digest auth: added default timeout and max nc values

author: Evgeny Grin (Karlson2k) <k2k@narod.ru> 2023-12-28 12:44:46 +0300
committer: Evgeny Grin (Karlson2k) <k2k@narod.ru> 2023-12-28 12:51:07 +0300
commit: ff63d75797ddcaf223197e12b12def2b0803588c (patch)
tree: 60b1db2e1604fa93f0bc96511db6fdd06583e05b
parent: 6f9ff50bed6f38ed849d4699f4fcdde4d540e419 (diff)
download: libmicrohttpd-ff63d75797ddcaf223197e12b12def2b0803588c.tar.gz
libmicrohttpd-ff63d75797ddcaf223197e12b12def2b0803588c.zip
4 files changed, 38 insertions, 16 deletions
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index 84b0d23d..c2873056 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -96,7 +96,7 @@ extern "C"
 * they are parsed as decimal numbers.
 * Example: 0x01093001 = 1.9.30-1.
 */
-#define MHD_VERSION 0x00097707
+#define MHD_VERSION 0x00097708
 /* If generic headers don't work on your platform, include headers
   which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t',
@@ -5524,17 +5524,18 @@ enum MHD_DigestAuthResult
 *                 even if userhash is used by the client
 * @param password the password matching the @a username (and the @a realm)
 * @param nonce_timeout the period of seconds since nonce generation, when
- *                      the nonce is recognised as valid and not stale.
+ *                      the nonce is recognised as valid and not stale;
+ *                      if zero is specified then daemon default value is used.
 * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc
 *               exceeds the specified value then MHD_DAUTH_NONCE_STALE is
 *               returned;
- *               zero for no limit
+ *               if zero is specified then daemon default value is used.
 * @param mqop the QOP to use
 * @param malgo3 digest algorithms allowed to use, fail if algorithm used
 *               by the client is not allowed by this parameter
 * @return #MHD_DAUTH_OK if authenticated,
 *         the error code otherwise
- * @note Available since #MHD_VERSION 0x00097701
+ * @note Available since #MHD_VERSION 0x00097708
 * @ingroup authentication
 */
 _MHD_EXTERN enum MHD_DigestAuthResult
@@ -5614,11 +5615,12 @@ MHD_digest_auth_calc_userdigest (enum MHD_DigestAuthAlgo3 algo3,
 *                        #MHD_SHA256_DIGEST_SIZE, #MHD_SHA512_256_DIGEST_SIZE,
 *                        #MHD_digest_get_hash_size())
 * @param nonce_timeout the period of seconds since nonce generation, when
- *                      the nonce is recognised as valid and not stale.
+ *                      the nonce is recognised as valid and not stale;
+ *                      if zero is specified then daemon default value is used.
 * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc
 *               exceeds the specified value then MHD_DAUTH_NONCE_STALE is
 *               returned;
- *               zero for no limit
+ *               if zero is specified then daemon default value is used.
 * @param mqop the QOP to use
 * @param malgo3 digest algorithms allowed to use, fail if algorithm used
 *               by the client is not allowed by this parameter;
diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c
index cf5203aa..b1640878 100644
--- a/src/microhttpd/daemon.c
+++ b/src/microhttpd/daemon.c
@@ -7778,6 +7778,8 @@ MHD_start_daemon_va (unsigned int flags,
  daemon->digest_auth_rand_size = 0;
  daemon->digest_auth_random = NULL;
  daemon->nonce_nc_size = 4; /* tiny */
+  daemon->dauth_def_nonce_timeout = 90;
+  daemon->dauth_def_max_nc = 1000;
 #endif
 #ifdef HTTPS_SUPPORT
  if (0 != (*pflags & MHD_USE_TLS))
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index 69f9c227..58561abb 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -2515,11 +2515,12 @@ is_param_equal_caseless (const struct MHD_RqDAuthParam *param,
 *                   "username:realm:password",
 *                   must be NULL if @a password is not NULL
 * @param nonce_timeout the period of seconds since nonce generation, when
- *                      the nonce is recognised as valid and not stale.
+ *                      the nonce is recognised as valid and not stale;
+ *                      unlike #digest_auth_check_all() zero is used literally
 * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc
 *               exceeds the specified value then MHD_DAUTH_NONCE_STALE is
 *               returned;
- *               zero for no limit
+ *               unlike #digest_auth_check_all() zero is treated as "no limit"
 * @param mqop the QOP to use
 * @param malgo3 digest algorithms allowed to use, fail if algorithm specified
 *               by the client is not allowed by this parameter
@@ -3063,11 +3064,12 @@ digest_auth_check_all_inner (struct MHD_Connection *connection,
 *                   "username:realm:password",
 *                   must be NULL if @a password is not NULL
 * @param nonce_timeout the period of seconds since nonce generation, when
- *                      the nonce is recognised as valid and not stale.
+ *                      the nonce is recognised as valid and not stale;
+ *                      if set to zero then daemon's default value is used
 * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc
 *               exceeds the specified value then MHD_DAUTH_NONCE_STALE is
 *               returned;
- *               zero for no limit
+ *               if set to zero then daemon's default value is used
 * @param mqop the QOP to use
 * @param malgo3 digest algorithms allowed to use, fail if algorithm specified
 *               by the client is not allowed by this parameter
@@ -3092,6 +3094,10 @@ digest_auth_check_all (struct MHD_Connection *connection,
  buf = NULL;
  digest_setup_zero (&da);
+  if (0 == nonce_timeout)
+    nonce_timeout = connection->daemon->dauth_def_nonce_timeout;
+  if (0 == max_nc)
+    max_nc = connection->daemon->dauth_def_max_nc;
  res = digest_auth_check_all_inner (connection, realm, username, password,
                                     userdigest,
                                     nonce_timeout,
@@ -3156,17 +3162,18 @@ MHD_digest_auth_check (struct MHD_Connection *connection,
 *                 even if userhash is used by the client
 * @param password the password matching the @a username (and the @a realm)
 * @param nonce_timeout the period of seconds since nonce generation, when
- *                      the nonce is recognised as valid and not stale.
+ *                      the nonce is recognised as valid and not stale;
+ *                      if zero is specified then daemon default value is used.
 * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc
 *               exceeds the specified value then MHD_DAUTH_NONCE_STALE is
 *               returned;
- *               zero for no limit
+ *               if zero is specified then daemon default value is used.
 * @param mqop the QOP to use
 * @param malgo3 digest algorithms allowed to use, fail if algorithm used
 *               by the client is not allowed by this parameter
 * @return #MHD_DAUTH_OK if authenticated,
 *         the error code otherwise
- * @note Available since #MHD_VERSION 0x00097701
+ * @note Available since #MHD_VERSION 0x00097708
 * @ingroup authentication
 */
 _MHD_EXTERN enum MHD_DigestAuthResult
@@ -3217,11 +3224,12 @@ MHD_digest_auth_check3 (struct MHD_Connection *connection,
 *                        #MHD_SHA256_DIGEST_SIZE, #MHD_SHA512_256_DIGEST_SIZE,
 *                        #MHD_digest_get_hash_size())
 * @param nonce_timeout the period of seconds since nonce generation, when
- *                      the nonce is recognised as valid and not stale.
+ *                      the nonce is recognised as valid and not stale;
+ *                      if zero is specified then daemon default value is used.
 * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc
 *               exceeds the specified value then MHD_DAUTH_NONCE_STALE is
 *               returned;
- *               zero for no limit
+ *               if zero is specified then daemon default value is used.
 * @param mqop the QOP to use
 * @param malgo3 digest algorithms allowed to use, fail if algorithm used
 *               by the client is not allowed by this parameter;
@@ -3231,7 +3239,7 @@ MHD_digest_auth_check3 (struct MHD_Connection *connection,
 * @return #MHD_DAUTH_OK if authenticated,
 *         the error code otherwise
 * @sa #MHD_digest_auth_calc_userdigest()
- * @note Available since #MHD_VERSION 0x00097701
+ * @note Available since #MHD_VERSION 0x00097708
 * @ingroup authentication
 */
 _MHD_EXTERN enum MHD_DigestAuthResult
diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h
index b26e4a0d..6a2a22df 100644
--- a/src/microhttpd/internal.h
+++ b/src/microhttpd/internal.h
@@ -2429,6 +2429,16 @@ struct MHD_Daemon
   * Nonce bind type.
   */
  unsigned int dauth_bind_type;
+  /**
+   * Default nonce validity length.
+   */
+  unsigned int dauth_def_nonce_timeout;
+  /**
+   * Default maximum nc (nonce count) value.
+   */
+  uint32_t dauth_def_max_nc;
 #endif
 #ifdef TCP_FASTOPEN
author	Evgeny Grin (Karlson2k) <k2k@narod.ru>	2023-12-28 12:44:46 +0300
committer	Evgeny Grin (Karlson2k) <k2k@narod.ru>	2023-12-28 12:51:07 +0300
commit	ff63d75797ddcaf223197e12b12def2b0803588c (patch)
tree	60b1db2e1604fa93f0bc96511db6fdd06583e05b
parent	6f9ff50bed6f38ed849d4699f4fcdde4d540e419 (diff)
download	libmicrohttpd-ff63d75797ddcaf223197e12b12def2b0803588c.tar.gz libmicrohttpd-ff63d75797ddcaf223197e12b12def2b0803588c.zip