diff options
author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-09-05 14:53:05 +0300 |
---|---|---|
committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-09-05 14:53:05 +0300 |
commit | c3680cb737bcac2a4dc14cca5a80af6ca0de21e7 (patch) | |
tree | 79133b01df7634dea51ab6894c4ef2683f0b30b0 | |
parent | 2699d2782011e97cf0b2563dab03d7237fb8fdb6 (diff) | |
download | libmicrohttpd-c3680cb737bcac2a4dc14cca5a80af6ca0de21e7.tar.gz libmicrohttpd-c3680cb737bcac2a4dc14cca5a80af6ca0de21e7.zip |
Digest Auth API: do not store 'userhash' in 'username' members
While the 'username' is used to carry 'userhash' in headers, it is
confusing as 'userhash' type of the data is different from type of
the 'username'. To make a clear distinction, use dedicated members
to store 'userhash'.
-rw-r--r-- | src/include/microhttpd.h | 79 | ||||
-rw-r--r-- | src/microhttpd/digestauth.c | 54 | ||||
-rw-r--r-- | src/testcurl/test_digestauth2.c | 62 | ||||
-rw-r--r-- | src/testcurl/test_digestauth_emu_ext.c | 8 |
4 files changed, 138 insertions, 65 deletions
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h index 7b72dfa6..c545ecc3 100644 --- a/src/include/microhttpd.h +++ b/src/include/microhttpd.h | |||
@@ -96,7 +96,7 @@ extern "C" | |||
96 | * they are parsed as decimal numbers. | 96 | * they are parsed as decimal numbers. |
97 | * Example: 0x01093001 = 1.9.30-1. | 97 | * Example: 0x01093001 = 1.9.30-1. |
98 | */ | 98 | */ |
99 | #define MHD_VERSION 0x00097536 | 99 | #define MHD_VERSION 0x00097537 |
100 | 100 | ||
101 | /* If generic headers don't work on your platform, include headers | 101 | /* If generic headers don't work on your platform, include headers |
102 | which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t', | 102 | which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t', |
@@ -4738,7 +4738,16 @@ MHD_digest_auth_calc_userhash_hex (enum MHD_DigestAuthAlgo3 algo3, | |||
4738 | /** | 4738 | /** |
4739 | * The type of username used by client in Digest Authorization header | 4739 | * The type of username used by client in Digest Authorization header |
4740 | * | 4740 | * |
4741 | * @note Available since #MHD_VERSION 0x00097519 | 4741 | * Values are sorted so simplified checks could be used. |
4742 | * For example: | ||
4743 | * * (value <= MHD_DIGEST_AUTH_UNAME_TYPE_INVALID) is true if not valid username | ||
4744 | * is provided by the client | ||
4745 | * * (value >= MHD_DIGEST_AUTH_UNAME_TYPE_USERHASH) is true if username is | ||
4746 | * provided in any form | ||
4747 | * * (value >= MHD_DIGEST_AUTH_UNAME_TYPE_STANDARD) is true if username is | ||
4748 | * provided in clear text (not userhash matching is needed) | ||
4749 | * | ||
4750 | * @note Available since #MHD_VERSION 0x00097537 | ||
4742 | */ | 4751 | */ |
4743 | enum MHD_DigestAuthUsernameType | 4752 | enum MHD_DigestAuthUsernameType |
4744 | { | 4753 | { |
@@ -4751,7 +4760,7 @@ enum MHD_DigestAuthUsernameType | |||
4751 | /** | 4760 | /** |
4752 | * The 'username' parameter is used to specify the username. | 4761 | * The 'username' parameter is used to specify the username. |
4753 | */ | 4762 | */ |
4754 | MHD_DIGEST_AUTH_UNAME_TYPE_STANDARD = 1, | 4763 | MHD_DIGEST_AUTH_UNAME_TYPE_STANDARD = (1 << 2), |
4755 | 4764 | ||
4756 | /** | 4765 | /** |
4757 | * The username is specified by 'username*' parameter with | 4766 | * The username is specified by 'username*' parameter with |
@@ -4759,14 +4768,14 @@ enum MHD_DigestAuthUsernameType | |||
4759 | * The only difference between standard and extended types is | 4768 | * The only difference between standard and extended types is |
4760 | * the way how username value is encoded in the header. | 4769 | * the way how username value is encoded in the header. |
4761 | */ | 4770 | */ |
4762 | MHD_DIGEST_AUTH_UNAME_TYPE_EXTENDED = 2, | 4771 | MHD_DIGEST_AUTH_UNAME_TYPE_EXTENDED = (1 << 3), |
4763 | 4772 | ||
4764 | /** | 4773 | /** |
4765 | * The username provided in form of 'userhash' as | 4774 | * The username provided in form of 'userhash' as |
4766 | * specified by RFC 7616 #section-3.4.4. | 4775 | * specified by RFC 7616 #section-3.4.4. |
4767 | * @sa #MHD_digest_auth_calc_userhash_hex(), #MHD_digest_auth_calc_userhash() | 4776 | * @sa #MHD_digest_auth_calc_userhash_hex(), #MHD_digest_auth_calc_userhash() |
4768 | */ | 4777 | */ |
4769 | MHD_DIGEST_AUTH_UNAME_TYPE_USERHASH = 3, | 4778 | MHD_DIGEST_AUTH_UNAME_TYPE_USERHASH = (1 << 1), |
4770 | 4779 | ||
4771 | /** | 4780 | /** |
4772 | * The invalid combination of username parameters are used by client. | 4781 | * The invalid combination of username parameters are used by client. |
@@ -4776,7 +4785,7 @@ enum MHD_DigestAuthUsernameType | |||
4776 | * * 'username*' used with invalid extended notation | 4785 | * * 'username*' used with invalid extended notation |
4777 | * * 'username' is not hexadecimal digits, while 'userhash' set to 'true' | 4786 | * * 'username' is not hexadecimal digits, while 'userhash' set to 'true' |
4778 | */ | 4787 | */ |
4779 | MHD_DIGEST_AUTH_UNAME_TYPE_INVALID = 15 | 4788 | MHD_DIGEST_AUTH_UNAME_TYPE_INVALID = (1 << 0) |
4780 | } _MHD_FIXED_ENUM; | 4789 | } _MHD_FIXED_ENUM; |
4781 | 4790 | ||
4782 | /** | 4791 | /** |
@@ -4883,7 +4892,7 @@ enum MHD_DigestAuthMultiQOP | |||
4883 | * | 4892 | * |
4884 | * Application may modify buffers as needed until #MHD_free() is called for | 4893 | * Application may modify buffers as needed until #MHD_free() is called for |
4885 | * pointer to this structure | 4894 | * pointer to this structure |
4886 | * @note Available since #MHD_VERSION 0x00097533 | 4895 | * @note Available since #MHD_VERSION 0x00097537 |
4887 | */ | 4896 | */ |
4888 | struct MHD_DigestAuthInfo | 4897 | struct MHD_DigestAuthInfo |
4889 | { | 4898 | { |
@@ -4902,14 +4911,12 @@ struct MHD_DigestAuthInfo | |||
4902 | 4911 | ||
4903 | /** | 4912 | /** |
4904 | * The username string. | 4913 | * The username string. |
4905 | * Valid only if username is standard, extended, or userhash. | 4914 | * Used only if username type is standard or extended, always NULL otherwise. |
4906 | * For userhash this is unqoted string without decoding of the | ||
4907 | * hexadecimal digits (as provided by the client). | ||
4908 | * If extended notation is used, this string is pct-decoded string | 4915 | * If extended notation is used, this string is pct-decoded string |
4909 | * with charset and language tag removed (i.e. it is original username | 4916 | * with charset and language tag removed (i.e. it is original username |
4910 | * extracted from the extended notation). | 4917 | * extracted from the extended notation). |
4911 | * This can be NULL is username is missing or invalid. | 4918 | * When userhash is used by the client, this member is NULL and |
4912 | * @sa #MHD_digest_auth_calc_userhash_hex() | 4919 | * @a userhash_hex is set. |
4913 | */ | 4920 | */ |
4914 | char *username; | 4921 | char *username; |
4915 | 4922 | ||
@@ -4920,11 +4927,27 @@ struct MHD_DigestAuthInfo | |||
4920 | size_t username_len; | 4927 | size_t username_len; |
4921 | 4928 | ||
4922 | /** | 4929 | /** |
4930 | * The userhash string. | ||
4931 | * Valid only if username type is userhash. | ||
4932 | * This is unqoted string without decoding of the hexadecimal | ||
4933 | * digits (as provided by the client). | ||
4934 | * @sa #MHD_digest_auth_calc_userhash_hex() | ||
4935 | */ | ||
4936 | char *userhash_hex; | ||
4937 | |||
4938 | /** | ||
4939 | * The length of the @a userhash_hex in characters. | ||
4940 | * The valid size should be #MHD_digest_get_hash_size(algo3) * 2 characters. | ||
4941 | * When the @a userhash_hex is NULL, this member is always zero. | ||
4942 | */ | ||
4943 | size_t userhash_hex_len; | ||
4944 | |||
4945 | /** | ||
4923 | * The userhash decoded to binary form. | 4946 | * The userhash decoded to binary form. |
4924 | * Used only if username type is userhash, always NULL otherwise. | 4947 | * Used only if username type is userhash, always NULL otherwise. |
4925 | * When not NULL, this points to binary sequence @a username_len /2 bytes | 4948 | * When not NULL, this points to binary sequence @a userhash_hex_len /2 bytes |
4926 | * long. | 4949 | * long. |
4927 | * The valid size should be #MHD_digest_get_hash_size(algo) bytes. | 4950 | * The valid size should be #MHD_digest_get_hash_size(algo3) bytes. |
4928 | * @warning This is binary data, no zero termination. | 4951 | * @warning This is binary data, no zero termination. |
4929 | * @warning To avoid buffer overruns, always check the size of the data before | 4952 | * @warning To avoid buffer overruns, always check the size of the data before |
4930 | * use, because @a userhash_bin can point even to zero-sized | 4953 | * use, because @a userhash_bin can point even to zero-sized |
@@ -5007,7 +5030,7 @@ MHD_digest_auth_get_request_info3 (struct MHD_Connection *connection); | |||
5007 | * | 5030 | * |
5008 | * Application may modify buffers as needed until #MHD_free() is called for | 5031 | * Application may modify buffers as needed until #MHD_free() is called for |
5009 | * pointer to this structure | 5032 | * pointer to this structure |
5010 | * @note Available since #MHD_VERSION 0x00097534 | 5033 | * @note Available since #MHD_VERSION 0x00097537 |
5011 | */ | 5034 | */ |
5012 | struct MHD_DigestAuthUsernameInfo | 5035 | struct MHD_DigestAuthUsernameInfo |
5013 | { | 5036 | { |
@@ -5028,12 +5051,12 @@ struct MHD_DigestAuthUsernameInfo | |||
5028 | 5051 | ||
5029 | /** | 5052 | /** |
5030 | * The username string. | 5053 | * The username string. |
5031 | * For userhash this is unqoted string without decoding of the | 5054 | * Used only if username type is standard or extended, always NULL otherwise. |
5032 | * hexadecimal digits (as provided by client). | ||
5033 | * If extended notation is used, this string is pct-decoded string | 5055 | * If extended notation is used, this string is pct-decoded string |
5034 | * with charset and language tag removed (i.e. it is original username | 5056 | * with charset and language tag removed (i.e. it is original username |
5035 | * extracted from the extended notation). | 5057 | * extracted from the extended notation). |
5036 | * @sa #MHD_digest_auth_calc_userhash_hex() | 5058 | * When userhash is used by the client, this member is NULL and |
5059 | * @a userhash_hex is set. | ||
5037 | */ | 5060 | */ |
5038 | char *username; | 5061 | char *username; |
5039 | 5062 | ||
@@ -5044,11 +5067,27 @@ struct MHD_DigestAuthUsernameInfo | |||
5044 | size_t username_len; | 5067 | size_t username_len; |
5045 | 5068 | ||
5046 | /** | 5069 | /** |
5070 | * The userhash string. | ||
5071 | * Valid only if username type is userhash. | ||
5072 | * This is unqoted string without decoding of the hexadecimal | ||
5073 | * digits (as provided by the client). | ||
5074 | * @sa #MHD_digest_auth_calc_userhash_hex() | ||
5075 | */ | ||
5076 | char *userhash_hex; | ||
5077 | |||
5078 | /** | ||
5079 | * The length of the @a userhash_hex in characters. | ||
5080 | * The valid size should be #MHD_digest_get_hash_size(algo3) * 2 characters. | ||
5081 | * When the @a userhash_hex is NULL, this member is always zero. | ||
5082 | */ | ||
5083 | size_t userhash_hex_len; | ||
5084 | |||
5085 | /** | ||
5047 | * The userhash decoded to binary form. | 5086 | * The userhash decoded to binary form. |
5048 | * Used only if username type is userhash, always NULL otherwise. | 5087 | * Used only if username type is userhash, always NULL otherwise. |
5049 | * When not NULL, this points to binary sequence @a username_len /2 bytes | 5088 | * When not NULL, this points to binary sequence @a userhash_hex_len /2 bytes |
5050 | * long. | 5089 | * long. |
5051 | * The valid size should be #MHD_digest_get_hash_size(algo) bytes. | 5090 | * The valid size should be #MHD_digest_get_hash_size(algo3) bytes. |
5052 | * @warning This is binary data, no zero termination. | 5091 | * @warning This is binary data, no zero termination. |
5053 | * @warning To avoid buffer overruns, always check the size of the data before | 5092 | * @warning To avoid buffer overruns, always check the size of the data before |
5054 | * use, because @a userhash_bin can point even to zero-sized | 5093 | * use, because @a userhash_bin can point even to zero-sized |
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index fac3e280..d3f5f595 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
@@ -801,37 +801,47 @@ get_rq_uname (const struct MHD_RqDAuth *params, | |||
801 | mhd_assert (MHD_DIGEST_AUTH_UNAME_TYPE_INVALID != uname_type); | 801 | mhd_assert (MHD_DIGEST_AUTH_UNAME_TYPE_INVALID != uname_type); |
802 | mhd_assert (MHD_DIGEST_AUTH_UNAME_TYPE_MISSING != uname_type); | 802 | mhd_assert (MHD_DIGEST_AUTH_UNAME_TYPE_MISSING != uname_type); |
803 | 803 | ||
804 | if ( (MHD_DIGEST_AUTH_UNAME_TYPE_STANDARD == uname_type) || | 804 | uname_info->username = NULL; |
805 | (MHD_DIGEST_AUTH_UNAME_TYPE_USERHASH == uname_type) ) | 805 | uname_info->username_len = 0; |
806 | uname_info->userhash_hex = NULL; | ||
807 | uname_info->userhash_hex_len = 0; | ||
808 | uname_info->userhash_bin = NULL; | ||
809 | |||
810 | if (MHD_DIGEST_AUTH_UNAME_TYPE_STANDARD == uname_type) | ||
806 | { | 811 | { |
807 | uname_info->username = (char *) (buf + buf_used); | 812 | uname_info->username = (char *) (buf + buf_used); |
808 | uname_info->username_len = | 813 | uname_info->username_len = |
809 | get_rq_param_unquoted_copy_z (¶ms->username, | 814 | get_rq_param_unquoted_copy_z (¶ms->username, |
810 | uname_info->username); | 815 | uname_info->username); |
811 | buf_used += uname_info->username_len + 1; | 816 | buf_used += uname_info->username_len + 1; |
812 | if (MHD_DIGEST_AUTH_UNAME_TYPE_USERHASH == uname_type) | 817 | uname_info->uname_type = MHD_DIGEST_AUTH_UNAME_TYPE_STANDARD; |
818 | } | ||
819 | else if (MHD_DIGEST_AUTH_UNAME_TYPE_USERHASH == uname_type) | ||
820 | { | ||
821 | size_t res; | ||
822 | |||
823 | uname_info->userhash_hex = (char *) (buf + buf_used); | ||
824 | uname_info->userhash_hex_len = | ||
825 | get_rq_param_unquoted_copy_z (¶ms->username, | ||
826 | uname_info->userhash_hex); | ||
827 | buf_used += uname_info->userhash_hex_len + 1; | ||
828 | uname_info->userhash_bin = (uint8_t *) (buf + buf_used); | ||
829 | res = MHD_hex_to_bin (uname_info->userhash_hex, | ||
830 | uname_info->userhash_hex_len, | ||
831 | uname_info->userhash_bin); | ||
832 | if (res != uname_info->username_len / 2) | ||
813 | { | 833 | { |
814 | size_t res; | 834 | uname_info->userhash_bin = NULL; |
815 | uint8_t *const bin_data = (uint8_t *) (buf + buf_used); | 835 | uname_info->uname_type = MHD_DIGEST_AUTH_UNAME_TYPE_INVALID; |
816 | res = MHD_hex_to_bin (uname_info->username, | ||
817 | uname_info->username_len, | ||
818 | bin_data); | ||
819 | if (res != uname_info->username_len / 2) | ||
820 | { | ||
821 | uname_info->userhash_bin = NULL; | ||
822 | uname_info->uname_type = MHD_DIGEST_AUTH_UNAME_TYPE_INVALID; | ||
823 | } | ||
824 | else | ||
825 | { | ||
826 | /* Avoid pointers outside allocated region when the size is zero */ | ||
827 | uname_info->userhash_bin = (0 != res) ? | ||
828 | bin_data : (uint8_t *) uname_info->username; | ||
829 | uname_info->uname_type = MHD_DIGEST_AUTH_UNAME_TYPE_USERHASH; | ||
830 | buf_used += res; | ||
831 | } | ||
832 | } | 836 | } |
833 | else | 837 | else |
834 | uname_info->uname_type = MHD_DIGEST_AUTH_UNAME_TYPE_STANDARD; | 838 | { |
839 | /* Avoid pointers outside allocated region when the size is zero */ | ||
840 | if (0 == res) | ||
841 | uname_info->userhash_bin = (uint8_t *) uname_info->username; | ||
842 | uname_info->uname_type = MHD_DIGEST_AUTH_UNAME_TYPE_USERHASH; | ||
843 | buf_used += res; | ||
844 | } | ||
835 | } | 845 | } |
836 | else if (MHD_DIGEST_AUTH_UNAME_TYPE_EXTENDED == uname_type) | 846 | else if (MHD_DIGEST_AUTH_UNAME_TYPE_EXTENDED == uname_type) |
837 | { | 847 | { |
diff --git a/src/testcurl/test_digestauth2.c b/src/testcurl/test_digestauth2.c index f92d6d14..81a93b5e 100644 --- a/src/testcurl/test_digestauth2.c +++ b/src/testcurl/test_digestauth2.c | |||
@@ -476,8 +476,6 @@ ahc_echo (void *cls, | |||
476 | enum MHD_DigestAuthResult check_res; | 476 | enum MHD_DigestAuthResult check_res; |
477 | enum MHD_DigestAuthResult expect_res; | 477 | enum MHD_DigestAuthResult expect_res; |
478 | 478 | ||
479 | if (NULL == dinfo->username) | ||
480 | mhdErrorExitDesc ("'username' is NULL"); | ||
481 | if (curl_uses_usehash) | 479 | if (curl_uses_usehash) |
482 | { | 480 | { |
483 | if (MHD_DIGEST_AUTH_UNAME_TYPE_USERHASH != dinfo->uname_type) | 481 | if (MHD_DIGEST_AUTH_UNAME_TYPE_USERHASH != dinfo->uname_type) |
@@ -488,29 +486,33 @@ ahc_echo (void *cls, | |||
488 | (int) dinfo->uname_type); | 486 | (int) dinfo->uname_type); |
489 | mhdErrorExitDesc ("Wrong 'uname_type'"); | 487 | mhdErrorExitDesc ("Wrong 'uname_type'"); |
490 | } | 488 | } |
491 | else if (dinfo->username_len != userhash_hex_len) | 489 | else if (dinfo->userhash_hex_len != userhash_hex_len) |
492 | { | 490 | { |
493 | fprintf (stderr, "'username_len' does not match.\n" | 491 | fprintf (stderr, "'userhash_hex_len' does not match.\n" |
494 | "Expected: %u\tRecieved: %u. ", | 492 | "Expected: %u\tRecieved: %u. ", |
495 | (unsigned) userhash_hex_len, | 493 | (unsigned) userhash_hex_len, |
496 | (unsigned) dinfo->username_len); | 494 | (unsigned) dinfo->userhash_hex_len); |
497 | mhdErrorExitDesc ("Wrong 'username_len'"); | 495 | mhdErrorExitDesc ("Wrong 'userhash_hex_len'"); |
498 | } | 496 | } |
499 | else if (0 != memcmp (dinfo->username, userhash_hex, | 497 | else if (0 != memcmp (dinfo->userhash_hex, userhash_hex, |
500 | dinfo->username_len)) | 498 | dinfo->userhash_hex_len)) |
501 | { | 499 | { |
502 | fprintf (stderr, "'username' does not match.\n" | 500 | fprintf (stderr, "'userhash_hex' does not match.\n" |
503 | "Expected: '%s'\tRecieved: '%.*s'. ", | 501 | "Expected: '%s'\tRecieved: '%.*s'. ", |
504 | userhash_hex, | 502 | userhash_hex, |
505 | (int) dinfo->username_len, | 503 | (int) dinfo->userhash_hex_len, |
506 | dinfo->username); | 504 | dinfo->userhash_hex); |
507 | mhdErrorExitDesc ("Wrong 'username'"); | 505 | mhdErrorExitDesc ("Wrong 'userhash_hex'"); |
508 | } | 506 | } |
509 | else if (NULL == dinfo->userhash_bin) | 507 | else if (NULL == dinfo->userhash_bin) |
510 | mhdErrorExitDesc ("'userhash_bin' is NULL"); | 508 | mhdErrorExitDesc ("'userhash_bin' is NULL"); |
511 | else if (0 != memcmp (dinfo->userhash_bin, userhash_bin, | 509 | else if (0 != memcmp (dinfo->userhash_bin, userhash_bin, |
512 | dinfo->username_len / 2)) | 510 | dinfo->username_len / 2)) |
513 | mhdErrorExitDesc ("Wrong 'userhash_bin'"); | 511 | mhdErrorExitDesc ("Wrong 'userhash_bin'"); |
512 | else if (NULL != dinfo->username) | ||
513 | mhdErrorExitDesc ("'username' is NOT NULL"); | ||
514 | else if (0 != dinfo->username_len) | ||
515 | mhdErrorExitDesc ("'username_len' is NOT zero"); | ||
514 | } | 516 | } |
515 | else | 517 | else |
516 | { | 518 | { |
@@ -522,6 +524,8 @@ ahc_echo (void *cls, | |||
522 | (int) dinfo->uname_type); | 524 | (int) dinfo->uname_type); |
523 | mhdErrorExitDesc ("Wrong 'uname_type'"); | 525 | mhdErrorExitDesc ("Wrong 'uname_type'"); |
524 | } | 526 | } |
527 | else if (NULL == dinfo->username) | ||
528 | mhdErrorExitDesc ("'username' is NULL"); | ||
525 | else if (dinfo->username_len != strlen (username_ptr)) | 529 | else if (dinfo->username_len != strlen (username_ptr)) |
526 | { | 530 | { |
527 | fprintf (stderr, "'username_len' does not match.\n" | 531 | fprintf (stderr, "'username_len' does not match.\n" |
@@ -540,6 +544,10 @@ ahc_echo (void *cls, | |||
540 | dinfo->username); | 544 | dinfo->username); |
541 | mhdErrorExitDesc ("Wrong 'username'"); | 545 | mhdErrorExitDesc ("Wrong 'username'"); |
542 | } | 546 | } |
547 | else if (NULL != dinfo->userhash_hex) | ||
548 | mhdErrorExitDesc ("'userhash_hex' is NOT NULL"); | ||
549 | else if (0 != dinfo->userhash_hex_len) | ||
550 | mhdErrorExitDesc ("'userhash_hex_len' is NOT zero"); | ||
543 | else if (NULL != dinfo->userhash_bin) | 551 | else if (NULL != dinfo->userhash_bin) |
544 | mhdErrorExitDesc ("'userhash_bin' is NOT NULL"); | 552 | mhdErrorExitDesc ("'userhash_bin' is NOT NULL"); |
545 | } | 553 | } |
@@ -620,8 +628,6 @@ ahc_echo (void *cls, | |||
620 | uname = MHD_digest_auth_get_username3 (connection); | 628 | uname = MHD_digest_auth_get_username3 (connection); |
621 | if (NULL == uname) | 629 | if (NULL == uname) |
622 | mhdErrorExitDesc ("MHD_digest_auth_get_username3() returned NULL"); | 630 | mhdErrorExitDesc ("MHD_digest_auth_get_username3() returned NULL"); |
623 | else if (NULL == uname->username) | ||
624 | mhdErrorExitDesc ("'username' is NULL"); | ||
625 | if (curl_uses_usehash) | 631 | if (curl_uses_usehash) |
626 | { | 632 | { |
627 | if (MHD_DIGEST_AUTH_UNAME_TYPE_USERHASH != uname->uname_type) | 633 | if (MHD_DIGEST_AUTH_UNAME_TYPE_USERHASH != uname->uname_type) |
@@ -632,29 +638,33 @@ ahc_echo (void *cls, | |||
632 | (int) uname->uname_type); | 638 | (int) uname->uname_type); |
633 | mhdErrorExitDesc ("Wrong 'uname_type'"); | 639 | mhdErrorExitDesc ("Wrong 'uname_type'"); |
634 | } | 640 | } |
635 | else if (uname->username_len != userhash_hex_len) | 641 | else if (uname->userhash_hex_len != userhash_hex_len) |
636 | { | 642 | { |
637 | fprintf (stderr, "'username_len' does not match.\n" | 643 | fprintf (stderr, "'userhash_hex_len' does not match.\n" |
638 | "Expected: %u\tRecieved: %u. ", | 644 | "Expected: %u\tRecieved: %u. ", |
639 | (unsigned) userhash_hex_len, | 645 | (unsigned) userhash_hex_len, |
640 | (unsigned) uname->username_len); | 646 | (unsigned) uname->userhash_hex_len); |
641 | mhdErrorExitDesc ("Wrong 'username_len'"); | 647 | mhdErrorExitDesc ("Wrong 'userhash_hex_len'"); |
642 | } | 648 | } |
643 | else if (0 != memcmp (uname->username, userhash_hex, | 649 | else if (0 != memcmp (uname->userhash_hex, userhash_hex, |
644 | uname->username_len)) | 650 | uname->userhash_hex_len)) |
645 | { | 651 | { |
646 | fprintf (stderr, "'username' does not match.\n" | 652 | fprintf (stderr, "'username' does not match.\n" |
647 | "Expected: '%s'\tRecieved: '%.*s'. ", | 653 | "Expected: '%s'\tRecieved: '%.*s'. ", |
648 | userhash_hex, | 654 | userhash_hex, |
649 | (int) uname->username_len, | 655 | (int) uname->userhash_hex_len, |
650 | uname->username); | 656 | uname->userhash_hex); |
651 | mhdErrorExitDesc ("Wrong 'username'"); | 657 | mhdErrorExitDesc ("Wrong 'userhash_hex'"); |
652 | } | 658 | } |
653 | else if (NULL == uname->userhash_bin) | 659 | else if (NULL == uname->userhash_bin) |
654 | mhdErrorExitDesc ("'userhash_bin' is NULL"); | 660 | mhdErrorExitDesc ("'userhash_bin' is NULL"); |
655 | else if (0 != memcmp (uname->userhash_bin, userhash_bin, | 661 | else if (0 != memcmp (uname->userhash_bin, userhash_bin, |
656 | uname->username_len / 2)) | 662 | uname->username_len / 2)) |
657 | mhdErrorExitDesc ("Wrong 'userhash_bin'"); | 663 | mhdErrorExitDesc ("Wrong 'userhash_bin'"); |
664 | else if (NULL != uname->username) | ||
665 | mhdErrorExitDesc ("'username' is NOT NULL"); | ||
666 | else if (0 != uname->username_len) | ||
667 | mhdErrorExitDesc ("'username_len' is NOT zero"); | ||
658 | } | 668 | } |
659 | else | 669 | else |
660 | { | 670 | { |
@@ -666,6 +676,8 @@ ahc_echo (void *cls, | |||
666 | (int) uname->uname_type); | 676 | (int) uname->uname_type); |
667 | mhdErrorExitDesc ("Wrong 'uname_type'"); | 677 | mhdErrorExitDesc ("Wrong 'uname_type'"); |
668 | } | 678 | } |
679 | else if (NULL == uname->username) | ||
680 | mhdErrorExitDesc ("'username' is NULL"); | ||
669 | else if (uname->username_len != strlen (username_ptr)) | 681 | else if (uname->username_len != strlen (username_ptr)) |
670 | { | 682 | { |
671 | fprintf (stderr, "'username_len' does not match.\n" | 683 | fprintf (stderr, "'username_len' does not match.\n" |
@@ -684,6 +696,10 @@ ahc_echo (void *cls, | |||
684 | uname->username); | 696 | uname->username); |
685 | mhdErrorExitDesc ("Wrong 'username'"); | 697 | mhdErrorExitDesc ("Wrong 'username'"); |
686 | } | 698 | } |
699 | else if (NULL != uname->userhash_hex) | ||
700 | mhdErrorExitDesc ("'userhash_hex' is NOT NULL"); | ||
701 | else if (0 != uname->userhash_hex_len) | ||
702 | mhdErrorExitDesc ("'userhash_hex_len' is NOT zero"); | ||
687 | else if (NULL != uname->userhash_bin) | 703 | else if (NULL != uname->userhash_bin) |
688 | mhdErrorExitDesc ("'userhash_bin' is NOT NULL"); | 704 | mhdErrorExitDesc ("'userhash_bin' is NOT NULL"); |
689 | } | 705 | } |
diff --git a/src/testcurl/test_digestauth_emu_ext.c b/src/testcurl/test_digestauth_emu_ext.c index fc4f4aaa..b3925d13 100644 --- a/src/testcurl/test_digestauth_emu_ext.c +++ b/src/testcurl/test_digestauth_emu_ext.c | |||
@@ -381,6 +381,10 @@ ahc_echo (void *cls, | |||
381 | creds->username); | 381 | creds->username); |
382 | mhdErrorExitDesc ("Wrong 'username'"); | 382 | mhdErrorExitDesc ("Wrong 'username'"); |
383 | } | 383 | } |
384 | else if (NULL != creds->userhash_hex) | ||
385 | mhdErrorExitDesc ("'userhash_hex' is NOT NULL"); | ||
386 | else if (0 != creds->userhash_hex_len) | ||
387 | mhdErrorExitDesc ("'userhash_hex' is NOT zero"); | ||
384 | else if (NULL != creds->userhash_bin) | 388 | else if (NULL != creds->userhash_bin) |
385 | mhdErrorExitDesc ("'userhash_bin' is NOT NULL"); | 389 | mhdErrorExitDesc ("'userhash_bin' is NOT NULL"); |
386 | MHD_free (creds); | 390 | MHD_free (creds); |
@@ -415,6 +419,10 @@ ahc_echo (void *cls, | |||
415 | dinfo->username); | 419 | dinfo->username); |
416 | mhdErrorExitDesc ("Wrong 'username'"); | 420 | mhdErrorExitDesc ("Wrong 'username'"); |
417 | } | 421 | } |
422 | else if (NULL != dinfo->userhash_hex) | ||
423 | mhdErrorExitDesc ("'userhash_hex' is NOT NULL"); | ||
424 | else if (0 != dinfo->userhash_hex_len) | ||
425 | mhdErrorExitDesc ("'userhash_hex' is NOT zero"); | ||
418 | else if (NULL != dinfo->userhash_bin) | 426 | else if (NULL != dinfo->userhash_bin) |
419 | mhdErrorExitDesc ("'userhash_bin' is NOT NULL"); | 427 | mhdErrorExitDesc ("'userhash_bin' is NOT NULL"); |
420 | else if (MHD_DIGEST_AUTH_ALGO3_MD5 != dinfo->algo3) | 428 | else if (MHD_DIGEST_AUTH_ALGO3_MD5 != dinfo->algo3) |