) { int r; + ASSERT(ctx && rec); + if(ctx->cache_max == 0) return HA_FALSE; @@ -119,6 +125,8 @@ static int add_cached_basic(simple_context_t* ctx, unsigned char* key) { int r; + ASSERT(ctx && key); + if(ctx->cache_max == 0) return HA_FALSE; @@ -148,6 +156,8 @@ static int complete_digest_ha1(simple_context_t* ctx, digest_record_t* rec, char* t; char line[SIMPLE_MAXLINE]; + ASSERT(ctx && rec && buf && user && user[0] && code); + f = fopen(ctx->filename, "r"); if(!f) { @@ -222,6 +232,9 @@ static int validate_user_password(simple_context_t* ctx, ha_buffer_t* buf, char* t; char* t2; + ASSERT(ctx && buf && code); + ASSERT(user && user[0] && clearpw); + f = fopen(ctx->filename, "r"); if(!f) { @@ -349,6 +362,8 @@ static int simple_digest_challenge(simple_context_t* ctx, ha_response_t* resp, unsigned char nonce[DIGEST_NONCE_LEN]; const char* header; + ASSERT(ctx && resp && buf); + /* Generate an nonce */ digest_makenonce(nonce, g_simple_secret, NULL); @@ -378,6 +393,8 @@ static int simple_digest_response(simple_context_t* ctx, const char* header, int stale = 0; int r; + ASSERT(ctx && header && method && uri && resp && buf); + /* We use this below to send a default response */ resp->code = -1; @@ -481,6 +498,8 @@ int simple_config(ha_context_t* context, const char* name, const char* value) { simple_context_t* ctx = (simple_context_t*)(context->data); + ASSERT(name && name[0] && value && value[0]); + if(strcmp(name, "passwordfile") == 0) { ctx->filename = value; @@ -521,6 +540,8 @@ int simple_init(ha_context_t* context) simple_context_t* ctx = (simple_context_t*)(context->data); int fd; + ASSERT(ctx); + /* Make sure there are some types of authentication we can do */ if(!(context->types & (HA_TYPE_BASIC | HA_TYPE_DIGEST))) { @@ -547,6 +568,8 @@ int simple_init(ha_context_t* context) close(fd); + ASSERT(!ctx->cache); + /* The cache for digest records and basic */ if(!(ctx->cache = hash_create(MD5_LEN, free_hash_object, NULL))) { @@ -563,10 +586,11 @@ void simple_destroy(ha_context_t* context) /* Per context destroy */ if(context) { + /* Note: We don't need to be thread safe here anymore */ simple_context_t* ctx = (simple_context_t*)(context->data); - /* Note: We don't need to be thread safe here anymore */ - hash_free(ctx->cache); + if(ctx->cache) + hash_free(ctx->cache); } } @@ -579,6 +603,9 @@ int simple_process(ha_context_t* context, ha_request_t* req, int found = 0; basic_header_t basic; + ASSERT(context && req && resp && buf); + ASSERT(req->args[AUTH_ARG_METHOD]); + ASSERT(req->args[AUTH_ARG_URI]); ha_lock(NULL); |