76 Commits (445ce2c44f324589729fbeec5113edcc439908d7)

Author SHA1 Message Date
Glenn Strauss 60f4cf3ad8 [mod_auth] http_auth_info_t digest abstraction 3 years ago
Glenn Strauss 07fef25867 [mod_auth] http_auth_digest_hex2bin() 3 years ago
Glenn Strauss 96061c1e5e [mod_auth] permit additional auth backends to load 3 years ago
Glenn Strauss e47ea5e2b0 [core] memeq compare rounded to 64, not next 1M 3 years ago
Glenn Strauss 3dd3cde902 [core] abstraction layer for HTTP header manip 3 years ago
Glenn Strauss a7c27c9f99 [core] code reuse with array_insert_key_value() 3 years ago
Glenn Strauss 04d76e7afd [core] some header cleanup 4 years ago
Glenn Strauss 81b7e8e2fb [mod_auth] constant time compare plain passwords 4 years ago
Glenn Strauss b0c66266d9 [core] initialize globals at top of main() 5 years ago
Glenn Strauss 7ba06c71a6 [mod_auth] structured data, register auth schemes 5 years ago
Glenn Strauss cde68b7b23 [mod_auth] http_auth_md5_hex2bin() 5 years ago
Glenn Strauss 4b3a91e64b [mod_auth] extensible interface for auth backends 5 years ago
Glenn Strauss 3dcca966f4 [mod_auth] refactor out auth backend code 5 years ago
Glenn Strauss 81b2d1f020 [mod_auth] refactor out auth backend code 5 years ago
Glenn Strauss 31250a9af8 [mod_auth] refactor out auth backend code 5 years ago
Glenn Strauss cb24958c01 [mod_auth] Digest auth fails after rewrite (fixes #2745) 5 years ago
Glenn Strauss 00cc4d7c0e [mod_auth] fix Digest auth to be better than Basic (fixes #1844) 5 years ago
Glenn Strauss 72b133f595 fix errors detected by Coverity Scan 6 years ago
Glenn Strauss b47c393e26 [mod_auth] skip blank lines and comment lines (fixes #2327) 6 years ago
Glenn Strauss 8e3c6bf754 fallback to lseek()/read() if mmap() fails (#fixes 2666) 6 years ago
Glenn Strauss 47f3dbebe4 use li_[iu]tostrn() instead of li_[iu]tostr() 6 years ago
Glenn Strauss e5006d88eb pass buf size to li_tohex() 6 years ago
Glenn Strauss 733ce38203 [http_auth/mod_fastcgi] check get_http_*_name() for NULL return (#2583) 6 years ago
Glenn Strauss 8abd06a7ff consistent inclusion of config.h at top of files (fixes #2073) 6 years ago
Stefan Bühler b0a4421272 [core] refactor base64 functions into separate file 6 years ago
Loganaden Velvindron d7be04beb5 [mod_auth] implement and use safe_memclear, using memset_s or explicit_bzero if available 6 years ago
Stefan Bühler 52d72fe8fc [scons] fix crypt() detection, other improvements 6 years ago
Stefan Bühler c92496720d [mod_auth] use crypt_r instead of crypt if available 7 years ago
Stefan Bühler ad3e93ea96 Use buffer API to read and modify "used" member 7 years ago
Stefan Bühler 4365bdbebe Remove buffer_prepare_copy() and buffer_prepare_append() 7 years ago
Stefan Bühler 6afad87d2e fix buffer, chunk and http_chunk API 7 years ago
Stefan Bühler 6f208cfde1 fix/silence bugs reported by ccc-analyzer (clang) 8 years ago
Stefan Bühler 2bcf65c285 [mod_auth] some cleanup, only search for matching auth.require path once 8 years ago
Stefan Bühler c008fd7ec8 [mod_auth] fix invalid read in digest qop=auth-int handling (fixes #2478) 9 years ago
Stefan Bühler ce4bc0c0f7 [mod_auth] fix base64_decode (#2484) 9 years ago
Stefan Bühler c26b50d9ad [mod_auth] add htpasswd -s (SHA1) support if openssl is used (needs openssl for SHA1). This doesn't use any salt, md5 with salt is probably better. 9 years ago
Stefan Bühler 0342dfef1d [mod_auth] use crypt() on encrypted password instead of extracting salt first (fixes #2483) 9 years ago
Stefan Bühler bbaef6ab87 fix typo in debug output 10 years ago
Stefan Bühler 61047369c7 [mod_auth] Fix digest "md5-sess" implementation (Errata ID 1649, RFC 2617) (fixes #2410) 10 years ago
Stefan Bühler 6c9dff7cda [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362) 10 years ago
Stefan Bühler 90dd8af32b Always use our 'own' md5 implementation, fixes linking issues on MacOS (fixes #2331) 10 years ago
Stefan Bühler 328043caf3 [ssl/md5] prefix our own md5 implementation with li_ so it doesn't conflict with the openssl one (fixes #2269) 11 years ago
Stefan Bühler 38f2d1ddd7 cleanup fdevent code, removed linux-rtsig handler, replaced some fprintf calls 11 years ago
Elan Ruusamäe a813273c2f - Include IP addresses on error log on password failures (fixes #2191) 12 years ago
Stefan Bühler 22e8b456a9 Fix header inclusion order, always include "config.h" before any system header 12 years ago
Stefan Bühler 4df22f2a32 Fix issues found with clang analyzer 13 years ago
Stefan Bühler 5204fd7e6c Adding support for additional chars in LDAP usernames (fixes #1941) 13 years ago
Stefan Bühler 7ad4792357 Add support for "real" entropy from /dev/[u]random (fixes #1977) 13 years ago
Stefan Bühler 7f103eab6c Fix error message if no auth backend was set 13 years ago
Stefan Bühler cfba07cb82 Now really fix mod auth ldap (#1066) 13 years ago