aboutsummaryrefslogtreecommitdiff
path: root/src/include/microhttpd.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/include/microhttpd.h')
-rw-r--r--src/include/microhttpd.h166
1 files changed, 155 insertions, 11 deletions
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index 1a23bc8b..450b65c5 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -96,7 +96,7 @@ extern "C"
96 * they are parsed as decimal numbers. 96 * they are parsed as decimal numbers.
97 * Example: 0x01093001 = 1.9.30-1. 97 * Example: 0x01093001 = 1.9.30-1.
98 */ 98 */
99#define MHD_VERSION 0x00097534 99#define MHD_VERSION 0x00097535
100 100
101/* If generic headers don't work on your platform, include headers 101/* If generic headers don't work on your platform, include headers
102 which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t', 102 which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t',
@@ -4543,6 +4543,8 @@ enum MHD_DigestAuthAlgo3
4543 * @return the size of the digest (either #MHD_MD5_DIGEST_SIZE or 4543 * @return the size of the digest (either #MHD_MD5_DIGEST_SIZE or
4544 * #MHD_SHA256_DIGEST_SIZE) or zero if the input value is not 4544 * #MHD_SHA256_DIGEST_SIZE) or zero if the input value is not
4545 * recognised/valid 4545 * recognised/valid
4546 * @sa #MHD_digest_auth_calc_userdigest()
4547 * @sa #MHD_digest_auth_calc_userhash(), #MHD_digest_auth_calc_userhash_hex()
4546 * @note Available since #MHD_VERSION 0x00097526 4548 * @note Available since #MHD_VERSION 0x00097526
4547 * @ingroup authentication 4549 * @ingroup authentication
4548 */ 4550 */
@@ -4642,6 +4644,97 @@ enum MHD_DigestAuthMultiAlgo3
4642 (0x3F) | MHD_DIGEST_AUTH_ALGO3_NON_SESSION | MHD_DIGEST_AUTH_ALGO3_SESSION 4644 (0x3F) | MHD_DIGEST_AUTH_ALGO3_NON_SESSION | MHD_DIGEST_AUTH_ALGO3_SESSION
4643}; 4645};
4644 4646
4647
4648/**
4649 * Calculate "userhash", return it as binary data.
4650 *
4651 * The "userhash" is the hash of the string "username:realm".
4652 *
4653 * The "Userhash" could be used to avoid sending username in cleartext in Digest
4654 * Authorization client's header.
4655 *
4656 * Userhash is not designed to hide the username in local database or files,
4657 * as username in cleartext is required for #MHD_digest_auth_check3() function
4658 * to check the response, but it can be used to hide username in HTTP headers.
4659 *
4660 * This function could be used when the new username is added to the username
4661 * database to save the "userhash" alongside with the username (preferably) or
4662 * when loading list of the usernames to generate the userhash for every loaded
4663 * username (this will cause delays at the start with the long lists).
4664 *
4665 * Once "userhash" is generated it could be used to identify users for clients
4666 * with "userhash" support.
4667 * Avoid repetitive usage of this function for the same username/realm
4668 * combination as it will cause excessive CPU load; save and re-use the result
4669 * instead.
4670 *
4671 * @param algo3 the algorithm for userhash calculations
4672 * @param username the username
4673 * @param realm the realm
4674 * @param[out] userhash_bin the output buffer for userhash as binary data;
4675 * if this function succeeds, then this buffer has
4676 * #MHD_digest_get_hash_size(algo3) bytes of userhash
4677 * upon return
4678 * @param bin_buf_size the size of the @a userhash_bin buffer, must be
4679 * at least #MHD_digest_get_hash_size(algo3) bytes long
4680 * @return MHD_YES on success, MHD_NO if @a bin_buf_size is too small or
4681 * if @a algo3 algorithm is not supported.
4682 * @note Available since #MHD_VERSION 0x00097535
4683 * @ingroup authentication
4684 */
4685_MHD_EXTERN enum MHD_Result
4686MHD_digest_auth_calc_userhash (enum MHD_DigestAuthAlgo3 algo3,
4687 const char *username,
4688 const char *realm,
4689 void *userhash_bin,
4690 size_t bin_buf_size);
4691
4692
4693/**
4694 * Calculate "userhash", return it as hexadecimal data.
4695 *
4696 * The "userhash" is the hash of the string "username:realm".
4697 *
4698 * The "Userhash" could be used to avoid sending username in cleartext in Digest
4699 * Authorization client's header.
4700 *
4701 * Userhash is not designed to hide the username in local database or files,
4702 * as username in cleartext is required for #MHD_digest_auth_check3() function
4703 * to check the response, but it can be used to hide username in HTTP headers.
4704 *
4705 * This function could be used when the new username is added to the username
4706 * database to save the "userhash" alongside with the username (preferably) or
4707 * when loading list of the usernames to generate the userhash for every loaded
4708 * username (this will cause delays at the start with the long lists).
4709 *
4710 * Once "userhash" is generated it could be used to identify users for clients
4711 * with "userhash" support.
4712 * Avoid repetitive usage of this function for the same username/realm
4713 * combination as it will cause excessive CPU load; save and re-use the result
4714 * instead.
4715 *
4716 * @param algo3 the algorithm for userhash calculations
4717 * @param username the username
4718 * @param realm the realm
4719 * @param[out] userhash_hex the output buffer for userhash as hex data;
4720 * if this function succeeds, then this buffer has
4721 * #MHD_digest_get_hash_size(algo3)*2 chars long
4722 * userhash string
4723 * @param bin_buf_size the size of the @a userhash_bin buffer, must be
4724 * at least #MHD_digest_get_hash_size(algo3)*2+1 chars long
4725 * @return MHD_YES on success, MHD_NO if @a bin_buf_size is too small or
4726 * if @a algo3 algorithm is not supported.
4727 * @note Available since #MHD_VERSION 0x00097535
4728 * @ingroup authentication
4729 */
4730_MHD_EXTERN enum MHD_Result
4731MHD_digest_auth_calc_userhash_hex (enum MHD_DigestAuthAlgo3 algo3,
4732 const char *username,
4733 const char *realm,
4734 char *userhash_hex,
4735 size_t hex_buf_size);
4736
4737
4645/** 4738/**
4646 * The type of username used by client in Digest Authorization header 4739 * The type of username used by client in Digest Authorization header
4647 * 4740 *
@@ -4671,6 +4764,7 @@ enum MHD_DigestAuthUsernameType
4671 /** 4764 /**
4672 * The username provided in form of 'userhash' as 4765 * The username provided in form of 'userhash' as
4673 * specified by RFC 7616 #section-3.4.4. 4766 * specified by RFC 7616 #section-3.4.4.
4767 * @sa #MHD_digest_auth_calc_userhash_hex(), #MHD_digest_auth_calc_userhash()
4674 */ 4768 */
4675 MHD_DIGEST_AUTH_UNAME_TYPE_USERHASH = 3, 4769 MHD_DIGEST_AUTH_UNAME_TYPE_USERHASH = 3,
4676 4770
@@ -4815,6 +4909,7 @@ struct MHD_DigestAuthInfo
4815 * with charset and language tag removed (i.e. it is original username 4909 * with charset and language tag removed (i.e. it is original username
4816 * extracted from the extended notation). 4910 * extracted from the extended notation).
4817 * This can be NULL is username is missing or invalid. 4911 * This can be NULL is username is missing or invalid.
4912 * @sa #MHD_digest_auth_calc_userhash_hex()
4818 */ 4913 */
4819 char *username; 4914 char *username;
4820 4915
@@ -4834,6 +4929,7 @@ struct MHD_DigestAuthInfo
4834 * @warning To avoid buffer overruns, always check the size of the data before 4929 * @warning To avoid buffer overruns, always check the size of the data before
4835 * use, because @a userhash_bin can point even to zero-sized 4930 * use, because @a userhash_bin can point even to zero-sized
4836 * data. 4931 * data.
4932 * @sa #MHD_digest_auth_calc_userhash()
4837 */ 4933 */
4838 uint8_t *userhash_bin; 4934 uint8_t *userhash_bin;
4839 4935
@@ -4932,13 +5028,12 @@ struct MHD_DigestAuthUsernameInfo
4932 5028
4933 /** 5029 /**
4934 * The username string. 5030 * The username string.
4935 * Valid only if username is standard, extended, or userhash.
4936 * For userhash this is unqoted string without decoding of the 5031 * For userhash this is unqoted string without decoding of the
4937 * hexadecimal digits (as provided by client). 5032 * hexadecimal digits (as provided by client).
4938 * If extended notation is used, this string is pct-decoded string 5033 * If extended notation is used, this string is pct-decoded string
4939 * with charset and language tag removed (i.e. it is original username 5034 * with charset and language tag removed (i.e. it is original username
4940 * extracted from the extended notation). 5035 * extracted from the extended notation).
4941 * This can be NULL is username is missing or invalid. 5036 * @sa #MHD_digest_auth_calc_userhash_hex()
4942 */ 5037 */
4943 char *username; 5038 char *username;
4944 5039
@@ -4958,6 +5053,7 @@ struct MHD_DigestAuthUsernameInfo
4958 * @warning To avoid buffer overruns, always check the size of the data before 5053 * @warning To avoid buffer overruns, always check the size of the data before
4959 * use, because @a userhash_bin can point even to zero-sized 5054 * use, because @a userhash_bin can point even to zero-sized
4960 * data. 5055 * data.
5056 * @sa #MHD_digest_auth_calc_userhash()
4961 */ 5057 */
4962 uint8_t *userhash_bin; 5058 uint8_t *userhash_bin;
4963}; 5059};
@@ -5086,7 +5182,8 @@ enum MHD_DigestAuthResult
5086 * 5182 *
5087 * @param connection the MHD connection structure 5183 * @param connection the MHD connection structure
5088 * @param realm the realm to be used for authorization of the client 5184 * @param realm the realm to be used for authorization of the client
5089 * @param username the username needs to be authenticated 5185 * @param username the username needs to be authenticated, must be in clear text
5186 * even if userhash is used by the client
5090 * @param password the password used in the authentication 5187 * @param password the password used in the authentication
5091 * @param nonce_timeout the nonce validity duration in seconds 5188 * @param nonce_timeout the nonce validity duration in seconds
5092 * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc 5189 * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc
@@ -5113,6 +5210,46 @@ MHD_digest_auth_check3 (struct MHD_Connection *connection,
5113 5210
5114 5211
5115/** 5212/**
5213 * Calculate userdigest, return it as binary data.
5214 *
5215 * The "userdigest" is the hash of the "username:realm:password" string.
5216 *
5217 * The "userdigest" can be used to avoid storing the password in clear text
5218 * in database/files
5219 *
5220 * This function is designed to improve security of stored credentials,
5221 * the "userdigest" does not improve security of the authentication process.
5222 *
5223 * The results can be used to store username & userdigest pairs instead of
5224 * username & password pairs. To further improve security, application may
5225 * store username & userhash & userdigest triplets.
5226 *
5227 * @param algo3 the digest algorithm
5228 * @param username the username
5229 * @param realm the realm
5230 * @param password the password, must be zero-terminated
5231 * @param[out] userdigest_bin the output buffer for userdigest;
5232 * if this function succeeds, then this buffer has
5233 * #MHD_digest_get_hash_size(algo3) bytes of
5234 * userdigest upon return
5235 * @param userdigest_bin the size of the @a userdigest_bin buffer, must be
5236 * at least #MHD_digest_get_hash_size(algo3) bytes long
5237 * @return MHD_YES on success, MHD_NO if @a userdigest_bin is too small or
5238 * if @a algo3 algorithm is not supported.
5239 * @sa #MHD_digest_auth_check_digest3()
5240 * @note Available since #MHD_VERSION 0x00097535
5241 * @ingroup authentication
5242 */
5243_MHD_EXTERN enum MHD_Result
5244MHD_digest_auth_calc_userdigest (enum MHD_DigestAuthAlgo3 algo3,
5245 const char *username,
5246 const char *realm,
5247 const char *password,
5248 void *userdigest_bin,
5249 size_t bin_buf_size);
5250
5251
5252/**
5116 * Authenticates the authorization header sent by the client by using 5253 * Authenticates the authorization header sent by the client by using
5117 * hash of "username:realm:password". 5254 * hash of "username:realm:password".
5118 * 5255 *
@@ -5125,13 +5262,15 @@ MHD_digest_auth_check3 (struct MHD_Connection *connection,
5125 * nonce and second time to perform an authorised request). 5262 * nonce and second time to perform an authorised request).
5126 * 5263 *
5127 * @param connection the MHD connection structure 5264 * @param connection the MHD connection structure
5128 * @param realm the realm presented to the client 5265 * @param realm the realm to be used for authorization of the client
5129 * @param username the username needs to be authenticated 5266 * @param username the username needs to be authenticated, must be in clear text
5267 * even if userhash is used by the client
5130 * @param userdigest the precalculated binary hash of the string 5268 * @param userdigest the precalculated binary hash of the string
5131 * "username:realm:password" 5269 * "username:realm:password",
5270 * see #MHD_digest_auth_calc_userdigest()
5132 * @param userdigest_size the size of the @a userdigest in bytes, must match the 5271 * @param userdigest_size the size of the @a userdigest in bytes, must match the
5133 * hashing algorithm (see #MHD_MD5_DIGEST_SIZE, 5272 * hashing algorithm (see #MHD_MD5_DIGEST_SIZE,
5134 * #MHD_SHA256_DIGEST_SIZE) 5273 * #MHD_SHA256_DIGEST_SIZE, #MHD_digest_get_hash_size())
5135 * @param nonce_timeout the period of seconds since nonce generation, when 5274 * @param nonce_timeout the period of seconds since nonce generation, when
5136 * the nonce is recognised as valid and not stale. 5275 * the nonce is recognised as valid and not stale.
5137 * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc 5276 * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc
@@ -5146,6 +5285,7 @@ MHD_digest_auth_check3 (struct MHD_Connection *connection,
5146 * match specified algorithm 5285 * match specified algorithm
5147 * @return #MHD_DAUTH_OK if authenticated, 5286 * @return #MHD_DAUTH_OK if authenticated,
5148 * the error code otherwise 5287 * the error code otherwise
5288 * @sa #MHD_digest_auth_calc_userdigest()
5149 * @note Available since #MHD_VERSION 0x00097528 5289 * @note Available since #MHD_VERSION 0x00097528
5150 * @ingroup authentication 5290 * @ingroup authentication
5151 */ 5291 */
@@ -5205,9 +5345,13 @@ MHD_digest_auth_check_digest3 (struct MHD_Connection *connection,
5205 * @param userhash_support if set to non-zero value (#MHD_YES) then support of 5345 * @param userhash_support if set to non-zero value (#MHD_YES) then support of
5206 * userhash is indicated, the client may provide 5346 * userhash is indicated, the client may provide
5207 * hash("username:realm") instead of username in 5347 * hash("username:realm") instead of username in
5208 * clear text; note that client is allowed to provide 5348 * clear text;
5209 * the username in cleartext even if this parameter set 5349 * note that clients are allowed to provide the username
5210 * to non-zero 5350 * in cleartext even if this parameter set to non-zero;
5351 * when userhash is used, application must be ready to
5352 * identify users by provided userhash value instead of
5353 * username; see #MHD_digest_auth_calc_userhash() and
5354 * #MHD_digest_auth_calc_userhash_hex()
5211 * @param prefer_utf8 if not set to #MHD_NO, parameter 'charset=UTF-8' is 5355 * @param prefer_utf8 if not set to #MHD_NO, parameter 'charset=UTF-8' is
5212 * added, indicating for the client that UTF-8 encoding 5356 * added, indicating for the client that UTF-8 encoding
5213 * is preferred 5357 * is preferred