From: hno <> Date: Sat, 8 Nov 2003 00:23:03 +0000 (+0000) Subject: Bug #787: digest auth never detects password changes X-Git-Tag: SQUID_3_0_PRE4~1159 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=df80d445d8a6f7dc40b087329fc9f602e2256368;p=thirdparty%2Fsquid.git Bug #787: digest auth never detects password changes --- diff --git a/lib/rfc2617.c b/lib/rfc2617.c index 344ed2305b..cf95ef9870 100644 --- a/lib/rfc2617.c +++ b/lib/rfc2617.c @@ -13,7 +13,7 @@ /* - * $Id: rfc2617.c,v 1.8 2003/07/12 00:34:01 hno Exp $ + * $Id: rfc2617.c,v 1.9 2003/11/07 17:23:03 hno Exp $ * * DEBUG: * AUTHOR: RFC 2617 & Robert Collins @@ -79,11 +79,16 @@ CvtBin(const HASHHEX Hex, HASH Bin) unsigned char j; for (i = 0; i < HASHHEXLEN; i++) { + unsigned char n; j = Hex[i]; if (('0' <= j) && (j <= '9')) - Bin[i / 2] |= ((j - '0') << ((i % 2 == 0) ? 4 : 0)); + n = j - '0'; else - Bin[i / 2] |= ((j - 'a' + 10) << ((i % 2 == 0) ? 4 : 0)); + n = j - 'a' + 10; + if (i % 2 == 0) + Bin[i / 2] = n << 4; + else + Bin[i / 2] |= n; } Bin[HASHLEN] = '\0'; } diff --git a/src/auth/digest/auth_digest.cc b/src/auth/digest/auth_digest.cc index 84374372d2..33ba36d968 100644 --- a/src/auth/digest/auth_digest.cc +++ b/src/auth/digest/auth_digest.cc @@ -1,6 +1,6 @@ /* - * $Id: auth_digest.cc,v 1.31 2003/08/10 11:00:48 robertc Exp $ + * $Id: auth_digest.cc,v 1.32 2003/11/07 17:23:04 hno Exp $ * * DEBUG: section 29 Authenticator * AUTHOR: Robert Collins @@ -693,7 +693,14 @@ digest_request_h::authenticate(HttpRequest * request, ConnStateData::Pointer con debug(29, 9) ("\nResponse = '%s'\n" "squid is = '%s'\n", digest_request->response, Response); - if (strcasecmp(digest_request->response, Response)) { + if (strcasecmp(digest_request->response, Response) != 0) { + if (!digest_request->flags.helper_queried) { + /* Query the helper in case the password has changed */ + digest_request->flags.helper_queried = 1; + digest_request->credentials_ok = Pending; + return; + } + if (digestConfig->PostWorkaround && request->method != METHOD_GET) { /* Ugly workaround for certain very broken browsers using the * wrong method to calculate the request-digest on POST request. @@ -1449,6 +1456,7 @@ authenticateDigestDecodeAuth(auth_user_request_t * auth_user_request, const char * username cache */ /* store user in hash's */ authenticateUserNameCacheAdd(auth_user); + /* * Add the digest to the user so we can tell if a hacking * or spoofing attack is taking place. We do this by assuming diff --git a/src/auth/digest/auth_digest.h b/src/auth/digest/auth_digest.h index 99996d1d6b..7b02dfd4fd 100644 --- a/src/auth/digest/auth_digest.h +++ b/src/auth/digest/auth_digest.h @@ -87,6 +87,9 @@ unsigned int authinfo_sent: unsigned int nonce_stale: 1; + +unsigned int helper_queried: + 1; } flags;