Security Fix (CAN-2003-0987): mod_digest for Apache did not properly verify the nonce of a client response by using a AuthNonce secret. Now Apache verifies the nonce returned in the client response to check whether it was issued by itself by means of a AuthDigestRealmSeed secret exposed as an md5(). Index: src/include/http_core.h --- src/include/http_core.h.orig 2003-07-07 02:34:09.000000000 +0200 +++ src/include/http_core.h 2004-05-12 10:03:51.000000000 +0200 @@ -162,6 +162,7 @@ API_EXPORT(const char *) ap_auth_type (request_rec *); API_EXPORT(const char *) ap_auth_name (request_rec *); +API_EXPORT(const char *) ap_auth_nonce (request_rec *); API_EXPORT(int) ap_satisfies (request_rec *r); API_EXPORT(const array_header *) ap_requires (request_rec *); @@ -355,6 +356,9 @@ */ ap_flag_e cgi_command_args; + /* Digest auth. */ + char *ap_auth_nonce; + } core_dir_config; /* Per-server core configuration */ Index: src/main/http_core.c --- src/main/http_core.c.orig 2003-10-19 15:20:57.000000000 +0200 +++ src/main/http_core.c 2004-05-12 10:03:51.000000000 +0200 @@ -236,6 +236,9 @@ if (new->ap_auth_name) { conf->ap_auth_name = new->ap_auth_name; } + if (new->ap_auth_nonce) { + conf->ap_auth_nonce = new->ap_auth_nonce; + } if (new->ap_requires) { conf->ap_requires = new->ap_requires; } @@ -577,6 +580,31 @@ return conf->ap_auth_name; } +API_EXPORT(const char *) ap_auth_nonce(request_rec *r) +{ + core_dir_config *conf; + conf = (core_dir_config *)ap_get_module_config(r->per_dir_config, + &core_module); + if (conf->ap_auth_nonce) + return conf->ap_auth_nonce; + + /* Ideally we'd want to mix in some per-directory style + * information; as we are likely to want to detect replay + * across those boundaries and some randomness. But that + * is harder due to the adhoc nature of .htaccess memory + * structures, restarts and forks. + * + * But then again - you should use AuthDigestRealmSeed in your config + * file if you care. So the adhoc value should do. + */ + return ap_psprintf(r->pool,"%pp%pp%pp%pp%pp", + (void *)&((r->connection->local_addr).sin_addr ), + (void *)ap_user_name, + (void *)ap_listeners, + (void *)ap_server_argv0, + (void *)ap_pid_fname); +} + API_EXPORT(const char *) ap_default_type(request_rec *r) { core_dir_config *conf; @@ -2786,6 +2814,28 @@ return NULL; } +/* + * Load an authorisation nonce into our location configuration, and + * force it to be in the 0-9/A-Z realm. + */ +static const char *set_authnonce (cmd_parms *cmd, void *mconfig, char *word1) +{ + core_dir_config *aconfig = (core_dir_config *)mconfig; + size_t i; + + aconfig->ap_auth_nonce = ap_escape_quotes(cmd->pool, word1); + + if (strlen(aconfig->ap_auth_nonce) > 510) + return "AuthDigestRealmSeed length limited to 510 chars for browser compatibility"; + + for(i=0;i<strlen(aconfig->ap_auth_nonce );i++) + if (!ap_isalnum(aconfig->ap_auth_nonce [i])) + return "AuthDigestRealmSeed limited to 0-9 and A-Z range for browser compatibility"; + + return NULL; +} + + #ifdef _OSD_POSIX /* BS2000 Logon Passwd file */ static const char *set_bs2000_account(cmd_parms *cmd, void *dummy, char *name) { @@ -3400,6 +3450,9 @@ "An HTTP authorization type (e.g., \"Basic\")" }, { "AuthName", set_authname, NULL, OR_AUTHCFG, TAKE1, "The authentication realm (e.g. \"Members Only\")" }, +{ "AuthDigestRealmSeed", set_authnonce, NULL, OR_AUTHCFG, TAKE1, + "An authentication token which should be different for each logical realm. "\ + "A random value or the servers IP may be a good choise.\n" }, { "Require", require, NULL, OR_AUTHCFG, RAW_ARGS, "Selects which authenticated users or groups may access a protected space" }, { "Satisfy", satisfy, NULL, OR_AUTHCFG, TAKE1, Index: src/main/http_protocol.c --- src/main/http_protocol.c.orig 2003-02-03 18:13:22.000000000 +0100 +++ src/main/http_protocol.c 2004-05-12 10:03:51.000000000 +0200 @@ -76,6 +76,7 @@ #include "util_date.h" /* For parseHTTPdate and BAD_DATE */ #include <stdarg.h> #include "http_conf_globals.h" +#include "util_md5.h" /* For digestAuth */ #define SET_BYTES_SENT(r) \ do { if (r->sent_bodyct) \ @@ -1391,11 +1392,25 @@ API_EXPORT(void) ap_note_digest_auth_failure(request_rec *r) { + /* We need to create a nonce which: + * a) changes all the time (see r->request_time) + * below and + * b) of which we can verify that it is our own + * fairly easily when it comes to veryfing + * the digest coming back in the response. + * c) and which as a whole should not + * be unlikely to be in use anywhere else. + */ + char * nonce_prefix = ap_md5(r->pool, + (unsigned char *) + ap_psprintf(r->pool, "%s%lu", + ap_auth_nonce(r), r->request_time)); + ap_table_setn(r->err_headers_out, r->proxyreq == STD_PROXY ? "Proxy-Authenticate" : "WWW-Authenticate", - ap_psprintf(r->pool, "Digest realm=\"%s\", nonce=\"%lu\"", - ap_auth_name(r), r->request_time)); + ap_psprintf(r->pool, "Digest realm=\"%s\", nonce=\"%s%lu\"", + ap_auth_name(r), nonce_prefix, r->request_time)); } API_EXPORT(int) ap_get_basic_auth_pw(request_rec *r, const char **pw) Index: src/modules/standard/mod_digest.c --- src/modules/standard/mod_digest.c.orig 2003-02-03 18:13:27.000000000 +0100 +++ src/modules/standard/mod_digest.c 2004-05-12 10:03:51.000000000 +0200 @@ -316,6 +316,23 @@ /* The actual MD5 code... whee */ +/* Check that a given nonce is actually one which was + * issued by this server in the right context. + */ +static int check_nonce(pool *p, const char *prefix, const char *nonce) { + char *timestamp = (char *)nonce + 2 * MD5_DIGESTSIZE; + char *md5; + + if (strlen(nonce) < MD5_DIGESTSIZE) + return AUTH_REQUIRED; + + md5 = ap_md5(p, (unsigned char *)ap_pstrcat(p, prefix, timestamp, NULL)); + + return strncmp(md5, nonce, 2 * MD5_DIGESTSIZE); +} + +/* Check the digest itself. + */ static char *find_digest(request_rec *r, digest_header_rec * h, char *a1) { return ap_md5(r->pool, @@ -356,6 +373,15 @@ if (!sec->pwfile) return DECLINED; + /* Check that the nonce was one we actually issued. */ + if (check_nonce(r->pool, ap_auth_nonce(r), response->nonce)) { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, + "Client is using a nonce which was not issued by " + "this server for this context: %s", r->uri); + ap_note_digest_auth_failure(r); + return AUTH_REQUIRED; + } + if (!(a1 = get_hash(r, c->user, sec->pwfile))) { ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, "user %s not found: %s", c->user, r->uri);