diff options
author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2023-12-28 12:44:46 +0300 |
---|---|---|
committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2023-12-28 12:51:07 +0300 |
commit | ff63d75797ddcaf223197e12b12def2b0803588c (patch) | |
tree | 60b1db2e1604fa93f0bc96511db6fdd06583e05b | |
parent | 6f9ff50bed6f38ed849d4699f4fcdde4d540e419 (diff) | |
download | libmicrohttpd-ff63d75797ddcaf223197e12b12def2b0803588c.tar.gz libmicrohttpd-ff63d75797ddcaf223197e12b12def2b0803588c.zip |
digest auth: added default timeout and max nc values
-rw-r--r-- | src/include/microhttpd.h | 14 | ||||
-rw-r--r-- | src/microhttpd/daemon.c | 2 | ||||
-rw-r--r-- | src/microhttpd/digestauth.c | 28 | ||||
-rw-r--r-- | src/microhttpd/internal.h | 10 |
4 files changed, 38 insertions, 16 deletions
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h index 84b0d23d..c2873056 100644 --- a/src/include/microhttpd.h +++ b/src/include/microhttpd.h | |||
@@ -96,7 +96,7 @@ extern "C" | |||
96 | * they are parsed as decimal numbers. | 96 | * they are parsed as decimal numbers. |
97 | * Example: 0x01093001 = 1.9.30-1. | 97 | * Example: 0x01093001 = 1.9.30-1. |
98 | */ | 98 | */ |
99 | #define MHD_VERSION 0x00097707 | 99 | #define MHD_VERSION 0x00097708 |
100 | 100 | ||
101 | /* If generic headers don't work on your platform, include headers | 101 | /* If generic headers don't work on your platform, include headers |
102 | which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t', | 102 | which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t', |
@@ -5524,17 +5524,18 @@ enum MHD_DigestAuthResult | |||
5524 | * even if userhash is used by the client | 5524 | * even if userhash is used by the client |
5525 | * @param password the password matching the @a username (and the @a realm) | 5525 | * @param password the password matching the @a username (and the @a realm) |
5526 | * @param nonce_timeout the period of seconds since nonce generation, when | 5526 | * @param nonce_timeout the period of seconds since nonce generation, when |
5527 | * the nonce is recognised as valid and not stale. | 5527 | * the nonce is recognised as valid and not stale; |
5528 | * if zero is specified then daemon default value is used. | ||
5528 | * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc | 5529 | * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc |
5529 | * exceeds the specified value then MHD_DAUTH_NONCE_STALE is | 5530 | * exceeds the specified value then MHD_DAUTH_NONCE_STALE is |
5530 | * returned; | 5531 | * returned; |
5531 | * zero for no limit | 5532 | * if zero is specified then daemon default value is used. |
5532 | * @param mqop the QOP to use | 5533 | * @param mqop the QOP to use |
5533 | * @param malgo3 digest algorithms allowed to use, fail if algorithm used | 5534 | * @param malgo3 digest algorithms allowed to use, fail if algorithm used |
5534 | * by the client is not allowed by this parameter | 5535 | * by the client is not allowed by this parameter |
5535 | * @return #MHD_DAUTH_OK if authenticated, | 5536 | * @return #MHD_DAUTH_OK if authenticated, |
5536 | * the error code otherwise | 5537 | * the error code otherwise |
5537 | * @note Available since #MHD_VERSION 0x00097701 | 5538 | * @note Available since #MHD_VERSION 0x00097708 |
5538 | * @ingroup authentication | 5539 | * @ingroup authentication |
5539 | */ | 5540 | */ |
5540 | _MHD_EXTERN enum MHD_DigestAuthResult | 5541 | _MHD_EXTERN enum MHD_DigestAuthResult |
@@ -5614,11 +5615,12 @@ MHD_digest_auth_calc_userdigest (enum MHD_DigestAuthAlgo3 algo3, | |||
5614 | * #MHD_SHA256_DIGEST_SIZE, #MHD_SHA512_256_DIGEST_SIZE, | 5615 | * #MHD_SHA256_DIGEST_SIZE, #MHD_SHA512_256_DIGEST_SIZE, |
5615 | * #MHD_digest_get_hash_size()) | 5616 | * #MHD_digest_get_hash_size()) |
5616 | * @param nonce_timeout the period of seconds since nonce generation, when | 5617 | * @param nonce_timeout the period of seconds since nonce generation, when |
5617 | * the nonce is recognised as valid and not stale. | 5618 | * the nonce is recognised as valid and not stale; |
5619 | * if zero is specified then daemon default value is used. | ||
5618 | * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc | 5620 | * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc |
5619 | * exceeds the specified value then MHD_DAUTH_NONCE_STALE is | 5621 | * exceeds the specified value then MHD_DAUTH_NONCE_STALE is |
5620 | * returned; | 5622 | * returned; |
5621 | * zero for no limit | 5623 | * if zero is specified then daemon default value is used. |
5622 | * @param mqop the QOP to use | 5624 | * @param mqop the QOP to use |
5623 | * @param malgo3 digest algorithms allowed to use, fail if algorithm used | 5625 | * @param malgo3 digest algorithms allowed to use, fail if algorithm used |
5624 | * by the client is not allowed by this parameter; | 5626 | * by the client is not allowed by this parameter; |
diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c index cf5203aa..b1640878 100644 --- a/src/microhttpd/daemon.c +++ b/src/microhttpd/daemon.c | |||
@@ -7778,6 +7778,8 @@ MHD_start_daemon_va (unsigned int flags, | |||
7778 | daemon->digest_auth_rand_size = 0; | 7778 | daemon->digest_auth_rand_size = 0; |
7779 | daemon->digest_auth_random = NULL; | 7779 | daemon->digest_auth_random = NULL; |
7780 | daemon->nonce_nc_size = 4; /* tiny */ | 7780 | daemon->nonce_nc_size = 4; /* tiny */ |
7781 | daemon->dauth_def_nonce_timeout = 90; | ||
7782 | daemon->dauth_def_max_nc = 1000; | ||
7781 | #endif | 7783 | #endif |
7782 | #ifdef HTTPS_SUPPORT | 7784 | #ifdef HTTPS_SUPPORT |
7783 | if (0 != (*pflags & MHD_USE_TLS)) | 7785 | if (0 != (*pflags & MHD_USE_TLS)) |
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index 69f9c227..58561abb 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
@@ -2515,11 +2515,12 @@ is_param_equal_caseless (const struct MHD_RqDAuthParam *param, | |||
2515 | * "username:realm:password", | 2515 | * "username:realm:password", |
2516 | * must be NULL if @a password is not NULL | 2516 | * must be NULL if @a password is not NULL |
2517 | * @param nonce_timeout the period of seconds since nonce generation, when | 2517 | * @param nonce_timeout the period of seconds since nonce generation, when |
2518 | * the nonce is recognised as valid and not stale. | 2518 | * the nonce is recognised as valid and not stale; |
2519 | * unlike #digest_auth_check_all() zero is used literally | ||
2519 | * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc | 2520 | * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc |
2520 | * exceeds the specified value then MHD_DAUTH_NONCE_STALE is | 2521 | * exceeds the specified value then MHD_DAUTH_NONCE_STALE is |
2521 | * returned; | 2522 | * returned; |
2522 | * zero for no limit | 2523 | * unlike #digest_auth_check_all() zero is treated as "no limit" |
2523 | * @param mqop the QOP to use | 2524 | * @param mqop the QOP to use |
2524 | * @param malgo3 digest algorithms allowed to use, fail if algorithm specified | 2525 | * @param malgo3 digest algorithms allowed to use, fail if algorithm specified |
2525 | * by the client is not allowed by this parameter | 2526 | * by the client is not allowed by this parameter |
@@ -3063,11 +3064,12 @@ digest_auth_check_all_inner (struct MHD_Connection *connection, | |||
3063 | * "username:realm:password", | 3064 | * "username:realm:password", |
3064 | * must be NULL if @a password is not NULL | 3065 | * must be NULL if @a password is not NULL |
3065 | * @param nonce_timeout the period of seconds since nonce generation, when | 3066 | * @param nonce_timeout the period of seconds since nonce generation, when |
3066 | * the nonce is recognised as valid and not stale. | 3067 | * the nonce is recognised as valid and not stale; |
3068 | * if set to zero then daemon's default value is used | ||
3067 | * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc | 3069 | * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc |
3068 | * exceeds the specified value then MHD_DAUTH_NONCE_STALE is | 3070 | * exceeds the specified value then MHD_DAUTH_NONCE_STALE is |
3069 | * returned; | 3071 | * returned; |
3070 | * zero for no limit | 3072 | * if set to zero then daemon's default value is used |
3071 | * @param mqop the QOP to use | 3073 | * @param mqop the QOP to use |
3072 | * @param malgo3 digest algorithms allowed to use, fail if algorithm specified | 3074 | * @param malgo3 digest algorithms allowed to use, fail if algorithm specified |
3073 | * by the client is not allowed by this parameter | 3075 | * by the client is not allowed by this parameter |
@@ -3092,6 +3094,10 @@ digest_auth_check_all (struct MHD_Connection *connection, | |||
3092 | 3094 | ||
3093 | buf = NULL; | 3095 | buf = NULL; |
3094 | digest_setup_zero (&da); | 3096 | digest_setup_zero (&da); |
3097 | if (0 == nonce_timeout) | ||
3098 | nonce_timeout = connection->daemon->dauth_def_nonce_timeout; | ||
3099 | if (0 == max_nc) | ||
3100 | max_nc = connection->daemon->dauth_def_max_nc; | ||
3095 | res = digest_auth_check_all_inner (connection, realm, username, password, | 3101 | res = digest_auth_check_all_inner (connection, realm, username, password, |
3096 | userdigest, | 3102 | userdigest, |
3097 | nonce_timeout, | 3103 | nonce_timeout, |
@@ -3156,17 +3162,18 @@ MHD_digest_auth_check (struct MHD_Connection *connection, | |||
3156 | * even if userhash is used by the client | 3162 | * even if userhash is used by the client |
3157 | * @param password the password matching the @a username (and the @a realm) | 3163 | * @param password the password matching the @a username (and the @a realm) |
3158 | * @param nonce_timeout the period of seconds since nonce generation, when | 3164 | * @param nonce_timeout the period of seconds since nonce generation, when |
3159 | * the nonce is recognised as valid and not stale. | 3165 | * the nonce is recognised as valid and not stale; |
3166 | * if zero is specified then daemon default value is used. | ||
3160 | * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc | 3167 | * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc |
3161 | * exceeds the specified value then MHD_DAUTH_NONCE_STALE is | 3168 | * exceeds the specified value then MHD_DAUTH_NONCE_STALE is |
3162 | * returned; | 3169 | * returned; |
3163 | * zero for no limit | 3170 | * if zero is specified then daemon default value is used. |
3164 | * @param mqop the QOP to use | 3171 | * @param mqop the QOP to use |
3165 | * @param malgo3 digest algorithms allowed to use, fail if algorithm used | 3172 | * @param malgo3 digest algorithms allowed to use, fail if algorithm used |
3166 | * by the client is not allowed by this parameter | 3173 | * by the client is not allowed by this parameter |
3167 | * @return #MHD_DAUTH_OK if authenticated, | 3174 | * @return #MHD_DAUTH_OK if authenticated, |
3168 | * the error code otherwise | 3175 | * the error code otherwise |
3169 | * @note Available since #MHD_VERSION 0x00097701 | 3176 | * @note Available since #MHD_VERSION 0x00097708 |
3170 | * @ingroup authentication | 3177 | * @ingroup authentication |
3171 | */ | 3178 | */ |
3172 | _MHD_EXTERN enum MHD_DigestAuthResult | 3179 | _MHD_EXTERN enum MHD_DigestAuthResult |
@@ -3217,11 +3224,12 @@ MHD_digest_auth_check3 (struct MHD_Connection *connection, | |||
3217 | * #MHD_SHA256_DIGEST_SIZE, #MHD_SHA512_256_DIGEST_SIZE, | 3224 | * #MHD_SHA256_DIGEST_SIZE, #MHD_SHA512_256_DIGEST_SIZE, |
3218 | * #MHD_digest_get_hash_size()) | 3225 | * #MHD_digest_get_hash_size()) |
3219 | * @param nonce_timeout the period of seconds since nonce generation, when | 3226 | * @param nonce_timeout the period of seconds since nonce generation, when |
3220 | * the nonce is recognised as valid and not stale. | 3227 | * the nonce is recognised as valid and not stale; |
3228 | * if zero is specified then daemon default value is used. | ||
3221 | * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc | 3229 | * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc |
3222 | * exceeds the specified value then MHD_DAUTH_NONCE_STALE is | 3230 | * exceeds the specified value then MHD_DAUTH_NONCE_STALE is |
3223 | * returned; | 3231 | * returned; |
3224 | * zero for no limit | 3232 | * if zero is specified then daemon default value is used. |
3225 | * @param mqop the QOP to use | 3233 | * @param mqop the QOP to use |
3226 | * @param malgo3 digest algorithms allowed to use, fail if algorithm used | 3234 | * @param malgo3 digest algorithms allowed to use, fail if algorithm used |
3227 | * by the client is not allowed by this parameter; | 3235 | * by the client is not allowed by this parameter; |
@@ -3231,7 +3239,7 @@ MHD_digest_auth_check3 (struct MHD_Connection *connection, | |||
3231 | * @return #MHD_DAUTH_OK if authenticated, | 3239 | * @return #MHD_DAUTH_OK if authenticated, |
3232 | * the error code otherwise | 3240 | * the error code otherwise |
3233 | * @sa #MHD_digest_auth_calc_userdigest() | 3241 | * @sa #MHD_digest_auth_calc_userdigest() |
3234 | * @note Available since #MHD_VERSION 0x00097701 | 3242 | * @note Available since #MHD_VERSION 0x00097708 |
3235 | * @ingroup authentication | 3243 | * @ingroup authentication |
3236 | */ | 3244 | */ |
3237 | _MHD_EXTERN enum MHD_DigestAuthResult | 3245 | _MHD_EXTERN enum MHD_DigestAuthResult |
diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h index b26e4a0d..6a2a22df 100644 --- a/src/microhttpd/internal.h +++ b/src/microhttpd/internal.h | |||
@@ -2429,6 +2429,16 @@ struct MHD_Daemon | |||
2429 | * Nonce bind type. | 2429 | * Nonce bind type. |
2430 | */ | 2430 | */ |
2431 | unsigned int dauth_bind_type; | 2431 | unsigned int dauth_bind_type; |
2432 | |||
2433 | /** | ||
2434 | * Default nonce validity length. | ||
2435 | */ | ||
2436 | unsigned int dauth_def_nonce_timeout; | ||
2437 | |||
2438 | /** | ||
2439 | * Default maximum nc (nonce count) value. | ||
2440 | */ | ||
2441 | uint32_t dauth_def_max_nc; | ||
2432 | #endif | 2442 | #endif |
2433 | 2443 | ||
2434 | #ifdef TCP_FASTOPEN | 2444 | #ifdef TCP_FASTOPEN |