static char *find_digest(request_rec *r, digest_header_rec * h, char *a1)
{
return ap_md5(r->pool,
(unsigned char *)ap_pstrcat(r->pool, a1, ":", h->nonce, ":",
ap_md5(r->pool,
(unsigned char *)ap_pstrcat(r->pool, r->method, ":",
h->requested_uri, NULL)),
NULL));
}
/*******************************************************************************
* Compute printable MD5 hash. Pool p is used for scratch as well as for
* allocating the hash - use temp storage, and dup it if you need to keep it.
*/
char *
fcgi_util_socket_hash_filename(pool *p, const char *path,
const char *user, const char *group)
{
char *buf = ap_pstrcat(p, path, user, group, NULL);
/* Canonicalize the path (remove "//", ".", "..") */
ap_getparents(buf);
return ap_md5(p, (unsigned char *)buf);
}
static authn_status authn_dbd_password(request_rec *r, const char *user,
const char *password)
{
apr_status_t rv;
const char *dbd_password = NULL;
apr_dbd_prepared_t *statement;
apr_dbd_results_t *res = NULL;
apr_dbd_row_t *row = NULL;
authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config,
&authn_dbd_module);
ap_dbd_t *dbd = authn_dbd_acquire_fn(r);
char *digest_colon = NULL;
if (dbd == NULL) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Failed to acquire database connection to look up "
"user '%s'", user);
return AUTH_GENERAL_ERROR;
}
if (conf->user == NULL) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"No AuthDBDUserPWQuery has been specified");
return AUTH_GENERAL_ERROR;
}
statement = apr_hash_get(dbd->prepared, conf->user, APR_HASH_KEY_STRING);
if (statement == NULL) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"A prepared statement could not be found for "
"AuthDBDUserPWQuery with the key '%s'", conf->user);
return AUTH_GENERAL_ERROR;
}
if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement,
0, user, NULL) != 0) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Query execution error looking up '%s' "
"in database", user);
return AUTH_GENERAL_ERROR;
}
for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1);
rv != -1;
rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) {
if (rv != 0) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"Error retrieving results while looking up '%s' "
"in database", user);
return AUTH_GENERAL_ERROR;
}
if (dbd_password == NULL) {
#if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3)
/* add the rest of the columns to the environment */
int i = 1;
const char *name;
for (name = apr_dbd_get_name(dbd->driver, res, i);
name != NULL;
name = apr_dbd_get_name(dbd->driver, res, i)) {
char *str = apr_pstrcat(r->pool, AUTHN_PREFIX,
name,
NULL);
int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
while (str[j]) {
if (!apr_isalnum(str[j])) {
str[j] = '_';
}
else {
str[j] = apr_toupper(str[j]);
}
j++;
}
apr_table_set(r->subprocess_env, str,
apr_dbd_get_entry(dbd->driver, row, i));
i++;
}
#endif
dbd_password = apr_dbd_get_entry(dbd->driver, row, 0);
}
/* we can't break out here or row won't get cleaned up */
}
if (!dbd_password) {
return AUTH_USER_NOT_FOUND;
}
if ((digest_colon = ap_strchr(dbd_password, ':'))) {
const char *realm = NULL, *exp_hash = NULL;
const char *act_hash = NULL;
realm = apr_pstrndup(r->pool, dbd_password, digest_colon - dbd_password);
exp_hash = digest_colon + 1;
act_hash = ap_md5(r->pool,
(unsigned char*) apr_pstrcat(r->pool, user, ":",
realm, ":", password, NULL));
if (strcmp(act_hash, exp_hash)) {
return AUTH_DENIED;
}
else {
return AUTH_GRANTED;
}
}
rv = apr_password_validate(password, dbd_password);
if (rv != APR_SUCCESS) {
return AUTH_DENIED;
}
return AUTH_GRANTED;
}
static int mediarss_index_directory(request_rec* r)
{
apr_status_t status;
apr_dir_t* dir;
apr_finfo_t dirent;
if ((status = apr_dir_open(&dir, r->filename, r->pool)) != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, "Can't open directory for index: %s", r->filename);
return HTTP_FORBIDDEN;
}
/* Content header */
char* url;
url = ap_construct_url(r->pool, r->uri, r);
ap_set_content_type(r, "text/xml; charset=utf-8");
ap_rputs("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n\n", r);
if (strcmp(r->args, "format=mediarss") == 0) {
ap_rputs("<rss version=\"2.0\" xmlns:media=\"http://search.yahoo.com/mrss/\">\n", r);
} else {
ap_rputs("<rss version=\"2.0\">\n", r);
}
ap_rputs(" <channel>\n", r);
ap_rvputs(r, " <title>Index of ", url, "</title>\n", NULL);
ap_rvputs(r, " <link>", url, "</link>\n", NULL);
/* Collect information about the files in the directory */
while (1)
{
status = apr_dir_read(&dirent, APR_FINFO_MIN | APR_FINFO_NAME, dir);
if (APR_STATUS_IS_INCOMPLETE(status)) {
continue; /* ignore un-stat()able files */
} else if (status != APR_SUCCESS) {
break;
}
/* We are only interested in regular files. TODO Deal with symlinks. */
if (dirent.filetype == APR_REG)
{
request_rec* rr;
rr = ap_sub_req_lookup_dirent(&dirent, r, AP_SUBREQ_NO_ARGS, NULL);
if (rr != NULL)
{
if (rr->finfo.filetype == APR_REG && rr->status == HTTP_OK)
{
/* In case of media rss, only include the item if it is a media type */
if (strcmp(r->args, "format=mediarss") == 0 && mediarss_is_media_content(rr->content_type) == 0) {
continue;
}
char size[16];
snprintf(size, sizeof(size), "%d", dirent.size);
char date[APR_RFC822_DATE_LEN];
apr_rfc822_date(date, dirent.mtime);
char* guid = ap_md5(r->pool, (unsigned char*) apr_pstrcat(r->pool, url, dirent.name, NULL));
ap_rputs(" <item>\n", r);
ap_rvputs(r, " <guid>", guid, "</guid>\n", NULL);
ap_rvputs(r, " <title>", dirent.name, "</title>\n", NULL);
ap_rvputs(r, " <pubDate>", date, "</pubDate>\n", NULL);
ap_rvputs(r, " <enclosure url=\"", url, dirent.name, "\" length=\"", size, "\"\n", NULL);
ap_rvputs(r, " type=\"", rr->content_type, "\"/>\n", NULL);
if (strcmp(r->args, "format=mediarss") == 0) {
ap_rvputs(r, " <media:content url=\"", url, dirent.name, "\" fileSize=\"", size, "\"\n", NULL);
ap_rvputs(r, " type=\"", rr->content_type, "\"/>\n", NULL);
}
ap_rputs(" </item>\n", r);
}
ap_destroy_sub_req(rr);
}
}
}
/* Content footer */
ap_rputs(" </channel>\n", r);
ap_rputs("</rss>\n", r);
apr_dir_close(dir);
return OK;
}