xfnw/plan9fox
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

webfs: do not reuse digest Authorization headers

Browse source 
We must use the digest authorization header only
once for a single request.
This commit is contained in:
cinap_lenrek 2022-04-02 20:29:20 +00:00
parent 8166868375
commit fc0eee2980
1 changed files with 36 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

60
sys/src/cmd/webfs/http.c
View file

@ -504,28 +504,34 @@ hauthenticate(Url *u, Url *ru, char *method, char *key, Key *hdr)
return -1; return -1;
} }
void
freeauth(Hauth **a)
{
Hauth *x = *a;
if(x == nil)
return;
*a = x->next;
if(debug)
fprint(2, "freeauth for %U\n", x->url);
freeurl(x->url);
memset(x->auth, 0, strlen(x->auth));
free(x->auth);
free(x);
}
void void
flushauth(Url *u, char *t) flushauth(Url *u, char *t)
{ {
Hauth *a, *p; Hauth **a;
qlock(&authlk); for(a = &hauth; *a != nil; ){
Again: if(matchurl(u, (*a)->url) && (t == nil || !strcmp(t, (*a)->auth))){
for(p = nil, a = hauth; a; p = a, a = a->next) freeauth(a);
if(matchurl(u, a->url) && (t == nil || !strcmp(t, a->auth))){ continue;
if(p)
p->next = a->next;
else
hauth = a->next;
if(debug)
fprint(2, "flushauth for %U\n", a->url);
freeurl(a->url);
memset(a->auth, 0, strlen(a->auth));
free(a->auth);
free(a);
goto Again;
} }
qunlock(&authlk); a = &(*a)->next;
}
} }
static void static void
@ -548,7 +554,7 @@ http(char *m, Url *u, Key *shdr, Buq *qbody, Buq *qpost)
Url ru, tu, *nu; Url ru, tu, *nu;
Key *k, *rhdr; Key *k, *rhdr;
Hconn *h; Hconn *h;
Hauth *a; Hauth **a;
incref(qbody); incref(qbody);
if(qpost) incref(qpost); if(qpost) incref(qpost);
@ -598,15 +604,17 @@ http(char *m, Url *u, Key *shdr, Buq *qbody, Buq *qpost)
/* preemptive authentication from hauth cache */ /* preemptive authentication from hauth cache */
qlock(&authlk); qlock(&authlk);
if(proxy && !lookkey(shdr, "Proxy-Authorization")) if(proxy && !lookkey(shdr, "Proxy-Authorization"))
for(a = hauth; a; a = a->next) for(a = &hauth; *a != nil; a = &(*a)->next)
if(matchurl(a->url, proxy)){ if(matchurl((*a)->url, proxy)){
shdr = addkey(shdr, "Proxy-Authorization", a->auth); shdr = addkey(shdr, "Proxy-Authorization", (*a)->auth);
if(strncmp((*a)->auth, "Digest ", 7) == 0) freeauth(a);
break; break;
} }
if(!lookkey(shdr, "Authorization")) if(!lookkey(shdr, "Authorization"))
for(a = hauth; a; a = a->next) for(a = &hauth; *a != nil; a = &(*a)->next)
if(matchurl(a->url, u)){ if(matchurl((*a)->url, u)){
shdr = addkey(shdr, "Authorization", a->auth); shdr = addkey(shdr, "Authorization", (*a)->auth);
if(strncmp((*a)->auth, "Digest ", 7) == 0) freeauth(a);
break; break;
} }
qunlock(&authlk); qunlock(&authlk);
@ -900,7 +908,9 @@ http(char *m, Url *u, Key *shdr, Buq *qbody, Buq *qpost)
if(0){ if(0){
case 401: /* Unauthorized */ case 401: /* Unauthorized */
if(x = lookkey(shdr, "Authorization")){ if(x = lookkey(shdr, "Authorization")){
qlock(&authlk);
flushauth(nil, x); flushauth(nil, x);
qunlock(&authlk);
if(badauth++) if(badauth++)
goto Error; goto Error;
} }
@ -918,7 +928,9 @@ http(char *m, Url *u, Key *shdr, Buq *qbody, Buq *qpost)
if(proxy == nil) if(proxy == nil)
goto Error; goto Error;
if(x = lookkey(shdr, "Proxy-Authorization")){ if(x = lookkey(shdr, "Proxy-Authorization")){
qlock(&authlk);
flushauth(proxy, x); flushauth(proxy, x);
qunlock(&authlk);
if(badauth++) if(badauth++)
goto Error; goto Error;
} }