diff options
Diffstat (limited to 'src/vmod_basicauth.c')
-rw-r--r-- | src/vmod_basicauth.c | 44 |
1 files changed, 30 insertions, 14 deletions
diff --git a/src/vmod_basicauth.c b/src/vmod_basicauth.c index bd58140..943fba9 100644 --- a/src/vmod_basicauth.c +++ b/src/vmod_basicauth.c @@ -23,7 +23,9 @@ #include <syslog.h> #include <unistd.h> #include <stdbool.h> -#include <crypt.h> +#ifdef HAVE_CRYPT_H +# include <crypt.h> +#endif #include "vcl.h" #include "vrt.h" @@ -80,6 +82,7 @@ base64_decode(const unsigned char *input, size_t input_len, return out - output; } +#ifdef HAVE_CRYPT_R struct priv_data { struct crypt_data cdat; }; @@ -94,39 +97,51 @@ get_priv_data(struct vmod_priv *priv) priv->free = free; } return priv->priv; -} +} +#else +static pthread_mutex_t pass_mutex = PTHREAD_MUTEX_INITIALIZER; +#endif /* Matchers */ static int -crypt_match(const char *pass, const char *hash, struct priv_data *pd) +crypt_match(const char *pass, const char *hash, struct vmod_priv *priv) { - return strcmp(crypt_r(pass, hash, &pd->cdat), hash); + int res; +#ifdef HAVE_CRYPT_R + res = strcmp(crypt_r(pass, hash, &get_priv_data(priv)->cdat), hash); +#else + pthread_mutex_lock(&pass_mutex); + res = strcmp(crypt(pass, hash), hash); + pthread_mutex_unlock(&pass_mutex); +#endif + return res; } static int -plain_match(const char *pass, const char *hash, struct priv_data *pd) +plain_match(const char *pass, const char *hash, struct vmod_priv *priv) { return strcmp(pass, hash); } static int -apr_match(const char *pass, const char *hash, struct priv_data *pd) +apr_match(const char *pass, const char *hash, struct vmod_priv *priv) { - unsigned char buf[120]; + char buf[120]; return strcmp(apr_md5_encode(pass, hash, buf, sizeof(buf)), hash); } #define SHA1_DIGEST_SIZE 20 static int -sha1_match(const char *pass, const char *hash, struct priv_data *pd) +sha1_match(const char *pass, const char *hash, struct vmod_priv *priv) { char hashbuf[SHA1_DIGEST_SIZE], resbuf[SHA1_DIGEST_SIZE]; int n; hash += 5; /* Skip past {SHA} */ - n = base64_decode(hash, strlen(hash), hashbuf, sizeof(hashbuf)); + n = base64_decode((const unsigned char *)hash, strlen(hash), + (unsigned char *)hashbuf, sizeof(hashbuf)); if (n < 0) { syslog(LOG_AUTHPRIV|LOG_ERR, "cannot decode %s", hash); return 1; @@ -144,7 +159,7 @@ sha1_match(const char *pass, const char *hash, struct priv_data *pd) struct matcher { char *cm_pfx; size_t cm_len; - int (*cm_match)(const char *, const char *, struct priv_data *); + int (*cm_match)(const char *, const char *, struct vmod_priv *priv); }; static struct matcher match_tab[] = { @@ -157,7 +172,7 @@ static struct matcher match_tab[] = { }; static int -match(const char *pass, const char *hash, struct priv_data *pd) +match(const char *pass, const char *hash, struct vmod_priv *priv) { struct matcher *p; size_t plen = strlen(hash); @@ -165,7 +180,7 @@ match(const char *pass, const char *hash, struct priv_data *pd) for (p = match_tab; p->cm_match; p++) { if (p->cm_len < plen && memcmp(p->cm_pfx, hash, p->cm_len) == 0 && - p->cm_match(pass, hash, pd) == 0) + p->cm_match(pass, hash, priv) == 0) return 0; } return 1; @@ -188,7 +203,8 @@ vmod_match(MOD_CTX sp, struct vmod_priv *priv, VCL_STRING file, VCL_STRING s) if (!s || strncmp(s, BASICPREF, BASICLEN)) return false; s += BASICLEN; - n = base64_decode(s, strlen(s), buf, sizeof(buf)); + n = base64_decode((const unsigned char *)s, strlen(s), + (unsigned char *)buf, sizeof(buf)); if (n < 0) { syslog(LOG_AUTHPRIV|LOG_ERR, "cannot decode %s", s); return false; @@ -232,7 +248,7 @@ vmod_match(MOD_CTX sp, struct vmod_priv *priv, VCL_STRING file, VCL_STRING s) *q++ = 0; if (strcmp(p, buf)) continue; - rc = match(pass, q, get_priv_data(priv)) == 0; + rc = match(pass, q, priv) == 0; // syslog(LOG_AUTHPRIV|LOG_DEBUG, "user=%s, rc=%d",p,rc); break; } |