aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@gnu.org.ua>2017-10-25 12:42:31 +0300
committerSergey Poznyakoff <gray@gnu.org.ua>2017-10-25 12:42:31 +0300
commitb1c79452b9f4cfe5ad432a7757f16d64e7050830 (patch)
treea7b9183bdeea93abae8190c71efb64ce5f67accc
parent09f076dfdab4d7b7a71bbac96848260db8f55511 (diff)
downloadvmod-basicauth-b1c79452b9f4cfe5ad432a7757f16d64e7050830.tar.gz
vmod-basicauth-b1c79452b9f4cfe5ad432a7757f16d64e7050830.tar.bz2
Test for the presence of crypt.h and crypt_r call. Improve the testsuite.
-rw-r--r--NEWS9
-rw-r--r--configure.ac9
-rw-r--r--src/vmod_basicauth.c44
-rw-r--r--tests/aprmd5.at12
-rw-r--r--tests/crypt.at12
-rw-r--r--tests/plain.at13
-rw-r--r--tests/sha1.at12
7 files changed, 94 insertions, 17 deletions
diff --git a/NEWS b/NEWS
index 3e5f67e..5cd7a9a 100644
--- a/NEWS
+++ b/NEWS
@@ -1,9 +1,16 @@
1Vmod-basicauth NEWS -- history of user-visible changes. 2017-08-10 1Vmod-basicauth NEWS -- history of user-visible changes. 2017-10-25
2Copyright (C) 2013-2017 Sergey Poznyakoff 2Copyright (C) 2013-2017 Sergey Poznyakoff
3See the end of file for copying conditions. 3See the end of file for copying conditions.
4 4
5Please send Vmod-basicauth bug reports to <gray@gnu.org> 5Please send Vmod-basicauth bug reports to <gray@gnu.org>
6 6
7Version 1.5.90 (Git)
8
9* Improved testsute
10
11* Doesn't require presence of the crypt_r function
12
13
7Version 1.5, 2017-08-10 14Version 1.5, 2017-08-10
8 15
9* Support for Varnish 5.1 16* Support for Varnish 5.1
diff --git a/configure.ac b/configure.ac
index 416884e..bf33983 100644
--- a/configure.ac
+++ b/configure.ac
@@ -14,7 +14,7 @@
14# You should have received a copy of the GNU General Public License 14# You should have received a copy of the GNU General Public License
15# along with vmod-basicauth. If not, see <http://www.gnu.org/licenses/>. 15# along with vmod-basicauth. If not, see <http://www.gnu.org/licenses/>.
16AC_PREREQ(2.69) 16AC_PREREQ(2.69)
17AC_INIT([vmod-basicauth], 1.5, [gray@gnu.org]) 17AC_INIT([vmod-basicauth], 1.5.90, [gray@gnu.org])
18AC_CONFIG_AUX_DIR([build-aux]) 18AC_CONFIG_AUX_DIR([build-aux])
19AC_CONFIG_MACRO_DIR([m4]) 19AC_CONFIG_MACRO_DIR([m4])
20AC_CONFIG_SRCDIR(src/vmod_basicauth.vcc) 20AC_CONFIG_SRCDIR(src/vmod_basicauth.vcc)
@@ -40,10 +40,15 @@ AC_PROG_MAKE_SET
40 40
41# Checks for header files. 41# Checks for header files.
42AC_HEADER_STDC 42AC_HEADER_STDC
43AC_CHECK_HEADERS([sys/stdlib.h]) 43AC_CHECK_HEADERS([sys/stdlib.h crypt.h])
44 44
45AM_VARNISHAPI([4.1],[5.1]) 45AM_VARNISHAPI([4.1],[5.1])
46 46
47saved_LIBS=$LIBS
48LIBS=-lcrypt
49AC_CHECK_FUNCS([crypt_r])
50LIBS=$saved_LIBS
51
47AC_CONFIG_TESTDIR(tests) 52AC_CONFIG_TESTDIR(tests)
48AC_CONFIG_FILES([tests/Makefile tests/atlocal]) 53AC_CONFIG_FILES([tests/Makefile tests/atlocal])
49AM_MISSING_PROG([AUTOM4TE], [autom4te]) 54AM_MISSING_PROG([AUTOM4TE], [autom4te])
diff --git a/src/vmod_basicauth.c b/src/vmod_basicauth.c
index bd58140..943fba9 100644
--- a/src/vmod_basicauth.c
+++ b/src/vmod_basicauth.c
@@ -23,7 +23,9 @@
23#include <syslog.h> 23#include <syslog.h>
24#include <unistd.h> 24#include <unistd.h>
25#include <stdbool.h> 25#include <stdbool.h>
26#include <crypt.h> 26#ifdef HAVE_CRYPT_H
27# include <crypt.h>
28#endif
27 29
28#include "vcl.h" 30#include "vcl.h"
29#include "vrt.h" 31#include "vrt.h"
@@ -80,6 +82,7 @@ base64_decode(const unsigned char *input, size_t input_len,
80 return out - output; 82 return out - output;
81} 83}
82 84
85#ifdef HAVE_CRYPT_R
83struct priv_data { 86struct priv_data {
84 struct crypt_data cdat; 87 struct crypt_data cdat;
85}; 88};
@@ -94,39 +97,51 @@ get_priv_data(struct vmod_priv *priv)
94 priv->free = free; 97 priv->free = free;
95 } 98 }
96 return priv->priv; 99 return priv->priv;
97} 100}
101#else
102static pthread_mutex_t pass_mutex = PTHREAD_MUTEX_INITIALIZER;
103#endif
98 104
99/* Matchers */ 105/* Matchers */
100 106
101static int 107static int
102crypt_match(const char *pass, const char *hash, struct priv_data *pd) 108crypt_match(const char *pass, const char *hash, struct vmod_priv *priv)
103{ 109{
104 return strcmp(crypt_r(pass, hash, &pd->cdat), hash); 110 int res;
111#ifdef HAVE_CRYPT_R
112 res = strcmp(crypt_r(pass, hash, &get_priv_data(priv)->cdat), hash);
113#else
114 pthread_mutex_lock(&pass_mutex);
115 res = strcmp(crypt(pass, hash), hash);
116 pthread_mutex_unlock(&pass_mutex);
117#endif
118 return res;
105} 119}
106 120
107static int 121static int
108plain_match(const char *pass, const char *hash, struct priv_data *pd) 122plain_match(const char *pass, const char *hash, struct vmod_priv *priv)
109{ 123{
110 return strcmp(pass, hash); 124 return strcmp(pass, hash);
111} 125}
112 126
113static int 127static int
114apr_match(const char *pass, const char *hash, struct priv_data *pd) 128apr_match(const char *pass, const char *hash, struct vmod_priv *priv)
115{ 129{
116 unsigned char buf[120]; 130 char buf[120];
117 return strcmp(apr_md5_encode(pass, hash, buf, sizeof(buf)), hash); 131 return strcmp(apr_md5_encode(pass, hash, buf, sizeof(buf)), hash);
118} 132}
119 133
120#define SHA1_DIGEST_SIZE 20 134#define SHA1_DIGEST_SIZE 20
121 135
122static int 136static int
123sha1_match(const char *pass, const char *hash, struct priv_data *pd) 137sha1_match(const char *pass, const char *hash, struct vmod_priv *priv)
124{ 138{
125 char hashbuf[SHA1_DIGEST_SIZE], resbuf[SHA1_DIGEST_SIZE]; 139 char hashbuf[SHA1_DIGEST_SIZE], resbuf[SHA1_DIGEST_SIZE];
126 int n; 140 int n;
127 141
128 hash += 5; /* Skip past {SHA} */ 142 hash += 5; /* Skip past {SHA} */
129 n = base64_decode(hash, strlen(hash), hashbuf, sizeof(hashbuf)); 143 n = base64_decode((const unsigned char *)hash, strlen(hash),
144 (unsigned char *)hashbuf, sizeof(hashbuf));
130 if (n < 0) { 145 if (n < 0) {
131 syslog(LOG_AUTHPRIV|LOG_ERR, "cannot decode %s", hash); 146 syslog(LOG_AUTHPRIV|LOG_ERR, "cannot decode %s", hash);
132 return 1; 147 return 1;
@@ -144,7 +159,7 @@ sha1_match(const char *pass, const char *hash, struct priv_data *pd)
144struct matcher { 159struct matcher {
145 char *cm_pfx; 160 char *cm_pfx;
146 size_t cm_len; 161 size_t cm_len;
147 int (*cm_match)(const char *, const char *, struct priv_data *); 162 int (*cm_match)(const char *, const char *, struct vmod_priv *priv);
148}; 163};
149 164
150static struct matcher match_tab[] = { 165static struct matcher match_tab[] = {
@@ -157,7 +172,7 @@ static struct matcher match_tab[] = {
157}; 172};
158 173
159static int 174static int
160match(const char *pass, const char *hash, struct priv_data *pd) 175match(const char *pass, const char *hash, struct vmod_priv *priv)
161{ 176{
162 struct matcher *p; 177 struct matcher *p;
163 size_t plen = strlen(hash); 178 size_t plen = strlen(hash);
@@ -165,7 +180,7 @@ match(const char *pass, const char *hash, struct priv_data *pd)
165 for (p = match_tab; p->cm_match; p++) { 180 for (p = match_tab; p->cm_match; p++) {
166 if (p->cm_len < plen && 181 if (p->cm_len < plen &&
167 memcmp(p->cm_pfx, hash, p->cm_len) == 0 && 182 memcmp(p->cm_pfx, hash, p->cm_len) == 0 &&
168 p->cm_match(pass, hash, pd) == 0) 183 p->cm_match(pass, hash, priv) == 0)
169 return 0; 184 return 0;
170 } 185 }
171 return 1; 186 return 1;
@@ -188,7 +203,8 @@ vmod_match(MOD_CTX sp, struct vmod_priv *priv, VCL_STRING file, VCL_STRING s)
188 if (!s || strncmp(s, BASICPREF, BASICLEN)) 203 if (!s || strncmp(s, BASICPREF, BASICLEN))
189 return false; 204 return false;
190 s += BASICLEN; 205 s += BASICLEN;
191 n = base64_decode(s, strlen(s), buf, sizeof(buf)); 206 n = base64_decode((const unsigned char *)s, strlen(s),
207 (unsigned char *)buf, sizeof(buf));
192 if (n < 0) { 208 if (n < 0) {
193 syslog(LOG_AUTHPRIV|LOG_ERR, "cannot decode %s", s); 209 syslog(LOG_AUTHPRIV|LOG_ERR, "cannot decode %s", s);
194 return false; 210 return false;
@@ -232,7 +248,7 @@ vmod_match(MOD_CTX sp, struct vmod_priv *priv, VCL_STRING file, VCL_STRING s)
232 *q++ = 0; 248 *q++ = 0;
233 if (strcmp(p, buf)) 249 if (strcmp(p, buf))
234 continue; 250 continue;
235 rc = match(pass, q, get_priv_data(priv)) == 0; 251 rc = match(pass, q, priv) == 0;
236// syslog(LOG_AUTHPRIV|LOG_DEBUG, "user=%s, rc=%d",p,rc); 252// syslog(LOG_AUTHPRIV|LOG_DEBUG, "user=%s, rc=%d",p,rc);
237 break; 253 break;
238 } 254 }
diff --git a/tests/aprmd5.at b/tests/aprmd5.at
index 9e8f6db..d6292ef 100644
--- a/tests/aprmd5.at
+++ b/tests/aprmd5.at
@@ -28,5 +28,17 @@ AT_VARNISHTEST([
28[ rxreq 28[ rxreq
29 txresp 29 txresp
30]) 30])
31AT_VARNISHTEST([