[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [libmicrohttpd] branch master updated (2ade9eaa -> a7c0b04c
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [libmicrohttpd] branch master updated (2ade9eaa -> a7c0b04c) |
|
Date: |
Sat, 14 Jul 2018 14:41:42 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a change to branch master
in repository libmicrohttpd.
from 2ade9eaa applying W32 fix suggested by Tim
new 2ed04522 add support for digest auth with hashed password
new 2c47a23d integrate TLS PSK patch from Tal Moaz (plus documentation,
plus style and bugfixes
new a7c0b04c properly recognize Dirk B.
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
AUTHORS | 2 +
ChangeLog | 9 ++
doc/libmicrohttpd.texi | 25 ++++++
src/include/microhttpd.h | 58 +++++++++++-
src/include/microhttpd2.h | 35 ++++++++
src/microhttpd/daemon.c | 94 +++++++++++++++++--
src/microhttpd/digestauth.c | 213 +++++++++++++++++++++++++++++++++-----------
src/microhttpd/internal.h | 15 ++++
8 files changed, 395 insertions(+), 56 deletions(-)
diff --git a/AUTHORS b/AUTHORS
index 62b8c244..71855aa0 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -58,6 +58,8 @@ Louis Benoit <address@hidden>
Flavio Coelin <address@hidden>
Silvio Clecio <address@hidden>
Robert D Kosisko <address@hidden>
+Tal Moaz <address@hidden>
+Dirk Brinkmeier
Documentation contributions also came from:
Marco Maggi <address@hidden>
diff --git a/ChangeLog b/ChangeLog
index 8f06fb6a..068780e3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+Sat Jul 14 11:42:15 CEST 2018
+ Add MHD_OPTION_GNUTLS_PSK_CRED_HANDLER to allow use of PSK with
+ TLS connections. -CG/TM
+
+Sat Jul 14 11:03:37 CEST 2018
+ Integrate patch for checking digest authentication based on
+ a digest, allowing servers to store passwords only hashed.
+ Adding new function MHD_digest_auth_check_digest(). -CG/DB
+
Sat Mar 10 12:15:35 CET 2018
Upgrade to gettext-0.19.8.1. Switching to more canonical
gettext integration. -CG
diff --git a/doc/libmicrohttpd.texi b/doc/libmicrohttpd.texi
index cac5dd29..d2886a25 100644
--- a/doc/libmicrohttpd.texi
+++ b/doc/libmicrohttpd.texi
@@ -869,6 +869,16 @@ information provided. The callback is expected to access
the SNI data
using gnutls_server_name_get(). Using this option requires GnuTLS 3.0
or higher.
address@hidden MHD_OPTION_GNUTLS_PSK_CRED_HANDLER
address@hidden SSL
address@hidden TLS
address@hidden PSK
+Use pre-shared key for TLS credentials.
+Pass a pointer to callback of type
address@hidden and a closure.
+The function will be called to
+retrieve the shared key for a given username.
+
@item MHD_OPTION_DIGEST_AUTH_RANDOM
@cindex digest auth
@cindex random
@@ -2393,6 +2403,21 @@ most probably it will be the result of a lookup of the
username against a local
Most of the time it is sound to specify 300 seconds as its values.
@end deftypefun
address@hidden int MHD_digest_auth_check_digest (struct MHD_Connection
*connection, const char *realm, const char *username, const unsigned char
digest[MHD_MD5_DIGEST_SIZE], unsigned int nonce_timeout)
+Checks if the provided values in the WWW-Authenticate header are valid
+and sound according to RFC2716. If valid return @code{MHD_YES}, otherwise
return @code{MHD_NO}.
+
address@hidden must reference to a zero-terminated string representing the
realm.
+
address@hidden must reference to a zero-terminated string representing the
username,
+it is usually the returned value from MHD_digest_auth_get_username.
+
address@hidden pointer to the binary MD5 sum for the precalculated hash value
``userame:realm:password'' of @code{MHD_MD5_DIGEST_SIZE} bytes.
+
address@hidden is the amount of time in seconds for a nonce to be invalid.
+Most of the time it is sound to specify 300 seconds as its values.
address@hidden deftypefun
+
@deftypefun int MHD_queue_auth_fail_response (struct MHD_Connection
*connection, const char *realm, const char *opaque, struct MHD_Response
*response, int signal_stale)
Queues a response to request authentication from the client,
return @code{MHD_YES} if successful, otherwise @code{MHD_NO}.
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index cff084ed..f43935c7 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -294,6 +294,12 @@ _MHD_DEPR_MACRO("Macro MHD_LONG_LONG_PRINTF is deprecated,
use MHD_UNSIGNED_LONG
/**
+ * Length of the binary output of the MD5 hash function.
+ */
+#define MHD_MD5_DIGEST_SIZE 16
+
+
+/**
* @defgroup httpcode HTTP response codes.
* These are the status codes defined for HTTP responses.
* @{
@@ -1161,6 +1167,25 @@ typedef void
/**
+ * Function called to lookup the pre shared key (@a psk) for a given
+ * HTTP connection based on the @a username.
+ *
+ * @param cls closure
+ * @param connection the HTTPS connection
+ * @param username the user name claimed by the other side
+ * @param psk[out] to be set to the pre-shared-key; should be allocated with
malloc(),
+ * will be freed by MHD
+ * @param psk_size[out] to be set to the number of bytes in @a psk
+ * @return 0 on success, -1 on errors
+ */
+typedef int
+(*MHD_PskServerCredentialsCallback)(void *cls,
+ const struct MHD_Connection *connection,
+ const char *username,
+ void **psk,
+ size_t *psk_size);
+
+/**
* @brief MHD options.
*
* Passed in the varargs portion of #MHD_start_daemon.
@@ -1483,7 +1508,15 @@ enum MHD_OPTION
* testing clients against MHD, and 0 in production. This option
* should be followed by an `int` argument.
*/
- MHD_OPTION_STRICT_FOR_CLIENT = 29
+ MHD_OPTION_STRICT_FOR_CLIENT = 29,
+
+ /**
+ * This should be a pointer to callback of type
+ * gnutls_psk_server_credentials_function that will be given to
+ * gnutls_psk_set_server_credentials_function. It is used to
+ * retrieve the shared key for a given username.
+ */
+ MHD_OPTION_GNUTLS_PSK_CRED_HANDLER = 30
};
@@ -3151,6 +3184,29 @@ MHD_digest_auth_check (struct MHD_Connection *connection,
/**
+ * Authenticates the authorization header sent by the client
+ *
+ * @param connection The MHD connection structure
+ * @param realm The realm presented to the client
+ * @param username The username needs to be authenticated
+ * @param digest An `unsigned char *' pointer to the binary MD5 sum
+ * for the precalculated hash value
"username:realm:password"
+ * of #MHD_MD5_DIGEST_SIZE bytes
+ * @param nonce_timeout The amount of time for a nonce to be
+ * invalid in seconds
+ * @return #MHD_YES if authenticated, #MHD_NO if not,
+ * #MHD_INVALID_NONCE if nonce is invalid
+ * @ingroup authentication
+ */
+_MHD_EXTERN int
+MHD_digest_auth_check_digest (struct MHD_Connection *connection,
+ const char *realm,
+ const char *username,
+ const uint8_t digest[MHD_MD5_DIGEST_SIZE],
+ unsigned int nonce_timeout);
+
+
+/**
* Queues a response to request authentication from the client
*
* @param connection The MHD connection structure
diff --git a/src/include/microhttpd2.h b/src/include/microhttpd2.h
index 063b2d98..e8671825 100644
--- a/src/include/microhttpd2.h
+++ b/src/include/microhttpd2.h
@@ -2181,6 +2181,41 @@ MHD_daemon_tls_mem_dhparams (struct MHD_Daemon *daemon,
/**
+ * Function called to lookup the pre shared key (@a psk) for a given
+ * HTTP connection based on the @a username.
+ *
+ * @param cls closure
+ * @param connection the HTTPS connection
+ * @param username the user name claimed by the other side
+ * @param psk[out] to be set to the pre-shared-key; should be allocated with
malloc(),
+ * will be freed by MHD
+ * @param psk_size[out] to be set to the number of bytes in @a psk
+ * @return 0 on success, -1 on errors
+ */
+typedef int
+(*MHD_PskServerCredentialsCallback)(void *cls,
+ const struct MHD_Connection *connection,
+ const char *username,
+ void **psk,
+ size_t *psk_size);
+
+
+/**
+ * Configure PSK to use for the TLS key exchange.
+ *
+ * @param daemon daemon to configure tls for
+ * @param psk_cb function to call to obtain pre-shared key
+ * @param psk_cb_cls closure for @a psk_cb
+ * @return #MHD_SC_OK upon success; TODO: define failure modes
+ */
+_MHD_EXTERN enum MHD_StatusCode
+MHD_daemon_set_tls_psk_callback (struct MHD_Daemon *daemon,
+ MHD_PskServerCredentialsCallback psk_cb,
+ void *psk_cb_cls)
+ MHD_NONNULL(1);
+
+
+/**
* Memory pointer for the certificate (ca.pem) to be used by the
* HTTPS daemon for client authentification.
*
diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c
index 0b85764b..31ed1574 100644
--- a/src/microhttpd/daemon.c
+++ b/src/microhttpd/daemon.c
@@ -565,7 +565,6 @@ MHD_init_daemon_certificate (struct MHD_Daemon *daemon)
return -1;
}
-
/**
* Initialize security aspects of the HTTPS daemon
*
@@ -582,6 +581,11 @@ MHD_TLS_init (struct MHD_Daemon *daemon)
gnutls_certificate_allocate_credentials (&daemon->x509_cred))
return GNUTLS_E_MEMORY_ERROR;
return MHD_init_daemon_certificate (daemon);
+ case GNUTLS_CRD_PSK:
+ if (0 !=
+ gnutls_psk_allocate_server_credentials (&daemon->psk_cred))
+ return GNUTLS_E_MEMORY_ERROR;
+ return 0;
default:
#ifdef HAVE_MESSAGES
MHD_DLOG (daemon,
@@ -2137,6 +2141,67 @@ MHD_tls_push_func_(gnutls_transport_ptr_t trnsp,
#endif /* MHD_TLSLIB_DONT_SUPPRESS_SIGPIPE */
#endif /* HTTPS_SUPPORT */
+
+/**
+ * Function called by GNUtls to obtain the PSK for a given session.
+ *
+ * @param session the session to lookup PSK for
+ * @param username username to lookup PSK for
+ * @param key[out] where to write PSK
+ * @return 0 on success, -1 on error
+ */
+static int
+psk_gnutls_adapter (gnutls_session_t session,
+ const char *username,
+ gnutls_datum_t *key)
+{
+ struct MHD_Connection *connection;
+ struct MHD_Daemon *daemon;
+ void *app_psk;
+ size_t app_psk_size;
+
+ connection = gnutls_session_get_ptr (session);
+ if (NULL == connection)
+ {
+#ifdef HAVE_MESSAGES
+ MHD_DLOG (daemon,
+ _("Internal server error. This should be impossible.\n"));
+#endif
+ return -1;
+ }
+ daemon = connection->daemon;
+ if (NULL == daemon->cred_callback)
+ {
+#ifdef HAVE_MESSAGES
+ MHD_DLOG (daemon,
+ _("PSK not supported by this server.\n"));
+#endif
+ return -1;
+ }
+ if (0 != daemon->cred_callback (daemon->cred_callback_cls,
+ connection,
+ username,
+ &app_psk,
+ &app_psk_size))
+ return -1;
+ if (NULL == (key->data = gnutls_malloc (app_psk_size)))
+ {
+#ifdef HAVE_MESSAGES
+ MHD_DLOG (daemon,
+ _("PSK authentication failed: gnutls_malloc failed to allocate
memory\n"));
+#endif
+ free (app_psk);
+ return -1;
+ }
+ key->size = app_psk_size;
+ memcpy (key->data,
+ app_psk,
+ app_psk_size);
+ free (app_psk);
+ return 0;
+}
+
+
/**
* Add another client connection to the set of connections
* managed by MHD. This API is usually not needed (since
@@ -2372,6 +2437,12 @@ internal_add_connection (struct MHD_Daemon *daemon,
gnutls_credentials_set (connection->tls_session,
GNUTLS_CRD_CERTIFICATE,
daemon->x509_cred);
+ case GNUTLS_CRD_PSK:
+ gnutls_credentials_set (connection->tls_session,
+ GNUTLS_CRD_PSK,
+ daemon->psk_cred);
+ gnutls_psk_set_server_credentials_function (daemon->psk_cred,
+ &psk_gnutls_adapter);
break;
default:
#ifdef HAVE_MESSAGES
@@ -2392,12 +2463,15 @@ internal_add_connection (struct MHD_Daemon *daemon,
return MHD_NO;
}
#if (GNUTLS_VERSION_NUMBER+0 >= 0x030109) && !defined(_WIN64)
- gnutls_transport_set_int (connection->tls_session, (int)(client_socket));
+ gnutls_transport_set_int (connection->tls_session,
+ (int)(client_socket));
#else /* GnuTLS before 3.1.9 or Win x64 */
- gnutls_transport_set_ptr (connection->tls_session,
(gnutls_transport_ptr_t)(intptr_t)(client_socket));
+ gnutls_transport_set_ptr (connection->tls_session,
+
(gnutls_transport_ptr_t)(intptr_t)(client_socket));
#endif /* GnuTLS before 3.1.9 */
#ifdef MHD_TLSLIB_NEED_PUSH_FUNC
- gnutls_transport_set_push_function (connection->tls_session,
MHD_tls_push_func_);
+ gnutls_transport_set_push_function (connection->tls_session,
+ MHD_tls_push_func_);
#endif /* MHD_TLSLIB_NEED_PUSH_FUNC */
if (daemon->https_mem_trust)
gnutls_certificate_server_set_request (connection->tls_session,
@@ -2407,7 +2481,8 @@ internal_add_connection (struct MHD_Daemon *daemon,
goto cleanup;
#endif /* ! HTTPS_SUPPORT */
}
-
+ gnutls_session_set_ptr (connection->tls_session,
+ connection);
MHD_mutex_lock_chk_ (&daemon->cleanup_connection_mutex);
/* Firm check under lock. */
@@ -5070,6 +5145,7 @@ parse_options_va (struct MHD_Daemon *daemon,
case MHD_OPTION_URI_LOG_CALLBACK:
case MHD_OPTION_EXTERNAL_LOGGER:
case MHD_OPTION_UNESCAPE_CALLBACK:
+ case MHD_OPTION_GNUTLS_PSK_CRED_HANDLER:
if (MHD_YES != parse_options (daemon,
servaddr,
opt,
@@ -5100,6 +5176,12 @@ parse_options_va (struct MHD_Daemon *daemon,
daemon->unescape_callback_cls = va_arg (ap,
void *);
break;
+ case MHD_OPTION_GNUTLS_PSK_CRED_HANDLER:
+ daemon->cred_callback = va_arg (ap,
+ MHD_PskServerCredentialsCallback);
+ daemon->cred_callback_cls = va_arg (ap,
+ void *);
+ break;
default:
#ifdef HAVE_MESSAGES
if ( ( (opt >= MHD_OPTION_HTTPS_MEM_KEY) &&
@@ -6419,6 +6501,8 @@ MHD_stop_daemon (struct MHD_Daemon *daemon)
gnutls_priority_deinit (daemon->priority_cache);
if (daemon->x509_cred)
gnutls_certificate_free_credentials (daemon->x509_cred);
+ if (daemon->psk_cred)
+ gnutls_psk_free_server_credentials (daemon->psk_cred);
}
#endif /* HTTPS_SUPPORT */
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index b0e7ce00..0c5baffb 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -1,6 +1,6 @@
/*
This file is part of libmicrohttpd
- Copyright (C) 2010, 2011, 2012, 2015 Daniel Pittman and Christian Grothoff
+ Copyright (C) 2010, 2011, 2012, 2015, 2018 Daniel Pittman and Christian
Grothoff
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
@@ -37,7 +37,7 @@
#include <windows.h>
#endif /* MHD_W32_MUTEX_ */
-#define HASH_MD5_HEX_LEN (2 * MD5_DIGEST_SIZE)
+#define HASH_MD5_HEX_LEN (2 * MHD_MD5_DIGEST_SIZE)
/* 32 bit value is 4 bytes */
#define TIMESTAMP_BIN_SIZE 4
#define TIMESTAMP_HEX_LEN (2 * TIMESTAMP_BIN_SIZE)
@@ -93,8 +93,65 @@ cvthex (const unsigned char *bin,
/**
- * calculate H(A1) as per RFC2617 spec and store the
- * result in 'sessionkey'.
+ * calculate H(A1) from given hash as per RFC2617 spec
+ * and store the * result in 'sessionkey'.
+ *
+ * @param alg The hash algorithm used, can be "md5" or "md5-sess"
+ * @param digest An `unsigned char *' pointer to the binary MD5 sum
+ * for the precalculated hash value
"username:realm:password"
+ * of #MHD_MD5_DIGEST_SIZE bytes
+ * @param nonce A `char *' pointer to the nonce value
+ * @param cnonce A `char *' pointer to the cnonce value
+ * @param sessionkey pointer to buffer of HASH_MD5_HEX_LEN+1 bytes
+ */
+static void
+digest_calc_ha1_from_digest (const char *alg,
+ const uint8_t digest[MHD_MD5_DIGEST_SIZE],
+ const char *nonce,
+ const char *cnonce,
+ char sessionkey[HASH_MD5_HEX_LEN + 1])
+{
+ struct MD5Context md5;
+
+ if (MHD_str_equal_caseless_(alg,
+ "md5-sess"))
+ {
+ unsigned char ha1[MHD_MD5_DIGEST_SIZE];
+
+ MD5Init (&md5);
+ MD5Update (&md5,
+ digest,
+ MHD_MD5_DIGEST_SIZE);
+ MD5Update (&md5,
+ (const unsigned char *) ":",
+ 1);
+ MD5Update (&md5,
+ (const unsigned char *) nonce,
+ strlen (nonce));
+ MD5Update (&md5,
+ (const unsigned char *) ":",
+ 1);
+ MD5Update (&md5,
+ (const unsigned char *) cnonce,
+ strlen (cnonce));
+ MD5Final (ha1,
+ &md5);
+ cvthex (ha1,
+ sizeof (ha1),
+ sessionkey);
+ }
+ else
+ {
+ cvthex (digest,
+ MHD_MD5_DIGEST_SIZE,
+ sessionkey);
+ }
+}
+
+
+/**
+ * calculate H(A1) from username, realm and password as per RFC2617 spec
+ * and store the result in 'sessionkey'.
*
* @param alg The hash algorithm used, can be "md5" or "md5-sess"
* @param username A `char *' pointer to the username value
@@ -105,16 +162,16 @@ cvthex (const unsigned char *bin,
* @param sessionkey pointer to buffer of HASH_MD5_HEX_LEN+1 bytes
*/
static void
-digest_calc_ha1 (const char *alg,
- const char *username,
- const char *realm,
- const char *password,
- const char *nonce,
- const char *cnonce,
- char sessionkey[HASH_MD5_HEX_LEN + 1])
+digest_calc_ha1_from_user (const char *alg,
+ const char *username,
+ const char *realm,
+ const char *password,
+ const char *nonce,
+ const char *cnonce,
+ char sessionkey[HASH_MD5_HEX_LEN + 1])
{
struct MD5Context md5;
- unsigned char ha1[MD5_DIGEST_SIZE];
+ unsigned char ha1[MHD_MD5_DIGEST_SIZE];
MD5Init (&md5);
MD5Update (&md5,
@@ -134,31 +191,11 @@ digest_calc_ha1 (const char *alg,
strlen (password));
MD5Final (ha1,
&md5);
- if (MHD_str_equal_caseless_(alg,
- "md5-sess"))
- {
- MD5Init (&md5);
- MD5Update (&md5,
- (const unsigned char *) ha1,
- sizeof (ha1));
- MD5Update (&md5,
- (const unsigned char *) ":",
- 1);
- MD5Update (&md5,
- (const unsigned char *) nonce,
- strlen (nonce));
- MD5Update (&md5,
- (const unsigned char *) ":",
- 1);
- MD5Update (&md5,
- (const unsigned char *) cnonce,
- strlen (cnonce));
- MD5Final (ha1,
- &md5);
- }
- cvthex (ha1,
- sizeof (ha1),
- sessionkey);
+ digest_calc_ha1_from_digest(alg,
+ ha1,
+ nonce,
+ cnonce,
+ sessionkey);
}
@@ -187,8 +224,8 @@ digest_calc_response (const char ha1[HASH_MD5_HEX_LEN + 1],
char response[HASH_MD5_HEX_LEN + 1])
{
struct MD5Context md5;
- unsigned char ha2[MD5_DIGEST_SIZE];
- unsigned char resphash[MD5_DIGEST_SIZE];
+ unsigned char ha2[MHD_MD5_DIGEST_SIZE];
+ unsigned char resphash[MHD_MD5_DIGEST_SIZE];
char ha2hex[HASH_MD5_HEX_LEN + 1];
(void)hentity; /* Unused. Silent compiler warning. */
@@ -220,7 +257,7 @@ digest_calc_response (const char ha1[HASH_MD5_HEX_LEN + 1],
MD5Final (ha2,
&md5);
cvthex (ha2,
- MD5_DIGEST_SIZE,
+ MHD_MD5_DIGEST_SIZE,
ha2hex);
MD5Init (&md5);
/* calculate response */
@@ -518,7 +555,7 @@ calculate_nonce (uint32_t nonce_time,
{
struct MD5Context md5;
unsigned char timestamp[TIMESTAMP_BIN_SIZE];
- unsigned char tmpnonce[MD5_DIGEST_SIZE];
+ unsigned char tmpnonce[MHD_MD5_DIGEST_SIZE];
char timestamphex[TIMESTAMP_HEX_LEN + 1];
MD5Init (&md5);
@@ -667,17 +704,21 @@ check_argument_match (struct MHD_Connection *connection,
* @param realm The realm presented to the client
* @param username The username needs to be authenticated
* @param password The password used in the authentication
+ * @param digest An optional `unsigned char *' pointer to the binary MD5 sum
+ * for the precalculated hash value
"username:realm:password"
+ * of #MHD_MD5_DIGEST_SIZE bytes
* @param nonce_timeout The amount of time for a nonce to be
* invalid in seconds
* @return #MHD_YES if authenticated, #MHD_NO if not,
* #MHD_INVALID_NONCE if nonce is invalid
* @ingroup authentication
*/
-int
-MHD_digest_auth_check (struct MHD_Connection *connection,
+static int
+digest_auth_check_all (struct MHD_Connection *connection,
const char *realm,
const char *username,
const char *password,
+ const uint8_t digest[MHD_MD5_DIGEST_SIZE],
unsigned int nonce_timeout)
{
struct MHD_Daemon *daemon = connection->daemon;
@@ -871,13 +912,24 @@ MHD_digest_auth_check (struct MHD_Connection *connection,
return MHD_NO;
}
- digest_calc_ha1 ("md5",
- username,
- realm,
- password,
- nonce,
- cnonce,
- ha1);
+ if (NULL != digest)
+ {
+ digest_calc_ha1_from_digest ("md5",
+ digest,
+ nonce,
+ cnonce,
+ ha1);
+ }
+ else
+ {
+ digest_calc_ha1_from_user ("md5",
+ username,
+ realm,
+ password,
+ nonce,
+ cnonce,
+ ha1);
+ }
digest_calc_response (ha1,
nonce,
nc,
@@ -888,6 +940,7 @@ MHD_digest_auth_check (struct MHD_Connection *connection,
hentity,
respexp);
+
/* Need to unescape URI before comparing with connection->url */
daemon->unescape_callback (daemon->unescape_callback_cls,
connection,
@@ -934,6 +987,66 @@ MHD_digest_auth_check (struct MHD_Connection *connection,
/**
+ * Authenticates the authorization header sent by the client
+ *
+ * @param connection The MHD connection structure
+ * @param realm The realm presented to the client
+ * @param username The username needs to be authenticated
+ * @param password The password used in the authentication
+ * @param nonce_timeout The amount of time for a nonce to be
+ * invalid in seconds
+ * @return #MHD_YES if authenticated, #MHD_NO if not,
+ * #MHD_INVALID_NONCE if nonce is invalid
+ * @ingroup authentication
+ */
+_MHD_EXTERN int
+MHD_digest_auth_check (struct MHD_Connection *connection,
+ const char *realm,
+ const char *username,
+ const char *password,
+ unsigned int nonce_timeout)
+{
+ return digest_auth_check_all(connection,
+ realm,
+ username,
+ password,
+ NULL,
+ nonce_timeout);
+}
+
+
+/**
+ * Authenticates the authorization header sent by the client
+ *
+ * @param connection The MHD connection structure
+ * @param realm The realm presented to the client
+ * @param username The username needs to be authenticated
+ * @param digest An `unsigned char *' pointer to the binary MD5 sum
+ * for the precalculated hash value
"username:realm:password"
+ * of #MHD_MD5_DIGEST_SIZE bytes
+ * @param nonce_timeout The amount of time for a nonce to be
+ * invalid in seconds
+ * @return #MHD_YES if authenticated, #MHD_NO if not,
+ * #MHD_INVALID_NONCE if nonce is invalid
+ * @ingroup authentication
+ */
+_MHD_EXTERN int
+MHD_digest_auth_check_digest (struct MHD_Connection *connection,
+ const char *realm,
+ const char *username,
+ const uint8_t digest[MD5_DIGEST_SIZE],
+ unsigned int nonce_timeout)
+{
+ return digest_auth_check_all (connection,
+ realm,
+ username,
+ NULL,
+ digest,
+ nonce_timeout);
+}
+
+
+/**
* Queues a response to request authentication from the client
*
* @param connection The MHD connection structure
diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h
index 01f2dbea..d1835ea0 100644
--- a/src/microhttpd/internal.h
+++ b/src/microhttpd/internal.h
@@ -1611,12 +1611,27 @@ struct MHD_Daemon
*/
gnutls_dh_params_t dh_params;
+ /**
+ * Server PSK credentials
+ */
+ gnutls_psk_server_credentials_t psk_cred;
+
#if GNUTLS_VERSION_MAJOR >= 3
/**
* Function that can be used to obtain the certificate. Needed
* for SNI support. See #MHD_OPTION_HTTPS_CERT_CALLBACK.
*/
gnutls_certificate_retrieve_function2 *cert_callback;
+
+ /**
+ * Function that can be used to obtain the shared key.
+ */
+ MHD_PskServerCredentialsCallback cred_callback;
+
+ /**
+ * Closure for @e cred_callback.
+ */
+ void *cred_callback_cls;
#endif
/**
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [libmicrohttpd] branch master updated (2ade9eaa -> a7c0b04c),
gnunet <=