aboutsummaryrefslogtreecommitdiff
path: root/src/include/microhttpd.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/include/microhttpd.h')
-rw-r--r--src/include/microhttpd.h114
1 files changed, 111 insertions, 3 deletions
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index b9a9bcf9..7591bdc4 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -3192,7 +3192,30 @@ MHD_free (void *ptr);
3192 3192
3193 3193
3194/** 3194/**
3195 * Authenticates the authorization header sent by the client 3195 * Which digest algorithm should MHD use for HTTP digest authentication?
3196 */
3197enum MHD_DigestAuthAlgorithm {
3198
3199 /**
3200 * MHD should pick (currently defaults to SHA-256).
3201 */
3202 MHD_DIGEST_ALG_AUTO = 0,
3203
3204 /**
3205 * Force use of MD5.
3206 */
3207 MHD_DIGEST_ALG_MD5,
3208
3209 /**
3210 * Force use of SHA-256.
3211 */
3212 MHD_DIGEST_ALG_SHA256
3213
3214};
3215
3216
3217/**
3218 * Authenticates the authorization header sent by the client.
3196 * 3219 *
3197 * @param connection The MHD connection structure 3220 * @param connection The MHD connection structure
3198 * @param realm The realm presented to the client 3221 * @param realm The realm presented to the client
@@ -3200,11 +3223,39 @@ MHD_free (void *ptr);
3200 * @param password The password used in the authentication 3223 * @param password The password used in the authentication
3201 * @param nonce_timeout The amount of time for a nonce to be 3224 * @param nonce_timeout The amount of time for a nonce to be
3202 * invalid in seconds 3225 * invalid in seconds
3226 * @param algo digest algorithms allowed for verification
3203 * @return #MHD_YES if authenticated, #MHD_NO if not, 3227 * @return #MHD_YES if authenticated, #MHD_NO if not,
3204 * #MHD_INVALID_NONCE if nonce is invalid 3228 * #MHD_INVALID_NONCE if nonce is invalid
3205 * @ingroup authentication 3229 * @ingroup authentication
3206 */ 3230 */
3207_MHD_EXTERN int 3231_MHD_EXTERN int
3232MHD_digest_auth_check2 (struct MHD_Connection *connection,
3233 const char *realm,
3234 const char *username,
3235 const char *password,
3236 unsigned int nonce_timeout,
3237 enum MHD_DigestAuthAlgorithm algo);
3238
3239
3240/**
3241 * Authenticates the authorization header sent by the client.
3242 * Uses #MHD_DIGEST_ALG_MD5 (for now, for backwards-compatibility).
3243 * Note that this MAY change to #MHD_DIGEST_ALG_AUTO in the future.
3244 * If you want to be sure you get MD5, use #MHD_digest_auth_check2()
3245 * and specifiy MD5 explicitly.
3246 *
3247 * @param connection The MHD connection structure
3248 * @param realm The realm presented to the client
3249 * @param username The username needs to be authenticated
3250 * @param password The password used in the authentication
3251 * @param nonce_timeout The amount of time for a nonce to be
3252 * invalid in seconds
3253 * @return #MHD_YES if authenticated, #MHD_NO if not,
3254 * #MHD_INVALID_NONCE if nonce is invalid
3255 * @ingroup authentication
3256 * @deprecated use MHD_digest_auth_check2()
3257 */
3258_MHD_EXTERN int
3208MHD_digest_auth_check (struct MHD_Connection *connection, 3259MHD_digest_auth_check (struct MHD_Connection *connection,
3209 const char *realm, 3260 const char *realm,
3210 const char *username, 3261 const char *username,
@@ -3213,21 +3264,51 @@ MHD_digest_auth_check (struct MHD_Connection *connection,
3213 3264
3214 3265
3215/** 3266/**
3216 * Authenticates the authorization header sent by the client 3267 * Authenticates the authorization header sent by the client.
3217 * 3268 *
3218 * @param connection The MHD connection structure 3269 * @param connection The MHD connection structure
3219 * @param realm The realm presented to the client 3270 * @param realm The realm presented to the client
3220 * @param username The username needs to be authenticated 3271 * @param username The username needs to be authenticated
3221 * @param digest An `unsigned char *' pointer to the binary MD5 sum 3272 * @param digest An `unsigned char *' pointer to the binary MD5 sum
3222 * for the precalculated hash value "username:realm:password" 3273 * for the precalculated hash value "username:realm:password"
3223 * of #MHD_MD5_DIGEST_SIZE bytes 3274 * of @a digest_size bytes
3275 * @param digest_size number of bytes in @a digest (size must match @a algo!)
3224 * @param nonce_timeout The amount of time for a nonce to be 3276 * @param nonce_timeout The amount of time for a nonce to be
3225 * invalid in seconds 3277 * invalid in seconds
3278 * @param algo digest algorithms allowed for verification
3226 * @return #MHD_YES if authenticated, #MHD_NO if not, 3279 * @return #MHD_YES if authenticated, #MHD_NO if not,
3227 * #MHD_INVALID_NONCE if nonce is invalid 3280 * #MHD_INVALID_NONCE if nonce is invalid
3228 * @ingroup authentication 3281 * @ingroup authentication
3229 */ 3282 */
3230_MHD_EXTERN int 3283_MHD_EXTERN int
3284MHD_digest_auth_check_digest2 (struct MHD_Connection *connection,
3285 const char *realm,
3286 const char *username,
3287 const uint8_t *digest,
3288 size_t digest_size,
3289 unsigned int nonce_timeout,
3290 enum MHD_DigestAuthAlgorithm algo);
3291
3292
3293/**
3294 * Authenticates the authorization header sent by the client
3295 * Uses #MHD_DIGEST_ALG_MD5 (required, as @a digest is of fixed
3296 * size).
3297 *
3298 * @param connection The MHD connection structure
3299 * @param realm The realm presented to the client
3300 * @param username The username needs to be authenticated
3301 * @param digest An `unsigned char *' pointer to the binary hash
3302 * for the precalculated hash value "username:realm:password";
3303 * length must be #MHD_MD5_DIGEST_SIZE bytes
3304 * @param nonce_timeout The amount of time for a nonce to be
3305 * invalid in seconds
3306 * @return #MHD_YES if authenticated, #MHD_NO if not,
3307 * #MHD_INVALID_NONCE if nonce is invalid
3308 * @ingroup authentication
3309 * @deprecated use #MHD_digest_auth_check_digest2()
3310 */
3311_MHD_EXTERN int
3231MHD_digest_auth_check_digest (struct MHD_Connection *connection, 3312MHD_digest_auth_check_digest (struct MHD_Connection *connection,
3232 const char *realm, 3313 const char *realm,
3233 const char *username, 3314 const char *username,
@@ -3239,6 +3320,32 @@ MHD_digest_auth_check_digest (struct MHD_Connection *connection,
3239 * Queues a response to request authentication from the client 3320 * Queues a response to request authentication from the client
3240 * 3321 *
3241 * @param connection The MHD connection structure 3322 * @param connection The MHD connection structure
3323 * @param realm the realm presented to the client
3324 * @param opaque string to user for opaque value
3325 * @param response reply to send; should contain the "access denied"
3326 * body; note that this function will set the "WWW Authenticate"
3327 * header and that the caller should not do this
3328 * @param signal_stale #MHD_YES if the nonce is invalid to add
3329 * 'stale=true' to the authentication header
3330 * @param algo digest algorithm to use
3331 * @return #MHD_YES on success, #MHD_NO otherwise
3332 * @ingroup authentication
3333 */
3334int
3335MHD_queue_auth_fail_response2 (struct MHD_Connection *connection,
3336 const char *realm,
3337 const char *opaque,
3338 struct MHD_Response *response,
3339 int signal_stale,
3340 enum MHD_DigestAuthAlgorithm algo);
3341
3342
3343/**
3344 * Queues a response to request authentication from the client
3345 * For now uses MD5 (for backwards-compatibility). Still, if you
3346 * need to be sure, use #MHD_queue_fail_auth_response2().
3347 *
3348 * @param connection The MHD connection structure
3242 * @param realm The realm presented to the client 3349 * @param realm The realm presented to the client
3243 * @param opaque string to user for opaque value 3350 * @param opaque string to user for opaque value
3244 * @param response reply to send; should contain the "access denied" 3351 * @param response reply to send; should contain the "access denied"
@@ -3248,6 +3355,7 @@ MHD_digest_auth_check_digest (struct MHD_Connection *connection,
3248 * 'stale=true' to the authentication header 3355 * 'stale=true' to the authentication header
3249 * @return #MHD_YES on success, #MHD_NO otherwise 3356 * @return #MHD_YES on success, #MHD_NO otherwise
3250 * @ingroup authentication 3357 * @ingroup authentication
3358 * @deprecated use MHD_queue_auth_fail_response2()
3251 */ 3359 */
3252_MHD_EXTERN int 3360_MHD_EXTERN int
3253MHD_queue_auth_fail_response (struct MHD_Connection *connection, 3361MHD_queue_auth_fail_response (struct MHD_Connection *connection,