GNU libmicrohttpd 0.9.77
Loading...
Searching...
No Matches
HTTP authentication

Macros

#define MHD_INVALID_NONCE   -1
 
#define MHD_INVALID_NONCE   -1
 

Functions

_MHD_EXTERN char * MHD_digest_auth_get_username (struct MHD_Connection *connection)
 
_MHD_EXTERN int MHD_digest_auth_check2 (struct MHD_Connection *connection, const char *realm, const char *username, const char *password, unsigned int nonce_timeout, enum MHD_DigestAuthAlgorithm algo)
 
_MHD_EXTERN int MHD_digest_auth_check (struct MHD_Connection *connection, const char *realm, const char *username, const char *password, unsigned int nonce_timeout)
 
_MHD_EXTERN int MHD_digest_auth_check_digest2 (struct MHD_Connection *connection, const char *realm, const char *username, const uint8_t *digest, size_t digest_size, unsigned int nonce_timeout, enum MHD_DigestAuthAlgorithm algo)
 
_MHD_EXTERN int MHD_digest_auth_check_digest (struct MHD_Connection *connection, const char *realm, const char *username, const uint8_t digest[MHD_MD5_DIGEST_SIZE], unsigned int nonce_timeout)
 
_MHD_EXTERN enum MHD_Result MHD_queue_auth_fail_response2 (struct MHD_Connection *connection, const char *realm, const char *opaque, struct MHD_Response *response, int signal_stale, enum MHD_DigestAuthAlgorithm algo)
 
_MHD_EXTERN enum MHD_Result MHD_queue_auth_fail_response (struct MHD_Connection *connection, const char *realm, const char *opaque, struct MHD_Response *response, int signal_stale)
 
_MHD_EXTERN char * MHD_basic_auth_get_username_password (struct MHD_Connection *connection, char **password)
 
_MHD_EXTERN enum MHD_Result MHD_queue_basic_auth_fail_response (struct MHD_Connection *connection, const char *realm, struct MHD_Response *response)
 
static int digest_auth_check_all (struct MHD_Connection *connection, struct DigestAlgorithm *da, const char *realm, const char *username, const char *password, const uint8_t *digest, unsigned int nonce_timeout)
 

Detailed Description

MHD API related to basic and digest HTTP authentication.

Macro Definition Documentation

◆ MHD_INVALID_NONCE [1/2]

#define MHD_INVALID_NONCE   -1

MHD digest auth internal code for an invalid nonce.

Constant to indicate that the nonce of the provided authentication code was wrong.

Definition at line 175 of file microhttpd.h.

◆ MHD_INVALID_NONCE [2/2]

#define MHD_INVALID_NONCE   -1

MHD digest auth internal code for an invalid nonce.

Constant to indicate that the nonce of the provided authentication code was wrong.

Definition at line 175 of file microhttpd.h.

Function Documentation

◆ digest_auth_check_all()

static int digest_auth_check_all ( struct MHD_Connection connection,
struct DigestAlgorithm *  da,
const char *  realm,
const char *  username,
const char *  password,
const uint8_t *  digest,
unsigned int  nonce_timeout 
)
static

Authenticates the authorization header sent by the client

Parameters
connectionThe MHD connection structure
[in,out]dadigest algorithm to use for checking (written to as part of the calculations, but the values left in the struct are not actually expected to be useful for the caller)
realmThe realm presented to the client
usernameThe username needs to be authenticated
passwordThe password used in the authentication
digestAn optional binary hash of the precalculated hash value "username:realm:password" (must contain "da->digest_size" bytes or be NULL)
nonce_timeoutThe amount of time for a nonce to be invalid in seconds
Returns
MHD_YES if authenticated, MHD_NO if not, MHD_INVALID_NONCE if nonce is invalid

Definition at line 857 of file digestauth.c.

References _, _BASE, calculate_nonce(), check_argument_match(), check_nonce_nc(), MHD_Connection::daemon, digest_calc_ha1_from_digest(), digest_calc_ha1_from_user(), digest_calc_response(), lookup_sub_value(), MAX_AUTH_RESPONSE_LENGTH, MAX_NONCE_LENGTH, MAX_REALM_LENGTH, MAX_USERNAME_LENGTH, MHD_Connection::method, mhd_assert, MHD_HEADER_KIND, MHD_HTTP_HEADER_AUTHORIZATION, MHD_INVALID_NONCE, MHD_lookup_connection_value_n(), MHD_monotonic_sec_counter(), MHD_NO, MHD_STATICSTR_LEN_, MHD_strx_to_uint32_n_(), MHD_strx_to_uint64_n_(), MHD_YES, NONCE_STD_LEN, NULL, TIMESTAMP_BIN_SIZE, MHD_Daemon::unescape_callback, MHD_Daemon::unescape_callback_cls, MHD_Connection::url, VLA_ARRAY_LEN_DIGEST, and VLA_CHECK_LEN_DIGEST.

Referenced by MHD_digest_auth_check2(), and MHD_digest_auth_check_digest2().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ MHD_basic_auth_get_username_password()

char * MHD_basic_auth_get_username_password ( struct MHD_Connection connection,
char **  password 
)

Get the username and password from the basic authorization header sent by the client

Parameters
connectionThe MHD connection structure
[out]passworda pointer for the password, free using MHD_free().
Returns
NULL if no username could be found, a pointer to the username if found, free using MHD_free().

Get the username and password from the basic authorization header sent by the client

Parameters
connectionThe MHD connection structure
passworda pointer for the password
Returns
NULL if no username could be found, a pointer to the username if found

Definition at line 47 of file basicauth.c.

References _, _BASIC_BASE, MHD_Connection::daemon, MHD_HEADER_KIND, MHD_HTTP_HEADER_AUTHORIZATION, MHD_lookup_connection_value_n(), MHD_NO, MHD_STATICSTR_LEN_, and NULL.

Here is the call graph for this function:

◆ MHD_digest_auth_check()

_MHD_EXTERN int MHD_digest_auth_check ( struct MHD_Connection connection,
const char *  realm,
const char *  username,
const char *  password,
unsigned int  nonce_timeout 
)

Authenticates the authorization header sent by the client. Uses MHD_DIGEST_ALG_MD5 (for now, for backwards-compatibility). Note that this MAY change to MHD_DIGEST_ALG_AUTO in the future. If you want to be sure you get MD5, use MHD_digest_auth_check2() and specify MD5 explicitly.

Parameters
connectionThe MHD connection structure
realmThe realm presented to the client
usernameThe username needs to be authenticated
passwordThe password used in the authentication
nonce_timeoutThe amount of time for a nonce to be invalid in seconds
Returns
MHD_YES if authenticated, MHD_NO if not, MHD_INVALID_NONCE if nonce is invalid

Authenticates the authorization header sent by the client. Uses MHD_DIGEST_ALG_MD5 (for now, for backwards-compatibility). Note that this MAY change to MHD_DIGEST_ALG_AUTO in the future. If you want to be sure you get MD5, use MHD_digest_auth_check2 and specify MD5 explicitly.

Parameters
connectionThe MHD connection structure
realmThe realm presented to the client
usernameThe username needs to be authenticated
passwordThe password used in the authentication
nonce_timeoutThe amount of time for a nonce to be invalid in seconds
Returns
MHD_YES if authenticated, MHD_NO if not, MHD_INVALID_NONCE if nonce is invalid

Definition at line 1161 of file digestauth.c.

References MHD_DIGEST_ALG_MD5, and MHD_digest_auth_check2().

Here is the call graph for this function:

◆ MHD_digest_auth_check2()

_MHD_EXTERN int MHD_digest_auth_check2 ( struct MHD_Connection connection,
const char *  realm,
const char *  username,
const char *  password,
unsigned int  nonce_timeout,
enum MHD_DigestAuthAlgorithm  algo 
)

Authenticates the authorization header sent by the client.

Parameters
connectionThe MHD connection structure
realmThe realm presented to the client
usernameThe username needs to be authenticated
passwordThe password used in the authentication
nonce_timeoutThe amount of time for a nonce to be invalid in seconds
algodigest algorithms allowed for verification
Returns
MHD_YES if authenticated, MHD_NO if not, MHD_INVALID_NONCE if nonce is invalid
Note
Available since MHD_VERSION 0x00096200

Authenticates the authorization header sent by the client.

Parameters
connectionThe MHD connection structure
realmThe realm presented to the client
usernameThe username needs to be authenticated
passwordThe password used in the authentication
nonce_timeoutThe amount of time for a nonce to be invalid in seconds
algodigest algorithms allowed for verification
Returns
MHD_YES if authenticated, MHD_NO if not, MHD_INVALID_NONCE if nonce is invalid

Definition at line 1240 of file digestauth.c.

References digest_auth_check_all(), mhd_assert, NULL, and SETUP_DA.

Referenced by MHD_digest_auth_check().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ MHD_digest_auth_check_digest()

_MHD_EXTERN int MHD_digest_auth_check_digest ( struct MHD_Connection connection,
const char *  realm,
const char *  username,
const uint8_t  digest[MHD_MD5_DIGEST_SIZE],
unsigned int  nonce_timeout 
)

Authenticates the authorization header sent by the client Uses MHD_DIGEST_ALG_MD5 (required, as digest is of fixed size).

Parameters
connectionThe MHD connection structure
realmThe realm presented to the client
usernameThe username needs to be authenticated
digestAn ‘unsigned char *’ pointer to the binary hash for the precalculated hash value "username:realm:password"; length must be MHD_MD5_DIGEST_SIZE bytes
nonce_timeoutThe amount of time for a nonce to be invalid in seconds
Returns
MHD_YES if authenticated, MHD_NO if not, MHD_INVALID_NONCE if nonce is invalid
Note
Available since MHD_VERSION 0x00096000

Authenticates the authorization header sent by the client. Uses MHD_DIGEST_ALG_MD5 (required, as digest is of fixed size).

Parameters
connectionThe MHD connection structure
realmThe realm presented to the client
usernameThe username needs to be authenticated
digestAn ‘unsigned char *’ pointer to the binary digest for the precalculated hash value "username:realm:password" of digest_size bytes
nonce_timeoutThe amount of time for a nonce to be invalid in seconds
Returns
MHD_YES if authenticated, MHD_NO if not, MHD_INVALID_NONCE if nonce is invalid

Definition at line 1319 of file digestauth.c.

References MHD_DIGEST_ALG_MD5, MHD_digest_auth_check_digest2(), and MHD_MD5_DIGEST_SIZE.

Here is the call graph for this function:

◆ MHD_digest_auth_check_digest2()

_MHD_EXTERN int MHD_digest_auth_check_digest2 ( struct MHD_Connection connection,
const char *  realm,
const char *  username,
const uint8_t *  digest,
size_t  digest_size,
unsigned int  nonce_timeout,
enum MHD_DigestAuthAlgorithm  algo 
)

Authenticates the authorization header sent by the client.

Parameters
connectionThe MHD connection structure
realmThe realm presented to the client
usernameThe username needs to be authenticated
digestAn ‘unsigned char *’ pointer to the binary MD5 sum for the precalculated hash value "username:realm:password" of digest_size bytes
digest_sizenumber of bytes in digest (size must match algo!)
nonce_timeoutThe amount of time for a nonce to be invalid in seconds
algodigest algorithms allowed for verification
Returns
MHD_YES if authenticated, MHD_NO if not, MHD_INVALID_NONCE if nonce is invalid
Note
Available since MHD_VERSION 0x00096200

Authenticates the authorization header sent by the client.

Parameters
connectionThe MHD connection structure
realmThe realm presented to the client
usernameThe username needs to be authenticated
digestAn ‘unsigned char *’ pointer to the binary MD5 sum for the precalculated hash value "username:realm:password" of MHD_MD5_DIGEST_SIZE bytes
digest_sizenumber of bytes in digest
nonce_timeoutThe amount of time for a nonce to be invalid in seconds
algodigest algorithms allowed for verification
Returns
MHD_YES if authenticated, MHD_NO if not, MHD_INVALID_NONCE if nonce is invalid

Definition at line 1278 of file digestauth.c.

References _, digest_auth_check_all(), mhd_assert, MHD_PANIC, NULL, and SETUP_DA.

Referenced by MHD_digest_auth_check_digest().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ MHD_digest_auth_get_username()

char * MHD_digest_auth_get_username ( struct MHD_Connection connection)

Get the username from the authorization header sent by the client

Parameters
connectionThe MHD connection structure
Returns
NULL if no username could be found, a pointer to the username if found, free using MHD_free().

Get the username from the authorization header sent by the client

Parameters
connectionThe MHD connection structure
Returns
NULL if no username could be found, a pointer to the username if found
Warning
Returned value must be freed by MHD_free().

Definition at line 632 of file digestauth.c.

References _BASE, lookup_sub_value(), MAX_USERNAME_LENGTH, MHD_HEADER_KIND, MHD_HTTP_HEADER_AUTHORIZATION, MHD_lookup_connection_value_n(), MHD_NO, MHD_STATICSTR_LEN_, and NULL.

Here is the call graph for this function:

◆ MHD_queue_auth_fail_response()

enum MHD_Result MHD_queue_auth_fail_response ( struct MHD_Connection connection,
const char *  realm,
const char *  opaque,
struct MHD_Response response,
int  signal_stale 
)

Queues a response to request authentication from the client For now uses MD5 (for backwards-compatibility). Still, if you need to be sure, use #MHD_queue_fail_auth_response2().

Parameters
connectionThe MHD connection structure
realmThe realm presented to the client
opaquestring to user for opaque value
responsereply to send; should contain the "access denied" body; note that this function will set the "WWW Authenticate" header and that the caller should not do this
signal_staleMHD_YES if the nonce is invalid to add 'stale=true' to the authentication header
Returns
MHD_YES on success, MHD_NO otherwise

Queues a response to request authentication from the client. For now uses MD5 (for backwards-compatibility). Still, if you need to be sure, use #MHD_queue_fail_auth_response2().

Parameters
connectionThe MHD connection structure
realmthe realm presented to the client
opaquestring to user for opaque value
responsereply to send; should contain the "access denied" body; note that this function will set the "WWW Authenticate" header and that the caller should not do this
signal_staleMHD_YES if the nonce is invalid to add 'stale=true' to the authentication header
Returns
MHD_YES on success, MHD_NO otherwise

Definition at line 1474 of file digestauth.c.

References MHD_DIGEST_ALG_MD5, and MHD_queue_auth_fail_response2().

Here is the call graph for this function:

◆ MHD_queue_auth_fail_response2()

enum MHD_Result MHD_queue_auth_fail_response2 ( struct MHD_Connection connection,
const char *  realm,
const char *  opaque,
struct MHD_Response response,
int  signal_stale,
enum MHD_DigestAuthAlgorithm  algo 
)

Queues a response to request authentication from the client

Parameters
connectionThe MHD connection structure
realmthe realm presented to the client
opaquestring to user for opaque value
responsereply to send; should contain the "access denied" body; note that this function will set the "WWW Authenticate" header and that the caller should not do this
signal_staleMHD_YES if the nonce is invalid to add 'stale=true' to the authentication header
algodigest algorithm to use
Returns
MHD_YES on success, MHD_NO otherwise
Note
Available since MHD_VERSION 0x00096200

Queues a response to request authentication from the client

Parameters
connectionThe MHD connection structure
realmthe realm presented to the client
opaquestring to user for opaque value
responsereply to send; should contain the "access denied" body; note that this function will set the "WWW Authenticate" header and that the caller should not do this
signal_staleMHD_YES if the nonce is invalid to add 'stale=true' to the authentication header
algodigest algorithm to use
Returns
MHD_YES on success, MHD_NO otherwise

Definition at line 1351 of file digestauth.c.

References _, calculate_nonce(), check_nonce_nc(), MHD_Connection::daemon, MHD_Connection::method, MHD_add_response_header(), MHD_calloc_(), MHD_HTTP_HEADER_CONNECTION, MHD_HTTP_HEADER_WWW_AUTHENTICATE, MHD_HTTP_UNAUTHORIZED, MHD_monotonic_sec_counter(), MHD_NO, MHD_queue_response(), NONCE_STD_LEN, NULL, SETUP_DA, MHD_Connection::url, VLA_ARRAY_LEN_DIGEST, and VLA_CHECK_LEN_DIGEST.

Referenced by MHD_queue_auth_fail_response().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ MHD_queue_basic_auth_fail_response()

enum MHD_Result MHD_queue_basic_auth_fail_response ( struct MHD_Connection connection,
const char *  realm,
struct MHD_Response response 
)

Queues a response to request basic authentication from the client The given response object is expected to include the payload for the response; the "WWW-Authenticate" header will be added and the response queued with the 'UNAUTHORIZED' status code.

Parameters
connectionThe MHD connection structure
realmthe realm presented to the client
responseresponse object to modify and queue
Returns
MHD_YES on success, MHD_NO otherwise

Queues a response to request basic authentication from the client. The given response object is expected to include the payload for the response; the "WWW-Authenticate" header will be added and the response queued with the 'UNAUTHORIZED' status code.

Parameters
connectionThe MHD connection structure
realmthe realm presented to the client
responseresponse object to modify and queue
Returns
MHD_YES on success, MHD_NO otherwise

Definition at line 153 of file basicauth.c.

References _, MHD_Connection::daemon, MHD_add_response_header(), MHD_HTTP_HEADER_WWW_AUTHENTICATE, MHD_HTTP_UNAUTHORIZED, MHD_NO, MHD_queue_response(), and NULL.

Here is the call graph for this function: