diff options
| author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-06-23 12:39:57 +0300 |
|---|---|---|
| committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-06-23 12:42:43 +0300 |
| commit | 8e4eba0e70690673643c0945bf6433f766a2bf65 (patch) | |
| tree | ad4ba88a67b5d1938e6996390ccf0850f3905444 | |
| parent | b41fedd52bfaa1e13f796a94d5e1b0be811ee0b4 (diff) | |
| download | libmicrohttpd-8e4eba0e70690673643c0945bf6433f766a2bf65.tar.gz libmicrohttpd-8e4eba0e70690673643c0945bf6433f766a2bf65.zip | |
digestauth: use GET parameters in digest calculation
| -rw-r--r-- | src/microhttpd/digestauth.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index 6094ac7d..1e25fa4a 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
| @@ -930,12 +930,14 @@ calculate_nonce (uint64_t nonce_time, | |||
| 930 | size_t rnd_size, | 930 | size_t rnd_size, |
| 931 | const char *uri, | 931 | const char *uri, |
| 932 | size_t uri_len, | 932 | size_t uri_len, |
| 933 | struct MHD_HTTP_Req_Header *first_header, | ||
| 933 | const char *realm, | 934 | const char *realm, |
| 934 | size_t realm_len, | 935 | size_t realm_len, |
| 935 | struct DigestAlgorithm *da, | 936 | struct DigestAlgorithm *da, |
| 936 | char *nonce) | 937 | char *nonce) |
| 937 | { | 938 | { |
| 938 | uint8_t timestamp[TIMESTAMP_BIN_SIZE]; | 939 | uint8_t timestamp[TIMESTAMP_BIN_SIZE]; |
| 940 | struct MHD_HTTP_Req_Header *h; | ||
| 939 | 941 | ||
| 940 | digest_init (da); | 942 | digest_init (da); |
| 941 | /* If the nonce_time is milliseconds, then the same 48 bit value will repeat | 943 | /* If the nonce_time is milliseconds, then the same 48 bit value will repeat |
| @@ -971,6 +973,17 @@ calculate_nonce (uint64_t nonce_time, | |||
| 971 | digest_update (da, | 973 | digest_update (da, |
| 972 | (const unsigned char *) uri, | 974 | (const unsigned char *) uri, |
| 973 | uri_len); | 975 | uri_len); |
| 976 | for (h = first_header; NULL != h; h = h->next) | ||
| 977 | { | ||
| 978 | if (MHD_GET_ARGUMENT_KIND != h->kind) | ||
| 979 | continue; | ||
| 980 | digest_update (da, (const uint8_t *) "##", 3); | ||
| 981 | if (0 != h->header_size) | ||
| 982 | digest_update (da, (const uint8_t *) h->header, h->header_size); | ||
| 983 | digest_update (da, (const uint8_t *) "#", 2); | ||
| 984 | if (0 != h->value_size) | ||
| 985 | digest_update (da, (const uint8_t *) h->value, h->value_size); | ||
| 986 | } | ||
| 974 | digest_update (da, | 987 | digest_update (da, |
| 975 | (const unsigned char *) ":", | 988 | (const unsigned char *) ":", |
| 976 | 1); | 989 | 1); |
| @@ -1081,6 +1094,7 @@ calculate_add_nonce (struct MHD_Connection *const connection, | |||
| 1081 | daemon->digest_auth_rand_size, | 1094 | daemon->digest_auth_rand_size, |
| 1082 | connection->url, | 1095 | connection->url, |
| 1083 | connection->url_len, | 1096 | connection->url_len, |
| 1097 | connection->headers_received, | ||
| 1084 | realm, | 1098 | realm, |
| 1085 | realm_len, | 1099 | realm_len, |
| 1086 | da, | 1100 | da, |
| @@ -1593,6 +1607,7 @@ digest_auth_check_all_inner (struct MHD_Connection *connection, | |||
| 1593 | daemon->digest_auth_rand_size, | 1607 | daemon->digest_auth_rand_size, |
| 1594 | connection->url, | 1608 | connection->url, |
| 1595 | connection->url_len, | 1609 | connection->url_len, |
| 1610 | connection->headers_received, | ||
| 1596 | realm, | 1611 | realm, |
| 1597 | realm_len, | 1612 | realm_len, |
| 1598 | da, | 1613 | da, |