]>
Commit | Line | Data |
---|---|---|
51c3c7ca | 1 | Index: squid3/lib/rfc2617.c |
2 | diff -c squid3/lib/rfc2617.c:1.8 squid3/lib/rfc2617.c:1.9 | |
3 | *** squid3/lib/rfc2617.c:1.8 Fri Jul 11 18:34:01 2003 | |
4 | --- squid3/lib/rfc2617.c Fri Nov 7 10:23:03 2003 | |
5 | *************** | |
6 | *** 79,89 **** | |
7 | unsigned char j; | |
8 | ||
9 | for (i = 0; i < HASHHEXLEN; i++) { | |
10 | j = Hex[i]; | |
11 | if (('0' <= j) && (j <= '9')) | |
12 | ! Bin[i / 2] |= ((j - '0') << ((i % 2 == 0) ? 4 : 0)); | |
13 | else | |
14 | ! Bin[i / 2] |= ((j - 'a' + 10) << ((i % 2 == 0) ? 4 : 0)); | |
15 | } | |
16 | Bin[HASHLEN] = '\0'; | |
17 | } | |
18 | --- 79,94 ---- | |
19 | unsigned char j; | |
20 | ||
21 | for (i = 0; i < HASHHEXLEN; i++) { | |
22 | + unsigned char n; | |
23 | j = Hex[i]; | |
24 | if (('0' <= j) && (j <= '9')) | |
25 | ! n = j - '0'; | |
26 | else | |
27 | ! n = j - 'a' + 10; | |
28 | ! if (i % 2 == 0) | |
29 | ! Bin[i / 2] = n << 4; | |
30 | ! else | |
31 | ! Bin[i / 2] |= n; | |
32 | } | |
33 | Bin[HASHLEN] = '\0'; | |
34 | } | |
35 | Index: squid3/src/auth/digest/auth_digest.cc | |
36 | diff -c squid3/src/auth/digest/auth_digest.cc:1.31 squid3/src/auth/digest/auth_digest.cc:1.32 | |
37 | *** squid3/src/auth/digest/auth_digest.cc:1.31 Sun Aug 10 05:00:48 2003 | |
38 | --- squid3/src/auth/digest/auth_digest.cc Fri Nov 7 10:23:04 2003 | |
39 | *************** | |
40 | *** 693,699 **** | |
41 | debug(29, 9) ("\nResponse = '%s'\n" | |
42 | "squid is = '%s'\n", digest_request->response, Response); | |
43 | ||
44 | ! if (strcasecmp(digest_request->response, Response)) { | |
45 | if (digestConfig->PostWorkaround && request->method != METHOD_GET) { | |
46 | /* Ugly workaround for certain very broken browsers using the | |
47 | * wrong method to calculate the request-digest on POST request. | |
48 | --- 693,706 ---- | |
49 | debug(29, 9) ("\nResponse = '%s'\n" | |
50 | "squid is = '%s'\n", digest_request->response, Response); | |
51 | ||
52 | ! if (strcasecmp(digest_request->response, Response) != 0) { | |
53 | ! if (!digest_request->flags.helper_queried) { | |
54 | ! /* Query the helper in case the password has changed */ | |
55 | ! digest_request->flags.helper_queried = 1; | |
56 | ! digest_request->credentials_ok = Pending; | |
57 | ! return; | |
58 | ! } | |
59 | ! | |
60 | if (digestConfig->PostWorkaround && request->method != METHOD_GET) { | |
61 | /* Ugly workaround for certain very broken browsers using the | |
62 | * wrong method to calculate the request-digest on POST request. | |
63 | *************** | |
64 | *** 1449,1454 **** | |
65 | --- 1456,1462 ---- | |
66 | * username cache */ | |
67 | /* store user in hash's */ | |
68 | authenticateUserNameCacheAdd(auth_user); | |
69 | + | |
70 | /* | |
71 | * Add the digest to the user so we can tell if a hacking | |
72 | * or spoofing attack is taking place. We do this by assuming | |
73 | Index: squid3/src/auth/digest/auth_digest.h | |
74 | diff -c squid3/src/auth/digest/auth_digest.h:1.14 squid3/src/auth/digest/auth_digest.h:1.15 | |
75 | *** squid3/src/auth/digest/auth_digest.h:1.14 Sun Aug 10 05:00:48 2003 | |
76 | --- squid3/src/auth/digest/auth_digest.h Fri Nov 7 10:23:04 2003 | |
77 | *************** | |
78 | *** 87,92 **** | |
79 | --- 87,95 ---- | |
80 | ||
81 | unsigned int nonce_stale: | |
82 | 1; | |
83 | + | |
84 | + unsigned int helper_queried: | |
85 | + 1; | |
86 | } | |
87 | ||
88 | flags; |