[packages/squid.git] / squid-3.0.PRE3-digest_auth_pwchange.patch

Index: squid3/lib/rfc2617.c
diff -c squid3/lib/rfc2617.c:1.8 squid3/lib/rfc2617.c:1.9
*** squid3/lib/rfc2617.c:1.8	Fri Jul 11 18:34:01 2003
--- squid3/lib/rfc2617.c	Fri Nov  7 10:23:03 2003
***************
*** 79,89 ****
      unsigned char j;
  
      for (i = 0; i < HASHHEXLEN; i++) {
  	j = Hex[i];
  	if (('0' <= j) && (j <= '9'))
! 	    Bin[i / 2] |= ((j - '0') << ((i % 2 == 0) ? 4 : 0));
  	else
! 	    Bin[i / 2] |= ((j - 'a' + 10) << ((i % 2 == 0) ? 4 : 0));
      }
      Bin[HASHLEN] = '\0';
  }
--- 79,94 ----
      unsigned char j;
  
      for (i = 0; i < HASHHEXLEN; i++) {
+ 	unsigned char n;
  	j = Hex[i];
  	if (('0' <= j) && (j <= '9'))
! 	    n = j - '0';
  	else
! 	    n = j - 'a' + 10;
! 	if (i % 2 == 0)
! 	    Bin[i / 2] = n << 4;
! 	else
! 	    Bin[i / 2] |= n;
      }
      Bin[HASHLEN] = '\0';
  }
Index: squid3/src/auth/digest/auth_digest.cc
diff -c squid3/src/auth/digest/auth_digest.cc:1.31 squid3/src/auth/digest/auth_digest.cc:1.32
*** squid3/src/auth/digest/auth_digest.cc:1.31	Sun Aug 10 05:00:48 2003
--- squid3/src/auth/digest/auth_digest.cc	Fri Nov  7 10:23:04 2003
***************
*** 693,699 ****
      debug(29, 9) ("\nResponse = '%s'\n"
                    "squid is = '%s'\n", digest_request->response, Response);
  
!     if (strcasecmp(digest_request->response, Response)) {
          if (digestConfig->PostWorkaround && request->method != METHOD_GET) {
              /* Ugly workaround for certain very broken browsers using the
               * wrong method to calculate the request-digest on POST request.
--- 693,706 ----
      debug(29, 9) ("\nResponse = '%s'\n"
                    "squid is = '%s'\n", digest_request->response, Response);
  
!     if (strcasecmp(digest_request->response, Response) != 0) {
!         if (!digest_request->flags.helper_queried) {
!             /* Query the helper in case the password has changed */
!             digest_request->flags.helper_queried = 1;
!             digest_request->credentials_ok = Pending;
!             return;
!         }
! 
          if (digestConfig->PostWorkaround && request->method != METHOD_GET) {
              /* Ugly workaround for certain very broken browsers using the
               * wrong method to calculate the request-digest on POST request.
***************
*** 1449,1454 ****
--- 1456,1462 ----
           * username cache */
          /* store user in hash's */
          authenticateUserNameCacheAdd(auth_user);
+ 
          /*
           * Add the digest to the user so we can tell if a hacking
           * or spoofing attack is taking place. We do this by assuming
Index: squid3/src/auth/digest/auth_digest.h
diff -c squid3/src/auth/digest/auth_digest.h:1.14 squid3/src/auth/digest/auth_digest.h:1.15
*** squid3/src/auth/digest/auth_digest.h:1.14	Sun Aug 10 05:00:48 2003
--- squid3/src/auth/digest/auth_digest.h	Fri Nov  7 10:23:04 2003
***************
*** 87,92 ****
--- 87,95 ----
  
  unsigned int nonce_stale:
          1;
+ 
+ unsigned int helper_queried:
+         1;
      }
  
      flags;
Commit	Line	Data
51c3c7ca	1	Index: squid3/lib/rfc2617.c
	2	diff -c squid3/lib/rfc2617.c:1.8 squid3/lib/rfc2617.c:1.9
	3	*** squid3/lib/rfc2617.c:1.8 Fri Jul 11 18:34:01 2003
	4	--- squid3/lib/rfc2617.c Fri Nov 7 10:23:03 2003
	5	***************
	6	* 79,89 **
	7	unsigned char j;
	8
	9	for (i = 0; i < HASHHEXLEN; i++) {
	10	j = Hex[i];
	11	if (('0' <= j) && (j <= '9'))
	12	! Bin[i / 2] \|= ((j - '0') << ((i % 2 == 0) ? 4 : 0));
	13	else
	14	! Bin[i / 2] \|= ((j - 'a' + 10) << ((i % 2 == 0) ? 4 : 0));
	15	}
	16	Bin[HASHLEN] = '\0';
	17	}
	18	--- 79,94 ----
	19	unsigned char j;
	20
	21	for (i = 0; i < HASHHEXLEN; i++) {
	22	+ unsigned char n;
	23	j = Hex[i];
	24	if (('0' <= j) && (j <= '9'))
	25	! n = j - '0';
	26	else
	27	! n = j - 'a' + 10;
	28	! if (i % 2 == 0)
	29	! Bin[i / 2] = n << 4;
	30	! else
	31	! Bin[i / 2] \|= n;
	32	}
	33	Bin[HASHLEN] = '\0';
	34	}
	35	Index: squid3/src/auth/digest/auth_digest.cc
	36	diff -c squid3/src/auth/digest/auth_digest.cc:1.31 squid3/src/auth/digest/auth_digest.cc:1.32
	37	*** squid3/src/auth/digest/auth_digest.cc:1.31 Sun Aug 10 05:00:48 2003
	38	--- squid3/src/auth/digest/auth_digest.cc Fri Nov 7 10:23:04 2003
	39	***************
	40	* 693,699 **
	41	debug(29, 9) ("\nResponse = '%s'\n"
	42	"squid is = '%s'\n", digest_request->response, Response);
	43
	44	! if (strcasecmp(digest_request->response, Response)) {
	45	if (digestConfig->PostWorkaround && request->method != METHOD_GET) {
	46	/* Ugly workaround for certain very broken browsers using the
	47	* wrong method to calculate the request-digest on POST request.
	48	--- 693,706 ----
	49	debug(29, 9) ("\nResponse = '%s'\n"
	50	"squid is = '%s'\n", digest_request->response, Response);
	51
	52	! if (strcasecmp(digest_request->response, Response) != 0) {
	53	! if (!digest_request->flags.helper_queried) {
	54	! /* Query the helper in case the password has changed */
	55	! digest_request->flags.helper_queried = 1;
	56	! digest_request->credentials_ok = Pending;
	57	! return;
	58	! }
	59	!
	60	if (digestConfig->PostWorkaround && request->method != METHOD_GET) {
	61	/* Ugly workaround for certain very broken browsers using the
	62	* wrong method to calculate the request-digest on POST request.
	63	***************
	64	* 1449,1454 **
65	--- 1456,1462 ----
66	* username cache */
67	/* store user in hash's */
68	authenticateUserNameCacheAdd(auth_user);
69	+
70	/*
71	* Add the digest to the user so we can tell if a hacking
72	* or spoofing attack is taking place. We do this by assuming
73	Index: squid3/src/auth/digest/auth_digest.h
74	diff -c squid3/src/auth/digest/auth_digest.h:1.14 squid3/src/auth/digest/auth_digest.h:1.15
75	*** squid3/src/auth/digest/auth_digest.h:1.14 Sun Aug 10 05:00:48 2003
76	--- squid3/src/auth/digest/auth_digest.h Fri Nov 7 10:23:04 2003
77	***************
78	* 87,92 **
79	--- 87,95 ----
80
81	unsigned int nonce_stale:
82	1;
83	+
84	+ unsigned int helper_queried:
85	+ 1;
86	}
87
88	flags;