Implements HTTP digest authentication. More...

#include "platform.h"
#include <limits.h>
#include "internal.h"
#include "md5.h"

Include dependency graph for digestauth.c:

Macros
#define	HASH_MD5_HEX_LEN (2 * MD5_DIGEST_SIZE)

#define	_BASE "Digest "

#define	MAX_USERNAME_LENGTH 128

#define	MAX_REALM_LENGTH 256

#define	MAX_AUTH_RESPONSE_LENGTH 128

Functions
static void	cvthex (const unsigned char bin, size_t len, char hex)

static void	digest_calc_ha1 (const char alg, const char username, const char realm, const char password, const char nonce, const char cnonce, char *sessionkey)

static void	digest_calc_response (const char ha1, const char nonce, const char noncecount, const char cnonce, const char qop, const char method, const char uri, const char hentity, char *response)

static int	lookup_sub_value (char dest, size_t size, const char data, const char *key)

static int	check_nonce_nc (struct MHD_Connection connection, const char nonce, unsigned long int nc)

char *	MHD_digest_auth_get_username (struct MHD_Connection *connection)

static void	calculate_nonce (uint32_t nonce_time, const char method, const char rnd, unsigned int rnd_size, const char uri, const char realm, char *nonce)

static int	test_header (struct MHD_Connection connection, const char key, const char *value)

static int	check_argument_match (struct MHD_Connection connection, const char args)

int	MHD_digest_auth_check (struct MHD_Connection connection, const char realm, const char username, const char password, unsigned int nonce_timeout)

int	MHD_queue_auth_fail_response (struct MHD_Connection connection, const char realm, const char opaque, struct MHD_Response response, int signal_stale)

Detailed Description

Implements HTTP digest authentication.

Author: Amr Ali; Matthieu Speder

Definition in file digestauth.c.

Macro Definition Documentation

#define _BASE "Digest "

Beginning string for any valid Digest authentication header.

Definition at line 35 of file digestauth.c.

Referenced by MHD_digest_auth_check(), and MHD_digest_auth_get_username().

#define HASH_MD5_HEX_LEN (2 * MD5_DIGEST_SIZE)

Definition at line 30 of file digestauth.c.

Referenced by digest_calc_response(), MHD_digest_auth_check(), and MHD_queue_auth_fail_response().

#define MAX_AUTH_RESPONSE_LENGTH 128

Maximum length of the response in digest authentication.

Definition at line 50 of file digestauth.c.

Referenced by MHD_digest_auth_check().

#define MAX_REALM_LENGTH 256

Maximum length of a realm for digest authentication.

Definition at line 45 of file digestauth.c.

Referenced by MHD_digest_auth_check().

#define MAX_USERNAME_LENGTH 128

Maximum length of a username for digest authentication.

Definition at line 40 of file digestauth.c.

Referenced by MHD_digest_auth_check(), and MHD_digest_auth_get_username().

Function Documentation

static void calculate_nonce	(	uint32_t	nonce_time,
		const char *	method,
		const char *	rnd,
		unsigned int	rnd_size,
		const char *	uri,
		const char *	realm,
		char *	nonce
	)

static

Calculate the server nonce so that it mitigates replay attacks The current format of the nonce is ... H(timestamp ":" method ":" random ":" uri ":" realm) + Hex(timestamp)

Parameters

nonce_time	The amount of time in seconds for a nonce to be invalid
method	HTTP method
rnd	A pointer to a character array for the random seed
rnd_size	The size of the random seed array
uri	HTTP URI (in MHD, without the arguments ("?k=v")
realm	A string of characters that describes the realm of auth.
nonce	A pointer to a character array for the nonce to put in

Definition at line 390 of file digestauth.c.

References cvthex(), MD5_DIGEST_SIZE, MD5Final(), MD5Init(), and MD5Update().

Referenced by MHD_digest_auth_check(), and MHD_queue_auth_fail_response().

Here is the call graph for this function:

Here is the caller graph for this function:

static int check_argument_match	(	struct MHD_Connection *	connection,
		const char *	args
	)

static

Check that the arguments given by the client as part of the authentication header match the arguments we got as part of the HTTP request URI.

Parameters

connection	connections with headers to compare against
args	argument URI string (after "?" in URI)

Returns: MHD_YES if the arguments match, MHD_NO if not

Definition at line 472 of file digestauth.c.

References MHD_Connection::daemon, MHD_Connection::headers_received, MHD_HTTP_Header::kind, MHD_GET_ARGUMENT_KIND, MHD_NO, MHD_YES, MHD_HTTP_Header::next, NULL, test_header(), MHD_Daemon::unescape_callback, and MHD_Daemon::unescape_callback_cls.

Referenced by MHD_digest_auth_check().

Here is the call graph for this function:

Here is the caller graph for this function:

static int check_nonce_nc	(	struct MHD_Connection *	connection,
		const char *	nonce,
		unsigned long int	nc
	)

static

Check nonce-nc map array with either new nonce counter or a whole new nonce.

Parameters

connection	The MHD connection structure
nonce	A pointer that referenced a zero-terminated array of nonce
nc	The nonce counter, zero to add the nonce to the array

Returns: MHD_YES if successful, MHD_NO if invalid (or we have no NC array)

Definition at line 294 of file digestauth.c.

References MHD_Connection::daemon, MHD_NO, and MHD_YES.

Referenced by MHD_digest_auth_check(), and MHD_queue_auth_fail_response().

Here is the caller graph for this function:

static void cvthex	(	const unsigned char *	bin,
		size_t	len,
		char *	hex
	)

static

convert bin to hex

Parameters

bin	binary data
len	number of bytes in bin
hex	pointer to len*2+1 bytes

Definition at line 61 of file digestauth.c.

Referenced by calculate_nonce(), digest_calc_ha1(), and digest_calc_response().

Here is the caller graph for this function:

static void digest_calc_ha1	(	const char *	alg,
		const char *	username,
		const char *	realm,
		const char *	password,
		const char *	nonce,
		const char *	cnonce,
		char *	sessionkey
	)

static

calculate H(A1) as per RFC2617 spec and store the result in 'sessionkey'.

Parameters

alg	The hash algorithm used, can be "md5" or "md5-sess"
username	A `char *' pointer to the username value
realm	A `char *' pointer to the realm value
password	A `char *' pointer to the password value
nonce	A `char *' pointer to the nonce value
cnonce	A `char *' pointer to the cnonce value
sessionkey	pointer to buffer of HASH_MD5_HEX_LEN+1 bytes

Definition at line 92 of file digestauth.c.

References cvthex(), MD5_DIGEST_SIZE, MD5Final(), MD5Init(), and MD5Update().

Referenced by MHD_digest_auth_check().

Here is the call graph for this function:

Here is the caller graph for this function:

static void digest_calc_response	(	const char *	ha1,
		const char *	nonce,
		const char *	noncecount,
		const char *	cnonce,
		const char *	qop,
		const char *	method,
		const char *	uri,
		const char *	hentity,
		char *	response
	)

static

Calculate request-digest/response-digest as per RFC2617 spec

Parameters

ha1	H(A1)
nonce	nonce from server
noncecount	8 hex digits
cnonce	client nonce
qop	qop-value: "", "auth" or "auth-int"
method	method from request
uri	requested URL
hentity	H(entity body) if qop="auth-int"
response	request-digest or response-digest

Definition at line 138 of file digestauth.c.

References cvthex(), HASH_MD5_HEX_LEN, MD5_DIGEST_SIZE, MD5Final(), MD5Init(), MD5Update(), and NULL.

Referenced by MHD_digest_auth_check().

Here is the call graph for this function:

Here is the caller graph for this function:

static int lookup_sub_value	(	char *	dest,
		size_t	size,
		const char *	data,
		const char *	key
	)

static

Lookup subvalue off of the HTTP Authorization header.

A description of the input format for 'data' is at http://en.wikipedia.org/wiki/Digest_access_authentication

Parameters

dest	where to store the result (possibly truncated if the buffer is not big enough).
size	size of dest
data	pointer to the Authorization header
key	key to look up in data