diff --git a/examples/userver/userver.cfg.default b/examples/userver/userver.cfg.default index d73a13e0..26d04dfa 100644 --- a/examples/userver/userver.cfg.default +++ b/examples/userver/userver.cfg.default @@ -196,6 +196,8 @@ userver { # URI_PROTECTED_MASK mask (DOS regexp) of URI protected from prying eyes (that needs authentication) # URI_PROTECTED_ALLOWED_IP list of comma separated client address for IP-based access control (IPADDR[/MASK]) for URI_PROTECTED_MASK # +# URI_OVERLOAD_AUTHENTICATION enable use of usp services as alternative to .ht[digest|passwd] for URI_PROTECTED_MASK +# # ENABLE_CACHING_BY_PROXY_SERVERS enable caching by proxy servers (add Cache control: public directive on header response) # # MIN_SIZE_REQUEST_BODY_FOR_PARALLELIZATION enable parallelization for request with body size major of (default 100k) @@ -266,6 +268,8 @@ http { # URI_PROTECTED_SSE yes # URI_PROTECTED_MASK /RA/admin/cgi-bin/* # URI_PROTECTED_ALLOWED_IP 127.0.0.1,10.30.0.0/16 + +# URI_OVERLOAD_AUTHENTICATION yes # ENABLE_CACHING_BY_PROXY_SERVERS yes diff --git a/include/ulib/dynamic/dynamic.h b/include/ulib/dynamic/dynamic.h index e4be509a..3cd75e22 100644 --- a/include/ulib/dynamic/dynamic.h +++ b/include/ulib/dynamic/dynamic.h @@ -46,7 +46,8 @@ enum DynamicPageType { U_DPAGE_FORK = 6, U_DPAGE_OPEN = 7, U_DPAGE_CLOSE = 8, - U_DPAGE_ERROR = 9 + U_DPAGE_ERROR = 9, + U_DPAGE_AUTH = 10 }; /** diff --git a/include/ulib/utility/uhttp.h b/include/ulib/utility/uhttp.h index 80a48c99..3b1c5994 100644 --- a/include/ulib/utility/uhttp.h +++ b/include/ulib/utility/uhttp.h @@ -1369,22 +1369,23 @@ private: // URI PROTECTION (for example directory listing) + static UString* fpasswd; static UString* htpasswd; static UString* htdigest; - static bool digest_authentication; // authentication method (digest|basic) static UString* user_authentication; static time_t htdigest_mtime, htpasswd_mtime; + static bool uri_overload_authentication, buri_overload_authentication, digest_authentication; // authentication method (digest|basic) static UString getUserAuthentication() { return *user_authentication; } // ----------------------------------------------------------------------------------------------- // for Jonathan Kelly // ----------------------------------------------------------------------------------------------- - static UFileCacheData* getPasswdDB(const char* name, uint32_t len, UString& fpasswd); // ex. U_CONSTANT_TO_PARAM("tutor"), x - static bool savePasswdDB(const char* name, uint32_t len, const UString& fpasswd, UFileCacheData* ptr_file_data); // Save Changes to Disk and Cache + static UFileCacheData* getPasswdDB(const char* name, uint32_t len); + static bool savePasswdDB(const char* name, uint32_t len, UFileCacheData* ptr_file_data); // Save Changes to Disk and Cache - static void setPasswdUser(UString& fpasswd, const UString& username, const UString& password); // Add/Update passwd User - static bool revokePasswdUser(UString& fpasswd, const UString& username); // Remove passwd User + static void setPasswdUser(const UString& username, const UString& password); // Add/Update passwd User + static bool revokePasswdUser(const UString& username); // Remove passwd User // ----------------------------------------------------------------------------------------------- #ifdef USE_LIBSSL @@ -1572,8 +1573,8 @@ private: static inline void setXForwardedFor(const char* ptr, uint32_t len) U_NO_EXPORT; static inline void setXHttpForwardedFor(const char* ptr, uint32_t len) U_NO_EXPORT; - static uint32_t getPosPasswd(UString& fpasswd, const UString& line) __pure U_NO_EXPORT; - static uint32_t checkPasswd(UFileCacheData* ptr_file_data, UString& fpasswd, const UString& line) U_NO_EXPORT; + static uint32_t getPosPasswd(const UString& line) __pure U_NO_EXPORT; + static uint32_t checkPasswd(UFileCacheData* ptr_file_data, const UString& line) U_NO_EXPORT; U_DISALLOW_COPY_AND_ASSIGN(UHTTP) diff --git a/src/ulib/net/server/plugin/mod_http.cpp b/src/ulib/net/server/plugin/mod_http.cpp index 7cf03d45..c832cb16 100644 --- a/src/ulib/net/server/plugin/mod_http.cpp +++ b/src/ulib/net/server/plugin/mod_http.cpp @@ -92,6 +92,8 @@ int UHttpPlugIn::handlerConfig(UFileConfig& cfg) // URI_PROTECTED_MASK mask (DOS regexp) of URI protected from prying eyes // URI_PROTECTED_ALLOWED_IP list of comma separated client address for IP-based access control (IPADDR[/MASK]) for URI_PROTECTED_MASK // + // URI_OVERLOAD_AUTHENTICATION enable use of usp services as alternative to .ht[digest|passwd] for URI_PROTECTED_MASK + // // URI_REQUEST_CERT_MASK mask (DOS regexp) of URI where client must comunicate a certificate in the SSL connection // BANDWIDTH_THROTTLING_MASK lets you set maximum byte rates on URLs or URL groups (*.jpg|*.gif 50) // URI_REQUEST_STRICT_TRANSPORT_SECURITY_MASK mask (DOS regexp) of URI where use HTTP Strict Transport Security to force client to use only SSL @@ -381,6 +383,15 @@ int UHttpPlugIn::handlerConfig(UFileConfig& cfg) } } + x = cfg.at(U_CONSTANT_TO_PARAM("URI_OVERLOAD_AUTHENTICATION")); + + if (x) + { + U_INTERNAL_ASSERT_EQUALS(UHTTP::uri_overload_authentication, false) + + UHTTP::uri_overload_authentication = x.strtob(); + } + x = cfg.at(U_CONSTANT_TO_PARAM("URI_REQUEST_CERT_MASK")); if (x) diff --git a/src/ulib/net/server/plugin/usp/usp_translator.cpp b/src/ulib/net/server/plugin/usp/usp_translator.cpp index 829cb884..c013bfd5 100644 --- a/src/ulib/net/server/plugin/usp/usp_translator.cpp +++ b/src/ulib/net/server/plugin/usp/usp_translator.cpp @@ -797,7 +797,8 @@ loop: distance = t.getDistance(); * U_DPAGE_FORK = 6, * U_DPAGE_OPEN = 7, * U_DPAGE_CLOSE = 8, - * U_DPAGE_ERROR = 9 }; + * U_DPAGE_ERROR = 9, + * U_DPAGE_AUTH = 10 }; */ bool bcfg, // usp_config @@ -808,17 +809,19 @@ loop: distance = t.getDistance(); bfork, // usp_fork bopen, // usp_open bclose, // usp_close - berror; // usp_error + berror, // usp_error + bauth; // usp_auth - char ptr1[100] = { '\0' }; - char ptr2[100] = { '\0' }; - char ptr3[100] = { '\0' }; - char ptr4[100] = { '\0' }; - char ptr5[100] = { '\0' }; - char ptr6[100] = { '\0' }; - char ptr7[100] = { '\0' }; - char ptr8[100] = { '\0' }; - char ptr9[100] = { '\0' }; + char ptr1[100] = { '\0' }; + char ptr2[100] = { '\0' }; + char ptr3[100] = { '\0' }; + char ptr4[100] = { '\0' }; + char ptr5[100] = { '\0' }; + char ptr6[100] = { '\0' }; + char ptr7[100] = { '\0' }; + char ptr8[100] = { '\0' }; + char ptr9[100] = { '\0' }; + char ptr10[100] = { '\0' }; # ifndef U_CACHE_REQUEST_DISABLE if (usp.c_char(4) == '#' && @@ -840,6 +843,7 @@ loop: distance = t.getDistance(); bopen = (U_STRING_FIND(declaration, 0, "static void usp_open_") != U_NOT_FOUND); bclose = (U_STRING_FIND(declaration, 0, "static void usp_close_") != U_NOT_FOUND); berror = (U_STRING_FIND(declaration, 0, "static void usp_error_") != U_NOT_FOUND); + bauth = (U_STRING_FIND(declaration, 0, "static void usp_auth_") != U_NOT_FOUND); if (breset) (void) u__snprintf(ptr2, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_RESET) { usp_reset_%.*s(); return; }\n"), basename_sz, basename_ptr); @@ -852,12 +856,13 @@ loop: distance = t.getDistance(); (void) u__snprintf(ptr3, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_DESTROY) { usp_end_%.*s(); return; }\n"), basename_sz, basename_ptr); } - if (bsighup) (void) u__snprintf(ptr4, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_SIGHUP) { usp_sighup_%.*s(); return; }\n"), basename_sz, basename_ptr); - if (bfork) (void) u__snprintf(ptr5, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_FORK) { usp_fork_%.*s(); return; }\n"), basename_sz, basename_ptr); - if (bopen) (void) u__snprintf(ptr6, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_OPEN) { usp_open_%.*s(); return; }\n"), basename_sz, basename_ptr); - if (bclose) (void) u__snprintf(ptr7, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_CLOSE) { usp_close_%.*s(); return; }\n"), basename_sz, basename_ptr); - if (berror) (void) u__snprintf(ptr8, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_ERROR) { usp_error_%.*s(); return; }\n"), basename_sz, basename_ptr); - if (bcfg) (void) u__snprintf(ptr9, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_CONFIG) { usp_config_%.*s(); return; }\n"), basename_sz, basename_ptr); + if (bsighup) (void) u__snprintf(ptr4, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_SIGHUP) { usp_sighup_%.*s(); return; }\n"), basename_sz, basename_ptr); + if (bfork) (void) u__snprintf(ptr5, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_FORK) { usp_fork_%.*s(); return; }\n"), basename_sz, basename_ptr); + if (bopen) (void) u__snprintf(ptr6, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_OPEN) { usp_open_%.*s(); return; }\n"), basename_sz, basename_ptr); + if (bclose) (void) u__snprintf(ptr7, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_CLOSE) { usp_close_%.*s(); return; }\n"), basename_sz, basename_ptr); + if (berror) (void) u__snprintf(ptr8, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_ERROR) { usp_error_%.*s(); return; }\n"), basename_sz, basename_ptr); + if (bcfg) (void) u__snprintf(ptr9, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_CONFIG) { usp_config_%.*s(); return; }\n"), basename_sz, basename_ptr); + if (bauth) (void) u__snprintf(ptr10, 100, U_CONSTANT_TO_PARAM("\n\tif (param == U_DPAGE_AUTH) { usp_auth_%.*s(); return; }\n"), basename_sz, basename_ptr); } else { @@ -868,13 +873,14 @@ loop: distance = t.getDistance(); bsighup = bfork = bopen = - bclose = false; + bclose = + bauth = false; } bool bdatamod = (bsession || bstorage); - U_INTERNAL_DUMP("bcfg = %b binit = %b breset = %b bend = %b bsighup = %b bfork = %b bopen = %b bclose = %b bdatamod = %b", - bcfg, binit, breset, bend, bsighup, bfork, bopen, bclose, bdatamod) + U_INTERNAL_DUMP("bcfg = %b binit = %b breset = %b bend = %b bsighup = %b bfork = %b bopen = %b bclose = %b bdatamod = %b bauth = %b", + bcfg, binit, breset, bend, bsighup, bfork, bopen, bclose, bdatamod, bauth) if (bdatamod) { @@ -1028,6 +1034,7 @@ loop: distance = t.getDistance(); "%s" "%s" "%s" + "%s" "\treturn;\n" "} }\n" "\t\n" @@ -1060,6 +1067,7 @@ loop: distance = t.getDistance(); ptr7, ptr8, ptr9, + ptr10, basename_sz, basename_ptr, basename_sz, basename_ptr, basename_sz, basename_ptr, diff --git a/src/ulib/utility/uhttp.cpp b/src/ulib/utility/uhttp.cpp index 166bc7bf..5cf330d9 100644 --- a/src/ulib/utility/uhttp.cpp +++ b/src/ulib/utility/uhttp.cpp @@ -76,6 +76,8 @@ int UHTTP::cgi_timeout; bool UHTTP::bnph; bool UHTTP::bcallInitForAllUSP; bool UHTTP::digest_authentication; +bool UHTTP::uri_overload_authentication; +bool UHTTP::buri_overload_authentication; bool UHTTP::skip_check_cookie_ip_address; bool UHTTP::enable_caching_by_proxy_servers; char UHTTP::response_buffer[64]; @@ -92,6 +94,7 @@ UString* UHTTP::etag; UString* UHTTP::body; UString* UHTTP::geoip; UString* UHTTP::tmpdir; +UString* UHTTP::fpasswd; UString* UHTTP::htpasswd; UString* UHTTP::htdigest; UString* UHTTP::qcontent; @@ -848,6 +851,7 @@ void UHTTP::init() U_INTERNAL_ASSERT_EQUALS(pcmd, U_NULLPTR) U_INTERNAL_ASSERT_EQUALS(geoip, U_NULLPTR) U_INTERNAL_ASSERT_EQUALS(tmpdir, U_NULLPTR) + U_INTERNAL_ASSERT_EQUALS(fpasswd, U_NULLPTR) U_INTERNAL_ASSERT_EQUALS(qcontent, U_NULLPTR) U_INTERNAL_ASSERT_EQUALS(pathname, U_NULLPTR) U_INTERNAL_ASSERT_EQUALS(rpathname, U_NULLPTR) @@ -869,6 +873,7 @@ void UHTTP::init() U_NEW_STRING(body, UString); U_NEW_STRING(geoip, UString(U_CAPACITY)); U_NEW_STRING(tmpdir, UString(U_PATH_MAX)); + U_NEW_STRING(fpasswd, UString); U_NEW_STRING(qcontent, UString); U_NEW_STRING(pathname, UString(U_CAPACITY)); U_NEW_STRING(rpathname, UString); @@ -1413,6 +1418,7 @@ void UHTTP::dtor() U_DELETE(pcmd) U_DELETE(geoip) U_DELETE(tmpdir) + U_DELETE(fpasswd) U_DELETE(qcontent) U_DELETE(pathname) U_DELETE(rpathname) @@ -7696,40 +7702,40 @@ end: handlerResponse(); } -U_NO_EXPORT __pure uint32_t UHTTP::getPosPasswd(UString& fpasswd, const UString& line) +U_NO_EXPORT __pure uint32_t UHTTP::getPosPasswd(const UString& line) { - U_TRACE(0, "UHTTP::getPosPasswd(%V,%V)", fpasswd.rep, line.rep) + U_TRACE(0, "UHTTP::getPosPasswd(%V)", line.rep) - U_INTERNAL_ASSERT(fpasswd) + U_INTERNAL_ASSERT(*fpasswd) - uint32_t pos = fpasswd.find(line); + uint32_t pos = fpasswd->find(line); if (pos == U_NOT_FOUND) U_RETURN(U_NOT_FOUND); if (pos == 0 || - fpasswd[pos-1] == '\n') + (*fpasswd)[pos-1] == '\n') { U_RETURN(pos); } while (true) { - pos = fpasswd.find(line, pos+1); + pos = fpasswd->find(line, pos+1); if (pos == U_NOT_FOUND) U_RETURN(U_NOT_FOUND); - if (fpasswd[pos-1] == '\n') U_RETURN(pos); + if ((*fpasswd)[pos-1] == '\n') U_RETURN(pos); } } -U_NO_EXPORT uint32_t UHTTP::checkPasswd(UHTTP::UFileCacheData* ptr_file_data, UString& fpasswd, const UString& line) +U_NO_EXPORT uint32_t UHTTP::checkPasswd(UHTTP::UFileCacheData* ptr_file_data, const UString& line) { - U_TRACE(0, "UHTTP::checkPasswd(%p,%V,%V)", ptr_file_data, fpasswd.rep, line.rep) + U_TRACE(0, "UHTTP::checkPasswd(%p,%V)", ptr_file_data, line.rep) // s.casazza:{SHA}Lkii1ZE7k.....\n // s.casazza:Protected Area:b9ee2af50be37...........\n - uint32_t pos = getPosPasswd(fpasswd, line); + uint32_t pos = getPosPasswd(line); if (pos == U_NOT_FOUND) { @@ -7750,18 +7756,20 @@ U_NO_EXPORT uint32_t UHTTP::checkPasswd(UHTTP::UFileCacheData* ptr_file_data, US { ptr_file_data->array->erase(0); - fpasswd = tmp.getContent(true, false, true); + *fpasswd = tmp.getContent(true, false, true); - ptr_file_data->array->push_back(fpasswd); + ptr_file_data->array->push_back(*fpasswd); - U_SRV_LOG("File data users permission: %V reloaded - %u bytes", lpathname.rep, fpasswd.size()); + U_SRV_LOG("File data users permission: %V reloaded - %u bytes", lpathname.rep, fpasswd->size()); - pos = getPosPasswd(fpasswd, line); + pos = getPosPasswd(line); } } } else if (digest_authentication) { + if (uri_overload_authentication) U_RETURN(U_NOT_FOUND); + U_INTERNAL_ASSERT(*htdigest) UFile tmp(*UString::str_htdigest); @@ -7771,16 +7779,18 @@ U_NO_EXPORT uint32_t UHTTP::checkPasswd(UHTTP::UFileCacheData* ptr_file_data, US if ((tmp.st_mtime = htdigest_mtime, tmp.isModified()) == false) tmp.close(); else { - fpasswd = *htdigest = tmp.getContent(true, false, true); + *fpasswd = *htdigest = tmp.getContent(true, false, true); - U_SRV_LOG("File data users permission: ../.htdigest reloaded - %u bytes", fpasswd.size()); + U_SRV_LOG("File data users permission: ../.htdigest reloaded - %u bytes", fpasswd->size()); - pos = getPosPasswd(fpasswd, line); + pos = getPosPasswd(line); } } } else { + if (uri_overload_authentication) U_RETURN(U_NOT_FOUND); + U_INTERNAL_ASSERT(*htpasswd) UFile tmp(*UString::str_htpasswd); @@ -7790,11 +7800,11 @@ U_NO_EXPORT uint32_t UHTTP::checkPasswd(UHTTP::UFileCacheData* ptr_file_data, US if ((tmp.st_mtime = htpasswd_mtime, tmp.isModified()) == false) tmp.close(); else { - fpasswd = *htpasswd = tmp.getContent(true, false, true); + *fpasswd = *htpasswd = tmp.getContent(true, false, true); - U_SRV_LOG("File data users permission: ../.htpasswd reloaded - %u bytes", fpasswd.size()); + U_SRV_LOG("File data users permission: ../.htpasswd reloaded - %u bytes", fpasswd->size()); - pos = getPosPasswd(fpasswd, line); + pos = getPosPasswd(line); } } } @@ -7806,19 +7816,51 @@ U_NO_EXPORT uint32_t UHTTP::checkPasswd(UHTTP::UFileCacheData* ptr_file_data, US // ----------------------------------------------------------------------------------------------- // for Jonathan Kelly // ----------------------------------------------------------------------------------------------- -UHTTP::UFileCacheData* UHTTP::getPasswdDB(const char* name, uint32_t len, UString& fpasswd) +UHTTP::UFileCacheData* UHTTP::getPasswdDB(const char* name, uint32_t len) { - U_TRACE(0, "UHTTP::getPasswdDB(%.*S,%u,%V)", len, name, len, fpasswd.rep) - - U_ASSERT(fpasswd.empty()) + U_TRACE(0, "UHTTP::getPasswdDB(%.*S,%u)", len, name, len) UHTTP::UFileCacheData* ptr_file_data = U_NULLPTR; + fpasswd->clear(); + if (len > 1) { + if (uri_overload_authentication) + { + U_INTERNAL_ASSERT_EQUALS(name[0], '/') + + UHTTP::UServletPage* usp_save = usp; + + if (getUSP(name+1, len-1)) + { + /** + * Must set UHTTP::fpasswd as something like: + * + * s.casazza:{SHA}Lkii1ZE7k.....\n + * ... + * + * or (for digest auth) + * + * s.casazza:Protected Area:b9ee2af50be37...........\n + * ... + * + * NB: if UHTTP::buri_overload_authentication is set we authorize the request... + */ + + usp->runDynamicPageParam(U_DPAGE_AUTH); + + U_INTERNAL_DUMP("fpasswd = %V buri_overload_authentication = %b", fpasswd->rep, buri_overload_authentication) + + usp = usp_save; + + U_RETURN_POINTER(U_NULLPTR, UHTTP::UFileCacheData); + } + } + ptr_file_data = getFileCachePointerVar(U_CONSTANT_TO_PARAM("..%.*s.ht%6s"), len, name, digest_authentication ? "digest" : "passwd"); - if (ptr_file_data) fpasswd = ptr_file_data->array->operator[](0); + if (ptr_file_data) *fpasswd = ptr_file_data->array->operator[](0); } U_INTERNAL_DUMP("digest_authentication = %b ptr_file_data = %p htpasswd = %p", digest_authentication, ptr_file_data, htpasswd) @@ -7827,24 +7869,24 @@ UHTTP::UFileCacheData* UHTTP::getPasswdDB(const char* name, uint32_t len, UStrin { if (digest_authentication) { - if (htdigest) fpasswd = *htdigest; + if (htdigest) *fpasswd = *htdigest; } else { - if (htpasswd) fpasswd = *htpasswd; + if (htpasswd) *fpasswd = *htpasswd; } } U_RETURN_POINTER(ptr_file_data, UHTTP::UFileCacheData); } -bool UHTTP::savePasswdDB(const char* name, uint32_t len, const UString& fpasswd, UFileCacheData* ptr_file_data) // Save Changes to Disk and Cache +bool UHTTP::savePasswdDB(const char* name, uint32_t len, UFileCacheData* ptr_file_data) // Save Changes to Disk and Cache { - U_TRACE(0, "UHTTP::savePasswdDB(%.*S,%u,%V,%p)", len, name, len, fpasswd.rep, ptr_file_data) + U_TRACE(0, "UHTTP::savePasswdDB(%.*S,%u,%p)", len, name, len, ptr_file_data) U_INTERNAL_DUMP("digest_authentication = %b htpasswd = %p", digest_authentication, htpasswd) - U_INTERNAL_ASSERT(fpasswd) + U_INTERNAL_ASSERT(*fpasswd) if (ptr_file_data) { @@ -7852,12 +7894,12 @@ bool UHTTP::savePasswdDB(const char* name, uint32_t len, const UString& fpasswd, lpathname.snprintf(U_CONSTANT_TO_PARAM("..%.*s.ht%6s"), len, name, digest_authentication ? "digest" : "passwd"); - if (UFile::writeTo(lpathname, fpasswd)) + if (UFile::writeTo(lpathname, *fpasswd)) { ptr_file_data->array->erase(0); - ptr_file_data->array->push_back(fpasswd); + ptr_file_data->array->push_back(*fpasswd); - U_SRV_LOG("File data users permission: %V reloaded - %u bytes", lpathname.rep, fpasswd.size()); + U_SRV_LOG("File data users permission: %V reloaded - %u bytes", lpathname.rep, fpasswd->size()); U_RETURN(true); } @@ -7869,11 +7911,11 @@ bool UHTTP::savePasswdDB(const char* name, uint32_t len, const UString& fpasswd, { U_INTERNAL_ASSERT(*htdigest) - if (UFile::writeTo(*UString::str_htdigest, fpasswd)) + if (UFile::writeTo(*UString::str_htdigest, *fpasswd)) { - *htdigest = fpasswd; + *htdigest = *fpasswd; - U_SRV_LOG("File data users permission: ../.htdigest reloaded - %u bytes", fpasswd.size()); + U_SRV_LOG("File data users permission: ../.htdigest reloaded - %u bytes", fpasswd->size()); U_RETURN(true); } @@ -7883,11 +7925,11 @@ bool UHTTP::savePasswdDB(const char* name, uint32_t len, const UString& fpasswd, U_INTERNAL_ASSERT(*htpasswd) - if (UFile::writeTo(*UString::str_htpasswd, fpasswd)) + if (UFile::writeTo(*UString::str_htpasswd, *fpasswd)) { - *htpasswd = fpasswd; + *htpasswd = *fpasswd; - U_SRV_LOG("File data users permission: ../.htpasswd reloaded - %u bytes", fpasswd.size()); + U_SRV_LOG("File data users permission: ../.htpasswd reloaded - %u bytes", fpasswd->size()); U_RETURN(true); } @@ -7895,9 +7937,9 @@ bool UHTTP::savePasswdDB(const char* name, uint32_t len, const UString& fpasswd, U_RETURN(false); } -void UHTTP::setPasswdUser(UString& fpasswd, const UString& username, const UString& password) // Add/Update passwd User +void UHTTP::setPasswdUser(const UString& username, const UString& password) // Add/Update passwd User { - U_TRACE(0, "UHTTP::setPasswdUser(%V,%V,%V)", fpasswd.rep, username.rep, password.rep) + U_TRACE(0, "UHTTP::setPasswdUser(%V,%V)", username.rep, password.rep) if (username && password) @@ -7925,23 +7967,23 @@ void UHTTP::setPasswdUser(UString& fpasswd, const UString& username, const UStri user_token.snprintf(U_CONSTANT_TO_PARAM("%v:{SHA}%v\n"), username.rep, hash.rep); } - uint32_t pos_begin = getPosPasswd(fpasswd, buffer); + uint32_t pos_begin = getPosPasswd(buffer); - if (pos_begin == U_NOT_FOUND) (void) fpasswd.append(user_token); + if (pos_begin == U_NOT_FOUND) (void) fpasswd->append(user_token); else { - uint32_t pos_end = fpasswd.find('\n', pos_begin+1) - pos_begin+1; + uint32_t pos_end = fpasswd->find('\n', pos_begin+1) - pos_begin+1; - (void) fpasswd.replace(pos_begin, pos_end, user_token); + (void) fpasswd->replace(pos_begin, pos_end, user_token); } } } -bool UHTTP::revokePasswdUser(UString& fpasswd, const UString& username) // Remove passwd User +bool UHTTP::revokePasswdUser(const UString& username) // Remove passwd User { - U_TRACE(0, "UHTTP::revokePasswdUser(%V,%V)", fpasswd.rep, username.rep) + U_TRACE(0, "UHTTP::revokePasswdUser(%V)", username.rep) - if (fpasswd && + if (*fpasswd && username) { UString buffer(U_CAPACITY); @@ -7949,13 +7991,13 @@ bool UHTTP::revokePasswdUser(UString& fpasswd, const UString& username) // Remov if (digest_authentication) buffer.snprintf(U_CONSTANT_TO_PARAM("%v:" U_HTTP_REALM ":"), username.rep); // s.casazza:Protected Area:b9ee2af50be37...........\n else buffer.snprintf(U_CONSTANT_TO_PARAM("%v:{SHA}"), username.rep); // s.casazza:{SHA}Lkii1ZE7k.....\n - uint32_t pos_begin = getPosPasswd(fpasswd, buffer); + uint32_t pos_begin = getPosPasswd(buffer); if (pos_begin != U_NOT_FOUND) { - uint32_t pos_end = fpasswd.find('\n', pos_begin+1) - pos_begin; + uint32_t pos_end = fpasswd->find('\n', pos_begin+1) - pos_begin; - (void) fpasswd.erase(pos_begin, pos_end); + (void) fpasswd->erase(pos_begin, pos_end); U_RETURN(true); } @@ -7976,7 +8018,7 @@ U_NO_EXPORT bool UHTTP::processAuthorization(const char* request, uint32_t sz, c const char* ptr; uint32_t pos = 0; UHTTP::UFileCacheData* ptr_file_data; - UString buffer(U_CAPACITY), fpasswd, content, tmp; + UString buffer(U_CAPACITY), content, tmp; bool result = false, bpass = false, bstale = false; if (pattern) @@ -8011,7 +8053,7 @@ U_NO_EXPORT bool UHTTP::processAuthorization(const char* request, uint32_t sz, c if (sz > U_CONSTANT_SIZE("/sse_event/")) // Ex: "/sse_event/tutor" { - ptr_file_data = getPasswdDB(request+U_CONSTANT_SIZE("/sse_event"), sz-U_CONSTANT_SIZE("/sse_event"), fpasswd); + ptr_file_data = getPasswdDB(request+U_CONSTANT_SIZE("/sse_event"), sz-U_CONSTANT_SIZE("/sse_event")); goto next; } @@ -8021,12 +8063,16 @@ U_NO_EXPORT bool UHTTP::processAuthorization(const char* request, uint32_t sz, c # endif } - ptr_file_data = getPasswdDB(request, sz-pos, fpasswd); + ptr_file_data = getPasswdDB(request, sz-pos); #ifdef U_SSE_ENABLE next: #endif - if (fpasswd.empty()) goto end; + if (fpasswd->empty() && + buri_overload_authentication == false) + { + goto end; + } bpass = true; @@ -8185,21 +8231,32 @@ next: } } + if (buri_overload_authentication) + { + U_INTERNAL_ASSERT_EQUALS(ptr_file_data, U_NULLPTR) + + buri_overload_authentication = false; + + result = true; + + goto end; + } + // ha1 => MD5(user : realm : password) buffer.snprintf(U_CONSTANT_TO_PARAM("%v:" U_HTTP_REALM ":"), user_authentication->rep); // s.casazza:Protected Area:b9ee2af50be37...........\n - pos = checkPasswd(ptr_file_data, fpasswd, buffer); + pos = checkPasswd(ptr_file_data, buffer); if (pos == U_NOT_FOUND) goto end; pos += buffer.size(); - ha1 = fpasswd.substr(pos, 32); + ha1 = fpasswd->substr(pos, 32); - U_INTERNAL_ASSERT_EQUALS(fpasswd.c_char(pos+32), '\n') + U_INTERNAL_ASSERT_EQUALS(fpasswd->c_char(pos+32), '\n') if (UServices::setDigestCalcResponse(ha1, nc, nonce, cnonce, uri, *user_authentication, ha3)) result = (ha3 == response); @@ -8219,15 +8276,26 @@ next: if (t.next(*user_authentication, (bool*)U_NULLPTR) && t.next(password, (bool*)U_NULLPTR)) { - UString line(1000U), output(1000U); + if (buri_overload_authentication) + { + U_INTERNAL_ASSERT_EQUALS(ptr_file_data, U_NULLPTR) - UServices::generateDigest(U_HASH_SHA1, 0, password, output, true); + buri_overload_authentication = false; - line.snprintf(U_CONSTANT_TO_PARAM("%v:{SHA}%v\n"), user_authentication->rep, output.rep); + result = true; + } + else + { + UString line(1000U), output(1000U); - // s.casazza:{SHA}Lkii1ZE7k.....\n + UServices::generateDigest(U_HASH_SHA1, 0, password, output, true); - if (checkPasswd(ptr_file_data, fpasswd, line) != U_NOT_FOUND) result = true; + line.snprintf(U_CONSTANT_TO_PARAM("%v:{SHA}%v\n"), user_authentication->rep, output.rep); + + // s.casazza:{SHA}Lkii1ZE7k.....\n + + if (checkPasswd(ptr_file_data, line) != U_NOT_FOUND) result = true; + } } } } diff --git a/tests/examples/TSA/tsaserial b/tests/examples/TSA/tsaserial index 086e096a..90382336 100644 --- a/tests/examples/TSA/tsaserial +++ b/tests/examples/TSA/tsaserial @@ -1 +1 @@ -058E +059D diff --git a/tests/examples/nocat/firewall/nodog.fw b/tests/examples/nocat/firewall/nodog.fw index faf8836a..4fd36398 100644 --- a/tests/examples/nocat/firewall/nodog.fw +++ b/tests/examples/nocat/firewall/nodog.fw @@ -156,7 +156,7 @@ initialize_fw() { $IPTABLES -t filter -N NoCat 2>/dev/null $IPTABLES -t filter -F NoCat - $IPTABLES -t filter -A NoCat -p tcp -m state --state INVALID -j DROP + $IPTABLES -t filter -A NoCat -p tcp -m conntrack --ctstate INVALID -j DROP || $IPTABLES -t filter -A NoCat -p tcp -m state --state INVALID -j DROP for ifacein in $InternalDevice; do for ifaceout in $ExternalDevice; do $IPTABLES -t filter -D FORWARD -i $ifacein -o $ifaceout -j NoCat 2>/dev/null diff --git a/tests/examples/web_server.sh b/tests/examples/web_server.sh index 12c309a4..be2f05ec 100755 --- a/tests/examples/web_server.sh +++ b/tests/examples/web_server.sh @@ -105,8 +105,9 @@ http { #REQUEST_READ_TIMEOUT 30 #APACHE_LIKE_LOG /var/log/httpd/access_log #LOG_FILE_SZ 10M -#DIGEST_AUTHENTICATION yes -#URI_PROTECTED_MASK /tutor/*|/learner/*|/HOD/* + DIGEST_AUTHENTICATION yes + URI_PROTECTED_MASK /tutor/*|/learner/*|/HOD/* + URI_OVERLOAD_AUTHENTICATION yes #CACHE_FILE_STORE nocat/webif.gz #CACHE_FILE_MASK inp/http/data/file1|*.flv|*.svgz #URI_REQUEST_STRICT_TRANSPORT_SECURITY_MASK * diff --git a/tests/ulib/plugin/.deps/product1.Plo b/tests/ulib/plugin/.deps/product1.Plo index 411d0b3f..2098dadf 100644 --- a/tests/ulib/plugin/.deps/product1.Plo +++ b/tests/ulib/plugin/.deps/product1.Plo @@ -11,10 +11,12 @@ plugin/product1.lo: plugin/product1.cpp /usr/include/stdc-predef.h \ /usr/include/bits/types.h /usr/include/bits/typesizes.h \ /usr/include/bits/mman.h /usr/include/bits/mman-linux.h \ /usr/include/bits/mman-shared.h /usr/include/stdio.h \ - /usr/include/bits/libc-header-start.h /usr/include/bits/types/__FILE.h \ - /usr/include/bits/types/FILE.h /usr/include/bits/libio.h \ - /usr/include/bits/_G_config.h /usr/include/bits/types/__mbstate_t.h \ + /usr/include/bits/libc-header-start.h \ /usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include/stdarg.h \ + /usr/include/bits/types/__fpos_t.h /usr/include/bits/types/__mbstate_t.h \ + /usr/include/bits/types/__fpos64_t.h /usr/include/bits/types/__FILE.h \ + /usr/include/bits/types/FILE.h /usr/include/bits/types/struct_FILE.h \ + /usr/include/bits/types/cookie_io_functions_t.h \ /usr/include/bits/stdio_lim.h /usr/include/bits/sys_errlist.h \ /usr/include/bits/stdio.h /usr/include/bits/stdio2.h \ /usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include/stdint.h \ @@ -28,17 +30,18 @@ plugin/product1.lo: plugin/product1.cpp /usr/include/stdc-predef.h \ /usr/include/bits/types/clockid_t.h /usr/include/bits/types/time_t.h \ /usr/include/bits/types/timer_t.h /usr/include/endian.h \ /usr/include/bits/endian.h /usr/include/bits/byteswap.h \ - /usr/include/bits/byteswap-16.h /usr/include/bits/uintn-identity.h \ - /usr/include/sys/select.h /usr/include/bits/select.h \ - /usr/include/bits/types/sigset_t.h /usr/include/bits/types/__sigset_t.h \ + /usr/include/bits/uintn-identity.h /usr/include/sys/select.h \ + /usr/include/bits/select.h /usr/include/bits/types/sigset_t.h \ + /usr/include/bits/types/__sigset_t.h \ /usr/include/bits/types/struct_timeval.h \ /usr/include/bits/types/struct_timespec.h /usr/include/bits/select2.h \ /usr/include/bits/pthreadtypes.h /usr/include/bits/thread-shared-types.h \ /usr/include/bits/pthreadtypes-arch.h \ /usr/include/bits/types/struct_iovec.h /usr/include/bits/uio_lim.h \ /usr/include/bits/uio-ext.h /usr/include/sys/stat.h \ - /usr/include/bits/stat.h /usr/include/pthread.h /usr/include/sched.h \ - /usr/include/bits/sched.h /usr/include/bits/cpu-set.h \ + /usr/include/bits/stat.h /usr/include/bits/statx.h \ + /usr/include/pthread.h /usr/include/sched.h /usr/include/bits/sched.h \ + /usr/include/bits/types/struct_sched_param.h /usr/include/bits/cpu-set.h \ /usr/include/time.h /usr/include/bits/time.h /usr/include/bits/timex.h \ /usr/include/bits/types/struct_tm.h \ /usr/include/bits/types/struct_itimerspec.h \ @@ -77,7 +80,7 @@ plugin/product1.lo: plugin/product1.cpp /usr/include/stdc-predef.h \ /usr/include/errno.h /usr/include/bits/errno.h \ /usr/include/linux/errno.h /usr/include/asm/errno.h \ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \ - /usr/include/sys/time.h \ + /usr/include/bits/types/error_t.h /usr/include/sys/time.h \ /usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include-fixed/limits.h \ /usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include-fixed/syslimits.h \ /usr/include/limits.h /usr/include/bits/posix1_lim.h \ @@ -266,17 +269,21 @@ plugin/product.h: /usr/include/bits/libc-header-start.h: +/usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include/stdarg.h: + +/usr/include/bits/types/__fpos_t.h: + +/usr/include/bits/types/__mbstate_t.h: + +/usr/include/bits/types/__fpos64_t.h: + /usr/include/bits/types/__FILE.h: /usr/include/bits/types/FILE.h: -/usr/include/bits/libio.h: +/usr/include/bits/types/struct_FILE.h: -/usr/include/bits/_G_config.h: - -/usr/include/bits/types/__mbstate_t.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include/stdarg.h: +/usr/include/bits/types/cookie_io_functions_t.h: /usr/include/bits/stdio_lim.h: @@ -328,8 +335,6 @@ plugin/product.h: /usr/include/bits/byteswap.h: -/usr/include/bits/byteswap-16.h: - /usr/include/bits/uintn-identity.h: /usr/include/sys/select.h: @@ -362,12 +367,16 @@ plugin/product.h: /usr/include/bits/stat.h: +/usr/include/bits/statx.h: + /usr/include/pthread.h: /usr/include/sched.h: /usr/include/bits/sched.h: +/usr/include/bits/types/struct_sched_param.h: + /usr/include/bits/cpu-set.h: /usr/include/time.h: @@ -496,6 +505,8 @@ plugin/product.h: /usr/include/asm-generic/errno-base.h: +/usr/include/bits/types/error_t.h: + /usr/include/sys/time.h: /usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include-fixed/limits.h: diff --git a/tests/ulib/plugin/.deps/product2.Plo b/tests/ulib/plugin/.deps/product2.Plo index 2102776d..df31df43 100644 --- a/tests/ulib/plugin/.deps/product2.Plo +++ b/tests/ulib/plugin/.deps/product2.Plo @@ -11,10 +11,12 @@ plugin/product2.lo: plugin/product2.cpp /usr/include/stdc-predef.h \ /usr/include/bits/types.h /usr/include/bits/typesizes.h \ /usr/include/bits/mman.h /usr/include/bits/mman-linux.h \ /usr/include/bits/mman-shared.h /usr/include/stdio.h \ - /usr/include/bits/libc-header-start.h /usr/include/bits/types/__FILE.h \ - /usr/include/bits/types/FILE.h /usr/include/bits/libio.h \ - /usr/include/bits/_G_config.h /usr/include/bits/types/__mbstate_t.h \ + /usr/include/bits/libc-header-start.h \ /usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include/stdarg.h \ + /usr/include/bits/types/__fpos_t.h /usr/include/bits/types/__mbstate_t.h \ + /usr/include/bits/types/__fpos64_t.h /usr/include/bits/types/__FILE.h \ + /usr/include/bits/types/FILE.h /usr/include/bits/types/struct_FILE.h \ + /usr/include/bits/types/cookie_io_functions_t.h \ /usr/include/bits/stdio_lim.h /usr/include/bits/sys_errlist.h \ /usr/include/bits/stdio.h /usr/include/bits/stdio2.h \ /usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include/stdint.h \ @@ -28,17 +30,18 @@ plugin/product2.lo: plugin/product2.cpp /usr/include/stdc-predef.h \ /usr/include/bits/types/clockid_t.h /usr/include/bits/types/time_t.h \ /usr/include/bits/types/timer_t.h /usr/include/endian.h \ /usr/include/bits/endian.h /usr/include/bits/byteswap.h \ - /usr/include/bits/byteswap-16.h /usr/include/bits/uintn-identity.h \ - /usr/include/sys/select.h /usr/include/bits/select.h \ - /usr/include/bits/types/sigset_t.h /usr/include/bits/types/__sigset_t.h \ + /usr/include/bits/uintn-identity.h /usr/include/sys/select.h \ + /usr/include/bits/select.h /usr/include/bits/types/sigset_t.h \ + /usr/include/bits/types/__sigset_t.h \ /usr/include/bits/types/struct_timeval.h \ /usr/include/bits/types/struct_timespec.h /usr/include/bits/select2.h \ /usr/include/bits/pthreadtypes.h /usr/include/bits/thread-shared-types.h \ /usr/include/bits/pthreadtypes-arch.h \ /usr/include/bits/types/struct_iovec.h /usr/include/bits/uio_lim.h \ /usr/include/bits/uio-ext.h /usr/include/sys/stat.h \ - /usr/include/bits/stat.h /usr/include/pthread.h /usr/include/sched.h \ - /usr/include/bits/sched.h /usr/include/bits/cpu-set.h \ + /usr/include/bits/stat.h /usr/include/bits/statx.h \ + /usr/include/pthread.h /usr/include/sched.h /usr/include/bits/sched.h \ + /usr/include/bits/types/struct_sched_param.h /usr/include/bits/cpu-set.h \ /usr/include/time.h /usr/include/bits/time.h /usr/include/bits/timex.h \ /usr/include/bits/types/struct_tm.h \ /usr/include/bits/types/struct_itimerspec.h \ @@ -77,7 +80,7 @@ plugin/product2.lo: plugin/product2.cpp /usr/include/stdc-predef.h \ /usr/include/errno.h /usr/include/bits/errno.h \ /usr/include/linux/errno.h /usr/include/asm/errno.h \ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \ - /usr/include/sys/time.h \ + /usr/include/bits/types/error_t.h /usr/include/sys/time.h \ /usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include-fixed/limits.h \ /usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include-fixed/syslimits.h \ /usr/include/limits.h /usr/include/bits/posix1_lim.h \ @@ -266,17 +269,21 @@ plugin/product.h: /usr/include/bits/libc-header-start.h: +/usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include/stdarg.h: + +/usr/include/bits/types/__fpos_t.h: + +/usr/include/bits/types/__mbstate_t.h: + +/usr/include/bits/types/__fpos64_t.h: + /usr/include/bits/types/__FILE.h: /usr/include/bits/types/FILE.h: -/usr/include/bits/libio.h: +/usr/include/bits/types/struct_FILE.h: -/usr/include/bits/_G_config.h: - -/usr/include/bits/types/__mbstate_t.h: - -/usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include/stdarg.h: +/usr/include/bits/types/cookie_io_functions_t.h: /usr/include/bits/stdio_lim.h: @@ -328,8 +335,6 @@ plugin/product.h: /usr/include/bits/byteswap.h: -/usr/include/bits/byteswap-16.h: - /usr/include/bits/uintn-identity.h: /usr/include/sys/select.h: @@ -362,12 +367,16 @@ plugin/product.h: /usr/include/bits/stat.h: +/usr/include/bits/statx.h: + /usr/include/pthread.h: /usr/include/sched.h: /usr/include/bits/sched.h: +/usr/include/bits/types/struct_sched_param.h: + /usr/include/bits/cpu-set.h: /usr/include/time.h: @@ -496,6 +505,8 @@ plugin/product.h: /usr/include/asm-generic/errno-base.h: +/usr/include/bits/types/error_t.h: + /usr/include/sys/time.h: /usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/include-fixed/limits.h: