diff options
| author | Joe Orton <joe@manyfish.uk> | 2020-09-03 20:42:59 +0100 |
|---|---|---|
| committer | Joe Orton <joe@manyfish.uk> | 2020-09-03 20:42:59 +0100 |
| commit | 12af3d767ec8f8b0ebf3fa3a82297b4bb8f6b563 (patch) | |
| tree | cf2ae8e9ab50b3eb0574fe7e789b5323bc1c66d6 | |
| parent | e16c926419d05b80867a542d09e1ab4444bafd95 (diff) | |
| download | neon-git-12af3d767ec8f8b0ebf3fa3a82297b4bb8f6b563.tar.gz | |
* src/ne_auth.h, src/ne_auth.c, test/auth.c: Rename
NE_AUTH_WEAK_DIGEST to NE_AUTH_LEGACY_DIGEST everywhere.
| -rw-r--r-- | src/ne_auth.c | 12 | ||||
| -rw-r--r-- | src/ne_auth.h | 9 | ||||
| -rw-r--r-- | test/auth.c | 24 |
3 files changed, 23 insertions, 22 deletions
diff --git a/src/ne_auth.c b/src/ne_auth.c index 9015f21..af152ae 100644 --- a/src/ne_auth.c +++ b/src/ne_auth.c @@ -847,8 +847,8 @@ static int digest_challenge(auth_session *sess, int attempt, return -1; } else if (!parms->got_qop - && (parms->handler->protomask & NE_AUTH_WEAK_DIGEST) == 0) { - challenge_error(errmsg, _("weak Digest challenge not supported")); + && (parms->handler->protomask & NE_AUTH_LEGACY_DIGEST) == 0) { + challenge_error(errmsg, _("legacy Digest challenge not supported")); return -1; } @@ -1674,10 +1674,10 @@ static void auth_register(ne_session *sess, int isproxy, unsigned protomask, } /* For backwards-compatibility with older releases where DIGEST - * used to be defined as WEAKEST, if only WEAK_DIGEST is given, - * that implies DIGEST|WEAK_DIGEST. */ - if ((protomask & (NE_AUTH_WEAK_DIGEST|NE_AUTH_DIGEST)) == NE_AUTH_WEAK_DIGEST) { - NE_DEBUG(NE_DBG_HTTPAUTH, "auth: Weak Digest support compatibility mode.\n"); + * used to be defined as WEAKEST, if only LEGACY_DIGEST is given, + * that implies DIGEST|LEGACY_DIGEST. */ + if ((protomask & (NE_AUTH_LEGACY_DIGEST|NE_AUTH_DIGEST)) == NE_AUTH_LEGACY_DIGEST) { + NE_DEBUG(NE_DBG_HTTPAUTH, "auth: Legacy Digest support compatibility mode.\n"); protomask |= NE_AUTH_DIGEST; } diff --git a/src/ne_auth.h b/src/ne_auth.h index d241920..15960e1 100644 --- a/src/ne_auth.h +++ b/src/ne_auth.h @@ -80,10 +80,11 @@ void ne_set_proxy_auth(ne_session *sess, ne_auth_creds creds, void *userdata); * channel. Supports algorithms from RFC 2617 and RFC 7616. */ #define NE_AUTH_DIGEST (0x0080) -/* NE_AUTH_WEAK_DIGEST: This may be used in conjunction with - * NE_AUTH_DIGEST to enable support for the older, weaker version of - * the Digest algorithm specified in RFC 2069. */ -#define NE_AUTH_WEAK_DIGEST (0x0002) +/* NE_AUTH_LEGACY_DIGEST: Using this flag together with NE_AUTH_DIGEST + * enables support for the weaker, legacy version of the Digest + * algorithm specified in RFC 2069 (obsoleted by RFC 2617, which was + * published in June 1999). */ +#define NE_AUTH_LEGACY_DIGEST (0x0002) /* NE_AUTH_NEGOTIATE: Negotiate uses GSSAPI/SSPI, or NTLM, to * authenticate the user; an active attacker can modify any of the diff --git a/test/auth.c b/test/auth.c index 5b6ea95..985d0eb 100644 --- a/test/auth.c +++ b/test/auth.c @@ -399,8 +399,8 @@ static void dup_header(char *header) #define PARM_USERHASH (0x0010) /* userhash=true */ #define PARM_UHFALSE (0x0020) /* userhash=false */ #define PARM_ALTUSER (0x0040) -#define PARM_WEAK (0x0080) -#define PARM_WEAK_ONLY (0x0100) +#define PARM_LEGACY (0x0080) +#define PARM_LEGACY_ONLY (0x0100) struct digest_parms { const char *realm, *nonce, *opaque, *domain; @@ -893,10 +893,10 @@ static int test_digest(struct digest_parms *parms) if ((parms->flags & PARM_ALTUSER)) proto |= NE_AUTH_UTF8; - else if ((parms->flags & PARM_WEAK)) - proto |= NE_AUTH_WEAK_DIGEST; - else if ((parms->flags & PARM_WEAK_ONLY)) - proto = NE_AUTH_WEAK_DIGEST; + else if ((parms->flags & PARM_LEGACY)) + proto |= NE_AUTH_LEGACY_DIGEST; + else if ((parms->flags & PARM_LEGACY_ONLY)) + proto = NE_AUTH_LEGACY_DIGEST; NE_DEBUG(NE_DBG_HTTP, ">>>> Request sequence begins " "(reqs=%d, nonce=%s, rfc=%s, stale=%d, proxy=%d).\n", @@ -939,7 +939,7 @@ static int digest(void) /* staleness. */ { "WallyWorld", "this-is-a-nonce", "opaque-thingy", NULL, ALG_MD5, PARM_RFC2617 | PARM_AINFO, 3, 2, fail_not }, /* 2069 + stale */ - { "WallyWorld", "this-is-a-nonce", NULL, NULL, ALG_MD5, PARM_WEAK|PARM_AINFO, 3, 2, fail_not }, + { "WallyWorld", "this-is-a-nonce", NULL, NULL, ALG_MD5, PARM_LEGACY|PARM_AINFO, 3, 2, fail_not }, /* RFC 7616-style */ { "WallyWorld", "new-day-new-nonce", "new-opaque", NULL, ALG_MD5, PARM_RFC2617 | PARM_USERHASH, 1, 0, fail_not }, @@ -947,10 +947,10 @@ static int digest(void) { "WallyWorld", "just-another-nonce", "new-opaque", NULL, ALG_MD5, PARM_RFC2617 | PARM_UHFALSE, 1, 0, fail_not }, /* RFC 2069-style */ - { "WallyWorld", "lah-di-da-di-dah", NULL, NULL, ALG_MD5, PARM_WEAK, 1, 0, fail_not }, - { "WallyWorld", "lah-lah-lah-lah", NULL, NULL, ALG_MD5, PARM_WEAK_ONLY, 1, 0, fail_not }, - { "WallyWorld", "fee-fi-fo-fum", "opaque-string", NULL, ALG_MD5, PARM_WEAK, 1, 0, fail_not }, - { "WallyWorld", "fee-fi-fo-fum", "opaque-string", NULL, ALG_MD5, PARM_AINFO|PARM_WEAK, 1, 0, fail_not }, + { "WallyWorld", "lah-di-da-di-dah", NULL, NULL, ALG_MD5, PARM_LEGACY, 1, 0, fail_not }, + { "WallyWorld", "lah-lah-lah-lah", NULL, NULL, ALG_MD5, PARM_LEGACY_ONLY, 1, 0, fail_not }, + { "WallyWorld", "fee-fi-fo-fum", "opaque-string", NULL, ALG_MD5, PARM_LEGACY, 1, 0, fail_not }, + { "WallyWorld", "fee-fi-fo-fum", "opaque-string", NULL, ALG_MD5, PARM_AINFO|PARM_LEGACY, 1, 0, fail_not }, /* Proxy auth */ { "WallyWorld", "this-is-also-a-nonce", "opaque-string", NULL, ALG_MD5, PARM_RFC2617|PARM_PROXY, 1, 0, fail_not }, @@ -1068,7 +1068,7 @@ static int digest_failures(void) { fail_bogus_alg, "unknown algorithm" }, { fail_req0_stale, "initial Digest challenge was stale" }, { fail_req0_2069_stale, "initial Digest challenge was stale" }, - { fail_2069_weak, "weak Digest challenge not supported" }, + { fail_2069_weak, "legacy Digest challenge not supported" }, { fail_not, NULL } }; unsigned n; |