Hi,
I'm trying to update my 8 year old code to use digest authentication where previously it only supported basic.
I'm trying to use *con_cls (*ptr in my code) to determine when to authenticate but it's not working, *con_cls always seems to be null, even after I've set it, so it's authenticating every time.
I mostly get MHD_digest_auth_check() failures returning INVALID_NONCE and the Client never stops asking for credentials even when the authentication passes, which it does occasionally.
I'm missing something crucial but I can't see it.
The authentication part of my access_handler is shown below
Many thanks
David
static int aptr; if (bDigestAuth) { printf("URL:%s, con_cls:%p\r\n", url, *ptr); //HACK to see if digest authentication works and allows ONVIF snapshorUri test to pass //Only works for Admin-Admin if (&aptr != *ptr) { /* Only authenticate on first call of session*/ char *username; const char *password = "Admin";
g_CameraData->GetRealmName(g_szRealm, sizeof(g_szRealm));
username = MHD_digest_auth_get_username(connection); if (username == NULL) { response = MHD_create_response_from_data (strlen (NOTAUTH_RESPONSE), (void *) NOTAUTH_RESPONSE, MHD_NO, MHD_NO); ret = MHD_queue_auth_fail_response(connection, g_szRealm, OPAQUE, response, MHD_NO); MHD_destroy_response(response); pthread_mutex_unlock (&m_AuthMutex); //unlock after authorization // printf("Failed digest auth, no username\r\n"); return ret; } printf("Applying digest auth to user: %s, realm:%s, con_cls:%p\r\n", username, g_szRealm, *ptr); *ptr = &aptr; //set this for session ret = MHD_digest_auth_check(connection, g_szRealm, username, password, 300); printf("Checking digest auth for username: %s, password: %s, realm:%s\r\n", username, password, g_szRealm); free(username); if ( (ret == MHD_INVALID_NONCE) || (ret == MHD_NO) ) { printf("Failed digest auth, invalid nonce, ret:%d\r\n", ret); response = MHD_create_response_from_data (strlen (NOTAUTH_RESPONSE), (void *) NOTAUTH_RESPONSE, MHD_NO, MHD_NO); if (NULL == response) return MHD_NO; ret = MHD_queue_auth_fail_response(connection, g_szRealm, OPAQUE, response, (ret == MHD_INVALID_NONCE) ? MHD_YES : MHD_NO); MHD_destroy_response(response); pthread_mutex_unlock (&m_AuthMutex); //unlock after authorization return ret; } //PASSED printf("PASSED digest auth\r\n"); } else { printf("No digest auth required\r\n"); } }
|