diff options
author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-06-06 17:43:48 +0300 |
---|---|---|
committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-06-06 18:29:44 +0300 |
commit | eb48c2586572dd4bae8db4b2d395ef27d72af7a0 (patch) | |
tree | ff6dcde6eb3ac1d1445e94bd1a677602c7ff7d0e /src/microhttpd/digestauth.c | |
parent | 1e010db7320af28d0cf6bd5c1ca7c0ad3c79ba4d (diff) | |
download | libmicrohttpd-eb48c2586572dd4bae8db4b2d395ef27d72af7a0.tar.gz libmicrohttpd-eb48c2586572dd4bae8db4b2d395ef27d72af7a0.zip |
Simplified Digest Auth code by using the new string processing functions
Diffstat (limited to 'src/microhttpd/digestauth.c')
-rw-r--r-- | src/microhttpd/digestauth.c | 84 |
1 files changed, 42 insertions, 42 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index d94da65e..efc53130 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
@@ -1363,6 +1363,30 @@ get_unqouted_param (const struct MHD_RqDAuthParam *param, | |||
1363 | 1363 | ||
1364 | 1364 | ||
1365 | /** | 1365 | /** |
1366 | * Check whether Digest Auth request parameter is equal to given string | ||
1367 | * @param param the parameter to check | ||
1368 | * @param str the string to compare with, does not need to be zero-terminated | ||
1369 | * @param str_len the length of the @a str | ||
1370 | * @return true is parameter is equal to the given string, | ||
1371 | * false otherwise | ||
1372 | */ | ||
1373 | _MHD_static_inline bool | ||
1374 | is_param_equal (const struct MHD_RqDAuthParam *param, | ||
1375 | const char *const str, | ||
1376 | const size_t str_len) | ||
1377 | { | ||
1378 | mhd_assert (NULL != param->value.str); | ||
1379 | mhd_assert (0 != param->value.len); | ||
1380 | if (param->quoted) | ||
1381 | return MHD_str_equal_quoted_bin_n (param->value.str, param->value.len, | ||
1382 | str, str_len); | ||
1383 | return (str_len == param->value.len) && | ||
1384 | (0 == memcmp (str, param->value.str, str_len)); | ||
1385 | |||
1386 | } | ||
1387 | |||
1388 | |||
1389 | /** | ||
1366 | * Authenticates the authorization header sent by the client | 1390 | * Authenticates the authorization header sent by the client |
1367 | * | 1391 | * |
1368 | * @param connection The MHD connection structure | 1392 | * @param connection The MHD connection structure |
@@ -1413,6 +1437,8 @@ digest_auth_check_all (struct MHD_Connection *connection, | |||
1413 | #ifdef HAVE_MESSAGES | 1437 | #ifdef HAVE_MESSAGES |
1414 | bool err_logged; | 1438 | bool err_logged; |
1415 | #endif /* HAVE_MESSAGES */ | 1439 | #endif /* HAVE_MESSAGES */ |
1440 | size_t username_len; | ||
1441 | size_t realm_len; | ||
1416 | 1442 | ||
1417 | tmp2 = NULL; | 1443 | tmp2 = NULL; |
1418 | tmp2_size = 0; | 1444 | tmp2_size = 0; |
@@ -1420,35 +1446,24 @@ digest_auth_check_all (struct MHD_Connection *connection, | |||
1420 | err_logged = false; | 1446 | err_logged = false; |
1421 | #endif /* HAVE_MESSAGES */ | 1447 | #endif /* HAVE_MESSAGES */ |
1422 | 1448 | ||
1423 | params = get_rq_dauth_params (connection); | ||
1424 | if (NULL == params) | ||
1425 | return MHD_DAUTH_WRONG_HEADER; | ||
1426 | |||
1427 | do /* Only to avoid "goto" */ | 1449 | do /* Only to avoid "goto" */ |
1428 | { | 1450 | { |
1451 | |||
1452 | params = get_rq_dauth_params (connection); | ||
1453 | if (NULL == params) | ||
1454 | { | ||
1455 | ret = MHD_DAUTH_WRONG_HEADER; | ||
1456 | break; | ||
1457 | } | ||
1458 | |||
1429 | /* Check 'username' */ | 1459 | /* Check 'username' */ |
1430 | unq_res = get_unqouted_param (¶ms->username, tmp1, &tmp2, &tmp2_size, | 1460 | if (NULL == params->username.value.str) |
1431 | &unquoted); | ||
1432 | if (_MHD_UNQ_NON_EMPTY != unq_res) | ||
1433 | { | 1461 | { |
1434 | if (_MHD_UNQ_NO_STRING == unq_res) | 1462 | ret = MHD_DAUTH_WRONG_HEADER; |
1435 | ret = MHD_DAUTH_WRONG_HEADER; | ||
1436 | else if (_MHD_UNQ_EMPTY == unq_res) | ||
1437 | ret = MHD_DAUTH_WRONG_USERNAME; | ||
1438 | else if (_MHD_UNQ_TOO_LARGE == unq_res) | ||
1439 | ret = MHD_DAUTH_WRONG_HEADER; | ||
1440 | else if (_MHD_UNQ_OUT_OF_MEM == unq_res) | ||
1441 | ret = MHD_DAUTH_ERROR; | ||
1442 | else | ||
1443 | { | ||
1444 | mhd_assert (0); /* Must not happen */ | ||
1445 | ret = MHD_DAUTH_ERROR; | ||
1446 | } | ||
1447 | break; | 1463 | break; |
1448 | } | 1464 | } |
1449 | /* 'unquoted" may not contain binary zero */ | 1465 | username_len = strlen (username); |
1450 | if ( (0 != strncmp (username, unquoted.str, unquoted.len)) || | 1466 | if (! is_param_equal (¶ms->username, username, username_len)) |
1451 | (0 != username[unquoted.len]) ) | ||
1452 | { | 1467 | { |
1453 | ret = MHD_DAUTH_WRONG_USERNAME; | 1468 | ret = MHD_DAUTH_WRONG_USERNAME; |
1454 | break; | 1469 | break; |
@@ -1456,28 +1471,13 @@ digest_auth_check_all (struct MHD_Connection *connection, | |||
1456 | /* 'username' valid */ | 1471 | /* 'username' valid */ |
1457 | 1472 | ||
1458 | /* Check 'realm' */ | 1473 | /* Check 'realm' */ |
1459 | unq_res = get_unqouted_param (¶ms->realm, tmp1, &tmp2, &tmp2_size, | 1474 | if (NULL == params->realm.value.str) |
1460 | &unquoted); | ||
1461 | if (_MHD_UNQ_NON_EMPTY != unq_res) | ||
1462 | { | 1475 | { |
1463 | if (_MHD_UNQ_NO_STRING == unq_res) | 1476 | ret = MHD_DAUTH_WRONG_HEADER; |
1464 | ret = MHD_DAUTH_WRONG_HEADER; | ||
1465 | else if (_MHD_UNQ_EMPTY == unq_res) | ||
1466 | ret = MHD_DAUTH_WRONG_REALM; | ||
1467 | else if (_MHD_UNQ_TOO_LARGE == unq_res) | ||
1468 | ret = MHD_DAUTH_WRONG_HEADER; | ||
1469 | else if (_MHD_UNQ_OUT_OF_MEM == unq_res) | ||
1470 | ret = MHD_DAUTH_ERROR; | ||
1471 | else | ||
1472 | { | ||
1473 | mhd_assert (0); /* Must not happen */ | ||
1474 | ret = MHD_DAUTH_ERROR; | ||
1475 | } | ||
1476 | break; | 1477 | break; |
1477 | } | 1478 | } |
1478 | /* 'unquoted" may not contain binary zero */ | 1479 | realm_len = strlen (realm); |
1479 | if ( (0 != strncmp (realm, unquoted.str, unquoted.len)) || | 1480 | if (! is_param_equal (¶ms->realm, realm, realm_len)) |
1480 | (0 != realm[unquoted.len]) ) | ||
1481 | { | 1481 | { |
1482 | ret = MHD_DAUTH_WRONG_REALM; | 1482 | ret = MHD_DAUTH_WRONG_REALM; |
1483 | break; | 1483 | break; |