mirror/ULib
1
0
Fork 0
mirror of https://github.com/stefanocasazza/ULib.git synced 2025-09-28 19:05:55 +08:00
Code Issues Releases Wiki Activity

extending authentication

Browse Source
This commit is contained in:
stefanocasazza 2019-05-31 14:45:50 +02:00
parent 1517b842c4
commit 3d26b9a67d
11 changed files with 245 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
examples/userver/userver.cfg.default
View File

@ -196,6 +196,8 @@ userver {
# URI_PROTECTED_MASK mask (DOS regexp) of URI protected from prying eyes (that needs authentication)
# URI_PROTECTED_ALLOWED_IP list of comma separated client address for IP-based access control (IPADDR[/MASK]) for URI_PROTECTED_MASK
#
# URI_OVERLOAD_AUTHENTICATION enable use of usp services as alternative to .ht[digest|passwd] for URI_PROTECTED_MASK
#
# ENABLE_CACHING_BY_PROXY_SERVERS enable caching by proxy servers (add Cache control: public directive on header response)
#
# MIN_SIZE_REQUEST_BODY_FOR_PARALLELIZATION enable parallelization for request with body size major of (default 100k)
@ -266,6 +268,8 @@ http {
# URI_PROTECTED_SSE yes
# URI_PROTECTED_MASK /RA/admin/cgi-bin/*
# URI_PROTECTED_ALLOWED_IP 127.0.0.1,10.30.0.0/16
# URI_OVERLOAD_AUTHENTICATION yes
# ENABLE_CACHING_BY_PROXY_SERVERS yes

3
include/ulib/dynamic/dynamic.h
View File

@ -46,7 +46,8 @@ enum DynamicPageType {
U_DPAGE_FORK = 6,
U_DPAGE_OPEN = 7,
U_DPAGE_CLOSE = 8,
U_DPAGE_ERROR = 9
U_DPAGE_ERROR = 9,
U_DPAGE_AUTH = 10
};
/**

15
include/ulib/utility/uhttp.h
View File

@ -1369,22 +1369,23 @@ private:
// URI PROTECTION (for example directory listing)
static UString* fpasswd;
static UString* htpasswd;
static UString* htdigest;
static bool digest_authentication; // authentication method (digest|basic)
static UString* user_authentication;
static time_t htdigest_mtime, htpasswd_mtime;
static bool uri_overload_authentication, buri_overload_authentication, digest_authentication; // authentication method (digest|basic)
static UString getUserAuthentication() { return *user_authentication; }
// -----------------------------------------------------------------------------------------------
// for Jonathan Kelly
// -----------------------------------------------------------------------------------------------
static UFileCacheData* getPasswdDB(const char* name, uint32_t len, UString& fpasswd); // ex. U_CONSTANT_TO_PARAM("tutor"), x
static bool savePasswdDB(const char* name, uint32_t len, const UString& fpasswd, UFileCacheData* ptr_file_data); // Save Changes to Disk and Cache
static UFileCacheData* getPasswdDB(const char* name, uint32_t len);
static bool savePasswdDB(const char* name, uint32_t len, UFileCacheData* ptr_file_data); // Save Changes to Disk and Cache
static void setPasswdUser(UString& fpasswd, const UString& username, const UString& password); // Add/Update passwd User
static bool revokePasswdUser(UString& fpasswd, const UString& username); // Remove passwd User
static void setPasswdUser(const UString& username, const UString& password); // Add/Update passwd User
static bool revokePasswdUser(const UString& username); // Remove passwd User
// -----------------------------------------------------------------------------------------------
#ifdef USE_LIBSSL
@ -1572,8 +1573,8 @@ private:
static inline void setXForwardedFor(const char* ptr, uint32_t len) U_NO_EXPORT;
static inline void setXHttpForwardedFor(const char* ptr, uint32_t len) U_NO_EXPORT;
static uint32_t getPosPasswd(UString& fpasswd, const UString& line) __pure U_NO_EXPORT;
static uint32_t checkPasswd(UFileCacheData* ptr_file_data, UString& fpasswd, const UString& line) U_NO_EXPORT;
static uint32_t getPosPasswd(const UString& line) __pure U_NO_EXPORT;
static uint32_t checkPasswd(UFileCacheData* ptr_file_data, const UString& line) U_NO_EXPORT;
U_DISALLOW_COPY_AND_ASSIGN(UHTTP)

11
src/ulib/net/server/plugin/mod_http.cpp
View File

@ -92,6 +92,8 @@ int UHttpPlugIn::handlerConfig(UFileConfig& cfg)
// URI_PROTECTED_MASK mask (DOS regexp) of URI protected from prying eyes
// URI_PROTECTED_ALLOWED_IP list of comma separated client address for IP-based access control (IPADDR[/MASK]) for URI_PROTECTED_MASK
//
// URI_OVERLOAD_AUTHENTICATION enable use of usp services as alternative to .ht[digest|passwd] for URI_PROTECTED_MASK
//
// URI_REQUEST_CERT_MASK mask (DOS regexp) of URI where client must comunicate a certificate in the SSL connection
// BANDWIDTH_THROTTLING_MASK lets you set maximum byte rates on URLs or URL groups (*.jpg|*.gif 50)
// URI_REQUEST_STRICT_TRANSPORT_SECURITY_MASK mask (DOS regexp) of URI where use HTTP Strict Transport Security to force client to use only SSL
@ -381,6 +383,15 @@ int UHttpPlugIn::handlerConfig(UFileConfig& cfg)
}
}
x = cfg.at(U_CONSTANT_TO_PARAM("URI_OVERLOAD_AUTHENTICATION"));
if (x)
{
U_INTERNAL_ASSERT_EQUALS(UHTTP::uri_overload_authentication, false)
UHTTP::uri_overload_authentication = x.strtob();
}
x = cfg.at(U_CONSTANT_TO_PARAM("URI_REQUEST_CERT_MASK"));
if (x)

48
src/ulib/net/server/plugin/usp/usp_translator.cpp
View File

@ -797,7 +797,8 @@ loop: distance = t.getDistance();
* U_DPAGE_FORK = 6,
* U_DPAGE_OPEN = 7,
* U_DPAGE_CLOSE = 8,
* U_DPAGE_ERROR = 9 };
* U_DPAGE_ERROR = 9,
* U_DPAGE_AUTH = 10 };
*/
bool bcfg, // usp_config
@ -808,17 +809,19 @@ loop: distance = t.getDistance();
bfork, // usp_fork
bopen, // usp_open
bclose, // usp_close
berror; // usp_error
berror, // usp_error
bauth; // usp_auth
char ptr1[100] = { '\0' };
char ptr2[100] = { '\0' };
char ptr3[100] = { '\0' };
char ptr4[100] = { '\0' };
char ptr5[100] = { '\0' };
char ptr6[100] = { '\0' };
char ptr7[100] = { '\0' };
char ptr8[100] = { '\0' };
char ptr9[100] = { '\0' };
char ptr1[100] = { '\0' };
char ptr2[100] = { '\0' };
char ptr3[100] = { '\0' };
char ptr4[100] = { '\0' };
char ptr5[100] = { '\0' };
char ptr6[100] = { '\0' };
char ptr7[100] = { '\0' };
char ptr8[100] = { '\0' };
char ptr9[100] = { '\0' };
char ptr10[100] = { '\0' };
# ifndef U_CACHE_REQUEST_DISABLE
if (usp.c_char(4) == '#' &&
@ -840,6 +843,7 @@ loop: distance = t.getDistance();
bopen = (U_STRING_FIND(declaration, 0, "static void usp_open_") != U_NOT_FOUND);
bclose = (U_STRING_FIND(declaration, 0, "static void usp_close_") != U_NOT_FOUND);
berror = (U_STRING_FIND(declaration, 0, "static void usp_error_") != U_NOT_FOUND);
bauth = (U_STRING_FIND(declaration, 0, "static void usp_auth_") != U_NOT_FOUND);
if (breset) (void) u__snprintf(ptr2, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_RESET) { usp_reset_%.*s(); return; }\n"), basename_sz, basename_ptr);
@ -852,12 +856,13 @@ loop: distance = t.getDistance();
(void) u__snprintf(ptr3, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_DESTROY) { usp_end_%.*s(); return; }\n"), basename_sz, basename_ptr);
}
if (bsighup) (void) u__snprintf(ptr4, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_SIGHUP) { usp_sighup_%.*s(); return; }\n"), basename_sz, basename_ptr);
if (bfork) (void) u__snprintf(ptr5, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_FORK) { usp_fork_%.*s(); return; }\n"), basename_sz, basename_ptr);
if (bopen) (void) u__snprintf(ptr6, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_OPEN) { usp_open_%.*s(); return; }\n"), basename_sz, basename_ptr);
if (bclose) (void) u__snprintf(ptr7, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_CLOSE) { usp_close_%.*s(); return; }\n"), basename_sz, basename_ptr);
if (berror) (void) u__snprintf(ptr8, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_ERROR) { usp_error_%.*s(); return; }\n"), basename_sz, basename_ptr);
if (bcfg) (void) u__snprintf(ptr9, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_CONFIG) { usp_config_%.*s(); return; }\n"), basename_sz, basename_ptr);
if (bsighup) (void) u__snprintf(ptr4, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_SIGHUP) { usp_sighup_%.*s(); return; }\n"), basename_sz, basename_ptr);
if (bfork) (void) u__snprintf(ptr5, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_FORK) { usp_fork_%.*s(); return; }\n"), basename_sz, basename_ptr);
if (bopen) (void) u__snprintf(ptr6, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_OPEN) { usp_open_%.*s(); return; }\n"), basename_sz, basename_ptr);
if (bclose) (void) u__snprintf(ptr7, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_CLOSE) { usp_close_%.*s(); return; }\n"), basename_sz, basename_ptr);
if (berror) (void) u__snprintf(ptr8, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_ERROR) { usp_error_%.*s(); return; }\n"), basename_sz, basename_ptr);
if (bcfg) (void) u__snprintf(ptr9, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_CONFIG) { usp_config_%.*s(); return; }\n"), basename_sz, basename_ptr);
if (bauth) (void) u__snprintf(ptr10, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_AUTH) { usp_auth_%.*s(); return; }\n"), basename_sz, basename_ptr);
}
else
{
@ -868,13 +873,14 @@ loop: distance = t.getDistance();
bsighup =
bfork =
bopen =
bclose = false;
bclose =
bauth = false;
}
bool bdatamod = (bsession || bstorage);
U_INTERNAL_DUMP("bcfg = %b binit = %b breset = %b bend = %b bsighup = %b bfork = %b bopen = %b bclose = %b bdatamod = %b",
bcfg, binit, breset, bend, bsighup, bfork, bopen, bclose, bdatamod)
U_INTERNAL_DUMP("bcfg = %b binit = %b breset = %b bend = %b bsighup = %b bfork = %b bopen = %b bclose = %b bdatamod = %b bauth = %b",
bcfg, binit, breset, bend, bsighup, bfork, bopen, bclose, bdatamod, bauth)
if (bdatamod)
{
@ -1028,6 +1034,7 @@ loop: distance = t.getDistance();
"%s"
"%s"
"%s"
"%s"
"\treturn;\n"
"} }\n"
"\t\n"
@ -1060,6 +1067,7 @@ loop: distance = t.getDistance();
ptr7,
ptr8,
ptr9,
ptr10,
basename_sz, basename_ptr,
basename_sz, basename_ptr,
basename_sz, basename_ptr,

194
src/ulib/utility/uhttp.cpp
View File

@ -76,6 +76,8 @@ int UHTTP::cgi_timeout;
bool UHTTP::bnph;
bool UHTTP::bcallInitForAllUSP;
bool UHTTP::digest_authentication;
bool UHTTP::uri_overload_authentication;
bool UHTTP::buri_overload_authentication;
bool UHTTP::skip_check_cookie_ip_address;
bool UHTTP::enable_caching_by_proxy_servers;
char UHTTP::response_buffer[64];
@ -92,6 +94,7 @@ UString* UHTTP::etag;
UString* UHTTP::body;
UString* UHTTP::geoip;
UString* UHTTP::tmpdir;
UString* UHTTP::fpasswd;
UString* UHTTP::htpasswd;
UString* UHTTP::htdigest;
UString* UHTTP::qcontent;
@ -848,6 +851,7 @@ void UHTTP::init()
U_INTERNAL_ASSERT_EQUALS(pcmd, U_NULLPTR)
U_INTERNAL_ASSERT_EQUALS(geoip, U_NULLPTR)
U_INTERNAL_ASSERT_EQUALS(tmpdir, U_NULLPTR)
U_INTERNAL_ASSERT_EQUALS(fpasswd, U_NULLPTR)
U_INTERNAL_ASSERT_EQUALS(qcontent, U_NULLPTR)
U_INTERNAL_ASSERT_EQUALS(pathname, U_NULLPTR)
U_INTERNAL_ASSERT_EQUALS(rpathname, U_NULLPTR)
@ -869,6 +873,7 @@ void UHTTP::init()
U_NEW_STRING(body, UString);
U_NEW_STRING(geoip, UString(U_CAPACITY));
U_NEW_STRING(tmpdir, UString(U_PATH_MAX));
U_NEW_STRING(fpasswd, UString);
U_NEW_STRING(qcontent, UString);
U_NEW_STRING(pathname, UString(U_CAPACITY));
U_NEW_STRING(rpathname, UString);
@ -1413,6 +1418,7 @@ void UHTTP::dtor()
U_DELETE(pcmd)
U_DELETE(geoip)
U_DELETE(tmpdir)
U_DELETE(fpasswd)
U_DELETE(qcontent)
U_DELETE(pathname)
U_DELETE(rpathname)
@ -7696,40 +7702,40 @@ end:
handlerResponse();
}
U_NO_EXPORT __pure uint32_t UHTTP::getPosPasswd(UString& fpasswd, const UString& line)
U_NO_EXPORT __pure uint32_t UHTTP::getPosPasswd(const UString& line)
{
U_TRACE(0, "UHTTP::getPosPasswd(%V,%V)", fpasswd.rep, line.rep)
U_TRACE(0, "UHTTP::getPosPasswd(%V)", line.rep)
U_INTERNAL_ASSERT(fpasswd)
U_INTERNAL_ASSERT(*fpasswd)
uint32_t pos = fpasswd.find(line);
uint32_t pos = fpasswd->find(line);
if (pos == U_NOT_FOUND) U_RETURN(U_NOT_FOUND);
if (pos == 0 ||
fpasswd[pos-1] == '\n')
(*fpasswd)[pos-1] == '\n')
{
U_RETURN(pos);
}
while (true)
{
pos = fpasswd.find(line, pos+1);
pos = fpasswd->find(line, pos+1);
if (pos == U_NOT_FOUND) U_RETURN(U_NOT_FOUND);
if (fpasswd[pos-1] == '\n') U_RETURN(pos);
if ((*fpasswd)[pos-1] == '\n') U_RETURN(pos);
}
}
U_NO_EXPORT uint32_t UHTTP::checkPasswd(UHTTP::UFileCacheData* ptr_file_data, UString& fpasswd, const UString& line)
U_NO_EXPORT uint32_t UHTTP::checkPasswd(UHTTP::UFileCacheData* ptr_file_data, const UString& line)
{
U_TRACE(0, "UHTTP::checkPasswd(%p,%V,%V)", ptr_file_data, fpasswd.rep, line.rep)
U_TRACE(0, "UHTTP::checkPasswd(%p,%V)", ptr_file_data, line.rep)
// s.casazza:{SHA}Lkii1ZE7k.....\n
// s.casazza:Protected Area:b9ee2af50be37...........\n
uint32_t pos = getPosPasswd(fpasswd, line);
uint32_t pos = getPosPasswd(line);
if (pos == U_NOT_FOUND)
{
@ -7750,18 +7756,20 @@ U_NO_EXPORT uint32_t UHTTP::checkPasswd(UHTTP::UFileCacheData* ptr_file_data, US
{
ptr_file_data->array->erase(0);
fpasswd = tmp.getContent(true, false, true);
*fpasswd = tmp.getContent(true, false, true);
ptr_file_data->array->push_back(fpasswd);
ptr_file_data->array->push_back(*fpasswd);
U_SRV_LOG("File data users permission: %V reloaded - %u bytes", lpathname.rep, fpasswd.size());
U_SRV_LOG("File data users permission: %V reloaded - %u bytes", lpathname.rep, fpasswd->size());
pos = getPosPasswd(fpasswd, line);
pos = getPosPasswd(line);
}
}
}
else if (digest_authentication)
{
if (uri_overload_authentication) U_RETURN(U_NOT_FOUND);
U_INTERNAL_ASSERT(*htdigest)
UFile tmp(*UString::str_htdigest);
@ -7771,16 +7779,18 @@ U_NO_EXPORT uint32_t UHTTP::checkPasswd(UHTTP::UFileCacheData* ptr_file_data, US
if ((tmp.st_mtime = htdigest_mtime, tmp.isModified()) == false) tmp.close();
else
{
fpasswd = *htdigest = tmp.getContent(true, false, true);
*fpasswd = *htdigest = tmp.getContent(true, false, true);
U_SRV_LOG("File data users permission: ../.htdigest reloaded - %u bytes", fpasswd.size());
U_SRV_LOG("File data users permission: ../.htdigest reloaded - %u bytes", fpasswd->size());
pos = getPosPasswd(fpasswd, line);
pos = getPosPasswd(line);
}
}
}
else
{
if (uri_overload_authentication) U_RETURN(U_NOT_FOUND);
U_INTERNAL_ASSERT(*htpasswd)
UFile tmp(*UString::str_htpasswd);
@ -7790,11 +7800,11 @@ U_NO_EXPORT uint32_t UHTTP::checkPasswd(UHTTP::UFileCacheData* ptr_file_data, US
if ((tmp.st_mtime = htpasswd_mtime, tmp.isModified()) == false) tmp.close();
else
{
fpasswd = *htpasswd = tmp.getContent(true, false, true);
*fpasswd = *htpasswd = tmp.getContent(true, false, true);
U_SRV_LOG("File data users permission: ../.htpasswd reloaded - %u bytes", fpasswd.size());
U_SRV_LOG("File data users permission: ../.htpasswd reloaded - %u bytes", fpasswd->size());
pos = getPosPasswd(fpasswd, line);
pos = getPosPasswd(line);
}
}
}
@ -7806,19 +7816,51 @@ U_NO_EXPORT uint32_t UHTTP::checkPasswd(UHTTP::UFileCacheData* ptr_file_data, US
// -----------------------------------------------------------------------------------------------
// for Jonathan Kelly
// -----------------------------------------------------------------------------------------------
UHTTP::UFileCacheData* UHTTP::getPasswdDB(const char* name, uint32_t len, UString& fpasswd)
UHTTP::UFileCacheData* UHTTP::getPasswdDB(const char* name, uint32_t len)
{
U_TRACE(0, "UHTTP::getPasswdDB(%.*S,%u,%V)", len, name, len, fpasswd.rep)
U_ASSERT(fpasswd.empty())
U_TRACE(0, "UHTTP::getPasswdDB(%.*S,%u)", len, name, len)
UHTTP::UFileCacheData* ptr_file_data = U_NULLPTR;
fpasswd->clear();
if (len > 1)
{
if (uri_overload_authentication)
{
U_INTERNAL_ASSERT_EQUALS(name[0], '/')
UHTTP::UServletPage* usp_save = usp;
if (getUSP(name+1, len-1))
{
/**
* Must set UHTTP::fpasswd as something like:
*
* s.casazza:{SHA}Lkii1ZE7k.....\n
* ...
*
* or (for digest auth)
*
* s.casazza:Protected Area:b9ee2af50be37...........\n
* ...
*
* NB: if UHTTP::buri_overload_authentication is set we authorize the request...
*/
usp->runDynamicPageParam(U_DPAGE_AUTH);
U_INTERNAL_DUMP("fpasswd = %V buri_overload_authentication = %b", fpasswd->rep, buri_overload_authentication)
usp = usp_save;
U_RETURN_POINTER(U_NULLPTR, UHTTP::UFileCacheData);
}
}
ptr_file_data = getFileCachePointerVar(U_CONSTANT_TO_PARAM("..%.*s.ht%6s"), len, name, digest_authentication ? "digest" : "passwd");
if (ptr_file_data) fpasswd = ptr_file_data->array->operator[](0);
if (ptr_file_data) *fpasswd = ptr_file_data->array->operator[](0);
}
U_INTERNAL_DUMP("digest_authentication = %b ptr_file_data = %p htpasswd = %p", digest_authentication, ptr_file_data, htpasswd)
@ -7827,24 +7869,24 @@ UHTTP::UFileCacheData* UHTTP::getPasswdDB(const char* name, uint32_t len, UStrin
{
if (digest_authentication)
{
if (htdigest) fpasswd = *htdigest;
if (htdigest) *fpasswd = *htdigest;
}
else
{
if (htpasswd) fpasswd = *htpasswd;
if (htpasswd) *fpasswd = *htpasswd;
}
}
U_RETURN_POINTER(ptr_file_data, UHTTP::UFileCacheData);
}
bool UHTTP::savePasswdDB(const char* name, uint32_t len, const UString& fpasswd, UFileCacheData* ptr_file_data) // Save Changes to Disk and Cache
bool UHTTP::savePasswdDB(const char* name, uint32_t len, UFileCacheData* ptr_file_data) // Save Changes to Disk and Cache
{
U_TRACE(0, "UHTTP::savePasswdDB(%.*S,%u,%V,%p)", len, name, len, fpasswd.rep, ptr_file_data)
U_TRACE(0, "UHTTP::savePasswdDB(%.*S,%u,%p)", len, name, len, ptr_file_data)
U_INTERNAL_DUMP("digest_authentication = %b htpasswd = %p", digest_authentication, htpasswd)
U_INTERNAL_ASSERT(fpasswd)
U_INTERNAL_ASSERT(*fpasswd)
if (ptr_file_data)
{
@ -7852,12 +7894,12 @@ bool UHTTP::savePasswdDB(const char* name, uint32_t len, const UString& fpasswd,
lpathname.snprintf(U_CONSTANT_TO_PARAM("..%.*s.ht%6s"), len, name, digest_authentication ? "digest" : "passwd");
if (UFile::writeTo(lpathname, fpasswd))
if (UFile::writeTo(lpathname, *fpasswd))
{
ptr_file_data->array->erase(0);
ptr_file_data->array->push_back(fpasswd);
ptr_file_data->array->push_back(*fpasswd);
U_SRV_LOG("File data users permission: %V reloaded - %u bytes", lpathname.rep, fpasswd.size());
U_SRV_LOG("File data users permission: %V reloaded - %u bytes", lpathname.rep, fpasswd->size());
U_RETURN(true);
}
@ -7869,11 +7911,11 @@ bool UHTTP::savePasswdDB(const char* name, uint32_t len, const UString& fpasswd,
{
U_INTERNAL_ASSERT(*htdigest)
if (UFile::writeTo(*UString::str_htdigest, fpasswd))
if (UFile::writeTo(*UString::str_htdigest, *fpasswd))
{
*htdigest = fpasswd;
*htdigest = *fpasswd;
U_SRV_LOG("File data users permission: ../.htdigest reloaded - %u bytes", fpasswd.size());
U_SRV_LOG("File data users permission: ../.htdigest reloaded - %u bytes", fpasswd->size());
U_RETURN(true);
}
@ -7883,11 +7925,11 @@ bool UHTTP::savePasswdDB(const char* name, uint32_t len, const UString& fpasswd,
U_INTERNAL_ASSERT(*htpasswd)
if (UFile::writeTo(*UString::str_htpasswd, fpasswd))
if (UFile::writeTo(*UString::str_htpasswd, *fpasswd))
{
*htpasswd = fpasswd;
*htpasswd = *fpasswd;
U_SRV_LOG("File data users permission: ../.htpasswd reloaded - %u bytes", fpasswd.size());
U_SRV_LOG("File data users permission: ../.htpasswd reloaded - %u bytes", fpasswd->size());
U_RETURN(true);
}
@ -7895,9 +7937,9 @@ bool UHTTP::savePasswdDB(const char* name, uint32_t len, const UString& fpasswd,
U_RETURN(false);
}
void UHTTP::setPasswdUser(UString& fpasswd, const UString& username, const UString& password) // Add/Update passwd User
void UHTTP::setPasswdUser(const UString& username, const UString& password) // Add/Update passwd User
{
U_TRACE(0, "UHTTP::setPasswdUser(%V,%V,%V)", fpasswd.rep, username.rep, password.rep)
U_TRACE(0, "UHTTP::setPasswdUser(%V,%V)", username.rep, password.rep)
if (username &&
password)
@ -7925,23 +7967,23 @@ void UHTTP::setPasswdUser(UString& fpasswd, const UString& username, const UStri
user_token.snprintf(U_CONSTANT_TO_PARAM("%v:{SHA}%v\n"), username.rep, hash.rep);
}
uint32_t pos_begin = getPosPasswd(fpasswd, buffer);
uint32_t pos_begin = getPosPasswd(buffer);
if (pos_begin == U_NOT_FOUND) (void) fpasswd.append(user_token);
if (pos_begin == U_NOT_FOUND) (void) fpasswd->append(user_token);
else
{
uint32_t pos_end = fpasswd.find('\n', pos_begin+1) - pos_begin+1;
uint32_t pos_end = fpasswd->find('\n', pos_begin+1) - pos_begin+1;
(void) fpasswd.replace(pos_begin, pos_end, user_token);
(void) fpasswd->replace(pos_begin, pos_end, user_token);
}
}
}
bool UHTTP::revokePasswdUser(UString& fpasswd, const UString& username) // Remove passwd User
bool UHTTP::revokePasswdUser(const UString& username) // Remove passwd User
{
U_TRACE(0, "UHTTP::revokePasswdUser(%V,%V)", fpasswd.rep, username.rep)
U_TRACE(0, "UHTTP::revokePasswdUser(%V)", username.rep)
if (fpasswd &&
if (*fpasswd &&
username)
{
UString buffer(U_CAPACITY);
@ -7949,13 +7991,13 @@ bool UHTTP::revokePasswdUser(UString& fpasswd, const UString& username) // Remov
if (digest_authentication) buffer.snprintf(U_CONSTANT_TO_PARAM("%v:" U_HTTP_REALM ":"), username.rep); // s.casazza:Protected Area:b9ee2af50be37...........\n
else buffer.snprintf(U_CONSTANT_TO_PARAM("%v:{SHA}"), username.rep); // s.casazza:{SHA}Lkii1ZE7k.....\n
uint32_t pos_begin = getPosPasswd(fpasswd, buffer);
uint32_t pos_begin = getPosPasswd(buffer);
if (pos_begin != U_NOT_FOUND)
{
uint32_t pos_end = fpasswd.find('\n', pos_begin+1) - pos_begin;
uint32_t pos_end = fpasswd->find('\n', pos_begin+1) - pos_begin;
(void) fpasswd.erase(pos_begin, pos_end);
(void) fpasswd->erase(pos_begin, pos_end);
U_RETURN(true);
}
@ -7976,7 +8018,7 @@ U_NO_EXPORT bool UHTTP::processAuthorization(const char* request, uint32_t sz, c
const char* ptr;
uint32_t pos = 0;
UHTTP::UFileCacheData* ptr_file_data;
UString buffer(U_CAPACITY), fpasswd, content, tmp;
UString buffer(U_CAPACITY), content, tmp;
bool result = false, bpass = false, bstale = false;
if (pattern)
@ -8011,7 +8053,7 @@ U_NO_EXPORT bool UHTTP::processAuthorization(const char* request, uint32_t sz, c
if (sz > U_CONSTANT_SIZE("/sse_event/")) // Ex: "/sse_event/tutor"
{
ptr_file_data = getPasswdDB(request+U_CONSTANT_SIZE("/sse_event"), sz-U_CONSTANT_SIZE("/sse_event"), fpasswd);
ptr_file_data = getPasswdDB(request+U_CONSTANT_SIZE("/sse_event"), sz-U_CONSTANT_SIZE("/sse_event"));
goto next;
}
@ -8021,12 +8063,16 @@ U_NO_EXPORT bool UHTTP::processAuthorization(const char* request, uint32_t sz, c
# endif
}
ptr_file_data = getPasswdDB(request, sz-pos, fpasswd);
ptr_file_data = getPasswdDB(request, sz-pos);
#ifdef U_SSE_ENABLE
next:
#endif
if (fpasswd.empty()) goto end;
if (fpasswd->empty() &&
buri_overload_authentication == false)
{
goto end;
}
bpass = true;
@ -8185,21 +8231,32 @@ next:
}
}
if (buri_overload_authentication)
{
U_INTERNAL_ASSERT_EQUALS(ptr_file_data, U_NULLPTR)
buri_overload_authentication = false;
result = true;
goto end;
}
// ha1 => MD5(user : realm : password)
buffer.snprintf(U_CONSTANT_TO_PARAM("%v:" U_HTTP_REALM ":"), user_authentication->rep);
// s.casazza:Protected Area:b9ee2af50be37...........\n
pos = checkPasswd(ptr_file_data, fpasswd, buffer);
pos = checkPasswd(ptr_file_data, buffer);
if (pos == U_NOT_FOUND) goto end;
pos += buffer.size();
ha1 = fpasswd.substr(pos, 32);
ha1 = fpasswd->substr(pos, 32);
U_INTERNAL_ASSERT_EQUALS(fpasswd.c_char(pos+32), '\n')
U_INTERNAL_ASSERT_EQUALS(fpasswd->c_char(pos+32), '\n')
if (UServices::setDigestCalcResponse(ha1, nc, nonce, cnonce, uri, *user_authentication, ha3)) result = (ha3 == response);
@ -8219,15 +8276,26 @@ next:
if (t.next(*user_authentication, (bool*)U_NULLPTR) &&
t.next(password, (bool*)U_NULLPTR))
{
UString line(1000U), output(1000U);
if (buri_overload_authentication)
{
U_INTERNAL_ASSERT_EQUALS(ptr_file_data, U_NULLPTR)
UServices::generateDigest(U_HASH_SHA1, 0, password, output, true);
buri_overload_authentication = false;
line.snprintf(U_CONSTANT_TO_PARAM("%v:{SHA}%v\n"), user_authentication->rep, output.rep);
result = true;
}
else
{
UString line(1000U), output(1000U);
// s.casazza:{SHA}Lkii1ZE7k.....\n
UServices::generateDigest(U_HASH_SHA1, 0, password, output, true);
if (checkPasswd(ptr_file_data, fpasswd, line) != U_NOT_FOUND) result = true;
line.snprintf(U_CONSTANT_TO_PARAM("%v:{SHA}%v\n"), user_authentication->rep, output.rep);
// s.casazza:{SHA}Lkii1ZE7k.....\n
if (checkPasswd(ptr_file_data, line) != U_NOT_FOUND) result = true;
}
}
}
}

2
tests/examples/TSA/tsaserial
View File

@ -1 +1 @@
058E
059D

2
tests/examples/nocat/firewall/nodog.fw
View File

@ -156,7 +156,7 @@ initialize_fw() {
$IPTABLES -t filter -N NoCat 2>/dev/null
$IPTABLES -t filter -F NoCat
$IPTABLES -t filter -A NoCat -p tcp -m state --state INVALID -j DROP
$IPTABLES -t filter -A NoCat -p tcp -m conntrack --ctstate INVALID -j DROP || $IPTABLES -t filter -A NoCat -p tcp -m state --state INVALID -j DROP
for ifacein in $InternalDevice; do
for ifaceout in $ExternalDevice; do
$IPTABLES -t filter -D FORWARD -i $ifacein -o $ifaceout -j NoCat 2>/dev/null

5
tests/examples/web_server.sh
View File

@ -105,8 +105,9 @@ http {
#REQUEST_READ_TIMEOUT 30
#APACHE_LIKE_LOG /var/log/httpd/access_log
#LOG_FILE_SZ 10M
#DIGEST_AUTHENTICATION yes
#URI_PROTECTED_MASK /tutor/*|/learner/*|/HOD/*
DIGEST_AUTHENTICATION yes
URI_PROTECTED_MASK /tutor/*|/learner/*|/HOD/*
URI_OVERLOAD_AUTHENTICATION yes
#CACHE_FILE_STORE nocat/webif.gz
#CACHE_FILE_MASK inp/http/data/file1|*.flv|*.svgz
#URI_REQUEST_STRICT_TRANSPORT_SECURITY_MASK *

45
tests/ulib/plugin/.deps/product1.Plo
View File

@ -11,10 +11,12 @@ plugin/product1.lo: plugin/product1.cpp /usr/include/stdc-predef.h \
/usr/include/bits/types.h /usr/include/bits/typesizes.h \
/usr/include/bits/mman.h /usr/include/bits/mman-linux.h \
/usr/include/bits/mman-shared.h /usr/include/stdio.h \
/usr/include/bits/libc-header-start.h /usr/include/bits/types/__FILE.h \
/usr/include/bits/types/FILE.h /usr/include/bits/libio.h \
/usr/include/bits/_G_config.h /usr/include/bits/types/__mbstate_t.h \
/usr/include/bits/libc-header-start.h \
/usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include/stdarg.h \
/usr/include/bits/types/__fpos_t.h /usr/include/bits/types/__mbstate_t.h \
/usr/include/bits/types/__fpos64_t.h /usr/include/bits/types/__FILE.h \
/usr/include/bits/types/FILE.h /usr/include/bits/types/struct_FILE.h \
/usr/include/bits/types/cookie_io_functions_t.h \
/usr/include/bits/stdio_lim.h /usr/include/bits/sys_errlist.h \
/usr/include/bits/stdio.h /usr/include/bits/stdio2.h \
/usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include/stdint.h \
@ -28,17 +30,18 @@ plugin/product1.lo: plugin/product1.cpp /usr/include/stdc-predef.h \
/usr/include/bits/types/clockid_t.h /usr/include/bits/types/time_t.h \
/usr/include/bits/types/timer_t.h /usr/include/endian.h \
/usr/include/bits/endian.h /usr/include/bits/byteswap.h \
/usr/include/bits/byteswap-16.h /usr/include/bits/uintn-identity.h \
/usr/include/sys/select.h /usr/include/bits/select.h \
/usr/include/bits/types/sigset_t.h /usr/include/bits/types/__sigset_t.h \
/usr/include/bits/uintn-identity.h /usr/include/sys/select.h \
/usr/include/bits/select.h /usr/include/bits/types/sigset_t.h \
/usr/include/bits/types/__sigset_t.h \
/usr/include/bits/types/struct_timeval.h \
/usr/include/bits/types/struct_timespec.h /usr/include/bits/select2.h \
/usr/include/bits/pthreadtypes.h /usr/include/bits/thread-shared-types.h \
/usr/include/bits/pthreadtypes-arch.h \
/usr/include/bits/types/struct_iovec.h /usr/include/bits/uio_lim.h \
/usr/include/bits/uio-ext.h /usr/include/sys/stat.h \
/usr/include/bits/stat.h /usr/include/pthread.h /usr/include/sched.h \
/usr/include/bits/sched.h /usr/include/bits/cpu-set.h \
/usr/include/bits/stat.h /usr/include/bits/statx.h \
/usr/include/pthread.h /usr/include/sched.h /usr/include/bits/sched.h \
/usr/include/bits/types/struct_sched_param.h /usr/include/bits/cpu-set.h \
/usr/include/time.h /usr/include/bits/time.h /usr/include/bits/timex.h \
/usr/include/bits/types/struct_tm.h \
/usr/include/bits/types/struct_itimerspec.h \
@ -77,7 +80,7 @@ plugin/product1.lo: plugin/product1.cpp /usr/include/stdc-predef.h \
/usr/include/errno.h /usr/include/bits/errno.h \
/usr/include/linux/errno.h /usr/include/asm/errno.h \
/usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
/usr/include/sys/time.h \
/usr/include/bits/types/error_t.h /usr/include/sys/time.h \
/usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include-fixed/limits.h \
/usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include-fixed/syslimits.h \
/usr/include/limits.h /usr/include/bits/posix1_lim.h \
@ -266,17 +269,21 @@ plugin/product.h:
/usr/include/bits/libc-header-start.h:
/usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include/stdarg.h:
/usr/include/bits/types/__fpos_t.h:
/usr/include/bits/types/__mbstate_t.h:
/usr/include/bits/types/__fpos64_t.h:
/usr/include/bits/types/__FILE.h:
/usr/include/bits/types/FILE.h:
/usr/include/bits/libio.h:
/usr/include/bits/types/struct_FILE.h:
/usr/include/bits/_G_config.h:
/usr/include/bits/types/__mbstate_t.h:
/usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include/stdarg.h:
/usr/include/bits/types/cookie_io_functions_t.h:
/usr/include/bits/stdio_lim.h:
@ -328,8 +335,6 @@ plugin/product.h:
/usr/include/bits/byteswap.h:
/usr/include/bits/byteswap-16.h:
/usr/include/bits/uintn-identity.h:
/usr/include/sys/select.h:
@ -362,12 +367,16 @@ plugin/product.h:
/usr/include/bits/stat.h:
/usr/include/bits/statx.h:
/usr/include/pthread.h:
/usr/include/sched.h:
/usr/include/bits/sched.h:
/usr/include/bits/types/struct_sched_param.h:
/usr/include/bits/cpu-set.h:
/usr/include/time.h:
@ -496,6 +505,8 @@ plugin/product.h:
/usr/include/asm-generic/errno-base.h:
/usr/include/bits/types/error_t.h:
/usr/include/sys/time.h:
/usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include-fixed/limits.h:

45
tests/ulib/plugin/.deps/product2.Plo
View File

@ -11,10 +11,12 @@ plugin/product2.lo: plugin/product2.cpp /usr/include/stdc-predef.h \
/usr/include/bits/types.h /usr/include/bits/typesizes.h \
/usr/include/bits/mman.h /usr/include/bits/mman-linux.h \
/usr/include/bits/mman-shared.h /usr/include/stdio.h \
/usr/include/bits/libc-header-start.h /usr/include/bits/types/__FILE.h \
/usr/include/bits/types/FILE.h /usr/include/bits/libio.h \
/usr/include/bits/_G_config.h /usr/include/bits/types/__mbstate_t.h \
/usr/include/bits/libc-header-start.h \
/usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include/stdarg.h \
/usr/include/bits/types/__fpos_t.h /usr/include/bits/types/__mbstate_t.h \
/usr/include/bits/types/__fpos64_t.h /usr/include/bits/types/__FILE.h \
/usr/include/bits/types/FILE.h /usr/include/bits/types/struct_FILE.h \
/usr/include/bits/types/cookie_io_functions_t.h \
/usr/include/bits/stdio_lim.h /usr/include/bits/sys_errlist.h \
/usr/include/bits/stdio.h /usr/include/bits/stdio2.h \
/usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include/stdint.h \
@ -28,17 +30,18 @@ plugin/product2.lo: plugin/product2.cpp /usr/include/stdc-predef.h \
/usr/include/bits/types/clockid_t.h /usr/include/bits/types/time_t.h \
/usr/include/bits/types/timer_t.h /usr/include/endian.h \
/usr/include/bits/endian.h /usr/include/bits/byteswap.h \
/usr/include/bits/byteswap-16.h /usr/include/bits/uintn-identity.h \
/usr/include/sys/select.h /usr/include/bits/select.h \
/usr/include/bits/types/sigset_t.h /usr/include/bits/types/__sigset_t.h \
/usr/include/bits/uintn-identity.h /usr/include/sys/select.h \
/usr/include/bits/select.h /usr/include/bits/types/sigset_t.h \
/usr/include/bits/types/__sigset_t.h \
/usr/include/bits/types/struct_timeval.h \
/usr/include/bits/types/struct_timespec.h /usr/include/bits/select2.h \
/usr/include/bits/pthreadtypes.h /usr/include/bits/thread-shared-types.h \
/usr/include/bits/pthreadtypes-arch.h \
/usr/include/bits/types/struct_iovec.h /usr/include/bits/uio_lim.h \
/usr/include/bits/uio-ext.h /usr/include/sys/stat.h \
/usr/include/bits/stat.h /usr/include/pthread.h /usr/include/sched.h \
/usr/include/bits/sched.h /usr/include/bits/cpu-set.h \
/usr/include/bits/stat.h /usr/include/bits/statx.h \
/usr/include/pthread.h /usr/include/sched.h /usr/include/bits/sched.h \
/usr/include/bits/types/struct_sched_param.h /usr/include/bits/cpu-set.h \
/usr/include/time.h /usr/include/bits/time.h /usr/include/bits/timex.h \
/usr/include/bits/types/struct_tm.h \
/usr/include/bits/types/struct_itimerspec.h \
@ -77,7 +80,7 @@ plugin/product2.lo: plugin/product2.cpp /usr/include/stdc-predef.h \
/usr/include/errno.h /usr/include/bits/errno.h \
/usr/include/linux/errno.h /usr/include/asm/errno.h \
/usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
/usr/include/sys/time.h \
/usr/include/bits/types/error_t.h /usr/include/sys/time.h \
/usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include-fixed/limits.h \
/usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include-fixed/syslimits.h \
/usr/include/limits.h /usr/include/bits/posix1_lim.h \
@ -266,17 +269,21 @@ plugin/product.h:
/usr/include/bits/libc-header-start.h:
/usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include/stdarg.h:
/usr/include/bits/types/__fpos_t.h:
/usr/include/bits/types/__mbstate_t.h:
/usr/include/bits/types/__fpos64_t.h:
/usr/include/bits/types/__FILE.h:
/usr/include/bits/types/FILE.h:
/usr/include/bits/libio.h:
/usr/include/bits/types/struct_FILE.h:
/usr/include/bits/_G_config.h:
/usr/include/bits/types/__mbstate_t.h:
/usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include/stdarg.h:
/usr/include/bits/types/cookie_io_functions_t.h:
/usr/include/bits/stdio_lim.h:
@ -328,8 +335,6 @@ plugin/product.h:
/usr/include/bits/byteswap.h:
/usr/include/bits/byteswap-16.h:
/usr/include/bits/uintn-identity.h:
/usr/include/sys/select.h:
@ -362,12 +367,16 @@ plugin/product.h:
/usr/include/bits/stat.h:
/usr/include/bits/statx.h:
/usr/include/pthread.h:
/usr/include/sched.h:
/usr/include/bits/sched.h:
/usr/include/bits/types/struct_sched_param.h:
/usr/include/bits/cpu-set.h:
/usr/include/time.h:
@ -496,6 +505,8 @@ plugin/product.h:
/usr/include/asm-generic/errno-base.h:
/usr/include/bits/types/error_t.h:
/usr/include/sys/time.h:
/usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include-fixed/limits.h: