diff options
author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-05-13 17:20:21 +0300 |
---|---|---|
committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-05-13 17:20:21 +0300 |
commit | 547246b9cb4df5599c1b0ffb45bd41a573ab5826 (patch) | |
tree | 5c24281fea2354c6c13ecb87f4a5f53ab6803d89 | |
parent | 5fdb9effcb4ad4d6110b36255e73ec59b7a47994 (diff) | |
download | libmicrohttpd-547246b9cb4df5599c1b0ffb45bd41a573ab5826.tar.gz libmicrohttpd-547246b9cb4df5599c1b0ffb45bd41a573ab5826.zip |
Added two new public functions for digest authentication
-rw-r--r-- | src/include/microhttpd.h | 125 | ||||
-rw-r--r-- | src/microhttpd/digestauth.c | 206 |
2 files changed, 232 insertions, 99 deletions
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h index 6bf594cc..921ab56b 100644 --- a/src/include/microhttpd.h +++ b/src/include/microhttpd.h | |||
@@ -96,7 +96,7 @@ extern "C" | |||
96 | * they are parsed as decimal numbers. | 96 | * they are parsed as decimal numbers. |
97 | * Example: 0x01093001 = 1.9.30-1. | 97 | * Example: 0x01093001 = 1.9.30-1. |
98 | */ | 98 | */ |
99 | #define MHD_VERSION 0x00097512 | 99 | #define MHD_VERSION 0x00097513 |
100 | 100 | ||
101 | /* If generic headers don't work on your platform, include headers | 101 | /* If generic headers don't work on your platform, include headers |
102 | which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t', | 102 | which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t', |
@@ -4364,6 +4364,115 @@ enum MHD_DigestAuthAlgorithm | |||
4364 | 4364 | ||
4365 | 4365 | ||
4366 | /** | 4366 | /** |
4367 | * The result of digest authentication of the client. | ||
4368 | * | ||
4369 | * @note Available since #MHD_VERSION 0x00097513 | ||
4370 | */ | ||
4371 | enum MHD_DigestAuthResult | ||
4372 | { | ||
4373 | /** | ||
4374 | * Authentication OK. | ||
4375 | */ | ||
4376 | MHD_DAUTH_OK = 1, | ||
4377 | |||
4378 | /** | ||
4379 | * General error, like "out of memory". | ||
4380 | */ | ||
4381 | MHD_DAUTH_ERROR = 0, | ||
4382 | |||
4383 | /** | ||
4384 | * No "Authorization" header or wrong format of the header. | ||
4385 | */ | ||
4386 | MHD_DAUTH_WRONG_HEADER = -1, | ||
4387 | |||
4388 | /** | ||
4389 | * Wrong 'username'. | ||
4390 | */ | ||
4391 | MHD_DAUTH_WRONG_USERNAME = -2, | ||
4392 | |||
4393 | /** | ||
4394 | * Wrong 'realm'. | ||
4395 | */ | ||
4396 | MHD_DAUTH_WRONG_REALM = -3, | ||
4397 | |||
4398 | /** | ||
4399 | * Wrong 'URI' (or URI parameters). | ||
4400 | */ | ||
4401 | MHD_DAUTH_WRONG_URI = -4, | ||
4402 | |||
4403 | /* The different form of naming is intentionally used for the results below, | ||
4404 | * as they are more important */ | ||
4405 | |||
4406 | /** | ||
4407 | * The 'nonce' is too old. Suggest the client to retry with the same | ||
4408 | * username and password to get the fresh 'nonce'. | ||
4409 | * The validity of the 'nonce' may not be checked. | ||
4410 | */ | ||
4411 | MHD_DAUTH_NONCE_STALE = -16, | ||
4412 | |||
4413 | /** | ||
4414 | * The 'nonce' is wrong. May indicate an attack attempt. | ||
4415 | */ | ||
4416 | MHD_DAUTH_NONCE_WRONG = -32, | ||
4417 | |||
4418 | /** | ||
4419 | * The 'response' is wrong. May indicate an attack attempt. | ||
4420 | */ | ||
4421 | MHD_DAUTH_RESPONSE_WRONG = -33, | ||
4422 | }; | ||
4423 | |||
4424 | |||
4425 | /** | ||
4426 | * Authenticates the authorization header sent by the client. | ||
4427 | * | ||
4428 | * @param connection the MHD connection structure | ||
4429 | * @param realm the realm to be used for authorization of the client | ||
4430 | * @param username the username needs to be authenticated | ||
4431 | * @param password the password used in the authentication | ||
4432 | * @param nonce_timeout the nonce validity duration in seconds | ||
4433 | * @param algo the digest algorithms allowed for verification | ||
4434 | * @return #MHD_DAUTH_OK if authenticated, | ||
4435 | * the error code otherwise | ||
4436 | * @note Available since #MHD_VERSION 0x00097513 | ||
4437 | * @ingroup authentication | ||
4438 | */ | ||
4439 | _MHD_EXTERN enum MHD_DigestAuthResult | ||
4440 | MHD_digest_auth_check3 (struct MHD_Connection *connection, | ||
4441 | const char *realm, | ||
4442 | const char *username, | ||
4443 | const char *password, | ||
4444 | unsigned int nonce_timeout, | ||
4445 | enum MHD_DigestAuthAlgorithm algo); | ||
4446 | |||
4447 | |||
4448 | /** | ||
4449 | * Authenticates the authorization header sent by the client. | ||
4450 | * | ||
4451 | * @param connection the MHD connection structure | ||
4452 | * @param realm the realm to be used for authorization of the client | ||
4453 | * @param username the username needs to be authenticated | ||
4454 | * @param digest the pointer to the binary digest for the precalculated hash | ||
4455 | * value "username:realm:password" with specified @a algo | ||
4456 | * @param digest_size the number of bytes in @a digest (the size must match | ||
4457 | * @a algo!) | ||
4458 | * @param nonce_timeout the nonce validity duration in seconds | ||
4459 | * @param algo digest algorithms allowed for verification | ||
4460 | * @return #MHD_DAUTH_OK if authenticated, | ||
4461 | * the error code otherwise | ||
4462 | * @note Available since #MHD_VERSION 0x00097513 | ||
4463 | * @ingroup authentication | ||
4464 | */ | ||
4465 | _MHD_EXTERN enum MHD_DigestAuthResult | ||
4466 | MHD_digest_auth_check_digest3 (struct MHD_Connection *connection, | ||
4467 | const char *realm, | ||
4468 | const char *username, | ||
4469 | const uint8_t *digest, | ||
4470 | size_t digest_size, | ||
4471 | unsigned int nonce_timeout, | ||
4472 | enum MHD_DigestAuthAlgorithm algo); | ||
4473 | |||
4474 | |||
4475 | /** | ||
4367 | * Authenticates the authorization header sent by the client. | 4476 | * Authenticates the authorization header sent by the client. |
4368 | * | 4477 | * |
4369 | * @param connection The MHD connection structure | 4478 | * @param connection The MHD connection structure |
@@ -4376,6 +4485,7 @@ enum MHD_DigestAuthAlgorithm | |||
4376 | * @return #MHD_YES if authenticated, #MHD_NO if not, | 4485 | * @return #MHD_YES if authenticated, #MHD_NO if not, |
4377 | * #MHD_INVALID_NONCE if nonce is invalid or stale | 4486 | * #MHD_INVALID_NONCE if nonce is invalid or stale |
4378 | * @note Available since #MHD_VERSION 0x00096200 | 4487 | * @note Available since #MHD_VERSION 0x00096200 |
4488 | * @deprecated use MHD_digest_auth_check3() | ||
4379 | * @ingroup authentication | 4489 | * @ingroup authentication |
4380 | */ | 4490 | */ |
4381 | _MHD_EXTERN int | 4491 | _MHD_EXTERN int |
@@ -4402,8 +4512,8 @@ MHD_digest_auth_check2 (struct MHD_Connection *connection, | |||
4402 | * invalid in seconds | 4512 | * invalid in seconds |
4403 | * @return #MHD_YES if authenticated, #MHD_NO if not, | 4513 | * @return #MHD_YES if authenticated, #MHD_NO if not, |
4404 | * #MHD_INVALID_NONCE if nonce is invalid or stale | 4514 | * #MHD_INVALID_NONCE if nonce is invalid or stale |
4515 | * @deprecated use MHD_digest_auth_check3() | ||
4405 | * @ingroup authentication | 4516 | * @ingroup authentication |
4406 | * @deprecated use MHD_digest_auth_check2() | ||
4407 | */ | 4517 | */ |
4408 | _MHD_EXTERN int | 4518 | _MHD_EXTERN int |
4409 | MHD_digest_auth_check (struct MHD_Connection *connection, | 4519 | MHD_digest_auth_check (struct MHD_Connection *connection, |
@@ -4429,6 +4539,7 @@ MHD_digest_auth_check (struct MHD_Connection *connection, | |||
4429 | * @return #MHD_YES if authenticated, #MHD_NO if not, | 4539 | * @return #MHD_YES if authenticated, #MHD_NO if not, |
4430 | * #MHD_INVALID_NONCE if nonce is invalid or stale | 4540 | * #MHD_INVALID_NONCE if nonce is invalid or stale |
4431 | * @note Available since #MHD_VERSION 0x00096200 | 4541 | * @note Available since #MHD_VERSION 0x00096200 |
4542 | * @deprecated use MHD_digest_auth_check_digest3() | ||
4432 | * @ingroup authentication | 4543 | * @ingroup authentication |
4433 | */ | 4544 | */ |
4434 | _MHD_EXTERN int | 4545 | _MHD_EXTERN int |
@@ -4457,8 +4568,8 @@ MHD_digest_auth_check_digest2 (struct MHD_Connection *connection, | |||
4457 | * @return #MHD_YES if authenticated, #MHD_NO if not, | 4568 | * @return #MHD_YES if authenticated, #MHD_NO if not, |
4458 | * #MHD_INVALID_NONCE if nonce is invalid or stale | 4569 | * #MHD_INVALID_NONCE if nonce is invalid or stale |
4459 | * @note Available since #MHD_VERSION 0x00096000 | 4570 | * @note Available since #MHD_VERSION 0x00096000 |
4571 | * @deprecated use #MHD_digest_auth_check_digest3() | ||
4460 | * @ingroup authentication | 4572 | * @ingroup authentication |
4461 | * @deprecated use #MHD_digest_auth_check_digest2() | ||
4462 | */ | 4573 | */ |
4463 | _MHD_EXTERN int | 4574 | _MHD_EXTERN int |
4464 | MHD_digest_auth_check_digest (struct MHD_Connection *connection, | 4575 | MHD_digest_auth_check_digest (struct MHD_Connection *connection, |
@@ -4477,8 +4588,8 @@ MHD_digest_auth_check_digest (struct MHD_Connection *connection, | |||
4477 | * @param response reply to send; should contain the "access denied" | 4588 | * @param response reply to send; should contain the "access denied" |
4478 | * body; note that this function will set the "WWW Authenticate" | 4589 | * body; note that this function will set the "WWW Authenticate" |
4479 | * header and that the caller should not do this; the NULL is tolerated | 4590 | * header and that the caller should not do this; the NULL is tolerated |
4480 | * @param signal_stale #MHD_YES if the nonce is invalid to add | 4591 | * @param signal_stale #MHD_YES if the nonce is stale to add |
4481 | * 'stale=true' to the authentication header | 4592 | * 'stale=true' to the authentication header |
4482 | * @param algo digest algorithm to use | 4593 | * @param algo digest algorithm to use |
4483 | * @return #MHD_YES on success, #MHD_NO otherwise | 4594 | * @return #MHD_YES on success, #MHD_NO otherwise |
4484 | * @note Available since #MHD_VERSION 0x00096200 | 4595 | * @note Available since #MHD_VERSION 0x00096200 |
@@ -4504,8 +4615,8 @@ MHD_queue_auth_fail_response2 (struct MHD_Connection *connection, | |||
4504 | * @param response reply to send; should contain the "access denied" | 4615 | * @param response reply to send; should contain the "access denied" |
4505 | * body; note that this function will set the "WWW Authenticate" | 4616 | * body; note that this function will set the "WWW Authenticate" |
4506 | * header and that the caller should not do this; the NULL is tolerated | 4617 | * header and that the caller should not do this; the NULL is tolerated |
4507 | * @param signal_stale #MHD_YES if the nonce is invalid to add | 4618 | * @param signal_stale #MHD_YES if the nonce is stale to add |
4508 | * 'stale=true' to the authentication header | 4619 | * 'stale=true' to the authentication header |
4509 | * @return #MHD_YES on success, #MHD_NO otherwise | 4620 | * @return #MHD_YES on success, #MHD_NO otherwise |
4510 | * @ingroup authentication | 4621 | * @ingroup authentication |
4511 | * @deprecated use MHD_queue_auth_fail_response2() | 4622 | * @deprecated use MHD_queue_auth_fail_response2() |
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index c7d13866..26f972b8 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
@@ -1,6 +1,7 @@ | |||
1 | /* | 1 | /* |
2 | This file is part of libmicrohttpd | 2 | This file is part of libmicrohttpd |
3 | Copyright (C) 2010, 2011, 2012, 2015, 2018 Daniel Pittman and Christian Grothoff | 3 | Copyright (C) 2010, 2011, 2012, 2015, 2018 Daniel Pittman and Christian Grothoff |
4 | Copyright (C) 2014-2022 Evgeny Grin (Karlson2k) | ||
4 | 5 | ||
5 | This library is free software; you can redistribute it and/or | 6 | This library is free software; you can redistribute it and/or |
6 | modify it under the terms of the GNU Lesser General Public | 7 | modify it under the terms of the GNU Lesser General Public |
@@ -22,6 +23,7 @@ | |||
22 | * @author Amr Ali | 23 | * @author Amr Ali |
23 | * @author Matthieu Speder | 24 | * @author Matthieu Speder |
24 | * @author Christian Grothoff (RFC 7616 support) | 25 | * @author Christian Grothoff (RFC 7616 support) |
26 | * @author Karlson2k (Evgeny Grin) | ||
25 | */ | 27 | */ |
26 | #include "platform.h" | 28 | #include "platform.h" |
27 | #include "mhd_limits.h" | 29 | #include "mhd_limits.h" |
@@ -153,63 +155,6 @@ | |||
153 | */ | 155 | */ |
154 | #define _MHD_SESS_TOKEN "-sess" | 156 | #define _MHD_SESS_TOKEN "-sess" |
155 | 157 | ||
156 | |||
157 | /** | ||
158 | * The result of digest authentication of the client. | ||
159 | */ | ||
160 | enum MHD_DigestAuthResult | ||
161 | { | ||
162 | /** | ||
163 | * Authentication OK | ||
164 | */ | ||
165 | MHD_DAUTH_OK = 1, | ||
166 | |||
167 | /** | ||
168 | * General error, like "out of memory" | ||
169 | */ | ||
170 | MHD_DAUTH_ERROR = 0, | ||
171 | |||
172 | /** | ||
173 | * No "Authorization" header or wrong format of the header. | ||
174 | */ | ||
175 | MHD_DAUTH_WRONG_HEADER = -1, | ||
176 | |||
177 | /** | ||
178 | * Wrong 'username'. | ||
179 | */ | ||
180 | MHD_DAUTH_WRONG_USERNAME = -2, | ||
181 | |||
182 | /** | ||
183 | * Wrong 'realm'. | ||
184 | */ | ||
185 | MHD_DAUTH_WRONG_REALM = -3, | ||
186 | |||
187 | /** | ||
188 | * Wrong 'URI' (or URI parameters). | ||
189 | */ | ||
190 | MHD_DAUTH_WRONG_URI = -4, | ||
191 | |||
192 | /* The different form of naming is intentionally used for the results below, | ||
193 | * as they are more important */ | ||
194 | |||
195 | /** | ||
196 | * The 'nonce' is too old. Suggest the client to retry with the same | ||
197 | * username and password to get the fresh 'nonce'. | ||
198 | * The validity of the 'nonce' may not be checked. | ||
199 | */ | ||
200 | MHD_DAUTH_NONCE_STALE = -16, | ||
201 | |||
202 | /** | ||
203 | * The 'nonce' is wrong. May indicate an attack attempt. | ||
204 | */ | ||
205 | MHD_DAUTH_NONCE_WRONG = -32, | ||
206 | |||
207 | /** | ||
208 | * The 'response' is wrong. May indicate an attack attempt. | ||
209 | */ | ||
210 | MHD_DAUTH_RESPONSE_WRONG = -33, | ||
211 | }; | ||
212 | |||
213 | /** | 158 | /** |
214 | * The result of nonce-nc map array check. | 159 | * The result of nonce-nc map array check. |
215 | */ | 160 | */ |
@@ -1586,7 +1531,7 @@ digest_auth_check_all (struct MHD_Connection *connection, | |||
1586 | * Authenticates the authorization header sent by the client. | 1531 | * Authenticates the authorization header sent by the client. |
1587 | * Uses #MHD_DIGEST_ALG_MD5 (for now, for backwards-compatibility). | 1532 | * Uses #MHD_DIGEST_ALG_MD5 (for now, for backwards-compatibility). |
1588 | * Note that this MAY change to #MHD_DIGEST_ALG_AUTO in the future. | 1533 | * Note that this MAY change to #MHD_DIGEST_ALG_AUTO in the future. |
1589 | * If you want to be sure you get MD5, use #MHD_digest_auth_check2 | 1534 | * If you want to be sure you get MD5, use #MHD_digest_auth_check2() |
1590 | * and specify MD5 explicitly. | 1535 | * and specify MD5 explicitly. |
1591 | * | 1536 | * |
1592 | * @param connection The MHD connection structure | 1537 | * @param connection The MHD connection structure |
@@ -1597,6 +1542,7 @@ digest_auth_check_all (struct MHD_Connection *connection, | |||
1597 | * invalid in seconds | 1542 | * invalid in seconds |
1598 | * @return #MHD_YES if authenticated, #MHD_NO if not, | 1543 | * @return #MHD_YES if authenticated, #MHD_NO if not, |
1599 | * #MHD_INVALID_NONCE if nonce is invalid or stale | 1544 | * #MHD_INVALID_NONCE if nonce is invalid or stale |
1545 | * @deprecated use MHD_digest_auth_check3() | ||
1600 | * @ingroup authentication | 1546 | * @ingroup authentication |
1601 | */ | 1547 | */ |
1602 | _MHD_EXTERN int | 1548 | _MHD_EXTERN int |
@@ -1667,6 +1613,86 @@ MHD_digest_auth_check (struct MHD_Connection *connection, | |||
1667 | /** | 1613 | /** |
1668 | * Authenticates the authorization header sent by the client. | 1614 | * Authenticates the authorization header sent by the client. |
1669 | * | 1615 | * |
1616 | * @param connection the MHD connection structure | ||
1617 | * @param realm the realm to be used for authorization of the client | ||
1618 | * @param username the username needs to be authenticated | ||
1619 | * @param password the password used in the authentication | ||
1620 | * @param nonce_timeout the nonce validity duration in seconds | ||
1621 | * @param algo the digest algorithms allowed for verification | ||
1622 | * @return #MHD_DAUTH_OK if authenticated, | ||
1623 | * the error code otherwise | ||
1624 | * @note Available since #MHD_VERSION 0x00097513 | ||
1625 | * @ingroup authentication | ||
1626 | */ | ||
1627 | _MHD_EXTERN enum MHD_DigestAuthResult | ||
1628 | MHD_digest_auth_check3 (struct MHD_Connection *connection, | ||
1629 | const char *realm, | ||
1630 | const char *username, | ||
1631 | const char *password, | ||
1632 | unsigned int nonce_timeout, | ||
1633 | enum MHD_DigestAuthAlgorithm algo) | ||
1634 | { | ||
1635 | SETUP_DA (algo, da); | ||
1636 | |||
1637 | mhd_assert (NULL != password); | ||
1638 | if (0 == da.digest_size) | ||
1639 | MHD_PANIC (_ ("Wrong algo value.\n")); /* API violation! */ | ||
1640 | |||
1641 | return digest_auth_check_all (connection, | ||
1642 | &da, | ||
1643 | realm, | ||
1644 | username, | ||
1645 | password, | ||
1646 | NULL, | ||
1647 | nonce_timeout); | ||
1648 | } | ||
1649 | |||
1650 | |||
1651 | /** | ||
1652 | * Authenticates the authorization header sent by the client. | ||
1653 | * | ||
1654 | * @param connection the MHD connection structure | ||
1655 | * @param realm the realm to be used for authorization of the client | ||
1656 | * @param username the username needs to be authenticated | ||
1657 | * @param digest the pointer to the binary digest for the precalculated hash | ||
1658 | * value "username:realm:password" with specified @a algo | ||
1659 | * @param digest_size the number of bytes in @a digest (the size must match | ||
1660 | * @a algo!) | ||
1661 | * @param nonce_timeout the nonce validity duration in seconds | ||
1662 | * @param algo digest algorithms allowed for verification | ||
1663 | * @return #MHD_DAUTH_OK if authenticated, | ||
1664 | * the error code otherwise | ||
1665 | * @note Available since #MHD_VERSION 0x00097513 | ||
1666 | * @ingroup authentication | ||
1667 | */ | ||
1668 | _MHD_EXTERN enum MHD_DigestAuthResult | ||
1669 | MHD_digest_auth_check_digest3 (struct MHD_Connection *connection, | ||
1670 | const char *realm, | ||
1671 | const char *username, | ||
1672 | const uint8_t *digest, | ||
1673 | size_t digest_size, | ||
1674 | unsigned int nonce_timeout, | ||
1675 | enum MHD_DigestAuthAlgorithm algo) | ||
1676 | { | ||
1677 | SETUP_DA (algo, da); | ||
1678 | |||
1679 | mhd_assert (NULL != digest); | ||
1680 | if ((da.digest_size != digest_size) || (0 == digest_size)) | ||
1681 | MHD_PANIC (_ ("Digest size mismatch.\n")); /* API violation! */ | ||
1682 | |||
1683 | return digest_auth_check_all (connection, | ||
1684 | &da, | ||
1685 | realm, | ||
1686 | username, | ||
1687 | NULL, | ||
1688 | digest, | ||
1689 | nonce_timeout); | ||
1690 | } | ||
1691 | |||
1692 | |||
1693 | /** | ||
1694 | * Authenticates the authorization header sent by the client. | ||
1695 | * | ||
1670 | * @param connection The MHD connection structure | 1696 | * @param connection The MHD connection structure |
1671 | * @param realm The realm presented to the client | 1697 | * @param realm The realm presented to the client |
1672 | * @param username The username needs to be authenticated | 1698 | * @param username The username needs to be authenticated |
@@ -1676,6 +1702,8 @@ MHD_digest_auth_check (struct MHD_Connection *connection, | |||
1676 | * @param algo digest algorithms allowed for verification | 1702 | * @param algo digest algorithms allowed for verification |
1677 | * @return #MHD_YES if authenticated, #MHD_NO if not, | 1703 | * @return #MHD_YES if authenticated, #MHD_NO if not, |
1678 | * #MHD_INVALID_NONCE if nonce is invalid or stale | 1704 | * #MHD_INVALID_NONCE if nonce is invalid or stale |
1705 | * @note Available since #MHD_VERSION 0x00096200 | ||
1706 | * @deprecated use MHD_digest_auth_check3() | ||
1679 | * @ingroup authentication | 1707 | * @ingroup authentication |
1680 | */ | 1708 | */ |
1681 | _MHD_EXTERN int | 1709 | _MHD_EXTERN int |
@@ -1687,18 +1715,12 @@ MHD_digest_auth_check2 (struct MHD_Connection *connection, | |||
1687 | enum MHD_DigestAuthAlgorithm algo) | 1715 | enum MHD_DigestAuthAlgorithm algo) |
1688 | { | 1716 | { |
1689 | enum MHD_DigestAuthResult res; | 1717 | enum MHD_DigestAuthResult res; |
1690 | SETUP_DA (algo, da); | 1718 | res = MHD_digest_auth_check3 (connection, |
1691 | 1719 | realm, | |
1692 | mhd_assert (NULL != password); | 1720 | username, |
1693 | if (0 == da.digest_size) | 1721 | password, |
1694 | MHD_PANIC (_ ("Wrong algo value.\n")); /* API violation! */ | 1722 | nonce_timeout, |
1695 | res = digest_auth_check_all (connection, | 1723 | algo); |
1696 | &da, | ||
1697 | realm, | ||
1698 | username, | ||
1699 | password, | ||
1700 | NULL, | ||
1701 | nonce_timeout); | ||
1702 | if (MHD_DAUTH_OK == res) | 1724 | if (MHD_DAUTH_OK == res) |
1703 | return MHD_YES; | 1725 | return MHD_YES; |
1704 | else if ((MHD_DAUTH_NONCE_STALE == res) || (MHD_DAUTH_NONCE_WRONG == res)) | 1726 | else if ((MHD_DAUTH_NONCE_STALE == res) || (MHD_DAUTH_NONCE_WRONG == res)) |
@@ -1716,13 +1738,15 @@ MHD_digest_auth_check2 (struct MHD_Connection *connection, | |||
1716 | * @param username The username needs to be authenticated | 1738 | * @param username The username needs to be authenticated |
1717 | * @param digest An `unsigned char *' pointer to the binary MD5 sum | 1739 | * @param digest An `unsigned char *' pointer to the binary MD5 sum |
1718 | * for the precalculated hash value "username:realm:password" | 1740 | * for the precalculated hash value "username:realm:password" |
1719 | * of #MHD_MD5_DIGEST_SIZE bytes | 1741 | * of @a digest_size bytes |
1720 | * @param digest_size number of bytes in @a digest | 1742 | * @param digest_size number of bytes in @a digest (size must match @a algo!) |
1721 | * @param nonce_timeout The amount of time for a nonce to be | 1743 | * @param nonce_timeout The amount of time for a nonce to be |
1722 | * invalid in seconds | 1744 | * invalid in seconds |
1723 | * @param algo digest algorithms allowed for verification | 1745 | * @param algo digest algorithms allowed for verification |
1724 | * @return #MHD_YES if authenticated, #MHD_NO if not, | 1746 | * @return #MHD_YES if authenticated, #MHD_NO if not, |
1725 | * #MHD_INVALID_NONCE if nonce is invalid or stale | 1747 | * #MHD_INVALID_NONCE if nonce is invalid or stale |
1748 | * @note Available since #MHD_VERSION 0x00096200 | ||
1749 | * @deprecated use MHD_digest_auth_check_digest3() | ||
1726 | * @ingroup authentication | 1750 | * @ingroup authentication |
1727 | */ | 1751 | */ |
1728 | _MHD_EXTERN int | 1752 | _MHD_EXTERN int |
@@ -1735,18 +1759,14 @@ MHD_digest_auth_check_digest2 (struct MHD_Connection *connection, | |||
1735 | enum MHD_DigestAuthAlgorithm algo) | 1759 | enum MHD_DigestAuthAlgorithm algo) |
1736 | { | 1760 | { |
1737 | enum MHD_DigestAuthResult res; | 1761 | enum MHD_DigestAuthResult res; |
1738 | SETUP_DA (algo, da); | ||
1739 | 1762 | ||
1740 | mhd_assert (NULL != digest); | 1763 | res = MHD_digest_auth_check_digest3 (connection, |
1741 | if ((da.digest_size != digest_size) || (0 == digest_size)) | 1764 | realm, |
1742 | MHD_PANIC (_ ("Digest size mismatch.\n")); /* API violation! */ | 1765 | username, |
1743 | res = digest_auth_check_all (connection, | 1766 | digest, |
1744 | &da, | 1767 | digest_size, |
1745 | realm, | 1768 | nonce_timeout, |
1746 | username, | 1769 | algo); |
1747 | NULL, | ||
1748 | digest, | ||
1749 | nonce_timeout); | ||
1750 | if (MHD_DAUTH_OK == res) | 1770 | if (MHD_DAUTH_OK == res) |
1751 | return MHD_YES; | 1771 | return MHD_YES; |
1752 | else if ((MHD_DAUTH_NONCE_STALE == res) || (MHD_DAUTH_NONCE_WRONG == res)) | 1772 | else if ((MHD_DAUTH_NONCE_STALE == res) || (MHD_DAUTH_NONCE_WRONG == res)) |
@@ -1756,20 +1776,22 @@ MHD_digest_auth_check_digest2 (struct MHD_Connection *connection, | |||
1756 | 1776 | ||
1757 | 1777 | ||
1758 | /** | 1778 | /** |
1759 | * Authenticates the authorization header sent by the client. | 1779 | * Authenticates the authorization header sent by the client |
1760 | * Uses #MHD_DIGEST_ALG_MD5 (required, as @a digest is of fixed | 1780 | * Uses #MHD_DIGEST_ALG_MD5 (required, as @a digest is of fixed |
1761 | * size). | 1781 | * size). |
1762 | * | 1782 | * |
1763 | * @param connection The MHD connection structure | 1783 | * @param connection The MHD connection structure |
1764 | * @param realm The realm presented to the client | 1784 | * @param realm The realm presented to the client |
1765 | * @param username The username needs to be authenticated | 1785 | * @param username The username needs to be authenticated |
1766 | * @param digest An `unsigned char *' pointer to the binary digest | 1786 | * @param digest An `unsigned char *' pointer to the binary hash |
1767 | * for the precalculated hash value "username:realm:password" | 1787 | * for the precalculated hash value "username:realm:password"; |
1768 | * of @a digest_size bytes | 1788 | * length must be #MHD_MD5_DIGEST_SIZE bytes |
1769 | * @param nonce_timeout The amount of time for a nonce to be | 1789 | * @param nonce_timeout The amount of time for a nonce to be |
1770 | * invalid in seconds | 1790 | * invalid in seconds |
1771 | * @return #MHD_YES if authenticated, #MHD_NO if not, | 1791 | * @return #MHD_YES if authenticated, #MHD_NO if not, |
1772 | * #MHD_INVALID_NONCE if nonce is invalid or stale | 1792 | * #MHD_INVALID_NONCE if nonce is invalid or stale |
1793 | * @note Available since #MHD_VERSION 0x00096000 | ||
1794 | * @deprecated use #MHD_digest_auth_check_digest3() | ||
1773 | * @ingroup authentication | 1795 | * @ingroup authentication |
1774 | */ | 1796 | */ |
1775 | _MHD_EXTERN int | 1797 | _MHD_EXTERN int |
@@ -1798,8 +1820,8 @@ MHD_digest_auth_check_digest (struct MHD_Connection *connection, | |||
1798 | * @param response reply to send; should contain the "access denied" | 1820 | * @param response reply to send; should contain the "access denied" |
1799 | * body; note that this function will set the "WWW Authenticate" | 1821 | * body; note that this function will set the "WWW Authenticate" |
1800 | * header and that the caller should not do this; the NULL is tolerated | 1822 | * header and that the caller should not do this; the NULL is tolerated |
1801 | * @param signal_stale #MHD_YES if the nonce is invalid to add | 1823 | * @param signal_stale #MHD_YES if the nonce is stale to add |
1802 | * 'stale=true' to the authentication header | 1824 | * 'stale=true' to the authentication header |
1803 | * @param algo digest algorithm to use | 1825 | * @param algo digest algorithm to use |
1804 | * @return #MHD_YES on success, #MHD_NO otherwise | 1826 | * @return #MHD_YES on success, #MHD_NO otherwise |
1805 | * @note Available since #MHD_VERSION 0x00096200 | 1827 | * @note Available since #MHD_VERSION 0x00096200 |
@@ -1928,9 +1950,9 @@ MHD_queue_auth_fail_response2 (struct MHD_Connection *connection, | |||
1928 | * @param opaque string to user for opaque value | 1950 | * @param opaque string to user for opaque value |
1929 | * @param response reply to send; should contain the "access denied" | 1951 | * @param response reply to send; should contain the "access denied" |
1930 | * body; note that this function will set the "WWW Authenticate" | 1952 | * body; note that this function will set the "WWW Authenticate" |
1931 | * header and that the caller should not do this | 1953 | * header and that the caller should not do this; the NULL is tolerated |
1932 | * @param signal_stale #MHD_YES if the nonce is invalid to add | 1954 | * @param signal_stale #MHD_YES if the nonce is stale to add |
1933 | * 'stale=true' to the authentication header | 1955 | * 'stale=true' to the authentication header |
1934 | * @return #MHD_YES on success, #MHD_NO otherwise | 1956 | * @return #MHD_YES on success, #MHD_NO otherwise |
1935 | * @ingroup authentication | 1957 | * @ingroup authentication |
1936 | * @deprecated use MHD_queue_auth_fail_response2() | 1958 | * @deprecated use MHD_queue_auth_fail_response2() |