libmicrohttpd

HTTP/1.x server C library (MHD 1.x, stable)
Log | Files | Refs | Submodules | README | LICENSE
commit b528bec9c1a9332c49813d8e3df7dcc0eb7b63db
parent e1e5a395681d56289d2de5616b112a8e01ed9052
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
Date:   Wed, 20 Jul 2022 17:06:40 +0300

digest_auth_check(): added support for username in extended notation

Diffstat:

Msrc/microhttpd/digestauth.c | 39++++++++++++++++++++++++++++++++++++---


1 file changed, 36 insertions(+), 3 deletions(-)

diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
@@ -1937,8 +1937,15 @@ digest_auth_check_all_inner (struct MHD_Connection *connection,
     return MHD_DAUTH_WRONG_HEADER;
 
   /* ** A quick check for presence of all required parameters ** */
-  if (NULL == params->username.value.str)
+  if ((NULL == params->username.value.str) &&
+      (NULL == params->username_ext.value.str))
     return MHD_DAUTH_WRONG_HEADER;
+  else if ((NULL != params->username.value.str) &&
+           (NULL != params->username_ext.value.str))
+    return MHD_DAUTH_WRONG_HEADER; /* Parameters cannot be used together */
+  else if ((NULL != params->username_ext.value.str) &&
+           (MHD_DAUTH_EXT_PARAM_MIN_LEN > params->username_ext.value.len))
+    return MHD_DAUTH_WRONG_HEADER; /* Broken extended notation */
 
   if (NULL == params->realm.value.str)
     return MHD_DAUTH_WRONG_HEADER;
@@ -1989,8 +1996,34 @@ digest_auth_check_all_inner (struct MHD_Connection *connection,
 
   /* Check 'username' */
   username_len = strlen (username);
-  if (! is_param_equal (&params->username, username, username_len))
-    return MHD_DAUTH_WRONG_USERNAME;
+  if (NULL != params->username.value.str)
+  { /* Username in standard notation */
+    if (! is_param_equal (&params->username, username, username_len))
+      return MHD_DAUTH_WRONG_USERNAME;
+  }
+  else
+  { /* Username in extended notation */
+    char *r_uname;
+    size_t buf_size = params->username_ext.value.len;
+    ssize_t res;
+
+    mhd_assert (NULL != params->username_ext.value.str);
+    mhd_assert (MHD_DAUTH_EXT_PARAM_MIN_LEN <= buf_size); /* It was checked already */
+    buf_size += 1; /* For zero-termination */
+    buf_size -= MHD_DAUTH_EXT_PARAM_MIN_LEN;
+    r_uname = get_buffer_for_size (tmp1, ptmp2, &tmp2_size, buf_size);
+    if (NULL == r_uname)
+      return (_MHD_AUTH_DIGEST_MAX_PARAM_SIZE < buf_size) ?
+             MHD_DAUTH_TOO_LARGE : MHD_DAUTH_ERROR;
+    res = get_rq_extended_uname_copy_z (params->username_ext.value.str,
+                                        params->username_ext.value.len,
+                                        r_uname, buf_size);
+    if (0 > res)
+      return MHD_DAUTH_WRONG_HEADER; /* Broken extended notation */
+    if ((username_len != (size_t) res) ||
+        (0 != memcmp (username, r_uname, username_len)))
+      return MHD_DAUTH_WRONG_USERNAME;
+  }
   /* 'username' valid */
 
   /* Check 'realm' */