diff options
Diffstat (limited to 'src/include/microhttpd.h')
-rw-r--r-- | src/include/microhttpd.h | 171 |
1 files changed, 142 insertions, 29 deletions
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h index 9cf44ccb..aceed304 100644 --- a/src/include/microhttpd.h +++ b/src/include/microhttpd.h | |||
@@ -96,7 +96,7 @@ extern "C" | |||
96 | * they are parsed as decimal numbers. | 96 | * they are parsed as decimal numbers. |
97 | * Example: 0x01093001 = 1.9.30-1. | 97 | * Example: 0x01093001 = 1.9.30-1. |
98 | */ | 98 | */ |
99 | #define MHD_VERSION 0x00097525 | 99 | #define MHD_VERSION 0x00097526 |
100 | 100 | ||
101 | /* If generic headers don't work on your platform, include headers | 101 | /* If generic headers don't work on your platform, include headers |
102 | which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t', | 102 | which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t', |
@@ -330,12 +330,6 @@ _MHD_DEPR_MACRO ( \ | |||
330 | 330 | ||
331 | 331 | ||
332 | /** | 332 | /** |
333 | * Length of the binary output of the MD5 hash function. | ||
334 | */ | ||
335 | #define MHD_MD5_DIGEST_SIZE 16 | ||
336 | |||
337 | |||
338 | /** | ||
339 | * @defgroup httpcode HTTP response codes. | 333 | * @defgroup httpcode HTTP response codes. |
340 | * These are the status codes defined for HTTP responses. | 334 | * These are the status codes defined for HTTP responses. |
341 | * See: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml | 335 | * See: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml |
@@ -4328,6 +4322,22 @@ MHD_destroy_post_processor (struct MHD_PostProcessor *pp); | |||
4328 | 4322 | ||
4329 | 4323 | ||
4330 | /** | 4324 | /** |
4325 | * Length of the binary output of the MD5 hash function. | ||
4326 | * @sa #MHD_digest_get_hash_size() | ||
4327 | * @ingroup authentication | ||
4328 | */ | ||
4329 | #define MHD_MD5_DIGEST_SIZE 16 | ||
4330 | |||
4331 | |||
4332 | /** | ||
4333 | * Length of the binary output of the SHA-256 hash function. | ||
4334 | * @sa #MHD_digest_get_hash_size() | ||
4335 | * @ingroup authentication | ||
4336 | */ | ||
4337 | #define MHD_SHA256_DIGEST_SIZE 32 | ||
4338 | |||
4339 | |||
4340 | /** | ||
4331 | * Constant to indicate that the nonce of the provided | 4341 | * Constant to indicate that the nonce of the provided |
4332 | * authentication code was wrong. | 4342 | * authentication code was wrong. |
4333 | * @ingroup authentication | 4343 | * @ingroup authentication |
@@ -4707,7 +4717,7 @@ struct MHD_DigestAuthInfo | |||
4707 | * long. | 4717 | * long. |
4708 | * @warning This is binary data, no zero termination. | 4718 | * @warning This is binary data, no zero termination. |
4709 | * @warning To avoid buffer overruns, always check the size of the data before | 4719 | * @warning To avoid buffer overruns, always check the size of the data before |
4710 | * use, because @ userhash_bin can point even to zero-sized | 4720 | * use, because @a userhash_bin can point even to zero-sized |
4711 | * data. | 4721 | * data. |
4712 | */ | 4722 | */ |
4713 | uint8_t *userhash_bin; | 4723 | uint8_t *userhash_bin; |
@@ -4753,9 +4763,9 @@ struct MHD_DigestAuthInfo | |||
4753 | 4763 | ||
4754 | /** | 4764 | /** |
4755 | * The nc parameter value. | 4765 | * The nc parameter value. |
4756 | * Can be used by application to limit the number of nonce re-uses. If @ nc | 4766 | * Can be used by application to limit the number of nonce re-uses. If @a nc |
4757 | * is higher than application wants to allow, then fail response with | 4767 | * is higher than application wants to allow, then auth required response with |
4758 | * 'stale=true' could be used to ask force client to get the fresh 'nonce'. | 4768 | * 'stale=true' could be used to force client to get the fresh 'nonce'. |
4759 | * If not specified by client or does not have hexadecimal digits only, the | 4769 | * If not specified by client or does not have hexadecimal digits only, the |
4760 | * value is #MHD_DIGEST_AUTH_INVALID_NC_VALUE. | 4770 | * value is #MHD_DIGEST_AUTH_INVALID_NC_VALUE. |
4761 | */ | 4771 | */ |
@@ -4819,12 +4829,29 @@ struct MHD_DigestAuthUsernameInfo | |||
4819 | * long. | 4829 | * long. |
4820 | * @warning This is binary data, no zero termination. | 4830 | * @warning This is binary data, no zero termination. |
4821 | * @warning To avoid buffer overruns, always check the size of the data before | 4831 | * @warning To avoid buffer overruns, always check the size of the data before |
4822 | * use, because @ userhash_bin can point even to zero-sized | 4832 | * use, because @a userhash_bin can point even to zero-sized |
4823 | * data. | 4833 | * data. |
4824 | */ | 4834 | */ |
4825 | uint8_t *userhash_bin; | 4835 | uint8_t *userhash_bin; |
4826 | }; | 4836 | }; |
4827 | 4837 | ||
4838 | |||
4839 | /** | ||
4840 | * Get digest size for specified algorithm. | ||
4841 | * | ||
4842 | * The size of the digest specifies the size of the userhash, userdigest | ||
4843 | * and other parameters which size depends on used hash algorithm. | ||
4844 | * @param algo3 the algorithm to check | ||
4845 | * @return the size of the digest (either #MHD_MD5_DIGEST_SIZE or | ||
4846 | * #MHD_SHA256_DIGEST_SIZE) or zero if the input value is not | ||
4847 | * recognised/valid | ||
4848 | * @note Available since #MHD_VERSION 0x00097526 | ||
4849 | * @ingroup authentication | ||
4850 | */ | ||
4851 | _MHD_EXTERN size_t | ||
4852 | MHD_digest_get_hash_size (enum MHD_DigestAuthAlgo3 algo3); | ||
4853 | |||
4854 | |||
4828 | /** | 4855 | /** |
4829 | * Get the username from Digest Authorization client's header. | 4856 | * Get the username from Digest Authorization client's header. |
4830 | * | 4857 | * |
@@ -4868,7 +4895,7 @@ enum MHD_DigestAuthAlgorithm | |||
4868 | { | 4895 | { |
4869 | 4896 | ||
4870 | /** | 4897 | /** |
4871 | * MHD should pick (currently defaults to SHA-256). | 4898 | * MHD should pick (currently defaults to MD5). |
4872 | */ | 4899 | */ |
4873 | MHD_DIGEST_ALG_AUTO = 0, | 4900 | MHD_DIGEST_ALG_AUTO = 0, |
4874 | 4901 | ||
@@ -4969,10 +4996,17 @@ enum MHD_DigestAuthResult | |||
4969 | * @param username the username needs to be authenticated | 4996 | * @param username the username needs to be authenticated |
4970 | * @param password the password used in the authentication | 4997 | * @param password the password used in the authentication |
4971 | * @param nonce_timeout the nonce validity duration in seconds | 4998 | * @param nonce_timeout the nonce validity duration in seconds |
4972 | * @param algo the digest algorithms allowed for verification | 4999 | * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc |
5000 | * exceeds the specified value then MHD_DAUTH_NONCE_STALE is | ||
5001 | * returned; | ||
5002 | * zero for no limit | ||
5003 | * @param mqop the QOP to use, currently the only allowed value is | ||
5004 | * #MHD_DIGEST_AUTH_MULT_QOP_AUTH | ||
5005 | * @param malgo3 digest algorithm to use, if several algorithms are specified | ||
5006 | * then MD5 is used (if allowed) | ||
4973 | * @return #MHD_DAUTH_OK if authenticated, | 5007 | * @return #MHD_DAUTH_OK if authenticated, |
4974 | * the error code otherwise | 5008 | * the error code otherwise |
4975 | * @note Available since #MHD_VERSION 0x00097521 | 5009 | * @note Available since #MHD_VERSION 0x00097526 |
4976 | * @ingroup authentication | 5010 | * @ingroup authentication |
4977 | */ | 5011 | */ |
4978 | _MHD_EXTERN enum MHD_DigestAuthResult | 5012 | _MHD_EXTERN enum MHD_DigestAuthResult |
@@ -4981,34 +5015,49 @@ MHD_digest_auth_check3 (struct MHD_Connection *connection, | |||
4981 | const char *username, | 5015 | const char *username, |
4982 | const char *password, | 5016 | const char *password, |
4983 | unsigned int nonce_timeout, | 5017 | unsigned int nonce_timeout, |
4984 | enum MHD_DigestAuthAlgorithm algo); | 5018 | uint32_t max_nc, |
5019 | enum MHD_DigestAuthMultiQOP mqop, | ||
5020 | enum MHD_DigestAuthMultiAlgo3 malgo3); | ||
4985 | 5021 | ||
4986 | 5022 | ||
4987 | /** | 5023 | /** |
4988 | * Authenticates the authorization header sent by the client. | 5024 | * Authenticates the authorization header sent by the client by using |
5025 | * hash of "username:realm:password". | ||
4989 | * | 5026 | * |
4990 | * @param connection the MHD connection structure | 5027 | * @param connection the MHD connection structure |
4991 | * @param realm the realm to be used for authorization of the client | 5028 | * @param realm the realm presented to the client |
4992 | * @param username the username needs to be authenticated | 5029 | * @param username the username needs to be authenticated |
4993 | * @param digest the pointer to the binary digest for the precalculated hash | 5030 | * @param userdigest the precalculated binary hash of the string |
4994 | * value "username:realm:password" with specified @a algo | 5031 | * "username:realm:password" |
4995 | * @param digest_size the number of bytes in @a digest (the size must match | 5032 | * @param userdigest_size the size of the @a userdigest in bytes, must match the |
4996 | * @a algo!) | 5033 | * hashing algorithm (see #MHD_MD5_DIGEST_SIZE, |
4997 | * @param nonce_timeout the nonce validity duration in seconds | 5034 | * #MHD_SHA256_DIGEST_SIZE) |
4998 | * @param algo digest algorithms allowed for verification | 5035 | * @param nonce_timeout the period of seconds since nonce generation, when |
5036 | * the nonce is recognised as valid and not stale. | ||
5037 | * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc | ||
5038 | * exceeds the specified value then MHD_DAUTH_NONCE_STALE is | ||
5039 | * returned; | ||
5040 | * zero for no limit | ||
5041 | * @param mqop the QOP to use, currently the only allowed value is | ||
5042 | * #MHD_DIGEST_AUTH_MULT_QOP_AUTH | ||
5043 | * @param malgo3 the digest algorithms to use; both MD5-based and SHA-256-based | ||
5044 | * algorithms cannot be used at the same time for this function | ||
5045 | * as @a userdigest_size must match specified algorithm | ||
4999 | * @return #MHD_DAUTH_OK if authenticated, | 5046 | * @return #MHD_DAUTH_OK if authenticated, |
5000 | * the error code otherwise | 5047 | * the error code otherwise |
5001 | * @note Available since #MHD_VERSION 0x00097521 | 5048 | * @note Available since #MHD_VERSION 0x00097526 |
5002 | * @ingroup authentication | 5049 | * @ingroup authentication |
5003 | */ | 5050 | */ |
5004 | _MHD_EXTERN enum MHD_DigestAuthResult | 5051 | _MHD_EXTERN enum MHD_DigestAuthResult |
5005 | MHD_digest_auth_check_digest3 (struct MHD_Connection *connection, | 5052 | MHD_digest_auth_check_digest3 (struct MHD_Connection *connection, |
5006 | const char *realm, | 5053 | const char *realm, |
5007 | const char *username, | 5054 | const char *username, |
5008 | const uint8_t *digest, | 5055 | const void *userdigest, |
5009 | size_t digest_size, | 5056 | size_t userdigest_size, |
5010 | unsigned int nonce_timeout, | 5057 | unsigned int nonce_timeout, |
5011 | enum MHD_DigestAuthAlgorithm algo); | 5058 | uint32_t max_nc, |
5059 | enum MHD_DigestAuthMultiQOP mqop, | ||
5060 | enum MHD_DigestAuthMultiAlgo3 malgo3); | ||
5012 | 5061 | ||
5013 | 5062 | ||
5014 | /** | 5063 | /** |
@@ -5121,6 +5170,66 @@ MHD_digest_auth_check_digest (struct MHD_Connection *connection, | |||
5121 | /** | 5170 | /** |
5122 | * Queues a response to request authentication from the client | 5171 | * Queues a response to request authentication from the client |
5123 | * | 5172 | * |
5173 | * This function modifies provided @a response. The @a response must not be | ||
5174 | * reused and should be destroyed (by #MHD_destroy_response()) after call of | ||
5175 | * this function. | ||
5176 | * | ||
5177 | * @param connection the MHD connection structure | ||
5178 | * @param realm the realm presented to the client | ||
5179 | * @param opaque the string for opaque value, can be NULL, but NULL is | ||
5180 | * not recommended for better compatibility with clients | ||
5181 | * @param domain the optional space-separated list of URIs for which the | ||
5182 | * same authorisation could be used, URIs can be in form | ||
5183 | * "path-absolute" (the path for the same host with initial slash) | ||
5184 | * or in form "absolute-URI" (the full path with protocol), in | ||
5185 | * any case client may assume that any URI which starts with | ||
5186 | * any of specified URI is in the same "protection space"; | ||
5187 | * could be NULL (clients typically assume that the same | ||
5188 | * credentials could be used for any URI on the same host) | ||
5189 | * @param response the reply to send; should contain the "access denied" | ||
5190 | * body; note that this function sets the "WWW Authenticate" | ||
5191 | * header and that the caller should not do this; | ||
5192 | * the NULL is tolerated | ||
5193 | * @param signal_stale set to #MHD_YES if the nonce is stale to add 'stale=true' | ||
5194 | * to the authentication header, this instructs the client | ||
5195 | * to retry immediately with the new nonce and the same | ||
5196 | * credentials, without asking user for the new password | ||
5197 | * @param mqop the QOP to use, currently the only allowed value is | ||
5198 | * #MHD_DIGEST_AUTH_MULT_QOP_AUTH | ||
5199 | * @param malgo3 digest algorithm to use, if several algorithms are specified | ||
5200 | * then MD5 is used (if allowed) | ||
5201 | * @param userhash_support if set to non-zero value (#MHD_YES) then support of | ||
5202 | * userhash is indicated, the client may provide | ||
5203 | * hash("username:realm") instead of username in | ||
5204 | * clear text; note that client is allowed to provide | ||
5205 | * the username in cleartext even if this parameter set | ||
5206 | * to non-zero | ||
5207 | * @param prefer_utf8 if not set to #MHD_NO, parameter 'charset=UTF-8' is | ||
5208 | * added, indicating for the client that UTF-8 encoding | ||
5209 | * is preferred | ||
5210 | * @return #MHD_YES on success, #MHD_NO otherwise | ||
5211 | * @note Available since #MHD_VERSION 0x00097526 | ||
5212 | * @ingroup authentication | ||
5213 | */ | ||
5214 | _MHD_EXTERN enum MHD_Result | ||
5215 | MHD_queue_auth_required_response3 (struct MHD_Connection *connection, | ||
5216 | const char *realm, | ||
5217 | const char *opaque, | ||
5218 | const char *domain, | ||
5219 | struct MHD_Response *response, | ||
5220 | int signal_stale, | ||
5221 | enum MHD_DigestAuthMultiQOP qop, | ||
5222 | enum MHD_DigestAuthMultiAlgo3 algo, | ||
5223 | int userhash_support, | ||
5224 | int prefer_utf8); | ||
5225 | |||
5226 | |||
5227 | /** | ||
5228 | * Queues a response to request authentication from the client | ||
5229 | * | ||
5230 | * This function modifies provided @a response. The @a response must not be | ||
5231 | * reused and should be destroyed after call of this function. | ||
5232 | * | ||
5124 | * @param connection The MHD connection structure | 5233 | * @param connection The MHD connection structure |
5125 | * @param realm the realm presented to the client | 5234 | * @param realm the realm presented to the client |
5126 | * @param opaque string to user for opaque value | 5235 | * @param opaque string to user for opaque value |
@@ -5132,6 +5241,7 @@ MHD_digest_auth_check_digest (struct MHD_Connection *connection, | |||
5132 | * @param algo digest algorithm to use | 5241 | * @param algo digest algorithm to use |
5133 | * @return #MHD_YES on success, #MHD_NO otherwise | 5242 | * @return #MHD_YES on success, #MHD_NO otherwise |
5134 | * @note Available since #MHD_VERSION 0x00096200 | 5243 | * @note Available since #MHD_VERSION 0x00096200 |
5244 | * @deprecated use MHD_queue_auth_required_response3() | ||
5135 | * @ingroup authentication | 5245 | * @ingroup authentication |
5136 | */ | 5246 | */ |
5137 | _MHD_EXTERN enum MHD_Result | 5247 | _MHD_EXTERN enum MHD_Result |
@@ -5148,6 +5258,9 @@ MHD_queue_auth_fail_response2 (struct MHD_Connection *connection, | |||
5148 | * For now uses MD5 (for backwards-compatibility). Still, if you | 5258 | * For now uses MD5 (for backwards-compatibility). Still, if you |
5149 | * need to be sure, use #MHD_queue_auth_fail_response2(). | 5259 | * need to be sure, use #MHD_queue_auth_fail_response2(). |
5150 | * | 5260 | * |
5261 | * This function modifies provided @a response. The @a response must not be | ||
5262 | * reused and should be destroyed after call of this function. | ||
5263 | * | ||
5151 | * @param connection The MHD connection structure | 5264 | * @param connection The MHD connection structure |
5152 | * @param realm the realm presented to the client | 5265 | * @param realm the realm presented to the client |
5153 | * @param opaque string to user for opaque value | 5266 | * @param opaque string to user for opaque value |
@@ -5157,8 +5270,8 @@ MHD_queue_auth_fail_response2 (struct MHD_Connection *connection, | |||
5157 | * @param signal_stale #MHD_YES if the nonce is stale to add | 5270 | * @param signal_stale #MHD_YES if the nonce is stale to add |
5158 | * 'stale=true' to the authentication header | 5271 | * 'stale=true' to the authentication header |
5159 | * @return #MHD_YES on success, #MHD_NO otherwise | 5272 | * @return #MHD_YES on success, #MHD_NO otherwise |
5273 | * @deprecated use MHD_queue_auth_required_response3() | ||
5160 | * @ingroup authentication | 5274 | * @ingroup authentication |
5161 | * @deprecated use MHD_queue_auth_fail_response2() | ||
5162 | */ | 5275 | */ |
5163 | _MHD_EXTERN enum MHD_Result | 5276 | _MHD_EXTERN enum MHD_Result |
5164 | MHD_queue_auth_fail_response (struct MHD_Connection *connection, | 5277 | MHD_queue_auth_fail_response (struct MHD_Connection *connection, |