akosut 96/03/20 19:50:19
Modified: src Configuration.tmpl Makefile.tmpl http_core.c
http_core.h http_protocol.c http_protocol.h
Added: src mod_digest.c util_md5.c util_md5.h
Log:
Added some more MD5 support to Apache:
* A new module, mod_digest, which supports digest authentication, as per
draft-ietf-http-digest-aa-02. Could use some work in terms of being a bit
more secure in terms of nonce-generating and so forth, and it needs a
support/ utility to generate htdigest file entries. Use it the same way
as in NCSA httpd 1.5; AuthType Digest, and use AuthDigestFile to point
at the file.
* A new server or per-directory directive, ContentDigest. Set it to On,
and Apache will generate a Content-MD5 header with each file sent. This
may or may not be useful, and there has been some discussion on http-wg
about removing this from the spec (it is currently vaugely defined in
the 1.1 draft), but it doesn't hurt anything.
Reviewed by: Everyone. At least, no one objected during the two weeks given.
Revision Changes Path
1.8 +1 -0 apache/src/Configuration.tmpl
Index: Configuration.tmpl
===================================================================
RCS file: /export/home/cvs/apache/src/Configuration.tmpl,v
retrieving revision 1.7
retrieving revision 1.8
diff -C3 -r1.7 -r1.8
*** Configuration.tmpl 1996/03/17 18:33:51 1.7
--- Configuration.tmpl 1996/03/21 03:50:12 1.8
***************
*** 158,163 ****
--- 158,164 ----
Module cern_meta_module mod_cern_meta.o
Module env_module mod_env.o
Module anon_auth_module mod_auth_anon.o
+ Module digest_module mod_digest.o
# Optional authentication modules, which should only be
# uncommented out if you have the neccessary system support.
1.7 +4 -1 apache/src/Makefile.tmpl
Index: Makefile.tmpl
===================================================================
RCS file: /export/home/cvs/apache/src/Makefile.tmpl,v
retrieving revision 1.6
retrieving revision 1.7
diff -C3 -r1.6 -r1.7
*** Makefile.tmpl 1996/03/01 02:46:42 1.6
--- Makefile.tmpl 1996/03/21 03:50:13 1.7
***************
*** 5,11 ****
OBJS= alloc.o http_main.o http_core.o http_config.o http_request.o \
http_log.o http_protocol.o rfc1413.o util.o util_script.o modules.o
buff.o\
! md5c.o $(MODULES)
.c.o:
$(CC) -c $(CFLAGS) $(AUX_CFLAGS) $<
--- 5,11 ----
OBJS= alloc.o http_main.o http_core.o http_config.o http_request.o \
http_log.o http_protocol.o rfc1413.o util.o util_script.o modules.o
buff.o\
! md5c.o util_md5.o $(MODULES)
.c.o:
$(CC) -c $(CFLAGS) $(AUX_CFLAGS) $<
***************
*** 66,73 ****
--- 66,76 ----
mod_cgi.o mod_dir.o mod_imap.o mod_include.o mod_negotiation.o:
http_request.h
mod_proxy.o: md5.h
mod_asis.o mod_cgi.o mod_dir.o mod_imap.o mod_include.o: util_script.h
+ mod_digest.o: util_md5.h
#Utils
md5c.o: md5.h
util.o: http_conf_globals.h
util_script.o: http_core.h http_main.h http_protocol.h util_script.h
+ util_md5.o: md5.h
+
1.6 +17 -1 apache/src/http_core.c
Index: http_core.c
===================================================================
RCS file: /export/home/cvs/apache/src/http_core.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -C3 -r1.5 -r1.6
*** http_core.c 1996/03/17 18:23:09 1.5
--- http_core.c 1996/03/21 03:50:14 1.6
***************
*** 62,67 ****
--- 62,68 ----
#include "http_main.h" /* For the default_handler below... */
#include "http_log.h"
#include "rfc1413.h"
+ #include "util_md5.h"
/* Server core module... This module provides support for really basic
* server operations, including options and commands which control the
***************
*** 87,92 ****
--- 88,95 ----
conf->opts = dir ? OPT_UNSET : OPT_ALL;
conf->override = dir ? OR_UNSET : OR_ALL;
+ conf->content_md5 = 2;
+
conf->hostname_lookups = 2;/* binary, but will use 2 as an "unset = on"
*/
conf->do_rfc1413 = DEFAULT_RFC1413 | 2; /* set bit 1 to indicate
default */
return (void *)conf;
***************
*** 118,123 ****
--- 121,127 ----
if (new->hostname_lookups != 2)
conf->hostname_lookups = new->hostname_lookups;
if ((new->do_rfc1413 & 2) == 0) conf->do_rfc1413 = new->do_rfc1413;
+ if ((new->content_md5 & 2) == 0) conf->content_md5 = new->content_md5;
return (void*)conf;
}
***************
*** 623,628 ****
--- 627,637 ----
return NULL;
}
+ char *set_content_md5 (cmd_parms *cmd, core_dir_config *d, int arg) {
+ d->content_md5 = arg;
+ return NULL;
+ }
+
char *set_daemons_to_start (cmd_parms *cmd, void *dummy, char *arg) {
daemons_to_start = atoi (arg);
return NULL;
***************
*** 749,754 ****
--- 758,764 ----
{ "KeepAliveTimeout", set_keep_alive_timeout, NULL, RSRC_CONF, TAKE1,
"Keep-Alive timeout duration (sec)"},
{ "KeepAlive", set_keep_alive, NULL, RSRC_CONF, TAKE1, "Maximum Keep-Alive
requests per connection (0 to disable)" },
{ "IdentityCheck", set_idcheck, NULL, RSRC_CONF|ACCESS_CONF, FLAG, NULL },
+ { "ContentDigest", set_content_md5, NULL, RSRC_CONF|ACCESS_CONF|OR_AUTHCFG,
FLAG, "whether or not to send a Content-MD5 header with each request" },
{ "CacheNegotiatedDocs", },
{ "StartServers", set_daemons_to_start, NULL, RSRC_CONF, TAKE1, NULL },
{ "MinSpareServers", set_min_free_servers, NULL, RSRC_CONF, TAKE1, NULL },
***************
*** 794,799 ****
--- 804,811 ----
int default_handler (request_rec *r)
{
+ core_dir_config *d =
+ (core_dir_config *)get_module_config(r->per_dir_config, &core_module);
int errstatus;
FILE *f;
***************
*** 818,824 ****
log_reason("file permissions deny server access", r->filename, r);
return FORBIDDEN;
}
!
soft_timeout ("send", r);
send_http_header (r);
--- 830,840 ----
log_reason("file permissions deny server access", r->filename, r);
return FORBIDDEN;
}
!
! if (d->content_md5 & 1) {
! table_set (r->headers_out, "Content-MD5", md5digest(r->pool, f));
! }
!
soft_timeout ("send", r);
send_http_header (r);
1.5 +2 -0 apache/src/http_core.h
Index: http_core.h
===================================================================
RCS file: /export/home/cvs/apache/src/http_core.h,v
retrieving revision 1.4
retrieving revision 1.5
diff -C3 -r1.4 -r1.5
*** http_core.h 1996/03/01 02:46:44 1.4
--- http_core.h 1996/03/21 03:50:15 1.5
***************
*** 140,145 ****
--- 140,147 ----
char *auth_type;
char *auth_name;
array_header *requires;
+
+ int content_md5;
/* Custom response config. These can contain text or a URL to redirect
to.
*/
1.8 +20 -1 apache/src/http_protocol.c
Index: http_protocol.c
===================================================================
RCS file: /export/home/cvs/apache/src/http_protocol.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -C3 -r1.7 -r1.8
*** http_protocol.c 1996/03/01 19:37:18 1.7
--- http_protocol.c 1996/03/21 03:50:15 1.8
***************
*** 384,398 ****
{
}
! /* Support for the Basic authentication protocol.
*/
void note_basic_auth_failure(request_rec *r)
{
table_set (r->err_headers_out, "WWW-Authenticate",
pstrcat(r->pool, "Basic realm=\"", auth_name(r), "\"", NULL));
}
int get_basic_auth_pw (request_rec *r, char **pw)
{
--- 384,417 ----
{
}
! /* Support for the Basic authentication protocol, and a bit for Digest.
*/
+ void note_auth_failure(request_rec *r)
+ {
+ if (!strcasecmp(auth_type(r), "Basic"))
+ return note_basic_auth_failure(r);
+ else if(!strcasecmp(auth_type(r), "Digest"))
+ return note_digest_auth_failure(r);
+ }
+
void note_basic_auth_failure(request_rec *r)
{
+ if (strcasecmp(auth_type(r), "Basic"))
+ return note_auth_failure(r);
table_set (r->err_headers_out, "WWW-Authenticate",
pstrcat(r->pool, "Basic realm=\"", auth_name(r), "\"", NULL));
}
+ void note_digest_auth_failure(request_rec *r)
+ {
+ char nonce[10];
+
+ sprintf(nonce, "%lu", time(NULL));
+ table_set (r->err_headers_out, "WWW-Authenticate",
+ pstrcat(r->pool, "Digest realm=\"", auth_name(r),
+ "\", nonce=\"", nonce, "\"", NULL));
+ }
int get_basic_auth_pw (request_rec *r, char **pw)
{
1.5 +7 -1 apache/src/http_protocol.h
Index: http_protocol.h
===================================================================
RCS file: /export/home/cvs/apache/src/http_protocol.h,v
retrieving revision 1.4
retrieving revision 1.5
diff -C3 -r1.4 -r1.5
*** http_protocol.h 1996/03/01 02:34:33 1.4
--- http_protocol.h 1996/03/21 03:50:15 1.5
***************
*** 147,156 ****
*
* note_basic_auth_failure arranges for the right stuff to be scribbled on
* the HTTP return so that the client knows how to authenticate itself the
! * next time.
*/
void note_basic_auth_failure(request_rec *r);
int get_basic_auth_pw (request_rec *r, char **pw);
/*
--- 147,162 ----
*
* note_basic_auth_failure arranges for the right stuff to be scribbled on
* the HTTP return so that the client knows how to authenticate itself the
! * next time. As does note_digest_auth_failure for Digest auth.
! *
! * note_auth_failure does the same thing, but will call the correct one
! * based on the authentication type in use.
! *
*/
+ void note_auth_failure(request_rec *r);
void note_basic_auth_failure(request_rec *r);
+ void note_digest_auth_failure(request_rec *r);
int get_basic_auth_pw (request_rec *r, char **pw);
/*
