[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r12715 - in libmicrohttpd/src: daemon include
From: |
gnunet |
Subject: |
[GNUnet-SVN] r12715 - in libmicrohttpd/src: daemon include |
Date: |
Sun, 22 Aug 2010 21:24:12 +0200 |
Author: grothoff
Date: 2010-08-22 21:24:12 +0200 (Sun, 22 Aug 2010)
New Revision: 12715
Modified:
libmicrohttpd/src/daemon/digestauth.c
libmicrohttpd/src/include/microhttpd.h
Log:
code cleanup, finding issues
Modified: libmicrohttpd/src/daemon/digestauth.c
===================================================================
--- libmicrohttpd/src/daemon/digestauth.c 2010-08-22 19:11:29 UTC (rev
12714)
+++ libmicrohttpd/src/daemon/digestauth.c 2010-08-22 19:24:12 UTC (rev
12715)
@@ -266,7 +266,45 @@
return NULL;
}
+
/**
+ * FIXME: password should probably not be here!
+ */
+static void
+calculate_nonce (uint32_t nonce_time,
+ const char *method,
+ const char *password,
+ const char *uri,
+ const char *realm,
+ char *nonce)
+{
+ struct SHA1Context sha1;
+ unsigned char timestamp[4];
+ unsigned char tmpnonce[SHA1_DIGEST_SIZE];
+ char timestamphex[sizeof(timestamp)*2+1];
+
+ SHA1Init (&sha1);
+ timestamp[0] = (nonce_time & 0xff000000) >> 0x18;
+ timestamp[1] = (nonce_time & 0x00ff0000) >> 0x10;
+ timestamp[2] = (nonce_time & 0x0000ff00) >> 0x08;
+ timestamp[3] = (nonce_time & 0x000000ff);
+ SHA1Update(&sha1, timestamp, 4);
+ SHA1Update(&sha1, ":", 1);
+ SHA1Update(&sha1, method, strlen(method));
+ SHA1Update(&sha1, ":", 1);
+ SHA1Update(&sha1, password, strlen(password));
+ SHA1Update(&sha1, ":", 1);
+ SHA1Update(&sha1, uri, strlen(uri));
+ SHA1Update(&sha1, ":", 1);
+ SHA1Update(&sha1, realm, strlen(realm));
+ SHA1Final (tmpnonce, &sha1);
+ cvthex(tmpnonce, sizeof (tmpnonce), nonce);
+ cvthex(timestamp, 4, timestamphex);
+ strncat(nonce, timestamphex, 8);
+}
+
+
+/**
* Authenticates the authorization header sent by the client
*
* @param connection The MHD connection structure
@@ -295,15 +333,13 @@
const char *qop;
const char *nc;
const char *response;
- unsigned char tmpnonce[SHA1_DIGEST_SIZE];
char *hentity = NULL; /* "auth-int" is not supported */
- char timestamp[4];
char ha1[HASH_MD5_HEX_LEN + 1];
char respexp[HASH_MD5_HEX_LEN + 1];
char noncehashexp[HASH_SHA1_HEX_LEN + 9];
- unsigned int nonce_time;
+ uint32_t nonce_time;
uint32_t t;
- struct SHA1Context sha1;
+
header = MHD_lookup_connection_value(connection,
MHD_HEADER_KIND,
@@ -342,28 +378,12 @@
*/
if (t > nonce_time + nonce_timeout)
return MHD_INVALID_NONCE;
- SHA1Init (&sha1);
- snprintf (timestamp,
- sizeof (timestamp),
- "%X",
- (unsigned int) nonce_time);
- timestamp[0] = (nonce_time & 0xff000000) >> 0x18;
- timestamp[1] = (nonce_time & 0x00ff0000) >> 0x10;
- timestamp[2] = (nonce_time & 0x0000ff00) >> 0x08;
- timestamp[3] = (nonce_time & 0x000000ff);
- SHA1Update(&sha1, timestamp, 4);
- SHA1Update(&sha1, ":", 1);
- SHA1Update(&sha1, connection->method, strlen(connection->method));
- SHA1Update(&sha1, ":", 1);
- SHA1Update(&sha1, password, strlen(password));
- SHA1Update(&sha1, ":", 1);
- SHA1Update(&sha1, uri, strlen(uri));
- SHA1Update(&sha1, ":", 1);
- SHA1Update(&sha1, realm, strlen(realm));
- SHA1Final (tmpnonce, &sha1);
- cvthex(tmpnonce, sizeof (tmpnonce), noncehashexp);
- strncat(noncehashexp, nonce + strlen(nonce) - 8, 8);
-
+ calculate_nonce (nonce_time,
+ connection->method,
+ password,
+ uri,
+ realm,
+ noncehashexp);
/*
* Second level vetting for the nonce validity
* if the timestamp attached to the nonce is valid
@@ -374,7 +394,7 @@
* very hard to achieve.
*/
- if (0 != strncmp(nonce, noncehashexp, strlen(nonce)))
+ if (0 != strcmp(nonce, noncehashexp))
return MHD_INVALID_NONCE;
if ( (NULL == (cnonce = lookup_sub_value(buffer, len, "cnonce"))) ||
(NULL == (qop = lookup_sub_value(buffer, len, "qop"))) ||
@@ -409,8 +429,8 @@
* Queues a response to request authentication from the client
*
* @param connection The MHD connection structure
- * @param realm The realm presented to the client
- * @param password The password used in authentication
+ * @param realm the realm presented to the client
+ * @param password the password used in authentication FIXME!
* @param signal_stale MHD_YES if the nonce is invalid to add
* 'stale=true' to the authentication header
* @return MHD_YES on success, MHD_NO otherwise
@@ -424,38 +444,20 @@
{
int ret;
size_t hlen;
- unsigned char tmpnonce[SHA1_DIGEST_SIZE];
- unsigned char timestamp[5];
- char timestamphex[sizeof(timestamp)*2+1];
- char nonce[HASH_SHA1_HEX_LEN + sizeof (timestamphex)];
- uint32_t t;
+ char nonce[HASH_SHA1_HEX_LEN + 9];
struct MHD_Response *response;
- struct SHA1Context sha1;
response = MHD_create_response_from_data(0, NULL, MHD_NO, MHD_NO);
if (NULL == response)
return MHD_NO;
/* Generating the server nonce */
- SHA1Init (&sha1);
- t = (uint32_t) time(NULL);
- timestamp[0] = (t & 0xff000000) >> 0x18;
- timestamp[1] = (t & 0x00ff0000) >> 0x10;
- timestamp[2] = (t & 0x0000ff00) >> 0x08;
- timestamp[3] = (t & 0x000000ff) >> 0x00;
- SHA1Update(&sha1, timestamp, sizeof(timestamp));
- SHA1Update(&sha1, ":", 1);
- SHA1Update(&sha1, connection->method, strlen(connection->method));
- SHA1Update(&sha1, ":", 1);
- SHA1Update(&sha1, password, strlen(password));
- SHA1Update(&sha1, ":", 1);
- SHA1Update(&sha1, connection->url, strlen(connection->url));
- SHA1Update(&sha1, ":", 1);
- SHA1Update(&sha1, realm, strlen(realm));
- SHA1Final (tmpnonce, &sha1);
- cvthex(timestamp, 4, timestamphex);
- cvthex(tmpnonce, sizeof (tmpnonce), nonce);
- strncat(nonce, timestamphex, 8);
+ calculate_nonce ((uint32_t) time(NULL),
+ connection->method,
+ password,
+ connection->url,
+ realm,
+ nonce);
/* Building the authentication header */
hlen = snprintf(NULL,
Modified: libmicrohttpd/src/include/microhttpd.h
===================================================================
--- libmicrohttpd/src/include/microhttpd.h 2010-08-22 19:11:29 UTC (rev
12714)
+++ libmicrohttpd/src/include/microhttpd.h 2010-08-22 19:24:12 UTC (rev
12715)
@@ -1266,7 +1266,7 @@
*
* @param connection The MHD connection structure
* @param realm The realm presented to the client
- * @param password The password used in authentication
+ * @param password the password used in authentication FIXME!
* @param opaque string to user for opaque value
* @param signal_stale MHD_YES if the nonce is invalid to add
* 'stale=true' to the authentication header
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r12715 - in libmicrohttpd/src: daemon include,
gnunet <=