[libmicrohttpd] 05/19: digest_auth_check(): added support for userhash

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libmicrohttpd] 05/19: digest_auth_check(): added support for userhash

From:	gnunet
Subject:	[libmicrohttpd] 05/19: digest_auth_check(): added support for userhash
Date:	Thu, 28 Jul 2022 06:26:09 +0200

This is an automated email from the git hooks/post-receive script.

karlson2k pushed a commit to branch master
in repository libmicrohttpd.

commit 7e5206cc032c965f228d77696392d430ef4b5aa9
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Thu Jul 21 18:49:15 2022 +0300

    digest_auth_check(): added support for userhash
---
 src/microhttpd/digestauth.c | 72 +++++++++++++++++++++++++++++----------------
 1 file changed, 47 insertions(+), 25 deletions(-)

diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index e8983d62..a3399a65 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -1963,7 +1963,13 @@ digest_auth_check_all_inner (struct MHD_Connection 
*connection,
     return MHD_DAUTH_WRONG_HEADER; /* Parameters cannot be used together */
   else if ((NULL != params->username_ext.value.str) &&
            (MHD_DAUTH_EXT_PARAM_MIN_LEN > params->username_ext.value.len))
-    return MHD_DAUTH_WRONG_HEADER; /* Broken extended notation */
+    return MHD_DAUTH_WRONG_HEADER;  /* Broken extended notation */
+  else if (params->userhash && (NULL == params->username.value.str))
+    return MHD_DAUTH_WRONG_HEADER;  /* Userhash cannot be used with extended 
notation */
+  else if (params->userhash && (digest_size * 2 > params->username.value.len))
+    return MHD_DAUTH_WRONG_HEADER;  /* Too few chars for correct userhash */
+  else if (params->userhash && (digest_size * 4 < params->username.value.len))
+    return MHD_DAUTH_WRONG_HEADER;  /* Too many chars for correct userhash */
 
   if (NULL == params->realm.value.str)
     return MHD_DAUTH_WRONG_HEADER;
@@ -2039,32 +2045,48 @@ digest_auth_check_all_inner (struct MHD_Connection 
*connection,
 
   /* Check 'username' */
   username_len = strlen (username);
-  if (NULL != params->username.value.str)
-  { /* Username in standard notation */
-    if (! is_param_equal (&params->username, username, username_len))
-      return MHD_DAUTH_WRONG_USERNAME;
+  if (! params->userhash)
+  {
+    if (NULL != params->username.value.str)
+    { /* Username in standard notation */
+      if (! is_param_equal (&params->username, username, username_len))
+        return MHD_DAUTH_WRONG_USERNAME;
+    }
+    else
+    { /* Username in extended notation */
+      char *r_uname;
+      size_t buf_size = params->username_ext.value.len;
+      ssize_t res;
+
+      mhd_assert (NULL != params->username_ext.value.str);
+      mhd_assert (MHD_DAUTH_EXT_PARAM_MIN_LEN <= buf_size); /* It was checked 
already */
+      buf_size += 1; /* For zero-termination */
+      buf_size -= MHD_DAUTH_EXT_PARAM_MIN_LEN;
+      r_uname = get_buffer_for_size (tmp1, ptmp2, &tmp2_size, buf_size);
+      if (NULL == r_uname)
+        return (_MHD_AUTH_DIGEST_MAX_PARAM_SIZE < buf_size) ?
+               MHD_DAUTH_TOO_LARGE : MHD_DAUTH_ERROR;
+      res = get_rq_extended_uname_copy_z (params->username_ext.value.str,
+                                          params->username_ext.value.len,
+                                          r_uname, buf_size);
+      if (0 > res)
+        return MHD_DAUTH_WRONG_HEADER; /* Broken extended notation */
+      if ((username_len != (size_t) res) ||
+          (0 != memcmp (username, r_uname, username_len)))
+        return MHD_DAUTH_WRONG_USERNAME;
+    }
   }
   else
-  { /* Username in extended notation */
-    char *r_uname;
-    size_t buf_size = params->username_ext.value.len;
-    ssize_t res;
-
-    mhd_assert (NULL != params->username_ext.value.str);
-    mhd_assert (MHD_DAUTH_EXT_PARAM_MIN_LEN <= buf_size); /* It was checked 
already */
-    buf_size += 1; /* For zero-termination */
-    buf_size -= MHD_DAUTH_EXT_PARAM_MIN_LEN;
-    r_uname = get_buffer_for_size (tmp1, ptmp2, &tmp2_size, buf_size);
-    if (NULL == r_uname)
-      return (_MHD_AUTH_DIGEST_MAX_PARAM_SIZE < buf_size) ?
-             MHD_DAUTH_TOO_LARGE : MHD_DAUTH_ERROR;
-    res = get_rq_extended_uname_copy_z (params->username_ext.value.str,
-                                        params->username_ext.value.len,
-                                        r_uname, buf_size);
-    if (0 > res)
-      return MHD_DAUTH_WRONG_HEADER; /* Broken extended notation */
-    if ((username_len != (size_t) res) ||
-        (0 != memcmp (username, r_uname, username_len)))
+  { /* Userhash */
+    mhd_assert (NULL != params->username.value.str);
+    digest_init (da);
+    digest_update (da, username, username_len);
+    digest_update_with_colon (da);
+    digest_update (da, realm, realm_len);
+    digest_calc_hash (da, hash1_bin);
+    mhd_assert (sizeof (tmp1) >= (2 * digest_size + 1));
+    MHD_bin_to_hex (hash1_bin, digest_size, tmp1);
+    if (! is_param_equal_caseless (&params->username, tmp1, 2 * digest_size))
       return MHD_DAUTH_WRONG_USERNAME;
   }
   /* 'username' valid */

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[libmicrohttpd] branch master updated (22796735 -> 2949c070), gnunet, 2022/07/28
- [libmicrohttpd] 03/19: gen_auth: cosmetics, gnunet, 2022/07/28
- [libmicrohttpd] 04/19: digest_auth_check(): reduced scope of one-time variable, gnunet, 2022/07/28
- [libmicrohttpd] 06/19: digest_auth_check(): added check for too large realm value, gnunet, 2022/07/28
- [libmicrohttpd] 02/19: gen_auth: fixed detection of userhash in Digest Auth requests, gnunet, 2022/07/28
- [libmicrohttpd] 07/19: Updated doxy for old Digest Auth API function, gnunet, 2022/07/28
- [libmicrohttpd] 10/19: test_digestauth_emu_ext: cosmetics, additional check, gnunet, 2022/07/28
- [libmicrohttpd] 11/19: tests_digestauth*: added workarounds for libcurl bug, gnunet, 2022/07/28
- [libmicrohttpd] 01/19: digestauth: fixed copy-paste error in request algo parsing, gnunet, 2022/07/28
- [libmicrohttpd] 08/19: digestauth: term correction in comment, gnunet, 2022/07/28
- [libmicrohttpd] 05/19: digest_auth_check(): added support for userhash, gnunet <=
- [libmicrohttpd] 09/19: test_digestauth{,_sha256,_with_aguments}: moved back to Digest Auth APIv2, gnunet, 2022/07/28
- [libmicrohttpd] 14/19: MHD_add_response_entry(): refactoring + added internal function, gnunet, 2022/07/28
- [libmicrohttpd] 12/19: test_digestauth_concurrent: fixed compiler warnings, gnunet, 2022/07/28
- [libmicrohttpd] 17/19: test_digestauth2: added new group of tests for Digest Auth checking, gnunet, 2022/07/28
- [libmicrohttpd] 16/19: Added MHD_queue_auth_required_response3(); Refactored public Digest Auth API v3, gnunet, 2022/07/28
- [libmicrohttpd] 13/19: Updated Digest Auth enums in the header, gnunet, 2022/07/28
- [libmicrohttpd] 18/19: MHD_FEATURE_*: added some values related to Digest Auth, gnunet, 2022/07/28
- [libmicrohttpd] 15/19: Digest Auth public structs: removed redundant member, gnunet, 2022/07/28
- [libmicrohttpd] 19/19: Makefile: cosmetics, gnunet, 2022/07/28

Prev by Date: [libmicrohttpd] 08/19: digestauth: term correction in comment
Next by Date: [libmicrohttpd] 09/19: test_digestauth{,_sha256,_with_aguments}: moved back to Digest Auth APIv2
Previous by thread: [libmicrohttpd] 08/19: digestauth: term correction in comment
Next by thread: [libmicrohttpd] 09/19: test_digestauth{,_sha256,_with_aguments}: moved back to Digest Auth APIv2
Index(es):
- Date
- Thread