MHD_basic_auth_get_username_password3(): added new public API function

author: Evgeny Grin (Karlson2k) <k2k@narod.ru> 2022-06-07 19:29:58 +0300
committer: Evgeny Grin (Karlson2k) <k2k@narod.ru> 2022-06-08 16:52:50 +0300
commit: 929e046215d1323e5e4c5fed91c9c4a8b37e07c9 (patch)
tree: ca6c667958fd53a0c5636b55d24e2e37357c10b9 /src
parent: 72e6f27fce0193be5d1f2c15ca3123f9e33f2029 (diff)
download: libmicrohttpd-929e046215d1323e5e4c5fed91c9c4a8b37e07c9.tar.gz
libmicrohttpd-929e046215d1323e5e4c5fed91c9c4a8b37e07c9.zip
2 files changed, 140 insertions, 1 deletions
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index 877201e2..ada9af5d 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -96,7 +96,7 @@ extern "C"
 * they are parsed as decimal numbers.
 * Example: 0x01093001 = 1.9.30-1.
 */
-#define MHD_VERSION 0x00097516
+#define MHD_VERSION 0x00097517
 /* If generic headers don't work on your platform, include headers
   which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t',
@@ -4634,12 +4634,59 @@ MHD_queue_auth_fail_response (struct MHD_Connection *connection,
 /**
+ * Information decoded from Basic Authentication client's header.
+ *
+ * The username and the password are technically allowed to have binary zeros,
+ * username_len and password_len could be used to detect such situations.
+ *
+ * The buffers pointed by username and password members are freed
+ * when #MHD_free() is called for pointer to this structure.
+ *
+ * Application may modify buffers as needed until #MHD_free() is called for
+ * pointer to this structure
+ */
+struct MHD_BasicAuthInfo
+{
+  /**
+   * The username, cannot be NULL
+   */
+  char *username;
+  /**
+   * The length of the @a username, not including zero-termination
+   */
+  size_t username_len;
+  /**
+   * The password, may be NULL if password is not encoded by the client
+   */
+  char *password;
+  /**
+   * The length of the @a password, not including zero-termination
+   */
+  size_t password_len;
+};
+/**
+ * Get the username and password from the Basic Authorisation header
+ * sent by the client
+ *
+ * @param connection the MHD connection structure
+ * @return NULL not valid Basic Authentication header is present in
+ *         current request, or pointer to structure with username and
+ *         password, which must be freed by #MHD_free().
+ * @note Available since #MHD_VERSION 0x00097517
+ * @ingroup authentication
+ */
+_MHD_EXTERN struct MHD_BasicAuthInfo *
+MHD_basic_auth_get_username_password3 (struct MHD_Connection *connection);
+/**
 * Get the username and password from the basic authorization header sent by the client
 *
 * @param connection The MHD connection structure
 * @param[out] password a pointer for the password, free using #MHD_free().
 * @return NULL if no username could be found, a pointer
 *      to the username if found, free using #MHD_free().
+ * @deprecated use #MHD_basic_auth_get_username_password3()
 * @ingroup authentication
 */
 _MHD_EXTERN char *
diff --git a/src/microhttpd/basicauth.c b/src/microhttpd/basicauth.c
index 0115c7d3..fb7bed0f 100644
--- a/src/microhttpd/basicauth.c
+++ b/src/microhttpd/basicauth.c
@@ -56,12 +56,104 @@ get_rq_bauth_params (struct MHD_Connection *connection)
 /**
+ * Get the username and password from the Basic Authorisation header
+ * sent by the client
+ *
+ * @param connection the MHD connection structure
+ * @return NULL not valid Basic Authentication header is present in
+ *         current request, or pointer to structure with username and
+ *         password, which must be freed by #MHD_free().
+ * @note Available since #MHD_VERSION 0x00097517
+ * @ingroup authentication
+ */
+_MHD_EXTERN struct MHD_BasicAuthInfo *
+MHD_basic_auth_get_username_password3 (struct MHD_Connection *connection)
+{
+  const struct MHD_RqBAuth *params;
+  char *decoded;
+  size_t decoded_len;
+  struct MHD_BasicAuthInfo *ret;
+  size_t username_len;
+  char *colon;
+  size_t password_pos;
+  size_t password_len;
+  params = get_rq_bauth_params (connection);
+  if (NULL == params)
+    return NULL;
+  if ((NULL == params->token68.str) || (0 == params->token68.len))
+    return NULL;
+  decoded = BASE64Decode (params->token68.str, params->token68.len,
+                          &decoded_len);
+  if ((NULL == decoded) || (0 == decoded_len))
+  {
+#ifdef HAVE_MESSAGES
+    MHD_DLOG (connection->daemon,
+              _ ("Error decoding Basic Authorization authentication.\n"));
+#endif /* HAVE_MESSAGES */
+    if (NULL != decoded)
+      free (decoded);
+    return NULL;
+  }
+  colon = memchr (decoded, ':', decoded_len);
+  if (NULL != colon)
+  {
+    username_len = (size_t) (colon - decoded);
+    password_pos = username_len + 1;
+    password_len = decoded_len - password_pos;
+  }
+  else
+    username_len = decoded_len;
+  ret = (struct MHD_BasicAuthInfo *) malloc (sizeof(struct MHD_BasicAuthInfo)
+                                             + decoded_len + 1);
+  if (NULL == ret)
+  {
+    free (decoded);
+#ifdef HAVE_MESSAGES
+    MHD_DLOG (connection->daemon,
+              _ ("Failed to allocate memory to process " \
+                 "Basic Authorization authentication.\n"));
+#endif /* HAVE_MESSAGES */
+    return NULL;
+  }
+  ret->username = (char *) (ret + 1);
+  memcpy (ret->username, decoded, decoded_len);
+  free (decoded);
+  ret->username[username_len] = 0; /* Zero-terminate the string */
+  ret->username_len = username_len;
+  if (NULL != colon)
+  {
+    mhd_assert (decoded_len >= password_pos);
+    mhd_assert (decoded_len > password_pos || 0 == password_len);
+    mhd_assert (decoded_len > password_len);
+    mhd_assert (decoded_len > username_len);
+    ret->password = ret->username + password_pos;
+    ret->password[password_len] = 0; /* Zero-terminate the string */
+    ret->password_len = password_len;
+  }
+  else
+  {
+    ret->password = NULL;
+    ret->password_len = 0;
+  }
+  return ret;
+}
+/**
 * Get the username and password from the basic authorization header sent by the client
 *
 * @param connection The MHD connection structure
 * @param[out] password a pointer for the password, free using #MHD_free().
 * @return NULL if no username could be found, a pointer
 *      to the username if found, free using #MHD_free().
+ * @deprecated use #MHD_basic_auth_get_username_password3()
 * @ingroup authentication
 */
 _MHD_EXTERN char *
author	Evgeny Grin (Karlson2k) <k2k@narod.ru>	2022-06-07 19:29:58 +0300
committer	Evgeny Grin (Karlson2k) <k2k@narod.ru>	2022-06-08 16:52:50 +0300
commit	929e046215d1323e5e4c5fed91c9c4a8b37e07c9 (patch)
tree	ca6c667958fd53a0c5636b55d24e2e37357c10b9 /src
parent	72e6f27fce0193be5d1f2c15ca3123f9e33f2029 (diff)
download	libmicrohttpd-929e046215d1323e5e4c5fed91c9c4a8b37e07c9.tar.gz libmicrohttpd-929e046215d1323e5e4c5fed91c9c4a8b37e07c9.zip

diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h index 877201e2..ada9af5d 100644 --- a/src/include/microhttpd.h +++ b/src/include/microhttpd.h
@@ -96,7 +96,7 @@ extern "C"
96	* they are parsed as decimal numbers.	96	* they are parsed as decimal numbers.
97	* Example: 0x01093001 = 1.9.30-1.	97	* Example: 0x01093001 = 1.9.30-1.
98	*/	98	*/
99	#define MHD_VERSION 0x00097516	99	#define MHD_VERSION 0x00097517
100		100
101	/* If generic headers don't work on your platform, include headers	101	/* If generic headers don't work on your platform, include headers
102	which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t',	102	which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t',
@@ -4634,12 +4634,59 @@ MHD_queue_auth_fail_response (struct MHD_Connection *connection,
4634		4634
4635		4635
4636	/**	4636	/**
		4637	* Information decoded from Basic Authentication client's header.
		4638	*
		4639	* The username and the password are technically allowed to have binary zeros,
		4640	* username_len and password_len could be used to detect such situations.
		4641	*
		4642	* The buffers pointed by username and password members are freed
		4643	* when #MHD_free() is called for pointer to this structure.
		4644	*
		4645	* Application may modify buffers as needed until #MHD_free() is called for
		4646	* pointer to this structure
		4647	*/
		4648	struct MHD_BasicAuthInfo
		4649	{
		4650	/**
		4651	* The username, cannot be NULL
		4652	*/
		4653	char *username;
		4654	/**
		4655	* The length of the @a username, not including zero-termination
		4656	*/
		4657	size_t username_len;
		4658	/**
		4659	* The password, may be NULL if password is not encoded by the client
		4660	*/
		4661	char *password;
		4662	/**
		4663	* The length of the @a password, not including zero-termination
		4664	*/
		4665	size_t password_len;
		4666	};
		4667
		4668	/**
		4669	* Get the username and password from the Basic Authorisation header
		4670	* sent by the client
		4671	*
		4672	* @param connection the MHD connection structure
		4673	* @return NULL not valid Basic Authentication header is present in
		4674	* current request, or pointer to structure with username and
		4675	* password, which must be freed by #MHD_free().
		4676	* @note Available since #MHD_VERSION 0x00097517
		4677	* @ingroup authentication
		4678	*/
		4679	_MHD_EXTERN struct MHD_BasicAuthInfo *
		4680	MHD_basic_auth_get_username_password3 (struct MHD_Connection *connection);
		4681
		4682	/**
4637	* Get the username and password from the basic authorization header sent by the client	4683	* Get the username and password from the basic authorization header sent by the client
4638	*	4684	*
4639	* @param connection The MHD connection structure	4685	* @param connection The MHD connection structure
4640	* @param[out] password a pointer for the password, free using #MHD_free().	4686	* @param[out] password a pointer for the password, free using #MHD_free().
4641	* @return NULL if no username could be found, a pointer	4687	* @return NULL if no username could be found, a pointer
4642	* to the username if found, free using #MHD_free().	4688	* to the username if found, free using #MHD_free().
		4689	* @deprecated use #MHD_basic_auth_get_username_password3()
4643	* @ingroup authentication	4690	* @ingroup authentication
4644	*/	4691	*/
4645	_MHD_EXTERN char *	4692	_MHD_EXTERN char *


diff --git a/src/microhttpd/basicauth.c b/src/microhttpd/basicauth.c index 0115c7d3..fb7bed0f 100644 --- a/src/microhttpd/basicauth.c +++ b/src/microhttpd/basicauth.c
@@ -56,12 +56,104 @@ get_rq_bauth_params (struct MHD_Connection *connection)
56		56
57		57
58	/**	58	/**
		59	* Get the username and password from the Basic Authorisation header
		60	* sent by the client
		61	*
		62	* @param connection the MHD connection structure
		63	* @return NULL not valid Basic Authentication header is present in
		64	* current request, or pointer to structure with username and
		65	* password, which must be freed by #MHD_free().
		66	* @note Available since #MHD_VERSION 0x00097517
		67	* @ingroup authentication
		68	*/
		69	_MHD_EXTERN struct MHD_BasicAuthInfo *
		70	MHD_basic_auth_get_username_password3 (struct MHD_Connection *connection)
		71	{
		72	const struct MHD_RqBAuth *params;
		73	char *decoded;
		74	size_t decoded_len;
		75	struct MHD_BasicAuthInfo *ret;
		76	size_t username_len;
		77	char *colon;
		78	size_t password_pos;
		79	size_t password_len;
		80
		81	params = get_rq_bauth_params (connection);
		82
		83	if (NULL == params)
		84	return NULL;
		85
		86	if ((NULL == params->token68.str) \|\| (0 == params->token68.len))
		87	return NULL;
		88
		89	decoded = BASE64Decode (params->token68.str, params->token68.len,
		90	&decoded_len);
		91	if ((NULL == decoded) \|\| (0 == decoded_len))
		92	{
		93	#ifdef HAVE_MESSAGES
		94	MHD_DLOG (connection->daemon,
		95	_ ("Error decoding Basic Authorization authentication.\n"));
		96	#endif /* HAVE_MESSAGES */
		97	if (NULL != decoded)
		98	free (decoded);
		99	return NULL;
		100	}
		101	colon = memchr (decoded, ':', decoded_len);
		102	if (NULL != colon)
		103	{
		104	username_len = (size_t) (colon - decoded);
		105	password_pos = username_len + 1;
		106	password_len = decoded_len - password_pos;
		107	}
		108	else
		109	username_len = decoded_len;
		110
		111	ret = (struct MHD_BasicAuthInfo *) malloc (sizeof(struct MHD_BasicAuthInfo)
		112	+ decoded_len + 1);
		113	if (NULL == ret)
		114	{
		115	free (decoded);
		116	#ifdef HAVE_MESSAGES
		117	MHD_DLOG (connection->daemon,
		118	_ ("Failed to allocate memory to process " \
		119	"Basic Authorization authentication.\n"));
		120	#endif /* HAVE_MESSAGES */
		121	return NULL;
		122	}
		123
		124	ret->username = (char *) (ret + 1);
		125	memcpy (ret->username, decoded, decoded_len);
		126	free (decoded);
		127	ret->username[username_len] = 0; /* Zero-terminate the string */
		128	ret->username_len = username_len;
		129	if (NULL != colon)
		130	{
		131	mhd_assert (decoded_len >= password_pos);
		132	mhd_assert (decoded_len > password_pos \|\| 0 == password_len);
		133	mhd_assert (decoded_len > password_len);
		134	mhd_assert (decoded_len > username_len);
		135	ret->password = ret->username + password_pos;
		136	ret->password[password_len] = 0; /* Zero-terminate the string */
		137	ret->password_len = password_len;
		138	}
		139	else
		140	{
		141	ret->password = NULL;
		142	ret->password_len = 0;
		143	}
		144
		145	return ret;
		146	}
		147
		148
		149	/**
59	* Get the username and password from the basic authorization header sent by the client	150	* Get the username and password from the basic authorization header sent by the client
60	*	151	*
61	* @param connection The MHD connection structure	152	* @param connection The MHD connection structure
62	* @param[out] password a pointer for the password, free using #MHD_free().	153	* @param[out] password a pointer for the password, free using #MHD_free().
63	* @return NULL if no username could be found, a pointer	154	* @return NULL if no username could be found, a pointer
64	* to the username if found, free using #MHD_free().	155	* to the username if found, free using #MHD_free().
		156	* @deprecated use #MHD_basic_auth_get_username_password3()
65	* @ingroup authentication	157	* @ingroup authentication
66	*/	158	*/
67	_MHD_EXTERN char *	159	_MHD_EXTERN char *