[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] branch master updated (5fdb9eff -> 15ea1533)
|
From: |
gnunet |
|
Subject: |
[libmicrohttpd] branch master updated (5fdb9eff -> 15ea1533) |
|
Date: |
Fri, 13 May 2022 16:23:41 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a change to branch master
in repository libmicrohttpd.
from 5fdb9eff digestauth: added detection for possibly fabricated nonces
new 547246b9 Added two new public functions for digest authentication
new a09b2524 Updated tests to use new digest auth functions
new 001b6b87 Updated example to use new digest auth function
new 15ea1533 Updated .texi with the new digest auth functions
The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
doc/libmicrohttpd.texi | 93 ++++++++++--
src/examples/digest_auth_example.c | 19 ++-
src/include/microhttpd.h | 125 +++++++++++++++-
src/microhttpd/digestauth.c | 206 ++++++++++++++------------
src/testcurl/test_digestauth.c | 9 +-
src/testcurl/test_digestauth_concurrent.c | 9 +-
src/testcurl/test_digestauth_sha256.c | 9 +-
src/testcurl/test_digestauth_with_arguments.c | 16 +-
8 files changed, 344 insertions(+), 142 deletions(-)
diff --git a/doc/libmicrohttpd.texi b/doc/libmicrohttpd.texi
index dfe8a686..f86eacd9 100644
--- a/doc/libmicrohttpd.texi
+++ b/doc/libmicrohttpd.texi
@@ -71,10 +71,10 @@ Free Documentation License".
Appendices
-* GNU-LGPL:: The GNU Lesser General Public License says
how you
+* GNU-LGPL:: The GNU Lesser General Public License says how
you
can copy and share almost all of
`libmicrohttpd'.
-* eCos License:: The eCos License says how you can copy and
share some parts of `libmicrohttpd'.
-* GNU-GPL:: The GNU General Public License (with eCos
extension) says how you can copy and share some parts of `libmicrohttpd'.
+* eCos License:: The eCos License says how you can copy and
share some parts of `libmicrohttpd'.
+* GNU-GPL:: The GNU General Public License (with eCos
extension) says how you can copy and share some parts of `libmicrohttpd'.
* GNU-FDL:: The GNU Free Documentation License says how you
can copy and share the documentation of
`libmicrohttpd'.
@@ -3100,8 +3100,8 @@ machine and user authentication). A code example for
using
client certificates is presented in the MHD tutorial.
@menu
-* microhttpd-dauth basic:: Using Basic Authentication.
-* microhttpd-dauth digest:: Using Digest Authentication.
+* microhttpd-dauth basic:: Using Basic Authentication.
+* microhttpd-dauth digest:: Using Digest Authentication.
@end menu
@c ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
@@ -3159,6 +3159,42 @@ Force use of SHA-256.
@end table
@end deftp
+@deftp {Enumeration} MHD_DigestAuthResult
+The result of digest authentication of the client.
+
+@table @code
+@item MHD_DAUTH_OK
+Authentication OK.
+
+@item MHD_DAUTH_ERROR
+General error, like ``out of memory''.
+
+@item MHD_DAUTH_WRONG_HEADER
+No ``Authorization'' header or wrong format of the header.
+
+@item MHD_DAUTH_WRONG_USERNAME
+Wrong ``username''.
+
+@item MHD_DAUTH_WRONG_REALM
+Wrong ``realm''.
+
+@item MHD_DAUTH_WRONG_URI
+Wrong ``URI'' (or URI parameters).
+
+@item MHD_DAUTH_NONCE_STALE
+The ``nonce'' is too old. Suggest the client to retry with the same username
and
+password to get the fresh ``nonce''.
+The validity of the 'nonce' may not be checked.
+
+@item MHD_DAUTH_NONCE_WRONG
+The ``nonce'' is wrong. May indicate an attack attempt.
+
+@item MHD_DAUTH_RESPONSE_WRONG
+The ``response'' is wrong. May indicate an attack attempt.
+
+@end table
+@end deftp
+
@deftypefun {char *} MHD_digest_auth_get_username (struct MHD_Connection
*connection)
Find and return a pointer to the username value from the request header.
@@ -3166,6 +3202,24 @@ Return @code{NULL} if the value is not found or header
does not exist.
If returned value is not @code{NULL}, the value must be @code{MHD_free()}'ed.
@end deftypefun
+@deftypefun enum MHD_DigestAuthResult MHD_digest_auth_check3 (struct
MHD_Connection *connection, const char *realm, const char *username, const char
*password, unsigned int nonce_timeout, enum MHD_DigestAuthAlgorithm algo)
+Checks if the provided values in the WWW-Authenticate header are valid
+and sound according to RFC7616. If valid return @code{MHD_DAUTH_OK}, otherwise
return the error code.
+
+@var{realm} must reference to a zero-terminated string representing the realm.
+
+@var{username} must reference to a zero-terminated string representing the
username,
+it is usually the returned value from MHD_digest_auth_get_username.
+
+@var{password} must reference to a zero-terminated string representing the
password,
+most probably it will be the result of a lookup of the username against a
local database.
+
+@var{nonce_timeout} the nonce validity duration in seconds.
+Most of the time it is sound to specify 300 seconds as its values.
+
+@var{algo} which digest algorithm should we use.
+@end deftypefun
+
@deftypefun int MHD_digest_auth_check2 (struct MHD_Connection *connection,
const char *realm, const char *username, const char *password, unsigned int
nonce_timeout, enum MHD_DigestAuthAlgorithm algo)
Checks if the provided values in the WWW-Authenticate header are valid
and sound according to RFC2716. If valid return @code{MHD_YES}, otherwise
return @code{MHD_NO}.
@@ -3205,6 +3259,25 @@ Most of the time it is sound to specify 300 seconds as
its values.
+@deftypefun enum MHD_DigestAuthResult MHD_digest_auth_check_digest3 (struct
MHD_Connection *connection, const char *realm, const char *username, const
uint8_t *digest, unsigned int nonce_timeout, enum MHD_DigestAuthAlgorithm algo)
+Checks if the provided values in the WWW-Authenticate header are valid
+and sound according to RFC7616. If valid return @code{MHD_DAUTH_OK}, otherwise
return the error code.
+
+@var{realm} must reference to a zero-terminated string representing the realm.
+
+@var{username} must reference to a zero-terminated string representing the
username,
+it is usually the returned value from MHD_digest_auth_get_username.
+
+@var{digest} the pointer to the binary digest for the precalculated hash value
``username:realm:password'' with specified @var{algo}.
+
+@var{digest_size} the number of bytes in @var{digest} (the size must match
@var{algo}!)
+
+@var{nonce_timeout} the nonce validity duration in seconds.
+Most of the time it is sound to specify 300 seconds as its values.
+
+@var{algo} digest authentication algorithm to use.
+@end deftypefun
+
@deftypefun int MHD_digest_auth_check_digest2 (struct MHD_Connection
*connection, const char *realm, const char *username, const uint8_t *digest,
unsigned int nonce_timeout, enum MHD_DigestAuthAlgorithm algo)
Checks if the provided values in the WWW-Authenticate header are valid
and sound according to RFC2716. If valid return @code{MHD_YES}, otherwise
return @code{MHD_NO}.
@@ -3540,9 +3613,9 @@ of this function.
@menu
-* microhttpd-info daemon:: State information about an MHD daemon
-* microhttpd-info conn:: State information about a connection
-* microhttpd-option conn:: Modify per-connection options
+* microhttpd-info daemon:: State information about an MHD daemon
+* microhttpd-info conn:: State information about a connection
+* microhttpd-option conn:: Modify per-connection options
@end menu
@@ -3808,8 +3881,8 @@ zero for no timeout.
@menu
-* microhttpd-util feature:: Test supported MHD features
-* microhttpd-util unescape:: Unescape strings
+* microhttpd-util feature:: Test supported MHD features
+* microhttpd-util unescape:: Unescape strings
@end menu
diff --git a/src/examples/digest_auth_example.c
b/src/examples/digest_auth_example.c
index f8208d97..b3741bc5 100644
--- a/src/examples/digest_auth_example.c
+++ b/src/examples/digest_auth_example.c
@@ -48,7 +48,7 @@ ahc_echo (void *cls,
char *username;
const char *password = "testpass";
const char *realm = "test@example.com";
- int res;
+ enum MHD_DigestAuthResult res_e;
enum MHD_Result ret;
static int already_called_marker;
(void) cls; /* Unused. Silent compiler warning. */
@@ -57,7 +57,6 @@ ahc_echo (void *cls,
(void) version; /* Unused. Silent compiler warning. */
(void) upload_data; /* Unused. Silent compiler warning. */
(void) upload_data_size; /* Unused. Silent compiler warning. */
- (void) req_cls; /* Unused. Silent compiler warning. */
if (&already_called_marker != *req_cls)
{ /* Called for the first time, request not fully read yet */
@@ -80,13 +79,13 @@ ahc_echo (void *cls,
MHD_destroy_response (response);
return ret;
}
- res = MHD_digest_auth_check (connection, realm,
- username,
- password,
- 300);
+ res_e = MHD_digest_auth_check3 (connection, realm,
+ username,
+ password,
+ 300,
+ MHD_DIGEST_ALG_MD5);
MHD_free (username);
- if ( (res == MHD_INVALID_NONCE) ||
- (res == MHD_NO) )
+ if (res_e != MHD_DAUTH_OK)
{
response =
MHD_create_response_from_buffer_static (strlen (DENIED),
@@ -96,8 +95,8 @@ ahc_echo (void *cls,
ret = MHD_queue_auth_fail_response2 (connection, realm,
MY_OPAQUE_STR,
response,
- (res == MHD_INVALID_NONCE) ? MHD_YES :
- MHD_NO,
+ (res_e == MHD_DAUTH_NONCE_STALE) ?
+ MHD_YES : MHD_NO,
MHD_DIGEST_ALG_MD5);
MHD_destroy_response (response);
return ret;
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index 6bf594cc..921ab56b 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -96,7 +96,7 @@ extern "C"
* they are parsed as decimal numbers.
* Example: 0x01093001 = 1.9.30-1.
*/
-#define MHD_VERSION 0x00097512
+#define MHD_VERSION 0x00097513
/* If generic headers don't work on your platform, include headers
which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t',
@@ -4363,6 +4363,115 @@ enum MHD_DigestAuthAlgorithm
} _MHD_FIXED_ENUM;
+/**
+ * The result of digest authentication of the client.
+ *
+ * @note Available since #MHD_VERSION 0x00097513
+ */
+enum MHD_DigestAuthResult
+{
+ /**
+ * Authentication OK.
+ */
+ MHD_DAUTH_OK = 1,
+
+ /**
+ * General error, like "out of memory".
+ */
+ MHD_DAUTH_ERROR = 0,
+
+ /**
+ * No "Authorization" header or wrong format of the header.
+ */
+ MHD_DAUTH_WRONG_HEADER = -1,
+
+ /**
+ * Wrong 'username'.
+ */
+ MHD_DAUTH_WRONG_USERNAME = -2,
+
+ /**
+ * Wrong 'realm'.
+ */
+ MHD_DAUTH_WRONG_REALM = -3,
+
+ /**
+ * Wrong 'URI' (or URI parameters).
+ */
+ MHD_DAUTH_WRONG_URI = -4,
+
+ /* The different form of naming is intentionally used for the results below,
+ * as they are more important */
+
+ /**
+ * The 'nonce' is too old. Suggest the client to retry with the same
+ * username and password to get the fresh 'nonce'.
+ * The validity of the 'nonce' may not be checked.
+ */
+ MHD_DAUTH_NONCE_STALE = -16,
+
+ /**
+ * The 'nonce' is wrong. May indicate an attack attempt.
+ */
+ MHD_DAUTH_NONCE_WRONG = -32,
+
+ /**
+ * The 'response' is wrong. May indicate an attack attempt.
+ */
+ MHD_DAUTH_RESPONSE_WRONG = -33,
+};
+
+
+/**
+ * Authenticates the authorization header sent by the client.
+ *
+ * @param connection the MHD connection structure
+ * @param realm the realm to be used for authorization of the client
+ * @param username the username needs to be authenticated
+ * @param password the password used in the authentication
+ * @param nonce_timeout the nonce validity duration in seconds
+ * @param algo the digest algorithms allowed for verification
+ * @return #MHD_DAUTH_OK if authenticated,
+ * the error code otherwise
+ * @note Available since #MHD_VERSION 0x00097513
+ * @ingroup authentication
+ */
+_MHD_EXTERN enum MHD_DigestAuthResult
+MHD_digest_auth_check3 (struct MHD_Connection *connection,
+ const char *realm,
+ const char *username,
+ const char *password,
+ unsigned int nonce_timeout,
+ enum MHD_DigestAuthAlgorithm algo);
+
+
+/**
+ * Authenticates the authorization header sent by the client.
+ *
+ * @param connection the MHD connection structure
+ * @param realm the realm to be used for authorization of the client
+ * @param username the username needs to be authenticated
+ * @param digest the pointer to the binary digest for the precalculated hash
+ * value "username:realm:password" with specified @a algo
+ * @param digest_size the number of bytes in @a digest (the size must match
+ * @a algo!)
+ * @param nonce_timeout the nonce validity duration in seconds
+ * @param algo digest algorithms allowed for verification
+ * @return #MHD_DAUTH_OK if authenticated,
+ * the error code otherwise
+ * @note Available since #MHD_VERSION 0x00097513
+ * @ingroup authentication
+ */
+_MHD_EXTERN enum MHD_DigestAuthResult
+MHD_digest_auth_check_digest3 (struct MHD_Connection *connection,
+ const char *realm,
+ const char *username,
+ const uint8_t *digest,
+ size_t digest_size,
+ unsigned int nonce_timeout,
+ enum MHD_DigestAuthAlgorithm algo);
+
+
/**
* Authenticates the authorization header sent by the client.
*
@@ -4376,6 +4485,7 @@ enum MHD_DigestAuthAlgorithm
* @return #MHD_YES if authenticated, #MHD_NO if not,
* #MHD_INVALID_NONCE if nonce is invalid or stale
* @note Available since #MHD_VERSION 0x00096200
+ * @deprecated use MHD_digest_auth_check3()
* @ingroup authentication
*/
_MHD_EXTERN int
@@ -4402,8 +4512,8 @@ MHD_digest_auth_check2 (struct MHD_Connection *connection,
* invalid in seconds
* @return #MHD_YES if authenticated, #MHD_NO if not,
* #MHD_INVALID_NONCE if nonce is invalid or stale
+ * @deprecated use MHD_digest_auth_check3()
* @ingroup authentication
- * @deprecated use MHD_digest_auth_check2()
*/
_MHD_EXTERN int
MHD_digest_auth_check (struct MHD_Connection *connection,
@@ -4429,6 +4539,7 @@ MHD_digest_auth_check (struct MHD_Connection *connection,
* @return #MHD_YES if authenticated, #MHD_NO if not,
* #MHD_INVALID_NONCE if nonce is invalid or stale
* @note Available since #MHD_VERSION 0x00096200
+ * @deprecated use MHD_digest_auth_check_digest3()
* @ingroup authentication
*/
_MHD_EXTERN int
@@ -4457,8 +4568,8 @@ MHD_digest_auth_check_digest2 (struct MHD_Connection
*connection,
* @return #MHD_YES if authenticated, #MHD_NO if not,
* #MHD_INVALID_NONCE if nonce is invalid or stale
* @note Available since #MHD_VERSION 0x00096000
+ * @deprecated use #MHD_digest_auth_check_digest3()
* @ingroup authentication
- * @deprecated use #MHD_digest_auth_check_digest2()
*/
_MHD_EXTERN int
MHD_digest_auth_check_digest (struct MHD_Connection *connection,
@@ -4477,8 +4588,8 @@ MHD_digest_auth_check_digest (struct MHD_Connection
*connection,
* @param response reply to send; should contain the "access denied"
* body; note that this function will set the "WWW Authenticate"
* header and that the caller should not do this; the NULL is tolerated
- * @param signal_stale #MHD_YES if the nonce is invalid to add
- * 'stale=true' to the authentication header
+ * @param signal_stale #MHD_YES if the nonce is stale to add
+ * 'stale=true' to the authentication header
* @param algo digest algorithm to use
* @return #MHD_YES on success, #MHD_NO otherwise
* @note Available since #MHD_VERSION 0x00096200
@@ -4504,8 +4615,8 @@ MHD_queue_auth_fail_response2 (struct MHD_Connection
*connection,
* @param response reply to send; should contain the "access denied"
* body; note that this function will set the "WWW Authenticate"
* header and that the caller should not do this; the NULL is tolerated
- * @param signal_stale #MHD_YES if the nonce is invalid to add
- * 'stale=true' to the authentication header
+ * @param signal_stale #MHD_YES if the nonce is stale to add
+ * 'stale=true' to the authentication header
* @return #MHD_YES on success, #MHD_NO otherwise
* @ingroup authentication
* @deprecated use MHD_queue_auth_fail_response2()
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index c7d13866..26f972b8 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -1,6 +1,7 @@
/*
This file is part of libmicrohttpd
Copyright (C) 2010, 2011, 2012, 2015, 2018 Daniel Pittman and Christian
Grothoff
+ Copyright (C) 2014-2022 Evgeny Grin (Karlson2k)
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -22,6 +23,7 @@
* @author Amr Ali
* @author Matthieu Speder
* @author Christian Grothoff (RFC 7616 support)
+ * @author Karlson2k (Evgeny Grin)
*/
#include "platform.h"
#include "mhd_limits.h"
@@ -153,63 +155,6 @@
*/
#define _MHD_SESS_TOKEN "-sess"
-
-/**
- * The result of digest authentication of the client.
- */
-enum MHD_DigestAuthResult
-{
- /**
- * Authentication OK
- */
- MHD_DAUTH_OK = 1,
-
- /**
- * General error, like "out of memory"
- */
- MHD_DAUTH_ERROR = 0,
-
- /**
- * No "Authorization" header or wrong format of the header.
- */
- MHD_DAUTH_WRONG_HEADER = -1,
-
- /**
- * Wrong 'username'.
- */
- MHD_DAUTH_WRONG_USERNAME = -2,
-
- /**
- * Wrong 'realm'.
- */
- MHD_DAUTH_WRONG_REALM = -3,
-
- /**
- * Wrong 'URI' (or URI parameters).
- */
- MHD_DAUTH_WRONG_URI = -4,
-
- /* The different form of naming is intentionally used for the results below,
- * as they are more important */
-
- /**
- * The 'nonce' is too old. Suggest the client to retry with the same
- * username and password to get the fresh 'nonce'.
- * The validity of the 'nonce' may not be checked.
- */
- MHD_DAUTH_NONCE_STALE = -16,
-
- /**
- * The 'nonce' is wrong. May indicate an attack attempt.
- */
- MHD_DAUTH_NONCE_WRONG = -32,
-
- /**
- * The 'response' is wrong. May indicate an attack attempt.
- */
- MHD_DAUTH_RESPONSE_WRONG = -33,
-};
-
/**
* The result of nonce-nc map array check.
*/
@@ -1586,7 +1531,7 @@ digest_auth_check_all (struct MHD_Connection *connection,
* Authenticates the authorization header sent by the client.
* Uses #MHD_DIGEST_ALG_MD5 (for now, for backwards-compatibility).
* Note that this MAY change to #MHD_DIGEST_ALG_AUTO in the future.
- * If you want to be sure you get MD5, use #MHD_digest_auth_check2
+ * If you want to be sure you get MD5, use #MHD_digest_auth_check2()
* and specify MD5 explicitly.
*
* @param connection The MHD connection structure
@@ -1597,6 +1542,7 @@ digest_auth_check_all (struct MHD_Connection *connection,
* invalid in seconds
* @return #MHD_YES if authenticated, #MHD_NO if not,
* #MHD_INVALID_NONCE if nonce is invalid or stale
+ * @deprecated use MHD_digest_auth_check3()
* @ingroup authentication
*/
_MHD_EXTERN int
@@ -1664,6 +1610,86 @@ MHD_digest_auth_check (struct MHD_Connection *connection,
} while (0)
+/**
+ * Authenticates the authorization header sent by the client.
+ *
+ * @param connection the MHD connection structure
+ * @param realm the realm to be used for authorization of the client
+ * @param username the username needs to be authenticated
+ * @param password the password used in the authentication
+ * @param nonce_timeout the nonce validity duration in seconds
+ * @param algo the digest algorithms allowed for verification
+ * @return #MHD_DAUTH_OK if authenticated,
+ * the error code otherwise
+ * @note Available since #MHD_VERSION 0x00097513
+ * @ingroup authentication
+ */
+_MHD_EXTERN enum MHD_DigestAuthResult
+MHD_digest_auth_check3 (struct MHD_Connection *connection,
+ const char *realm,
+ const char *username,
+ const char *password,
+ unsigned int nonce_timeout,
+ enum MHD_DigestAuthAlgorithm algo)
+{
+ SETUP_DA (algo, da);
+
+ mhd_assert (NULL != password);
+ if (0 == da.digest_size)
+ MHD_PANIC (_ ("Wrong algo value.\n")); /* API violation! */
+
+ return digest_auth_check_all (connection,
+ &da,
+ realm,
+ username,
+ password,
+ NULL,
+ nonce_timeout);
+}
+
+
+/**
+ * Authenticates the authorization header sent by the client.
+ *
+ * @param connection the MHD connection structure
+ * @param realm the realm to be used for authorization of the client
+ * @param username the username needs to be authenticated
+ * @param digest the pointer to the binary digest for the precalculated hash
+ * value "username:realm:password" with specified @a algo
+ * @param digest_size the number of bytes in @a digest (the size must match
+ * @a algo!)
+ * @param nonce_timeout the nonce validity duration in seconds
+ * @param algo digest algorithms allowed for verification
+ * @return #MHD_DAUTH_OK if authenticated,
+ * the error code otherwise
+ * @note Available since #MHD_VERSION 0x00097513
+ * @ingroup authentication
+ */
+_MHD_EXTERN enum MHD_DigestAuthResult
+MHD_digest_auth_check_digest3 (struct MHD_Connection *connection,
+ const char *realm,
+ const char *username,
+ const uint8_t *digest,
+ size_t digest_size,
+ unsigned int nonce_timeout,
+ enum MHD_DigestAuthAlgorithm algo)
+{
+ SETUP_DA (algo, da);
+
+ mhd_assert (NULL != digest);
+ if ((da.digest_size != digest_size) || (0 == digest_size))
+ MHD_PANIC (_ ("Digest size mismatch.\n")); /* API violation! */
+
+ return digest_auth_check_all (connection,
+ &da,
+ realm,
+ username,
+ NULL,
+ digest,
+ nonce_timeout);
+}
+
+
/**
* Authenticates the authorization header sent by the client.
*
@@ -1676,6 +1702,8 @@ MHD_digest_auth_check (struct MHD_Connection *connection,
* @param algo digest algorithms allowed for verification
* @return #MHD_YES if authenticated, #MHD_NO if not,
* #MHD_INVALID_NONCE if nonce is invalid or stale
+ * @note Available since #MHD_VERSION 0x00096200
+ * @deprecated use MHD_digest_auth_check3()
* @ingroup authentication
*/
_MHD_EXTERN int
@@ -1687,18 +1715,12 @@ MHD_digest_auth_check2 (struct MHD_Connection
*connection,
enum MHD_DigestAuthAlgorithm algo)
{
enum MHD_DigestAuthResult res;
- SETUP_DA (algo, da);
-
- mhd_assert (NULL != password);
- if (0 == da.digest_size)
- MHD_PANIC (_ ("Wrong algo value.\n")); /* API violation! */
- res = digest_auth_check_all (connection,
- &da,
- realm,
- username,
- password,
- NULL,
- nonce_timeout);
+ res = MHD_digest_auth_check3 (connection,
+ realm,
+ username,
+ password,
+ nonce_timeout,
+ algo);
if (MHD_DAUTH_OK == res)
return MHD_YES;
else if ((MHD_DAUTH_NONCE_STALE == res) || (MHD_DAUTH_NONCE_WRONG == res))
@@ -1716,13 +1738,15 @@ MHD_digest_auth_check2 (struct MHD_Connection
*connection,
* @param username The username needs to be authenticated
* @param digest An `unsigned char *' pointer to the binary MD5 sum
* for the precalculated hash value "username:realm:password"
- * of #MHD_MD5_DIGEST_SIZE bytes
- * @param digest_size number of bytes in @a digest
+ * of @a digest_size bytes
+ * @param digest_size number of bytes in @a digest (size must match @a algo!)
* @param nonce_timeout The amount of time for a nonce to be
* invalid in seconds
* @param algo digest algorithms allowed for verification
* @return #MHD_YES if authenticated, #MHD_NO if not,
* #MHD_INVALID_NONCE if nonce is invalid or stale
+ * @note Available since #MHD_VERSION 0x00096200
+ * @deprecated use MHD_digest_auth_check_digest3()
* @ingroup authentication
*/
_MHD_EXTERN int
@@ -1735,18 +1759,14 @@ MHD_digest_auth_check_digest2 (struct MHD_Connection
*connection,
enum MHD_DigestAuthAlgorithm algo)
{
enum MHD_DigestAuthResult res;
- SETUP_DA (algo, da);
- mhd_assert (NULL != digest);
- if ((da.digest_size != digest_size) || (0 == digest_size))
- MHD_PANIC (_ ("Digest size mismatch.\n")); /* API violation! */
- res = digest_auth_check_all (connection,
- &da,
- realm,
- username,
- NULL,
- digest,
- nonce_timeout);
+ res = MHD_digest_auth_check_digest3 (connection,
+ realm,
+ username,
+ digest,
+ digest_size,
+ nonce_timeout,
+ algo);
if (MHD_DAUTH_OK == res)
return MHD_YES;
else if ((MHD_DAUTH_NONCE_STALE == res) || (MHD_DAUTH_NONCE_WRONG == res))
@@ -1756,20 +1776,22 @@ MHD_digest_auth_check_digest2 (struct MHD_Connection
*connection,
/**
- * Authenticates the authorization header sent by the client.
+ * Authenticates the authorization header sent by the client
* Uses #MHD_DIGEST_ALG_MD5 (required, as @a digest is of fixed
* size).
*
* @param connection The MHD connection structure
* @param realm The realm presented to the client
* @param username The username needs to be authenticated
- * @param digest An `unsigned char *' pointer to the binary digest
- * for the precalculated hash value "username:realm:password"
- * of @a digest_size bytes
+ * @param digest An `unsigned char *' pointer to the binary hash
+ * for the precalculated hash value "username:realm:password";
+ * length must be #MHD_MD5_DIGEST_SIZE bytes
* @param nonce_timeout The amount of time for a nonce to be
* invalid in seconds
* @return #MHD_YES if authenticated, #MHD_NO if not,
* #MHD_INVALID_NONCE if nonce is invalid or stale
+ * @note Available since #MHD_VERSION 0x00096000
+ * @deprecated use #MHD_digest_auth_check_digest3()
* @ingroup authentication
*/
_MHD_EXTERN int
@@ -1798,8 +1820,8 @@ MHD_digest_auth_check_digest (struct MHD_Connection
*connection,
* @param response reply to send; should contain the "access denied"
* body; note that this function will set the "WWW Authenticate"
* header and that the caller should not do this; the NULL is tolerated
- * @param signal_stale #MHD_YES if the nonce is invalid to add
- * 'stale=true' to the authentication header
+ * @param signal_stale #MHD_YES if the nonce is stale to add
+ * 'stale=true' to the authentication header
* @param algo digest algorithm to use
* @return #MHD_YES on success, #MHD_NO otherwise
* @note Available since #MHD_VERSION 0x00096200
@@ -1928,9 +1950,9 @@ MHD_queue_auth_fail_response2 (struct MHD_Connection
*connection,
* @param opaque string to user for opaque value
* @param response reply to send; should contain the "access denied"
* body; note that this function will set the "WWW Authenticate"
- * header and that the caller should not do this
- * @param signal_stale #MHD_YES if the nonce is invalid to add
- * 'stale=true' to the authentication header
+ * header and that the caller should not do this; the NULL is tolerated
+ * @param signal_stale #MHD_YES if the nonce is stale to add
+ * 'stale=true' to the authentication header
* @return #MHD_YES on success, #MHD_NO otherwise
* @ingroup authentication
* @deprecated use MHD_queue_auth_fail_response2()
diff --git a/src/testcurl/test_digestauth.c b/src/testcurl/test_digestauth.c
index a2b38b2e..e05e4f31 100644
--- a/src/testcurl/test_digestauth.c
+++ b/src/testcurl/test_digestauth.c
@@ -265,7 +265,7 @@ ahc_echo (void *cls,
const char *password = "testpass";
const char *realm = "test@example.com";
enum MHD_Result ret;
- int ret_i;
+ enum MHD_DigestAuthResult ret_e;
static int already_called_marker;
(void) cls; (void) url; /* Unused. Silent compiler
warning. */
(void) method; (void) version; (void) upload_data; /* Unused. Silent
compiler warning. */
@@ -298,15 +298,14 @@ ahc_echo (void *cls,
MHD_destroy_response (response);
return ret;
}
- ret_i = MHD_digest_auth_check2 (connection,
+ ret_e = MHD_digest_auth_check3 (connection,
realm,
username,
password,
300,
MHD_DIGEST_ALG_MD5);
MHD_free (username);
- if ( (ret_i == MHD_INVALID_NONCE) ||
- (ret_i == MHD_NO) )
+ if (ret_e != MHD_DAUTH_OK)
{
response = MHD_create_response_from_buffer (strlen (DENIED),
DENIED,
@@ -317,7 +316,7 @@ ahc_echo (void *cls,
realm,
MY_OPAQUE,
response,
- (MHD_INVALID_NONCE == ret_i) ?
+ (MHD_DAUTH_NONCE_STALE == ret_e) ?
MHD_YES : MHD_NO,
MHD_DIGEST_ALG_MD5);
if (MHD_YES != ret)
diff --git a/src/testcurl/test_digestauth_concurrent.c
b/src/testcurl/test_digestauth_concurrent.c
index ecb1771e..5795c686 100644
--- a/src/testcurl/test_digestauth_concurrent.c
+++ b/src/testcurl/test_digestauth_concurrent.c
@@ -276,7 +276,7 @@ ahc_echo (void *cls,
const char *password = "testpass";
const char *realm = "test@example.com";
enum MHD_Result ret;
- int ret_i;
+ enum MHD_DigestAuthResult ret_e;
static int already_called_marker;
(void) cls; (void) url; /* Unused. Silent compiler
warning. */
(void) method; (void) version; (void) upload_data; /* Unused. Silent
compiler warning. */
@@ -309,15 +309,14 @@ ahc_echo (void *cls,
MHD_destroy_response (response);
return ret;
}
- ret_i = MHD_digest_auth_check2 (connection,
+ ret_e = MHD_digest_auth_check3 (connection,
realm,
username,
password,
300,
MHD_DIGEST_ALG_MD5);
MHD_free (username);
- if ( (ret_i == MHD_INVALID_NONCE) ||
- (ret_i == MHD_NO) )
+ if (ret_e != MHD_DAUTH_OK)
{
response = MHD_create_response_from_buffer (strlen (DENIED),
DENIED,
@@ -328,7 +327,7 @@ ahc_echo (void *cls,
realm,
MY_OPAQUE,
response,
- (MHD_INVALID_NONCE == ret_i) ?
+ (MHD_DAUTH_NONCE_STALE == ret_e) ?
MHD_YES : MHD_NO,
MHD_DIGEST_ALG_MD5);
if (MHD_YES != ret)
diff --git a/src/testcurl/test_digestauth_sha256.c
b/src/testcurl/test_digestauth_sha256.c
index bb0e786c..bfab4a7e 100644
--- a/src/testcurl/test_digestauth_sha256.c
+++ b/src/testcurl/test_digestauth_sha256.c
@@ -94,7 +94,7 @@ ahc_echo (void *cls,
const char *password = "testpass";
const char *realm = "test@example.com";
enum MHD_Result ret;
- int ret_i;
+ enum MHD_DigestAuthResult ret_e;
static int already_called_marker;
(void) cls; (void) url; /* Unused. Silent compiler
warning. */
(void) method; (void) version; (void) upload_data; /* Unused. Silent
compiler warning. */
@@ -123,15 +123,14 @@ ahc_echo (void *cls,
MHD_destroy_response (response);
return ret;
}
- ret_i = MHD_digest_auth_check2 (connection,
+ ret_e = MHD_digest_auth_check3 (connection,
realm,
username,
password,
300,
MHD_DIGEST_ALG_SHA256);
MHD_free (username);
- if ( (ret_i == MHD_INVALID_NONCE) ||
- (ret_i == MHD_NO) )
+ if (ret_e != MHD_DAUTH_OK)
{
response = MHD_create_response_from_buffer (strlen (DENIED),
DENIED,
@@ -142,7 +141,7 @@ ahc_echo (void *cls,
realm,
MY_OPAQUE,
response,
- (MHD_INVALID_NONCE == ret_i) ?
+ (MHD_DAUTH_NONCE_STALE == ret_e) ?
MHD_YES : MHD_NO,
MHD_DIGEST_ALG_SHA256);
MHD_destroy_response (response);
diff --git a/src/testcurl/test_digestauth_with_arguments.c
b/src/testcurl/test_digestauth_with_arguments.c
index 602c1180..773fd5f5 100644
--- a/src/testcurl/test_digestauth_with_arguments.c
+++ b/src/testcurl/test_digestauth_with_arguments.c
@@ -87,7 +87,7 @@ ahc_echo (void *cls,
const char *password = "testpass";
const char *realm = "test@example.com";
enum MHD_Result ret;
- int ret_i;
+ enum MHD_DigestAuthResult ret_e;
static int already_called_marker;
(void) cls; (void) url; /* Unused. Silent compiler
warning. */
(void) method; (void) version; (void) upload_data; /* Unused. Silent
compiler warning. */
@@ -115,13 +115,13 @@ ahc_echo (void *cls,
MHD_destroy_response (response);
return ret;
}
- ret_i = MHD_digest_auth_check (connection, realm,
- username,
- password,
- 300);
+ ret_e = MHD_digest_auth_check3 (connection, realm,
+ username,
+ password,
+ 300,
+ MHD_DIGEST_ALG_MD5);
MHD_free (username);
- if ( (ret_i == MHD_INVALID_NONCE) ||
- (ret_i == MHD_NO) )
+ if (ret_e != MHD_DAUTH_OK)
{
response = MHD_create_response_from_buffer (strlen (DENIED),
DENIED,
@@ -131,7 +131,7 @@ ahc_echo (void *cls,
ret = MHD_queue_auth_fail_response2 (connection, realm,
MY_OPAQUE,
response,
- (ret_i == MHD_INVALID_NONCE) ?
+ (ret_e == MHD_DAUTH_NONCE_STALE) ?
MHD_YES : MHD_NO,
MHD_DIGEST_ALG_MD5);
MHD_destroy_response (response);
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [libmicrohttpd] branch master updated (5fdb9eff -> 15ea1533),
gnunet <=