static const char *
build_digest_ha2(const char *uri,
const char *method,
const char *qop,
apr_pool_t *pool)
{
if (!qop || strcmp(qop, "auth") == 0) {
const char *tmp;
unsigned char ha2[APR_MD5_DIGESTSIZE];
apr_status_t status;
/* calculate ha2:
MD5 hash of the combined method and URI */
tmp = apr_psprintf(pool, "%s:%s",
method,
uri);
status = apr_md5(ha2, tmp, strlen(tmp));
return hex_encode(ha2, pool);
} else {
/* TODO: auth-int isn't supported! */
}
return NULL;
}
svn_error_t *
svn_checksum(svn_checksum_t **checksum,
svn_checksum_kind_t kind,
const void *data,
apr_size_t len,
apr_pool_t *pool)
{
apr_sha1_ctx_t sha1_ctx;
SVN_ERR(validate_kind(kind));
*checksum = svn_checksum_create(kind, pool);
switch (kind)
{
case svn_checksum_md5:
apr_md5((unsigned char *)(*checksum)->digest, data, len);
break;
case svn_checksum_sha1:
apr_sha1_init(&sha1_ctx);
apr_sha1_update(&sha1_ctx, data, len);
apr_sha1_final((unsigned char *)(*checksum)->digest, &sha1_ctx);
break;
default:
/* We really shouldn't get here, but if we do... */
return svn_error_create(SVN_ERR_BAD_CHECKSUM_KIND, NULL, NULL);
}
return SVN_NO_ERROR;
}
static void compute_digest(unsigned char *digest, const char *challenge,
const char *password)
{
unsigned char secret[64];
apr_size_t len = strlen(password), i;
apr_md5_ctx_t ctx;
/* Munge the password into a 64-byte secret. */
memset(secret, 0, sizeof(secret));
if (len <= sizeof(secret))
memcpy(secret, password, len);
else
apr_md5(secret, password, len);
/* Compute MD5(secret XOR opad, MD5(secret XOR ipad, challenge)),
* where ipad is a string of 0x36 and opad is a string of 0x5c. */
for (i = 0; i < sizeof(secret); i++)
secret[i] ^= 0x36;
apr_md5_init(&ctx);
apr_md5_update(&ctx, secret, sizeof(secret));
apr_md5_update(&ctx, challenge, strlen(challenge));
apr_md5_final(digest, &ctx);
for (i = 0; i < sizeof(secret); i++)
secret[i] ^= (0x36 ^ 0x5c);
apr_md5_init(&ctx);
apr_md5_update(&ctx, secret, sizeof(secret));
apr_md5_update(&ctx, digest, APR_MD5_DIGESTSIZE);
apr_md5_final(digest, &ctx);
}
static apr_status_t
build_digest_ha1(const char **out_ha1,
const char *username,
const char *password,
const char *realm_name,
apr_pool_t *pool)
{
const char *tmp;
unsigned char ha1[APR_MD5_DIGESTSIZE];
apr_status_t status;
/* calculate ha1:
MD5 hash of the combined user name, authentication realm and password */
tmp = apr_psprintf(pool, "%s:%s:%s",
username,
realm_name,
password);
status = apr_md5(ha1, tmp, strlen(tmp));
if (status)
return status;
*out_ha1 = hex_encode(ha1, pool);
return APR_SUCCESS;
}
/* Escape ACTIVITY_ID to be safely usable as a filename. Simply
returns the MD5 checksum of the id.
*/
static const char *
escape_activity(const char *activity_id, apr_pool_t *pool)
{
unsigned char digest[APR_MD5_DIGESTSIZE];
apr_md5(digest, activity_id, strlen(activity_id));
return svn_md5_digest_to_cstring_display(digest, pool);
}
static apr_status_t restore_slotmem(void *ptr, const char *name, apr_size_t size,
apr_pool_t *pool)
{
const char *storename;
apr_file_t *fp;
apr_size_t nbytes = size;
apr_status_t rv = APR_SUCCESS;
unsigned char digest[APR_MD5_DIGESTSIZE];
unsigned char digest2[APR_MD5_DIGESTSIZE];
storename = slotmem_filename(pool, name, 1);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf, APLOGNO(02335)
"restoring %s", storename);
if (storename) {
rv = apr_file_open(&fp, storename, APR_READ | APR_WRITE, APR_OS_DEFAULT,
pool);
if (rv == APR_SUCCESS) {
rv = apr_file_read(fp, ptr, &nbytes);
if ((rv == APR_SUCCESS || rv == APR_EOF) && nbytes == size) {
rv = APR_SUCCESS; /* for successful return @ EOF */
/*
* if at EOF, don't bother checking md5
* - backwards compatibility
* */
if (apr_file_eof(fp) != APR_EOF) {
apr_size_t ds = APR_MD5_DIGESTSIZE;
rv = apr_file_read(fp, digest, &ds);
if ((rv == APR_SUCCESS || rv == APR_EOF) &&
ds == APR_MD5_DIGESTSIZE) {
rv = APR_SUCCESS;
apr_md5(digest2, ptr, nbytes);
if (memcmp(digest, digest2, APR_MD5_DIGESTSIZE)) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf,
APLOGNO(02551) "bad md5 match");
rv = APR_EGENERAL;
}
}
}
else {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf,
APLOGNO(02552) "at EOF... bypassing md5 match check (old persist file?)");
}
}
else if (nbytes != size) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf,
APLOGNO(02553) "Expected %" APR_SIZE_T_FMT ": Read %" APR_SIZE_T_FMT,
size, nbytes);
rv = APR_EGENERAL;
}
apr_file_close(fp);
}
}
return rv;
}
/* This handles Digest Authentication. Returns a hash of the
User, Realm and (Required) Password. Caller (Digest module)
determines if the entered password was actually valid
*/
static authn_status ga_get_realm_hash(request_rec *r, const char *user,
const char *realm, char **rethash)
{
/* Per Apache mod_auth.h:
* Given a user and realm, expected to return AUTH_USER_FOUND if we
* can find a md5 hash of 'user:realm:password'
*/
authn_google_config_rec *conf = ap_get_module_config(r->per_dir_config,
&authn_google_module);
char *sharedKey;
char *ga_filename;
char *static_pw;
if (conf->debugLevel)
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"**** DIGEST AUTH at T=%lu user \"%s\"",apr_time_now()/1000000,user);
unsigned char *hash = apr_palloc(r->pool,APR_MD5_DIGESTSIZE);
ga_filename = apr_psprintf(r->pool,"%s/%s",conf->pwfile,user);
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"GetRealmHash called for sharedkey \"%s\"\n",ga_filename);
sharedKey = getSharedKey(r,ga_filename,&static_pw);
if (!sharedKey)
return AUTH_USER_NOT_FOUND;
int secretLen;
uint8_t *secret = get_shared_secret(r,sharedKey,&secretLen);
unsigned int truncatedHash = computeTimeCode(get_timestamp(),secret,secretLen);
char *pwstr;
if (static_pw) {
pwstr = apr_psprintf(r->pool,"%s%6.6u",static_pw,truncatedHash);
}
else
{
pwstr = apr_psprintf(r->pool,"%6.6u",truncatedHash);
}
char *hashstr = apr_psprintf(r->pool,"%s:%s:%s",user,realm,pwstr);
if (conf->debugLevel)
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Password \"%s\" at modulus %lu",pwstr,(apr_time_now() / 1000000) % 30);
apr_md5(hash ,hashstr,strlen(hashstr));
*rethash = hex_encode(r->pool,hash,APR_MD5_DIGESTSIZE);
addCookie(r,secret,secretLen);
return AUTH_USER_FOUND;
}
SWITCH_DECLARE(switch_status_t) switch_md5_string(char digest_str[SWITCH_MD5_DIGEST_STRING_SIZE], const void *input, switch_size_t inputLen)
{
unsigned char digest[SWITCH_MD5_DIGESTSIZE];
apr_status_t status = apr_md5(digest, input, inputLen);
int x;
digest_str[SWITCH_MD5_DIGEST_STRING_SIZE - 1] = '\0';
for (x = 0; x < SWITCH_MD5_DIGESTSIZE; x++) {
switch_snprintf(digest_str + (x * 2), 3, "%02x", digest[x]);
}
return status;
}
static char *
s_get_visitor_id(request_rec *r, const char *guid, const char *account, const char *user_agent, const char *cookie_str)
{
unsigned char *md5_value;
apr_status_t retval;
char *visitor_id;
DBG(r, "REQ[%X] start %s()", TO_ADDR(r),__func__);
if (cookie_str && *cookie_str != 0) {
DBG(r, "REQ[%X] end %s()", TO_ADDR(r),__func__);
return (char *)cookie_str;
}
if (! account) {
ERR(r, "Please set ChxjGoogleAnalyticsAccount");
}
char *message = "";
if (guid && *guid != 0) {
message = apr_psprintf(r->pool, "%s%s", guid, account);
}
else {
message = apr_psprintf(r->pool, "%s%s", user_agent, s_uniqid(r));
}
md5_value = (unsigned char*)apr_palloc(r->pool, APR_MD5_DIGESTSIZE + 1);
memset(md5_value, 0, APR_MD5_DIGESTSIZE + 1);
retval = apr_md5(md5_value,
(const char*)message,
strlen(message));
if (retval != APR_SUCCESS) {
ERR(r, "md5 failed.");
DBG(r, "REQ[%X] end %s()", TO_ADDR(r),__func__);
return NULL;
}
DBG(r, "REQ[%X] md5:[%s]", TO_ADDR(r), md5_value);
visitor_id = apr_pstrdup(r->pool, "0x");
int ii;
for (ii=0; ii<APR_MD5_DIGESTSIZE; ii++) {
visitor_id = apr_pstrcat(r->pool, visitor_id, apr_psprintf(r->pool, "%02X", md5_value[ii]), NULL);
}
DBG(r, "REQ[%X] end %s()", TO_ADDR(r),__func__);
return visitor_id;
}
static char *auth_pg_md5(char *pw)
{
apr_md5_ctx_t ctx;
unsigned char digest[APR_MD5_DIGESTSIZE];
static unsigned char md5hash[APR_MD5_DIGESTSIZE * 2 + 1];
int i;
apr_md5(digest, (const unsigned char *) pw, strlen(pw));
for (i = 0; i < APR_MD5_DIGESTSIZE; i++)
apr_snprintf((char *) &md5hash[i + i], 3, "%02x", digest[i]);
md5hash[APR_MD5_DIGESTSIZE * 2] = '\0';
return (char *) md5hash;
}
static apr_status_t proc_mutex_posix_create(apr_proc_mutex_t *new_mutex,
const char *fname)
{
#define APR_POSIXSEM_NAME_MAX 30
#define APR_POSIXSEM_NAME_MIN 13
sem_t *psem;
char semname[APR_MD5_DIGESTSIZE * 2 + 2];
new_mutex->interproc = apr_palloc(new_mutex->pool,
sizeof(*new_mutex->interproc));
/*
* This bogusness is to follow what appears to be the
* lowest common denominator in Posix semaphore naming:
* - start with '/'
* - be at most 14 chars
* - be unique and not match anything on the filesystem
*
* Because of this, we use fname to generate an md5 hex checksum
* and use that as the name of the semaphore. If no filename was
* given, we create one based on the time. We tuck the name
* away, since it might be useful for debugging.
*
* To make this as robust as possible, we initially try something
* larger (and hopefully more unique) and gracefully fail down to the
* LCD above.
*
* NOTE: Darwin (Mac OS X) seems to be the most restrictive
* implementation. Versions previous to Darwin 6.2 had the 14
* char limit, but later rev's allow up to 31 characters.
*
*/
if (fname) {
unsigned char digest[APR_MD5_DIGESTSIZE]; /* note dependency on semname here */
const char *hex = "0123456789abcdef";
char *p = semname;
int i;
apr_md5(digest, fname, strlen(fname));
*p++ = '/'; /* must start with /, right? */
for (i = 0; i < sizeof(digest); i++) {
*p++ = hex[digest[i] >> 4];
*p++ = hex[digest[i] & 0xF];
}
semname[APR_POSIXSEM_NAME_MAX] = '\0';
} else {
int
rasqal_digest_buffer(rasqal_digest_type type, const unsigned char *output,
const unsigned char *input, size_t len)
{
unsigned int output_len = 0;
if(type != RASQAL_DIGEST_SHA1 && type != RASQAL_DIGEST_MD5)
return -1;
#ifdef HAVE_APR_SHA1_H
if(type == RASQAL_DIGEST_SHA1)
output_len = APR_SHA1_DIGESTSIZE;
#endif
#ifdef HAVE_APR_MD5_H
if(type == RASQAL_DIGEST_MD5)
output_len = APR_MD5_DIGESTSIZE;
if(!input)
return output_len;
#endif
#ifdef HAVE_APR_SHA1_H
if(type == RASQAL_DIGEST_SHA1) {
struct apr_sha1_ctx_t c;
apr_sha1_init(&c);
apr_sha1_update_binary(&c, input, len);
apr_sha1_final((unsigned char*)output, &c);
}
#endif
#ifdef HAVE_APR_MD5_H
if(type == RASQAL_DIGEST_MD5) {
if(apr_md5((unsigned char*)output, input, len))
output_len = -1;
}
#endif
return output_len;
}
static char *md5digest(request_rec *r, const char *str)
{
unsigned char digest[APR_MD5_DIGESTSIZE];
char *hash = apr_palloc(r->pool, APR_MD5_DIGESTSIZE * 2 + 1);
int i, o;
char hex;
if (apr_md5(digest, str, strlen(str)) != APR_SUCCESS) {
return NULL;
}
for (i = 0, o = 0; i < APR_MD5_DIGESTSIZE; ++i, o += 2) {
hex = (digest[i] & 0xf0) >> 4;
hash[o] = hex > 9 ? hex - 10 + 'a' : hex + '0';
hex = (digest[i] & 0xf);
hash[o + 1] = hex > 9 ? hex - 10 + 'a' : hex + '0';
}
hash[APR_MD5_DIGESTSIZE * 2] = '\0';
return hash;
}
static void store_slotmem(ap_slotmem_instance_t *slotmem)
{
apr_file_t *fp;
apr_status_t rv;
apr_size_t nbytes;
const char *storename;
unsigned char digest[APR_MD5_DIGESTSIZE];
storename = slotmem_filename(slotmem->gpool, slotmem->name, 1);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf, APLOGNO(02334)
"storing %s", storename);
if (storename) {
rv = apr_file_open(&fp, storename, APR_CREATE | APR_READ | APR_WRITE,
APR_OS_DEFAULT, slotmem->gpool);
if (APR_STATUS_IS_EEXIST(rv)) {
apr_file_remove(storename, slotmem->gpool);
rv = apr_file_open(&fp, storename, APR_CREATE | APR_READ | APR_WRITE,
APR_OS_DEFAULT, slotmem->gpool);
}
if (rv != APR_SUCCESS) {
return;
}
if (AP_SLOTMEM_IS_CLEARINUSE(slotmem)) {
slotmem_clearinuse(slotmem);
}
nbytes = (slotmem->desc.size * slotmem->desc.num) +
(slotmem->desc.num * sizeof(char)) + AP_UNSIGNEDINT_OFFSET;
apr_md5(digest, slotmem->persist, nbytes);
rv = apr_file_write_full(fp, slotmem->persist, nbytes, NULL);
if (rv == APR_SUCCESS) {
rv = apr_file_write_full(fp, digest, APR_MD5_DIGESTSIZE, NULL);
}
apr_file_close(fp);
if (rv != APR_SUCCESS) {
apr_file_remove(storename, slotmem->gpool);
}
}
}
static char* get_encoded_string(request_rec *r, const char* str)
{
char* buf;
int len;
if (!str) {
return NULL;
}
#ifdef MEMC_KEY_ENCODING_BASE64
len = apr_base64_encode_len( strlen(str) );
buf = (char *) apr_palloc( r->pool, len + 1 );
if(!buf){
ILLOG_ERROR(r, MODTAG "memory alloc failed!");
return NULL;
}
apr_base64_encode(buf,str,strlen(str));
return buf;
#else
len = APR_MD5_DIGESTSIZE;
buf = (unsigned char*) apr_palloc( r->pool, len + 1);
apr_md5(buf, str, strlen(str));
return conv2hex(r,(const unsigned char *)buf,APR_MD5_DIGESTSIZE);
#endif
}
static char *
alloc_cookie_id(request_rec *r)
{
char *cookie_id;
char *uuid_string;
unsigned char *md5_value;
apr_uuid_t uuid;
apr_status_t retval;
apr_uuid_get(&uuid);
uuid_string = apr_palloc(r->pool, APR_UUID_FORMATTED_LENGTH + 1);
memset(uuid_string, 0, APR_UUID_FORMATTED_LENGTH + 1);
apr_uuid_format(uuid_string, &uuid);;
md5_value = (unsigned char*)apr_palloc(r->pool, APR_MD5_DIGESTSIZE + 1);
memset(md5_value, 0, APR_MD5_DIGESTSIZE + 1);
retval = apr_md5(md5_value,
(const char*)uuid_string,
APR_UUID_FORMATTED_LENGTH);
if (retval != APR_SUCCESS) {
ERR(r, "md5 failed.");
return NULL;
}
cookie_id = apr_palloc(r->pool, apr_base64_encode_len(APR_MD5_DIGESTSIZE)+1);
memset(cookie_id, 0, APR_MD5_DIGESTSIZE+1);
apr_base64_encode(cookie_id, (char*)md5_value, APR_MD5_DIGESTSIZE);
DBG(r, "cookie_id=[%s]", cookie_id);
cookie_id = chxj_url_encode(r->pool,cookie_id);
DBG(r, "cookie_id=[%s]", cookie_id);
return cookie_id;
}
apr_status_t
serf__validate_response_digest_auth(peer_t peer,
int code,
serf_connection_t *conn,
serf_request_t *request,
serf_bucket_t *response,
apr_pool_t *pool)
{
const char *key;
char *auth_attr;
char *nextkv;
const char *rspauth = NULL;
const char *qop = NULL;
const char *nc_str = NULL;
serf_bucket_t *hdrs;
digest_authn_info_t *digest_info = (peer == HOST) ? conn->authn_baton :
conn->proxy_authn_baton;
hdrs = serf_bucket_response_get_headers(response);
/* Need a copy cuz we're going to write NUL characters into the string. */
if (peer == HOST)
auth_attr = apr_pstrdup(pool,
serf_bucket_headers_get(hdrs, "Authentication-Info"));
else
auth_attr = apr_pstrdup(pool,
serf_bucket_headers_get(hdrs, "Proxy-Authentication-Info"));
/* If there's no Authentication-Info header there's nothing to validate. */
if (! auth_attr)
return APR_SUCCESS;
/* We're expecting a list of key=value pairs, separated by a comma.
Ex. rspauth="8a4b8451084b082be6b105e2b7975087",
cnonce="346531653132652d303033392d3435", nc=00000007,
qop=auth */
for ( ; (key = apr_strtok(auth_attr, ",", &nextkv)) != NULL; auth_attr = NULL) {
char *val;
val = strchr(key, '=');
if (val == NULL)
continue;
*val++ = '\0';
/* skip leading spaces */
while (*key && *key == ' ')
key++;
/* If the value is quoted, then remove the quotes. */
if (*val == '"') {
apr_size_t last = strlen(val) - 1;
if (val[last] == '"') {
val[last] = '\0';
val++;
}
}
if (strcmp(key, "rspauth") == 0)
rspauth = val;
else if (strcmp(key, "qop") == 0)
qop = val;
else if (strcmp(key, "nc") == 0)
nc_str = val;
}
if (rspauth) {
const char *ha2, *tmp, *resp_hdr_hex;
unsigned char resp_hdr[APR_MD5_DIGESTSIZE];
const char *req_uri = request->auth_baton;
ha2 = build_digest_ha2(req_uri, "", qop, pool);
tmp = apr_psprintf(pool, "%s:%s:%s:%s:%s:%s",
digest_info->ha1, digest_info->nonce, nc_str,
digest_info->cnonce, digest_info->qop, ha2);
apr_md5(resp_hdr, tmp, strlen(tmp));
resp_hdr_hex = hex_encode(resp_hdr, pool);
/* Incorrect response-digest in Authentication-Info header. */
if (strcmp(rspauth, resp_hdr_hex) != 0) {
return SERF_ERROR_AUTHN_FAILED;
}
}
return APR_SUCCESS;
}
int frl_md5::hash(const void* s, const apr_size_t size)
{
apr_md5(digest, s, size);
return 1;
}
static const char *
build_auth_header(digest_authn_info_t *digest_info,
const char *path,
const char *method,
apr_pool_t *pool)
{
char *hdr;
const char *ha2;
const char *response;
unsigned char response_hdr[APR_MD5_DIGESTSIZE];
const char *response_hdr_hex;
apr_status_t status;
ha2 = build_digest_ha2(path, method, digest_info->qop, pool);
hdr = apr_psprintf(pool,
"Digest realm=\"%s\","
" username=\"%s\","
" nonce=\"%s\","
" uri=\"%s\"",
digest_info->realm, digest_info->username,
digest_info->nonce,
path);
if (digest_info->qop) {
if (! digest_info->cnonce)
digest_info->cnonce = random_cnonce(digest_info->pool);
hdr = apr_psprintf(pool, "%s, nc=%08x, cnonce=\"%s\", qop=\"%s\"",
hdr,
digest_info->digest_nc,
digest_info->cnonce,
digest_info->qop);
/* Build the response header:
MD5 hash of the combined HA1 result, server nonce (nonce),
request counter (nc), client nonce (cnonce),
quality of protection code (qop) and HA2 result. */
response = apr_psprintf(pool, "%s:%s:%08x:%s:%s:%s",
digest_info->ha1, digest_info->nonce,
digest_info->digest_nc,
digest_info->cnonce, digest_info->qop, ha2);
} else {
/* Build the response header:
MD5 hash of the combined HA1 result, server nonce (nonce)
and HA2 result. */
response = apr_psprintf(pool, "%s:%s:%s",
digest_info->ha1, digest_info->nonce, ha2);
}
status = apr_md5(response_hdr, response, strlen(response));
response_hdr_hex = hex_encode(response_hdr, pool);
hdr = apr_psprintf(pool, "%s, response=\"%s\"", hdr, response_hdr_hex);
if (digest_info->opaque) {
hdr = apr_psprintf(pool, "%s, opaque=\"%s\"", hdr,
digest_info->opaque);
}
if (digest_info->algorithm) {
hdr = apr_psprintf(pool, "%s, algorithm=\"%s\"", hdr,
digest_info->algorithm);
}
return hdr;
}
SWITCH_DECLARE(switch_status_t) switch_md5(unsigned char digest[SWITCH_MD5_DIGESTSIZE], const void *input, switch_size_t inputLen)
{
return apr_md5(digest, input, inputLen);
}
