[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] 03/07: digest auth: added default timeout and max nc val
From: |
gnunet |
Subject: |
[libmicrohttpd] 03/07: digest auth: added default timeout and max nc values |
Date: |
Fri, 29 Dec 2023 14:59:31 +0100 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a commit to branch master
in repository libmicrohttpd.
commit ff63d75797ddcaf223197e12b12def2b0803588c
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Thu Dec 28 12:44:46 2023 +0300
digest auth: added default timeout and max nc values
---
src/include/microhttpd.h | 14 ++++++++------
src/microhttpd/daemon.c | 2 ++
src/microhttpd/digestauth.c | 28 ++++++++++++++++++----------
src/microhttpd/internal.h | 10 ++++++++++
4 files changed, 38 insertions(+), 16 deletions(-)
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index 84b0d23d..c2873056 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -96,7 +96,7 @@ extern "C"
* they are parsed as decimal numbers.
* Example: 0x01093001 = 1.9.30-1.
*/
-#define MHD_VERSION 0x00097707
+#define MHD_VERSION 0x00097708
/* If generic headers don't work on your platform, include headers
which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t',
@@ -5524,17 +5524,18 @@ enum MHD_DigestAuthResult
* even if userhash is used by the client
* @param password the password matching the @a username (and the @a realm)
* @param nonce_timeout the period of seconds since nonce generation, when
- * the nonce is recognised as valid and not stale.
+ * the nonce is recognised as valid and not stale;
+ * if zero is specified then daemon default value is used.
* @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc
* exceeds the specified value then MHD_DAUTH_NONCE_STALE is
* returned;
- * zero for no limit
+ * if zero is specified then daemon default value is used.
* @param mqop the QOP to use
* @param malgo3 digest algorithms allowed to use, fail if algorithm used
* by the client is not allowed by this parameter
* @return #MHD_DAUTH_OK if authenticated,
* the error code otherwise
- * @note Available since #MHD_VERSION 0x00097701
+ * @note Available since #MHD_VERSION 0x00097708
* @ingroup authentication
*/
_MHD_EXTERN enum MHD_DigestAuthResult
@@ -5614,11 +5615,12 @@ MHD_digest_auth_calc_userdigest (enum
MHD_DigestAuthAlgo3 algo3,
* #MHD_SHA256_DIGEST_SIZE, #MHD_SHA512_256_DIGEST_SIZE,
* #MHD_digest_get_hash_size())
* @param nonce_timeout the period of seconds since nonce generation, when
- * the nonce is recognised as valid and not stale.
+ * the nonce is recognised as valid and not stale;
+ * if zero is specified then daemon default value is used.
* @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc
* exceeds the specified value then MHD_DAUTH_NONCE_STALE is
* returned;
- * zero for no limit
+ * if zero is specified then daemon default value is used.
* @param mqop the QOP to use
* @param malgo3 digest algorithms allowed to use, fail if algorithm used
* by the client is not allowed by this parameter;
diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c
index cf5203aa..b1640878 100644
--- a/src/microhttpd/daemon.c
+++ b/src/microhttpd/daemon.c
@@ -7778,6 +7778,8 @@ MHD_start_daemon_va (unsigned int flags,
daemon->digest_auth_rand_size = 0;
daemon->digest_auth_random = NULL;
daemon->nonce_nc_size = 4; /* tiny */
+ daemon->dauth_def_nonce_timeout = 90;
+ daemon->dauth_def_max_nc = 1000;
#endif
#ifdef HTTPS_SUPPORT
if (0 != (*pflags & MHD_USE_TLS))
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index 69f9c227..58561abb 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -2515,11 +2515,12 @@ is_param_equal_caseless (const struct MHD_RqDAuthParam
*param,
* "username:realm:password",
* must be NULL if @a password is not NULL
* @param nonce_timeout the period of seconds since nonce generation, when
- * the nonce is recognised as valid and not stale.
+ * the nonce is recognised as valid and not stale;
+ * unlike #digest_auth_check_all() zero is used literally
* @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc
* exceeds the specified value then MHD_DAUTH_NONCE_STALE is
* returned;
- * zero for no limit
+ * unlike #digest_auth_check_all() zero is treated as "no limit"
* @param mqop the QOP to use
* @param malgo3 digest algorithms allowed to use, fail if algorithm specified
* by the client is not allowed by this parameter
@@ -3063,11 +3064,12 @@ digest_auth_check_all_inner (struct MHD_Connection
*connection,
* "username:realm:password",
* must be NULL if @a password is not NULL
* @param nonce_timeout the period of seconds since nonce generation, when
- * the nonce is recognised as valid and not stale.
+ * the nonce is recognised as valid and not stale;
+ * if set to zero then daemon's default value is used
* @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc
* exceeds the specified value then MHD_DAUTH_NONCE_STALE is
* returned;
- * zero for no limit
+ * if set to zero then daemon's default value is used
* @param mqop the QOP to use
* @param malgo3 digest algorithms allowed to use, fail if algorithm specified
* by the client is not allowed by this parameter
@@ -3092,6 +3094,10 @@ digest_auth_check_all (struct MHD_Connection *connection,
buf = NULL;
digest_setup_zero (&da);
+ if (0 == nonce_timeout)
+ nonce_timeout = connection->daemon->dauth_def_nonce_timeout;
+ if (0 == max_nc)
+ max_nc = connection->daemon->dauth_def_max_nc;
res = digest_auth_check_all_inner (connection, realm, username, password,
userdigest,
nonce_timeout,
@@ -3156,17 +3162,18 @@ MHD_digest_auth_check (struct MHD_Connection
*connection,
* even if userhash is used by the client
* @param password the password matching the @a username (and the @a realm)
* @param nonce_timeout the period of seconds since nonce generation, when
- * the nonce is recognised as valid and not stale.
+ * the nonce is recognised as valid and not stale;
+ * if zero is specified then daemon default value is used.
* @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc
* exceeds the specified value then MHD_DAUTH_NONCE_STALE is
* returned;
- * zero for no limit
+ * if zero is specified then daemon default value is used.
* @param mqop the QOP to use
* @param malgo3 digest algorithms allowed to use, fail if algorithm used
* by the client is not allowed by this parameter
* @return #MHD_DAUTH_OK if authenticated,
* the error code otherwise
- * @note Available since #MHD_VERSION 0x00097701
+ * @note Available since #MHD_VERSION 0x00097708
* @ingroup authentication
*/
_MHD_EXTERN enum MHD_DigestAuthResult
@@ -3217,11 +3224,12 @@ MHD_digest_auth_check3 (struct MHD_Connection
*connection,
* #MHD_SHA256_DIGEST_SIZE, #MHD_SHA512_256_DIGEST_SIZE,
* #MHD_digest_get_hash_size())
* @param nonce_timeout the period of seconds since nonce generation, when
- * the nonce is recognised as valid and not stale.
+ * the nonce is recognised as valid and not stale;
+ * if zero is specified then daemon default value is used.
* @param max_nc the maximum allowed nc (Nonce Count) value, if client's nc
* exceeds the specified value then MHD_DAUTH_NONCE_STALE is
* returned;
- * zero for no limit
+ * if zero is specified then daemon default value is used.
* @param mqop the QOP to use
* @param malgo3 digest algorithms allowed to use, fail if algorithm used
* by the client is not allowed by this parameter;
@@ -3231,7 +3239,7 @@ MHD_digest_auth_check3 (struct MHD_Connection *connection,
* @return #MHD_DAUTH_OK if authenticated,
* the error code otherwise
* @sa #MHD_digest_auth_calc_userdigest()
- * @note Available since #MHD_VERSION 0x00097701
+ * @note Available since #MHD_VERSION 0x00097708
* @ingroup authentication
*/
_MHD_EXTERN enum MHD_DigestAuthResult
diff --git a/src/microhttpd/internal.h b/src/microhttpd/internal.h
index b26e4a0d..6a2a22df 100644
--- a/src/microhttpd/internal.h
+++ b/src/microhttpd/internal.h
@@ -2429,6 +2429,16 @@ struct MHD_Daemon
* Nonce bind type.
*/
unsigned int dauth_bind_type;
+
+ /**
+ * Default nonce validity length.
+ */
+ unsigned int dauth_def_nonce_timeout;
+
+ /**
+ * Default maximum nc (nonce count) value.
+ */
+ uint32_t dauth_def_max_nc;
#endif
#ifdef TCP_FASTOPEN
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [libmicrohttpd] branch master updated (c39c55a2 -> a532889e), gnunet, 2023/12/29
- [libmicrohttpd] 02/07: internal.h: reordered members in struct MHD_Daemon, gnunet, 2023/12/29
- [libmicrohttpd] 04/07: Added daemon options for default nonce timeout and max nc values, gnunet, 2023/12/29
- [libmicrohttpd] 07/07: test_digestauth_concurrent: fixed error message, gnunet, 2023/12/29
- [libmicrohttpd] 06/07: configure: implemented setting DAuth defaults by parameters, gnunet, 2023/12/29
- [libmicrohttpd] 05/07: tests: added setting of DAuth max nc value by daemon option, gnunet, 2023/12/29
- [libmicrohttpd] 03/07: digest auth: added default timeout and max nc values,
gnunet <=
- [libmicrohttpd] 01/07: microhttpd.h: minor doxy improvement, gnunet, 2023/12/29