[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] 05/19: digest_auth_check(): added support for userhash
From: |
gnunet |
Subject: |
[libmicrohttpd] 05/19: digest_auth_check(): added support for userhash |
Date: |
Thu, 28 Jul 2022 06:26:09 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a commit to branch master
in repository libmicrohttpd.
commit 7e5206cc032c965f228d77696392d430ef4b5aa9
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Thu Jul 21 18:49:15 2022 +0300
digest_auth_check(): added support for userhash
---
src/microhttpd/digestauth.c | 72 +++++++++++++++++++++++++++++----------------
1 file changed, 47 insertions(+), 25 deletions(-)
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index e8983d62..a3399a65 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -1963,7 +1963,13 @@ digest_auth_check_all_inner (struct MHD_Connection
*connection,
return MHD_DAUTH_WRONG_HEADER; /* Parameters cannot be used together */
else if ((NULL != params->username_ext.value.str) &&
(MHD_DAUTH_EXT_PARAM_MIN_LEN > params->username_ext.value.len))
- return MHD_DAUTH_WRONG_HEADER; /* Broken extended notation */
+ return MHD_DAUTH_WRONG_HEADER; /* Broken extended notation */
+ else if (params->userhash && (NULL == params->username.value.str))
+ return MHD_DAUTH_WRONG_HEADER; /* Userhash cannot be used with extended
notation */
+ else if (params->userhash && (digest_size * 2 > params->username.value.len))
+ return MHD_DAUTH_WRONG_HEADER; /* Too few chars for correct userhash */
+ else if (params->userhash && (digest_size * 4 < params->username.value.len))
+ return MHD_DAUTH_WRONG_HEADER; /* Too many chars for correct userhash */
if (NULL == params->realm.value.str)
return MHD_DAUTH_WRONG_HEADER;
@@ -2039,32 +2045,48 @@ digest_auth_check_all_inner (struct MHD_Connection
*connection,
/* Check 'username' */
username_len = strlen (username);
- if (NULL != params->username.value.str)
- { /* Username in standard notation */
- if (! is_param_equal (¶ms->username, username, username_len))
- return MHD_DAUTH_WRONG_USERNAME;
+ if (! params->userhash)
+ {
+ if (NULL != params->username.value.str)
+ { /* Username in standard notation */
+ if (! is_param_equal (¶ms->username, username, username_len))
+ return MHD_DAUTH_WRONG_USERNAME;
+ }
+ else
+ { /* Username in extended notation */
+ char *r_uname;
+ size_t buf_size = params->username_ext.value.len;
+ ssize_t res;
+
+ mhd_assert (NULL != params->username_ext.value.str);
+ mhd_assert (MHD_DAUTH_EXT_PARAM_MIN_LEN <= buf_size); /* It was checked
already */
+ buf_size += 1; /* For zero-termination */
+ buf_size -= MHD_DAUTH_EXT_PARAM_MIN_LEN;
+ r_uname = get_buffer_for_size (tmp1, ptmp2, &tmp2_size, buf_size);
+ if (NULL == r_uname)
+ return (_MHD_AUTH_DIGEST_MAX_PARAM_SIZE < buf_size) ?
+ MHD_DAUTH_TOO_LARGE : MHD_DAUTH_ERROR;
+ res = get_rq_extended_uname_copy_z (params->username_ext.value.str,
+ params->username_ext.value.len,
+ r_uname, buf_size);
+ if (0 > res)
+ return MHD_DAUTH_WRONG_HEADER; /* Broken extended notation */
+ if ((username_len != (size_t) res) ||
+ (0 != memcmp (username, r_uname, username_len)))
+ return MHD_DAUTH_WRONG_USERNAME;
+ }
}
else
- { /* Username in extended notation */
- char *r_uname;
- size_t buf_size = params->username_ext.value.len;
- ssize_t res;
-
- mhd_assert (NULL != params->username_ext.value.str);
- mhd_assert (MHD_DAUTH_EXT_PARAM_MIN_LEN <= buf_size); /* It was checked
already */
- buf_size += 1; /* For zero-termination */
- buf_size -= MHD_DAUTH_EXT_PARAM_MIN_LEN;
- r_uname = get_buffer_for_size (tmp1, ptmp2, &tmp2_size, buf_size);
- if (NULL == r_uname)
- return (_MHD_AUTH_DIGEST_MAX_PARAM_SIZE < buf_size) ?
- MHD_DAUTH_TOO_LARGE : MHD_DAUTH_ERROR;
- res = get_rq_extended_uname_copy_z (params->username_ext.value.str,
- params->username_ext.value.len,
- r_uname, buf_size);
- if (0 > res)
- return MHD_DAUTH_WRONG_HEADER; /* Broken extended notation */
- if ((username_len != (size_t) res) ||
- (0 != memcmp (username, r_uname, username_len)))
+ { /* Userhash */
+ mhd_assert (NULL != params->username.value.str);
+ digest_init (da);
+ digest_update (da, username, username_len);
+ digest_update_with_colon (da);
+ digest_update (da, realm, realm_len);
+ digest_calc_hash (da, hash1_bin);
+ mhd_assert (sizeof (tmp1) >= (2 * digest_size + 1));
+ MHD_bin_to_hex (hash1_bin, digest_size, tmp1);
+ if (! is_param_equal_caseless (¶ms->username, tmp1, 2 * digest_size))
return MHD_DAUTH_WRONG_USERNAME;
}
/* 'username' valid */
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [libmicrohttpd] branch master updated (22796735 -> 2949c070), gnunet, 2022/07/28
- [libmicrohttpd] 03/19: gen_auth: cosmetics, gnunet, 2022/07/28
- [libmicrohttpd] 04/19: digest_auth_check(): reduced scope of one-time variable, gnunet, 2022/07/28
- [libmicrohttpd] 06/19: digest_auth_check(): added check for too large realm value, gnunet, 2022/07/28
- [libmicrohttpd] 02/19: gen_auth: fixed detection of userhash in Digest Auth requests, gnunet, 2022/07/28
- [libmicrohttpd] 07/19: Updated doxy for old Digest Auth API function, gnunet, 2022/07/28
- [libmicrohttpd] 10/19: test_digestauth_emu_ext: cosmetics, additional check, gnunet, 2022/07/28
- [libmicrohttpd] 11/19: tests_digestauth*: added workarounds for libcurl bug, gnunet, 2022/07/28
- [libmicrohttpd] 01/19: digestauth: fixed copy-paste error in request algo parsing, gnunet, 2022/07/28
- [libmicrohttpd] 08/19: digestauth: term correction in comment, gnunet, 2022/07/28
- [libmicrohttpd] 05/19: digest_auth_check(): added support for userhash,
gnunet <=
- [libmicrohttpd] 09/19: test_digestauth{,_sha256,_with_aguments}: moved back to Digest Auth APIv2, gnunet, 2022/07/28
- [libmicrohttpd] 14/19: MHD_add_response_entry(): refactoring + added internal function, gnunet, 2022/07/28
- [libmicrohttpd] 12/19: test_digestauth_concurrent: fixed compiler warnings, gnunet, 2022/07/28
- [libmicrohttpd] 17/19: test_digestauth2: added new group of tests for Digest Auth checking, gnunet, 2022/07/28
- [libmicrohttpd] 16/19: Added MHD_queue_auth_required_response3(); Refactored public Digest Auth API v3, gnunet, 2022/07/28
- [libmicrohttpd] 13/19: Updated Digest Auth enums in the header, gnunet, 2022/07/28
- [libmicrohttpd] 18/19: MHD_FEATURE_*: added some values related to Digest Auth, gnunet, 2022/07/28
- [libmicrohttpd] 15/19: Digest Auth public structs: removed redundant member, gnunet, 2022/07/28
- [libmicrohttpd] 19/19: Makefile: cosmetics, gnunet, 2022/07/28