[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] 09/14: digest_auth_check(): added support for username i
From: |
gnunet |
Subject: |
[libmicrohttpd] 09/14: digest_auth_check(): added support for username in extended notation |
Date: |
Thu, 21 Jul 2022 14:08:07 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a commit to branch master
in repository libmicrohttpd.
commit b528bec9c1a9332c49813d8e3df7dcc0eb7b63db
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Wed Jul 20 17:06:40 2022 +0300
digest_auth_check(): added support for username in extended notation
---
src/microhttpd/digestauth.c | 39 ++++++++++++++++++++++++++++++++++++---
1 file changed, 36 insertions(+), 3 deletions(-)
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index fac12ec0..6bb2aa22 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -1937,8 +1937,15 @@ digest_auth_check_all_inner (struct MHD_Connection
*connection,
return MHD_DAUTH_WRONG_HEADER;
/* ** A quick check for presence of all required parameters ** */
- if (NULL == params->username.value.str)
+ if ((NULL == params->username.value.str) &&
+ (NULL == params->username_ext.value.str))
return MHD_DAUTH_WRONG_HEADER;
+ else if ((NULL != params->username.value.str) &&
+ (NULL != params->username_ext.value.str))
+ return MHD_DAUTH_WRONG_HEADER; /* Parameters cannot be used together */
+ else if ((NULL != params->username_ext.value.str) &&
+ (MHD_DAUTH_EXT_PARAM_MIN_LEN > params->username_ext.value.len))
+ return MHD_DAUTH_WRONG_HEADER; /* Broken extended notation */
if (NULL == params->realm.value.str)
return MHD_DAUTH_WRONG_HEADER;
@@ -1989,8 +1996,34 @@ digest_auth_check_all_inner (struct MHD_Connection
*connection,
/* Check 'username' */
username_len = strlen (username);
- if (! is_param_equal (¶ms->username, username, username_len))
- return MHD_DAUTH_WRONG_USERNAME;
+ if (NULL != params->username.value.str)
+ { /* Username in standard notation */
+ if (! is_param_equal (¶ms->username, username, username_len))
+ return MHD_DAUTH_WRONG_USERNAME;
+ }
+ else
+ { /* Username in extended notation */
+ char *r_uname;
+ size_t buf_size = params->username_ext.value.len;
+ ssize_t res;
+
+ mhd_assert (NULL != params->username_ext.value.str);
+ mhd_assert (MHD_DAUTH_EXT_PARAM_MIN_LEN <= buf_size); /* It was checked
already */
+ buf_size += 1; /* For zero-termination */
+ buf_size -= MHD_DAUTH_EXT_PARAM_MIN_LEN;
+ r_uname = get_buffer_for_size (tmp1, ptmp2, &tmp2_size, buf_size);
+ if (NULL == r_uname)
+ return (_MHD_AUTH_DIGEST_MAX_PARAM_SIZE < buf_size) ?
+ MHD_DAUTH_TOO_LARGE : MHD_DAUTH_ERROR;
+ res = get_rq_extended_uname_copy_z (params->username_ext.value.str,
+ params->username_ext.value.len,
+ r_uname, buf_size);
+ if (0 > res)
+ return MHD_DAUTH_WRONG_HEADER; /* Broken extended notation */
+ if ((username_len != (size_t) res) ||
+ (0 != memcmp (username, r_uname, username_len)))
+ return MHD_DAUTH_WRONG_USERNAME;
+ }
/* 'username' valid */
/* Check 'realm' */
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [libmicrohttpd] 02/14: test_digest: improved test URI, (continued)
- [libmicrohttpd] 02/14: test_digest: improved test URI, gnunet, 2022/07/21
- [libmicrohttpd] 04/14: digestauth: simplified internal function call, gnunet, 2022/07/21
- [libmicrohttpd] 03/14: digestauth: added small helper function to simplify the code, gnunet, 2022/07/21
- [libmicrohttpd] 06/14: digest_auth_check(): removed one more large local variable, gnunet, 2022/07/21
- [libmicrohttpd] 07/14: digest calculations: further simplified code, removed some local variables, gnunet, 2022/07/21
- [libmicrohttpd] 08/14: digestauth: removed usage of variable-length arrays, gnunet, 2022/07/21
- [libmicrohttpd] 11/14: digestauth: fixed username extraction with the new API, gnunet, 2022/07/21
- [libmicrohttpd] 10/14: digest_auth_check(): updated the order of parameters check, gnunet, 2022/07/21
- [libmicrohttpd] 12/14: digestauth: do not allocate extra space for extended notation, gnunet, 2022/07/21
- [libmicrohttpd] 05/14: digestauth: added sanity check for digest macros, gnunet, 2022/07/21
- [libmicrohttpd] 09/14: digest_auth_check(): added support for username in extended notation,
gnunet <=
- [libmicrohttpd] 13/14: digestauth: added support for extended notation for old API, gnunet, 2022/07/21
- [libmicrohttpd] 14/14: Added test for Digest Auth with username in extended notation, gnunet, 2022/07/21