From: hno <> Date: Thu, 19 May 2005 03:34:56 +0000 (+0000) Subject: Imported LDAP based Digest hash helper X-Git-Tag: SQUID_3_0_PRE4~744 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ca6965d0ee1b85378f52c072efb315cc5764e6be;p=thirdparty%2Fsquid.git Imported LDAP based Digest hash helper --- diff --git a/helpers/digest_auth/password/Makefile.am b/helpers/digest_auth/password/Makefile.am index 652410c8a4..202b1f727e 100644 --- a/helpers/digest_auth/password/Makefile.am +++ b/helpers/digest_auth/password/Makefile.am @@ -1,7 +1,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.am,v 1.3 2003/04/01 10:39:38 robertc Exp $ +# $Id: Makefile.am,v 1.4 2005/05/18 21:34:56 hno Exp $ # # Uncomment and customize the following to suit your needs: # @@ -10,8 +10,10 @@ libexec_PROGRAMS = digest_pw_auth digest_pw_auth_SOURCES = digest_pw_auth.c \ digest_common.h \ text_backend.c \ - text_backend.h + text_backend.h \ + ldap_backend.c \ + ldap_backend.h INCLUDES = -I. -I$(top_builddir)/include -I$(top_srcdir)/include \ -I$(top_srcdir)/src/ -LDADD = -L$(top_builddir)/lib -lmiscutil $(CRYPTLIB) $(XTRA_LIBS) $(SSLLIB) +LDADD = -L$(top_builddir)/lib -lmiscutil $(LIB_LDAP) $(LIB_LBER) $(CRYPTLIB) $(XTRA_LIBS) $(SSLLIB) diff --git a/helpers/digest_auth/password/digest_common.h b/helpers/digest_auth/password/digest_common.h index da3186336a..8804745aab 100644 --- a/helpers/digest_auth/password/digest_common.h +++ b/helpers/digest_auth/password/digest_common.h @@ -41,6 +41,7 @@ typedef struct _request_data { char *user; char *realm; + char *password; HASHHEX HHA1; int parsed; int error; @@ -51,6 +52,6 @@ typedef struct _request_data { * #define ProcessArguments(A, B) MyHandleArguments(A,B) * #define GetHHA1(A) MyGetHHA1(A) */ -typedef void HandleArguments (int, char **); +typedef void HandleArguments(int, char **); typedef void HHA1Creator(RequestData *); #endif /* _SQUID_DIGEST_COMMON_H_ */ diff --git a/helpers/digest_auth/password/digest_pw_auth.c b/helpers/digest_auth/password/digest_pw_auth.c index a145583d4e..fcda639295 100644 --- a/helpers/digest_auth/password/digest_pw_auth.c +++ b/helpers/digest_auth/password/digest_pw_auth.c @@ -3,6 +3,7 @@ * * AUTHOR: Robert Collins. Based on ncsa_auth.c by Arjan de Vet * + * LDAP backend extension by Flavio Pescuma, MARA Systems AB * * Example digest authentication program for Squid, based on the original * proxy_auth code from client_side.c, written by @@ -31,9 +32,30 @@ #include "digest_common.h" #include "text_backend.h" +#include "ldap_backend.h" +#define PROGRAM_NAME "digest_pw_auth" +char *backend; + + +void +usage() +{ + fprintf(stderr, "\n\t\tYou need at least to specify the backend database\n"); + fprintf(stderr, "\t\t%s -D LDAP or file\n", PROGRAM_NAME); + exit(1); +} + +void +GetHHA1(RequestData * requestData) +{ + if (strcmp(backend, "LDAP") == 0) + LDAPHHA1(requestData); + else if (strcmp(backend, "file") == 0) + TextHHA1(requestData); +} static void -ParseBuffer(char *buf, RequestData *requestData) +ParseBuffer(char *buf, RequestData * requestData) { char *p; requestData->parsed = 0; @@ -49,11 +71,11 @@ ParseBuffer(char *buf, RequestData *requestData) } static void -OutputHHA1(RequestData *requestData) +OutputHHA1(RequestData * requestData) { requestData->error = 0; GetHHA1(requestData); - if (requestData->error) { + if (requestData->error) { printf("ERR No such user\n"); return; } @@ -64,21 +86,40 @@ static void DoOneRequest(char *buf) { RequestData requestData; - ParseBuffer (buf, &requestData); + ParseBuffer(buf, &requestData); if (!requestData.parsed) { - printf ("ERR\n"); + printf("ERR\n"); return; } OutputHHA1(&requestData); } +void +ProcessArguments(int argc, char **argv) +{ + int i = 0; + if ((strncmp(argv[1], "-D", 2) != 0) || (argc < 3)) + usage(); + else { + backend = argv[2]; + if (strcmp(backend, "LDAP") == 0) { + i = LDAPArguments(argc, argv); + if (i) + exit(i); + } else if (strcmp(backend, "file") == 0) + TextArguments(argc, argv); + else + usage(); + } +} + int main(int argc, char **argv) { char buf[256]; setbuf(stdout, NULL); - ProcessArguments (argc, argv); + ProcessArguments(argc, argv); while (fgets(buf, 256, stdin) != NULL) - DoOneRequest (buf); + DoOneRequest(buf); exit(0); } diff --git a/helpers/digest_auth/password/ldap_backend.c b/helpers/digest_auth/password/ldap_backend.c new file mode 100644 index 0000000000..799e83711c --- /dev/null +++ b/helpers/digest_auth/password/ldap_backend.c @@ -0,0 +1,605 @@ +/* + * + * + * + * ldap_backend.c + * AUTHOR: Flavio Pescuma, MARA Systems AB + */ +#include +#include +#include +#include +#include +#include +#include "ldap_backend.h" +#define PROGRAM_NAME "digest_pw_auth(LDAP_backend)" + +/* Globals */ + +static LDAP *ld = NULL; +static char *passattr = NULL; +static char *ldapServer = NULL; +static char *userbasedn = NULL; +static char *userdnattr = NULL; +static char *usersearchfilter = NULL; +static char *binddn = NULL; +static char *bindpasswd = NULL; +static char *delimiter = ":"; +static int encrpass = 0; +static int searchscope = LDAP_SCOPE_SUBTREE; +static int persistent = 0; +static int noreferrals = 0; +static int debug = 0; +static int port = LDAP_PORT; +static int strip_nt_domain = 0; +static int aliasderef = LDAP_DEREF_NEVER; +#if defined(NETSCAPE_SSL) +static char *sslpath = NULL; +static int sslinit = 0; +#endif +static int connect_timeout = 0; +static int timelimit = LDAP_NO_LIMIT; + +#ifdef LDAP_VERSION3 +/* Added for TLS support and version 3 */ +static int use_tls = 0; +static int version = -1; +#endif + +static void ldapconnect(void); +static int readSecret(char *filename); + +/* Yuck.. we need to glue to different versions of the API */ + +#if defined(LDAP_API_VERSION) && LDAP_API_VERSION > 1823 +static void +squid_ldap_set_aliasderef(int deref) +{ + ldap_set_option(ld, LDAP_OPT_DEREF, &deref); +} +static void +squid_ldap_set_referrals(int referrals) +{ + int *value = referrals ? LDAP_OPT_ON : LDAP_OPT_OFF; + ldap_set_option(ld, LDAP_OPT_REFERRALS, value); +} +static void +squid_ldap_set_timelimit(int timelimit) +{ + ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &timelimit); +} +static void +squid_ldap_set_connect_timeout(int timelimit) +{ +#if defined(LDAP_OPT_NETWORK_TIMEOUT) + struct timeval tv; + tv.tv_sec = timelimit; + tv.tv_usec = 0; + ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &tv); +#elif defined(LDAP_X_OPT_CONNECT_TIMEOUT) + timelimit *= 1000; + ldap_set_option(ld, LDAP_X_OPT_CONNECT_TIMEOUT, &timelimit); +#endif +} + +#else +static int +squid_ldap_errno(LDAP * ld) +{ + return ld->ld_errno; +} +static void +squid_ldap_set_aliasderef(int deref) +{ + ld->ld_deref = deref; +} +static void +squid_ldap_set_referrals(int referrals) +{ + if (referrals) + ld->ld_options |= ~LDAP_OPT_REFERRALS; + else + ld->ld_options &= ~LDAP_OPT_REFERRALS; +} +static void +squid_ldap_set_timelimit(int timelimit) +{ + ld->ld_timelimit = timelimit; +} +static void +squid_ldap_set_connect_timeout(int timelimit) +{ + fprintf(stderr, "Connect timeouts not supported in your LDAP library\n"); +} +static void +squid_ldap_memfree(char *p) +{ + free(p); +} + +#endif + +#ifdef LDAP_API_FEATURE_X_OPENLDAP +#if LDAP_VENDOR_VERSION > 194 +#define HAS_URI_SUPPORT 1 +#endif +#endif + +static int +ldap_escape_value(char *escaped, int size, const char *src) +{ + int n = 0; + while (size > 4 && *src) { + switch (*src) { + case '*': + case '(': + case ')': + case '\\': + n += 3; + size -= 3; + if (size > 0) { + *escaped++ = '\\'; + snprintf(escaped, 3, "%02x", (int) *src++); + escaped += 2; + } + break; + default: + *escaped++ = *src++; + n++; + size--; + } + } + *escaped = '\0'; + return n; +} + +static char * +getpassword(char *login, char *realm) +{ + LDAPMessage *res = NULL; + LDAPMessage *entry; + char **values = NULL; + char **value = NULL; + char *password = NULL; + int retry = 0; + char filter[8192]; + char searchbase[8192]; + int rc = -1; + if (ld) { + if (usersearchfilter) { + char escaped_login[1024]; + snprintf(searchbase, sizeof(searchbase), "%s", userbasedn); + ldap_escape_value(escaped_login, sizeof(escaped_login), login); + snprintf(filter, sizeof(filter), usersearchfilter, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login); + + retrysrch: + if (debug) + fprintf(stderr, "user filter '%s', searchbase '%s'\n", filter, searchbase); + + rc = ldap_search_s(ld, searchbase, searchscope, filter, NULL, 0, &res); + if (rc != LDAP_SUCCESS) { + if (noreferrals && rc == LDAP_PARTIAL_RESULTS) { + /* Everything is fine. This is expected when referrals + * are disabled. + */ + rc = LDAP_SUCCESS; + } else { + fprintf(stderr, PROGRAM_NAME " WARNING, LDAP search error '%s'\n", ldap_err2string(rc)); +#if defined(NETSCAPE_SSL) + if (sslpath && ((rc == LDAP_SERVER_DOWN) || (rc == LDAP_CONNECT_ERROR))) { + int sslerr = PORT_GetError(); + fprintf(stderr, PROGRAM_NAME ": WARNING, SSL error %d (%s)\n", sslerr, ldapssl_err2string(sslerr)); + } +#endif + fprintf(stderr, PROGRAM_NAME " WARNING, LDAP search error, trying to recover'%s'\n", ldap_err2string(rc)); + ldap_msgfree(res); + /* try to connect to the LDAP server agin, maybe my persisten conexion failed. */ + if (!retry) { + retry++; + ldap_unbind(ld); + ld = NULL; + ldapconnect(); + goto retrysrch; + } + return NULL; + + } + } + } else if (userdnattr) { + sprintf(searchbase, "%s=%s, %s", userdnattr, login, userbasedn); + + retrydnattr: + if (debug) + fprintf(stderr, "searchbase '%s'\n", searchbase); + rc = ldap_search_s(ld, searchbase, searchscope, NULL, NULL, 0, &res); + } + if (rc == LDAP_SUCCESS) { + entry = ldap_first_entry(ld, res); + if (entry) + values = ldap_get_values(ld, entry, passattr); + else { + ldap_msgfree(res); + return NULL; + } + if (!values) { + if (debug) + printf("No attribute value found\n"); + ldap_msgfree(res); + return NULL; + } + value = values; + while (*value) { + if (encrpass) { + if (strcmp(strtok(*value, delimiter), realm) == 0) { + password = strtok(NULL, delimiter); + break; + } + } else { + password = *value; + break; + } + value++; + } + if (debug) + printf("password: %s\n", password); + if (password) + password = strdup(password); + ldap_value_free(values); + ldap_msgfree(res); + return password; + } else { + fprintf(stderr, PROGRAM_NAME " WARNING, LDAP error '%s'\n", ldap_err2string(rc)); + /* try to connect to the LDAP server agin, maybe my persisten conexion failed. */ + if (!retry) { + retry++; + ldap_unbind(ld); + ld = NULL; + ldapconnect(); + goto retrydnattr; + } + return NULL; + } + } + return NULL; +} + + + +static void +ldapconnect(void) +{ + int rc; + + if (ld == NULL) { +#if HAS_URI_SUPPORT + if (strstr(ldapServer, "://") != NULL) { + rc = ldap_initialize(&ld, ldapServer); + if (rc != LDAP_SUCCESS) { + fprintf(stderr, "\nUnable to connect to LDAPURI:%s\n", ldapServer); + } + } else +#endif +#if NETSCAPE_SSL + if (sslpath) { + if (!sslinit && (ldapssl_client_init(sslpath, NULL) != LDAP_SUCCESS)) { + fprintf(stderr, "\nUnable to initialise SSL with cert path %s\n", + sslpath); + exit(1); + } else { + sslinit++; + } + if ((ld = ldapssl_init(ldapServer, port, 1)) == NULL) { + fprintf(stderr, "\nUnable to connect to SSL LDAP server: %s port:%d\n", + ldapServer, port); + exit(1); + } + } else +#endif + if ((ld = ldap_init(ldapServer, port)) == NULL) { + fprintf(stderr, "\nUnable to connect to LDAP server:%s port:%d\n", ldapServer, port); + } + if (connect_timeout) + squid_ldap_set_connect_timeout(connect_timeout); + +#ifdef LDAP_VERSION3 + if (version == -1) { + version = LDAP_VERSION2; + } + if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version) + != LDAP_OPT_SUCCESS) { + fprintf(stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", + version); + ldap_unbind(ld); + ld = NULL; + } + if (use_tls && (version == LDAP_VERSION3) && (ldap_start_tls_s(ld, NULL, NULL) == LDAP_SUCCESS)) { + fprintf(stderr, "Could not Activate TLS connection\n"); + ldap_unbind(ld); + ld = NULL; + } +#endif + squid_ldap_set_timelimit(timelimit); + squid_ldap_set_referrals(!noreferrals); + squid_ldap_set_aliasderef(aliasderef); + if (binddn && bindpasswd && *binddn && *bindpasswd) { + rc = ldap_simple_bind_s(ld, binddn, bindpasswd); + if (rc != LDAP_SUCCESS) { + fprintf(stderr, PROGRAM_NAME " WARNING, could not bind to binddn '%s'\n", ldap_err2string(rc)); + ldap_unbind(ld); + ld = NULL; + } + } + if (debug) + fprintf(stderr, "Connected OK\n"); + } +} +int +LDAPArguments(int argc, char **argv) +{ + setbuf(stdout, NULL); + + while (argc > 1 && argv[1][0] == '-') { + char *value = ""; + char option = argv[1][1]; + switch (option) { + case 'P': + case 'R': + case 'z': + case 'Z': + case 'g': + case 'e': + case 'S': + break; + default: + if (strlen(argv[1]) > 2) { + value = argv[1] + 2; + } else if (argc > 2) { + value = argv[2]; + argv++; + argc--; + } else + value = ""; + break; + } + argv++; + argc--; + switch (option) { + case 'H': +#if !HAS_URI_SUPPORT + fprintf(stderr, "ERROR: Your LDAP library does not have URI support\n"); + return 1; +#endif + /* Fall thru to -h */ + case 'h': + if (ldapServer) { + int len = strlen(ldapServer) + 1 + strlen(value) + 1; + char *newhost = malloc(len); + snprintf(newhost, len, "%s %s", ldapServer, value); + free(ldapServer); + ldapServer = newhost; + } else { + ldapServer = strdup(value); + } + break; + case 'A': + passattr = value; + break; + case 'e': + encrpass = 1; + break; + case 'l': + delimiter = value; + break; + case 'b': + userbasedn = value; + break; + case 'F': + usersearchfilter = value; + break; + case 'u': + userdnattr = value; + break; + case 's': + if (strcmp(value, "base") == 0) + searchscope = LDAP_SCOPE_BASE; + else if (strcmp(value, "one") == 0) + searchscope = LDAP_SCOPE_ONELEVEL; + else if (strcmp(value, "sub") == 0) + searchscope = LDAP_SCOPE_SUBTREE; + else { + fprintf(stderr, PROGRAM_NAME " ERROR: Unknown search scope '%s'\n", value); + return 1; + } + break; + case 'S': +#if defined(NETSCAPE_SSL) + sslpath = value; + if (port == LDAP_PORT) + port = LDAPS_PORT; +#else + fprintf(stderr, PROGRAM_NAME " ERROR: -E unsupported with this LDAP library\n"); + return 1; +#endif + break; + case 'c': + connect_timeout = atoi(value); + break; + case 't': + timelimit = atoi(value); + break; + case 'a': + if (strcmp(value, "never") == 0) + aliasderef = LDAP_DEREF_NEVER; + else if (strcmp(value, "always") == 0) + aliasderef = LDAP_DEREF_ALWAYS; + else if (strcmp(value, "search") == 0) + aliasderef = LDAP_DEREF_SEARCHING; + else if (strcmp(value, "find") == 0) + aliasderef = LDAP_DEREF_FINDING; + else { + fprintf(stderr, PROGRAM_NAME " ERROR: Unknown alias dereference method '%s'\n", value); + return 1; + } + break; + case 'D': + binddn = value; + break; + case 'w': + bindpasswd = value; + break; + case 'W': + readSecret(value); + break; + case 'P': + persistent = !persistent; + break; + case 'p': + port = atoi(value); + break; + case 'R': + noreferrals = !noreferrals; + break; +#ifdef LDAP_VERSION3 + case 'v': + switch (atoi(value)) { + case 2: + version = LDAP_VERSION2; + break; + case 3: + version = LDAP_VERSION3; + break; + default: + fprintf(stderr, "Protocol version should be 2 or 3\n"); + return 1; + } + break; + case 'Z': + if (version == LDAP_VERSION2) { + fprintf(stderr, "TLS (-Z) is incompatible with version %d\n", + version); + return 1; + } + version = LDAP_VERSION3; + use_tls = 1; + break; +#endif + case 'd': + debug = 1; + break; + case 'E': + strip_nt_domain = 1; + break; + default: + fprintf(stderr, PROGRAM_NAME " ERROR: Unknown command line option '%c'\n", option); + return 1; + } + } + + while (argc > 1) { + char *value = argv[1]; + if (ldapServer) { + int len = strlen(ldapServer) + 1 + strlen(value) + 1; + char *newhost = malloc(len); + snprintf(newhost, len, "%s %s", ldapServer, value); + free(ldapServer); + ldapServer = newhost; + } else { + ldapServer = strdup(value); + } + argc--; + argv++; + } + + if (!ldapServer) + ldapServer = "localhost"; + + if (!userbasedn || !passattr) { + fprintf(stderr, "Usage: " PROGRAM_NAME " -b basedn -f filter [options] ldap_server_name\n\n"); + fprintf(stderr, "\t-A password attribute(REQUIRED)\t\tUser attribute that contains the password\n"); + fprintf(stderr, "\t-l password realm delimiter(REQUIRED)\tCharater(s) that devides the password attribute\n\t\t\t\t\t\tin realm and password tokens, default ':' realm:password\n"); + fprintf(stderr, "\t-b basedn (REQUIRED)\t\t\tbase dn under where to search for users\n"); + fprintf(stderr, "\t-e Encrypted passwords(REQUIRED)\tPassword are stored encrypted using HHA1\n"); + fprintf(stderr, "\t-F filter\t\t\t\tuser search filter pattern. %%s = login\n"); + fprintf(stderr, "\t-u attribute\t\t\t\tattribute to use in combination with the basedn to create the user DN\n"); + fprintf(stderr, "\t-s base|one|sub\t\t\t\tsearch scope\n"); + fprintf(stderr, "\t-D binddn\t\t\t\tDN to bind as to perform searches\n"); + fprintf(stderr, "\t-w bindpasswd\t\t\t\tpassword for binddn\n"); + fprintf(stderr, "\t-W secretfile\t\t\t\tread password for binddn from file secretfile\n"); +#if HAS_URI_SUPPORT + fprintf(stderr, "\t-H URI\t\t\t\t\tLDAPURI (defaults to ldap://localhost)\n"); +#endif + fprintf(stderr, "\t-h server\t\t\t\tLDAP server (defaults to localhost)\n"); + fprintf(stderr, "\t-p port\t\t\t\t\tLDAP server port (defaults to %d)\n", LDAP_PORT); + fprintf(stderr, "\t-P\t\t\t\t\tpersistent LDAP connection\n"); +#if defined(NETSCAPE_SSL) + fprintf(stderr, "\t-E sslcertpath\t\t\t\tenable LDAP over SSL\n"); +#endif + fprintf(stderr, "\t-c timeout\t\t\t\tconnect timeout\n"); + fprintf(stderr, "\t-t timelimit\t\t\t\tsearch time limit\n"); + fprintf(stderr, "\t-R\t\t\t\t\tdo not follow referrals\n"); + fprintf(stderr, "\t-a never|always|search|find\t\twhen to dereference aliases\n"); +#ifdef LDAP_VERSION3 + fprintf(stderr, "\t-v 2|3\t\t\t\t\tLDAP version\n"); + fprintf(stderr, "\t-Z\t\t\t\t\tTLS encrypt the LDAP connection, requires\n\t\t\t\tLDAP version 3\n"); +#endif + fprintf(stderr, "\t-S\t\t\t\t\tStrip NT domain from usernames\n"); + fprintf(stderr, "\n"); + fprintf(stderr, "\tIf you need to bind as a user to perform searches then use the\n\t-D binddn -w bindpasswd or -D binddn -W secretfile options\n\n"); + return -1; + } + return 0; +} +static int +readSecret(char *filename) +{ + char buf[BUFSIZ]; + char *e = 0; + FILE *f; + + if (!(f = fopen(filename, "r"))) { + fprintf(stderr, PROGRAM_NAME " ERROR: Can not read secret file %s\n", filename); + return 1; + } + if (!fgets(buf, sizeof(buf) - 1, f)) { + fprintf(stderr, PROGRAM_NAME " ERROR: Secret file %s is empty\n", filename); + fclose(f); + return 1; + } + /* strip whitespaces on end */ + if ((e = strrchr(buf, '\n'))) + *e = 0; + if ((e = strrchr(buf, '\r'))) + *e = 0; + + bindpasswd = (char *) calloc(sizeof(char), strlen(buf) + 1); + if (bindpasswd) { + strcpy(bindpasswd, buf); + } else { + fprintf(stderr, PROGRAM_NAME " ERROR: can not allocate memory\n"); + } + + fclose(f); + + return 0; +} + +void +LDAPHHA1(RequestData * requestData) +{ + char *password = ""; + /* LDAPArguments(argc,argv); */ + ldapconnect(); + password = getpassword(requestData->user, requestData->realm); + if (password != NULL) { + if (encrpass) + xstrncpy(requestData->HHA1, &password[6], sizeof(requestData->HHA1)); + else { + HASH HA1; + DigestCalcHA1("md5", requestData->user, requestData->realm, password, NULL, NULL, HA1, requestData->HHA1); + } + free(password); + } else { + requestData->error = -1; + } + +} diff --git a/helpers/digest_auth/password/ldap_backend.h b/helpers/digest_auth/password/ldap_backend.h new file mode 100644 index 0000000000..669be23f2b --- /dev/null +++ b/helpers/digest_auth/password/ldap_backend.h @@ -0,0 +1,9 @@ +/* + * text_backend.h + * + * AUTHOR: Flavio Pescuma. + * + */ +#include "digest_common.h" +extern int LDAPArguments(int argc, char **argv); +extern void LDAPHHA1(RequestData * requestData); diff --git a/helpers/digest_auth/password/text_backend.c b/helpers/digest_auth/password/text_backend.c index 76b254a6f7..09577c09ae 100644 --- a/helpers/digest_auth/password/text_backend.c +++ b/helpers/digest_auth/password/text_backend.c @@ -34,7 +34,7 @@ static hash_table *hash = NULL; static HASHFREE my_free; static char *passwdfile = NULL; -static int ha1mode=0; +static int ha1mode = 0; static time_t change_time = 0; typedef struct _user_data { @@ -101,7 +101,7 @@ read_passwd_file(const char *passwdfile, int ha1mode) } u = xmalloc(sizeof(*u)); if (realm) { - int len = strlen(user)+strlen(realm)+2; + int len = strlen(user) + strlen(realm) + 2; u->hash.key = malloc(len); snprintf(u->hash.key, len, "%s:%s", user, realm); } else { @@ -112,25 +112,25 @@ read_passwd_file(const char *passwdfile, int ha1mode) else u->passwd = xstrdup(passwd); hash_join(hash, &u->hash); - } + } } fclose(f); } /* replace when changing the backend */ void -TextArguments (int argc, char **argv) +TextArguments(int argc, char **argv) { struct stat sb; - if(argc == 2) - passwdfile = argv[1]; - if((argc == 3) && !strcmp("-c", argv[1])){ - ha1mode=1; - passwdfile = argv[2]; + if (argc == 2) + passwdfile = argv[1]; + if ((argc == 3) && !strcmp("-c", argv[1])) { + ha1mode = 1; + passwdfile = argv[2]; } if (!passwdfile) { - fprintf(stderr, "Usage: digest_pw_auth [OPTIONS] \n"); - fprintf(stderr, " -c accept digest hashed passwords rather than plaintext in passwordfile\n"); + fprintf(stderr, "Usage: digest_pw_auth [OPTIONS] \n"); + fprintf(stderr, " -c accept digest hashed passwords rather than plaintext in passwordfile\n"); exit(1); } if (stat(passwdfile, &sb) != 0) { @@ -139,8 +139,8 @@ TextArguments (int argc, char **argv) } } -const user_data * -GetPassword (RequestData *requestData) +static const user_data * +GetPassword(RequestData * requestData) { user_data *u; struct stat sb; @@ -157,23 +157,23 @@ GetPassword (RequestData *requestData) len = snprintf(buf, sizeof(buf), "%s:%s", requestData->user, requestData->realm); if (len >= sizeof(buf)) return NULL; - u = (user_data *)hash_lookup(hash, buf); + u = (user_data *) hash_lookup(hash, buf); if (u) return u; - u = (user_data *)hash_lookup(hash, requestData->user); + u = (user_data *) hash_lookup(hash, requestData->user); return u; } void -TextHHA1(RequestData *requestData) +TextHHA1(RequestData * requestData) { - const user_data *u = GetPassword (requestData); + const user_data *u = GetPassword(requestData); if (!u) { requestData->error = -1; return; } if (u->ha1) { - xstrncpy (requestData->HHA1, u->ha1, sizeof (requestData->HHA1)); + xstrncpy(requestData->HHA1, u->ha1, sizeof(requestData->HHA1)); } else { HASH HA1; DigestCalcHA1("md5", requestData->user, requestData->realm, u->passwd, NULL, NULL, HA1, requestData->HHA1); diff --git a/helpers/digest_auth/password/text_backend.h b/helpers/digest_auth/password/text_backend.h index ec52f1c6a7..7c9aee6db4 100644 --- a/helpers/digest_auth/password/text_backend.h +++ b/helpers/digest_auth/password/text_backend.h @@ -21,7 +21,5 @@ #include "digest_common.h" -extern void TextArguments (int argc, char **argv); -#define ProcessArguments(A, B) TextArguments(A,B) -extern void TextHHA1(RequestData *requestData); -#define GetHHA1(A) TextHHA1(A) +extern void TextArguments(int argc, char **argv); +extern void TextHHA1(RequestData * requestData);