aboutsummaryrefslogtreecommitdiff
path: root/src/microhttpd/digestauth.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/microhttpd/digestauth.c')
-rw-r--r--src/microhttpd/digestauth.c163
1 files changed, 5 insertions, 158 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index 569e8991..cc6cd0ac 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -134,37 +134,6 @@
134#define MAX_AUTH_RESPONSE_LENGTH (MAX_DIGEST * 2) 134#define MAX_AUTH_RESPONSE_LENGTH (MAX_DIGEST * 2)
135 135
136/** 136/**
137 * The token for MD5 algorithm.
138 */
139#define _MHD_MD5_TOKEN "MD5"
140
141/**
142 * The token for SHA-256 algorithm.
143 */
144#define _MHD_SHA256_TOKEN "SHA-256"
145
146/**
147 * The token for SHA-512/256 algorithm.
148 * Unsupported currently by MHD for authentication.
149 */
150#define _MHD_SHA512_256_TOKEN "SHA-512-256"
151
152/**
153 * The suffix token for "session" algorithms.
154 */
155#define _MHD_SESS_TOKEN "-sess"
156
157/**
158 * The "auth" token for QOP
159 */
160#define MHD_TOKEN_AUTH_ "auth"
161
162/**
163 * The "auth-int" token for QOP
164 */
165#define MHD_TOKEN_AUTH_INT_ "auth-int"
166
167/**
168 * The required prefix of parameter with the extended notation 137 * The required prefix of parameter with the extended notation
169 */ 138 */
170#define MHD_DAUTH_EXT_PARAM_PREFIX "UTF-8'" 139#define MHD_DAUTH_EXT_PARAM_PREFIX "UTF-8'"
@@ -729,89 +698,6 @@ get_rq_unames_size (const struct MHD_RqDAuth *params,
729 698
730 699
731/** 700/**
732 * Get client's Digest Authorization algorithm type.
733 * If no algorithm is specified by client, MD5 is assumed.
734 * @param params the Digest Authorization parameters
735 * @return the algorithm type
736 */
737static enum MHD_DigestAuthAlgo3
738get_rq_algo (const struct MHD_RqDAuth *params)
739{
740 const struct MHD_RqDAuthParam *const algo_param =
741 &params->algorithm;
742 if (NULL == algo_param->value.str)
743 return MHD_DIGEST_AUTH_ALGO3_MD5; /* Assume MD5 by default */
744
745 if (algo_param->quoted)
746 {
747 if (MHD_str_equal_caseless_quoted_s_bin_n (algo_param->value.str, \
748 algo_param->value.len, \
749 _MHD_MD5_TOKEN))
750 return MHD_DIGEST_AUTH_ALGO3_MD5;
751 if (MHD_str_equal_caseless_quoted_s_bin_n (algo_param->value.str, \
752 algo_param->value.len, \
753 _MHD_SHA256_TOKEN))
754 return MHD_DIGEST_AUTH_ALGO3_SHA256;
755 if (MHD_str_equal_caseless_quoted_s_bin_n (algo_param->value.str, \
756 algo_param->value.len, \
757 _MHD_MD5_TOKEN _MHD_SESS_TOKEN))
758 return MHD_DIGEST_AUTH_ALGO3_MD5_SESSION;
759 if (MHD_str_equal_caseless_quoted_s_bin_n (algo_param->value.str, \
760 algo_param->value.len, \
761 _MHD_SHA256_TOKEN \
762 _MHD_SESS_TOKEN))
763 return MHD_DIGEST_AUTH_ALGO3_SHA256_SESSION;
764
765 /* Algorithms below are not supported by MHD for authentication */
766
767 if (MHD_str_equal_caseless_quoted_s_bin_n (algo_param->value.str, \
768 algo_param->value.len, \
769 _MHD_SHA512_256_TOKEN))
770 return MHD_DIGEST_AUTH_ALGO3_SHA512_256;
771 if (MHD_str_equal_caseless_quoted_s_bin_n (algo_param->value.str, \
772 algo_param->value.len, \
773 _MHD_SHA512_256_TOKEN \
774 _MHD_SESS_TOKEN))
775 return MHD_DIGEST_AUTH_ALGO3_SHA512_256_SESSION;
776
777 /* No known algorithm has been detected */
778 return MHD_DIGEST_AUTH_ALGO3_INVALID;
779 }
780 /* The algorithm value is not quoted */
781 if (MHD_str_equal_caseless_s_bin_n_ (_MHD_MD5_TOKEN, \
782 algo_param->value.str, \
783 algo_param->value.len))
784 return MHD_DIGEST_AUTH_ALGO3_MD5;
785 if (MHD_str_equal_caseless_s_bin_n_ (_MHD_SHA256_TOKEN, \
786 algo_param->value.str, \
787 algo_param->value.len))
788 return MHD_DIGEST_AUTH_ALGO3_SHA256;
789 if (MHD_str_equal_caseless_s_bin_n_ (_MHD_MD5_TOKEN _MHD_SESS_TOKEN, \
790 algo_param->value.str, \
791 algo_param->value.len))
792 return MHD_DIGEST_AUTH_ALGO3_MD5_SESSION;
793 if (MHD_str_equal_caseless_s_bin_n_ (_MHD_SHA256_TOKEN _MHD_SESS_TOKEN, \
794 algo_param->value.str, \
795 algo_param->value.len))
796 return MHD_DIGEST_AUTH_ALGO3_SHA256_SESSION;
797
798 /* Algorithms below are not supported by MHD for authentication */
799
800 if (MHD_str_equal_caseless_s_bin_n_ (_MHD_SHA512_256_TOKEN, \
801 algo_param->value.str, \
802 algo_param->value.len))
803 return MHD_DIGEST_AUTH_ALGO3_SHA512_256;
804 if (MHD_str_equal_caseless_s_bin_n_ (_MHD_SHA512_256_TOKEN _MHD_SESS_TOKEN, \
805 algo_param->value.str, \
806 algo_param->value.len))
807 return MHD_DIGEST_AUTH_ALGO3_SHA512_256_SESSION;
808
809 /* No known algorithm has been detected */
810 return MHD_DIGEST_AUTH_ALGO3_INVALID;
811}
812
813
814/**
815 * Get unquoted version of Digest Authorization parameter. 701 * Get unquoted version of Digest Authorization parameter.
816 * This function automatically zero-teminate the result. 702 * This function automatically zero-teminate the result.
817 * @param param the parameter to extract 703 * @param param the parameter to extract
@@ -973,45 +859,6 @@ get_rq_uname (const struct MHD_RqDAuth *params,
973 859
974 860
975/** 861/**
976 * Get QOP ('quality of protection') type.
977 * @param params the Digest Authorization parameters
978 * @return detected QOP ('quality of protection') type.
979 */
980static enum MHD_DigestAuthQOP
981get_rq_qop (const struct MHD_RqDAuth *params)
982{
983 const struct MHD_RqDAuthParam *const qop_param =
984 &params->qop;
985 if (NULL == qop_param->value.str)
986 return MHD_DIGEST_AUTH_QOP_NONE;
987 if (qop_param->quoted)
988 {
989 if (MHD_str_equal_caseless_quoted_s_bin_n (qop_param->value.str, \
990 qop_param->value.len, \
991 "auth"))
992 return MHD_DIGEST_AUTH_QOP_AUTH;
993 if (MHD_str_equal_caseless_quoted_s_bin_n (qop_param->value.str, \
994 qop_param->value.len, \
995 "auth-int"))
996 return MHD_DIGEST_AUTH_QOP_AUTH_INT;
997 }
998 else
999 {
1000 if (MHD_str_equal_caseless_s_bin_n_ ("auth", \
1001 qop_param->value.str, \
1002 qop_param->value.len))
1003 return MHD_DIGEST_AUTH_QOP_AUTH;
1004 if (MHD_str_equal_caseless_s_bin_n_ ("auth-int", \
1005 qop_param->value.str, \
1006 qop_param->value.len))
1007 return MHD_DIGEST_AUTH_QOP_AUTH_INT;
1008 }
1009 /* No know QOP has been detected */
1010 return MHD_DIGEST_AUTH_QOP_INVALID;
1011}
1012
1013
1014/**
1015 * Result of request's Digest Authorization 'nc' value extraction 862 * Result of request's Digest Authorization 'nc' value extraction
1016 */ 863 */
1017enum MHD_GetRqNCResult 864enum MHD_GetRqNCResult
@@ -1124,7 +971,7 @@ MHD_digest_auth_get_request_info3 (struct MHD_Connection *connection)
1124 unif_buf_ptr = (uint8_t *) (info + 1); 971 unif_buf_ptr = (uint8_t *) (info + 1);
1125 unif_buf_used = 0; 972 unif_buf_used = 0;
1126 973
1127 info->algo = get_rq_algo (params); 974 info->algo3 = params->algo3;
1128 975
1129 if ( (MHD_DIGEST_AUTH_UNAME_TYPE_MISSING != uname_type) && 976 if ( (MHD_DIGEST_AUTH_UNAME_TYPE_MISSING != uname_type) &&
1130 (MHD_DIGEST_AUTH_UNAME_TYPE_INVALID != uname_type) ) 977 (MHD_DIGEST_AUTH_UNAME_TYPE_INVALID != uname_type) )
@@ -1159,7 +1006,7 @@ MHD_digest_auth_get_request_info3 (struct MHD_Connection *connection)
1159 1006
1160 mhd_assert (unif_buf_size >= unif_buf_used); 1007 mhd_assert (unif_buf_size >= unif_buf_used);
1161 1008
1162 info->qop = get_rq_qop (params); 1009 info->qop = params->qop;
1163 1010
1164 if (NULL != params->cnonce.value.str) 1011 if (NULL != params->cnonce.value.str)
1165 info->cnonce_len = params->cnonce.value.len; 1012 info->cnonce_len = params->cnonce.value.len;
@@ -2110,7 +1957,7 @@ digest_auth_check_all_inner (struct MHD_Connection *connection,
2110 1957
2111 /* ** Initial parameters checks and setup ** */ 1958 /* ** Initial parameters checks and setup ** */
2112 /* Get client's algorithm */ 1959 /* Get client's algorithm */
2113 c_algo = get_rq_algo (params); 1960 c_algo = params->algo3;
2114 /* Check whether client's algorithm is allowed by function parameter */ 1961 /* Check whether client's algorithm is allowed by function parameter */
2115 if (((unsigned int) c_algo) != 1962 if (((unsigned int) c_algo) !=
2116 (((unsigned int) c_algo) & ((unsigned int) malgo3))) 1963 (((unsigned int) c_algo) & ((unsigned int) malgo3)))
@@ -2135,7 +1982,7 @@ digest_auth_check_all_inner (struct MHD_Connection *connection,
2135 if (! digest_setup (&da, get_base_digest_algo (c_algo))) 1982 if (! digest_setup (&da, get_base_digest_algo (c_algo)))
2136 MHD_PANIC (_ ("Wrong 'malgo3' value, API violation")); 1983 MHD_PANIC (_ ("Wrong 'malgo3' value, API violation"));
2137 /* Check 'mqop' value */ 1984 /* Check 'mqop' value */
2138 c_qop = get_rq_qop (params); 1985 c_qop = params->qop;
2139 /* Check whether client's algorithm is allowed by function parameter */ 1986 /* Check whether client's algorithm is allowed by function parameter */
2140 if (((unsigned int) c_qop) != 1987 if (((unsigned int) c_qop) !=
2141 (((unsigned int) c_qop) & ((unsigned int) mqop))) 1988 (((unsigned int) c_qop) & ((unsigned int) mqop)))
@@ -2479,7 +2326,7 @@ digest_auth_check_all_inner (struct MHD_Connection *connection,
2479 /* Update digest with ':' */ 2326 /* Update digest with ':' */
2480 digest_update_with_colon (&da); 2327 digest_update_with_colon (&da);
2481 /* Update digest with 'qop' value */ 2328 /* Update digest with 'qop' value */
2482 unq_res = get_unquoted_param (&params->qop, tmp1, ptmp2, &tmp2_size, 2329 unq_res = get_unquoted_param (&params->qop_raw, tmp1, ptmp2, &tmp2_size,
2483 &unquoted); 2330 &unquoted);
2484 if (_MHD_UNQ_OK != unq_res) 2331 if (_MHD_UNQ_OK != unq_res)
2485 return MHD_DAUTH_ERROR; 2332 return MHD_DAUTH_ERROR;