mod_auth_digest.c

Checkout Tools
  • last updated 4 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Fix a race condition.

Authentication with valid credentials could be refused in case of concurrent accesses from different users.

PR 63124 [Simon Kappel <simon.kappel axis.com>]

  1. … 1 more file in changeset.
Correct string scope to prevent duplicated values for subsequent tokens.

Follow up to r1772919: update APLOGNO().
  1. … 1 more file in changeset.
mod_auth_digest: fix segfaults during shared memory exhaustion

The apr_rmm_addr_get/apr_rmm_malloc() combination did not correctly

check for a malloc failure, leading to crashes when we ran out of the

limited space provided by AuthDigestShmemSize. This patch replaces all

these calls with a helper function that performs this check.

Additionally, fix a NULL-check bug during entry garbage collection.

  1. … 1 more file in changeset.
Fix some missed "strcasecmp <--> ap_cstr_casecmp" conversions.
Fix spelling in comments and text files.

No functional change.

PR 59990

  1. … 69 more files in changeset.
Rename ap_casecmpstr[n]() to ap_cstr_casecmp[n](), update with APR doxygen
  1. … 49 more files in changeset.
PR59039 Digest not working with ap_expr based AuthName

Stop caching the configured realm during config processing and always

call ap_auth_name(r) to determine (=evaluate potential expression)

the configured realm

  1. … 1 more file in changeset.
More ap_casecmpstr[n]() usages (follow up to r1715876).

  1. … 26 more files in changeset.
Remove code related to 'AuthDigestEnableQueryStringHack'

This has been undocumented for about 3 years now (see r1415960)

* mod_auth_digest: Use anonymous shm by default, fall back on name-based.

Fix missing spaces in messages
  1. … 3 more files in changeset.
mod_auth_digest: Be more specific when the realm mismatches because the

realm has not been specified.

  1. … 2 more files in changeset.
Restore support for the AUTH_HANDLED return code in AUTHN providers,

like in 2.2, which allows authn provider to return their own status

in r->status (custom error code, or return a redirect)

  1. … 3 more files in changeset.
Fix "unused variable" warning.

Move initialization of the secret to the pre_config hook. Use

ap_retained_data_*() because we don't have access to process->pool there.

This makes the code shorter and a lot more clear, but cannot directly be

backported to 2.2 which doesn't have ap_retained_data_*().

Actually use the secret when generating nonces.

This change may cause problems if used with round robin load balancers.

Before it is backported, we should add a directive to use a user specified

secret.

PR: 54637

  1. … 1 more file in changeset.
Remove partial non-working implementation of MD5-sess and qop=auth-int.

If anyone wants to finish the code, it can be retrieved from svn history.

Remove some obsolete references to the truerand library.

if shm initialization fails, reset client_list to avoid crashes

  1. … 1 more file in changeset.
ap_log_error already logs the error string, no need to log it twice

use apr_array for an array

Submitted by: Christophe JAILLET (with small tweaks by myself)

PR: 52881

more simplification with ap_bin2hex()

mod_auth_digest now respects DefaultRuntimeDir
  1. … 1 more file in changeset.
Add lots of unique tags to error log messages

  1. … 172 more files in changeset.
Remove more log message prefixes that are now redundant as the

the error log format includes the module name.

  1. … 9 more files in changeset.
Cleanup effort in prep for GA push:

Trim trailing whitespace... no func change

  1. … 118 more files in changeset.
s/seperate/separate/

  1. … 1 more file in changeset.
Fix various "variable 'x' set but not used" warnings.

  1. … 6 more files in changeset.
Improvements found by cppcheck:

remove some unused variables and dead assignments, reduce the scope of some

variables, add some parens to improve readability

  1. … 8 more files in changeset.
fix some grammar mistakes, mostly in comments

  1. … 12 more files in changeset.