diff options
Diffstat (limited to 'src/microhttpd/digestauth.c')
-rw-r--r-- | src/microhttpd/digestauth.c | 163 |
1 files changed, 5 insertions, 158 deletions
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c index 569e8991..cc6cd0ac 100644 --- a/src/microhttpd/digestauth.c +++ b/src/microhttpd/digestauth.c | |||
@@ -134,37 +134,6 @@ | |||
134 | #define MAX_AUTH_RESPONSE_LENGTH (MAX_DIGEST * 2) | 134 | #define MAX_AUTH_RESPONSE_LENGTH (MAX_DIGEST * 2) |
135 | 135 | ||
136 | /** | 136 | /** |
137 | * The token for MD5 algorithm. | ||
138 | */ | ||
139 | #define _MHD_MD5_TOKEN "MD5" | ||
140 | |||
141 | /** | ||
142 | * The token for SHA-256 algorithm. | ||
143 | */ | ||
144 | #define _MHD_SHA256_TOKEN "SHA-256" | ||
145 | |||
146 | /** | ||
147 | * The token for SHA-512/256 algorithm. | ||
148 | * Unsupported currently by MHD for authentication. | ||
149 | */ | ||
150 | #define _MHD_SHA512_256_TOKEN "SHA-512-256" | ||
151 | |||
152 | /** | ||
153 | * The suffix token for "session" algorithms. | ||
154 | */ | ||
155 | #define _MHD_SESS_TOKEN "-sess" | ||
156 | |||
157 | /** | ||
158 | * The "auth" token for QOP | ||
159 | */ | ||
160 | #define MHD_TOKEN_AUTH_ "auth" | ||
161 | |||
162 | /** | ||
163 | * The "auth-int" token for QOP | ||
164 | */ | ||
165 | #define MHD_TOKEN_AUTH_INT_ "auth-int" | ||
166 | |||
167 | /** | ||
168 | * The required prefix of parameter with the extended notation | 137 | * The required prefix of parameter with the extended notation |
169 | */ | 138 | */ |
170 | #define MHD_DAUTH_EXT_PARAM_PREFIX "UTF-8'" | 139 | #define MHD_DAUTH_EXT_PARAM_PREFIX "UTF-8'" |
@@ -729,89 +698,6 @@ get_rq_unames_size (const struct MHD_RqDAuth *params, | |||
729 | 698 | ||
730 | 699 | ||
731 | /** | 700 | /** |
732 | * Get client's Digest Authorization algorithm type. | ||
733 | * If no algorithm is specified by client, MD5 is assumed. | ||
734 | * @param params the Digest Authorization parameters | ||
735 | * @return the algorithm type | ||
736 | */ | ||
737 | static enum MHD_DigestAuthAlgo3 | ||
738 | get_rq_algo (const struct MHD_RqDAuth *params) | ||
739 | { | ||
740 | const struct MHD_RqDAuthParam *const algo_param = | ||
741 | ¶ms->algorithm; | ||
742 | if (NULL == algo_param->value.str) | ||
743 | return MHD_DIGEST_AUTH_ALGO3_MD5; /* Assume MD5 by default */ | ||
744 | |||
745 | if (algo_param->quoted) | ||
746 | { | ||
747 | if (MHD_str_equal_caseless_quoted_s_bin_n (algo_param->value.str, \ | ||
748 | algo_param->value.len, \ | ||
749 | _MHD_MD5_TOKEN)) | ||
750 | return MHD_DIGEST_AUTH_ALGO3_MD5; | ||
751 | if (MHD_str_equal_caseless_quoted_s_bin_n (algo_param->value.str, \ | ||
752 | algo_param->value.len, \ | ||
753 | _MHD_SHA256_TOKEN)) | ||
754 | return MHD_DIGEST_AUTH_ALGO3_SHA256; | ||
755 | if (MHD_str_equal_caseless_quoted_s_bin_n (algo_param->value.str, \ | ||
756 | algo_param->value.len, \ | ||
757 | _MHD_MD5_TOKEN _MHD_SESS_TOKEN)) | ||
758 | return MHD_DIGEST_AUTH_ALGO3_MD5_SESSION; | ||
759 | if (MHD_str_equal_caseless_quoted_s_bin_n (algo_param->value.str, \ | ||
760 | algo_param->value.len, \ | ||
761 | _MHD_SHA256_TOKEN \ | ||
762 | _MHD_SESS_TOKEN)) | ||
763 | return MHD_DIGEST_AUTH_ALGO3_SHA256_SESSION; | ||
764 | |||
765 | /* Algorithms below are not supported by MHD for authentication */ | ||
766 | |||
767 | if (MHD_str_equal_caseless_quoted_s_bin_n (algo_param->value.str, \ | ||
768 | algo_param->value.len, \ | ||
769 | _MHD_SHA512_256_TOKEN)) | ||
770 | return MHD_DIGEST_AUTH_ALGO3_SHA512_256; | ||
771 | if (MHD_str_equal_caseless_quoted_s_bin_n (algo_param->value.str, \ | ||
772 | algo_param->value.len, \ | ||
773 | _MHD_SHA512_256_TOKEN \ | ||
774 | _MHD_SESS_TOKEN)) | ||
775 | return MHD_DIGEST_AUTH_ALGO3_SHA512_256_SESSION; | ||
776 | |||
777 | /* No known algorithm has been detected */ | ||
778 | return MHD_DIGEST_AUTH_ALGO3_INVALID; | ||
779 | } | ||
780 | /* The algorithm value is not quoted */ | ||
781 | if (MHD_str_equal_caseless_s_bin_n_ (_MHD_MD5_TOKEN, \ | ||
782 | algo_param->value.str, \ | ||
783 | algo_param->value.len)) | ||
784 | return MHD_DIGEST_AUTH_ALGO3_MD5; | ||
785 | if (MHD_str_equal_caseless_s_bin_n_ (_MHD_SHA256_TOKEN, \ | ||
786 | algo_param->value.str, \ | ||
787 | algo_param->value.len)) | ||
788 | return MHD_DIGEST_AUTH_ALGO3_SHA256; | ||
789 | if (MHD_str_equal_caseless_s_bin_n_ (_MHD_MD5_TOKEN _MHD_SESS_TOKEN, \ | ||
790 | algo_param->value.str, \ | ||
791 | algo_param->value.len)) | ||
792 | return MHD_DIGEST_AUTH_ALGO3_MD5_SESSION; | ||
793 | if (MHD_str_equal_caseless_s_bin_n_ (_MHD_SHA256_TOKEN _MHD_SESS_TOKEN, \ | ||
794 | algo_param->value.str, \ | ||
795 | algo_param->value.len)) | ||
796 | return MHD_DIGEST_AUTH_ALGO3_SHA256_SESSION; | ||
797 | |||
798 | /* Algorithms below are not supported by MHD for authentication */ | ||
799 | |||
800 | if (MHD_str_equal_caseless_s_bin_n_ (_MHD_SHA512_256_TOKEN, \ | ||
801 | algo_param->value.str, \ | ||
802 | algo_param->value.len)) | ||
803 | return MHD_DIGEST_AUTH_ALGO3_SHA512_256; | ||
804 | if (MHD_str_equal_caseless_s_bin_n_ (_MHD_SHA512_256_TOKEN _MHD_SESS_TOKEN, \ | ||
805 | algo_param->value.str, \ | ||
806 | algo_param->value.len)) | ||
807 | return MHD_DIGEST_AUTH_ALGO3_SHA512_256_SESSION; | ||
808 | |||
809 | /* No known algorithm has been detected */ | ||
810 | return MHD_DIGEST_AUTH_ALGO3_INVALID; | ||
811 | } | ||
812 | |||
813 | |||
814 | /** | ||
815 | * Get unquoted version of Digest Authorization parameter. | 701 | * Get unquoted version of Digest Authorization parameter. |
816 | * This function automatically zero-teminate the result. | 702 | * This function automatically zero-teminate the result. |
817 | * @param param the parameter to extract | 703 | * @param param the parameter to extract |
@@ -973,45 +859,6 @@ get_rq_uname (const struct MHD_RqDAuth *params, | |||
973 | 859 | ||
974 | 860 | ||
975 | /** | 861 | /** |
976 | * Get QOP ('quality of protection') type. | ||
977 | * @param params the Digest Authorization parameters | ||
978 | * @return detected QOP ('quality of protection') type. | ||
979 | */ | ||
980 | static enum MHD_DigestAuthQOP | ||
981 | get_rq_qop (const struct MHD_RqDAuth *params) | ||
982 | { | ||
983 | const struct MHD_RqDAuthParam *const qop_param = | ||
984 | ¶ms->qop; | ||
985 | if (NULL == qop_param->value.str) | ||
986 | return MHD_DIGEST_AUTH_QOP_NONE; | ||
987 | if (qop_param->quoted) | ||
988 | { | ||
989 | if (MHD_str_equal_caseless_quoted_s_bin_n (qop_param->value.str, \ | ||
990 | qop_param->value.len, \ | ||
991 | "auth")) | ||
992 | return MHD_DIGEST_AUTH_QOP_AUTH; | ||
993 | if (MHD_str_equal_caseless_quoted_s_bin_n (qop_param->value.str, \ | ||
994 | qop_param->value.len, \ | ||
995 | "auth-int")) | ||
996 | return MHD_DIGEST_AUTH_QOP_AUTH_INT; | ||
997 | } | ||
998 | else | ||
999 | { | ||
1000 | if (MHD_str_equal_caseless_s_bin_n_ ("auth", \ | ||
1001 | qop_param->value.str, \ | ||
1002 | qop_param->value.len)) | ||
1003 | return MHD_DIGEST_AUTH_QOP_AUTH; | ||
1004 | if (MHD_str_equal_caseless_s_bin_n_ ("auth-int", \ | ||
1005 | qop_param->value.str, \ | ||
1006 | qop_param->value.len)) | ||
1007 | return MHD_DIGEST_AUTH_QOP_AUTH_INT; | ||
1008 | } | ||
1009 | /* No know QOP has been detected */ | ||
1010 | return MHD_DIGEST_AUTH_QOP_INVALID; | ||
1011 | } | ||
1012 | |||
1013 | |||
1014 | /** | ||
1015 | * Result of request's Digest Authorization 'nc' value extraction | 862 | * Result of request's Digest Authorization 'nc' value extraction |
1016 | */ | 863 | */ |
1017 | enum MHD_GetRqNCResult | 864 | enum MHD_GetRqNCResult |
@@ -1124,7 +971,7 @@ MHD_digest_auth_get_request_info3 (struct MHD_Connection *connection) | |||
1124 | unif_buf_ptr = (uint8_t *) (info + 1); | 971 | unif_buf_ptr = (uint8_t *) (info + 1); |
1125 | unif_buf_used = 0; | 972 | unif_buf_used = 0; |
1126 | 973 | ||
1127 | info->algo = get_rq_algo (params); | 974 | info->algo3 = params->algo3; |
1128 | 975 | ||
1129 | if ( (MHD_DIGEST_AUTH_UNAME_TYPE_MISSING != uname_type) && | 976 | if ( (MHD_DIGEST_AUTH_UNAME_TYPE_MISSING != uname_type) && |
1130 | (MHD_DIGEST_AUTH_UNAME_TYPE_INVALID != uname_type) ) | 977 | (MHD_DIGEST_AUTH_UNAME_TYPE_INVALID != uname_type) ) |
@@ -1159,7 +1006,7 @@ MHD_digest_auth_get_request_info3 (struct MHD_Connection *connection) | |||
1159 | 1006 | ||
1160 | mhd_assert (unif_buf_size >= unif_buf_used); | 1007 | mhd_assert (unif_buf_size >= unif_buf_used); |
1161 | 1008 | ||
1162 | info->qop = get_rq_qop (params); | 1009 | info->qop = params->qop; |
1163 | 1010 | ||
1164 | if (NULL != params->cnonce.value.str) | 1011 | if (NULL != params->cnonce.value.str) |
1165 | info->cnonce_len = params->cnonce.value.len; | 1012 | info->cnonce_len = params->cnonce.value.len; |
@@ -2110,7 +1957,7 @@ digest_auth_check_all_inner (struct MHD_Connection *connection, | |||
2110 | 1957 | ||
2111 | /* ** Initial parameters checks and setup ** */ | 1958 | /* ** Initial parameters checks and setup ** */ |
2112 | /* Get client's algorithm */ | 1959 | /* Get client's algorithm */ |
2113 | c_algo = get_rq_algo (params); | 1960 | c_algo = params->algo3; |
2114 | /* Check whether client's algorithm is allowed by function parameter */ | 1961 | /* Check whether client's algorithm is allowed by function parameter */ |
2115 | if (((unsigned int) c_algo) != | 1962 | if (((unsigned int) c_algo) != |
2116 | (((unsigned int) c_algo) & ((unsigned int) malgo3))) | 1963 | (((unsigned int) c_algo) & ((unsigned int) malgo3))) |
@@ -2135,7 +1982,7 @@ digest_auth_check_all_inner (struct MHD_Connection *connection, | |||
2135 | if (! digest_setup (&da, get_base_digest_algo (c_algo))) | 1982 | if (! digest_setup (&da, get_base_digest_algo (c_algo))) |
2136 | MHD_PANIC (_ ("Wrong 'malgo3' value, API violation")); | 1983 | MHD_PANIC (_ ("Wrong 'malgo3' value, API violation")); |
2137 | /* Check 'mqop' value */ | 1984 | /* Check 'mqop' value */ |
2138 | c_qop = get_rq_qop (params); | 1985 | c_qop = params->qop; |
2139 | /* Check whether client's algorithm is allowed by function parameter */ | 1986 | /* Check whether client's algorithm is allowed by function parameter */ |
2140 | if (((unsigned int) c_qop) != | 1987 | if (((unsigned int) c_qop) != |
2141 | (((unsigned int) c_qop) & ((unsigned int) mqop))) | 1988 | (((unsigned int) c_qop) & ((unsigned int) mqop))) |
@@ -2479,7 +2326,7 @@ digest_auth_check_all_inner (struct MHD_Connection *connection, | |||
2479 | /* Update digest with ':' */ | 2326 | /* Update digest with ':' */ |
2480 | digest_update_with_colon (&da); | 2327 | digest_update_with_colon (&da); |
2481 | /* Update digest with 'qop' value */ | 2328 | /* Update digest with 'qop' value */ |
2482 | unq_res = get_unquoted_param (¶ms->qop, tmp1, ptmp2, &tmp2_size, | 2329 | unq_res = get_unquoted_param (¶ms->qop_raw, tmp1, ptmp2, &tmp2_size, |
2483 | &unquoted); | 2330 | &unquoted); |
2484 | if (_MHD_UNQ_OK != unq_res) | 2331 | if (_MHD_UNQ_OK != unq_res) |
2485 | return MHD_DAUTH_ERROR; | 2332 | return MHD_DAUTH_ERROR; |