[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] 01/15: digestauth: added dynamic detection and use of th
From: |
gnunet |
Subject: |
[libmicrohttpd] 01/15: digestauth: added dynamic detection and use of the algo specified by client |
Date: |
Sat, 30 Jul 2022 21:29:23 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a commit to branch master
in repository libmicrohttpd.
commit 5aa16f7e31e888ff197f7517b78598af4b2dcaa8
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Tue Jul 26 14:17:53 2022 +0300
digestauth: added dynamic detection and use of the algo specified by client
---
src/include/microhttpd.h | 18 +++++++-------
src/microhttpd/digestauth.c | 58 +++++++++++++++++++++++++++------------------
2 files changed, 45 insertions(+), 31 deletions(-)
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index c0e911c5..b109a3c1 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -96,7 +96,7 @@ extern "C"
* they are parsed as decimal numbers.
* Example: 0x01093001 = 1.9.30-1.
*/
-#define MHD_VERSION 0x00097527
+#define MHD_VERSION 0x00097528
/* If generic headers don't work on your platform, include headers
which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t',
@@ -5002,11 +5002,11 @@ enum MHD_DigestAuthResult
* zero for no limit
* @param mqop the QOP to use, currently the only allowed value is
* #MHD_DIGEST_AUTH_MULT_QOP_AUTH
- * @param malgo3 digest algorithm to use, if several algorithms are specified
- * then MD5 is used (if allowed)
+ * @param malgo3 digest algorithms allowed to use, fail if algorithm specified
+ * by the client is not allowed by this parameter
* @return #MHD_DAUTH_OK if authenticated,
* the error code otherwise
- * @note Available since #MHD_VERSION 0x00097526
+ * @note Available since #MHD_VERSION 0x00097528
* @ingroup authentication
*/
_MHD_EXTERN enum MHD_DigestAuthResult
@@ -5040,12 +5040,14 @@ MHD_digest_auth_check3 (struct MHD_Connection
*connection,
* zero for no limit
* @param mqop the QOP to use, currently the only allowed value is
* #MHD_DIGEST_AUTH_MULT_QOP_AUTH
- * @param malgo3 the digest algorithms to use; both MD5-based and SHA-256-based
- * algorithms cannot be used at the same time for this function
- * as @a userdigest_size must match specified algorithm
+ * @param malgo3 digest algorithms allowed to use, fail if algorithm specified
+ * by the client is not allowed by this parameter;
+ * both MD5-based and SHA-256-based algorithms cannot be used at
+ * the same time for this function as @a userdigest_size must
+ * match specified algorithm
* @return #MHD_DAUTH_OK if authenticated,
* the error code otherwise
- * @note Available since #MHD_VERSION 0x00097526
+ * @note Available since #MHD_VERSION 0x00097528
* @ingroup authentication
*/
_MHD_EXTERN enum MHD_DigestAuthResult
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index f8f06d6d..00901943 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -1996,8 +1996,8 @@ is_param_equal_caseless (const struct MHD_RqDAuthParam
*param,
* zero for no limit
* @param mqop the QOP to use, currently the only allowed value is
* #MHD_DIGEST_AUTH_MULT_QOP_AUTH
- * @param malgo3 digest algorithms to use, if several algorithms are specified
- * then MD5 is used (if allowed)
+ * @param malgo3 digest algorithms allowed to use, fail if algorithm specified
+ * by the client is not allowed by this parameter
* @param[out] pbuf the pointer to pointer to internally malloc'ed buffer,
* to be free if not NULL upon return
* @return #MHD_DAUTH_OK if authenticated,
@@ -2017,7 +2017,7 @@ digest_auth_check_all_inner (struct MHD_Connection
*connection,
char **pbuf)
{
struct MHD_Daemon *daemon = MHD_get_master (connection->daemon);
- enum MHD_DigestAuthAlgo3 s_algo; /**< Selected algorithm */
+ enum MHD_DigestAuthAlgo3 c_algo; /**< Client's algorithm */
struct DigestAlgorithm da;
unsigned int digest_size;
uint8_t hash1_bin[MAX_DIGEST];
@@ -2047,10 +2047,14 @@ digest_auth_check_all_inner (struct MHD_Connection
*connection,
return MHD_DAUTH_WRONG_HEADER;
/* ** Initial parameters checks and setup ** */
- if (MHD_DIGEST_AUTH_MULT_QOP_AUTH != mqop)
- MHD_PANIC (_ ("Wrong 'mqop' value, API violation"));
-
- if (0 != (((unsigned int) malgo3) & MHD_DIGEST_AUTH_ALGO3_SESSION))
+ /* Get client's algorithm */
+ c_algo = get_rq_algo (params);
+ /* Check whether client's algorithm is allowed by function parameter */
+ if (((unsigned int) c_algo) !=
+ (((unsigned int) c_algo) & ((unsigned int) malgo3)))
+ return MHD_DAUTH_WRONG_ALGO;
+ /* Check whether client's algorithm is supported */
+ if (0 != (((unsigned int) c_algo) & MHD_DIGEST_AUTH_ALGO3_SESSION))
{
#ifdef HAVE_MESSAGES
MHD_DLOG (connection->daemon,
@@ -2058,14 +2062,20 @@ digest_auth_check_all_inner (struct MHD_Connection
*connection,
#endif /* HAVE_MESSAGES */
return MHD_DAUTH_WRONG_ALGO;
}
- if (0 != (((unsigned int) malgo3) & MHD_DIGEST_BASE_ALGO_MD5))
- s_algo = MHD_DIGEST_AUTH_ALGO3_MD5;
- else if (0 != (((unsigned int) malgo3) & MHD_DIGEST_BASE_ALGO_SHA256))
- s_algo = MHD_DIGEST_AUTH_ALGO3_SHA256;
- else
- MHD_PANIC (_ ("Wrong 'malgo3' value, API violation"));
- if (! digest_setup (&da, get_base_digest_algo (s_algo)))
+ if (0 != (((unsigned int) c_algo) & MHD_DIGEST_BASE_ALGO_SHA512_256))
+ {
+#ifdef HAVE_MESSAGES
+ MHD_DLOG (connection->daemon,
+ _ ("The SHA-512/256 algorithm is not supported.\n"));
+#endif /* HAVE_MESSAGES */
+ return MHD_DAUTH_WRONG_ALGO;
+ }
+ if (! digest_setup (&da, get_base_digest_algo (c_algo)))
MHD_PANIC (_ ("Wrong 'malgo3' value, API violation"));
+ /* Check 'mqop' value */
+ if (MHD_DIGEST_AUTH_MULT_QOP_AUTH != mqop)
+ MHD_PANIC (_ ("Wrong 'mqop' value, API violation"));
+
digest_size = digest_get_size (&da);
/* ** A quick check for presence of all required parameters ** */
@@ -2438,8 +2448,8 @@ digest_auth_check_all_inner (struct MHD_Connection
*connection,
* zero for no limit
* @param mqop the QOP to use, currently the only allowed value is
* #MHD_DIGEST_AUTH_MULT_QOP_AUTH
- * @param malgo3 digest algorithms to use, if several algorithms are specified
- * then MD5 is used (if allowed)
+ * @param malgo3 digest algorithms allowed to use, fail if algorithm specified
+ * by the client is not allowed by this parameter
* @return #MHD_DAUTH_OK if authenticated,
* error code otherwise.
* @ingroup authentication
@@ -2519,11 +2529,11 @@ MHD_digest_auth_check (struct MHD_Connection
*connection,
* zero for no limit
* @param mqop the QOP to use, currently the only allowed value is
* #MHD_DIGEST_AUTH_MULT_QOP_AUTH
- * @param malgo3 digest algorithm to use, if several algorithms are specified
- * then MD5 is used (if allowed)
+ * @param malgo3 digest algorithms allowed to use, fail if algorithm specified
+ * by the client is not allowed by this parameter
* @return #MHD_DAUTH_OK if authenticated,
* the error code otherwise
- * @note Available since #MHD_VERSION 0x00097526
+ * @note Available since #MHD_VERSION 0x00097528
* @ingroup authentication
*/
_MHD_EXTERN enum MHD_DigestAuthResult
@@ -2570,12 +2580,14 @@ MHD_digest_auth_check3 (struct MHD_Connection
*connection,
* zero for no limit
* @param mqop the QOP to use, currently the only allowed value is
* #MHD_DIGEST_AUTH_MULT_QOP_AUTH
- * @param malgo3 the digest algorithms to use; both MD5-based and SHA-256-based
- * algorithms cannot be used at the same time for this function
- * as @a userdigest_size must match specified algorithm
+ * @param malgo3 digest algorithms allowed to use, fail if algorithm specified
+ * by the client is not allowed by this parameter;
+ * both MD5-based and SHA-256-based algorithms cannot be used at
+ * the same time for this function as @a userdigest_size must
+ * match specified algorithm
* @return #MHD_DAUTH_OK if authenticated,
* the error code otherwise
- * @note Available since #MHD_VERSION 0x00097526
+ * @note Available since #MHD_VERSION 0x00097528
* @ingroup authentication
*/
_MHD_EXTERN enum MHD_DigestAuthResult
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [libmicrohttpd] branch master updated (9eb7b4de -> 34059c30), gnunet, 2022/07/30
- [libmicrohttpd] 03/15: configure: report in summary whether static and shared version will be built, gnunet, 2022/07/30
- [libmicrohttpd] 02/15: configure: cosmetics, gnunet, 2022/07/30
- [libmicrohttpd] 05/15: microhttpd: improved description for MHD_OPTION_NONCE_NC_SIZE, gnunet, 2022/07/30
- [libmicrohttpd] 07/15: Added new MHD_OPTION_DIGEST_AUTH_RANDOM_COPY option, gnunet, 2022/07/30
- [libmicrohttpd] 10/15: test_digestauth2: added testing of 'userdigest', gnunet, 2022/07/30
- [libmicrohttpd] 01/15: digestauth: added dynamic detection and use of the algo specified by client,
gnunet <=
- [libmicrohttpd] 15/15: MHD_digest_auth_check3(): return failed parameter if it is known, gnunet, 2022/07/30
- [libmicrohttpd] 14/15: microhttpd.h: sorted Digest Auth functions and enums, gnunet, 2022/07/30
- [libmicrohttpd] 04/15: configure: control more parameters with 'build-type', gnunet, 2022/07/30
- [libmicrohttpd] 06/15: microhttpd: improved description for MHD_OPTION_DIGEST_AUTH_RANDOM, gnunet, 2022/07/30
- [libmicrohttpd] 08/15: daemon.c: changed fill value for unused members, gnunet, 2022/07/30
- [libmicrohttpd] 11/15: test_digestauth2: added testing of Auth v2 API, gnunet, 2022/07/30
- [libmicrohttpd] 13/15: test_digestauth2: added testing of RFC2069 mode, gnunet, 2022/07/30
- [libmicrohttpd] 12/15: digestauth: implemented support for RFC 2069, gnunet, 2022/07/30
- [libmicrohttpd] 09/15: test_digestauth2: test the new option, gnunet, 2022/07/30