Gitiles
Code Review Sign In
realtimeroboticsgroup.org / RealtimeRoboticsGroup / test / 82f6c040fdd33ed449e6064dbd7eab8496367e65 / . / src / http / auth.c
blob: 68dd17150f49ea521d033efb870542da597886fb [file] [log] [blame]
James Kuszmaul82f6c042021-01-17 11:30:16 -0800[diff] [blame^]1/**
2 * @file http/auth.c HTTP Authentication
3 *
4 * Copyright (C) 2011 Creytiv.com
5 */
6
7#include <string.h>
8#include <time.h>
9#include <re_types.h>
10#include <re_sys.h>
11#include <re_md5.h>
12#include <re_sa.h>
13#include <re_list.h>
14#include <re_fmt.h>
15#include <re_msg.h>
16#include <re_httpauth.h>
17#include <re_http.h>
18
19
20enum {
21 NONCE_EXPIRES = 300,
22 NONCE_MIN_SIZE = 33,
23};
24
25
26static uint64_t secret;
27static bool secret_set;
28
29
30/**
31 * Print HTTP digest authentication challenge
32 *
33 * @param pf Print function for output
34 * @param auth Authentication parameteres
35 *
36 * @return 0 if success, otherwise errorcode
37 */
38int http_auth_print_challenge(struct re_printf *pf,
39 const struct http_auth *auth)
40{
41 uint8_t key[MD5_SIZE];
42 uint64_t nv[2];
43
44 if (!auth)
45 return 0;
46
47 if (!secret_set) {
48 secret = rand_u64();
49 secret_set = true;
50 }
51
52 nv[0] = time(NULL);
53 nv[1] = secret;
54
55 md5((uint8_t *)nv, sizeof(nv), key);
56
57 return re_hprintf(pf,
58 "Digest realm=\"%s\", nonce=\"%w%llx\", "
59 "qop=\"auth\"%s",
60 auth->realm,
61 key, sizeof(key), nv[0],
62 auth->stale ? ", stale=true" : "");
63}
64
65
66static int chk_nonce(const struct pl *nonce, uint32_t expires)
67{
68 uint8_t nkey[MD5_SIZE], ckey[MD5_SIZE];
69 uint64_t nv[2];
70 struct pl pl;
71 int64_t age;
72 unsigned i;
73
74 if (!nonce || !nonce->p || nonce->l < NONCE_MIN_SIZE)
75 return EINVAL;
76
77 pl = *nonce;
78
79 for (i=0; i<sizeof(nkey); i++) {
80 nkey[i] = ch_hex(*pl.p++) << 4;
81 nkey[i] += ch_hex(*pl.p++);
82 pl.l -= 2;
83 }
84
85 nv[0] = pl_x64(&pl);
86 nv[1] = secret;
87
88 md5((uint8_t *)nv, sizeof(nv), ckey);
89
90 if (memcmp(nkey, ckey, MD5_SIZE))
91 return EAUTH;
92
93 age = time(NULL) - nv[0];
94
95 if (age < 0 || age > expires)
96 return ETIMEDOUT;
97
98 return 0;
99}
100
101
102/**
103 * Check HTTP digest authorization
104 *
105 * @param hval Authorization header value
106 * @param method Request method
107 * @param auth Authentication parameteres
108 * @param authh Authentication handler
109 * @param arg Authentication handler argument
110 *
111 * @return true if check is passed, otherwise false
112 */
113bool http_auth_check(const struct pl *hval, const struct pl *method,
114 struct http_auth *auth, http_auth_h *authh, void *arg)
115{
116 struct httpauth_digest_resp resp;
117 uint8_t ha1[MD5_SIZE];
118
119 if (!hval || !method || !auth || !authh)
120 return false;
121
122 if (httpauth_digest_response_decode(&resp, hval))
123 return false;
124
125 if (pl_strcasecmp(&resp.realm, auth->realm))
126 return false;
127
128 if (chk_nonce(&resp.nonce, NONCE_EXPIRES)) {
129 auth->stale = true;
130 return false;
131 }
132
133 if (authh(&resp.username, ha1, arg))
134 return false;
135
136 if (httpauth_digest_response_auth(&resp, method, ha1))
137 return false;
138
139 return true;
140}
141
142
143/**
144 * Check HTTP digest authorization of an HTTP request
145 *
146 * @param msg HTTP message
147 * @param auth Authentication parameteres
148 * @param authh Authentication handler
149 * @param arg Authentication handler argument
150 *
151 * @return true if check is passed, otherwise false
152 */
153bool http_auth_check_request(const struct http_msg *msg,
154 struct http_auth *auth,
155 http_auth_h *authh, void *arg)
156{
157 const struct http_hdr *hdr;
158
159 if (!msg)
160 return false;
161
162 hdr = http_msg_hdr(msg, HTTP_HDR_AUTHORIZATION);
163 if (!hdr)
164 return false;
165
166 return http_auth_check(&hdr->val, &msg->met, auth, authh, arg);
167}