path: root/src/http_auth.c
AgeCommit message (Expand)AuthorFilesLines
2019-09-08[mod_auth] http_auth_const_time_memeq() (#2975, #2976)Glenn Strauss1-0/+23
2019-09-08[mod_auth] http_auth_const_time_memeq_pad()Glenn Strauss1-1/+1
2019-09-07[mod_auth] http_auth_const_time_memeq improvementGlenn Strauss1-3/+14
2019-03-07[mod_auth] http_auth_info_t digest abstractionGlenn Strauss1-0/+13
2019-03-07[mod_auth] http_auth_digest_hex2bin()Glenn Strauss1-7/+8
2019-01-10[mod_auth] permit additional auth backends to loadGlenn Strauss1-1/+1
2019-01-10[core] memeq compare rounded to 64, not next 1MGlenn Strauss1-1/+1
2018-09-23[core] abstraction layer for HTTP header manipGlenn Strauss1-3/+4
2018-09-16[core] code reuse with array_insert_key_value()Glenn Strauss1-23/+2
2018-04-08[core] some header cleanupGlenn Strauss1-0/+1
2018-03-11[mod_auth] constant time compare plain passwordsGlenn Strauss1-0/+17
2017-01-31[core] initialize globals at top of main()Glenn Strauss1-0/+8
2016-09-22[mod_auth] structured data, register auth schemesGlenn Strauss1-1/+106
2016-09-09[mod_auth] http_auth_md5_hex2bin()Glenn Strauss1-0/+33
2016-08-20[mod_auth] extensible interface for auth backendsGlenn Strauss1-690/+14
2016-08-18[mod_auth] refactor out auth backend codeGlenn Strauss1-232/+289
2016-08-18[mod_auth] refactor out auth backend codeGlenn Strauss1-481/+2
2016-08-14[mod_auth] refactor out auth backend codeGlenn Strauss1-116/+104
2016-08-13[mod_auth] Digest auth fails after rewrite (fixes #2745)Glenn Strauss1-5/+9
2016-07-16[mod_auth] fix Digest auth to be better than Basic (fixes #1844)Glenn Strauss1-0/+39
2016-06-23fix errors detected by Coverity ScanGlenn Strauss1-0/+2
2016-04-28[mod_auth] skip blank lines and comment lines (fixes #2327)Glenn Strauss1-0/+6
2016-04-28fallback to lseek()/read() if mmap() fails (#fixes 2666)Glenn Strauss1-66/+34
2016-04-01use li_[iu]tostrn() instead of li_[iu]tostr()Glenn Strauss1-2/+2
2016-04-01pass buf size to li_tohex()Glenn Strauss1-12/+13
2016-03-26[http_auth/mod_fastcgi] check get_http_*_name() for NULL return (#2583)Glenn Strauss1-0/+1
2016-03-19consistent inclusion of config.h at top of files (fixes #2073)Glenn Strauss1-0/+2
2015-11-22[core] refactor base64 functions into separate fileStefan Bühler1-115/+10
2015-09-26[mod_auth] implement and use safe_memclear, using memset_s or explicit_bzero ...Loganaden Velvindron1-150/+153
2015-08-29[scons] fix crypt() detection, other improvementsStefan Bühler1-1/+2
2015-02-12[mod_auth] use crypt_r instead of crypt if availableStefan Bühler1-1/+9
2015-02-08Use buffer API to read and modify "used" memberStefan Bühler1-40/+31
2015-02-08Remove buffer_prepare_copy() and buffer_prepare_append()Stefan Bühler1-1/+1
2015-02-08fix buffer, chunk and http_chunk APIStefan Bühler1-7/+7
2013-11-13fix/silence bugs reported by ccc-analyzer (clang)Stefan Bühler1-2/+3
2013-08-30[mod_auth] some cleanup, only search for matching auth.require path onceStefan Bühler1-23/+5
2013-06-29[mod_auth] fix invalid read in digest qop=auth-int handling (fixes #2478)Stefan Bühler1-1/+13
2013-05-15[mod_auth] fix base64_decode (#2484)Stefan Bühler1-22/+36
2013-04-29[mod_auth] add htpasswd -s (SHA1) support if openssl is used (needs openssl f...Stefan Bühler1-0/+38
2013-04-29[mod_auth] use crypt() on encrypted password instead of extracting salt first...Stefan Bühler1-44/+11
2012-05-18fix typo in debug outputStefan Bühler1-1/+1
2012-04-19[mod_auth] Fix digest "md5-sess" implementation (Errata ID 1649, RFC 2617) (f...Stefan Bühler1-1/+3
2011-11-29[mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)Stefan Bühler1-1/+1
2011-07-30Always use our 'own' md5 implementation, fixes linking issues on MacOS (fixes...Stefan Bühler1-84/+88
2011-04-24[ssl/md5] prefix our own md5 implementation with li_ so it doesn't conflict w...Stefan Bühler1-0/+6
2010-08-06cleanup fdevent code, removed linux-rtsig handler, replaced some fprintf callsStefan Bühler1-5/+0
2010-05-28- Include IP addresses on error log on password failures (fixes #2191)Elan Ruusamäe1-3/+3
2009-10-11Fix header inclusion order, always include "config.h" before any system headerStefan Bühler1-10/+6
2009-07-21Fix issues found with clang analyzerStefan Bühler1-15/+9
2009-06-11Adding support for additional chars in LDAP usernames (fixes #1941)Stefan Bühler1-2/+7