digestauth.c File Reference

Implements various HTTP authentication methods. More...

#include "platform.h"
#include "internal.h"
#include "md5.h"
#include "base64.h"

Include dependency graph for digestauth.c:

Go to the source code of this file.

Defines
#define	HASH_MD5_HEX_LEN   (2 * MD5_DIGEST_SIZE)
#define	_BASE   "Digest "
#define	_BASIC_BASE   "Basic "
#define	MAX_USERNAME_LENGTH   128
#define	MAX_REALM_LENGTH   256
#define	MAX_AUTH_RESPONSE_LENGTH   128
Functions
static void	cvthex (const unsigned char *bin, size_t len, char *hex)
static void	digest_calc_ha1 (const char *alg, const char *username, const char *realm, const char *password, const char *nonce, const char *cnonce, char *sessionkey)
static void	digest_calc_response (const char *ha1, const char *nonce, const char *noncecount, const char *cnonce, const char *qop, const char *method, const char *uri, const char *hentity, char *response)
static int	lookup_sub_value (char *dest, size_t size, const char *data, const char *key)
static int	check_nonce_nc (struct MHD_Connection *connection, const char *nonce, unsigned int nc)
char *	MHD_digest_auth_get_username (struct MHD_Connection *connection)
static void	calculate_nonce (uint32_t nonce_time, const char *method, const char *rnd, unsigned int rnd_size, const char *uri, const char *realm, char *nonce)
int	MHD_digest_auth_check (struct MHD_Connection *connection, const char *realm, const char *username, const char *password, unsigned int nonce_timeout)
int	MHD_queue_auth_fail_response (struct MHD_Connection *connection, const char *realm, const char *opaque, struct MHD_Response *response, int signal_stale)
char *	MHD_basic_auth_get_username_password (struct MHD_Connection *connection, char **password)
int	MHD_queue_basic_auth_fail_response (struct MHD_Connection *connection, const char *realm, struct MHD_Response *response)

---

Detailed Description

Implements various HTTP authentication methods.

Author:

Amr Ali

Matthieu Speder

Definition in file digestauth.c.

---

Define Documentation

#define _BASE   "Digest "

Beginning string for any valid Digest authentication header.

Definition at line 37 of file digestauth.c.

Referenced by MHD_digest_auth_check(), and MHD_digest_auth_get_username().

#define _BASIC_BASE   "Basic "

Beginning string for any valid Basic authentication header.

Definition at line 42 of file digestauth.c.

Referenced by MHD_basic_auth_get_username_password().

#define HASH_MD5_HEX_LEN   (2 * MD5_DIGEST_SIZE)

Definition at line 32 of file digestauth.c.

Referenced by digest_calc_response(), MHD_digest_auth_check(), and MHD_queue_auth_fail_response().

#define MAX_AUTH_RESPONSE_LENGTH   128

Maximum length of the response in digest authentication.

Definition at line 57 of file digestauth.c.

Referenced by MHD_digest_auth_check().

#define MAX_REALM_LENGTH   256

Maximum length of a realm for digest authentication.

Definition at line 52 of file digestauth.c.

Referenced by MHD_digest_auth_check().

#define MAX_USERNAME_LENGTH   128

Maximum length of a username for digest authentication.

Definition at line 47 of file digestauth.c.

Referenced by MHD_digest_auth_check(), and MHD_digest_auth_get_username().

---

Function Documentation

static void calculate_nonce	(	uint32_t	nonce_time,
		const char *	method,
		const char *	rnd,
		unsigned int	rnd_size,
		const char *	uri,
		const char *	realm,
		char *	nonce
	)		[static]

Calculate the server nonce so that it mitigates replay attacks The current format of the nonce is ... H(timestamp ":" method ":" random ":" uri ":" realm) + Hex(timestamp)

Parameters:

nonce_time	The amount of time in seconds for a nonce to be invalid
method	HTTP method
rnd	A pointer to a character array for the random seed
rnd_size	The size of the random seed array
uri	HTTP URI
realm	A string of characters that describes the realm of auth.
nonce	A pointer to a character array for the nonce to put in

Definition at line 394 of file digestauth.c.

References cvthex(), MD5_DIGEST_SIZE, MD5Final(), MD5Init(), and MD5Update().

Referenced by MHD_digest_auth_check(), and MHD_queue_auth_fail_response().

Here is the call graph for this function:

Here is the caller graph for this function:

static int check_nonce_nc	(	struct MHD_Connection *	connection,
		const char *	nonce,
		unsigned int	nc
	)		[static]

Check nonce-nc map array with either new nonce counter or a whole new nonce.

Parameters:

connection	The MHD connection structure
nonce	A pointer that referenced a zero-terminated array of nonce
nc	The nonce counter, zero to add the nonce to the array

Returns:

MHD_YES if successful, MHD_NO if invalid (or we have no NC array)

Definition at line 297 of file digestauth.c.

References MHD_Connection::daemon, MHD_NO, and MHD_YES.

Referenced by MHD_digest_auth_check(), and MHD_queue_auth_fail_response().

Here is the caller graph for this function:

static void cvthex	(	const unsigned char *	bin,
		size_t	len,
		char *	hex
	)		[static]

convert bin to hex

Parameters:

bin	binary data
len	number of bytes in bin
hex	pointer to len*2+1 bytes

Definition at line 67 of file digestauth.c.

Referenced by calculate_nonce(), digest_calc_ha1(), and digest_calc_response().

Here is the caller graph for this function:

static void digest_calc_ha1	(	const char *	alg,
		const char *	username,
		const char *	realm,
		const char *	password,
		const char *	nonce,
		const char *	cnonce,
		char *	sessionkey
	)		[static]

calculate H(A1) as per RFC2617 spec and store the result in 'sessionkey'.

Parameters:

alg	The hash algorithm used, can be "md5" or "md5-sess"
username	A `char *' pointer to the username value
realm	A `char *' pointer to the realm value
password	A `char *' pointer to the password value
nonce	A `char *' pointer to the nonce value
cnonce	A `char *' pointer to the cnonce value
sessionkey	pointer to buffer of HASH_MD5_HEX_LEN+1 bytes

Definition at line 97 of file digestauth.c.

References cvthex(), MD5_DIGEST_SIZE, MD5Final(), MD5Init(), and MD5Update().

Referenced by MHD_digest_auth_check().

Here is the call graph for this function:

Here is the caller graph for this function:

static void digest_calc_response	(	const char *	ha1,
		const char *	nonce,
		const char *	noncecount,
		const char *	cnonce,
		const char *	qop,
		const char *	method,
		const char *	uri,
		const char *	hentity,
		char *	response
	)		[static]

Calculate request-digest/response-digest as per RFC2617 spec

Parameters:

ha1	H(A1)
nonce	nonce from server
noncecount	8 hex digits
cnonce	client nonce
qop	qop-value: "", "auth" or "auth-int"
method	method from request
uri	requested URL
hentity	H(entity body) if qop="auth-int"
response	request-digest or response-digest

Definition at line 143 of file digestauth.c.

References cvthex(), HASH_MD5_HEX_LEN, MD5_DIGEST_SIZE, MD5Final(), MD5Init(), MD5Update(), and NULL.

Referenced by MHD_digest_auth_check().

Here is the call graph for this function:

Here is the caller graph for this function:

static int lookup_sub_value	(	char *	dest,
		size_t	size,
		const char *	data,
		const char *	key
	)		[static]

Lookup subvalue off of the HTTP Authorization header.

A description of the input format for 'data' is at http://en.wikipedia.org/wiki/Digest_access_authentication

Parameters:

dest	where to store the result (possibly truncated if the buffer is not big enough).
size	size of dest
data	pointer to the Authorization header
key	key to look up in data

Returns:

size of the located value, 0 if otherwise

Definition at line 210 of file digestauth.c.

References NULL.

Referenced by MHD_digest_auth_check(), and MHD_digest_auth_get_username().

Here is the caller graph for this function:

char* MHD_basic_auth_get_username_password	(	struct MHD_Connection *	connection,
		char **	password
	)

Get the username and password from the basic authorization header sent by the client

Parameters:

connection	The MHD connection structure
password	a pointer for the password

Returns:

NULL if no username could be found, a pointer to the username if found

Definition at line 656 of file digestauth.c.

References _BASIC_BASE, BASE64Decode(), MHD_Connection::daemon, MHD_HEADER_KIND, MHD_HTTP_HEADER_AUTHORIZATION, MHD_lookup_connection_value(), and NULL.

Here is the call graph for this function:

int MHD_digest_auth_check	(	struct MHD_Connection *	connection,
		const char *	realm,
		const char *	username,
		const char *	password,
		unsigned int	nonce_timeout
	)

Authenticates the authorization header sent by the client

Parameters:

connection	The MHD connection structure
realm	The realm presented to the client
username	The username needs to be authenticated
password	The password used in the authentication
nonce_timeout	The amount of time for a nonce to be invalid in seconds

Returns:

MHD_YES if authenticated, MHD_NO if not, MHD_INVALID_NONCE if nonce is invalid

Definition at line 442 of file digestauth.c.

References _BASE, calculate_nonce(), check_nonce_nc(), MHD_Connection::daemon, digest_calc_ha1(), digest_calc_response(), HASH_MD5_HEX_LEN, lookup_sub_value(), MAX_AUTH_RESPONSE_LENGTH, MAX_NONCE_LENGTH, MAX_REALM_LENGTH, MAX_USERNAME_LENGTH, MHD_Connection::method, MHD_HEADER_KIND, MHD_HTTP_HEADER_AUTHORIZATION, MHD_INVALID_NONCE, MHD_lookup_connection_value(), MHD_NO, MHD_YES, and NULL.

Here is the call graph for this function:

char* MHD_digest_auth_get_username

(

struct MHD_Connection *

connection

)

Get the username from the authorization header sent by the client

Parameters:

connection

The MHD connection structure

Returns:

NULL if no username could be found, a pointer to the username if found

Definition at line 356 of file digestauth.c.

References _BASE, lookup_sub_value(), MAX_USERNAME_LENGTH, MHD_HEADER_KIND, MHD_HTTP_HEADER_AUTHORIZATION, MHD_lookup_connection_value(), and NULL.

Here is the call graph for this function:

int MHD_queue_auth_fail_response	(	struct MHD_Connection *	connection,
		const char *	realm,
		const char *	opaque,
		struct MHD_Response *	response,
		int	signal_stale
	)

Queues a response to request authentication from the client

Parameters:

connection	The MHD connection structure
realm	the realm presented to the client
opaque	string to user for opaque value
signal_stale	MHD_YES if the nonce is invalid to add 'stale=true' to the authentication header

Returns:

MHD_YES on success, MHD_NO otherwise

Definition at line 592 of file digestauth.c.

References calculate_nonce(), check_nonce_nc(), MHD_Connection::daemon, HASH_MD5_HEX_LEN, MHD_Connection::method, MHD_add_response_header(), MHD_HTTP_HEADER_WWW_AUTHENTICATE, MHD_HTTP_UNAUTHORIZED, MHD_NO, MHD_queue_response(), MHD_YES, NULL, and MHD_Connection::url.

Here is the call graph for this function:

int MHD_queue_basic_auth_fail_response	(	struct MHD_Connection *	connection,
		const char *	realm,
		struct MHD_Response *	response
	)

Queues a response to request basic authentication from the client

Parameters:

connection	The MHD connection structure
realm	the realm presented to the client

Returns:

MHD_YES on success, MHD_NO otherwise

Definition at line 726 of file digestauth.c.

References MHD_add_response_header(), MHD_HTTP_HEADER_WWW_AUTHENTICATE, MHD_HTTP_UNAUTHORIZED, MHD_queue_response(), and MHD_YES.

Here is the call graph for this function: