diff options
Diffstat (limited to 'daemon/ldap.c')
| -rw-r--r-- | daemon/ldap.c | 45 |
1 files changed, 22 insertions, 23 deletions
diff --git a/daemon/ldap.c b/daemon/ldap.c index 9fda424..9fd513f 100644 --- a/daemon/ldap.c +++ b/daemon/ldap.c @@ -73,7 +73,7 @@ typedef struct ldap_context int ldap_max; /* Number of open connections allowed */ int ldap_timeout; /* Maximum amount of time to dedicate to an ldap query */ - ha_options_t* opts; /* Options from httpauthd.c */ + const ha_context_opts_t* opts; /* Options from httpauthd.c */ /* Context ----------------------------------------------------------- */ hash_t* cache; /* Some cached records or basic */ @@ -252,12 +252,12 @@ static const char* escape_ldap(ha_buffer_t* buf, const char* str) t += pos; } - while(*t && !strchr(LDAP_NO_ESCAPE, t)) + while(*t && !strchr(LDAP_NO_ESCAPE, *t)) { char hex[4]; hex[0] = '\\'; hex[1] = LDAP_HEX[*t >> 4 & 0xf]; - hex[2] = LDAP_HEX[*t 0xf]; + hex[2] = LDAP_HEX[*t & 0xf]; hex[3] = '\0'; ha_bufjoin(buf); @@ -999,7 +999,7 @@ finally: if(found && ret >= 0) { - resp->code = HA_SERVER_ACCEPT; + resp->code = HA_SERVER_OK; resp->detail = basic.user; /* We put this connection into the successful connections */ @@ -1009,8 +1009,8 @@ finally: return ret; } -static int digest_ldap_challenge(ldap_context_t* ctx, ha_response_t* resp, - ha_buffer_t* buf, int stale) +static int digest_ldap_challenge(ldap_context_t* ctx, const ha_request_t* req, + ha_response_t* resp, ha_buffer_t* buf, int stale) { unsigned char nonce[DIGEST_NONCE_LEN]; const char* nonce_str; @@ -1037,7 +1037,7 @@ static int digest_ldap_challenge(ldap_context_t* ctx, ha_response_t* resp, /* Now generate a message to send */ header = digest_challenge(buf, nonce_str, ctx->opts->realm, - ctx->opts->digest_domains, stale); + req->opts->digest_domains, stale); if(!header) return HA_CRITERROR; @@ -1051,8 +1051,7 @@ static int digest_ldap_challenge(ldap_context_t* ctx, ha_response_t* resp, } static int digest_ldap_response(ldap_context_t* ctx, const char* header, - const char* method, const char* uri, - ha_response_t* resp, ha_buffer_t* buf) + const ha_request_t* req, ha_response_t* resp, ha_buffer_t* buf) { unsigned char nonce[DIGEST_NONCE_LEN]; digest_header_t dg; @@ -1063,7 +1062,7 @@ static int digest_ldap_response(ldap_context_t* ctx, const char* header, int stale = 0; int r; - ASSERT(ctx && header && method && uri && resp && buf); + ASSERT(ctx && header && req && resp && buf); /* We use this below to send a default response */ resp->code = -1; @@ -1142,7 +1141,8 @@ static int digest_ldap_response(ldap_context_t* ctx, const char* header, rec->nc++; } - ret = digest_check(&dg, rec, ctx->opts, buf, method, uri); + ret = digest_check(&dg, rec, ctx->opts, buf, + req->args[AUTH_ARG_METHOD], req->args[AUTH_ARG_URI]); if(ret == HA_BADREQ) { @@ -1152,7 +1152,7 @@ static int digest_ldap_response(ldap_context_t* ctx, const char* header, else if(ret == HA_OK) { - resp->code = HA_SERVER_ACCEPT; + resp->code = HA_SERVER_OK; resp->detail = dg.username; /* Figure out if we need a new nonce */ @@ -1193,7 +1193,7 @@ finally: /* If nobody above responded then challenge the client again */ if(resp->code == -1) - return digest_ldap_challenge(ctx, resp, buf, stale); + return digest_ldap_challenge(ctx, req, resp, buf, stale); return ret; } @@ -1311,7 +1311,7 @@ int ldap_inithand(ha_context_t* context) ASSERT(ctx); /* Make sure there are some types of authentication we can do */ - if(!(context->opts.types & (HA_TYPE_BASIC | HA_TYPE_DIGEST))) + if(!(context->opts->types & (HA_TYPE_BASIC | HA_TYPE_DIGEST))) { ha_messagex(LOG_ERR, "ldap: module configured, but does not implement any " "configured authentication type."); @@ -1358,7 +1358,7 @@ int ldap_inithand(ha_context_t* context) memset(ctx->pool, 0, sizeof(LDAP*) * ctx->ldap_max); /* Copy some settings over for easy access */ - ctx->opts = &(context->opts); + ctx->opts = context->opts; ha_messagex(LOG_INFO, "ldap: initialized handler"); } @@ -1398,7 +1398,7 @@ void ldap_destroy(ha_context_t* context) ha_messagex(LOG_INFO, "ldap: uninitialized handler"); } -int ldap_process(ha_context_t* context, ha_request_t* req, +int ldap_process(ha_context_t* context, const ha_request_t* req, ha_response_t* resp, ha_buffer_t* buf) { ldap_context_t* ctx = (ldap_context_t*)context->data; @@ -1425,21 +1425,20 @@ int ldap_process(ha_context_t* context, ha_request_t* req, /* Check the headers and see if we got a response thingy */ - if(context->opts.types & HA_TYPE_DIGEST) + if(context->opts->types & HA_TYPE_DIGEST) { header = ha_getheader(req, "Authorization", HA_PREFIX_DIGEST); if(header) { ha_messagex(LOG_DEBUG, "ldap: processing digest auth header"); - ret = digest_ldap_response(ctx, header, req->args[AUTH_ARG_METHOD], - req->args[AUTH_ARG_URI], resp, buf); + ret = digest_ldap_response(ctx, header, req, resp, buf); if(ret < 0) return ret; } } /* Or a basic authentication */ - if(!header && context->opts.types & HA_TYPE_BASIC) + if(!header && context->opts->types & HA_TYPE_BASIC) { header = ha_getheader(req, "Authorization", HA_PREFIX_BASIC); if(header) @@ -1457,7 +1456,7 @@ int ldap_process(ha_context_t* context, ha_request_t* req, { resp->code = HA_SERVER_DECLINE; - if(context->opts.types & HA_TYPE_BASIC) + if(context->opts->types & HA_TYPE_BASIC) { ha_bufmcat(buf, "BASIC realm=\"", ctx->opts->realm , "\"", NULL); @@ -1468,9 +1467,9 @@ int ldap_process(ha_context_t* context, ha_request_t* req, ha_messagex(LOG_DEBUG, "ldap: sent basic auth request"); } - if(context->opts.types & HA_TYPE_DIGEST) + if(context->opts->types & HA_TYPE_DIGEST) { - ret = digest_ldap_challenge(ctx, resp, buf, 0); + ret = digest_ldap_challenge(ctx, req, resp, buf, 0); if(ret < 0) return ret; } |