1 Index: squid-2.7.STABLE9/src/auth/digest/auth_digest.c |
|
2 =================================================================== |
|
3 RCS file: /cvsroot/squid/squid/src/auth/digest/auth_digest.c,v |
|
4 retrieving revision 1.23.2.3 |
|
5 diff -u -p -r1.23.2.3 auth_digest.c |
|
6 --- squid-2.7.STABLE9/src/auth/digest/auth_digest.c 7 Mar 2010 16:00:07 -0000 1.23.2.3 |
|
7 +++ squid-2.7.STABLE9/src/auth/digest/auth_digest.c 22 Apr 2010 20:25:39 -0000 |
|
8 @@ -1315,7 +1315,8 @@ authenticateDigestDecodeAuth(auth_user_r |
|
9 /* do we have a username ? */ |
|
10 if (!username || username[0] == '\0') { |
|
11 debug(29, 4) ("authenticateDigestDecode: Empty or not present username\n"); |
|
12 - return authDigestLogUsername(auth_user_request, username); |
|
13 + authDigestLogUsername(auth_user_request, username); |
|
14 + return; |
|
15 } |
|
16 /* Sanity check of the username. |
|
17 * " can not be allowed in usernames until * the digest helper protocol |
|
18 @@ -1323,28 +1324,33 @@ authenticateDigestDecodeAuth(auth_user_r |
|
19 */ |
|
20 if (strchr(username, '"')) { |
|
21 debug(29, 2) ("authenticateDigestDecode: Unacceptable username '%s'\n", username); |
|
22 - return authDigestLogUsername(auth_user_request, username); |
|
23 + authDigestLogUsername(auth_user_request, username); |
|
24 + return; |
|
25 } |
|
26 /* do we have a realm ? */ |
|
27 if (!digest_request->realm || digest_request->realm[0] == '\0') { |
|
28 debug(29, 2) ("authenticateDigestDecode: Empty or not present realm"); |
|
29 - return authDigestLogUsername(auth_user_request, username); |
|
30 + authDigestLogUsername(auth_user_request, username); |
|
31 + return; |
|
32 } |
|
33 /* and a nonce? */ |
|
34 if (!digest_request->nonceb64 || digest_request->nonceb64[0] == '\0') { |
|
35 debug(29, 2) ("authenticateDigestDecode: Empty or not present nonce"); |
|
36 - return authDigestLogUsername(auth_user_request, username); |
|
37 + authDigestLogUsername(auth_user_request, username); |
|
38 + return; |
|
39 } |
|
40 /* we can't check the URI just yet. We'll check it in the |
|
41 * authenticate phase, but needs to be given */ |
|
42 if (!digest_request->uri || digest_request->uri[0] == '\0') { |
|
43 debug(29, 2) ("authenticateDigestDecode: Missing URI field"); |
|
44 - return authDigestLogUsername(auth_user_request, username); |
|
45 + authDigestLogUsername(auth_user_request, username); |
|
46 + return; |
|
47 } |
|
48 /* is the response the correct length? */ |
|
49 if (!digest_request->response || strlen(digest_request->response) != 32) { |
|
50 debug(29, 2) ("authenticateDigestDecode: Response length invalid\n"); |
|
51 - return authDigestLogUsername(auth_user_request, username); |
|
52 + authDigestLogUsername(auth_user_request, username); |
|
53 + return; |
|
54 } |
|
55 /* check the algorithm is present and supported */ |
|
56 if (!digest_request->algorithm) |
|
57 @@ -1352,7 +1358,8 @@ authenticateDigestDecodeAuth(auth_user_r |
|
58 else if (strcmp(digest_request->algorithm, "MD5") |
|
59 && strcmp(digest_request->algorithm, "MD5-sess")) { |
|
60 debug(29, 2) ("authenticateDigestDecode: invalid algorithm specified!\n"); |
|
61 - return authDigestLogUsername(auth_user_request, username); |
|
62 + authDigestLogUsername(auth_user_request, username); |
|
63 + return; |
|
64 } |
|
65 /* 2617 requirements, indicated by qop */ |
|
66 if (digest_request->qop) { |
|
67 @@ -1361,23 +1368,27 @@ authenticateDigestDecodeAuth(auth_user_r |
|
68 if (strcmp(digest_request->qop, QOP_AUTH) != 0) { |
|
69 /* we received a qop option we didn't send */ |
|
70 debug(29, 2) ("authenticateDigestDecode: Invalid qop option received\n"); |
|
71 - return authDigestLogUsername(auth_user_request, username); |
|
72 + authDigestLogUsername(auth_user_request, username); |
|
73 + return; |
|
74 } |
|
75 /* check cnonce */ |
|
76 if (!digest_request->cnonce || digest_request->cnonce[0] == '\0') { |
|
77 debug(29, 2) ("authenticateDigestDecode: Missing cnonce field\n"); |
|
78 - return authDigestLogUsername(auth_user_request, username); |
|
79 + authDigestLogUsername(auth_user_request, username); |
|
80 + return; |
|
81 } |
|
82 /* check nc */ |
|
83 if (strlen(digest_request->nc) != 8 || strspn(digest_request->nc, "0123456789abcdefABCDEF") != 8) { |
|
84 debug(29, 2) ("authenticateDigestDecode: invalid nonce count\n"); |
|
85 - return authDigestLogUsername(auth_user_request, username); |
|
86 + authDigestLogUsername(auth_user_request, username); |
|
87 + return; |
|
88 } |
|
89 } else { |
|
90 /* cnonce and nc both require qop */ |
|
91 if (digest_request->cnonce || digest_request->nc) { |
|
92 debug(29, 2) ("authenticateDigestDecode: missing qop!\n"); |
|
93 - return authDigestLogUsername(auth_user_request, username); |
|
94 + authDigestLogUsername(auth_user_request, username); |
|
95 + return; |
|
96 } |
|
97 } |
|
98 |
|
99 @@ -1389,7 +1400,8 @@ authenticateDigestDecodeAuth(auth_user_r |
|
100 /* we couldn't find a matching nonce! */ |
|
101 debug(29, 2) ("authenticateDigestDecode: Unexpected or invalid nonce received\n"); |
|
102 digest_request->flags.credentials_ok = 3; |
|
103 - return authDigestLogUsername(auth_user_request, username); |
|
104 + authDigestLogUsername(auth_user_request, username); |
|
105 + return; |
|
106 } |
|
107 digest_request->nonce = nonce; |
|
108 authDigestNonceLink(nonce); |
|
109 @@ -1397,7 +1409,8 @@ authenticateDigestDecodeAuth(auth_user_r |
|
110 /* check that we're not being hacked / the username hasn't changed */ |
|
111 if (nonce->auth_user && strcmp(username, authenticateUserUsername(nonce->auth_user))) { |
|
112 debug(29, 2) ("authenticateDigestDecode: Username for the nonce does not equal the username for the request\n"); |
|
113 - return authDigestLogUsername(auth_user_request, username); |
|
114 + authDigestLogUsername(auth_user_request, username); |
|
115 + return; |
|
116 } |
|
117 /* the method we'll check at the authenticate step as well */ |
|
118 |
|