35 #if defined(MHD_W32_MUTEX_) 36 #ifndef WIN32_LEAN_AND_MEAN 37 #define WIN32_LEAN_AND_MEAN 1 45 #define TIMESTAMP_BIN_SIZE 4 52 #define NONCE_STD_LEN(digest_size) \ 53 ((digest_size) * 2 + TIMESTAMP_BIN_SIZE * 2) 60 #define MAX_DIGEST SHA256_DIGEST_SIZE 71 #define VLA_ARRAY_LEN_DIGEST(n) (MAX_DIGEST) 79 #define VLA_ARRAY_LEN_DIGEST(n) (n) 85 #define VLA_CHECK_LEN_DIGEST(n) do { if ((n) > MAX_DIGEST) mhd_panic(mhd_panic_cls, __FILE__, __LINE__, "VLA too big"); } while (0) 91 #define _BASE "Digest " 96 #define MAX_USERNAME_LENGTH 128 101 #define MAX_REALM_LENGTH 256 106 #define MAX_AUTH_RESPONSE_LENGTH 256 114 struct DigestAlgorithm
119 unsigned int digest_size;
183 for (i = 0; i < len; ++i)
185 j = (bin[i] >> 4) & 0x0f;
186 hex[i * 2] = (char)((j <= 9) ? (j +
'0') : (j - 10 +
'a'));
188 hex[i * 2 + 1] = (char)((j <= 9) ? (j +
'0') : (j - 10 +
'a'));
211 struct DigestAlgorithm *da,
212 const uint8_t *digest,
229 (
const unsigned char *)
":",
232 (
const unsigned char *) nonce,
235 (
const unsigned char *)
":",
238 (
const unsigned char *) cnonce,
271 const char *username,
273 const char *password,
276 struct DigestAlgorithm *da)
283 (
const unsigned char *) username,
286 (
const unsigned char *)
":",
289 (
const unsigned char *) realm,
292 (
const unsigned char *)
":",
295 (
const unsigned char *) password,
326 const char *noncecount,
332 struct DigestAlgorithm *da)
341 (
const unsigned char *) method,
344 (
const unsigned char *)
":",
347 (
const unsigned char *) uri,
350 if (0 == strcasecmp (qop,
372 (
const unsigned char *) ha1,
373 da->digest_size * 2);
375 (
const unsigned char *)
":",
378 (
const unsigned char *) nonce,
381 (
const unsigned char*)
":",
386 (
const unsigned char *) noncecount,
387 strlen (noncecount));
389 (
const unsigned char *)
":",
392 (
const unsigned char *) cnonce,
395 (
const unsigned char *)
":",
398 (
const unsigned char *) qop,
401 (
const unsigned char *)
":",
405 (
const unsigned char *) da->sessionkey,
406 da->digest_size * 2);
445 keylen = strlen (key);
449 if (
NULL == (eq = strchr (ptr,
473 (eq == &ptr[keylen]) )
477 len = strlen (q1) + 1;
489 if (size > (
size_t) ((q2 - q1) + 1))
490 size = (q2 - q1) + 1;
534 noncelen = strlen (
nonce) + 1;
540 mod = daemon->nonce_nc_size;
548 off = (off << 8) | (*np ^ (off >> 24));
557 nn = &daemon->nnc[off];
558 #if defined(MHD_USE_POSIX_THREADS) || defined(MHD_USE_W32_THREADS) 569 #if defined(MHD_USE_POSIX_THREADS) || defined(MHD_USE_W32_THREADS) 576 if ( (nc < nn->
nc) &&
578 (
nc + 64 >= nn->
nc) &&
579 (0 == ((1LLU << (nn->
nc -
nc - 1)) & nn->
nmask)) )
582 nn->
nmask |= (1LLU << (nn->
nc -
nc - 1));
583 #if defined(MHD_USE_POSIX_THREADS) || defined(MHD_USE_W32_THREADS) 589 if ( (nc <= nn->
nc) ||
590 (0 != strcmp (nn->
nonce,
594 #if defined(MHD_USE_POSIX_THREADS) || defined(MHD_USE_W32_THREADS) 599 _(
"Stale nonce received. If this happens a lot, you should probably increase the size of the nonce array.\n"));
604 if (64 >
nc - nn->
nc)
609 #if defined(MHD_USE_POSIX_THREADS) || defined(MHD_USE_W32_THREADS) 632 if (
NULL == (header =
637 if (0 != strncmp (header,
647 return strdup (user);
673 struct DigestAlgorithm *da,
682 timestamp[0] = (
unsigned char)((nonce_time & 0xff000000) >> 0x18);
683 timestamp[1] = (
unsigned char)((nonce_time & 0x00ff0000) >> 0x10);
684 timestamp[2] = (
unsigned char)((nonce_time & 0x0000ff00) >> 0x08);
685 timestamp[3] = (
unsigned char)((nonce_time & 0x000000ff));
690 (
const unsigned char *)
":",
693 (
const unsigned char *) method,
696 (
const unsigned char *)
":",
700 (
const unsigned char *) rnd,
703 (
const unsigned char *)
":",
706 (
const unsigned char *) uri,
709 (
const unsigned char *)
":",
712 (
const unsigned char *) realm,
751 if (0 != strcmp (key,
784 unsigned int num_headers;
787 argb = strdup (args);
791 MHD_DLOG (connection->
daemon,
792 _(
"Failed to allocate memory for copy of URI arguments\n"));
813 if (0 != num_headers)
843 struct DigestAlgorithm *da,
845 const char *username,
846 const char *password,
847 const uint8_t *digest,
848 unsigned int nonce_timeout)
859 const char *hentity =
NULL;
873 if (0 != strncmp (header,
878 left = strlen (header);
888 (0 != strcmp (username,
891 left -= strlen (
"username") + len;
905 left -= strlen (
"realm") + len;
913 left -= strlen (
"nonce") + len;
914 if (left > 32 * 1024)
932 _(
"Authentication failed, invalid timestamp format.\n"));
942 if ( (t > nonce_time + nonce_timeout) ||
943 (nonce_time + nonce_timeout < nonce_time) )
951 daemon->digest_auth_random,
952 daemon->digest_auth_rand_size,
967 if (0 != strcmp (nonce,
995 _(
"Authentication failed, invalid format.\n"));
1003 #ifdef HAVE_MESSAGES 1005 _(
"Authentication failed, invalid nc format.\n"));
1026 uri = malloc (left + 1);
1029 #ifdef HAVE_MESSAGES 1031 _(
"Failed to allocate memory for auth header processing\n"));
1076 qmark = strchr (uri,
1085 if (0 != strcmp (uri,
1088 #ifdef HAVE_MESSAGES 1090 _(
"Authentication failed, URI does not match.\n"));
1097 const char *args = qmark;
1107 #ifdef HAVE_MESSAGES 1109 _(
"Authentication failed, arguments do not match.\n"));
1116 return (0 == strcmp (response,
1144 const char *username,
1145 const char *password,
1146 unsigned int nonce_timeout)
1165 #define SETUP_DA(algo,da) \ 1167 struct MD5Context md5; \ 1168 struct sha256_ctx sha256; \ 1171 char md5[MD5_DIGEST_SIZE * 2 + 1]; \ 1172 char sha256[SHA256_DIGEST_SIZE * 2 + 1]; \ 1174 struct DigestAlgorithm da; \ 1177 case MHD_DIGEST_ALG_MD5: \ 1178 da.digest_size = MD5_DIGEST_SIZE; \ 1179 da.ctx = &ctx.md5; \ 1181 da.sessionkey = skey.md5; \ 1182 da.init = &MD5Init; \ 1183 da.update = &MD5Update; \ 1184 da.digest = &MD5Final; \ 1186 case MHD_DIGEST_ALG_AUTO: \ 1188 case MHD_DIGEST_ALG_SHA256: \ 1189 da.digest_size = SHA256_DIGEST_SIZE; \ 1190 da.ctx = &ctx.sha256; \ 1191 da.alg = "sha-256"; \ 1192 da.sessionkey = skey.sha256; \ 1193 da.init = &sha256_init; \ 1194 da.update = &sha256_update; \ 1195 da.digest = &sha256_digest; \ 1218 const char *username,
1219 const char *password,
1220 unsigned int nonce_timeout,
1255 const char *username,
1256 const uint8_t *digest,
1258 unsigned int nonce_timeout,
1263 if (da.digest_size != digest_size)
1295 const char *username,
1297 unsigned int nonce_timeout)
1343 connection->
daemon->digest_auth_random,
1344 connection->
daemon->digest_auth_rand_size,
1354 #ifdef HAVE_MESSAGES 1355 MHD_DLOG (connection->
daemon,
1356 _(
"Could not register nonce (is the nonce array size zero?).\n"));
1361 hlen = MHD_snprintf_ (
NULL,
1363 "Digest realm=\"%s\",qop=\"auth\",nonce=\"%s\",opaque=\"%s\",algorithm=%s%s",
1379 #ifdef HAVE_MESSAGES 1380 MHD_DLOG(connection->
daemon,
1381 _(
"Failed to allocate memory for auth response header\n"));
1386 if (MHD_snprintf_ (header,
1388 "Digest realm=\"%s\",qop=\"auth\",nonce=\"%s\",opaque=\"%s\",algorithm=%s%s",
1415 #ifdef HAVE_MESSAGES 1416 MHD_DLOG (connection->
daemon,
1417 _(
"Failed to add Digest auth header\n"));
void * unescape_callback_cls
static int digest_auth_check_all(struct MHD_Connection *connection, struct DigestAlgorithm *da, const char *realm, const char *username, const char *password, const uint8_t *digest, unsigned int nonce_timeout)
int MHD_str_equal_caseless_n_(const char *const str1, const char *const str2, size_t maxlen)
Header for platform missing functions.
#define MAX_AUTH_RESPONSE_LENGTH
_MHD_EXTERN const char * MHD_lookup_connection_value(struct MHD_Connection *connection, enum MHD_ValueKind kind, const char *key)
_MHD_EXTERN int MHD_add_response_header(struct MHD_Response *response, const char *header, const char *content)
static void cvthex(const unsigned char *bin, size_t len, char *hex)
static void calculate_nonce(uint32_t nonce_time, const char *method, const char *rnd, size_t rnd_size, const char *uri, const char *realm, struct DigestAlgorithm *da, char *nonce)
#define MHD_mutex_unlock_chk_(pmutex)
static size_t lookup_sub_value(char *dest, size_t size, const char *data, const char *key)
internal monotonic clock functions implementations
#define TIMESTAMP_BIN_SIZE
void * MHD_calloc_(size_t nelem, size_t elsize)
bool MHD_parse_arguments_(struct MHD_Request *request, enum MHD_ValueKind kind, char *args, MHD_ArgumentIterator_ cb, unsigned int *num_headers)
int MHD_str_equal_caseless_(const char *str1, const char *str2)
time_t MHD_monotonic_sec_counter(void)
#define MHD_INVALID_NONCE
_MHD_EXTERN int MHD_digest_auth_check(struct MHD_Connection *connection, const char *realm, const char *username, const char *password, unsigned int nonce_timeout)
_MHD_EXTERN int MHD_queue_auth_fail_response2(struct MHD_Connection *connection, const char *realm, const char *opaque, struct MHD_Response *response, int signal_stale, enum MHD_DigestAuthAlgorithm algo)
struct MHD_Daemon * daemon
static void digest_calc_ha1_from_digest(const char *alg, struct DigestAlgorithm *da, const uint8_t *digest, const char *nonce, const char *cnonce)
#define MHD_MD5_DIGEST_SIZE
_MHD_EXTERN int MHD_digest_auth_check_digest(struct MHD_Connection *connection, const char *realm, const char *username, const uint8_t digest[MHD_MD5_DIGEST_SIZE], unsigned int nonce_timeout)
static void digest_calc_ha1_from_user(const char *alg, const char *username, const char *realm, const char *password, const char *nonce, const char *cnonce, struct DigestAlgorithm *da)
_MHD_EXTERN int MHD_queue_auth_fail_response(struct MHD_Connection *connection, const char *realm, const char *opaque, struct MHD_Response *response, int signal_stale)
#define VLA_CHECK_LEN_DIGEST(n)
size_t MHD_strx_to_uint64_n_(const char *str, size_t maxlen, uint64_t *out_val)
_MHD_EXTERN int MHD_digest_auth_check2(struct MHD_Connection *connection, const char *realm, const char *username, const char *password, unsigned int nonce_timeout, enum MHD_DigestAuthAlgorithm algo)
internal shared structures
static int test_header(struct MHD_Connection *connection, const char *key, const char *value, enum MHD_ValueKind kind)
char nonce[MAX_NONCE_LENGTH]
_MHD_EXTERN char * MHD_digest_auth_get_username(struct MHD_Connection *connection)
_MHD_EXTERN int MHD_digest_auth_check_digest2(struct MHD_Connection *connection, const char *realm, const char *username, const uint8_t *digest, size_t digest_size, unsigned int nonce_timeout, enum MHD_DigestAuthAlgorithm algo)
static int check_argument_match(struct MHD_Connection *connection, const char *args)
Header for string manipulating helpers.
#define MHD_STATICSTR_LEN_(macro)
UnescapeCallback unescape_callback
_MHD_EXTERN int MHD_queue_response(struct MHD_Connection *connection, unsigned int status_code, struct MHD_Response *response)
#define MHD_HTTP_UNAUTHORIZED
#define SETUP_DA(algo, da)
#define VLA_ARRAY_LEN_DIGEST(n)
#define MHD_mutex_lock_chk_(pmutex)
static void digest_calc_response(const char *ha1, const char *nonce, const char *noncecount, const char *cnonce, const char *qop, const char *method, const char *uri, const char *hentity, struct DigestAlgorithm *da)
static int check_nonce_nc(struct MHD_Connection *connection, const char *nonce, uint64_t nc)
#define NONCE_STD_LEN(digest_size)
#define MAX_USERNAME_LENGTH
struct MHD_HTTP_Header * headers_received
limits values definitions
size_t MHD_strx_to_uint32_n_(const char *str, size_t maxlen, uint32_t *out_val)