diff options
Diffstat (limited to 'doc/microhttpd.texi')
-rw-r--r-- | doc/microhttpd.texi | 131 |
1 files changed, 123 insertions, 8 deletions
diff --git a/doc/microhttpd.texi b/doc/microhttpd.texi index 507490d0..aaeb5da9 100644 --- a/doc/microhttpd.texi +++ b/doc/microhttpd.texi | |||
@@ -117,7 +117,7 @@ GNU libmicrohttpd is a GNU package. | |||
117 | * microhttpd-inspect:: Implementing external @code{select}. | 117 | * microhttpd-inspect:: Implementing external @code{select}. |
118 | * microhttpd-requests:: Handling requests. | 118 | * microhttpd-requests:: Handling requests. |
119 | * microhttpd-responses:: Building responses to requests. | 119 | * microhttpd-responses:: Building responses to requests. |
120 | * microhttpd-dauth:: Utilizing Digest Authentication. | 120 | * microhttpd-dauth:: Utilizing Authentication. |
121 | * microhttpd-post:: Adding a @code{POST} processor. | 121 | * microhttpd-post:: Adding a @code{POST} processor. |
122 | * microhttpd-info:: Obtaining status information. | 122 | * microhttpd-info:: Obtaining status information. |
123 | 123 | ||
@@ -259,7 +259,6 @@ alternative type and also define @code{MHD_LONG_LONG_PRINTF} to the | |||
259 | corresponding format string for printing such a data type (without | 259 | corresponding format string for printing such a data type (without |
260 | the percent sign). | 260 | the percent sign). |
261 | 261 | ||
262 | |||
263 | @c ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | 262 | @c ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
264 | 263 | ||
265 | @c ------------------------------------------------------------ | 264 | @c ------------------------------------------------------------ |
@@ -449,6 +448,20 @@ HTTPS daemon. This option should be followed by an | |||
449 | "const char*" argument. | 448 | "const char*" argument. |
450 | This should be used in conjunction with 'MHD_OPTION_HTTPS_MEM_KEY'. | 449 | This should be used in conjunction with 'MHD_OPTION_HTTPS_MEM_KEY'. |
451 | 450 | ||
451 | @item MHD_OPTION_HTTPS_MEM_TRUST | ||
452 | @cindex SSL | ||
453 | @cindex TLS | ||
454 | Memory pointer to the CA certificate to be used by the | ||
455 | HTTPS daemon to authenticate and trust clients certificates. | ||
456 | This option should be followed by an "const char*" argument. | ||
457 | The presence of this option activates the request of certificate | ||
458 | to the client. The request to the client is marked optional, and | ||
459 | it is the responsability of the server to check the presence | ||
460 | of the certificate if needed. | ||
461 | Note that most browsers will only present a client certificate | ||
462 | only if they have one matching the specified CA, not sending | ||
463 | any certificate otherwise. | ||
464 | |||
452 | @item MHD_OPTION_HTTPS_CRED_TYPE | 465 | @item MHD_OPTION_HTTPS_CRED_TYPE |
453 | @cindex SSL | 466 | @cindex SSL |
454 | @cindex TLS | 467 | @cindex TLS |
@@ -680,6 +693,12 @@ Takes no extra arguments. Allows finding out the TLS/SSL protocol used | |||
680 | Takes no extra arguments. Allows access to the underlying GNUtls session | 693 | Takes no extra arguments. Allows access to the underlying GNUtls session |
681 | (HTTPS connections only). | 694 | (HTTPS connections only). |
682 | 695 | ||
696 | @item MHD_CONNECTION_INFO_GNUTLS_CLIENT_CERT | ||
697 | Allows access to the underlying GNUtls client certificate. | ||
698 | Equivalent to calling directly MHD_cert_auth_get_certificate. | ||
699 | Takes no extra arguments. | ||
700 | (HTTPS connections only). | ||
701 | |||
683 | @end table | 702 | @end table |
684 | @end deftp | 703 | @end deftp |
685 | 704 | ||
@@ -1263,7 +1282,7 @@ the @code{MHD_Response} object is released. | |||
1263 | 1282 | ||
1264 | @c ------------------------------------------------------------ | 1283 | @c ------------------------------------------------------------ |
1265 | @node microhttpd-response create | 1284 | @node microhttpd-response create |
1266 | @section Creating response objects | 1285 | @section Creating a response object |
1267 | 1286 | ||
1268 | 1287 | ||
1269 | @deftypefun {struct MHD_Response *} MHD_create_response_from_callback (uint64_t size, size_t block_size, MHD_ContentReaderCallback crc, void *crc_cls, MHD_ContentReaderFreeCallback crfc) | 1288 | @deftypefun {struct MHD_Response *} MHD_create_response_from_callback (uint64_t size, size_t block_size, MHD_ContentReaderCallback crc, void *crc_cls, MHD_ContentReaderFreeCallback crfc) |
@@ -1457,7 +1476,68 @@ We should not modify the value, unless we know what we are doing. | |||
1457 | 1476 | ||
1458 | @c ------------------------------------------------------------ | 1477 | @c ------------------------------------------------------------ |
1459 | @node microhttpd-dauth | 1478 | @node microhttpd-dauth |
1460 | @chapter Utilizing Digest Authentication | 1479 | @chapter Utilizing Authentication |
1480 | |||
1481 | @noindent | ||
1482 | @mhd{} support three types of client authentication. | ||
1483 | |||
1484 | Basic authentication uses a simple authentication method based | ||
1485 | on BASE64 algorithm. Username and password are exchanged in clear | ||
1486 | between the client and the server, so this method must only be used | ||
1487 | for non-sensitive content or when the session is protected with https. | ||
1488 | When using basic authentication @mhd{} will have access to the clear | ||
1489 | password, possibily allowing to create a chained authentication | ||
1490 | toward an external authentication server. | ||
1491 | |||
1492 | Digest authentication uses a one-way authentication method based | ||
1493 | on MD5 hash algorithm. Only the hash will transit over the network, | ||
1494 | hence protecting the user password. The nonce will prevent replay | ||
1495 | attacks. This method is appropriate for general use, especially | ||
1496 | when https is not used to encrypt the session. | ||
1497 | |||
1498 | Client certificate authentication uses a X.509 certificate from | ||
1499 | the client. This is the strongest authentication mechanism but it | ||
1500 | requires the use of https. Client certificate authentication can | ||
1501 | be used simultaneously with Basic or Digest Authentication in order | ||
1502 | to provide a two levels authentication (like for instance separate | ||
1503 | machine and user authentication). | ||
1504 | |||
1505 | @menu | ||
1506 | * microhttpd-dauth basic:: Using Basic Authentication. | ||
1507 | * microhttpd-dauth digest:: Using Digest Authentication. | ||
1508 | * microhttpd-dauth cert:: Using Client Certificate Authentication. | ||
1509 | @end menu | ||
1510 | |||
1511 | @c ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | ||
1512 | |||
1513 | @c ------------------------------------------------------------ | ||
1514 | @node microhttpd-dauth basic | ||
1515 | @section Using Basic Authentication | ||
1516 | |||
1517 | @deftypefun {char *} MHD_basic_auth_get_username_password (struct MHD_Connection *connection, char** password) | ||
1518 | Get the username and password from the basic authorization header sent by the client. | ||
1519 | Return @mynull{} if no username could be found, a pointer to the username if found. | ||
1520 | If returned value is not @mynull{}, the value must be free()'ed. | ||
1521 | |||
1522 | @var{password} reference a buffer to store the password. It can be @mynull{}. | ||
1523 | If returned value is not @mynull{}, the value must be free()'ed. | ||
1524 | @end deftypefun | ||
1525 | |||
1526 | @deftypefun {int} MHD_queue_basic_auth_fail_response (struct MHD_Connection *connection, const char *realm, struct MHD_Response *response) | ||
1527 | Queues a response to request basic authentication from the client. | ||
1528 | Return @code{MHD_YES} if successful, otherwise @code{MHD_NO}. | ||
1529 | |||
1530 | @var{realm} must reference to a zero-terminated string representing the realm. | ||
1531 | |||
1532 | @var{response} a response structure to specify what shall be presented to the | ||
1533 | client with a 401 HTTP status. | ||
1534 | @end deftypefun | ||
1535 | |||
1536 | @c ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | ||
1537 | |||
1538 | @c ------------------------------------------------------------ | ||
1539 | @node microhttpd-dauth digest | ||
1540 | @section Using Digest Authentication | ||
1461 | 1541 | ||
1462 | @deftypefun {char *} MHD_digest_auth_get_username (struct MHD_Connection *connection) | 1542 | @deftypefun {char *} MHD_digest_auth_get_username (struct MHD_Connection *connection) |
1463 | Find and return a pointer to the username value from the request header. | 1543 | Find and return a pointer to the username value from the request header. |
@@ -1467,7 +1547,7 @@ If returned value is not @mynull{}, the value must be free()'ed. | |||
1467 | 1547 | ||
1468 | @deftypefun int MHD_digest_auth_check (struct MHD_Connection *connection, const char *realm, const char *username, const char *password, unsigned int nonce_timeout) | 1548 | @deftypefun int MHD_digest_auth_check (struct MHD_Connection *connection, const char *realm, const char *username, const char *password, unsigned int nonce_timeout) |
1469 | Checks if the provided values in the WWW-Authenticate header are valid | 1549 | Checks if the provided values in the WWW-Authenticate header are valid |
1470 | and sound according to RFC2716. If valid return MHD_YES, otherwise return MHD_NO. | 1550 | and sound according to RFC2716. If valid return @code{MHD_YES}, otherwise return @code{MHD_NO}. |
1471 | 1551 | ||
1472 | @var{realm} must reference to a zero-terminated string representing the realm. | 1552 | @var{realm} must reference to a zero-terminated string representing the realm. |
1473 | 1553 | ||
@@ -1483,7 +1563,9 @@ Most of the time it is sound to specify 300 seconds as its values. | |||
1483 | 1563 | ||
1484 | @deftypefun int MHD_queue_auth_fail_response (struct MHD_Connection *connection, const char *realm, const char *opaque, struct MHD_Response *response, int signal_stale) | 1564 | @deftypefun int MHD_queue_auth_fail_response (struct MHD_Connection *connection, const char *realm, const char *opaque, struct MHD_Response *response, int signal_stale) |
1485 | Queues a response to request authentication from the client, | 1565 | Queues a response to request authentication from the client, |
1486 | return MHD_YES if successful, otherwise MHD_NO. | 1566 | return @code{MHD_YES} if successful, otherwise @code{MHD_NO}. |
1567 | |||
1568 | @var{realm} must reference to a zero-terminated string representing the realm. | ||
1487 | 1569 | ||
1488 | @var{opaque} must reference to a zero-terminated string representing a value | 1570 | @var{opaque} must reference to a zero-terminated string representing a value |
1489 | that gets passed to the client and expected to be passed again to the server | 1571 | that gets passed to the client and expected to be passed again to the server |
@@ -1494,8 +1576,8 @@ client with a 401 HTTP status. | |||
1494 | 1576 | ||
1495 | @var{signal_stale} a value that signals "stale=true" in the response header to | 1577 | @var{signal_stale} a value that signals "stale=true" in the response header to |
1496 | indicate the invalidity of the nonce and no need to ask for authentication | 1578 | indicate the invalidity of the nonce and no need to ask for authentication |
1497 | parameters and only a new nonce gets generated. MHD_YES to generate a new | 1579 | parameters and only a new nonce gets generated. @code{MHD_YES} to generate a new |
1498 | nonce, MHD_NO to ask for authentication parameters. | 1580 | nonce, @code{MHD_NO} to ask for authentication parameters. |
1499 | @end deftypefun | 1581 | @end deftypefun |
1500 | 1582 | ||
1501 | Example: handling digest authentication requests and responses. | 1583 | Example: handling digest authentication requests and responses. |
@@ -1563,6 +1645,39 @@ ahc_echo (void *cls, | |||
1563 | @c ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | 1645 | @c ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
1564 | 1646 | ||
1565 | @c ------------------------------------------------------------ | 1647 | @c ------------------------------------------------------------ |
1648 | @node microhttpd-dauth cert | ||
1649 | @section Using Client Certificate Authentication | ||
1650 | |||
1651 | @deftypefun {void *} MHD_cert_auth_get_certificate (struct MHD_Connection *connection) | ||
1652 | Get the client's X.509 certificate. | ||
1653 | Return @mynull{} if no valid client certificate was found, a pointer to the certificate | ||
1654 | (which can be casted to gnutls_x509_crt_t) if found. | ||
1655 | The certificate is cached between calls for a same https session and must not but | ||
1656 | manually modified or free()'ed. | ||
1657 | @end deftypefun | ||
1658 | |||
1659 | @deftypefun {char *} MHD_cert_auth_get_dn (struct MHD_Connection *connection) | ||
1660 | Get the distinguished name from the client's certificate. | ||
1661 | Return @mynull{} if the certificate doesn't contain a dn or if no valid certificate was | ||
1662 | found, a pointer to the dn if found. If returned value is not @mynull{}, the value must | ||
1663 | be free()'ed. | ||
1664 | @end deftypefun | ||
1665 | |||
1666 | @deftypefun {char *} MHD_cert_auth_get_alt_name (struct MHD_Connection *connection, int nametype, unsigned int index) | ||
1667 | Get the alternative name of specified type from the client's certificate. | ||
1668 | Return @mynull{} if the certificate doesn't contain a matching alternative name or if no | ||
1669 | valid certificate was found, a pointer to the alternative name if found. If returned | ||
1670 | value is not @mynull{}, the value must be free()'ed. | ||
1671 | |||
1672 | @var{nametype} The requested name type (of type 'enum gnutls_x509_subject_alt_name_t') | ||
1673 | |||
1674 | @var{index} The position of the alternative name if multiple names are matching the | ||
1675 | requested type, 0 for the first matching name | ||
1676 | @end deftypefun | ||
1677 | |||
1678 | @c ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | ||
1679 | |||
1680 | @c ------------------------------------------------------------ | ||
1566 | @node microhttpd-post | 1681 | @node microhttpd-post |
1567 | @chapter Adding a @code{POST} processor | 1682 | @chapter Adding a @code{POST} processor |
1568 | @cindex POST method | 1683 | @cindex POST method |