summaryrefslogtreecommitdiff
path: root/daemon
diff options
context:
space:
mode:
Diffstat (limited to 'daemon')
-rw-r--r--daemon/basic.c4
-rw-r--r--daemon/digest.c5
-rw-r--r--daemon/httpauthd.h4
-rw-r--r--daemon/ldap.c30
-rw-r--r--daemon/misc.c10
-rw-r--r--daemon/ntlm.c9
-rw-r--r--daemon/simple.c14
7 files changed, 43 insertions, 33 deletions
diff --git a/daemon/basic.c b/daemon/basic.c
index ddce156..45e49cb 100644
--- a/daemon/basic.c
+++ b/daemon/basic.c
@@ -6,7 +6,6 @@
int basic_parse(const char* header, ha_buffer_t* buf, basic_header_t* rec)
{
char* t;
-
ASSERT(header && buf && rec);
memset(rec, 0, sizeof(*rec));
@@ -20,8 +19,7 @@ int basic_parse(const char* header, ha_buffer_t* buf, basic_header_t* rec)
*
* "Basic " B64(user ":" password)
*/
- ha_bufdec64(buf, header, 0);
- header = ha_bufdata(buf);
+ header = (const char*)ha_bufdec64(buf, header, NULL);
if(!header)
return HA_ERROR;
diff --git a/daemon/digest.c b/daemon/digest.c
index 099ca49..d1cfe20 100644
--- a/daemon/digest.c
+++ b/daemon/digest.c
@@ -241,9 +241,10 @@ int digest_parse(char* header, ha_buffer_t* buf, digest_header_t* rec,
if(rec->nonce)
{
- void* d = ha_bufdec64(buf, rec->nonce, DIGEST_NONCE_LEN);
+ size_t len = DIGEST_NONCE_LEN;
+ void* d = ha_bufdec64(buf, rec->nonce, &len);
- if(d != NULL)
+ if(d && len == DIGEST_NONCE_LEN)
memcpy(nonce, d, DIGEST_NONCE_LEN);
}
}
diff --git a/daemon/httpauthd.h b/daemon/httpauthd.h
index 7f51895..8693310 100644
--- a/daemon/httpauthd.h
+++ b/daemon/httpauthd.h
@@ -86,13 +86,13 @@ void* ha_bufmemdup(ha_buffer_t* buf, const void* src, size_t bytes);
char* ha_bufenc64(ha_buffer_t* buf, const void* src, size_t bytes);
/* Decode an array of bytes from base 64 */
-void* ha_bufdec64(ha_buffer_t* buf, const char* src, size_t bytes);
+void* ha_bufdec64(ha_buffer_t* buf, const char* src, size_t* bytes);
/* Encode an array of bytes in hex */
char* ha_bufenchex(ha_buffer_t* buf, const void* src, size_t bytes);
/* Decode an array of bytes in hex */
-void* ha_bufdechex(ha_buffer_t* buf, const char* src, size_t bytes);
+void* ha_bufdechex(ha_buffer_t* buf, const char* src, size_t* bytes);
diff --git a/daemon/ldap.c b/daemon/ldap.c
index c513ea7..b6da6d4 100644
--- a/daemon/ldap.c
+++ b/daemon/ldap.c
@@ -250,7 +250,7 @@ static const char* substitute_params(ldap_context_t* ctx, ha_buffer_t* buf,
const char* t;
ASSERT(ctx && buf && user && str);
-
+ /* TODO: We need to be escaping the user and realm properly */
/* This starts a new block to join */
ha_bufcpy(buf, "");
@@ -376,6 +376,8 @@ static const char* find_cleartext_password(ha_buffer_t* buf, const char** pws)
static int parse_ldap_ha1(ha_buffer_t* buf, struct berval* bv, unsigned char* ha1)
{
ASSERT(buf && bv && ha1);
+ size_t len;
+ void* d;
/* Raw binary */
if(bv->bv_len == MD5_LEN)
@@ -387,9 +389,10 @@ static int parse_ldap_ha1(ha_buffer_t* buf, struct berval* bv, unsigned char* ha
/* Hex encoded */
else if(bv->bv_len == (MD5_LEN * 2))
{
- void* d = ha_bufdechex(buf, bv->bv_val, MD5_LEN);
+ len = MD5_LEN;
+ d = ha_bufdechex(buf, bv->bv_val, &len);
- if(d)
+ if(d && len == MD5_LEN)
{
memcpy(ha1, d, MD5_LEN);
return HA_OK;
@@ -399,9 +402,10 @@ static int parse_ldap_ha1(ha_buffer_t* buf, struct berval* bv, unsigned char* ha
/* B64 Encoded */
else
{
- void* d = ha_bufdec64(buf, bv->bv_val, MD5_LEN);
+ len = MD5_LEN;
+ d = ha_bufdec64(buf, bv->bv_val, &len);
- if(d)
+ if(d && len == MD5_LEN)
{
memcpy(ha1, ha_bufdata(buf), MD5_LEN);
return HA_OK;
@@ -550,7 +554,7 @@ static LDAP* get_ldap_connection(ldap_context_t* ctx)
if(ctx->pool[i])
{
ld = ctx->pool[i];
- ctx->pool[i];
+ ctx->pool[i] = NULL;
return ld;
}
}
@@ -578,10 +582,9 @@ static LDAP* get_ldap_connection(ldap_context_t* ctx)
ldap_unbind_s(ld);
return NULL;
}
-
- ctx->pool_mark++;
}
+ ctx->pool_mark++;
return ld;
}
@@ -885,7 +888,7 @@ static int basic_ldap_response(ldap_context_t* ctx, const char* header,
}
/* It worked! */
- resp->code = HA_SERVER_ACCEPT;
+ found = 1;
}
@@ -897,7 +900,7 @@ static int basic_ldap_response(ldap_context_t* ctx, const char* header,
ret = validate_ldap_ha1(ctx, ld, entry, buf, basic.user, basic.password);
if(ret == HA_OK)
- resp->code = HA_SERVER_ACCEPT;
+ found = 1;
else
ha_messagex(LOG_WARNING, "invalid or unrecognized password for user: %s", basic.user);
@@ -912,8 +915,9 @@ finally:
if(results)
ldap_msgfree(results);
- if(resp->code == HA_SERVER_ACCEPT)
+ if(found && ret != HA_ERROR)
{
+ resp->code = HA_SERVER_ACCEPT;
resp->detail = basic.user;
/* We put this connection into the successful connections */
@@ -1232,7 +1236,7 @@ int ldap_inithand(ha_context_t* context)
}
/* Check for mandatory configuration */
- if(!ctx->servers || (!ctx->dnmap || !ctx->filter))
+ if(!ctx->servers || !(ctx->dnmap || ctx->filter))
{
ha_messagex(LOG_ERR, "Digest LDAP configuration incomplete. "
"Must have LDAPServers and either LDAPFilter or LDAPDNMap.");
@@ -1305,7 +1309,7 @@ void ldap_destroy(ha_context_t* context)
int ldap_process(ha_context_t* context, ha_request_t* req,
ha_response_t* resp, ha_buffer_t* buf)
{
- ldap_context_t* ctx = (ldap_context_t*)context;
+ ldap_context_t* ctx = (ldap_context_t*)context->data;
time_t t = time(NULL);
const char* header = NULL;
int ret;
diff --git a/daemon/misc.c b/daemon/misc.c
index 9dba389..15344ce 100644
--- a/daemon/misc.c
+++ b/daemon/misc.c
@@ -170,15 +170,15 @@ void ha_unlock(pthread_mutex_t* mtx)
int ha_confbool(const char* name, const char* conf, int* value)
{
- ASSERT(name && conf && value);
+ ASSERT(name && value);
- if(value == NULL ||
- value[0] == 0 ||
+ if(conf == NULL ||
+ conf[0] == 0 ||
strcasecmp(conf, "0") == 0 ||
strcasecmp(conf, "no") == 0 ||
strcasecmp(conf, "false") == 0 ||
strcasecmp(conf, "f") == 0 ||
- strcasecmp(conf, "off"))
+ strcasecmp(conf, "off") == 0)
{
*value = 0;
return HA_OK;
@@ -188,7 +188,7 @@ int ha_confbool(const char* name, const char* conf, int* value)
strcasecmp(conf, "yes") == 0 ||
strcasecmp(conf, "true") == 0 ||
strcasecmp(conf, "t") == 0 ||
- strcasecmp(conf, "on"))
+ strcasecmp(conf, "on") == 0)
{
*value = 1;
return HA_OK;
diff --git a/daemon/ntlm.c b/daemon/ntlm.c
index 28284b9..736ac28 100644
--- a/daemon/ntlm.c
+++ b/daemon/ntlm.c
@@ -265,6 +265,8 @@ int ntlm_auth_ntlm(ntlm_context_t* ctx, void* key, const char* header,
ntlm_connection_t* conn = NULL;
unsigned int flags = 0;
int ret = HA_FALSE;
+ size_t len = 0;
+ void* d;
int r;
ASSERT(ctx && key && header && resp && buf);
@@ -288,13 +290,12 @@ int ntlm_auth_ntlm(ntlm_context_t* ctx, void* key, const char* header,
* is sending us.
*/
- ha_bufdec64(buf, header, 0);
- header = ha_bufdata(buf);
+ d = ha_bufdec64(buf, header, &len);
- if(ha_buferr(buf))
+ if(!d || len == 0)
goto finally;
- r = ntlmssp_decode_msg(&ntlmssp, ha_bufdata(buf), ha_buflen(buf), &flags);
+ r = ntlmssp_decode_msg(&ntlmssp, d, len, &flags);
if(r != 0)
{
ha_messagex(LOG_ERR, "decoding NTLM message failed (error %d)", r);
diff --git a/daemon/simple.c b/daemon/simple.c
index e33e833..d2f8063 100644
--- a/daemon/simple.c
+++ b/daemon/simple.c
@@ -150,6 +150,7 @@ static int complete_digest_ha1(simple_context_t* ctx, digest_record_t* rec,
int found = 0;
char* t;
char* t2;
+ size_t len;
char line[SIMPLE_MAXLINE];
ASSERT(ctx && rec && buf && user && user[0] && code);
@@ -199,9 +200,11 @@ static int complete_digest_ha1(simple_context_t* ctx, digest_record_t* rec,
/* Check the realm */
if(strcmp(t, ctx->realm) == 0)
{
+ len = MD5_LEN;
+
/* Now try antd decode the ha1 */
- t = ha_bufdechex(buf, t2, MD5_LEN);
- if(t != NULL)
+ t = ha_bufdechex(buf, t2, &len);
+ if(t && len == MD5_LEN)
{
memcpy(rec->ha1, t, MD5_LEN);
found = 1;
@@ -233,6 +236,7 @@ static int validate_user_password(simple_context_t* ctx, ha_buffer_t* buf,
unsigned char ha1[MD5_LEN];
char* t;
char* t2;
+ size_t len;
ASSERT(ctx && buf && code);
ASSERT(user && user[0] && clearpw);
@@ -306,9 +310,11 @@ static int validate_user_password(simple_context_t* ctx, ha_buffer_t* buf,
/* Check the realm */
if(strcmp(t, ctx->realm) == 0)
{
+ len = MD5_LEN;
+
/* Now try antd decode the ha1 */
- t = ha_bufdechex(buf, t2, MD5_LEN);
- if(t && memcmp(ha1, t, MD5_LEN) == 0)
+ t = ha_bufdechex(buf, t2, &len);
+ if(t && len == MD5_LEN && memcmp(ha1, t, MD5_LEN) == 0)
{
found = 1;
break;
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-23 22:23:51 +0000