From 670eba73c474230e31d688e9568fcd540b4e3b39 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Mon, 9 Aug 2004 18:35:56 +0000 Subject: - added request parameter to ha_message... - combined ha_request and ha_response --- daemon/bd.c | 171 +++++++++++++++++++++++++++++------------------------------- 1 file changed, 84 insertions(+), 87 deletions(-) (limited to 'daemon/bd.c') diff --git a/daemon/bd.c b/daemon/bd.c index 916c453..6cd7b6b 100644 --- a/daemon/bd.c +++ b/daemon/bd.c @@ -25,8 +25,8 @@ static unsigned char g_digest_secret[DIGEST_SECRET_LEN]; static void free_hash_object(void* arg, void* val) { - if(val && val != BASIC_ESTABLISHED) - free(val); + if(val && val != BASIC_ESTABLISHED) + free(val); } static digest_record_t* get_cached_digest(bd_context_t* ctx, ha_context_t* c, @@ -92,7 +92,7 @@ static int save_cached_digest(bd_context_t* ctx, ha_context_t* c, if(!r) { - ha_messagex(LOG_CRIT, "out of memory"); + ha_messagex(NULL, LOG_CRIT, "out of memory"); return HA_CRITERROR; } @@ -120,22 +120,21 @@ static int add_cached_basic(bd_context_t* ctx, ha_context_t* c, if(!r) { - ha_messagex(LOG_CRIT, "out of memory"); + ha_messagex(NULL, LOG_CRIT, "out of memory"); return HA_CRITERROR; } return HA_OK; } -static int do_basic_response(bd_context_t* ctx, const char* header, - const ha_request_t* req, ha_response_t* resp) +static int do_basic_response(ha_request_t* rq, bd_context_t* ctx, const char* header) { basic_header_t basic; int ret = HA_FALSE; - ASSERT(header && resp && req); + ASSERT(header && rq); - if((ret = basic_parse(header, req->buf, &basic)) < 0) + if((ret = basic_parse(header, rq->buf, &basic)) < 0) return ret; /* Past this point we don't return directly */ @@ -143,7 +142,7 @@ static int do_basic_response(bd_context_t* ctx, const char* header, /* Check and see if this connection is in the cache */ if(have_cached_basic(ctx, basic.key)) { - ha_messagex(LOG_NOTICE, "bd: validated basic user against cache: %s", + ha_messagex(rq, LOG_NOTICE, "validated basic user against cache: %s", basic.user); ret = HA_OK; goto finally; @@ -153,42 +152,41 @@ static int do_basic_response(bd_context_t* ctx, const char* header, if(!basic.user || !basic.user[0] || !basic.password || !basic.password[0]) { - ha_messagex(LOG_NOTICE, "bd: no valid basic auth info"); + ha_messagex(rq, LOG_NOTICE, "no valid basic auth info"); ret = HA_FALSE; goto finally; } ASSERT(ctx->f_validate_basic); - ret = ctx->f_validate_basic(req, basic.user, basic.password); + ret = ctx->f_validate_basic(rq, basic.user, basic.password); finally: if(ret == HA_OK) { - resp->code = HA_SERVER_OK; - resp->detail = basic.user; + rq->resp_code = HA_SERVER_OK; + rq->resp_detail = basic.user; /* We put this connection into the successful connections */ - ret = add_cached_basic(ctx, req->context, basic.key); + ret = add_cached_basic(ctx, rq->context, basic.key); } return ret; } -static int do_digest_challenge(bd_context_t* ctx, const ha_request_t* req, - ha_response_t* resp, int stale) +static int do_digest_challenge(ha_request_t* rq, bd_context_t* ctx, int stale) { unsigned char nonce[DIGEST_NONCE_LEN]; const char* nonce_str; const char* header; - ASSERT(ctx && resp && req); + ASSERT(ctx && rq); #ifdef _DEBUG - if(req->context->digest_debugnonce) + if(rq->context->digest_debugnonce) { - nonce_str = req->context->digest_debugnonce; - ha_messagex(LOG_WARNING, "bd: using debug nonce. security non-existant."); + nonce_str = rq->context->digest_debugnonce; + ha_messagex(rq, LOG_WARNING, "using debug nonce. security non-existant."); } else #endif @@ -196,28 +194,27 @@ static int do_digest_challenge(bd_context_t* ctx, const ha_request_t* req, unsigned char nonce[DIGEST_NONCE_LEN]; digest_makenonce(nonce, g_digest_secret, NULL); - nonce_str = ha_bufenchex(req->buf, nonce, DIGEST_NONCE_LEN); + nonce_str = ha_bufenchex(rq->buf, nonce, DIGEST_NONCE_LEN); if(!nonce_str) - return HA_CRITERROR; + return HA_CRITERROR; } /* Now generate a message to send */ - header = digest_challenge(req->buf, nonce_str, req->context->realm, - req->digest_domain, stale); + header = digest_challenge(rq->buf, nonce_str, rq->context->realm, + rq->digest_domain, stale); if(!header) return HA_CRITERROR; /* And append it nicely */ - resp->code = HA_SERVER_DECLINE; - ha_addheader(resp, "WWW-Authenticate", header); + rq->resp_code = HA_SERVER_DECLINE; + ha_addheader(rq, "WWW-Authenticate", header); - ha_messagex(LOG_DEBUG, "bd: created digest challenge with nonce: %s", nonce_str); + ha_messagex(rq, LOG_DEBUG, "created digest challenge with nonce: %s", nonce_str); return HA_OK; } -static int do_digest_response(bd_context_t* ctx, const char* header, - const ha_request_t* req, ha_response_t* resp) +static int do_digest_response(ha_request_t* rq, bd_context_t* ctx, const char* header) { unsigned char nonce[DIGEST_NONCE_LEN]; digest_header_t dg; @@ -228,26 +225,26 @@ static int do_digest_response(bd_context_t* ctx, const char* header, int stale = 0; int r; - ASSERT(ctx && header && req && resp); + ASSERT(ctx && header && rq); /* We use this below to send a default response */ - resp->code = -1; + rq->resp_code = -1; - if((r = digest_parse(header, req->buf, &dg, nonce)) < 0) + if((r = digest_parse(header, rq->buf, &dg, nonce)) < 0) return r; #ifdef _DEBUG - if(req->context->digest_debugnonce) + if(rq->context->digest_debugnonce) { - if(dg.nonce && strcmp(dg.nonce, req->context->digest_debugnonce) != 0) + if(dg.nonce && strcmp(dg.nonce, rq->context->digest_debugnonce) != 0) { ret = HA_FALSE; - ha_messagex(LOG_WARNING, "bd: digest response contains invalid nonce"); + ha_messagex(rq, LOG_WARNING, "digest response contains invalid nonce"); goto finally; } /* Do a rough hash into the real nonce, for use as a key */ - md5_string(nonce, req->context->digest_debugnonce); + md5_string(nonce, rq->context->digest_debugnonce); /* Debug nonce's never expire */ expiry = time(NULL); @@ -259,18 +256,18 @@ static int do_digest_response(bd_context_t* ctx, const char* header, if(r != HA_OK) { if(r == HA_FALSE) - ha_messagex(LOG_WARNING, "bd: digest response contains invalid nonce"); + ha_messagex(rq, LOG_WARNING, "digest response contains invalid nonce"); goto finally; } } - rec = get_cached_digest(ctx, req->context, nonce); + rec = get_cached_digest(ctx, rq->context, nonce); /* Check to see if we're stale */ - if((expiry + req->context->cache_timeout) <= time(NULL)) + if((expiry + rq->context->cache_timeout) <= time(NULL)) { - ha_messagex(LOG_INFO, "bd: nonce expired, sending stale challenge: %s", + ha_messagex(rq, LOG_INFO, "nonce expired, sending stale challenge: %s", dg.username); stale = 1; @@ -279,7 +276,7 @@ static int do_digest_response(bd_context_t* ctx, const char* header, if(!rec) { - ha_messagex(LOG_INFO, "bd: no record in cache, creating one: %s", dg.username); + ha_messagex(rq, LOG_INFO, "no record in cache, creating one: %s", dg.username); /* * If we're valid but don't have a record in the @@ -294,7 +291,7 @@ static int do_digest_response(bd_context_t* ctx, const char* header, } ASSERT(ctx->f_complete_digest); - r = ctx->f_complete_digest(req, dg.username, rec->ha1); + r = ctx->f_complete_digest(rq, dg.username, rec->ha1); if(r != HA_OK) { ret = r; @@ -308,32 +305,32 @@ static int do_digest_response(bd_context_t* ctx, const char* header, rec->nc++; } - ret = digest_check(&dg, rec, req->context, req->buf, - req->args[AUTH_ARG_METHOD], req->args[AUTH_ARG_URI]); + ret = digest_check(&dg, rec, rq->context, rq->buf, + rq->req_args[AUTH_ARG_METHOD], rq->req_args[AUTH_ARG_URI]); if(ret == HA_BADREQ) { ret = HA_FALSE; - resp->code = HA_SERVER_BADREQ; + rq->resp_code = HA_SERVER_BADREQ; } else if(ret == HA_OK) { - resp->code = HA_SERVER_OK; - resp->detail = dg.username; + rq->resp_code = HA_SERVER_OK; + rq->resp_detail = dg.username; /* Figure out if we need a new nonce */ - if((expiry + (req->context->cache_timeout - - (req->context->cache_timeout / 8))) < time(NULL)) + if((expiry + (rq->context->cache_timeout - + (rq->context->cache_timeout / 8))) < time(NULL)) { - ha_messagex(LOG_INFO, "bd: nonce almost expired, creating new one: %s", + ha_messagex(rq, LOG_INFO, "nonce almost expired, creating new one: %s", dg.username); digest_makenonce(nonce, g_digest_secret, NULL); stale = 1; } - t = digest_respond(req->buf, &dg, rec, stale ? nonce : NULL); + t = digest_respond(rq->buf, &dg, rec, stale ? nonce : NULL); if(!t) { ret = HA_CRITERROR; @@ -341,12 +338,12 @@ static int do_digest_response(bd_context_t* ctx, const char* header, } if(t[0]) - ha_addheader(resp, "Authentication-Info", t); + ha_addheader(rq, "Authentication-Info", t); - ha_messagex(LOG_NOTICE, "bd: validated digest user: %s", dg.username); + ha_messagex(rq, LOG_NOTICE, "validated digest user: %s", dg.username); /* Put the connection into the cache */ - if((r = save_cached_digest(ctx, req->context, rec)) < 0) + if((r = save_cached_digest(ctx, rq->context, rec)) < 0) ret = r; rec = NULL; @@ -359,8 +356,8 @@ finally: free(rec); /* If nobody above responded then challenge the client again */ - if(resp->code == -1) - return do_digest_challenge(ctx, req, resp, stale); + if(rq->resp_code == -1) + return do_digest_challenge(rq, ctx, stale); return ret; } @@ -375,7 +372,7 @@ int bd_init(ha_context_t* context) /* Global initialization */ if(!context) { - ha_messagex(LOG_DEBUG, "bd: generating secret"); + ha_messagex(NULL, LOG_DEBUG, "generating secret"); return ha_genrandom(g_digest_secret, DIGEST_SECRET_LEN); } @@ -390,15 +387,15 @@ int bd_init(ha_context_t* context) /* Make sure there are some types of authentication we can do */ if(!(context->allowed_types & (HA_TYPE_BASIC | HA_TYPE_DIGEST))) { - ha_messagex(LOG_ERR, "bd: module configured, but does not implement any " - "configured authentication type."); + ha_messagex(NULL, LOG_ERR, "module configured, but does not implement any " + "configured authentication type."); return HA_FAILED; } /* The cache for digest records and basic */ if(!(ctx->cache = hsh_create(MD5_LEN))) { - ha_messagex(LOG_CRIT, "out of memory"); + ha_messagex(NULL, LOG_CRIT, "out of memory"); return HA_CRITERROR; } @@ -406,7 +403,7 @@ int bd_init(ha_context_t* context) htc.arg = NULL; hsh_set_table_calls(ctx->cache, &htc); - ha_messagex(LOG_INFO, "ldap: initialized handler"); + ha_messagex(NULL, LOG_INFO, "initialized handler"); } return HA_OK; @@ -428,54 +425,54 @@ void bd_destroy(ha_context_t* context) if(ctx->cache) hsh_free(ctx->cache); - ha_messagex(LOG_INFO, "bd: uninitialized handler"); + ha_messagex(NULL, LOG_INFO, "uninitialized handler"); } -int bd_process(const ha_request_t* req, ha_response_t* resp) +int bd_process(ha_request_t* rq) { - bd_context_t* ctx = (bd_context_t*)req->context->ctx_data; + bd_context_t* ctx = (bd_context_t*)rq->context->ctx_data; time_t t = time(NULL); const char* header = NULL; int ret, r; - ASSERT(req && resp); - ASSERT(req->args[AUTH_ARG_METHOD]); - ASSERT(req->args[AUTH_ARG_URI]); + ASSERT(rq); + ASSERT(rq->req_args[AUTH_ARG_METHOD]); + ASSERT(rq->req_args[AUTH_ARG_URI]); ha_lock(NULL); /* Purge out stale connection stuff. */ - r = hsh_purge(ctx->cache, t - req->context->cache_timeout); + r = hsh_purge(ctx->cache, t - rq->context->cache_timeout); ha_unlock(NULL); if(r > 0) - ha_messagex(LOG_DEBUG, "ldap: purged cache records: %d", r); + ha_messagex(rq, LOG_DEBUG, "purged cache records: %d", r); /* We use this below to detect whether to send a default response */ - resp->code = -1; + rq->resp_code = -1; /* Check the headers and see if we got a response thingy */ - if(req->context->allowed_types & HA_TYPE_DIGEST) + if(rq->context->allowed_types & HA_TYPE_DIGEST) { - header = ha_getheader(req, "Authorization", HA_PREFIX_DIGEST); + header = ha_getheader(rq, "Authorization", HA_PREFIX_DIGEST); if(header) { - ha_messagex(LOG_DEBUG, "ldap: processing digest auth header"); - ret = do_digest_response(ctx, header, req, resp); + ha_messagex(rq, LOG_DEBUG, "processing digest auth header"); + ret = do_digest_response(rq, ctx, header); if(ret < 0) return ret; } } /* Or a basic authentication */ - if(!header && req->context->allowed_types & HA_TYPE_BASIC) + if(!header && rq->context->allowed_types & HA_TYPE_BASIC) { - header = ha_getheader(req, "Authorization", HA_PREFIX_BASIC); + header = ha_getheader(rq, "Authorization", HA_PREFIX_BASIC); if(header) { - ha_messagex(LOG_DEBUG, "bd: processing basic auth header"); - ret = do_basic_response(ctx, header, req, resp); + ha_messagex(rq, LOG_DEBUG, "processing basic auth header"); + ret = do_basic_response(rq, ctx, header); if(ret < 0) return ret; } @@ -483,24 +480,24 @@ int bd_process(const ha_request_t* req, ha_response_t* resp) /* Send a default response if that's what we need */ - if(resp->code == -1) + if(rq->resp_code == -1) { - resp->code = HA_SERVER_DECLINE; + rq->resp_code = HA_SERVER_DECLINE; - if(req->context->allowed_types & HA_TYPE_BASIC) + if(rq->context->allowed_types & HA_TYPE_BASIC) { - ha_bufmcat(req->buf, "BASIC realm=\"", req->context->realm , "\"", NULL); + ha_bufmcat(rq->buf, "BASIC realm=\"", rq->context->realm , "\"", NULL); - if(ha_buferr(req->buf)) + if(ha_buferr(rq->buf)) return HA_CRITERROR; - ha_addheader(resp, "WWW-Authenticate", ha_bufdata(req->buf)); - ha_messagex(LOG_DEBUG, "bd: sent basic auth request"); + ha_addheader(rq, "WWW-Authenticate", ha_bufdata(rq->buf)); + ha_messagex(rq, LOG_DEBUG, "sent basic auth request"); } - if(req->context->allowed_types & HA_TYPE_DIGEST) + if(rq->context->allowed_types & HA_TYPE_DIGEST) { - ret = do_digest_challenge(ctx, req, resp, 0); + ret = do_digest_challenge(rq, ctx, 0); if(ret < 0) return ret; } -- cgit v1.2.3