From 0bc8575dbfb281f5f5e9fb530247d29ba1f296fc Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Fri, 7 May 2004 17:52:22 +0000 Subject: Protocol: - version added to initial Ready - Added SET command - Added 202 Accept response Some structure changes --- daemon/digest.c | 2 +- daemon/digest.h | 2 +- daemon/httpauthd.c | 237 +++++++++++++++++++++++++++++------------------------ daemon/httpauthd.h | 37 +++++---- daemon/ldap.c | 45 +++++----- daemon/misc.c | 4 +- daemon/ntlm.c | 22 ++--- daemon/simple.c | 43 +++++----- 8 files changed, 213 insertions(+), 179 deletions(-) diff --git a/daemon/digest.c b/daemon/digest.c index 5c53191..95f62f0 100644 --- a/daemon/digest.c +++ b/daemon/digest.c @@ -252,7 +252,7 @@ int digest_parse(char* header, ha_buffer_t* buf, digest_header_t* rec, return HA_OK; } -int digest_check(digest_header_t* dg, digest_record_t* rec, ha_options_t* opts, +int digest_check(digest_header_t* dg, digest_record_t* rec, const ha_context_opts_t* opts, ha_buffer_t* buf, const char* method, const char* uri) { unsigned char hash[MD5_LEN]; diff --git a/daemon/digest.h b/daemon/digest.h index 8eec901..de5dae3 100644 --- a/daemon/digest.h +++ b/daemon/digest.h @@ -42,7 +42,7 @@ int ha_digestparse(char* header, ha_buffer_t* buf, digest_header_t* rec, int ha_digestnonce(time_t* tm, unsigned char* nonce); -int digest_check(digest_header_t* dg, digest_record_t* rec, ha_options_t* opts, +int digest_check(digest_header_t* dg, digest_record_t* rec, const ha_context_opts_t* opts, ha_buffer_t* buf, const char* method, const char* uri); const char* digest_respond(ha_buffer_t* buf, digest_header_t* dg, diff --git a/daemon/httpauthd.c b/daemon/httpauthd.c index 55092db..1092e94 100644 --- a/daemon/httpauthd.c +++ b/daemon/httpauthd.c @@ -67,7 +67,6 @@ httpauth_command_t; const char* kAuthHeaders[] = { "Authorization", - "Proxy-Authorization", NULL }; @@ -75,6 +74,7 @@ const char* kAuthHeaders[] = const httpauth_command_t kCommands[] = { { "auth", REQTYPE_AUTH, 4, kAuthHeaders }, + { "set", REQTYPE_SET, 2, 0 }, { "quit", REQTYPE_QUIT, 0, 0 }, { NULL, -1, -1 } }; @@ -723,7 +723,7 @@ static int httpauth_respond(int ofd, int scode, int ccode, const char* msg) ASSERT(ccode == 0 || (ccode > 99 && ccode < 1000)); /* Can only have a client code when server code is 200 */ - ASSERT(ccode == 0 || scode == HA_SERVER_ACCEPT); + ASSERT(ccode == 0 || scode == HA_SERVER_OK); sprintf(num, "%d ", scode); @@ -777,7 +777,7 @@ static int httpauth_write(int ofd, ha_response_t* resp) ASSERT(ofd != -1); ASSERT(resp); - if(httpauth_respond(ofd, HA_SERVER_ACCEPT, resp->code, resp->detail) < 0) + if(httpauth_respond(ofd, HA_SERVER_OK, resp->code, resp->detail) < 0) return HA_CRITERROR; for(i = 0; i < HA_MAX_HEADERS; i++) @@ -841,31 +841,112 @@ static int httpauth_ready(int ofd, ha_buffer_t* buf) /* We send a ready banner to our client */ + if(ha_buferr(buf)) + return httpauth_error(ofd, HA_CRITERROR); + + else + return httpauth_respond(ofd, HA_SERVER_READY, 0, "HTTPAUTH/1.0"); + +} + +static int httpauth_auth(int ofd, ha_request_t* req, + ha_response_t* resp, ha_buffer_t* outb) +{ + httpauth_loaded_t* h; + int processed = 0; + int r; + + ASSERT(req && resp && outb); + + /* Clear out our response */ + memset(resp, 0, sizeof(*resp)); + + /* Check our connection argument */ + if(!req->args[AUTH_ARG_CONN] || !(req->args[AUTH_ARG_CONN][0])) + { + ha_messagex(LOG_ERR, "missing connection ID in request"); + return HA_BADREQ; + } + + /* Check our uri argument */ + if(!req->args[AUTH_ARG_URI] || !(req->args[AUTH_ARG_URI][0])) + { + ha_messagex(LOG_ERR, "missing URI in request"); + return HA_BADREQ; + } + + /* Check our connection arguments */ + if(!req->args[AUTH_ARG_METHOD] || !(req->args[AUTH_ARG_METHOD][0])) + { + ha_messagex(LOG_ERR, "missing method in request"); + return HA_BADREQ; + } + + /* Find a handler for this type */ for(h = g_handlers; h; h = h->next) { - if(h != g_handlers) - ha_bufjoin(buf); + if(strcasecmp(h->ctx.name, req->args[0]) == 0) + { + ha_messagex(LOG_INFO, "processing request with method: %s (%s)", + h->ctx.name, h->ctx.handler->type); + + /* Now let the handler handle it */ + ASSERT(h->ctx.handler->f_process); - ha_bufmcat(buf, (h != g_handlers) ? " " : "", - h->ctx.name, NULL); + processed = 1; + r = (h->ctx.handler->f_process)(&(h->ctx), req, resp, outb); + if(r < 0) + return r; + } } - if(ha_buferr(buf)) + if(!processed) { - return httpauth_error(ofd, HA_CRITERROR); + ha_messagex(LOG_ERR, "unknown authentication type: %s", req->args[0]); + return HA_BADREQ; + } + + if(httpauth_write(ofd, resp) < 0) + return HA_CRITERROR; + + return HA_OK; +} + +static int httpauth_set(int ofd, ha_request_t* req, ha_request_opts_t* opts, + ha_buffer_t* outb) +{ + const char* name = req->args[0]; + const char* value = req->args[1]; + + /* Check our name argument */ + if(!name || !*name) + { + ha_messagex(LOG_ERR, "missing name in SET request"); + return HA_BADREQ; + } + + if(strcasecmp(name, "Domain") == 0) + { + opts->digest_domains = value ? value : ""; } + else { - return httpauth_respond(ofd, HA_SERVER_READY, 0, ha_bufdata(buf)); + ha_messagex(LOG_ERR, "bad option in SET request"); + return HA_BADREQ; } + + return httpauth_respond(ofd, HA_SERVER_ACCEPTED, 0, NULL); } + static int httpauth_processor(int ifd, int ofd) { ha_buffer_t inb; ha_buffer_t outb; ha_request_t req; ha_response_t resp; + ha_request_opts_t opts; int result = -1; int r; @@ -876,6 +957,10 @@ static int httpauth_processor(int ifd, int ofd) ha_bufinit(&inb); ha_bufinit(&outb); + /* Initialize default options */ + memset(&opts, 0, sizeof(opts)); + opts.digest_domains = ""; + if(httpauth_ready(ofd, &outb) == -1) { result = 1; @@ -908,56 +993,46 @@ static int httpauth_processor(int ifd, int ofd) if(r == 0) result = 0; + req.opts = &opts; + switch(req.type) { case REQTYPE_AUTH: - - r = process_auth(&req, &resp, &outb); - - if(g_quit) - continue; - - if(ha_buferr(&outb)) - r = HA_CRITERROR; - - if(r < 0) - { - httpauth_error(ofd, r); - - if(r == HA_CRITERROR) - result = 1; - - continue; - } - - if(httpauth_write(ofd, &resp) < 0) - { - /* If writing failed then we don't bother notifying the client */ - result = 1; - continue; - } - + r = httpauth_auth(ofd, &req, &resp, &outb); break; + case REQTYPE_SET: + r = httpauth_set(ofd, &req, &opts, &outb); + break; case REQTYPE_QUIT: + r = HA_OK; result = 0; break; case REQTYPE_IGNORE: + r = HA_FALSE; break; default: ha_messagex(LOG_WARNING, "received unknown command from client: %d", ifd); - - if(httpauth_respond(ofd, HA_SERVER_BADREQ, 0, "Unknown command") == -1) - { - result = -1; - continue; - } - + r = httpauth_respond(ofd, HA_SERVER_BADREQ, 0, "Unknown command"); break; }; + + if(g_quit) + continue; + + if(ha_buferr(&outb)) + r = HA_CRITERROR; + + if(r < 0) + { + httpauth_error(ofd, r); + + if(r == HA_CRITERROR) + result = 1; + } } if(ifd == ofd) @@ -972,80 +1047,38 @@ finally: return result; } -static int process_auth(ha_request_t* req, ha_response_t* resp, - ha_buffer_t* outb) -{ - httpauth_loaded_t* h; - - ASSERT(req && resp && outb); - - /* Clear out our response */ - memset(resp, 0, sizeof(*resp)); - - /* Check our connection argument */ - if(!req->args[AUTH_ARG_CONN] || !(req->args[AUTH_ARG_CONN][0])) - { - ha_messagex(LOG_ERR, "missing connection ID in request"); - return HA_BADREQ; - } - - /* Check our uri argument */ - if(!req->args[AUTH_ARG_URI] || !(req->args[AUTH_ARG_URI][0])) - { - ha_messagex(LOG_ERR, "missing URI in request"); - return HA_BADREQ; - } - - /* Check our connection arguments */ - if(!req->args[AUTH_ARG_METHOD] || !(req->args[AUTH_ARG_METHOD][0])) - { - ha_messagex(LOG_ERR, "missing method in request"); - return HA_BADREQ; - } - - - /* Find a handler for this type */ - for(h = g_handlers; h; h = h->next) - { - if(strcasecmp(h->ctx.name, req->args[0]) == 0) - { - ha_messagex(LOG_INFO, "processing request with method: %s (%s)", - h->ctx.name, h->ctx.handler->type); - - /* Now let the handler handle it */ - ASSERT(h->ctx.handler->f_process); - return (h->ctx.handler->f_process)(&(h->ctx), req, resp, outb); - } - } - - ha_messagex(LOG_ERR, "unknown authentication type: %s", req->args[0]); - return HA_BADREQ; -} - /* ----------------------------------------------------------------------- * Configuration */ static ha_context_t* config_addhandler(ha_buffer_t* buf, const char* alias, - ha_handler_t* handler, const ha_options_t* defaults) + ha_handler_t* handler, const ha_context_opts_t* defaults) { httpauth_loaded_t* loaded; + ha_context_opts_t* opts; int len; ASSERT(buf && alias && handler && defaults); - len = sizeof(httpauth_loaded_t) + handler->context_size; + len = sizeof(httpauth_loaded_t) + sizeof(ha_context_opts_t) + + handler->context_size; loaded = (httpauth_loaded_t*)ha_bufmalloc(buf, len); if(!loaded) errx(1, "out of memory"); memset(loaded, 0, len); - memcpy(&(loaded->ctx.opts), defaults, sizeof(ha_options_t)); + + /* Setup the options */ + opts = (ha_context_opts_t*)(((unsigned char*)loaded) + + sizeof(httpauth_loaded_t)); + + memcpy(opts, defaults, sizeof(ha_context_opts_t)); + loaded->ctx.opts = opts; if(handler->context_size) { - void* mem = ((unsigned char*)loaded) + sizeof(httpauth_loaded_t); + void* mem = ((unsigned char*)(opts)) + sizeof(ha_context_opts_t); /* Initialize the defaults properly */ if(handler->context_default) @@ -1090,7 +1123,7 @@ static ha_context_t* config_addhandler(ha_buffer_t* buf, const char* alias, static int config_parse(const char* file, ha_buffer_t* buf) { - ha_options_t defaults; + ha_context_opts_t defaults; ha_context_t* ctx = NULL; int line = 0; int fd; @@ -1235,7 +1268,7 @@ static int config_parse(const char* file, ha_buffer_t* buf) /* Options that are legal in both global and internal sections */ if(!recog) { - ha_options_t* opts = ctx ? &(ctx->opts) : &defaults; + ha_context_opts_t* opts = ctx ? (ha_context_opts_t*)(ctx->opts) : &defaults; ASSERT(opts); if(strcmp(name, "cachetimeout") == 0) @@ -1324,12 +1357,6 @@ static int config_parse(const char* file, ha_buffer_t* buf) recog = 1; } - else if(strcmp(name, "digestdomains") == 0) - { - opts->digest_domains = value; - recog = 1; - } - #ifdef _DEBUG else if(strcmp(name, "digestdebugnonce") == 0) { diff --git a/daemon/httpauthd.h b/daemon/httpauthd.h index d225e4b..ce5b21b 100644 --- a/daemon/httpauthd.h +++ b/daemon/httpauthd.h @@ -131,7 +131,7 @@ typedef int (*auth_config_t)(struct ha_context* ctx, const char* name, const cha * for this handler. Note that all data access in this * function must be thread-safe. */ -typedef int (*auth_process_t)(struct ha_context* ctx, struct ha_request* req, +typedef int (*auth_process_t)(struct ha_context* ctx, const struct ha_request* req, struct ha_response* resp, ha_buffer_t* mem); /* An authentication handler */ @@ -143,7 +143,7 @@ typedef struct ha_handler auth_config_t f_config; /* #0 Called for each config param */ auth_process_t f_process; /* #2 Called for each auth request */ const void* context_default; /* The default context */ - size_t context_size; /* Bytes of extra context needed */ + const size_t context_size; /* Bytes of extra context needed */ } ha_handler_t; @@ -176,8 +176,8 @@ ha_handler_t; - -typedef struct ha_options +/* Standard options for the current context */ +typedef struct ha_context_opts { /* Basic options */ unsigned int types; @@ -190,18 +190,17 @@ typedef struct ha_options /* For digest auth: */ unsigned int digest_ignoreuri : 1; unsigned int digest_ignorenc : 1; - const char* digest_domains; const char* digest_debugnonce; } -ha_options_t; +ha_context_opts_t; -/* Context passed to the handler functions below */ +/* Context passed to the handler functions above */ typedef struct ha_context { - const char* name; /* A name assigned by the configuration file */ - ha_handler_t* handler; /* The original handler structure */ - ha_options_t opts; /* The options */ - void* data; /* Handler specific data */ + const char* name; /* A name assigned by the configuration file */ + const ha_handler_t* handler; /* The original handler structure */ + const ha_context_opts_t* opts; /* The options */ + void* data; /* Handler specific data */ } ha_context_t; @@ -246,23 +245,33 @@ ha_header_t; #define REQTYPE_IGNORE 0 #define REQTYPE_QUIT 1 #define REQTYPE_AUTH 2 +#define REQTYPE_SET 3 #define AUTH_ARG_CONN 1 #define AUTH_ARG_METHOD 2 #define AUTH_ARG_URI 3 +/* Options for the current request */ +typedef struct ha_request_opts +{ + const char* digest_domains; +} +ha_request_opts_t; + /* A single request from client */ typedef struct ha_request { int type; const char* args[HA_MAX_ARGS]; ha_header_t headers[HA_MAX_HEADERS]; + const ha_request_opts_t* opts; } ha_request_t; /* The various response codes for the client */ #define HA_SERVER_READY 100 -#define HA_SERVER_ACCEPT 200 +#define HA_SERVER_OK 200 +#define HA_SERVER_ACCEPTED 202 #define HA_SERVER_DECLINE 401 #define HA_SERVER_BADREQ 400 #define HA_SERVER_BUSY 500 @@ -277,8 +286,8 @@ typedef struct ha_response ha_response_t; /* Request functions */ -ha_header_t* ha_findheader(ha_request_t* req, const char* name); -const char* ha_getheader(ha_request_t* req, const char* name, const char* prefix); +const ha_header_t* ha_findheader(const ha_request_t* req, const char* name); +const char* ha_getheader(const ha_request_t* req, const char* name, const char* prefix); /* Response functions */ void ha_addheader(ha_response_t* resp, const char* name, const char* data); diff --git a/daemon/ldap.c b/daemon/ldap.c index 9fda424..9fd513f 100644 --- a/daemon/ldap.c +++ b/daemon/ldap.c @@ -73,7 +73,7 @@ typedef struct ldap_context int ldap_max; /* Number of open connections allowed */ int ldap_timeout; /* Maximum amount of time to dedicate to an ldap query */ - ha_options_t* opts; /* Options from httpauthd.c */ + const ha_context_opts_t* opts; /* Options from httpauthd.c */ /* Context ----------------------------------------------------------- */ hash_t* cache; /* Some cached records or basic */ @@ -252,12 +252,12 @@ static const char* escape_ldap(ha_buffer_t* buf, const char* str) t += pos; } - while(*t && !strchr(LDAP_NO_ESCAPE, t)) + while(*t && !strchr(LDAP_NO_ESCAPE, *t)) { char hex[4]; hex[0] = '\\'; hex[1] = LDAP_HEX[*t >> 4 & 0xf]; - hex[2] = LDAP_HEX[*t 0xf]; + hex[2] = LDAP_HEX[*t & 0xf]; hex[3] = '\0'; ha_bufjoin(buf); @@ -999,7 +999,7 @@ finally: if(found && ret >= 0) { - resp->code = HA_SERVER_ACCEPT; + resp->code = HA_SERVER_OK; resp->detail = basic.user; /* We put this connection into the successful connections */ @@ -1009,8 +1009,8 @@ finally: return ret; } -static int digest_ldap_challenge(ldap_context_t* ctx, ha_response_t* resp, - ha_buffer_t* buf, int stale) +static int digest_ldap_challenge(ldap_context_t* ctx, const ha_request_t* req, + ha_response_t* resp, ha_buffer_t* buf, int stale) { unsigned char nonce[DIGEST_NONCE_LEN]; const char* nonce_str; @@ -1037,7 +1037,7 @@ static int digest_ldap_challenge(ldap_context_t* ctx, ha_response_t* resp, /* Now generate a message to send */ header = digest_challenge(buf, nonce_str, ctx->opts->realm, - ctx->opts->digest_domains, stale); + req->opts->digest_domains, stale); if(!header) return HA_CRITERROR; @@ -1051,8 +1051,7 @@ static int digest_ldap_challenge(ldap_context_t* ctx, ha_response_t* resp, } static int digest_ldap_response(ldap_context_t* ctx, const char* header, - const char* method, const char* uri, - ha_response_t* resp, ha_buffer_t* buf) + const ha_request_t* req, ha_response_t* resp, ha_buffer_t* buf) { unsigned char nonce[DIGEST_NONCE_LEN]; digest_header_t dg; @@ -1063,7 +1062,7 @@ static int digest_ldap_response(ldap_context_t* ctx, const char* header, int stale = 0; int r; - ASSERT(ctx && header && method && uri && resp && buf); + ASSERT(ctx && header && req && resp && buf); /* We use this below to send a default response */ resp->code = -1; @@ -1142,7 +1141,8 @@ static int digest_ldap_response(ldap_context_t* ctx, const char* header, rec->nc++; } - ret = digest_check(&dg, rec, ctx->opts, buf, method, uri); + ret = digest_check(&dg, rec, ctx->opts, buf, + req->args[AUTH_ARG_METHOD], req->args[AUTH_ARG_URI]); if(ret == HA_BADREQ) { @@ -1152,7 +1152,7 @@ static int digest_ldap_response(ldap_context_t* ctx, const char* header, else if(ret == HA_OK) { - resp->code = HA_SERVER_ACCEPT; + resp->code = HA_SERVER_OK; resp->detail = dg.username; /* Figure out if we need a new nonce */ @@ -1193,7 +1193,7 @@ finally: /* If nobody above responded then challenge the client again */ if(resp->code == -1) - return digest_ldap_challenge(ctx, resp, buf, stale); + return digest_ldap_challenge(ctx, req, resp, buf, stale); return ret; } @@ -1311,7 +1311,7 @@ int ldap_inithand(ha_context_t* context) ASSERT(ctx); /* Make sure there are some types of authentication we can do */ - if(!(context->opts.types & (HA_TYPE_BASIC | HA_TYPE_DIGEST))) + if(!(context->opts->types & (HA_TYPE_BASIC | HA_TYPE_DIGEST))) { ha_messagex(LOG_ERR, "ldap: module configured, but does not implement any " "configured authentication type."); @@ -1358,7 +1358,7 @@ int ldap_inithand(ha_context_t* context) memset(ctx->pool, 0, sizeof(LDAP*) * ctx->ldap_max); /* Copy some settings over for easy access */ - ctx->opts = &(context->opts); + ctx->opts = context->opts; ha_messagex(LOG_INFO, "ldap: initialized handler"); } @@ -1398,7 +1398,7 @@ void ldap_destroy(ha_context_t* context) ha_messagex(LOG_INFO, "ldap: uninitialized handler"); } -int ldap_process(ha_context_t* context, ha_request_t* req, +int ldap_process(ha_context_t* context, const ha_request_t* req, ha_response_t* resp, ha_buffer_t* buf) { ldap_context_t* ctx = (ldap_context_t*)context->data; @@ -1425,21 +1425,20 @@ int ldap_process(ha_context_t* context, ha_request_t* req, /* Check the headers and see if we got a response thingy */ - if(context->opts.types & HA_TYPE_DIGEST) + if(context->opts->types & HA_TYPE_DIGEST) { header = ha_getheader(req, "Authorization", HA_PREFIX_DIGEST); if(header) { ha_messagex(LOG_DEBUG, "ldap: processing digest auth header"); - ret = digest_ldap_response(ctx, header, req->args[AUTH_ARG_METHOD], - req->args[AUTH_ARG_URI], resp, buf); + ret = digest_ldap_response(ctx, header, req, resp, buf); if(ret < 0) return ret; } } /* Or a basic authentication */ - if(!header && context->opts.types & HA_TYPE_BASIC) + if(!header && context->opts->types & HA_TYPE_BASIC) { header = ha_getheader(req, "Authorization", HA_PREFIX_BASIC); if(header) @@ -1457,7 +1456,7 @@ int ldap_process(ha_context_t* context, ha_request_t* req, { resp->code = HA_SERVER_DECLINE; - if(context->opts.types & HA_TYPE_BASIC) + if(context->opts->types & HA_TYPE_BASIC) { ha_bufmcat(buf, "BASIC realm=\"", ctx->opts->realm , "\"", NULL); @@ -1468,9 +1467,9 @@ int ldap_process(ha_context_t* context, ha_request_t* req, ha_messagex(LOG_DEBUG, "ldap: sent basic auth request"); } - if(context->opts.types & HA_TYPE_DIGEST) + if(context->opts->types & HA_TYPE_DIGEST) { - ret = digest_ldap_challenge(ctx, resp, buf, 0); + ret = digest_ldap_challenge(ctx, req, resp, buf, 0); if(ret < 0) return ret; } diff --git a/daemon/misc.c b/daemon/misc.c index a38eda9..8e361be 100644 --- a/daemon/misc.c +++ b/daemon/misc.c @@ -81,7 +81,7 @@ void ha_message(int level, const char* msg, ...) * Header Functionality */ -ha_header_t* ha_findheader(ha_request_t* req, const char* name) +const ha_header_t* ha_findheader(const ha_request_t* req, const char* name) { int i; @@ -99,7 +99,7 @@ ha_header_t* ha_findheader(ha_request_t* req, const char* name) return NULL; } -const char* ha_getheader(ha_request_t* req, const char* name, const char* prefix) +const char* ha_getheader(const ha_request_t* req, const char* name, const char* prefix) { int i, l; diff --git a/daemon/ntlm.c b/daemon/ntlm.c index bbbac5e..a46eecc 100644 --- a/daemon/ntlm.c +++ b/daemon/ntlm.c @@ -252,7 +252,7 @@ int ntlm_auth_basic(ntlm_context_t* ctx, char* key, const char* header, if(found) { int r; - resp->code = HA_SERVER_ACCEPT; + resp->code = HA_SERVER_OK; resp->detail = basic.user; ha_lock(NULL); @@ -584,7 +584,7 @@ int ntlm_init(ha_context_t* context) ASSERT(ctx); /* Make sure there are some types of authentication we can do */ - if(!(context->opts.types & (HA_TYPE_BASIC | HA_TYPE_NTLM))) + if(!(context->opts->types & (HA_TYPE_BASIC | HA_TYPE_NTLM))) { ha_messagex(LOG_ERR, "NTLM module configured, but does not implement any " "configured authentication type."); @@ -655,7 +655,7 @@ void ntlm_destroy(ha_context_t* context) } } -int ntlm_process(ha_context_t* context, ha_request_t* req, +int ntlm_process(ha_context_t* context, const ha_request_t* req, ha_response_t* resp, ha_buffer_t* buf) { ntlm_context_t* ctx = (ntlm_context_t*)(context->data); @@ -682,7 +682,7 @@ int ntlm_process(ha_context_t* context, ha_request_t* req, * well as half open connections which expire. */ r = hash_purge(ctx->pending, t - ctx->pending_timeout); - r += hash_purge(ctx->established, t - context->opts.cache_timeout); + r += hash_purge(ctx->established, t - context->opts->cache_timeout); ha_unlock(NULL); @@ -690,7 +690,7 @@ int ntlm_process(ha_context_t* context, ha_request_t* req, ha_messagex(LOG_DEBUG, "ntlm: purged info from cache: %d", r); /* Look for a NTLM header */ - if(context->opts.types & HA_TYPE_NTLM) + if(context->opts->types & HA_TYPE_NTLM) { header = ha_getheader(req, "Authorization", HA_PREFIX_NTLM); if(header) @@ -707,7 +707,7 @@ int ntlm_process(ha_context_t* context, ha_request_t* req, } /* If basic is enabled, and no NTLM */ - if(!header && context->opts.types & HA_TYPE_BASIC) + if(!header && context->opts->types & HA_TYPE_BASIC) { /* Look for a Basic header */ header = ha_getheader(req, "Authorization", HA_PREFIX_BASIC); @@ -739,12 +739,12 @@ int ntlm_process(ha_context_t* context, ha_request_t* req, if(hash_get(ctx->established, key) == NTLM_ESTABLISHED) { hash_touch(ctx->established, key); - resp->code = HA_SERVER_ACCEPT; + resp->code = HA_SERVER_OK; } ha_unlock(NULL); - if(resp->code == HA_SERVER_ACCEPT) + if(resp->code == HA_SERVER_OK) ha_messagex(LOG_NOTICE, "ntlm: validated user against connection cache"); /* TODO: We need to be able to retrieve the user here somehow */ @@ -757,15 +757,15 @@ int ntlm_process(ha_context_t* context, ha_request_t* req, /* If authentication failed tell the browser about it */ resp->code = HA_SERVER_DECLINE; - if(context->opts.types & HA_TYPE_NTLM) + if(context->opts->types & HA_TYPE_NTLM) { ha_addheader(resp, "WWW-Authenticate", HA_PREFIX_NTLM); ha_messagex(LOG_DEBUG, "ntlm: sent ntlm auth request"); } - if(context->opts.types & HA_TYPE_BASIC) + if(context->opts->types & HA_TYPE_BASIC) { - ha_bufmcat(buf, HA_PREFIX_BASIC, "realm=\"", context->opts.realm, "\"", NULL); + ha_bufmcat(buf, HA_PREFIX_BASIC, "realm=\"", context->opts->realm, "\"", NULL); if(ha_buferr(buf)) return HA_CRITERROR; diff --git a/daemon/simple.c b/daemon/simple.c index d45668f..7165c9c 100644 --- a/daemon/simple.c +++ b/daemon/simple.c @@ -26,8 +26,8 @@ unsigned char g_simple_secret[DIGEST_SECRET_LEN]; typedef struct simple_context { /* Settings ----------------------------------------------------------- */ - const char* filename; /* The file name with the user names */ - ha_options_t* opts; /* Options from httpauthd.c */ + const char* filename; /* The file name with the user names */ + const ha_context_opts_t* opts; /* Options from httpauthd.c */ /* Context ----------------------------------------------------------- */ hash_t* cache; /* Some cached records or basic */ @@ -379,7 +379,7 @@ finally: if(ret == HA_OK) { - resp->code = HA_SERVER_ACCEPT; + resp->code = HA_SERVER_OK; resp->detail = basic.user; /* We put this connection into the successful connections */ @@ -389,8 +389,8 @@ finally: return ret; } -static int simple_digest_challenge(simple_context_t* ctx, ha_response_t* resp, - ha_buffer_t* buf, int stale) +static int simple_digest_challenge(simple_context_t* ctx, const ha_request_t* req, + ha_response_t* resp, ha_buffer_t* buf, int stale) { const char* nonce_str; const char* header; @@ -419,7 +419,7 @@ static int simple_digest_challenge(simple_context_t* ctx, ha_response_t* resp, /* Now generate a message to send */ header = digest_challenge(buf, nonce_str, ctx->opts->realm, - ctx->opts->digest_domains, stale); + req->opts->digest_domains, stale); if(!header) return HA_CRITERROR; @@ -433,8 +433,7 @@ static int simple_digest_challenge(simple_context_t* ctx, ha_response_t* resp, } static int simple_digest_response(simple_context_t* ctx, const char* header, - const char* method, const char* uri, - ha_response_t* resp, ha_buffer_t* buf) + const ha_request_t* req, ha_response_t* resp, ha_buffer_t* buf) { unsigned char nonce[DIGEST_NONCE_LEN]; digest_header_t dg; @@ -445,7 +444,7 @@ static int simple_digest_response(simple_context_t* ctx, const char* header, int stale = 0; int r; - ASSERT(ctx && header && method && uri && resp && buf); + ASSERT(ctx && header && req && resp && buf); /* We use this below to send a default response */ resp->code = -1; @@ -525,7 +524,8 @@ static int simple_digest_response(simple_context_t* ctx, const char* header, rec->nc++; } - ret = digest_check(&dg, rec, ctx->opts, buf, method, uri); + ret = digest_check(&dg, rec, ctx->opts, buf, + req->args[AUTH_ARG_METHOD], req->args[AUTH_ARG_URI]); if(ret == HA_BADREQ) { @@ -535,7 +535,7 @@ static int simple_digest_response(simple_context_t* ctx, const char* header, else if(ret == HA_OK) { - resp->code = HA_SERVER_ACCEPT; + resp->code = HA_SERVER_OK; resp->detail = dg.username; /* Figure out if we need a new nonce */ @@ -576,7 +576,7 @@ finally: /* If nobody above responded then challenge the client again */ if(resp->code == -1) - return simple_digest_challenge(ctx, resp, buf, stale); + return simple_digest_challenge(ctx, req, resp, buf, stale); return ret; } @@ -619,7 +619,7 @@ int simple_init(ha_context_t* context) ASSERT(ctx); /* Make sure there are some types of authentication we can do */ - if(!(context->opts.types & (HA_TYPE_BASIC | HA_TYPE_DIGEST))) + if(!(context->opts->types & (HA_TYPE_BASIC | HA_TYPE_DIGEST))) { ha_messagex(LOG_ERR, "simple: module configured, but does not implement any " "configured authentication type."); @@ -654,7 +654,7 @@ int simple_init(ha_context_t* context) } /* Copy some settings over for easy access */ - ctx->opts = &(context->opts); + ctx->opts = context->opts; ha_messagex(LOG_INFO, "simple: initialized handler"); } @@ -677,7 +677,7 @@ void simple_destroy(ha_context_t* context) } } -int simple_process(ha_context_t* context, ha_request_t* req, +int simple_process(ha_context_t* context, const ha_request_t* req, ha_response_t* resp, ha_buffer_t* buf) { simple_context_t* ctx = (simple_context_t*)(context->data); @@ -706,21 +706,20 @@ int simple_process(ha_context_t* context, ha_request_t* req, /* Check the headers and see if we got a response thingy */ - if(context->opts.types & HA_TYPE_DIGEST) + if(context->opts->types & HA_TYPE_DIGEST) { header = ha_getheader(req, "Authorization", HA_PREFIX_DIGEST); if(header) { ha_messagex(LOG_DEBUG, "simple: processing digest auth header"); - ret = simple_digest_response(ctx, header, req->args[AUTH_ARG_METHOD], - req->args[AUTH_ARG_URI], resp, buf); + ret = simple_digest_response(ctx, header, req, resp, buf); if(ret < 0) return ret; } } /* Or a basic authentication */ - if(!header && context->opts.types & HA_TYPE_BASIC) + if(!header && context->opts->types & HA_TYPE_BASIC) { ha_messagex(LOG_DEBUG, "simple: processing basic auth header"); header = ha_getheader(req, "Authorization", HA_PREFIX_BASIC); @@ -738,7 +737,7 @@ int simple_process(ha_context_t* context, ha_request_t* req, { resp->code = HA_SERVER_DECLINE; - if(context->opts.types & HA_TYPE_BASIC) + if(context->opts->types & HA_TYPE_BASIC) { ha_bufmcat(buf, "BASIC realm=\"", ctx->opts->realm , "\"", NULL); @@ -749,9 +748,9 @@ int simple_process(ha_context_t* context, ha_request_t* req, ha_messagex(LOG_DEBUG, "simple: sent basic auth request"); } - if(context->opts.types & HA_TYPE_DIGEST) + if(context->opts->types & HA_TYPE_DIGEST) { - ret = simple_digest_challenge(ctx, resp, buf, 0); + ret = simple_digest_challenge(ctx, req, resp, buf, 0); if(ret < 0) return ret; } -- cgit v1.2.3