commit ff63d75797ddcaf223197e12b12def2b0803588c
parent 6f9ff50bed6f38ed849d4699f4fcdde4d540e419
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
Date: Thu, 28 Dec 2023 12:44:46 +0300
digest auth: added default timeout and max nc values
Diffstat:
4 files changed, 38 insertions(+), 16 deletions(-)
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
@@ -96,7 +96,7 @@ extern "C"
* they are parsed as decimal numbers.
* Example: 0x01093001 = 1.9.30-1.
*/
-#define MHD_VERSION 0x00097707
+#define MHD_VERSION 0x00097708
/* If generic headers don't work on your platform, include headers
which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t',
@@ -5524,17 +5524,18 @@ enum MHD_DigestAuthResult
* even if userhash is used by the client
* @param password the password matching the @a username (and the @a realm)
* @param nonce_timeout the period of seconds since nonce generation, when
- * the nonce is recognised as valid and not stale.
+ * the nonce is recognised as valid and not stale;
+ * if zero is specified then daemon default value is used.
* @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc
* exceeds the specified value then MHD_DAUTH_NONCE_STALE is
* returned;
- * zero for no limit
+ * if zero is specified then daemon default value is used.
* @param mqop the QOP to use
* @param malgo3 digest algorithms allowed to use, fail if algorithm used
* by the client is not allowed by this parameter
* @return #MHD_DAUTH_OK if authenticated,
* the error code otherwise
- * @note Available since #MHD_VERSION 0x00097701
+ * @note Available since #MHD_VERSION 0x00097708
* @ingroup authentication
*/
_MHD_EXTERN enum MHD_DigestAuthResult
@@ -5614,11 +5615,12 @@ MHD_digest_auth_calc_userdigest (enum MHD_DigestAuthAlgo3 algo3,
* #MHD_SHA256_DIGEST_SIZE, #MHD_SHA512_256_DIGEST_SIZE,
* #MHD_digest_get_hash_size())
* @param nonce_timeout the period of seconds since nonce generation, when
- * the nonce is recognised as valid and not stale.
+ * the nonce is recognised as valid and not stale;
+ * if zero is specified then daemon default value is used.
* @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc
* exceeds the specified value then MHD_DAUTH_NONCE_STALE is
* returned;
- * zero for no limit
+ * if zero is specified then daemon default value is used.
* @param mqop the QOP to use
* @param malgo3 digest algorithms allowed to use, fail if algorithm used
* by the client is not allowed by this parameter;
diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c
@@ -7778,6 +7778,8 @@ MHD_start_daemon_va (unsigned int flags,
daemon->digest_auth_rand_size = 0;
daemon->digest_auth_random = NULL;
daemon->nonce_nc_size = 4; /* tiny */
+ daemon->dauth_def_nonce_timeout = 90;
+ daemon->dauth_def_max_nc = 1000;
#endif
#ifdef HTTPS_SUPPORT
if (0 != (*pflags & MHD_USE_TLS))
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
@@ -2515,11 +2515,12 @@ is_param_equal_caseless (const struct MHD_RqDAuthParam *param,
* "username:realm:password",
* must be NULL if @a password is not NULL
* @param nonce_timeout the period of seconds since nonce generation, when
- * the nonce is recognised as valid and not stale.
+ * the nonce is recognised as valid and not stale;
+ * unlike #digest_auth_check_all() zero is used literally
* @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc
* exceeds the specified value then MHD_DAUTH_NONCE_STALE is
* returned;
- * zero for no limit
+ * unlike #digest_auth_check_all() zero is treated as "no limit"
* @param mqop the QOP to use
* @param malgo3 digest algorithms allowed to use, fail if algorithm specified
* by the client is not allowed by this parameter
@@ -3063,11 +3064,12 @@ digest_auth_check_all_inner (struct MHD_Connection *connection,
* "username:realm:password",
* must be NULL if @a password is not NULL
* @param nonce_timeout the period of seconds since nonce generation, when
- * the nonce is recognised as valid and not stale.
+ * the nonce is recognised as valid and not stale;
+ * if set to zero then daemon's default value is used
* @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc
* exceeds the specified value then MHD_DAUTH_NONCE_STALE is
* returned;
- * zero for no limit
+ * if set to zero then daemon's default value is used
* @param mqop the QOP to use
* @param malgo3 digest algorithms allowed to use, fail if algorithm specified
* by the client is not allowed by this parameter
@@ -3092,6 +3094,10 @@ digest_auth_check_all (struct MHD_Connection *connection,
buf = NULL;
digest_setup_zero (&da);
+ if (0 == nonce_timeout)
+ nonce_timeout = connection->daemon->dauth_def_nonce_timeout;
+ if (0 == max_nc)
+ max_nc = connection->daemon->dauth_def_max_nc;
res = digest_auth_check_all_inner (connection, realm, username, password,
userdigest,
nonce_timeout,
@@ -3156,17 +3162,18 @@ MHD_digest_auth_check (struct MHD_Connection *connection,
* even if userhash is used by the client
* @param password the password matching the @a username (and the @a realm)
* @param nonce_timeout the period of seconds since nonce generation, when
- * the nonce is recognised as valid and not stale.
+ * the nonce is recognised as valid and not stale;
+ * if zero is specified then daemon default value is used.
* @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc
* exceeds the specified value then MHD_DAUTH_NONCE_STALE is
* returned;
- * zero for no limit
+ * if zero is specified then daemon default value is used.
* @param mqop the QOP to use
* @param malgo3 digest algorithms allowed to use, fail if algorithm used
* by the client is not allowed by this parameter
* @return #MHD_DAUTH_OK if authenticated,
* the error code otherwise
- * @note Available since #MHD_VERSION 0x00097701
+ * @note Available since #MHD_VERSION 0x00097708
* @ingroup authentication
*/
_MHD_EXTERN enum MHD_DigestAuthResult
@@ -3217,11 +3224,12 @@ MHD_digest_auth_check3 (struct MHD_Connection *connection,
* #MHD_SHA256_DIGEST_SIZE, #MHD_SHA512_256_DIGEST_SIZE,
* #MHD_digest_get_hash_size())
* @param nonce_timeout the period of seconds since nonce generation, when
- * the nonce is recognised as valid and not stale.
+ * the nonce is recognised as valid and not stale;
+ * if zero is specified then daemon default value is used.
* @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc
* exceeds the specified value then MHD_DAUTH_NONCE_STALE is
* returned;
- * zero for no limit
+ * if zero is specified then daemon default value is used.
* @param mqop the QOP to use
* @param malgo3 digest algorithms allowed to use, fail if algorithm used
* by the client is not allowed by this parameter;
@@ -3231,7 +3239,7 @@ MHD_digest_auth_check3 (struct MHD_Connection *connection,
* @return #MHD_DAUTH_OK if authenticated,
* the error code otherwise
* @sa #MHD_digest_auth_calc_userdigest()
- * @note Available since #MHD_VERSION 0x00097701
+ * @note Available since #MHD_VERSION 0x00097708
* @ingroup authentication
*/
_MHD_EXTERN enum MHD_DigestAuthResult
diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h
@@ -2429,6 +2429,16 @@ struct MHD_Daemon
* Nonce bind type.
*/
unsigned int dauth_bind_type;
+
+ /**
+ * Default nonce validity length.
+ */
+ unsigned int dauth_def_nonce_timeout;
+
+ /**
+ * Default maximum nc (nonce count) value.
+ */
+ uint32_t dauth_def_max_nc;
#endif
#ifdef TCP_FASTOPEN
