| blob | 6dfbea615f2e3442b3159026a217e9462be88940 |
1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
17 /*
18 * mod_auth_digest: MD5 digest authentication
19 *
20 * Originally by Alexei Kosut <akosut@nueva.pvt.k12.ca.us>
21 * Updated to RFC-2617 by Ronald Tschalär <ronald@innovation.ch>
22 * based on mod_auth, by Rob McCool and Robert S. Thau
23 *
24 * This module an updated version of modules/standard/mod_digest.c
25 * It is still fairly new and problems may turn up - submit problem
26 * reports to the Apache bug-database, or send them directly to me
27 * at ronald@innovation.ch.
28 *
29 * Requires either /dev/random (or equivalent) or the truerand library,
30 * available for instance from
31 * ftp://research.att.com/dist/mab/librand.shar
32 *
33 * Open Issues:
34 * - qop=auth-int (when streams and trailer support available)
35 * - nonce-format configurability
36 * - Proxy-Authorization-Info header is set by this module, but is
37 * currently ignored by mod_proxy (needs patch to mod_proxy)
38 * - generating the secret takes a while (~ 8 seconds) if using the
39 * truerand library
40 * - The source of the secret should be run-time directive (with server
41 * scope: RSRC_CONF). However, that could be tricky when trying to
42 * choose truerand vs. file...
43 * - shared-mem not completely tested yet. Seems to work ok for me,
44 * but... (definitely won't work on Windoze)
45 * - Sharing a realm among multiple servers has following problems:
46 * o Server name and port can't be included in nonce-hash
47 * (we need two nonce formats, which must be configured explicitly)
48 * o Nonce-count check can't be for equal, or then nonce-count checking
49 * must be disabled. What we could do is the following:
50 * (expected < received) ? set expected = received : issue error
51 * The only problem is that it allows replay attacks when somebody
52 * captures a packet sent to one server and sends it to another
53 * one. Should we add "AuthDigestNcCheck Strict"?
54 * - expired nonces give amaya fits.
55 */
65 #define APR_WANT_STRFUNC
83 /* Disable shmem until pools/init gets sorted out
84 * remove following two lines when fixed
85 */
86 #undef APR_HAS_SHARED_MEMORY
87 #define APR_HAS_SHARED_MEMORY 0
89 /* struct to hold the configuration info */
96 apr_sha1_ctx_t nonce_ctx;
97 apr_time_t nonce_lifetime;
108 #define DFLT_NONCE_LIFE apr_time_from_sec(300)
109 #define NEXTNONCE_DELTA apr_time_from_sec(30)
112 #define NONCE_TIME_LEN (((sizeof(apr_time_t)+2)/3)*4)
113 #define NONCE_HASH_LEN (2*APR_SHA1_DIGESTSIZE)
114 #define NONCE_LEN (int )(NONCE_TIME_LEN + NONCE_HASH_LEN)
116 #define SECRET_LEN 20
119 /* client list definitions */
139 /* struct to hold a parsed Authorization header */
157 /* the following fields are not (directly) from the header */
158 apr_time_t nonce_time;
167 /* (mostly) nonce stuff */
170 apr_time_t time;
176 /* client-list, opaque, and one-time-nonce stuff */
188 #define DEF_NUM_BUCKETS 15L
189 #define HASH_DEPTH 5
195 module AP_MODULE_DECLARE_DATA auth_digest_module;
197 /*
198 * initialization code
199 */
202 {
210 }
215 }
220 }
223 }
226 {
227 apr_status_t status;
232 #if APR_HAS_RANDOM
234 #else
235 #error APR random number support is missing; you probably need to install the truerand library.
236 #endif
244 }
249 }
252 {
254 "Digest: %s - all nonce-count checking, one-time nonces, and "
258 }
260 #if APR_HAS_SHARED_MEMORY
263 {
265 apr_status_t sts;
267 /* set up client list */
273 }
280 }
284 }
289 /* FIXME: get the client_lock_name from a directive so we're portable
290 * to non-process-inheriting operating systems, like Win32. */
296 }
299 /* setup opaque */
305 }
309 /* FIXME: get the opaque_lock_name from a directive so we're portable
310 * to non-process-inheriting operating systems, like Win32. */
316 }
319 /* setup one-time-nonce counter */
325 }
327 /* no lock here */
330 /* success */
332 }
339 {
343 /* initialize_module() will be called twice, and if it's a DSO
344 * then all static data from the first call will be lost. Only
345 * set up our static data on the second call. */
351 }
354 }
356 #if APR_HAS_SHARED_MEMORY
357 /* Note: this stuff is currently fixed for the lifetime of the server,
358 * i.e. even across restarts. This means that A) any shmem-size
359 * configuration changes are ignored, and B) certain optimizations,
360 * such as only allocating the smallest necessary entry for each
361 * client, can't be done. However, the alternative is a nightmare:
362 * we can't call apr_shm_destroy on a graceful restart because there
363 * will be children using the tables, and we also don't know when the
364 * last child dies. Therefore we can never clean up the old stuff,
365 * creating a creeping memory leak.
366 */
371 }
374 {
375 apr_status_t sts;
379 }
381 /* FIXME: get the client_lock_name from a directive so we're portable
382 * to non-process-inheriting operating systems, like Win32. */
387 }
388 /* FIXME: get the opaque_lock_name from a directive so we're portable
389 * to non-process-inheriting operating systems, like Win32. */
394 }
395 }
397 /*
398 * configuration code
399 */
402 {
407 }
416 }
419 }
422 {
425 /* The core already handles the realm, but it's just too convenient to
426 * grab it ourselves too and cache some setups. However, we need to
427 * let the core get at it too, which is why we decline at the end -
428 * this relies on the fact that http_core is last in the list.
429 */
432 /* we precompute the part of the nonce hash that is constant (well,
433 * the host:port would be too, but that varies for .htaccess files
434 * and directives outside a virtual host section)
435 */
442 }
446 {
453 /* lookup and cache the actual provider now */
456 AUTHN_PROVIDER_VERSION);
459 /* by the time they use it, the provider should be loaded and
460 registered with us. */
464 }
467 /* if it doesn't provide the appropriate function, reject it */
469 "The '%s' Authn provider doesn't support "
471 }
473 /* Add it to the list now. */
476 }
482 }
484 }
487 }
490 {
499 }
502 }
506 "Digest: WARNING: qop `auth-int' currently only works "
508 }
511 }
514 ;
523 }
527 {
536 }
540 }
544 {
547 }
550 {
554 "is not supported on platforms without shared-memory "
559 }
562 {
567 "is not supported on platforms without shared-memory "
570 }
571 }
574 }
578 }
581 {
586 }
589 }
591 }
595 {
602 ;
603 }
606 }
609 }
613 }
619 }
626 }
629 num_buckets);
632 }
635 {
655 };
658 /*
659 * client list code
660 *
661 * Each client is assigned a number, which is transferred in the opaque
662 * field of the WWW-Authenticate and Authorization headers. The number
663 * is just a simple counter which is incremented for each new client.
664 * Clients can't forge this number because it is hashed up into the
665 * server nonce, and that is checked.
666 *
667 * The clients are kept in a simple hash table, which consists of an
668 * array of client_entry's, each with a linked list of entries hanging
669 * off it. The client's number modulo the size of the array gives the
670 * bucket number.
671 *
672 * The clients are garbage collected whenever a new client is allocated
673 * but there is not enough space left in the shared memory segment. A
674 * simple semi-LRU is used for this: whenever a client entry is accessed
675 * it is moved to the beginning of the linked list in its bucket (this
676 * also makes for faster lookups for current clients). The garbage
677 * collecter then just removes the oldest entry (i.e. the one at the
678 * end of the list) in each bucket.
679 *
680 * The main advantages of the above scheme are that it's easy to implement
681 * and it keeps the hash table evenly balanced (i.e. same number of entries
682 * in each bucket). The major disadvantage is that you may be throwing
683 * entries out which are in active use. This is not tragic, as these
684 * clients will just be sent a new client id (opaque field) and nonce
685 * with a stale=true (i.e. it will just look like the nonce expired,
686 * thereby forcing an extra round trip). If the shared memory segment
687 * has enough headroom over the current client set size then this should
688 * not occur too often.
689 *
690 * To help tune the size of the shared memory segment (and see if the
691 * above algorithm is really sufficient) a set of counters is kept
692 * indicating the number of clients held, the number of garbage collected
693 * clients, and the number of erroneously purged clients. These are printed
694 * out at each garbage collection run. Note that access to the counters is
695 * not synchronized because they are just indicaters, and whether they are
696 * off by a few doesn't matter; and for the same reason no attempt is made
697 * to guarantee the num_renewed is correct in the face of clients spoofing
698 * the opaque field.
699 */
701 /*
702 * Get the client given its client number (the key). Returns the entry,
703 * or NULL if it's not found.
704 *
705 * Access to the list itself is synchronized via locks. However, access
706 * to the entry returned by get_client() is NOT synchronized. This means
707 * that there are potentially problems if a client uses multiple,
708 * simultaneous connections to access url's within the same protection
709 * space. However, these problems are not new: when using multiple
710 * connections you have no guarantee of the order the requests are
711 * processed anyway, so you have problems with the nonce-count and
712 * one-time nonces anyway.
713 */
715 {
730 }
736 }
743 }
747 }
750 }
753 /* A simple garbage-collecter to remove unused clients. It removes the
754 * last entry in each bucket and updates the counters. Returns the
755 * number of removed entries.
756 */
758 {
762 /* garbage collect all last entries */
770 }
773 }
776 }
779 num_removed++;
780 }
781 }
783 /* update counters and log */
789 }
792 /*
793 * Add a new client to the list. Returns the entry if successful, NULL
794 * otherwise. This triggers the garbage collection if memory is low.
795 */
798 {
805 }
812 /* try to allocate a new entry */
818 "Digest: gc'd %ld client entries. Total new clients: "
819 "%ld; Total removed clients: %ld; Total renewed clients: "
826 }
827 }
829 /* now add the entry */
844 }
847 /*
848 * Authorization header parser code
849 */
851 /* Parse the Authorization header, if it exists */
853 {
855 apr_size_t l;
866 }
872 }
881 /* find key */
884 auth_line++;
885 }
890 }
893 auth_line++;
894 }
896 /* find value */
899 auth_line++;
901 auth_line++;
902 }
906 auth_line++;
910 }
912 }
914 auth_line++;
915 }
916 }
921 }
922 }
924 }
927 auth_line++;
928 }
930 auth_line++;
931 }
953 }
960 }
964 }
968 }
971 /* Because the browser may preemptively send auth info, incrementing the
972 * nonce-count when it does, and because the client does not get notified
973 * if the URI didn't need authentication after all, we need to be sure to
974 * update the nonce-count each time we receive an Authorization header no
975 * matter what the final outcome of the request. Furthermore this is a
976 * convenient place to get the request-uri (before any subrequests etc
977 * are initiated) and to initialize the request_config.
978 *
979 * Note that this must be called after mod_proxy had its go so that
980 * r->proxyreq is set correctly.
981 */
983 {
989 }
1002 }
1005 }
1008 /*
1009 * Nonce generation code
1010 */
1012 /* The hash part of the nonce is a SHA-1 hash of the time, realm, server host
1013 * and port, opaque, and our secret.
1014 */
1018 {
1021 apr_sha1_ctx_t ctx;
1025 /*
1026 apr_sha1_update_binary(&ctx, (const unsigned char *) server->server_hostname,
1027 strlen(server->server_hostname));
1028 apr_sha1_update_binary(&ctx, (const unsigned char *) &server->port,
1029 sizeof(server->port));
1030 */
1035 }
1041 }
1044 }
1047 /* The nonce has the format b64(time)+hash .
1048 */
1052 {
1055 time_rec t;
1059 }
1061 /* this counter is not synch'd, because it doesn't really matter
1062 * if it counts exactly.
1063 */
1065 }
1067 /* XXX: WHAT IS THIS CONSTANT? */
1069 }
1074 }
1077 /*
1078 * Opaque and hash-table management
1079 */
1081 /*
1082 * Generate a new client entry, add it to the list, and return the
1083 * entry. Returns NULL if failed.
1084 */
1086 {
1092 }
1100 "Digest: failed to allocate client entry - ignoring "
1103 }
1106 }
1109 /*
1110 * MD5-sess code.
1111 *
1112 * If you want to use algorithm=MD5-sess you must write get_userpw_hash()
1113 * yourself (see below). The dummy provided here just uses the hash from
1114 * the auth-file, i.e. it is only useful for testing client implementations
1115 * of MD5-sess .
1116 */
1118 /*
1119 * get_userpw_hash() will be called each time a new session needs to be
1120 * generated and is expected to return the equivalent of
1121 *
1122 * h_urp = ap_md5(r->pool,
1123 * apr_pstrcat(r->pool, username, ":", ap_auth_name(r), ":", passwd))
1124 * ap_md5(r->pool,
1125 * (unsigned char *) apr_pstrcat(r->pool, h_urp, ":", resp->nonce, ":",
1126 * resp->cnonce, NULL));
1127 *
1128 * or put differently, it must return
1129 *
1130 * MD5(MD5(username ":" realm ":" password) ":" nonce ":" cnonce)
1131 *
1132 * If something goes wrong, the failure must be logged and NULL returned.
1133 *
1134 * You must implement this yourself, which will probably consist of code
1135 * contacting the password server with the necessary information (typically
1136 * the username, realm, nonce, and cnonce) and receiving the hash from it.
1137 *
1138 * TBD: This function should probably be in a seperate source file so that
1139 * people need not modify mod_auth_digest.c each time they install a new
1140 * version of apache.
1141 */
1145 {
1149 }
1152 /* Retrieve current session H(A1). If there is none and "generate" is
1153 * true then a new session for MD5-sess is generated and stored in the
1154 * client struct; if generate is false, or a new session could not be
1155 * generated then NULL is returned (in case of failure to generate the
1156 * failure reason will have been logged already).
1157 */
1162 {
1165 /* return the current sessions if there is one */
1168 }
1171 }
1173 /* generate a new session */
1176 }
1181 }
1182 }
1185 }
1189 {
1192 }
1193 }
1195 /*
1196 * Authorization challenge generation code (for WWW-Authenticate)
1197 */
1200 {
1203 }
1206 }
1207 }
1212 {
1216 /* Setup qop */
1220 }
1223 }
1228 }
1230 }
1232 /* Setup opaque */
1235 /* new client */
1240 }
1243 }
1244 }
1246 /* client info was gc'd */
1252 }
1255 }
1256 }
1259 /* we're generating a new nonce, so reset the nonce-count */
1261 }
1265 }
1268 }
1270 /* Setup nonce */
1275 }
1277 /* Setup MD5-sess stuff. Note that we just clear out the session
1278 * info here, since we can't generate a new session until the request
1279 * from the client comes in with the cnonce.
1280 */
1284 }
1286 /* setup domain attribute. We want to send this attribute wherever
1287 * possible so that the client won't send the Authorization header
1288 * unneccessarily (it's usually > 200 bytes!).
1289 */
1292 /* don't send domain
1293 * - for proxy requests
1294 * - if it's no specified
1295 */
1298 }
1301 }
1313 }
1316 /*
1317 * Authorization header verification code
1318 */
1322 {
1323 authn_status auth_result;
1331 /* For now, if a provider isn't set, we'll be nice and use the file
1332 * provider.
1333 */
1336 AUTHN_DEFAULT_PROVIDER,
1337 AUTHN_PROVIDER_VERSION);
1344 }
1346 }
1350 }
1353 /* We expect the password to be md5 hash of user:realm:password */
1359 /* Something occured. Stop checking. */
1362 }
1364 /* If we're not really configured for providers, stop now. */
1367 }
1374 }
1377 }
1381 {
1388 }
1395 }
1399 }
1403 "Digest: Warning, possible replay attack: nonce-count "
1407 }
1410 }
1414 {
1415 apr_time_t dt;
1417 time_rec nonce_time;
1426 }
1441 }
1446 "Digest: invalid nonce %s received - user attempted "
1450 }
1455 "Digest: user %s: nonce expired (%.2f seconds old "
1461 }
1462 }
1466 "Digest: user %s: one-time-nonce mismatch - sending "
1470 }
1471 }
1472 /* else (lifetime < 0) => never expires */
1475 }
1477 /* The actual MD5 code... whee */
1479 /* RFC-2069 */
1482 {
1490 }
1492 /* RFC-2617 */
1496 {
1503 }
1504 }
1507 }
1512 /* TBD */
1513 }
1516 }
1524 NULL));
1525 }
1532 }
1535 }
1540 }
1543 }
1547 }
1550 }
1555 }
1558 }
1563 }
1566 }
1569 }
1571 /* These functions return 0 if client is OK, and proper error status
1572 * if not... either HTTP_UNAUTHORIZED, if we made a check, and it failed, or
1573 * HTTP_INTERNAL_SERVER_ERROR, if things are so totally confused that we
1574 * couldn't figure out how to tell if the client is authorized or not.
1575 *
1576 * If they return DECLINED, and all other modules also decline, that's
1577 * treated by the server core as a configuration error, logged and
1578 * reported as such.
1579 */
1581 /* Determine user ID, and check if the attributes are correct, if it
1582 * really is that user, if the nonce is correct, etc.
1583 */
1586 {
1592 authn_status return_code;
1594 /* do we require Digest auth for this URI? */
1598 }
1604 }
1607 /* get the client response and mark */
1612 }
1615 }
1621 /* get our conf */
1627 /* check for existence and syntax of Auth header */
1632 "Digest: client used wrong authentication scheme "
1634 }
1637 "Digest: missing user, realm, nonce, uri, digest, "
1640 }
1641 /* else (resp->auth_hdr_sts == NO_HEADER) */
1644 }
1649 /* check the auth attributes */
1652 /* Hmm, the simple match didn't work (probably a proxy modified the
1653 * request-uri), so lets do a more sophisticated match
1654 */
1663 }
1667 }
1670 }
1674 }
1676 /* MSIE compatibility hack. MSIE has some RFC issues - doesn't
1677 * include the query string in the uri Authorization component
1678 * or when computing the response component. the second part
1679 * works out ok, since we can hash the header and get the same
1680 * result. however, the uri from the request line won't match
1681 * the uri Authorization component since the header lacks the
1682 * query string, leaving us incompatable with a (broken) MSIE.
1683 *
1684 * the workaround is to fake a query string match if in the proper
1685 * environment - BrowserMatch MSIE, for example. the cool thing
1686 * is that if MSIE ever fixes itself the simple match ought to
1687 * work and this code won't be reached anyway, even if the
1688 * environment is set.
1689 */
1695 "applying AuthDigestEnableQueryStringHack "
1699 }
1700 }
1705 "Digest: uri mismatch - <%s> does not match "
1708 }
1709 }
1711 /* check hostname matches, if present */
1714 /* check port matches, if present */
1716 /* check that server-port is default port if no port present */
1719 /* check that path matches */
1721 /* either exact match */
1724 /* or '*' matches empty path in scheme://host */
1727 /* check that query matches */
1731 ) {
1733 "Digest: uri mismatch - <%s> does not match "
1736 }
1737 }
1745 }
1753 }
1763 }
1773 }
1775 /* we have a password, so continue */
1776 }
1778 /* authentication denied in the provider before attempting a match */
1784 }
1786 /* AUTH_GENERAL_ERROR (or worse)
1787 * We'll assume that the module has already said what its error
1788 * was in the logs.
1789 */
1791 }
1794 /* old (rfc-2069) style digest */
1801 }
1802 }
1810 }
1811 }
1821 }
1825 /* we failed to allocate a client struct */
1827 }
1834 }
1835 }
1840 }
1842 /* Note: this check is done last so that a "stale=true" can be
1843 generated if the nonce is old */
1846 }
1849 }
1851 /*
1852 * Authorization-Info header code
1853 */
1856 {
1867 }
1869 /* 2069-style entity-digest is not supported (it's too hard, and
1870 * there are no clients which support 2069 but not 2617). */
1872 /* setup nextnonce
1873 */
1875 /* send nextnonce if current nonce will expire in less than 30 secs */
1883 }
1884 }
1887 conf);
1890 }
1891 /* else nonce never expires, hence no nextnonce */
1894 /* do rfc-2069 digest
1895 */
1898 /* use only RFC-2069 format */
1900 }
1904 /* calculate rspauth attribute
1905 */
1910 "Digest: internal error: couldn't find session "
1913 }
1914 }
1917 }
1922 /* TBD */
1923 }
1926 }
1938 /* assemble Authentication-Info header
1939 */
1942 nextnonce,
1944 resp->cnonce
1952 NULL);
1953 }
1960 ai);
1961 }
1964 }
1967 {
1975 AP_AUTH_INTERNAL_PER_CONF);
1978 }
1980 module AP_MODULE_DECLARE_DATA auth_digest_module =
1981 {
1982 STANDARD20_MODULE_STUFF,
1988 register_hooks /* register hooks */
1989 };