diff options
Diffstat (limited to 'cups/auth.c')
-rw-r--r-- | cups/auth.c | 57 |
1 files changed, 11 insertions, 46 deletions
diff --git a/cups/auth.c b/cups/auth.c index aeebcdea4..a2651527b 100644 --- a/cups/auth.c +++ b/cups/auth.c @@ -1,7 +1,7 @@ /* * Authentication functions for CUPS. * - * Copyright 2007-2017 by Apple Inc. + * Copyright 2007-2018 by Apple Inc. * Copyright 1997-2007 by Easy Software Products. * * This file contains Kerberos support code, copyright 2006 by @@ -113,9 +113,7 @@ cupsDoAuthentication( *www_auth, /* WWW-Authenticate header */ *schemedata; /* Scheme-specific data */ char scheme[256], /* Scheme name */ - prompt[1024], /* Prompt for user */ - realm[HTTP_MAX_VALUE], /* realm="xyz" string */ - nonce[HTTP_MAX_VALUE]; /* nonce="xyz" string */ + prompt[1024]; /* Prompt for user */ int localauth; /* Local authentication result */ _cups_globals_t *cg; /* Global data */ @@ -253,6 +251,7 @@ cupsDoAuthentication( httpEncode64_2(encode, sizeof(encode), http->userpass, (int)strlen(http->userpass)); httpSetAuthString(http, "Basic", encode); + break; } else if (!_cups_strcasecmp(scheme, "Digest")) { @@ -260,13 +259,12 @@ cupsDoAuthentication( * Digest authentication... */ - int i; /* Looping var */ - char algorithm[65], /* Hashing algorithm */ - opaque[HTTP_MAX_VALUE], - /* Opaque data from server */ - cnonce[65], /* cnonce value */ - kd[65], /* Final MD5/SHA-256 digest */ - digest[1024]; /* Digest auth data */ + char nonce[HTTP_MAX_VALUE]; /* nonce="xyz" string */ + + cups_auth_param(schemedata, "algorithm", http->algorithm, sizeof(http->algorithm)); + cups_auth_param(schemedata, "opaque", http->opaque, sizeof(http->opaque)); + cups_auth_param(schemedata, "nonce", nonce, sizeof(nonce)); + cups_auth_param(schemedata, "realm", http->realm, sizeof(http->realm)); if (strcmp(nonce, http->nonce)) { @@ -276,41 +274,8 @@ cupsDoAuthentication( else http->nonce_count ++; - cups_auth_param(schemedata, "opaque", opaque, sizeof(opaque)); - cups_auth_param(schemedata, "nonce", nonce, sizeof(nonce)); - cups_auth_param(schemedata, "realm", realm, sizeof(realm)); - - for (i = 0; i < 64; i ++) - cnonce[i] = "0123456789ABCDEF"[CUPS_RAND() & 15]; - cnonce[64] = '\0'; - - if (cups_auth_param(schemedata, "algorithm", algorithm, sizeof(algorithm))) - { - /* - * Calculate and pass the RFC 2617/7616 WWW-Authenticate header... - */ - - if (!_httpDigest(kd, sizeof(kd), algorithm, cupsUser(), realm, strchr(http->userpass, ':') + 1, nonce, http->nonce_count, cnonce, "auth", method, resource)) - continue; - - if (opaque[0]) - snprintf(digest, sizeof(digest), "username=\"%s\", realm=\"%s\", nonce=\"%s\", algorithm=%s, qop=auth, opaque=\"%s\", cnonce=\"%s\", nc=%08x, uri=\"%s\", response=\"%s\"", cupsUser(), realm, nonce, algorithm, opaque, cnonce, http->nonce_count, resource, kd); - else - snprintf(digest, sizeof(digest), "username=\"%s\", realm=\"%s\", nonce=\"%s\", algorithm=%s, qop=auth, cnonce=\"%s\", nc=%08x, uri=\"%s\", response=\"%s\"", cupsUser(), realm, nonce, algorithm, cnonce, http->nonce_count, resource, kd); - } - else - { - /* - * Calculate and pass the old RFC 2069 WWW-Authenticate header... - */ - - if (!_httpDigest(kd, sizeof(kd), NULL, cupsUser(), realm, strchr(http->userpass, ':') + 1, nonce, http->nonce_count, NULL, NULL, method, resource)) - continue; - - snprintf(digest, sizeof(digest), "username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", response=\"%s\"", cupsUser(), realm, nonce, resource, kd); - } - - httpSetAuthString(http, "Digest", digest); + if (_httpSetDigestAuthString(http, method, resource)) + break; } } |