diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2017-10-25 12:42:31 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2017-10-25 12:42:31 +0300 |
commit | b1c79452b9f4cfe5ad432a7757f16d64e7050830 (patch) | |
tree | a7b9183bdeea93abae8190c71efb64ce5f67accc | |
parent | 09f076dfdab4d7b7a71bbac96848260db8f55511 (diff) | |
download | vmod-basicauth-b1c79452b9f4cfe5ad432a7757f16d64e7050830.tar.gz vmod-basicauth-b1c79452b9f4cfe5ad432a7757f16d64e7050830.tar.bz2 |
Test for the presence of crypt.h and crypt_r call. Improve the testsuite.
-rw-r--r-- | NEWS | 9 | ||||
-rw-r--r-- | configure.ac | 9 | ||||
-rw-r--r-- | src/vmod_basicauth.c | 44 | ||||
-rw-r--r-- | tests/aprmd5.at | 12 | ||||
-rw-r--r-- | tests/crypt.at | 12 | ||||
-rw-r--r-- | tests/plain.at | 13 | ||||
-rw-r--r-- | tests/sha1.at | 12 |
7 files changed, 94 insertions, 17 deletions
@@ -1,9 +1,16 @@ | |||
1 | Vmod-basicauth NEWS -- history of user-visible changes. 2017-08-10 | 1 | Vmod-basicauth NEWS -- history of user-visible changes. 2017-10-25 |
2 | Copyright (C) 2013-2017 Sergey Poznyakoff | 2 | Copyright (C) 2013-2017 Sergey Poznyakoff |
3 | See the end of file for copying conditions. | 3 | See the end of file for copying conditions. |
4 | 4 | ||
5 | Please send Vmod-basicauth bug reports to <gray@gnu.org> | 5 | Please send Vmod-basicauth bug reports to <gray@gnu.org> |
6 | 6 | ||
7 | Version 1.5.90 (Git) | ||
8 | |||
9 | * Improved testsute | ||
10 | |||
11 | * Doesn't require presence of the crypt_r function | ||
12 | |||
13 | |||
7 | Version 1.5, 2017-08-10 | 14 | Version 1.5, 2017-08-10 |
8 | 15 | ||
9 | * Support for Varnish 5.1 | 16 | * Support for Varnish 5.1 |
diff --git a/configure.ac b/configure.ac index 416884e..bf33983 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -14,7 +14,7 @@ | |||
14 | # You should have received a copy of the GNU General Public License | 14 | # You should have received a copy of the GNU General Public License |
15 | # along with vmod-basicauth. If not, see <http://www.gnu.org/licenses/>. | 15 | # along with vmod-basicauth. If not, see <http://www.gnu.org/licenses/>. |
16 | AC_PREREQ(2.69) | 16 | AC_PREREQ(2.69) |
17 | AC_INIT([vmod-basicauth], 1.5, [gray@gnu.org]) | 17 | AC_INIT([vmod-basicauth], 1.5.90, [gray@gnu.org]) |
18 | AC_CONFIG_AUX_DIR([build-aux]) | 18 | AC_CONFIG_AUX_DIR([build-aux]) |
19 | AC_CONFIG_MACRO_DIR([m4]) | 19 | AC_CONFIG_MACRO_DIR([m4]) |
20 | AC_CONFIG_SRCDIR(src/vmod_basicauth.vcc) | 20 | AC_CONFIG_SRCDIR(src/vmod_basicauth.vcc) |
@@ -40,10 +40,15 @@ AC_PROG_MAKE_SET | |||
40 | 40 | ||
41 | # Checks for header files. | 41 | # Checks for header files. |
42 | AC_HEADER_STDC | 42 | AC_HEADER_STDC |
43 | AC_CHECK_HEADERS([sys/stdlib.h]) | 43 | AC_CHECK_HEADERS([sys/stdlib.h crypt.h]) |
44 | 44 | ||
45 | AM_VARNISHAPI([4.1],[5.1]) | 45 | AM_VARNISHAPI([4.1],[5.1]) |
46 | 46 | ||
47 | saved_LIBS=$LIBS | ||
48 | LIBS=-lcrypt | ||
49 | AC_CHECK_FUNCS([crypt_r]) | ||
50 | LIBS=$saved_LIBS | ||
51 | |||
47 | AC_CONFIG_TESTDIR(tests) | 52 | AC_CONFIG_TESTDIR(tests) |
48 | AC_CONFIG_FILES([tests/Makefile tests/atlocal]) | 53 | AC_CONFIG_FILES([tests/Makefile tests/atlocal]) |
49 | AM_MISSING_PROG([AUTOM4TE], [autom4te]) | 54 | AM_MISSING_PROG([AUTOM4TE], [autom4te]) |
diff --git a/src/vmod_basicauth.c b/src/vmod_basicauth.c index bd58140..943fba9 100644 --- a/src/vmod_basicauth.c +++ b/src/vmod_basicauth.c | |||
@@ -23,7 +23,9 @@ | |||
23 | #include <syslog.h> | 23 | #include <syslog.h> |
24 | #include <unistd.h> | 24 | #include <unistd.h> |
25 | #include <stdbool.h> | 25 | #include <stdbool.h> |
26 | #include <crypt.h> | 26 | #ifdef HAVE_CRYPT_H |
27 | # include <crypt.h> | ||
28 | #endif | ||
27 | 29 | ||
28 | #include "vcl.h" | 30 | #include "vcl.h" |
29 | #include "vrt.h" | 31 | #include "vrt.h" |
@@ -80,6 +82,7 @@ base64_decode(const unsigned char *input, size_t input_len, | |||
80 | return out - output; | 82 | return out - output; |
81 | } | 83 | } |
82 | 84 | ||
85 | #ifdef HAVE_CRYPT_R | ||
83 | struct priv_data { | 86 | struct priv_data { |
84 | struct crypt_data cdat; | 87 | struct crypt_data cdat; |
85 | }; | 88 | }; |
@@ -94,39 +97,51 @@ get_priv_data(struct vmod_priv *priv) | |||
94 | priv->free = free; | 97 | priv->free = free; |
95 | } | 98 | } |
96 | return priv->priv; | 99 | return priv->priv; |
97 | } | 100 | } |
101 | #else | ||
102 | static pthread_mutex_t pass_mutex = PTHREAD_MUTEX_INITIALIZER; | ||
103 | #endif | ||
98 | 104 | ||
99 | /* Matchers */ | 105 | /* Matchers */ |
100 | 106 | ||
101 | static int | 107 | static int |
102 | crypt_match(const char *pass, const char *hash, struct priv_data *pd) | 108 | crypt_match(const char *pass, const char *hash, struct vmod_priv *priv) |
103 | { | 109 | { |
104 | return strcmp(crypt_r(pass, hash, &pd->cdat), hash); | 110 | int res; |
111 | #ifdef HAVE_CRYPT_R | ||
112 | res = strcmp(crypt_r(pass, hash, &get_priv_data(priv)->cdat), hash); | ||
113 | #else | ||
114 | pthread_mutex_lock(&pass_mutex); | ||
115 | res = strcmp(crypt(pass, hash), hash); | ||
116 | pthread_mutex_unlock(&pass_mutex); | ||
117 | #endif | ||
118 | return res; | ||
105 | } | 119 | } |
106 | 120 | ||
107 | static int | 121 | static int |
108 | plain_match(const char *pass, const char *hash, struct priv_data *pd) | 122 | plain_match(const char *pass, const char *hash, struct vmod_priv *priv) |
109 | { | 123 | { |
110 | return strcmp(pass, hash); | 124 | return strcmp(pass, hash); |
111 | } | 125 | } |
112 | 126 | ||
113 | static int | 127 | static int |
114 | apr_match(const char *pass, const char *hash, struct priv_data *pd) | 128 | apr_match(const char *pass, const char *hash, struct vmod_priv *priv) |
115 | { | 129 | { |
116 | unsigned char buf[120]; | 130 | char buf[120]; |
117 | return strcmp(apr_md5_encode(pass, hash, buf, sizeof(buf)), hash); | 131 | return strcmp(apr_md5_encode(pass, hash, buf, sizeof(buf)), hash); |
118 | } | 132 | } |
119 | 133 | ||
120 | #define SHA1_DIGEST_SIZE 20 | 134 | #define SHA1_DIGEST_SIZE 20 |
121 | 135 | ||
122 | static int | 136 | static int |
123 | sha1_match(const char *pass, const char *hash, struct priv_data *pd) | 137 | sha1_match(const char *pass, const char *hash, struct vmod_priv *priv) |
124 | { | 138 | { |
125 | char hashbuf[SHA1_DIGEST_SIZE], resbuf[SHA1_DIGEST_SIZE]; | 139 | char hashbuf[SHA1_DIGEST_SIZE], resbuf[SHA1_DIGEST_SIZE]; |
126 | int n; | 140 | int n; |
127 | 141 | ||
128 | hash += 5; /* Skip past {SHA} */ | 142 | hash += 5; /* Skip past {SHA} */ |
129 | n = base64_decode(hash, strlen(hash), hashbuf, sizeof(hashbuf)); | 143 | n = base64_decode((const unsigned char *)hash, strlen(hash), |
144 | (unsigned char *)hashbuf, sizeof(hashbuf)); | ||
130 | if (n < 0) { | 145 | if (n < 0) { |
131 | syslog(LOG_AUTHPRIV|LOG_ERR, "cannot decode %s", hash); | 146 | syslog(LOG_AUTHPRIV|LOG_ERR, "cannot decode %s", hash); |
132 | return 1; | 147 | return 1; |
@@ -144,7 +159,7 @@ sha1_match(const char *pass, const char *hash, struct priv_data *pd) | |||
144 | struct matcher { | 159 | struct matcher { |
145 | char *cm_pfx; | 160 | char *cm_pfx; |
146 | size_t cm_len; | 161 | size_t cm_len; |
147 | int (*cm_match)(const char *, const char *, struct priv_data *); | 162 | int (*cm_match)(const char *, const char *, struct vmod_priv *priv); |
148 | }; | 163 | }; |
149 | 164 | ||
150 | static struct matcher match_tab[] = { | 165 | static struct matcher match_tab[] = { |
@@ -157,7 +172,7 @@ static struct matcher match_tab[] = { | |||
157 | }; | 172 | }; |
158 | 173 | ||
159 | static int | 174 | static int |
160 | match(const char *pass, const char *hash, struct priv_data *pd) | 175 | match(const char *pass, const char *hash, struct vmod_priv *priv) |
161 | { | 176 | { |
162 | struct matcher *p; | 177 | struct matcher *p; |
163 | size_t plen = strlen(hash); | 178 | size_t plen = strlen(hash); |
@@ -165,7 +180,7 @@ match(const char *pass, const char *hash, struct priv_data *pd) | |||
165 | for (p = match_tab; p->cm_match; p++) { | 180 | for (p = match_tab; p->cm_match; p++) { |
166 | if (p->cm_len < plen && | 181 | if (p->cm_len < plen && |
167 | memcmp(p->cm_pfx, hash, p->cm_len) == 0 && | 182 | memcmp(p->cm_pfx, hash, p->cm_len) == 0 && |
168 | p->cm_match(pass, hash, pd) == 0) | 183 | p->cm_match(pass, hash, priv) == 0) |
169 | return 0; | 184 | return 0; |
170 | } | 185 | } |
171 | return 1; | 186 | return 1; |
@@ -188,7 +203,8 @@ vmod_match(MOD_CTX sp, struct vmod_priv *priv, VCL_STRING file, VCL_STRING s) | |||
188 | if (!s || strncmp(s, BASICPREF, BASICLEN)) | 203 | if (!s || strncmp(s, BASICPREF, BASICLEN)) |
189 | return false; | 204 | return false; |
190 | s += BASICLEN; | 205 | s += BASICLEN; |
191 | n = base64_decode(s, strlen(s), buf, sizeof(buf)); | 206 | n = base64_decode((const unsigned char *)s, strlen(s), |
207 | (unsigned char *)buf, sizeof(buf)); | ||
192 | if (n < 0) { | 208 | if (n < 0) { |
193 | syslog(LOG_AUTHPRIV|LOG_ERR, "cannot decode %s", s); | 209 | syslog(LOG_AUTHPRIV|LOG_ERR, "cannot decode %s", s); |
194 | return false; | 210 | return false; |
@@ -232,7 +248,7 @@ vmod_match(MOD_CTX sp, struct vmod_priv *priv, VCL_STRING file, VCL_STRING s) | |||
232 | *q++ = 0; | 248 | *q++ = 0; |
233 | if (strcmp(p, buf)) | 249 | if (strcmp(p, buf)) |
234 | continue; | 250 | continue; |
235 | rc = match(pass, q, get_priv_data(priv)) == 0; | 251 | rc = match(pass, q, priv) == 0; |
236 | // syslog(LOG_AUTHPRIV|LOG_DEBUG, "user=%s, rc=%d",p,rc); | 252 | // syslog(LOG_AUTHPRIV|LOG_DEBUG, "user=%s, rc=%d",p,rc); |
237 | break; | 253 | break; |
238 | } | 254 | } |
diff --git a/tests/aprmd5.at b/tests/aprmd5.at index 9e8f6db..d6292ef 100644 --- a/tests/aprmd5.at +++ b/tests/aprmd5.at | |||
@@ -28,5 +28,17 @@ AT_VARNISHTEST([ | |||
28 | [ rxreq | 28 | [ rxreq |
29 | txresp | 29 | txresp |
30 | ]) | 30 | ]) |
31 | AT_VARNISHTEST([ | ||