diff options
author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-06-23 12:39:57 +0300 |
---|---|---|
committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-06-23 12:42:43 +0300 |
commit | 8e4eba0e70690673643c0945bf6433f766a2bf65 (patch) | |
tree | ad4ba88a67b5d1938e6996390ccf0850f3905444 | |
parent | b41fedd52bfaa1e13f796a94d5e1b0be811ee0b4 (diff) | |
download | libmicrohttpd-8e4eba0e70690673643c0945bf6433f766a2bf65.tar.gz libmicrohttpd-8e4eba0e70690673643c0945bf6433f766a2bf65.zip |
digestauth: use GET parameters in digest calculation
-rw-r--r-- | src/microhttpd/digestauth.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index 6094ac7d..1e25fa4a 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
@@ -930,12 +930,14 @@ calculate_nonce (uint64_t nonce_time, | |||
930 | size_t rnd_size, | 930 | size_t rnd_size, |
931 | const char *uri, | 931 | const char *uri, |
932 | size_t uri_len, | 932 | size_t uri_len, |
933 | struct MHD_HTTP_Req_Header *first_header, | ||
933 | const char *realm, | 934 | const char *realm, |
934 | size_t realm_len, | 935 | size_t realm_len, |
935 | struct DigestAlgorithm *da, | 936 | struct DigestAlgorithm *da, |
936 | char *nonce) | 937 | char *nonce) |
937 | { | 938 | { |
938 | uint8_t timestamp[TIMESTAMP_BIN_SIZE]; | 939 | uint8_t timestamp[TIMESTAMP_BIN_SIZE]; |
940 | struct MHD_HTTP_Req_Header *h; | ||
939 | 941 | ||
940 | digest_init (da); | 942 | digest_init (da); |
941 | /* If the nonce_time is milliseconds, then the same 48 bit value will repeat | 943 | /* If the nonce_time is milliseconds, then the same 48 bit value will repeat |
@@ -971,6 +973,17 @@ calculate_nonce (uint64_t nonce_time, | |||
971 | digest_update (da, | 973 | digest_update (da, |
972 | (const unsigned char *) uri, | 974 | (const unsigned char *) uri, |
973 | uri_len); | 975 | uri_len); |
976 | for (h = first_header; NULL != h; h = h->next) | ||
977 | { | ||
978 | if (MHD_GET_ARGUMENT_KIND != h->kind) | ||
979 | continue; | ||
980 | digest_update (da, (const uint8_t *) "##", 3); | ||
981 | if (0 != h->header_size) | ||
982 | digest_update (da, (const uint8_t *) h->header, h->header_size); | ||
983 | digest_update (da, (const uint8_t *) "#", 2); | ||
984 | if (0 != h->value_size) | ||
985 | digest_update (da, (const uint8_t *) h->value, h->value_size); | ||
986 | } | ||
974 | digest_update (da, | 987 | digest_update (da, |
975 | (const unsigned char *) ":", | 988 | (const unsigned char *) ":", |
976 | 1); | 989 | 1); |
@@ -1081,6 +1094,7 @@ calculate_add_nonce (struct MHD_Connection *const connection, | |||
1081 | daemon->digest_auth_rand_size, | 1094 | daemon->digest_auth_rand_size, |
1082 | connection->url, | 1095 | connection->url, |
1083 | connection->url_len, | 1096 | connection->url_len, |
1097 | connection->headers_received, | ||
1084 | realm, | 1098 | realm, |
1085 | realm_len, | 1099 | realm_len, |
1086 | da, | 1100 | da, |
@@ -1593,6 +1607,7 @@ digest_auth_check_all_inner (struct MHD_Connection *connection, | |||
1593 | daemon->digest_auth_rand_size, | 1607 | daemon->digest_auth_rand_size, |
1594 | connection->url, | 1608 | connection->url, |
1595 | connection->url_len, | 1609 | connection->url_len, |
1610 | connection->headers_received, | ||
1596 | realm, | 1611 | realm, |
1597 | realm_len, | 1612 | realm_len, |
1598 | da, | 1613 | da, |