diff options
author | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-07-26 14:17:53 +0300 |
---|---|---|
committer | Evgeny Grin (Karlson2k) <k2k@narod.ru> | 2022-07-30 22:28:41 +0300 |
commit | 5aa16f7e31e888ff197f7517b78598af4b2dcaa8 (patch) | |
tree | 22f87546c565a4db0e8bc177e32eab7be6fe54d7 /src/microhttpd | |
parent | 9eb7b4de6447f4821b2e47ce31a8243c85e5bc96 (diff) | |
download | libmicrohttpd-5aa16f7e31e888ff197f7517b78598af4b2dcaa8.tar.gz libmicrohttpd-5aa16f7e31e888ff197f7517b78598af4b2dcaa8.zip |
digestauth: added dynamic detection and use of the algo specified by client
Diffstat (limited to 'src/microhttpd')
-rw-r--r-- | src/microhttpd/digestauth.c | 58 |
1 files changed, 35 insertions, 23 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index f8f06d6d..00901943 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
@@ -1996,8 +1996,8 @@ is_param_equal_caseless (const struct MHD_RqDAuthParam *param, | |||
1996 | * zero for no limit | 1996 | * zero for no limit |
1997 | * @param mqop the QOP to use, currently the only allowed value is | 1997 | * @param mqop the QOP to use, currently the only allowed value is |
1998 | * #MHD_DIGEST_AUTH_MULT_QOP_AUTH | 1998 | * #MHD_DIGEST_AUTH_MULT_QOP_AUTH |
1999 | * @param malgo3 digest algorithms to use, if several algorithms are specified | 1999 | * @param malgo3 digest algorithms allowed to use, fail if algorithm specified |
2000 | * then MD5 is used (if allowed) | 2000 | * by the client is not allowed by this parameter |
2001 | * @param[out] pbuf the pointer to pointer to internally malloc'ed buffer, | 2001 | * @param[out] pbuf the pointer to pointer to internally malloc'ed buffer, |
2002 | * to be free if not NULL upon return | 2002 | * to be free if not NULL upon return |
2003 | * @return #MHD_DAUTH_OK if authenticated, | 2003 | * @return #MHD_DAUTH_OK if authenticated, |
@@ -2017,7 +2017,7 @@ digest_auth_check_all_inner (struct MHD_Connection *connection, | |||
2017 | char **pbuf) | 2017 | char **pbuf) |
2018 | { | 2018 | { |
2019 | struct MHD_Daemon *daemon = MHD_get_master (connection->daemon); | 2019 | struct MHD_Daemon *daemon = MHD_get_master (connection->daemon); |
2020 | enum MHD_DigestAuthAlgo3 s_algo; /**< Selected algorithm */ | 2020 | enum MHD_DigestAuthAlgo3 c_algo; /**< Client's algorithm */ |
2021 | struct DigestAlgorithm da; | 2021 | struct DigestAlgorithm da; |
2022 | unsigned int digest_size; | 2022 | unsigned int digest_size; |
2023 | uint8_t hash1_bin[MAX_DIGEST]; | 2023 | uint8_t hash1_bin[MAX_DIGEST]; |
@@ -2047,10 +2047,14 @@ digest_auth_check_all_inner (struct MHD_Connection *connection, | |||
2047 | return MHD_DAUTH_WRONG_HEADER; | 2047 | return MHD_DAUTH_WRONG_HEADER; |
2048 | 2048 | ||
2049 | /* ** Initial parameters checks and setup ** */ | 2049 | /* ** Initial parameters checks and setup ** */ |
2050 | if (MHD_DIGEST_AUTH_MULT_QOP_AUTH != mqop) | 2050 | /* Get client's algorithm */ |
2051 | MHD_PANIC (_ ("Wrong 'mqop' value, API violation")); | 2051 | c_algo = get_rq_algo (params); |
2052 | 2052 | /* Check whether client's algorithm is allowed by function parameter */ | |
2053 | if (0 != (((unsigned int) malgo3) & MHD_DIGEST_AUTH_ALGO3_SESSION)) | 2053 | if (((unsigned int) c_algo) != |
2054 | (((unsigned int) c_algo) & ((unsigned int) malgo3))) | ||
2055 | return MHD_DAUTH_WRONG_ALGO; | ||
2056 | /* Check whether client's algorithm is supported */ | ||
2057 | if (0 != (((unsigned int) c_algo) & MHD_DIGEST_AUTH_ALGO3_SESSION)) | ||
2054 | { | 2058 | { |
2055 | #ifdef HAVE_MESSAGES | 2059 | #ifdef HAVE_MESSAGES |
2056 | MHD_DLOG (connection->daemon, | 2060 | MHD_DLOG (connection->daemon, |
@@ -2058,14 +2062,20 @@ digest_auth_check_all_inner (struct MHD_Connection *connection, | |||
2058 | #endif /* HAVE_MESSAGES */ | 2062 | #endif /* HAVE_MESSAGES */ |
2059 | return MHD_DAUTH_WRONG_ALGO; | 2063 | return MHD_DAUTH_WRONG_ALGO; |
2060 | } | 2064 | } |
2061 | if (0 != (((unsigned int) malgo3) & MHD_DIGEST_BASE_ALGO_MD5)) | 2065 | if (0 != (((unsigned int) c_algo) & MHD_DIGEST_BASE_ALGO_SHA512_256)) |
2062 | s_algo = MHD_DIGEST_AUTH_ALGO3_MD5; | 2066 | { |
2063 | else if (0 != (((unsigned int) malgo3) & MHD_DIGEST_BASE_ALGO_SHA256)) | 2067 | #ifdef HAVE_MESSAGES |
2064 | s_algo = MHD_DIGEST_AUTH_ALGO3_SHA256; | 2068 | MHD_DLOG (connection->daemon, |
2065 | else | 2069 | _ ("The SHA-512/256 algorithm is not supported.\n")); |
2066 | MHD_PANIC (_ ("Wrong 'malgo3' value, API violation")); | 2070 | #endif /* HAVE_MESSAGES */ |
2067 | if (! digest_setup (&da, get_base_digest_algo (s_algo))) | 2071 | return MHD_DAUTH_WRONG_ALGO; |
2072 | } | ||
2073 | if (! digest_setup (&da, get_base_digest_algo (c_algo))) | ||
2068 | MHD_PANIC (_ ("Wrong 'malgo3' value, API violation")); | 2074 | MHD_PANIC (_ ("Wrong 'malgo3' value, API violation")); |
2075 | /* Check 'mqop' value */ | ||
2076 | if (MHD_DIGEST_AUTH_MULT_QOP_AUTH != mqop) | ||
2077 | MHD_PANIC (_ ("Wrong 'mqop' value, API violation")); | ||
2078 | |||
2069 | digest_size = digest_get_size (&da); | 2079 | digest_size = digest_get_size (&da); |
2070 | 2080 | ||
2071 | /* ** A quick check for presence of all required parameters ** */ | 2081 | /* ** A quick check for presence of all required parameters ** */ |
@@ -2438,8 +2448,8 @@ digest_auth_check_all_inner (struct MHD_Connection *connection, | |||
2438 | * zero for no limit | 2448 | * zero for no limit |
2439 | * @param mqop the QOP to use, currently the only allowed value is | 2449 | * @param mqop the QOP to use, currently the only allowed value is |
2440 | * #MHD_DIGEST_AUTH_MULT_QOP_AUTH | 2450 | * #MHD_DIGEST_AUTH_MULT_QOP_AUTH |
2441 | * @param malgo3 digest algorithms to use, if several algorithms are specified | 2451 | * @param malgo3 digest algorithms allowed to use, fail if algorithm specified |
2442 | * then MD5 is used (if allowed) | 2452 | * by the client is not allowed by this parameter |
2443 | * @return #MHD_DAUTH_OK if authenticated, | 2453 | * @return #MHD_DAUTH_OK if authenticated, |
2444 | * error code otherwise. | 2454 | * error code otherwise. |
2445 | * @ingroup authentication | 2455 | * @ingroup authentication |
@@ -2519,11 +2529,11 @@ MHD_digest_auth_check (struct MHD_Connection *connection, | |||
2519 | * zero for no limit | 2529 | * zero for no limit |
2520 | * @param mqop the QOP to use, currently the only allowed value is | 2530 | * @param mqop the QOP to use, currently the only allowed value is |
2521 | * #MHD_DIGEST_AUTH_MULT_QOP_AUTH | 2531 | * #MHD_DIGEST_AUTH_MULT_QOP_AUTH |
2522 | * @param malgo3 digest algorithm to use, if several algorithms are specified | 2532 | * @param malgo3 digest algorithms allowed to use, fail if algorithm specified |
2523 | * then MD5 is used (if allowed) | 2533 | * by the client is not allowed by this parameter |
2524 | * @return #MHD_DAUTH_OK if authenticated, | 2534 | * @return #MHD_DAUTH_OK if authenticated, |
2525 | * the error code otherwise | 2535 | * the error code otherwise |
2526 | * @note Available since #MHD_VERSION 0x00097526 | 2536 | * @note Available since #MHD_VERSION 0x00097528 |
2527 | * @ingroup authentication | 2537 | * @ingroup authentication |
2528 | */ | 2538 | */ |
2529 | _MHD_EXTERN enum MHD_DigestAuthResult | 2539 | _MHD_EXTERN enum MHD_DigestAuthResult |
@@ -2570,12 +2580,14 @@ MHD_digest_auth_check3 (struct MHD_Connection *connection, | |||
2570 | * zero for no limit | 2580 | * zero for no limit |
2571 | * @param mqop the QOP to use, currently the only allowed value is | 2581 | * @param mqop the QOP to use, currently the only allowed value is |
2572 | * #MHD_DIGEST_AUTH_MULT_QOP_AUTH | 2582 | * #MHD_DIGEST_AUTH_MULT_QOP_AUTH |
2573 | * @param malgo3 the digest algorithms to use; both MD5-based and SHA-256-based | 2583 | * @param malgo3 digest algorithms allowed to use, fail if algorithm specified |
2574 | * algorithms cannot be used at the same time for this function | 2584 | * by the client is not allowed by this parameter; |
2575 | * as @a userdigest_size must match specified algorithm | 2585 | * both MD5-based and SHA-256-based algorithms cannot be used at |
2586 | * the same time for this function as @a userdigest_size must | ||
2587 | * match specified algorithm | ||
2576 | * @return #MHD_DAUTH_OK if authenticated, | 2588 | * @return #MHD_DAUTH_OK if authenticated, |
2577 | * the error code otherwise | 2589 | * the error code otherwise |
2578 | * @note Available since #MHD_VERSION 0x00097526 | 2590 | * @note Available since #MHD_VERSION 0x00097528 |
2579 | * @ingroup authentication | 2591 | * @ingroup authentication |
2580 | */ | 2592 | */ |
2581 | _MHD_EXTERN enum MHD_DigestAuthResult | 2593 | _MHD_EXTERN enum MHD_DigestAuthResult |