mod_digest for Apache does not properly verify the nonce of a client response

by using a AuthNonce secret.

CAN-2003-0987

ok henning@

4 files changed, 102 insertions, 4 deletions

diff --git a/usr.sbin/httpd/src/include/http_core.h b/usr.sbin/httpd/src/include/http_core.h
index a44498f7ea7..ea2033a28ea 100644
--- a/usr.sbin/httpd/src/include/http_core.h
+++ b/usr.sbin/httpd/src/include/http_core.h
@@ -162,6 +162,7 @@ typedef struct {
      
 API_EXPORT(const char *) ap_auth_type (request_rec *);
 API_EXPORT(const char *) ap_auth_name (request_rec *);     
+API_EXPORT(const char *) ap_auth_nonce (request_rec *);
 API_EXPORT(int) ap_satisfies (request_rec *r);
 API_EXPORT(const array_header *) ap_requires (request_rec *);    
 
@@ -355,6 +356,9 @@ typedef struct {
      */
     ap_flag_e cgi_command_args;
 
+    /* Digest auth. */
+    char *ap_auth_nonce;
+
 } core_dir_config;
 
 /* Per-server core configuration */
diff --git a/usr.sbin/httpd/src/main/http_core.c b/usr.sbin/httpd/src/main/http_core.c
index f08fa50d54e..1bf1aba960c 100644
--- a/usr.sbin/httpd/src/main/http_core.c
+++ b/usr.sbin/httpd/src/main/http_core.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: http_core.c,v 1.16 2003/11/17 18:57:05 henning Exp $ */
+/* $OpenBSD: http_core.c,v 1.17 2004/06/07 04:24:00 brad Exp $ */
 
 /* ====================================================================
  * The Apache Software License, Version 1.1
@@ -238,6 +238,9 @@ static void *merge_core_dir_configs(pool *a, void *basev, void *newv)
     if (new->ap_auth_name) {
         conf->ap_auth_name = new->ap_auth_name;
     }
+    if (new->ap_auth_nonce) {
+        conf->ap_auth_nonce = new->ap_auth_nonce;
+    }
     if (new->ap_requires) {
         conf->ap_requires = new->ap_requires;
     }
@@ -580,6 +583,31 @@ API_EXPORT(const char *) ap_auth_name(request_rec *r)
     return conf->ap_auth_name;
 }
 
+API_EXPORT(const char *) ap_auth_nonce(request_rec *r)
+{
+    core_dir_config *conf;
+    conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
+                                                   &core_module);
+    if (conf->ap_auth_nonce)
+       return conf->ap_auth_nonce;
+
+    /* Ideally we'd want to mix in some per-directory style
+     * information; as we are likely to want to detect replay
+     * across those boundaries and some randomness. But that
+     * is harder due to the adhoc nature of .htaccess memory
+     * structures, restarts and forks.
+     *
+     * But then again - you should use AuthDigestRealmSeed in your config
+     * file if you care. So the adhoc value should do.
+     */
+    return ap_psprintf(r->pool,"%pp%pp%pp%pp%pp",
+           (void *)&((r->connection->local_addr).sin_addr ),
+           (void *)ap_user_name,
+           (void *)ap_listeners,
+           (void *)ap_server_argv0,
+           (void *)ap_pid_fname);
+}
+
 API_EXPORT(const char *) ap_default_type(request_rec *r)
 {
     core_dir_config *conf;
@@ -2834,6 +2862,28 @@ static const char *set_authname(cmd_parms *cmd, void *mconfig, char *word1)
     return NULL;
 }
 
+/*
+ * Load an authorisation nonce into our location configuration, and
+ * force it to be in the 0-9/A-Z realm.
+ */
+static const char *set_authnonce (cmd_parms *cmd, void *mconfig, char *word1)
+{
+    core_dir_config *aconfig = (core_dir_config *)mconfig;
+    size_t i;
+
+    aconfig->ap_auth_nonce = ap_escape_quotes(cmd->pool, word1);
+
+    if (strlen(aconfig->ap_auth_nonce) > 510)
+       return "AuthDigestRealmSeed length limited to 510 chars for browser compatibility";
+
+    for(i=0;i<strlen(aconfig->ap_auth_nonce );i++)
+       if (!ap_isalnum(aconfig->ap_auth_nonce [i]))
+         return "AuthDigestRealmSeed limited to 0-9 and A-Z range for browser compatibility";
+
+    return NULL;
+}
+
+
 #ifdef _OSD_POSIX /* BS2000 Logon Passwd file */
 static const char *set_bs2000_account(cmd_parms *cmd, void *dummy, char *name)
 {
@@ -3448,6 +3498,9 @@ static const command_rec core_cmds[] = {
   "An HTTP authorization type (e.g., \"Basic\")" },
 { "AuthName", set_authname, NULL, OR_AUTHCFG, TAKE1,
   "The authentication realm (e.g. \"Members Only\")" },
+{ "AuthDigestRealmSeed", set_authnonce, NULL, OR_AUTHCFG, TAKE1,
+  "An authentication token which should be different for each logical realm. "\
+  "A random value or the servers IP may be a good choise.\n" },
 { "Require", require, NULL, OR_AUTHCFG, RAW_ARGS,
   "Selects which authenticated users or groups may access a protected space" },
 { "Satisfy", satisfy, NULL, OR_AUTHCFG, TAKE1,
diff --git a/usr.sbin/httpd/src/main/http_protocol.c b/usr.sbin/httpd/src/main/http_protocol.c
index 031ff3ca031..850a64e8a6a 100644
--- a/usr.sbin/httpd/src/main/http_protocol.c
+++ b/usr.sbin/httpd/src/main/http_protocol.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: http_protocol.c,v 1.25 2004/01/15 12:17:18 otto Exp $ */
+/*	$OpenBSD: http_protocol.c,v 1.26 2004/06/07 04:24:00 brad Exp $ */
 /* ====================================================================
  * The Apache Software License, Version 1.1
  *
@@ -77,6 +77,7 @@
 #include "util_date.h"          /* For parseHTTPdate and BAD_DATE */
 #include <stdarg.h>
 #include "http_conf_globals.h"
+#include "util_md5.h"           /* For digestAuth */
 #include "ap_sha1.h"
 
 #define SET_BYTES_SENT(r) \
@@ -1417,11 +1418,25 @@ API_EXPORT(void) ap_note_basic_auth_failure(request_rec *r)
 
 API_EXPORT(void) ap_note_digest_auth_failure(request_rec *r)
 {
+    /* We need to create a nonce which:
+     * a) changes all the time (see r->request_time)
+     *    below and
+     * b) of which we can verify that it is our own
+     *    fairly easily when it comes to veryfing
+     *    the digest coming back in the response.
+     * c) and which as a whole should not
+     *    be unlikely to be in use anywhere else.
+     */
+    char * nonce_prefix = ap_md5(r->pool,
+           (unsigned char *)
+           ap_psprintf(r->pool, "%s%lu",
+                       ap_auth_nonce(r), r->request_time));
+
     ap_table_setn(r->err_headers_out,
 	    r->proxyreq == STD_PROXY ? "Proxy-Authenticate"
 		  : "WWW-Authenticate",
-	    ap_psprintf(r->pool, "Digest realm=\"%s\", nonce=\"%lu\"",
-		ap_auth_name(r), (unsigned long)r->request_time));
+           ap_psprintf(r->pool, "Digest realm=\"%s\", nonce=\"%s%lu\"",
+               ap_auth_name(r), nonce_prefix, r->request_time));
 }
 
 API_EXPORT(int) ap_get_basic_auth_pw(request_rec *r, const char **pw)
diff --git a/usr.sbin/httpd/src/modules/standard/mod_digest.c b/usr.sbin/httpd/src/modules/standard/mod_digest.c
index 08678a24071..edc509ebd66 100644
--- a/usr.sbin/httpd/src/modules/standard/mod_digest.c
+++ b/usr.sbin/httpd/src/modules/standard/mod_digest.c
@@ -316,6 +316,23 @@ static int get_digest_rec(request_rec *r, digest_header_rec * response)
 
 /* The actual MD5 code... whee */
 
+/* Check that a given nonce is actually one which was
+ * issued by this server in the right context.
+ */
+static int check_nonce(pool *p, const char *prefix, const char *nonce) {
+    char *timestamp = (char *)nonce + 2 * MD5_DIGESTSIZE;
+    char *md5;
+
+    if (strlen(nonce) < MD5_DIGESTSIZE)
+       return AUTH_REQUIRED;
+
+    md5 = ap_md5(p, (unsigned char *)ap_pstrcat(p, prefix, timestamp, NULL));
+
+    return strncmp(md5, nonce, 2 * MD5_DIGESTSIZE);
+}
+
+/* Check the digest itself.
+ */
 static char *find_digest(request_rec *r, digest_header_rec * h, char *a1)
 {
     return ap_md5(r->pool,
@@ -356,6 +373,15 @@ static int authenticate_digest_user(request_rec *r)
     if (!sec->pwfile)
 	return DECLINED;
 
+    /* Check that the nonce was one we actually issued. */
+    if (check_nonce(r->pool, ap_auth_nonce(r), response->nonce)) {
+        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+            "Client is using a nonce which was not issued by "
+            "this server for this context: %s", r->uri);
+        ap_note_digest_auth_failure(r);
+        return AUTH_REQUIRED;
+    }
+
     if (!(a1 = get_hash(r, c->user, sec->pwfile))) {
 	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
 		    "user %s not found: %s", c->user, r->uri);