[libmicrohttpd] 09/14: digest_auth_check(): added support for username i

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libmicrohttpd] 09/14: digest_auth_check(): added support for username i

From:	gnunet
Subject:	[libmicrohttpd] 09/14: digest_auth_check(): added support for username in extended notation
Date:	Thu, 21 Jul 2022 14:08:07 +0200

This is an automated email from the git hooks/post-receive script.

karlson2k pushed a commit to branch master
in repository libmicrohttpd.

commit b528bec9c1a9332c49813d8e3df7dcc0eb7b63db
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Wed Jul 20 17:06:40 2022 +0300

    digest_auth_check(): added support for username in extended notation
---
 src/microhttpd/digestauth.c | 39 ++++++++++++++++++++++++++++++++++++---
 1 file changed, 36 insertions(+), 3 deletions(-)

diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index fac12ec0..6bb2aa22 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -1937,8 +1937,15 @@ digest_auth_check_all_inner (struct MHD_Connection 
*connection,
     return MHD_DAUTH_WRONG_HEADER;
 
   /* ** A quick check for presence of all required parameters ** */
-  if (NULL == params->username.value.str)
+  if ((NULL == params->username.value.str) &&
+      (NULL == params->username_ext.value.str))
     return MHD_DAUTH_WRONG_HEADER;
+  else if ((NULL != params->username.value.str) &&
+           (NULL != params->username_ext.value.str))
+    return MHD_DAUTH_WRONG_HEADER; /* Parameters cannot be used together */
+  else if ((NULL != params->username_ext.value.str) &&
+           (MHD_DAUTH_EXT_PARAM_MIN_LEN > params->username_ext.value.len))
+    return MHD_DAUTH_WRONG_HEADER; /* Broken extended notation */
 
   if (NULL == params->realm.value.str)
     return MHD_DAUTH_WRONG_HEADER;
@@ -1989,8 +1996,34 @@ digest_auth_check_all_inner (struct MHD_Connection 
*connection,
 
   /* Check 'username' */
   username_len = strlen (username);
-  if (! is_param_equal (&params->username, username, username_len))
-    return MHD_DAUTH_WRONG_USERNAME;
+  if (NULL != params->username.value.str)
+  { /* Username in standard notation */
+    if (! is_param_equal (&params->username, username, username_len))
+      return MHD_DAUTH_WRONG_USERNAME;
+  }
+  else
+  { /* Username in extended notation */
+    char *r_uname;
+    size_t buf_size = params->username_ext.value.len;
+    ssize_t res;
+
+    mhd_assert (NULL != params->username_ext.value.str);
+    mhd_assert (MHD_DAUTH_EXT_PARAM_MIN_LEN <= buf_size); /* It was checked 
already */
+    buf_size += 1; /* For zero-termination */
+    buf_size -= MHD_DAUTH_EXT_PARAM_MIN_LEN;
+    r_uname = get_buffer_for_size (tmp1, ptmp2, &tmp2_size, buf_size);
+    if (NULL == r_uname)
+      return (_MHD_AUTH_DIGEST_MAX_PARAM_SIZE < buf_size) ?
+             MHD_DAUTH_TOO_LARGE : MHD_DAUTH_ERROR;
+    res = get_rq_extended_uname_copy_z (params->username_ext.value.str,
+                                        params->username_ext.value.len,
+                                        r_uname, buf_size);
+    if (0 > res)
+      return MHD_DAUTH_WRONG_HEADER; /* Broken extended notation */
+    if ((username_len != (size_t) res) ||
+        (0 != memcmp (username, r_uname, username_len)))
+      return MHD_DAUTH_WRONG_USERNAME;
+  }
   /* 'username' valid */
 
   /* Check 'realm' */

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[libmicrohttpd] 02/14: test_digest: improved test URI, (continued)
- [libmicrohttpd] 02/14: test_digest: improved test URI, gnunet, 2022/07/21
- [libmicrohttpd] 04/14: digestauth: simplified internal function call, gnunet, 2022/07/21
- [libmicrohttpd] 03/14: digestauth: added small helper function to simplify the code, gnunet, 2022/07/21
- [libmicrohttpd] 06/14: digest_auth_check(): removed one more large local variable, gnunet, 2022/07/21
- [libmicrohttpd] 07/14: digest calculations: further simplified code, removed some local variables, gnunet, 2022/07/21
- [libmicrohttpd] 08/14: digestauth: removed usage of variable-length arrays, gnunet, 2022/07/21
- [libmicrohttpd] 11/14: digestauth: fixed username extraction with the new API, gnunet, 2022/07/21
- [libmicrohttpd] 10/14: digest_auth_check(): updated the order of parameters check, gnunet, 2022/07/21
- [libmicrohttpd] 12/14: digestauth: do not allocate extra space for extended notation, gnunet, 2022/07/21
- [libmicrohttpd] 05/14: digestauth: added sanity check for digest macros, gnunet, 2022/07/21
- [libmicrohttpd] 09/14: digest_auth_check(): added support for username in extended notation, gnunet <=
- [libmicrohttpd] 13/14: digestauth: added support for extended notation for old API, gnunet, 2022/07/21
- [libmicrohttpd] 14/14: Added test for Digest Auth with username in extended notation, gnunet, 2022/07/21

Prev by Date: [libmicrohttpd] 05/14: digestauth: added sanity check for digest macros
Next by Date: [libmicrohttpd] 13/14: digestauth: added support for extended notation for old API
Previous by thread: [libmicrohttpd] 05/14: digestauth: added sanity check for digest macros
Next by thread: [libmicrohttpd] 13/14: digestauth: added support for extended notation for old API
Index(es):
- Date
- Thread