diff options
author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-07-20 17:06:40 +0300 |
---|---|---|
committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-07-21 15:07:06 +0300 |
commit | b528bec9c1a9332c49813d8e3df7dcc0eb7b63db (patch) | |
tree | df8d18a9c3d815f31a135b0732ea4b5c4d65ee5f | |
parent | e1e5a395681d56289d2de5616b112a8e01ed9052 (diff) | |
download | libmicrohttpd-b528bec9c1a9332c49813d8e3df7dcc0eb7b63db.tar.gz libmicrohttpd-b528bec9c1a9332c49813d8e3df7dcc0eb7b63db.zip |
digest_auth_check(): added support for username in extended notation
-rw-r--r-- | src/microhttpd/digestauth.c | 39 |
1 files changed, 36 insertions, 3 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index fac12ec0..6bb2aa22 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
@@ -1937,8 +1937,15 @@ digest_auth_check_all_inner (struct MHD_Connection *connection, | |||
1937 | return MHD_DAUTH_WRONG_HEADER; | 1937 | return MHD_DAUTH_WRONG_HEADER; |
1938 | 1938 | ||
1939 | /* ** A quick check for presence of all required parameters ** */ | 1939 | /* ** A quick check for presence of all required parameters ** */ |
1940 | if (NULL == params->username.value.str) | 1940 | if ((NULL == params->username.value.str) && |
1941 | (NULL == params->username_ext.value.str)) | ||
1941 | return MHD_DAUTH_WRONG_HEADER; | 1942 | return MHD_DAUTH_WRONG_HEADER; |
1943 | else if ((NULL != params->username.value.str) && | ||
1944 | (NULL != params->username_ext.value.str)) | ||
1945 | return MHD_DAUTH_WRONG_HEADER; /* Parameters cannot be used together */ | ||
1946 | else if ((NULL != params->username_ext.value.str) && | ||
1947 | (MHD_DAUTH_EXT_PARAM_MIN_LEN > params->username_ext.value.len)) | ||
1948 | return MHD_DAUTH_WRONG_HEADER; /* Broken extended notation */ | ||
1942 | 1949 | ||
1943 | if (NULL == params->realm.value.str) | 1950 | if (NULL == params->realm.value.str) |
1944 | return MHD_DAUTH_WRONG_HEADER; | 1951 | return MHD_DAUTH_WRONG_HEADER; |
@@ -1989,8 +1996,34 @@ digest_auth_check_all_inner (struct MHD_Connection *connection, | |||
1989 | 1996 | ||
1990 | /* Check 'username' */ | 1997 | /* Check 'username' */ |
1991 | username_len = strlen (username); | 1998 | username_len = strlen (username); |
1992 | if (! is_param_equal (¶ms->username, username, username_len)) | 1999 | if (NULL != params->username.value.str) |
1993 | return MHD_DAUTH_WRONG_USERNAME; | 2000 | { /* Username in standard notation */ |
2001 | if (! is_param_equal (¶ms->username, username, username_len)) | ||
2002 | return MHD_DAUTH_WRONG_USERNAME; | ||
2003 | } | ||
2004 | else | ||
2005 | { /* Username in extended notation */ | ||
2006 | char *r_uname; | ||
2007 | size_t buf_size = params->username_ext.value.len; | ||
2008 | ssize_t res; | ||
2009 | |||
2010 | mhd_assert (NULL != params->username_ext.value.str); | ||
2011 | mhd_assert (MHD_DAUTH_EXT_PARAM_MIN_LEN <= buf_size); /* It was checked already */ | ||
2012 | buf_size += 1; /* For zero-termination */ | ||
2013 | buf_size -= MHD_DAUTH_EXT_PARAM_MIN_LEN; | ||
2014 | r_uname = get_buffer_for_size (tmp1, ptmp2, &tmp2_size, buf_size); | ||
2015 | if (NULL == r_uname) | ||
2016 | return (_MHD_AUTH_DIGEST_MAX_PARAM_SIZE < buf_size) ? | ||
2017 | MHD_DAUTH_TOO_LARGE : MHD_DAUTH_ERROR; | ||
2018 | res = get_rq_extended_uname_copy_z (params->username_ext.value.str, | ||
2019 | params->username_ext.value.len, | ||
2020 | r_uname, buf_size); | ||
2021 | if (0 > res) | ||
2022 | return MHD_DAUTH_WRONG_HEADER; /* Broken extended notation */ | ||
2023 | if ((username_len != (size_t) res) || | ||
2024 | (0 != memcmp (username, r_uname, username_len))) | ||
2025 | return MHD_DAUTH_WRONG_USERNAME; | ||
2026 | } | ||
1994 | /* 'username' valid */ | 2027 | /* 'username' valid */ |
1995 | 2028 | ||
1996 | /* Check 'realm' */ | 2029 | /* Check 'realm' */ |