commit eb48c2586572dd4bae8db4b2d395ef27d72af7a0
parent 1e010db7320af28d0cf6bd5c1ca7c0ad3c79ba4d
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
Date: Mon, 6 Jun 2022 17:43:48 +0300
Simplified Digest Auth code by using the new string processing functions
Diffstat:
2 files changed, 53 insertions(+), 69 deletions(-)
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
@@ -1363,6 +1363,30 @@ get_unqouted_param (const struct MHD_RqDAuthParam *param,
/**
+ * Check whether Digest Auth request parameter is equal to given string
+ * @param param the parameter to check
+ * @param str the string to compare with, does not need to be zero-terminated
+ * @param str_len the length of the @a str
+ * @return true is parameter is equal to the given string,
+ * false otherwise
+ */
+_MHD_static_inline bool
+is_param_equal (const struct MHD_RqDAuthParam *param,
+ const char *const str,
+ const size_t str_len)
+{
+ mhd_assert (NULL != param->value.str);
+ mhd_assert (0 != param->value.len);
+ if (param->quoted)
+ return MHD_str_equal_quoted_bin_n (param->value.str, param->value.len,
+ str, str_len);
+ return (str_len == param->value.len) &&
+ (0 == memcmp (str, param->value.str, str_len));
+
+}
+
+
+/**
* Authenticates the authorization header sent by the client
*
* @param connection The MHD connection structure
@@ -1413,6 +1437,8 @@ digest_auth_check_all (struct MHD_Connection *connection,
#ifdef HAVE_MESSAGES
bool err_logged;
#endif /* HAVE_MESSAGES */
+ size_t username_len;
+ size_t realm_len;
tmp2 = NULL;
tmp2_size = 0;
@@ -1420,35 +1446,24 @@ digest_auth_check_all (struct MHD_Connection *connection,
err_logged = false;
#endif /* HAVE_MESSAGES */
- params = get_rq_dauth_params (connection);
- if (NULL == params)
- return MHD_DAUTH_WRONG_HEADER;
-
do /* Only to avoid "goto" */
{
+
+ params = get_rq_dauth_params (connection);
+ if (NULL == params)
+ {
+ ret = MHD_DAUTH_WRONG_HEADER;
+ break;
+ }
+
/* Check 'username' */
- unq_res = get_unqouted_param (¶ms->username, tmp1, &tmp2, &tmp2_size,
- &unquoted);
- if (_MHD_UNQ_NON_EMPTY != unq_res)
+ if (NULL == params->username.value.str)
{
- if (_MHD_UNQ_NO_STRING == unq_res)
- ret = MHD_DAUTH_WRONG_HEADER;
- else if (_MHD_UNQ_EMPTY == unq_res)
- ret = MHD_DAUTH_WRONG_USERNAME;
- else if (_MHD_UNQ_TOO_LARGE == unq_res)
- ret = MHD_DAUTH_WRONG_HEADER;
- else if (_MHD_UNQ_OUT_OF_MEM == unq_res)
- ret = MHD_DAUTH_ERROR;
- else
- {
- mhd_assert (0); /* Must not happen */
- ret = MHD_DAUTH_ERROR;
- }
+ ret = MHD_DAUTH_WRONG_HEADER;
break;
}
- /* 'unquoted" may not contain binary zero */
- if ( (0 != strncmp (username, unquoted.str, unquoted.len)) ||
- (0 != username[unquoted.len]) )
+ username_len = strlen (username);
+ if (! is_param_equal (¶ms->username, username, username_len))
{
ret = MHD_DAUTH_WRONG_USERNAME;
break;
@@ -1456,28 +1471,13 @@ digest_auth_check_all (struct MHD_Connection *connection,
/* 'username' valid */
/* Check 'realm' */
- unq_res = get_unqouted_param (¶ms->realm, tmp1, &tmp2, &tmp2_size,
- &unquoted);
- if (_MHD_UNQ_NON_EMPTY != unq_res)
+ if (NULL == params->realm.value.str)
{
- if (_MHD_UNQ_NO_STRING == unq_res)
- ret = MHD_DAUTH_WRONG_HEADER;
- else if (_MHD_UNQ_EMPTY == unq_res)
- ret = MHD_DAUTH_WRONG_REALM;
- else if (_MHD_UNQ_TOO_LARGE == unq_res)
- ret = MHD_DAUTH_WRONG_HEADER;
- else if (_MHD_UNQ_OUT_OF_MEM == unq_res)
- ret = MHD_DAUTH_ERROR;
- else
- {
- mhd_assert (0); /* Must not happen */
- ret = MHD_DAUTH_ERROR;
- }
+ ret = MHD_DAUTH_WRONG_HEADER;
break;
}
- /* 'unquoted" may not contain binary zero */
- if ( (0 != strncmp (realm, unquoted.str, unquoted.len)) ||
- (0 != realm[unquoted.len]) )
+ realm_len = strlen (realm);
+ if (! is_param_equal (¶ms->realm, realm, realm_len))
{
ret = MHD_DAUTH_WRONG_REALM;
break;
diff --git a/src/microhttpd/gen_auth.c b/src/microhttpd/gen_auth.c
@@ -295,35 +295,19 @@ parse_dauth_params (const char *str,
}
/* Postprocess values */
- if ((NULL != userhash.value.str) && (0 != userhash.value.len))
+ if (NULL != userhash.value.str)
{
- const char *param_str;
- size_t param_len;
- char buf[5 * 2]; /* 5 is the length of "false" (longer then "true") */
- if (! userhash.quoted)
- {
- param_str = userhash.value.str;
- param_len = userhash.value.len;
- }
- else
- {
- if (sizeof(buf) / sizeof(buf[0]) >= userhash.value.len)
- {
- param_len = MHD_str_unquote (userhash.value.str, userhash.value.len,
- buf);
- param_str = buf;
- }
- else
- {
- param_len = 0;
- param_str = NULL; /* Actually not used */
- }
- }
- if ((param_len == 4) && MHD_str_equal_caseless_bin_n_ (param_str, "true",
- 4))
- pdauth->userhash = true;
+ if (userhash.quoted)
+ pdauth->userhash =
+ MHD_str_equal_caseless_quoted_bin_n (userhash.value.str,
+ userhash.value.len,
+ "true",
+ MHD_STATICSTR_LEN_ ("true"));
else
- pdauth->userhash = false;
+ pdauth->userhash =
+ (MHD_STATICSTR_LEN_ ("true") == userhash.value.len) &&
+ (0 == memcmp (str, userhash.value.str, userhash.value.len));
+
}
else
pdauth->userhash = false;
