src/microhttpd/digestauth.c File Reference

Implements HTTP digest authentication. More...

#include "platform.h"
#include <limits.h>
#include "internal.h"
#include "md5.h"

Include dependency graph for digestauth.c:

Defines
#define	HASH_MD5_HEX_LEN (2 * MD5_DIGEST_SIZE)
#define	_BASE "Digest "
#define	MAX_USERNAME_LENGTH 128
#define	MAX_REALM_LENGTH 256
#define	MAX_AUTH_RESPONSE_LENGTH 128
Functions
static void	cvthex (const unsigned char bin, size_t len, char hex)
static void	digest_calc_ha1 (const char alg, const char username, const char realm, const char password, const char nonce, const char cnonce, char *sessionkey)
static void	digest_calc_response (const char ha1, const char nonce, const char noncecount, const char cnonce, const char qop, const char method, const char uri, const char hentity, char *response)
static int	lookup_sub_value (char dest, size_t size, const char data, const char *key)
static int	check_nonce_nc (struct MHD_Connection connection, const char nonce, unsigned long int nc)
char *	MHD_digest_auth_get_username (struct MHD_Connection *connection)
static void	calculate_nonce (uint32_t nonce_time, const char method, const char rnd, unsigned int rnd_size, const char uri, const char realm, char *nonce)
static int	test_header (struct MHD_Connection connection, const char key, const char *value)
static int	check_argument_match (struct MHD_Connection connection, const char args)
int	MHD_digest_auth_check (struct MHD_Connection connection, const char realm, const char username, const char password, unsigned int nonce_timeout)
int	MHD_queue_auth_fail_response (struct MHD_Connection connection, const char realm, const char opaque, struct MHD_Response response, int signal_stale)

Detailed Description

Implements HTTP digest authentication.

Author:: Amr Ali; Matthieu Speder

Definition in file digestauth.c.

Define Documentation

#define _BASE "Digest "

Beginning string for any valid Digest authentication header.

Definition at line 35 of file digestauth.c.

Referenced by MHD_digest_auth_check(), and MHD_digest_auth_get_username().

#define HASH_MD5_HEX_LEN (2 * MD5_DIGEST_SIZE)

Definition at line 30 of file digestauth.c.

Referenced by digest_calc_response(), MHD_digest_auth_check(), and MHD_queue_auth_fail_response().

#define MAX_AUTH_RESPONSE_LENGTH 128

Maximum length of the response in digest authentication.

Definition at line 50 of file digestauth.c.

Referenced by MHD_digest_auth_check().

#define MAX_REALM_LENGTH 256

Maximum length of a realm for digest authentication.

Definition at line 45 of file digestauth.c.

Referenced by MHD_digest_auth_check().

#define MAX_USERNAME_LENGTH 128

Maximum length of a username for digest authentication.

Definition at line 40 of file digestauth.c.

Referenced by MHD_digest_auth_check(), and MHD_digest_auth_get_username().

Function Documentation

static void calculate_nonce	(	uint32_t	nonce_time,
		const char *	method,
		const char *	rnd,
		unsigned int	rnd_size,
		const char *	uri,
		const char *	realm,
		char *	nonce
	)			`[static]`

Calculate the server nonce so that it mitigates replay attacks The current format of the nonce is ... H(timestamp ":" method ":" random ":" uri ":" realm) + Hex(timestamp)

Parameters:

	nonce_time	The amount of time in seconds for a nonce to be invalid
	method	HTTP method
	rnd	A pointer to a character array for the random seed
	rnd_size	The size of the random seed array
	uri	HTTP URI (in MHD, without the arguments ("?k=v")
	realm	A string of characters that describes the realm of auth.
	nonce	A pointer to a character array for the nonce to put in

Definition at line 390 of file digestauth.c.

References cvthex(), MD5_DIGEST_SIZE, MD5Final(), MD5Init(), and MD5Update().

Referenced by MHD_digest_auth_check(), and MHD_queue_auth_fail_response().

Here is the call graph for this function:

Here is the caller graph for this function:

static int check_argument_match	(	struct MHD_Connection *	connection,
		const char *	args
	)			`[static]`

Check that the arguments given by the client as part of the authentication header match the arguments we got as part of the HTTP request URI.

Parameters:

	connection	connections with headers to compare against
	args	argument URI string (after "?" in URI)

Returns:: MHD_YES if the arguments match, MHD_NO if not

Definition at line 472 of file digestauth.c.

References MHD_Connection::daemon, MHD_Connection::headers_received, MHD_HTTP_Header::kind, MHD_GET_ARGUMENT_KIND, MHD_NO, MHD_YES, MHD_HTTP_Header::next, NULL, test_header(), MHD_Daemon::unescape_callback, and MHD_Daemon::unescape_callback_cls.

Referenced by MHD_digest_auth_check().

Here is the call graph for this function:

Here is the caller graph for this function:

static int check_nonce_nc	(	struct MHD_Connection *	connection,
		const char *	nonce,
		unsigned long int	nc
	)			`[static]`

Check nonce-nc map array with either new nonce counter or a whole new nonce.

Parameters:

	connection	The MHD connection structure
	nonce	A pointer that referenced a zero-terminated array of nonce
	nc	The nonce counter, zero to add the nonce to the array

Returns:: MHD_YES if successful, MHD_NO if invalid (or we have no NC array)

Definition at line 294 of file digestauth.c.

References MHD_Connection::daemon, MHD_NO, and MHD_YES.

Referenced by MHD_digest_auth_check(), and MHD_queue_auth_fail_response().

Here is the caller graph for this function:

static void cvthex	(	const unsigned char *	bin,
		size_t	len,
		char *	hex
	)			`[static]`

convert bin to hex

Parameters:

	bin	binary data
	len	number of bytes in bin
	hex	pointer to len*2+1 bytes

Definition at line 61 of file digestauth.c.

Referenced by calculate_nonce(), digest_calc_ha1(), and digest_calc_response().

Here is the caller graph for this function:

static void digest_calc_ha1	(	const char *	alg,
		const char *	username,
		const char *	realm,
		const char *	password,
		const char *	nonce,
		const char *	cnonce,
		char *	sessionkey
	)			`[static]`

calculate H(A1) as per RFC2617 spec and store the result in 'sessionkey'.

Parameters:

	alg	The hash algorithm used, can be "md5" or "md5-sess"
	username	A `char *' pointer to the username value
	realm	A `char *' pointer to the realm value
	password	A `char *' pointer to the password value
	nonce	A `char *' pointer to the nonce value
	cnonce	A `char *' pointer to the cnonce value
	sessionkey	pointer to buffer of HASH_MD5_HEX_LEN+1 bytes

Definition at line 92 of file digestauth.c.

References cvthex(), MD5_DIGEST_SIZE, MD5Final(), MD5Init(), and MD5Update().

Referenced by MHD_digest_auth_check().

Here is the call graph for this function:

Here is the caller graph for this function:

static void digest_calc_response	(	const char *	ha1,
		const char *	nonce,
		const char *	noncecount,
		const char *	cnonce,
		const char *	qop,
		const char *	method,
		const char *	uri,
		const char *	hentity,
		char *	response
	)			`[static]`

Calculate request-digest/response-digest as per RFC2617 spec

Parameters:

	ha1	H(A1)
	nonce	nonce from server
	noncecount	8 hex digits
	cnonce	client nonce
	qop	qop-value: "", "auth" or "auth-int"
	method	method from request
	uri	requested URL
	hentity	H(entity body) if qop="auth-int"
	response	request-digest or response-digest

Definition at line 138 of file digestauth.c.

References cvthex(), HASH_MD5_HEX_LEN, MD5_DIGEST_SIZE, MD5Final(), MD5Init(), MD5Update(), and NULL.

Referenced by MHD_digest_auth_check().

Here is the call graph for this function:

Here is the caller graph for this function:

static int lookup_sub_value	(	char *	dest,
		size_t	size,
		const char *	data,
		const char *	key
	)			`[static]`

Lookup subvalue off of the HTTP Authorization header.

A description of the input format for 'data' is at http://en.wikipedia.org/wiki/Digest_access_authentication

Parameters:

	dest	where to store the result (possibly truncated if the buffer is not big enough).
	size	size of dest
	data	pointer to the Authorization header
	key	key to look up in data