---------------------
PatchSet 3487 
Date: 2001/12/23 16:11:58
Author: rbcollins
Branch: auth_rewrite
Tag: (none) 
Log:
more digest work - qop and algorithm are not quoted in the request digest

Members: 
	src/cache_cf.c:1.1.1.3.4.1.2.9.2.29->1.1.1.3.4.1.2.9.2.30 
	src/protos.h:1.1.1.3.12.17.2.40->1.1.1.3.12.17.2.41 
	src/auth/digest/auth_digest.c:1.1.20.9->1.1.20.10 

Index: squid/src/cache_cf.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/cache_cf.c,v
retrieving revision 1.1.1.3.4.1.2.9.2.29
retrieving revision 1.1.1.3.4.1.2.9.2.30
diff -u -r1.1.1.3.4.1.2.9.2.29 -r1.1.1.3.4.1.2.9.2.30
--- squid/src/cache_cf.c	28 Nov 2001 06:47:17 -0000	1.1.1.3.4.1.2.9.2.29
+++ squid/src/cache_cf.c	23 Dec 2001 16:11:58 -0000	1.1.1.3.4.1.2.9.2.30
@@ -1,6 +1,6 @@
 
 /*
- * $Id: cache_cf.c,v 1.1.1.3.4.1.2.9.2.29 2001/11/28 06:47:17 rbcollins Exp $
+ * $Id: cache_cf.c,v 1.1.1.3.4.1.2.9.2.30 2001/12/23 16:11:58 rbcollins Exp $
  *
  * DEBUG: section 3     Configuration File Parsing
  * AUTHOR: Harvest Derived
@@ -1737,7 +1737,7 @@
     storeAppendPrintf(entry, "%s %s\n", name, var ? "on" : "off");
 }
 
-static void
+void
 parse_onoff(int *var)
 {
     char *token = strtok(NULL, w_space);
Index: squid/src/protos.h
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/protos.h,v
retrieving revision 1.1.1.3.12.17.2.40
retrieving revision 1.1.1.3.12.17.2.41
diff -u -r1.1.1.3.12.17.2.40 -r1.1.1.3.12.17.2.41
--- squid/src/protos.h	28 Nov 2001 06:47:18 -0000	1.1.1.3.12.17.2.40
+++ squid/src/protos.h	23 Dec 2001 16:11:58 -0000	1.1.1.3.12.17.2.41
@@ -1,6 +1,6 @@
 
 /*
- * $Id: protos.h,v 1.1.1.3.12.17.2.40 2001/11/28 06:47:18 rbcollins Exp $
+ * $Id: protos.h,v 1.1.1.3.12.17.2.41 2001/12/23 16:11:58 rbcollins Exp $
  *
  *
  * SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -94,6 +94,7 @@
 
 /* extra functions from cache_cf.c useful for lib modules */
 extern void parse_int(int *var);
+extern void parse_onoff(int *var);
 extern void parse_eol(char *volatile *var);
 extern void parse_wordlist(wordlist ** list);
 extern void requirePathnameExists(const char *name, const char *path);
Index: squid/src/auth/digest/auth_digest.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/auth/digest/auth_digest.c,v
retrieving revision 1.1.20.9
retrieving revision 1.1.20.10
diff -u -r1.1.20.9 -r1.1.20.10
--- squid/src/auth/digest/auth_digest.c	23 Dec 2001 10:28:45 -0000	1.1.20.9
+++ squid/src/auth/digest/auth_digest.c	23 Dec 2001 16:11:59 -0000	1.1.20.10
@@ -343,11 +343,8 @@
     if (!nonce)
 	return 0;
     intnc = strtol(nc, NULL, 16);
-    /* increment the nonce count */
-    
-    nonce->nc++;
     if ((digestConfig->NonceStrictness && intnc != nonce->nc + 1) ||
-	intnc <= nonce->nc + 1) {
+	intnc < nonce->nc + 1) {
 	debug(29, 4) ("authDigestNonceIsValid: Nonce count doesn't match\n");
 	nonce->flags.valid = 0;
 	return 0;
@@ -1116,17 +1113,19 @@
 	    /* white space */
 	    while (xisspace(*p))
 		p++;
-	    /* quote mark */
-	    p++;
-	    digest_request->qop = xstrndup(p, strchr(p, '"') + 1 - p);
+	    if (*p == '\"')
+	        /* quote mark */
+	        p++;
+	    digest_request->qop = xstrndup(p, strcspn(p, "\" \t\r\n()<>@,;:\\/[]?={}") + 1);
 	    debug(29, 9) ("authDigestDecodeAuth: Found qop '%s'\n", digest_request->qop);
 	} else if (!strncmp(item, "algorithm", ilen)) {
 	    /* white space */
 	    while (xisspace(*p))
 		p++;
-	    /* quote mark */
-	    p++;
-	    digest_request->algorithm = xstrndup(p, strchr(p, '"') + 1 - p);
+	    if (*p == '\"')
+	        /* quote mark */
+	        p++;
+	    digest_request->algorithm = xstrndup(p, strcspn(p, "\" \t\r\n()<>@,;:\\/[]?={}")+1);
 	    debug(29, 9) ("authDigestDecodeAuth: Found algorithm '%s'\n", digest_request->algorithm);
 	} else if (!strncmp(item, "uri", ilen)) {
 	    /* white space */
@@ -1207,8 +1206,9 @@
     digest_request->nonce = nonce;
     authDigestNonceLink(nonce);
 
-    /* check the qop is what we expected */
-    if (digest_request->qop && strcmp(digest_request->qop, QOP_AUTH)) {
+    /* check the qop is what we expected. Note that for compatability with 
+     * RFC 2069 we should support a missing qop. Tough. */
+    if (!digest_request->qop || strcmp(digest_request->qop, QOP_AUTH)) {
 	/* we recieved a qop option we didn't send */
 	debug(29, 4) ("authenticateDigestDecode: Invalid qop option recieved\n");
 	authDigestLogUsername(auth_user_request, username);
@@ -1264,8 +1264,9 @@
 	return;
     }
     /* check the algorithm is present and supported */
-    if (digest_request->algorithm
-	&& strcmp(digest_request->algorithm, "MD5")
+    if (!digest_request->algorithm)
+        digest_request->algorithm = xstrndup ("MD5", 4);
+    else if (strcmp(digest_request->algorithm, "MD5")
 	&& strcmp(digest_request->algorithm, "MD5-sess")) {
 	debug(29, 4) ("authenticateDigestDecode: invalid algorithm specified!\n");
 	authDigestLogUsername(auth_user_request, username);