aboutsummaryrefslogtreecommitdiff
path: root/src/include/microhttpd.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/include/microhttpd.h')
-rw-r--r--src/include/microhttpd.h171
1 files changed, 142 insertions, 29 deletions
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index 9cf44ccb..aceed304 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -96,7 +96,7 @@ extern "C"
96 * they are parsed as decimal numbers. 96 * they are parsed as decimal numbers.
97 * Example: 0x01093001 = 1.9.30-1. 97 * Example: 0x01093001 = 1.9.30-1.
98 */ 98 */
99#define MHD_VERSION 0x00097525 99#define MHD_VERSION 0x00097526
100 100
101/* If generic headers don't work on your platform, include headers 101/* If generic headers don't work on your platform, include headers
102 which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t', 102 which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t',
@@ -330,12 +330,6 @@ _MHD_DEPR_MACRO ( \
330 330
331 331
332/** 332/**
333 * Length of the binary output of the MD5 hash function.
334 */
335#define MHD_MD5_DIGEST_SIZE 16
336
337
338/**
339 * @defgroup httpcode HTTP response codes. 333 * @defgroup httpcode HTTP response codes.
340 * These are the status codes defined for HTTP responses. 334 * These are the status codes defined for HTTP responses.
341 * See: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml 335 * See: https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml
@@ -4328,6 +4322,22 @@ MHD_destroy_post_processor (struct MHD_PostProcessor *pp);
4328 4322
4329 4323
4330/** 4324/**
4325 * Length of the binary output of the MD5 hash function.
4326 * @sa #MHD_digest_get_hash_size()
4327 * @ingroup authentication
4328 */
4329#define MHD_MD5_DIGEST_SIZE 16
4330
4331
4332/**
4333 * Length of the binary output of the SHA-256 hash function.
4334 * @sa #MHD_digest_get_hash_size()
4335 * @ingroup authentication
4336 */
4337#define MHD_SHA256_DIGEST_SIZE 32
4338
4339
4340/**
4331 * Constant to indicate that the nonce of the provided 4341 * Constant to indicate that the nonce of the provided
4332 * authentication code was wrong. 4342 * authentication code was wrong.
4333 * @ingroup authentication 4343 * @ingroup authentication
@@ -4707,7 +4717,7 @@ struct MHD_DigestAuthInfo
4707 * long. 4717 * long.
4708 * @warning This is binary data, no zero termination. 4718 * @warning This is binary data, no zero termination.
4709 * @warning To avoid buffer overruns, always check the size of the data before 4719 * @warning To avoid buffer overruns, always check the size of the data before
4710 * use, because @ userhash_bin can point even to zero-sized 4720 * use, because @a userhash_bin can point even to zero-sized
4711 * data. 4721 * data.
4712 */ 4722 */
4713 uint8_t *userhash_bin; 4723 uint8_t *userhash_bin;
@@ -4753,9 +4763,9 @@ struct MHD_DigestAuthInfo
4753 4763
4754 /** 4764 /**
4755 * The nc parameter value. 4765 * The nc parameter value.
4756 * Can be used by application to limit the number of nonce re-uses. If @ nc 4766 * Can be used by application to limit the number of nonce re-uses. If @a nc
4757 * is higher than application wants to allow, then fail response with 4767 * is higher than application wants to allow, then auth required response with
4758 * 'stale=true' could be used to ask force client to get the fresh 'nonce'. 4768 * 'stale=true' could be used to force client to get the fresh 'nonce'.
4759 * If not specified by client or does not have hexadecimal digits only, the 4769 * If not specified by client or does not have hexadecimal digits only, the
4760 * value is #MHD_DIGEST_AUTH_INVALID_NC_VALUE. 4770 * value is #MHD_DIGEST_AUTH_INVALID_NC_VALUE.
4761 */ 4771 */
@@ -4819,12 +4829,29 @@ struct MHD_DigestAuthUsernameInfo
4819 * long. 4829 * long.
4820 * @warning This is binary data, no zero termination. 4830 * @warning This is binary data, no zero termination.
4821 * @warning To avoid buffer overruns, always check the size of the data before 4831 * @warning To avoid buffer overruns, always check the size of the data before
4822 * use, because @ userhash_bin can point even to zero-sized 4832 * use, because @a userhash_bin can point even to zero-sized
4823 * data. 4833 * data.
4824 */ 4834 */
4825 uint8_t *userhash_bin; 4835 uint8_t *userhash_bin;
4826}; 4836};
4827 4837
4838
4839/**
4840 * Get digest size for specified algorithm.
4841 *
4842 * The size of the digest specifies the size of the userhash, userdigest
4843 * and other parameters which size depends on used hash algorithm.
4844 * @param algo3 the algorithm to check
4845 * @return the size of the digest (either #MHD_MD5_DIGEST_SIZE or
4846 * #MHD_SHA256_DIGEST_SIZE) or zero if the input value is not
4847 * recognised/valid
4848 * @note Available since #MHD_VERSION 0x00097526
4849 * @ingroup authentication
4850 */
4851_MHD_EXTERN size_t
4852MHD_digest_get_hash_size (enum MHD_DigestAuthAlgo3 algo3);
4853
4854
4828/** 4855/**
4829 * Get the username from Digest Authorization client's header. 4856 * Get the username from Digest Authorization client's header.
4830 * 4857 *
@@ -4868,7 +4895,7 @@ enum MHD_DigestAuthAlgorithm
4868{ 4895{
4869 4896
4870 /** 4897 /**
4871 * MHD should pick (currently defaults to SHA-256). 4898 * MHD should pick (currently defaults to MD5).
4872 */ 4899 */
4873 MHD_DIGEST_ALG_AUTO = 0, 4900 MHD_DIGEST_ALG_AUTO = 0,
4874 4901
@@ -4969,10 +4996,17 @@ enum MHD_DigestAuthResult
4969 * @param username the username needs to be authenticated 4996 * @param username the username needs to be authenticated
4970 * @param password the password used in the authentication 4997 * @param password the password used in the authentication
4971 * @param nonce_timeout the nonce validity duration in seconds 4998 * @param nonce_timeout the nonce validity duration in seconds
4972 * @param algo the digest algorithms allowed for verification 4999 * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc
5000 * exceeds the specified value then MHD_DAUTH_NONCE_STALE is
5001 * returned;
5002 * zero for no limit
5003 * @param mqop the QOP to use, currently the only allowed value is
5004 * #MHD_DIGEST_AUTH_MULT_QOP_AUTH
5005 * @param malgo3 digest algorithm to use, if several algorithms are specified
5006 * then MD5 is used (if allowed)
4973 * @return #MHD_DAUTH_OK if authenticated, 5007 * @return #MHD_DAUTH_OK if authenticated,
4974 * the error code otherwise 5008 * the error code otherwise
4975 * @note Available since #MHD_VERSION 0x00097521 5009 * @note Available since #MHD_VERSION 0x00097526
4976 * @ingroup authentication 5010 * @ingroup authentication
4977 */ 5011 */
4978_MHD_EXTERN enum MHD_DigestAuthResult 5012_MHD_EXTERN enum MHD_DigestAuthResult
@@ -4981,34 +5015,49 @@ MHD_digest_auth_check3 (struct MHD_Connection *connection,
4981 const char *username, 5015 const char *username,
4982 const char *password, 5016 const char *password,
4983 unsigned int nonce_timeout, 5017 unsigned int nonce_timeout,
4984 enum MHD_DigestAuthAlgorithm algo); 5018 uint32_t max_nc,
5019 enum MHD_DigestAuthMultiQOP mqop,
5020 enum MHD_DigestAuthMultiAlgo3 malgo3);
4985 5021
4986 5022
4987/** 5023/**
4988 * Authenticates the authorization header sent by the client. 5024 * Authenticates the authorization header sent by the client by using
5025 * hash of "username:realm:password".
4989 * 5026 *
4990 * @param connection the MHD connection structure 5027 * @param connection the MHD connection structure
4991 * @param realm the realm to be used for authorization of the client 5028 * @param realm the realm presented to the client
4992 * @param username the username needs to be authenticated 5029 * @param username the username needs to be authenticated
4993 * @param digest the pointer to the binary digest for the precalculated hash 5030 * @param userdigest the precalculated binary hash of the string
4994 * value "username:realm:password" with specified @a algo 5031 * "username:realm:password"
4995 * @param digest_size the number of bytes in @a digest (the size must match 5032 * @param userdigest_size the size of the @a userdigest in bytes, must match the
4996 * @a algo!) 5033 * hashing algorithm (see #MHD_MD5_DIGEST_SIZE,
4997 * @param nonce_timeout the nonce validity duration in seconds 5034 * #MHD_SHA256_DIGEST_SIZE)
4998 * @param algo digest algorithms allowed for verification 5035 * @param nonce_timeout the period of seconds since nonce generation, when
5036 * the nonce is recognised as valid and not stale.
5037 * @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc
5038 * exceeds the specified value then MHD_DAUTH_NONCE_STALE is
5039 * returned;
5040 * zero for no limit
5041 * @param mqop the QOP to use, currently the only allowed value is
5042 * #MHD_DIGEST_AUTH_MULT_QOP_AUTH
5043 * @param malgo3 the digest algorithms to use; both MD5-based and SHA-256-based
5044 * algorithms cannot be used at the same time for this function
5045 * as @a userdigest_size must match specified algorithm
4999 * @return #MHD_DAUTH_OK if authenticated, 5046 * @return #MHD_DAUTH_OK if authenticated,
5000 * the error code otherwise 5047 * the error code otherwise
5001 * @note Available since #MHD_VERSION 0x00097521 5048 * @note Available since #MHD_VERSION 0x00097526
5002 * @ingroup authentication 5049 * @ingroup authentication
5003 */ 5050 */
5004_MHD_EXTERN enum MHD_DigestAuthResult 5051_MHD_EXTERN enum MHD_DigestAuthResult
5005MHD_digest_auth_check_digest3 (struct MHD_Connection *connection, 5052MHD_digest_auth_check_digest3 (struct MHD_Connection *connection,
5006 const char *realm, 5053 const char *realm,
5007 const char *username, 5054 const char *username,
5008 const uint8_t *digest, 5055 const void *userdigest,
5009 size_t digest_size, 5056 size_t userdigest_size,
5010 unsigned int nonce_timeout, 5057 unsigned int nonce_timeout,
5011 enum MHD_DigestAuthAlgorithm algo); 5058 uint32_t max_nc,
5059 enum MHD_DigestAuthMultiQOP mqop,
5060 enum MHD_DigestAuthMultiAlgo3 malgo3);
5012 5061
5013 5062
5014/** 5063/**
@@ -5121,6 +5170,66 @@ MHD_digest_auth_check_digest (struct MHD_Connection *connection,
5121/** 5170/**
5122 * Queues a response to request authentication from the client 5171 * Queues a response to request authentication from the client
5123 * 5172 *
5173 * This function modifies provided @a response. The @a response must not be
5174 * reused and should be destroyed (by #MHD_destroy_response()) after call of
5175 * this function.
5176 *
5177 * @param connection the MHD connection structure
5178 * @param realm the realm presented to the client
5179 * @param opaque the string for opaque value, can be NULL, but NULL is
5180 * not recommended for better compatibility with clients
5181 * @param domain the optional space-separated list of URIs for which the
5182 * same authorisation could be used, URIs can be in form
5183 * "path-absolute" (the path for the same host with initial slash)
5184 * or in form "absolute-URI" (the full path with protocol), in
5185 * any case client may assume that any URI which starts with
5186 * any of specified URI is in the same "protection space";
5187 * could be NULL (clients typically assume that the same
5188 * credentials could be used for any URI on the same host)
5189 * @param response the reply to send; should contain the "access denied"
5190 * body; note that this function sets the "WWW Authenticate"
5191 * header and that the caller should not do this;
5192 * the NULL is tolerated
5193 * @param signal_stale set to #MHD_YES if the nonce is stale to add 'stale=true'
5194 * to the authentication header, this instructs the client
5195 * to retry immediately with the new nonce and the same
5196 * credentials, without asking user for the new password
5197 * @param mqop the QOP to use, currently the only allowed value is
5198 * #MHD_DIGEST_AUTH_MULT_QOP_AUTH
5199 * @param malgo3 digest algorithm to use, if several algorithms are specified
5200 * then MD5 is used (if allowed)
5201 * @param userhash_support if set to non-zero value (#MHD_YES) then support of
5202 * userhash is indicated, the client may provide
5203 * hash("username:realm") instead of username in
5204 * clear text; note that client is allowed to provide
5205 * the username in cleartext even if this parameter set
5206 * to non-zero
5207 * @param prefer_utf8 if not set to #MHD_NO, parameter 'charset=UTF-8' is
5208 * added, indicating for the client that UTF-8 encoding
5209 * is preferred
5210 * @return #MHD_YES on success, #MHD_NO otherwise
5211 * @note Available since #MHD_VERSION 0x00097526
5212 * @ingroup authentication
5213 */
5214_MHD_EXTERN enum MHD_Result
5215MHD_queue_auth_required_response3 (struct MHD_Connection *connection,
5216 const char *realm,
5217 const char *opaque,
5218 const char *domain,
5219 struct MHD_Response *response,
5220 int signal_stale,
5221 enum MHD_DigestAuthMultiQOP qop,
5222 enum MHD_DigestAuthMultiAlgo3 algo,
5223 int userhash_support,
5224 int prefer_utf8);
5225
5226
5227/**
5228 * Queues a response to request authentication from the client
5229 *
5230 * This function modifies provided @a response. The @a response must not be
5231 * reused and should be destroyed after call of this function.
5232 *
5124 * @param connection The MHD connection structure 5233 * @param connection The MHD connection structure
5125 * @param realm the realm presented to the client 5234 * @param realm the realm presented to the client
5126 * @param opaque string to user for opaque value 5235 * @param opaque string to user for opaque value
@@ -5132,6 +5241,7 @@ MHD_digest_auth_check_digest (struct MHD_Connection *connection,
5132 * @param algo digest algorithm to use 5241 * @param algo digest algorithm to use
5133 * @return #MHD_YES on success, #MHD_NO otherwise 5242 * @return #MHD_YES on success, #MHD_NO otherwise
5134 * @note Available since #MHD_VERSION 0x00096200 5243 * @note Available since #MHD_VERSION 0x00096200
5244 * @deprecated use MHD_queue_auth_required_response3()
5135 * @ingroup authentication 5245 * @ingroup authentication
5136 */ 5246 */
5137_MHD_EXTERN enum MHD_Result 5247_MHD_EXTERN enum MHD_Result
@@ -5148,6 +5258,9 @@ MHD_queue_auth_fail_response2 (struct MHD_Connection *connection,
5148 * For now uses MD5 (for backwards-compatibility). Still, if you 5258 * For now uses MD5 (for backwards-compatibility). Still, if you
5149 * need to be sure, use #MHD_queue_auth_fail_response2(). 5259 * need to be sure, use #MHD_queue_auth_fail_response2().
5150 * 5260 *
5261 * This function modifies provided @a response. The @a response must not be
5262 * reused and should be destroyed after call of this function.
5263 *
5151 * @param connection The MHD connection structure 5264 * @param connection The MHD connection structure
5152 * @param realm the realm presented to the client 5265 * @param realm the realm presented to the client
5153 * @param opaque string to user for opaque value 5266 * @param opaque string to user for opaque value
@@ -5157,8 +5270,8 @@ MHD_queue_auth_fail_response2 (struct MHD_Connection *connection,
5157 * @param signal_stale #MHD_YES if the nonce is stale to add 5270 * @param signal_stale #MHD_YES if the nonce is stale to add
5158 * 'stale=true' to the authentication header 5271 * 'stale=true' to the authentication header
5159 * @return #MHD_YES on success, #MHD_NO otherwise 5272 * @return #MHD_YES on success, #MHD_NO otherwise
5273 * @deprecated use MHD_queue_auth_required_response3()
5160 * @ingroup authentication 5274 * @ingroup authentication
5161 * @deprecated use MHD_queue_auth_fail_response2()
5162 */ 5275 */
5163_MHD_EXTERN enum MHD_Result 5276_MHD_EXTERN enum MHD_Result
5164MHD_queue_auth_fail_response (struct MHD_Connection *connection, 5277MHD_queue_auth_fail_response (struct MHD_Connection *connection,