[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r37899 - in libmicrohttpd: . src/microhttpd
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] r37899 - in libmicrohttpd: . src/microhttpd |
|
Date: |
Tue, 6 Sep 2016 23:42:08 +0200 |
Author: grothoff
Date: 2016-09-06 23:42:07 +0200 (Tue, 06 Sep 2016)
New Revision: 37899
Modified:
libmicrohttpd/ChangeLog
libmicrohttpd/src/microhttpd/digestauth.c
libmicrohttpd/src/microhttpd/internal.h
Log:
implement out-of-order nonce support (#4636)
Modified: libmicrohttpd/ChangeLog
===================================================================
--- libmicrohttpd/ChangeLog 2016-09-06 21:00:36 UTC (rev 37898)
+++ libmicrohttpd/ChangeLog 2016-09-06 21:42:07 UTC (rev 37899)
@@ -1,3 +1,6 @@
+Tue Sep 6 23:39:56 CEST 2016
+ Allow out-of-order nonces for digest authentication (#4636). -CG
+
Tue Sep 6 21:29:09 CEST 2016
Martin was right, "socket_context" should be "void *"
in `union MHD_ConnectionInfo`. -MS
Modified: libmicrohttpd/src/microhttpd/digestauth.c
===================================================================
--- libmicrohttpd/src/microhttpd/digestauth.c 2016-09-06 21:00:36 UTC (rev
37898)
+++ libmicrohttpd/src/microhttpd/digestauth.c 2016-09-06 21:42:07 UTC (rev
37899)
@@ -117,23 +117,48 @@
unsigned char ha1[MD5_DIGEST_SIZE];
MD5Init (&md5);
- MD5Update (&md5, (const unsigned char*)username, strlen (username));
- MD5Update (&md5, (const unsigned char*)":", 1);
- MD5Update (&md5, (const unsigned char*)realm, strlen (realm));
- MD5Update (&md5, (const unsigned char*)":", 1);
- MD5Update (&md5, (const unsigned char*)password, strlen (password));
- MD5Final (ha1, &md5);
- if (MHD_str_equal_caseless_(alg, "md5-sess"))
+ MD5Update (&md5,
+ (const unsigned char *) username,
+ strlen (username));
+ MD5Update (&md5,
+ (const unsigned char *) ":",
+ 1);
+ MD5Update (&md5,
+ (const unsigned char *) realm,
+ strlen (realm));
+ MD5Update (&md5,
+ (const unsigned char *) ":",
+ 1);
+ MD5Update (&md5,
+ (const unsigned char *) password,
+ strlen (password));
+ MD5Final (ha1,
+ &md5);
+ if (MHD_str_equal_caseless_(alg,
+ "md5-sess"))
{
MD5Init (&md5);
- MD5Update (&md5, (const unsigned char*)ha1, sizeof (ha1));
- MD5Update (&md5, (const unsigned char*)":", 1);
- MD5Update (&md5, (const unsigned char*)nonce, strlen (nonce));
- MD5Update (&md5, (const unsigned char*)":", 1);
- MD5Update (&md5, (const unsigned char*)cnonce, strlen (cnonce));
- MD5Final (ha1, &md5);
+ MD5Update (&md5,
+ (const unsigned char *) ha1,
+ sizeof (ha1));
+ MD5Update (&md5,
+ (const unsigned char *) ":",
+ 1);
+ MD5Update (&md5,
+ (const unsigned char *) nonce,
+ strlen (nonce));
+ MD5Update (&md5,
+ (const unsigned char *) ":",
+ 1);
+ MD5Update (&md5,
+ (const unsigned char *) cnonce,
+ strlen (cnonce));
+ MD5Final (ha1,
+ &md5);
}
- cvthex (ha1, sizeof (ha1), sessionkey);
+ cvthex (ha1,
+ sizeof (ha1),
+ sessionkey);
}
@@ -167,39 +192,78 @@
char ha2hex[HASH_MD5_HEX_LEN + 1];
MD5Init (&md5);
- MD5Update (&md5, (const unsigned char*)method, strlen(method));
- MD5Update (&md5, (const unsigned char*)":", 1);
- MD5Update (&md5, (const unsigned char*)uri, strlen(uri));
+ MD5Update (&md5,
+ (const unsigned char *) method,
+ strlen (method));
+ MD5Update (&md5,
+ (const unsigned char *) ":",
+ 1);
+ MD5Update (&md5,
+ (const unsigned char *) uri,
+ strlen (uri));
#if 0
- if (0 == strcasecmp(qop, "auth-int"))
+ if (0 == strcasecmp(qop,
+ "auth-int"))
{
/* This is dead code since the rest of this module does
not support auth-int. */
- MD5Update (&md5, ":", 1);
+ MD5Update (&md5,
+ ":",
+ 1);
if (NULL != hentity)
- MD5Update (&md5, hentity, strlen(hentity));
+ MD5Update (&md5,
+ hentity,
+ strlen (hentity));
}
#endif
- MD5Final (ha2, &md5);
- cvthex (ha2, MD5_DIGEST_SIZE, ha2hex);
+ MD5Final (ha2,
+ &md5);
+ cvthex (ha2,
+ MD5_DIGEST_SIZE,
+ ha2hex);
MD5Init (&md5);
/* calculate response */
- MD5Update (&md5, (const unsigned char*)ha1, HASH_MD5_HEX_LEN);
- MD5Update (&md5, (const unsigned char*)":", 1);
- MD5Update (&md5, (const unsigned char*)nonce, strlen(nonce));
- MD5Update (&md5, (const unsigned char*)":", 1);
+ MD5Update (&md5,
+ (const unsigned char *) ha1,
+ HASH_MD5_HEX_LEN);
+ MD5Update (&md5,
+ (const unsigned char *) ":",
+ 1);
+ MD5Update (&md5,
+ (const unsigned char *) nonce,
+ strlen (nonce));
+ MD5Update (&md5,
+ (const unsigned char*) ":",
+ 1);
if ('\0' != *qop)
{
- MD5Update (&md5, (const unsigned char*)noncecount, strlen(noncecount));
- MD5Update (&md5, (const unsigned char*)":", 1);
- MD5Update (&md5, (const unsigned char*)cnonce, strlen(cnonce));
- MD5Update (&md5, (const unsigned char*)":", 1);
- MD5Update (&md5, (const unsigned char*)qop, strlen(qop));
- MD5Update (&md5, (const unsigned char*)":", 1);
+ MD5Update (&md5,
+ (const unsigned char *) noncecount,
+ strlen (noncecount));
+ MD5Update (&md5,
+ (const unsigned char *) ":",
+ 1);
+ MD5Update (&md5,
+ (const unsigned char *) cnonce,
+ strlen (cnonce));
+ MD5Update (&md5,
+ (const unsigned char *) ":",
+ 1);
+ MD5Update (&md5,
+ (const unsigned char *) qop,
+ strlen (qop));
+ MD5Update (&md5,
+ (const unsigned char *) ":",
+ 1);
}
- MD5Update (&md5, (const unsigned char*)ha2hex, HASH_MD5_HEX_LEN);
- MD5Final (resphash, &md5);
- cvthex (resphash, sizeof(resphash), response);
+ MD5Update (&md5,
+ (const unsigned char *) ha2hex,
+ HASH_MD5_HEX_LEN);
+ MD5Final (resphash,
+ &md5);
+ cvthex (resphash,
+ sizeof(resphash),
+ response);
}
@@ -237,7 +301,8 @@
ptr = data;
while ('\0' != *ptr)
{
- if (NULL == (eq = strchr (ptr, '=')))
+ if (NULL == (eq = strchr (ptr,
+ '=')))
return 0;
q1 = eq + 1;
while (' ' == *q1)
@@ -244,20 +309,22 @@
q1++;
if ('\"' != *q1)
{
- q2 = strchr (q1, ',');
+ q2 = strchr (q1,
+ ',');
qn = q2;
}
else
{
q1++;
- q2 = strchr (q1, '\"');
+ q2 = strchr (q1,
+ '\"');
if (NULL == q2)
return 0; /* end quote not found */
qn = q2 + 1;
}
- if ((MHD_str_equal_caseless_n_(ptr,
- key,
- keylen)) &&
+ if ( (MHD_str_equal_caseless_n_(ptr,
+ key,
+ keylen)) &&
(eq == &ptr[keylen]) )
{
if (NULL == q2)
@@ -286,7 +353,8 @@
}
if (NULL == qn)
return 0;
- ptr = strchr (qn, ',');
+ ptr = strchr (qn,
+ ',');
if (NULL == ptr)
return 0;
ptr++;
@@ -311,6 +379,8 @@
const char *nonce,
uint64_t nc)
{
+ struct MHD_Daemon *daemon = connection->daemon;
+ struct MHD_NonceNc *nn;
uint32_t off;
uint32_t mod;
const char *np;
@@ -320,7 +390,7 @@
tools have a hard time with it *and* this also
protects against unsafe modifications that may
happen in the future... */
- mod = connection->daemon->nonce_nc_size;
+ mod = daemon->nonce_nc_size;
if (0 == mod)
return MHD_NO; /* no array! */
/* super-fast xor-based "hash" function for HT lookup in nonce array */
@@ -337,28 +407,50 @@
* nonce counter is less than the current nonce counter by 1,
* then only increase the nonce counter by one.
*/
-
- (void) MHD_mutex_lock_ (&connection->daemon->nnc_lock);
+ nn = &daemon->nnc[off];
+ (void) MHD_mutex_lock_ (&daemon->nnc_lock);
if (0 == nc)
{
- strcpy (connection->daemon->nnc[off].nonce,
+ /* Fresh nonce, reinitialize array */
+ strcpy (nn->nonce,
nonce);
- connection->daemon->nnc[off].nc = 0;
- (void) MHD_mutex_unlock_ (&connection->daemon->nnc_lock);
+ nn->nc = 0;
+ nn->nmask = 0;
+ (void) MHD_mutex_unlock_ (&daemon->nnc_lock);
return MHD_YES;
}
- if ( (nc <= connection->daemon->nnc[off].nc) ||
- (0 != strcmp(connection->daemon->nnc[off].nonce, nonce)) )
+ /* Note that we use 64 here, as we do not store the
+ bit for 'nn->nc' itself in 'nn->nmask' */
+ if ( (nc < nn->nc) &&
+ (nc + 64 > nc /* checking for overflow */) &&
+ (nc + 64 >= nn->nc) &&
+ (0 == (1LLU < (nn->nc - nc - 1)) & nn->nmask) )
{
- (void) MHD_mutex_unlock_ (&connection->daemon->nnc_lock);
+ /* Out-of-order nonce, but within 64-bit bitmask, set bit */
+ nn->nmask |= (1LLU < (nn->nc - nc - 1));
+ (void) MHD_mutex_unlock_ (&daemon->nnc_lock);
+ return MHD_YES;
+ }
+
+ if ( (nc <= nn->nc) ||
+ (0 != strcmp (nn->nonce,
+ nonce)) )
+ {
+ /* Nonce does not match, fail */
+ (void) MHD_mutex_unlock_ (&daemon->nnc_lock);
#ifdef HAVE_MESSAGES
- MHD_DLOG (connection->daemon,
- "Stale nonce received. If this happens a lot, you should
probably increase the size of the nonce array.\n");
+ MHD_DLOG (daemon,
+ _("Stale nonce received. If this happens a lot, you should
probably increase the size of the nonce array.\n"));
#endif
return MHD_NO;
}
- connection->daemon->nnc[off].nc = nc;
- (void) MHD_mutex_unlock_ (&connection->daemon->nnc_lock);
+ /* Nonce is larger, shift bitmask and bump limit */
+ if (64 > nc - nn->nc)
+ nn->nmask <<= (nc - nn->nc); /* small jump, less than mask width */
+ else
+ nn->nmask = 0; /* big jump, unset all bits in the mask */
+ nn->nc = nc;
+ (void) MHD_mutex_unlock_ (&daemon->nnc_lock);
return MHD_YES;
}
@@ -378,11 +470,14 @@
char user[MAX_USERNAME_LENGTH];
const char *header;
- if (NULL == (header = MHD_lookup_connection_value (connection,
- MHD_HEADER_KIND,
-
MHD_HTTP_HEADER_AUTHORIZATION)))
+ if (NULL == (header =
+ MHD_lookup_connection_value (connection,
+ MHD_HEADER_KIND,
+ MHD_HTTP_HEADER_AUTHORIZATION)))
return NULL;
- if (0 != strncmp (header, _BASE, strlen (_BASE)))
+ if (0 != strncmp (header,
+ _BASE,
+ strlen (_BASE)))
return NULL;
header += strlen (_BASE);
if (0 == (len = lookup_sub_value (user,
@@ -426,20 +521,45 @@
timestamp[1] = (unsigned char)((nonce_time & 0x00ff0000) >> 0x10);
timestamp[2] = (unsigned char)((nonce_time & 0x0000ff00) >> 0x08);
timestamp[3] = (unsigned char)((nonce_time & 0x000000ff));
- MD5Update (&md5, timestamp, sizeof(timestamp));
- MD5Update (&md5, (const unsigned char*)":", 1);
- MD5Update (&md5, (const unsigned char*)method, strlen (method));
- MD5Update (&md5, (const unsigned char*)":", 1);
+ MD5Update (&md5,
+ timestamp,
+ sizeof (timestamp));
+ MD5Update (&md5,
+ (const unsigned char *) ":",
+ 1);
+ MD5Update (&md5,
+ (const unsigned char *) method,
+ strlen (method));
+ MD5Update (&md5,
+ (const unsigned char *) ":",
+ 1);
if (rnd_size > 0)
- MD5Update (&md5, (const unsigned char*)rnd, rnd_size);
- MD5Update (&md5, (const unsigned char*)":", 1);
- MD5Update (&md5, (const unsigned char*)uri, strlen (uri));
- MD5Update (&md5, (const unsigned char*)":", 1);
- MD5Update (&md5, (const unsigned char*)realm, strlen (realm));
- MD5Final (tmpnonce, &md5);
- cvthex (tmpnonce, sizeof (tmpnonce), nonce);
- cvthex (timestamp, sizeof(timestamp), timestamphex);
- strncat (nonce, timestamphex, 8);
+ MD5Update (&md5,
+ (const unsigned char *) rnd,
+ rnd_size);
+ MD5Update (&md5,
+ (const unsigned char *) ":",
+ 1);
+ MD5Update (&md5,
+ (const unsigned char *) uri,
+ strlen (uri));
+ MD5Update (&md5,
+ (const unsigned char *) ":",
+ 1);
+ MD5Update (&md5,
+ (const unsigned char *) realm,
+ strlen (realm));
+ MD5Final (tmpnonce,
+ &md5);
+ cvthex (tmpnonce,
+ sizeof (tmpnonce),
+ nonce);
+ cvthex (timestamp,
+ sizeof (timestamp),
+ timestamphex);
+ strncat (nonce,
+ timestamphex,
+ 8);
}
@@ -466,7 +586,8 @@
{
if (kind != pos->kind)
continue;
- if (0 != strcmp (key, pos->header))
+ if (0 != strcmp (key,
+ pos->header))
continue;
if ( (NULL == value) &&
(NULL == pos->value) )
@@ -473,7 +594,8 @@
return MHD_YES;
if ( (NULL == value) ||
(NULL == pos->value) ||
- (0 != strcmp (value, pos->value)) )
+ (0 != strcmp (value,
+ pos->value)) )
continue;
return MHD_YES;
}
@@ -505,7 +627,7 @@
{
#ifdef HAVE_MESSAGES
MHD_DLOG (connection->daemon,
- "Failed to allocate memory for copy of URI arguments\n");
+ _("Failed to allocate memory for copy of URI arguments\n"));
#endif /* HAVE_MESSAGES */
return MHD_NO;
}
@@ -553,6 +675,7 @@
const char *password,
unsigned int nonce_timeout)
{
+ struct MHD_Daemon *daemon = connection->daemon;
size_t len;
const char *header;
char nonce[MAX_NONCE_LENGTH];
@@ -574,7 +697,9 @@
MHD_HTTP_HEADER_AUTHORIZATION);
if (NULL == header)
return MHD_NO;
- if (0 != strncmp(header, _BASE, strlen(_BASE)))
+ if (0 != strncmp (header,
+ _BASE,
+ strlen(_BASE)))
return MHD_NO;
header += strlen (_BASE);
left = strlen (header);
@@ -584,9 +709,11 @@
len = lookup_sub_value (un,
sizeof (un),
- header, "username");
+ header,
+ "username");
if ( (0 == len) ||
- (0 != strcmp(username, un)) )
+ (0 != strcmp (username,
+ un)) )
return MHD_NO;
left -= strlen ("username") + len;
}
@@ -596,9 +723,11 @@
len = lookup_sub_value (r,
sizeof (r),
- header, "realm");
+ header,
+ "realm");
if ( (0 == len) ||
- (0 != strcmp(realm, r)) )
+ (0 != strcmp (realm,
+ r)) )
return MHD_NO;
left -= strlen ("realm") + len;
}
@@ -605,7 +734,8 @@
if (0 == (len = lookup_sub_value (nonce,
sizeof (nonce),
- header, "nonce")))
+ header,
+ "nonce")))
return MHD_NO;
left -= strlen ("nonce") + len;
if (left > 32 * 1024)
@@ -619,12 +749,14 @@
header value. */
return MHD_NO;
}
- if (TIMESTAMP_HEX_LEN != MHD_strx_to_uint32_n_ (nonce + len -
TIMESTAMP_HEX_LEN,
- TIMESTAMP_HEX_LEN,
&nonce_time))
+ if (TIMESTAMP_HEX_LEN !=
+ MHD_strx_to_uint32_n_ (nonce + len - TIMESTAMP_HEX_LEN,
+ TIMESTAMP_HEX_LEN,
+ &nonce_time))
{
#ifdef HAVE_MESSAGES
- MHD_DLOG (connection->daemon,
- "Authentication failed, invalid timestamp format.\n");
+ MHD_DLOG (daemon,
+ _("Authentication failed, invalid timestamp format.\n"));
#endif
return MHD_NO;
}
@@ -643,8 +775,8 @@
calculate_nonce (nonce_time,
connection->method,
- connection->daemon->digest_auth_random,
- connection->daemon->digest_auth_rand_size,
+ daemon->digest_auth_random,
+ daemon->digest_auth_rand_size,
connection->url,
realm,
noncehashexp);
@@ -664,34 +796,51 @@
}
if ( (0 == lookup_sub_value (cnonce,
sizeof (cnonce),
- header, "cnonce")) ||
- (0 == lookup_sub_value (qop, sizeof (qop), header, "qop")) ||
- ( (0 != strcmp (qop, "auth")) &&
- (0 != strcmp (qop, "")) ) ||
- (0 == (len = lookup_sub_value (nc, sizeof (nc), header, "nc")) ) ||
- (0 == lookup_sub_value (response, sizeof (response), header,
"response")) )
+ header,
+ "cnonce")) ||
+ (0 == lookup_sub_value (qop,
+ sizeof (qop),
+ header,
+ "qop")) ||
+ ( (0 != strcmp (qop,
+ "auth")) &&
+ (0 != strcmp (qop,
+ "")) ) ||
+ (0 == (len = lookup_sub_value (nc,
+ sizeof (nc),
+ header,
+ "nc")) ) ||
+ (0 == lookup_sub_value (response,
+ sizeof (response),
+ header,
+ "response")) )
{
#ifdef HAVE_MESSAGES
- MHD_DLOG (connection->daemon,
- "Authentication failed, invalid format.\n");
+ MHD_DLOG (daemon,
+ _("Authentication failed, invalid format.\n"));
#endif
return MHD_NO;
}
- if (len != MHD_strx_to_uint64_n_ (nc, len, &nci))
+ if (len != MHD_strx_to_uint64_n_ (nc,
+ len,
+ &nci))
{
#ifdef HAVE_MESSAGES
- MHD_DLOG (connection->daemon,
- "Authentication failed, invalid nc format.\n");
+ MHD_DLOG (daemon,
+ _("Authentication failed, invalid nc format.\n"));
#endif
return MHD_NO; /* invalid nonce format */
}
+
/*
* Checking if that combination of nonce and nc is sound
* and not a replay attack attempt. Also adds the nonce
* to the nonce-nc map if it does not exist there.
*/
-
- if (MHD_YES != check_nonce_nc (connection, nonce, nci))
+ if (MHD_YES !=
+ check_nonce_nc (connection,
+ nonce,
+ nci))
{
return MHD_NO;
}
@@ -703,26 +852,27 @@
if (NULL == uri)
{
#ifdef HAVE_MESSAGES
- MHD_DLOG(connection->daemon,
- "Failed to allocate memory for auth header processing\n");
+ MHD_DLOG(daemon,
+ _("Failed to allocate memory for auth header processing\n"));
#endif /* HAVE_MESSAGES */
return MHD_NO;
}
if (0 == lookup_sub_value (uri,
left + 1,
- header, "uri"))
+ header,
+ "uri"))
{
free (uri);
return MHD_NO;
}
- digest_calc_ha1("md5",
- username,
- realm,
- password,
- nonce,
- cnonce,
- ha1);
+ digest_calc_ha1 ("md5",
+ username,
+ realm,
+ password,
+ nonce,
+ cnonce,
+ ha1);
digest_calc_response (ha1,
nonce,
nc,
@@ -734,16 +884,16 @@
respexp);
/* Need to unescape URI before comparing with connection->url */
- connection->daemon->unescape_callback
(connection->daemon->unescape_callback_cls,
- connection,
- uri);
+ daemon->unescape_callback (daemon->unescape_callback_cls,
+ connection,
+ uri);
if (0 != strncmp (uri,
connection->url,
strlen (connection->url)))
{
#ifdef HAVE_MESSAGES
- MHD_DLOG (connection->daemon,
- "Authentication failed, URI does not match.\n");
+ MHD_DLOG (daemon,
+ _("Authentication failed, URI does not match.\n"));
#endif
free (uri);
return MHD_NO;
@@ -750,7 +900,8 @@
}
{
- const char *args = strchr (uri, '?');
+ const char *args = strchr (uri,
+ '?');
if (NULL == args)
args = "";
@@ -761,8 +912,8 @@
args) )
{
#ifdef HAVE_MESSAGES
- MHD_DLOG (connection->daemon,
- "Authentication failed, arguments do not match.\n");
+ MHD_DLOG (daemon,
+ _("Authentication failed, arguments do not match.\n"));
#endif
free (uri);
return MHD_NO;
@@ -769,7 +920,8 @@
}
}
free (uri);
- return (0 == strcmp(response, respexp))
+ return (0 == strcmp(response,
+ respexp))
? MHD_YES
: MHD_NO;
}
@@ -809,66 +961,71 @@
connection->url,
realm,
nonce);
- if (MHD_YES != check_nonce_nc (connection, nonce, 0))
+ if (MHD_YES !=
+ check_nonce_nc (connection,
+ nonce,
+ 0))
{
#ifdef HAVE_MESSAGES
MHD_DLOG (connection->daemon,
- "Could not register nonce (is the nonce array size zero?).\n");
+ _("Could not register nonce (is the nonce array size
zero?).\n"));
#endif
return MHD_NO;
}
/* Building the authentication header */
- hlen = MHD_snprintf_(NULL,
- 0,
- "Digest
realm=\"%s\",qop=\"auth\",nonce=\"%s\",opaque=\"%s\"%s",
- realm,
- nonce,
- opaque,
- signal_stale
- ? ",stale=\"true\""
- : "");
+ hlen = MHD_snprintf_ (NULL,
+ 0,
+ "Digest
realm=\"%s\",qop=\"auth\",nonce=\"%s\",opaque=\"%s\"%s",
+ realm,
+ nonce,
+ opaque,
+ signal_stale
+ ? ",stale=\"true\""
+ : "");
if (hlen > 0)
- {
- char *header;
+ {
+ char *header;
- header = malloc(hlen + 1);
- if (NULL == header)
- {
+ header = malloc (hlen + 1);
+ if (NULL == header)
+ {
#ifdef HAVE_MESSAGES
- MHD_DLOG(connection->daemon,
- "Failed to allocate memory for auth response header\n");
+ MHD_DLOG(connection->daemon,
+ _("Failed to allocate memory for auth response header\n"));
#endif /* HAVE_MESSAGES */
- return MHD_NO;
+ return MHD_NO;
+ }
+
+ if (MHD_snprintf_ (header,
+ hlen + 1,
+ "Digest
realm=\"%s\",qop=\"auth\",nonce=\"%s\",opaque=\"%s\"%s",
+ realm,
+ nonce,
+ opaque,
+ signal_stale
+ ? ",stale=\"true\""
+ : "") == hlen)
+ ret = MHD_add_response_header(response,
+ MHD_HTTP_HEADER_WWW_AUTHENTICATE,
+ header);
+ else
+ ret = MHD_NO;
+ free (header);
}
-
- if (MHD_snprintf_(header,
- hlen + 1,
- "Digest realm=\"%s\",qop=\"auth\",nonce=\"%s\",opaque=\"%s\"%s",
- realm,
- nonce,
- opaque,
- signal_stale
- ? ",stale=\"true\""
- : "") == hlen)
- ret = MHD_add_response_header(response,
- MHD_HTTP_HEADER_WWW_AUTHENTICATE,
- header);
- else
- ret = MHD_NO;
- free(header);
- }
else
ret = MHD_NO;
if (MHD_YES == ret)
- ret = MHD_queue_response(connection,
- MHD_HTTP_UNAUTHORIZED,
- response);
+ {
+ ret = MHD_queue_response (connection,
+ MHD_HTTP_UNAUTHORIZED,
+ response);
+ }
else
{
#ifdef HAVE_MESSAGES
MHD_DLOG (connection->daemon,
- "Failed to add Digest auth header\n");
+ _("Failed to add Digest auth header\n"));
#endif /* HAVE_MESSAGES */
}
return ret;
Modified: libmicrohttpd/src/microhttpd/internal.h
===================================================================
--- libmicrohttpd/src/microhttpd/internal.h 2016-09-06 21:00:36 UTC (rev
37898)
+++ libmicrohttpd/src/microhttpd/internal.h 2016-09-06 21:42:07 UTC (rev
37899)
@@ -197,6 +197,12 @@
uint64_t nc;
/**
+ * Bitmask over the nc-64 previous nonce values. Used to
+ * allow out-of-order nonces.
+ */
+ uint64_t nmask;
+
+ /**
* Nonce value:
*/
char nonce[MAX_NONCE_LENGTH];
@@ -1499,7 +1505,7 @@
struct MHD_NonceNc *nnc;
/**
- * A rw-lock for synchronizing access to `nnc'.
+ * A rw-lock for synchronizing access to @e nnc.
*/
MHD_mutex_ nnc_lock;
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r37899 - in libmicrohttpd: . src/microhttpd,
gnunet <=