libmicrohttpd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libmicrohttpd] Upgrade to digest authentication

From: DJM-Avalesta
Subject: [libmicrohttpd] Upgrade to digest authentication
Date: Thu, 29 Oct 2020 16:10:37 +0000
User-agent: Roundcube Webmail/1.4-rc2

Hi,

I'm trying to update my 8 year old code to use digest authentication where previously it only supported basic.

I'm trying to use *con_cls (*ptr in my code) to determine when to authenticate but it's not working, *con_cls always seems to be null, even after I've set it, so it's authenticating every time.

I mostly get MHD_digest_auth_check() failures returning INVALID_NONCE and the Client never stops asking for credentials even when the authentication passes, which it does occasionally.

I'm missing something crucial but I can't see it.

The authentication part of my access_handler is shown below

Many thanks

David


static int aptr;
if (bDigestAuth)
{
 printf("URL:%s, con_cls:%p\r\n", url, *ptr);
 //HACK to see if digest authentication works and allows ONVIF snapshorUri test to pass
 //Only works for Admin-Admin
 if (&aptr != *ptr)
 {
  /* Only authenticate on first call of session*/
  char *username;
  const char *password = "Admin";

  g_CameraData->GetRealmName(g_szRealm, sizeof(g_szRealm));

  username = MHD_digest_auth_get_username(connection);
  if (username == NULL)
  {
    response = MHD_create_response_from_data (strlen (NOTAUTH_RESPONSE),
    (void *) NOTAUTH_RESPONSE,
    MHD_NO, MHD_NO);
    ret = MHD_queue_auth_fail_response(connection, g_szRealm,
      OPAQUE,
      response,
      MHD_NO);
    MHD_destroy_response(response);
    pthread_mutex_unlock (&m_AuthMutex); //unlock after authorization
    // printf("Failed digest auth, no username\r\n");
    return ret;
  }
  printf("Applying digest auth to user: %s, realm:%s, con_cls:%p\r\n", username, g_szRealm, *ptr);
  *ptr = &aptr; //set this for session
  ret = MHD_digest_auth_check(connection, g_szRealm,
    username,
    password,
    300);
  printf("Checking digest auth for username: %s, password: %s, realm:%s\r\n", username, password, g_szRealm);
  free(username);
  if ( (ret == MHD_INVALID_NONCE) ||
    (ret == MHD_NO) )
  {
    printf("Failed digest auth, invalid nonce, ret:%d\r\n", ret);
    response = MHD_create_response_from_data (strlen (NOTAUTH_RESPONSE),
      (void *) NOTAUTH_RESPONSE,
      MHD_NO, MHD_NO);
    if (NULL == response)
      return MHD_NO;
    ret = MHD_queue_auth_fail_response(connection, g_szRealm,
      OPAQUE,
      response,
      (ret == MHD_INVALID_NONCE) ? MHD_YES : MHD_NO);
    MHD_destroy_response(response);
    pthread_mutex_unlock (&m_AuthMutex); //unlock after authorization
    return ret;
  }
  //PASSED
  printf("PASSED digest auth\r\n");
 }
 else
 {
   printf("No digest auth required\r\n");
 }
}

reply via email to
[Prev in Thread] Current Thread [Next in Thread]