--------------------- PatchSet 955 Date: 2000/12/18 10:02:46 Author: rbcollins Branch: auth_digest Tag: (none) Log: working digest authentication Members: digest_auth_modules/password/digest_pw_auth.c:1.1.2.1->1.1.2.2 lib/rfc2617.c:1.1.2.2->1.1.2.3 src/acl.c:1.1.1.3.12.26.2.9.2.2->1.1.1.3.12.26.2.9.2.3 src/authenticate.c:1.1.1.3.12.17.2.11->1.1.1.3.12.17.2.11.2.1 src/auth/digest/auth_digest.c:1.1.2.4->1.1.2.5 Index: squid/digest_auth_modules/password/digest_pw_auth.c =================================================================== RCS file: /cvsroot/squid-sf//squid/digest_auth_modules/password/Attic/digest_pw_auth.c,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- squid/digest_auth_modules/password/digest_pw_auth.c 15 Dec 2000 23:47:40 -0000 1.1.2.1 +++ squid/digest_auth_modules/password/digest_pw_auth.c 18 Dec 2000 10:02:46 -0000 1.1.2.2 @@ -144,9 +144,9 @@ } else { DigestCalcHA1("md5",user,realm,u->passwd, NULL, NULL, HA1, HHA1); printf("%s\n",HHA1); - CvtBin(HHA1,HA1); -// CvtHex(HA1,HHA1); -// printf("%s\n",HHA1); +// CvtBin(HHA1,THA1); +// CvtHex(THA1,THHA1); +// printf("%s\n",THHA1); } } exit(0); Index: squid/lib/rfc2617.c =================================================================== RCS file: /cvsroot/squid-sf//squid/lib/rfc2617.c,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -u -r1.1.2.2 -r1.1.2.3 --- squid/lib/rfc2617.c 15 Dec 2000 23:47:41 -0000 1.1.2.2 +++ squid/lib/rfc2617.c 18 Dec 2000 10:02:46 -0000 1.1.2.3 @@ -29,10 +29,10 @@ for (i = 0; i < HASHHEXLEN; i++) { j = Hex[i]; - if ('0' <=j <= '9') - Bin[i/2] |= ((j - '0') << (i%2 ==0) ? 4:0); + if (('0' <=j) && (j <= '9')) + Bin[i/2] |= ((j - '0') << ((i%2 ==0) ? 4:0)); else - Bin[i/2] |= ((j - 'a'+10) << (i%2==0)?4:0); + Bin[i/2] |= ((j - 'a'+10) << ((i%2==0)?4:0)); }; Bin[HASHLEN] = '\0'; }; Index: squid/src/acl.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/acl.c,v retrieving revision 1.1.1.3.12.26.2.9.2.2 retrieving revision 1.1.1.3.12.26.2.9.2.3 diff -u -r1.1.1.3.12.26.2.9.2.2 -r1.1.1.3.12.26.2.9.2.3 --- squid/src/acl.c 15 Dec 2000 23:47:41 -0000 1.1.1.3.12.26.2.9.2.2 +++ squid/src/acl.c 18 Dec 2000 10:02:47 -0000 1.1.1.3.12.26.2.9.2.3 @@ -1,6 +1,6 @@ /* - * $Id: acl.c,v 1.1.1.3.12.26.2.9.2.2 2000/12/15 23:47:41 rbcollins Exp $ + * $Id: acl.c,v 1.1.1.3.12.26.2.9.2.3 2000/12/18 10:02:47 rbcollins Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -793,7 +793,8 @@ case ACL_PROXY_AUTH: if ((Config.Program.authenticate==NULL) && - (Config.Program.ntlmauthenticate==NULL)){ + (Config.Program.ntlmauthenticate==NULL) && + (Config.Program.digestauthenticate==NULL)){ #if 0 if (authenticateSchemeCount()==0) { debug(28,0) ("aclParseAclLine: IGNORING: Proxy Auth ACL '%s' \ Index: squid/src/authenticate.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/authenticate.c,v retrieving revision 1.1.1.3.12.17.2.11 retrieving revision 1.1.1.3.12.17.2.11.2.1 diff -u -r1.1.1.3.12.17.2.11 -r1.1.1.3.12.17.2.11.2.1 --- squid/src/authenticate.c 12 Dec 2000 03:01:48 -0000 1.1.1.3.12.17.2.11 +++ squid/src/authenticate.c 18 Dec 2000 10:02:47 -0000 1.1.1.3.12.17.2.11.2.1 @@ -1,6 +1,6 @@ /* - * $Id: authenticate.c,v 1.1.1.3.12.17.2.11 2000/12/12 03:01:48 rbcollins Exp $ + * $Id: authenticate.c,v 1.1.1.3.12.17.2.11.2.1 2000/12/18 10:02:47 rbcollins Exp $ * * DEBUG: section 29 Authenticator * AUTHOR: Duane Wessels @@ -284,7 +284,10 @@ int i; /* call each currently known authscheme */ for (i = 0; authscheme_list && authscheme_list[i].typestr; i++) { - if (authscheme_list[i].Active()) authscheme_list[i].authFixErrorHeader(auth_user,rep, type, err->request); + if (authscheme_list[i].Active()) + authscheme_list[i].authFixErrorHeader(auth_user,rep, type, err->request); + else + debug(29,8)("authenticateFixErrorHeader: Compiled scheme %s not Active\n",authscheme_list[i].typestr); } } Index: squid/src/auth/digest/auth_digest.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/auth/digest/auth_digest.c,v retrieving revision 1.1.2.4 retrieving revision 1.1.2.5 diff -u -r1.1.2.4 -r1.1.2.5 --- squid/src/auth/digest/auth_digest.c 15 Dec 2000 23:47:42 -0000 1.1.2.4 +++ squid/src/auth/digest/auth_digest.c 18 Dec 2000 10:02:47 -0000 1.1.2.5 @@ -176,6 +176,7 @@ auth_user_hash_pointer *usernamehash, *proxy_auth_hash=NULL; digest_data * digest_auth; const char * proxy_auth; + HASHHEX SESSIONKEY; HASHHEX HA2 = ""; HASHHEX Response; @@ -242,8 +243,9 @@ DigestCalcResponse(SESSIONKEY, digest_auth->nonce, digest_auth->nc, digest_auth->cnonce, digest_auth->qop, RequestMethodStr[request->method], digest_auth->uri, HA2, Response); + debug(29,1)("\nResponse = '%s'\n" - "squid is = '%s'\n", digest_auth->response,Response); + "squid is = '%s'\n" , digest_auth->response,Response); if (strcasecmp(digest_auth->response,Response)) { /* Failed comparison */ @@ -259,6 +261,7 @@ authenticateUserNameCacheAdd(auth_user); authenticateProxyAuthCacheAddLink(proxy_auth, auth_user); } + auth_user->flags.credentials_ok=1; /* password was checked and did match */ debug(29, 4) ("authenticateDigestAuthenticateuser: user '%s' validated OK\n", @@ -289,7 +292,7 @@ void authenticateDigestFixErrorHeader(auth_user_t *auth_user, HttpReply *rep, http_hdr_type type, request_t * request){ digest_nonce_ptr *nonce = authenticateDigestNonceCreate(); - if (Config.Program.authenticate){ + if (Config.Program.digestauthenticate){ #if 0 debug(29, 5) ("authenticateFixErrorHeader: Sending type:%d header: 'Digest realm=\"%s\"'\n",type,Config.proxyAuthRealm); httpHeaderPutStrf(&rep->header, type, "Digest realm=\"%s\"", Config.proxyAuthRealm); @@ -335,7 +338,7 @@ auth_user->flags.credentials_ok = 3; else { - CvtBin(reply, digest_auth->HA1); + CvtBin(reply,digest_auth->HA1); digest_auth->HA1created=1; } valid = cbdataValid(r->data);