[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] 15/15: MHD_digest_auth_check3(): return failed parameter
From: |
gnunet |
Subject: |
[libmicrohttpd] 15/15: MHD_digest_auth_check3(): return failed parameter if it is known |
Date: |
Sat, 30 Jul 2022 21:29:37 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a commit to branch master
in repository libmicrohttpd.
commit 34059c30943f89bbab061bd299fbff5784a06b30
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Thu Jul 28 08:16:13 2022 +0300
MHD_digest_auth_check3(): return failed parameter if it is known
---
src/include/microhttpd.h | 2 ++
src/microhttpd/digestauth.c | 20 ++++++++++----------
2 files changed, 12 insertions(+), 10 deletions(-)
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index 5c28dd1f..383bb67b 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -4922,6 +4922,8 @@ enum MHD_DigestAuthResult
/**
* No "Authorization" header or wrong format of the header.
+ * Also may be returned if required parameters in client Authorisation header
+ * are missing or broken (in invalid format).
*/
MHD_DAUTH_WRONG_HEADER = -1,
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index d12dda25..3e5468af 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -2101,22 +2101,22 @@ digest_auth_check_all_inner (struct MHD_Connection
*connection,
if ((NULL == params->username.value.str) &&
(NULL == params->username_ext.value.str))
- return MHD_DAUTH_WRONG_HEADER;
+ return MHD_DAUTH_WRONG_USERNAME;
else if ((NULL != params->username.value.str) &&
(NULL != params->username_ext.value.str))
- return MHD_DAUTH_WRONG_HEADER; /* Parameters cannot be used together */
+ return MHD_DAUTH_WRONG_USERNAME; /* Parameters cannot be used together */
else if ((NULL != params->username_ext.value.str) &&
(MHD_DAUTH_EXT_PARAM_MIN_LEN > params->username_ext.value.len))
- return MHD_DAUTH_WRONG_HEADER; /* Broken extended notation */
+ return MHD_DAUTH_WRONG_USERNAME; /* Broken extended notation */
else if (params->userhash && (NULL == params->username.value.str))
- return MHD_DAUTH_WRONG_HEADER; /* Userhash cannot be used with extended
notation */
+ return MHD_DAUTH_WRONG_USERNAME; /* Userhash cannot be used with extended
notation */
else if (params->userhash && (digest_size * 2 > params->username.value.len))
- return MHD_DAUTH_WRONG_HEADER; /* Too few chars for correct userhash */
+ return MHD_DAUTH_WRONG_USERNAME; /* Too few chars for correct userhash */
else if (params->userhash && (digest_size * 4 < params->username.value.len))
- return MHD_DAUTH_WRONG_HEADER; /* Too many chars for correct userhash */
+ return MHD_DAUTH_WRONG_USERNAME; /* Too many chars for correct userhash */
if (NULL == params->realm.value.str)
- return MHD_DAUTH_WRONG_HEADER;
+ return MHD_DAUTH_WRONG_REALM;
else if (((NULL == userdigest) || params->userhash) &&
(_MHD_AUTH_DIGEST_MAX_PARAM_SIZE < params->realm.value.len))
return MHD_DAUTH_TOO_LARGE; /* Realm is too large and it will be used in
hash calculations */
@@ -2141,21 +2141,21 @@ digest_auth_check_all_inner (struct MHD_Connection
*connection,
/* The QOP parameter was checked already */
if (NULL == params->uri.value.str)
- return MHD_DAUTH_WRONG_HEADER;
+ return MHD_DAUTH_WRONG_URI;
else if (0 == params->uri.value.len)
return MHD_DAUTH_WRONG_URI;
else if (_MHD_AUTH_DIGEST_MAX_PARAM_SIZE < params->uri.value.len)
return MHD_DAUTH_TOO_LARGE;
if (NULL == params->nonce.value.str)
- return MHD_DAUTH_WRONG_HEADER;
+ return MHD_DAUTH_NONCE_WRONG;
else if (0 == params->nonce.value.len)
return MHD_DAUTH_NONCE_WRONG;
else if (NONCE_STD_LEN (digest_size) * 2 < params->nonce.value.len)
return MHD_DAUTH_NONCE_WRONG;
if (NULL == params->response.value.str)
- return MHD_DAUTH_WRONG_HEADER;
+ return MHD_DAUTH_RESPONSE_WRONG;
else if (0 == params->response.value.len)
return MHD_DAUTH_RESPONSE_WRONG;
else if (digest_size * 4 < params->response.value.len)
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [libmicrohttpd] branch master updated (9eb7b4de -> 34059c30), gnunet, 2022/07/30
- [libmicrohttpd] 03/15: configure: report in summary whether static and shared version will be built, gnunet, 2022/07/30
- [libmicrohttpd] 02/15: configure: cosmetics, gnunet, 2022/07/30
- [libmicrohttpd] 05/15: microhttpd: improved description for MHD_OPTION_NONCE_NC_SIZE, gnunet, 2022/07/30
- [libmicrohttpd] 07/15: Added new MHD_OPTION_DIGEST_AUTH_RANDOM_COPY option, gnunet, 2022/07/30
- [libmicrohttpd] 10/15: test_digestauth2: added testing of 'userdigest', gnunet, 2022/07/30
- [libmicrohttpd] 01/15: digestauth: added dynamic detection and use of the algo specified by client, gnunet, 2022/07/30
- [libmicrohttpd] 15/15: MHD_digest_auth_check3(): return failed parameter if it is known,
gnunet <=
- [libmicrohttpd] 14/15: microhttpd.h: sorted Digest Auth functions and enums, gnunet, 2022/07/30
- [libmicrohttpd] 04/15: configure: control more parameters with 'build-type', gnunet, 2022/07/30
- [libmicrohttpd] 06/15: microhttpd: improved description for MHD_OPTION_DIGEST_AUTH_RANDOM, gnunet, 2022/07/30
- [libmicrohttpd] 08/15: daemon.c: changed fill value for unused members, gnunet, 2022/07/30
- [libmicrohttpd] 11/15: test_digestauth2: added testing of Auth v2 API, gnunet, 2022/07/30
- [libmicrohttpd] 13/15: test_digestauth2: added testing of RFC2069 mode, gnunet, 2022/07/30
- [libmicrohttpd] 12/15: digestauth: implemented support for RFC 2069, gnunet, 2022/07/30
- [libmicrohttpd] 09/15: test_digestauth2: test the new option, gnunet, 2022/07/30