2003-05-23 00:09:54 +08:00
|
|
|
/***************************************************************************
|
2004-04-29 16:18:32 +08:00
|
|
|
* _ _ ____ _
|
|
|
|
* Project ___| | | | _ \| |
|
|
|
|
* / __| | | | |_) | |
|
|
|
|
* | (__| |_| | _ <| |___
|
2003-05-23 00:09:54 +08:00
|
|
|
* \___|\___/|_| \_\_____|
|
|
|
|
*
|
2023-01-02 20:51:48 +08:00
|
|
|
* Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
|
2003-05-23 00:09:54 +08:00
|
|
|
*
|
|
|
|
* This software is licensed as described in the file COPYING, which
|
|
|
|
* you should have received as part of this distribution. The terms
|
2020-11-04 21:02:01 +08:00
|
|
|
* are also available at https://curl.se/docs/copyright.html.
|
2004-04-29 16:18:32 +08:00
|
|
|
*
|
2003-05-23 00:09:54 +08:00
|
|
|
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
|
|
|
* copies of the Software, and permit persons to whom the Software is
|
|
|
|
* furnished to do so, under the terms of the COPYING file.
|
|
|
|
*
|
|
|
|
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
|
|
|
* KIND, either express or implied.
|
|
|
|
*
|
|
|
|
* SPDX-License-Identifier: curl
|
2022-05-17 17:16:50 +08:00
|
|
|
*
|
2003-05-23 00:09:54 +08:00
|
|
|
***************************************************************************/
|
2011-07-26 23:23:27 +08:00
|
|
|
|
2013-01-07 02:06:49 +08:00
|
|
|
#include "curl_setup.h"
|
2003-05-23 00:09:54 +08:00
|
|
|
|
2023-07-20 22:09:04 +08:00
|
|
|
#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_DIGEST_AUTH)
|
2003-05-23 00:09:54 +08:00
|
|
|
|
2013-01-04 09:50:28 +08:00
|
|
|
#include "urldata.h"
|
2016-10-01 00:54:02 +08:00
|
|
|
#include "strcase.h"
|
2015-09-12 20:30:58 +08:00
|
|
|
#include "vauth/vauth.h"
|
2013-01-04 09:50:28 +08:00
|
|
|
#include "http_digest.h"
|
2019-05-11 19:57:42 +08:00
|
|
|
|
2016-04-29 21:46:40 +08:00
|
|
|
/* The last 3 #include files should be in this order */
|
2015-03-03 19:36:18 +08:00
|
|
|
#include "curl_printf.h"
|
2015-03-25 06:12:03 +08:00
|
|
|
#include "curl_memory.h"
|
2013-01-04 09:50:28 +08:00
|
|
|
#include "memdebug.h"
|
2003-05-23 00:09:54 +08:00
|
|
|
|
2004-05-04 15:52:53 +08:00
|
|
|
/* Test example headers:
|
2003-05-23 00:09:54 +08:00
|
|
|
|
|
|
|
WWW-Authenticate: Digest realm="testrealm", nonce="1053604598"
|
2004-05-04 15:52:53 +08:00
|
|
|
Proxy-Authenticate: Digest realm="testrealm", nonce="1053604598"
|
2003-05-23 00:09:54 +08:00
|
|
|
|
|
|
|
*/
|
|
|
|
|
2021-01-21 07:38:52 +08:00
|
|
|
CURLcode Curl_input_digest(struct Curl_easy *data,
|
2014-11-05 20:05:34 +08:00
|
|
|
bool proxy,
|
|
|
|
const char *header) /* rest of the *-authenticate:
|
|
|
|
header */
|
2003-05-23 00:09:54 +08:00
|
|
|
{
|
2014-11-07 07:01:36 +08:00
|
|
|
/* Point to the correct struct with this */
|
|
|
|
struct digestdata *digest;
|
2004-07-31 15:36:01 +08:00
|
|
|
|
2004-05-04 15:52:53 +08:00
|
|
|
if(proxy) {
|
2014-11-07 07:01:36 +08:00
|
|
|
digest = &data->state.proxydigest;
|
2004-05-04 15:52:53 +08:00
|
|
|
}
|
|
|
|
else {
|
2014-11-07 07:01:36 +08:00
|
|
|
digest = &data->state.digest;
|
2004-05-04 15:52:53 +08:00
|
|
|
}
|
2003-05-23 00:09:54 +08:00
|
|
|
|
2022-09-06 05:21:15 +08:00
|
|
|
if(!checkprefix("Digest", header) || !ISBLANK(header[6]))
|
2014-11-05 20:05:34 +08:00
|
|
|
return CURLE_BAD_CONTENT_ENCODING;
|
2003-05-23 00:09:54 +08:00
|
|
|
|
2014-11-05 22:33:26 +08:00
|
|
|
header += strlen("Digest");
|
2022-09-06 05:21:15 +08:00
|
|
|
while(*header && ISBLANK(*header))
|
2014-11-05 22:33:26 +08:00
|
|
|
header++;
|
|
|
|
|
2016-03-13 19:28:42 +08:00
|
|
|
return Curl_auth_decode_digest_http_message(header, digest);
|
2003-05-23 00:09:54 +08:00
|
|
|
}
|
|
|
|
|
2021-01-21 07:38:52 +08:00
|
|
|
CURLcode Curl_output_digest(struct Curl_easy *data,
|
2004-05-04 15:52:53 +08:00
|
|
|
bool proxy,
|
2007-08-27 14:31:28 +08:00
|
|
|
const unsigned char *request,
|
|
|
|
const unsigned char *uripath)
|
2003-05-23 00:09:54 +08:00
|
|
|
{
|
2014-11-05 23:01:51 +08:00
|
|
|
CURLcode result;
|
2016-12-21 18:05:13 +08:00
|
|
|
unsigned char *path = NULL;
|
2016-12-14 08:29:44 +08:00
|
|
|
char *tmp = NULL;
|
2014-11-05 23:01:51 +08:00
|
|
|
char *response;
|
|
|
|
size_t len;
|
2014-11-06 18:23:08 +08:00
|
|
|
bool have_chlg;
|
2014-11-05 23:01:51 +08:00
|
|
|
|
|
|
|
/* Point to the address of the pointer that holds the string to send to the
|
2022-10-26 14:59:35 +08:00
|
|
|
server, which is for a plain host or for an HTTP proxy */
|
2004-06-03 18:42:20 +08:00
|
|
|
char **allocuserpwd;
|
2014-11-05 23:01:51 +08:00
|
|
|
|
|
|
|
/* Point to the name and password for this */
|
2008-09-03 01:41:20 +08:00
|
|
|
const char *userp;
|
|
|
|
const char *passwdp;
|
2003-05-23 00:09:54 +08:00
|
|
|
|
2014-11-05 23:01:51 +08:00
|
|
|
/* Point to the correct struct with this */
|
2014-11-07 07:01:36 +08:00
|
|
|
struct digestdata *digest;
|
2014-11-05 23:01:51 +08:00
|
|
|
struct auth *authp;
|
2004-05-04 15:52:53 +08:00
|
|
|
|
|
|
|
if(proxy) {
|
2020-05-27 17:51:34 +08:00
|
|
|
#ifdef CURL_DISABLE_PROXY
|
|
|
|
return CURLE_NOT_BUILT_IN;
|
|
|
|
#else
|
2014-11-07 07:01:36 +08:00
|
|
|
digest = &data->state.proxydigest;
|
2020-06-15 17:28:17 +08:00
|
|
|
allocuserpwd = &data->state.aptr.proxyuserpwd;
|
2021-02-12 17:27:42 +08:00
|
|
|
userp = data->state.aptr.proxyuser;
|
|
|
|
passwdp = data->state.aptr.proxypasswd;
|
2004-05-04 15:52:53 +08:00
|
|
|
authp = &data->state.authproxy;
|
2020-05-27 17:51:34 +08:00
|
|
|
#endif
|
2004-05-04 15:52:53 +08:00
|
|
|
}
|
|
|
|
else {
|
2014-11-07 07:01:36 +08:00
|
|
|
digest = &data->state.digest;
|
2020-06-15 17:28:17 +08:00
|
|
|
allocuserpwd = &data->state.aptr.userpwd;
|
2021-02-12 17:27:42 +08:00
|
|
|
userp = data->state.aptr.user;
|
|
|
|
passwdp = data->state.aptr.passwd;
|
2004-05-04 15:52:53 +08:00
|
|
|
authp = &data->state.authhost;
|
|
|
|
}
|
|
|
|
|
2013-07-13 01:32:13 +08:00
|
|
|
Curl_safefree(*allocuserpwd);
|
2007-07-22 18:17:52 +08:00
|
|
|
|
2004-06-03 18:42:20 +08:00
|
|
|
/* not set means empty */
|
|
|
|
if(!userp)
|
2014-11-07 07:01:36 +08:00
|
|
|
userp = "";
|
2004-06-03 18:42:20 +08:00
|
|
|
|
|
|
|
if(!passwdp)
|
2014-11-07 07:01:36 +08:00
|
|
|
passwdp = "";
|
2004-06-03 18:42:20 +08:00
|
|
|
|
2014-11-06 18:23:08 +08:00
|
|
|
#if defined(USE_WINDOWS_SSPI)
|
2014-11-07 07:01:36 +08:00
|
|
|
have_chlg = digest->input_token ? TRUE : FALSE;
|
2014-11-06 18:23:08 +08:00
|
|
|
#else
|
2014-11-07 07:01:36 +08:00
|
|
|
have_chlg = digest->nonce ? TRUE : FALSE;
|
2014-11-06 18:23:08 +08:00
|
|
|
#endif
|
|
|
|
|
|
|
|
if(!have_chlg) {
|
2004-05-04 15:52:53 +08:00
|
|
|
authp->done = FALSE;
|
|
|
|
return CURLE_OK;
|
|
|
|
}
|
2003-05-23 00:09:54 +08:00
|
|
|
|
2008-12-11 07:13:31 +08:00
|
|
|
/* So IE browsers < v7 cut off the URI part at the query part when they
|
|
|
|
evaluate the MD5 and some (IIS?) servers work with them so we may need to
|
|
|
|
do the Digest IE-style. Note that the different ways cause different MD5
|
|
|
|
sums to get sent.
|
|
|
|
|
|
|
|
Apache servers can be set to do the Digest IE-style automatically using
|
|
|
|
the BrowserMatch feature:
|
2016-02-03 12:09:25 +08:00
|
|
|
https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#msie
|
2008-12-11 07:13:31 +08:00
|
|
|
|
|
|
|
Further details on Digest implementation differences:
|
|
|
|
http://www.fngtps.com/2006/09/http-authentication
|
|
|
|
*/
|
2013-12-05 06:08:17 +08:00
|
|
|
|
2016-12-14 08:29:44 +08:00
|
|
|
if(authp->iestyle) {
|
|
|
|
tmp = strchr((char *)uripath, '?');
|
|
|
|
if(tmp) {
|
|
|
|
size_t urilen = tmp - (char *)uripath;
|
2021-06-30 19:13:31 +08:00
|
|
|
/* typecast is fine here since the value is always less than 32 bits */
|
|
|
|
path = (unsigned char *) aprintf("%.*s", (int)urilen, uripath);
|
2016-12-14 08:29:44 +08:00
|
|
|
}
|
2013-06-11 06:08:13 +08:00
|
|
|
}
|
2016-12-14 08:29:44 +08:00
|
|
|
if(!tmp)
|
2014-11-07 07:01:36 +08:00
|
|
|
path = (unsigned char *) strdup((char *) uripath);
|
2013-06-11 06:08:13 +08:00
|
|
|
|
2014-11-05 23:01:51 +08:00
|
|
|
if(!path)
|
2004-05-12 21:24:40 +08:00
|
|
|
return CURLE_OUT_OF_MEMORY;
|
|
|
|
|
2016-03-13 19:28:42 +08:00
|
|
|
result = Curl_auth_create_digest_http_message(data, userp, passwdp, request,
|
2014-11-07 07:01:36 +08:00
|
|
|
path, digest, &response, &len);
|
2014-11-05 23:01:51 +08:00
|
|
|
free(path);
|
|
|
|
if(result)
|
|
|
|
return result;
|
2004-04-29 16:18:32 +08:00
|
|
|
|
2014-11-05 23:01:51 +08:00
|
|
|
*allocuserpwd = aprintf("%sAuthorization: Digest %s\r\n",
|
|
|
|
proxy ? "Proxy-" : "",
|
|
|
|
response);
|
2014-11-06 05:33:33 +08:00
|
|
|
free(response);
|
2004-06-03 18:42:20 +08:00
|
|
|
if(!*allocuserpwd)
|
2004-05-12 21:24:40 +08:00
|
|
|
return CURLE_OUT_OF_MEMORY;
|
2004-04-29 16:18:32 +08:00
|
|
|
|
2014-11-05 23:01:51 +08:00
|
|
|
authp->done = TRUE;
|
2003-05-23 00:09:54 +08:00
|
|
|
|
|
|
|
return CURLE_OK;
|
|
|
|
}
|
|
|
|
|
2019-05-11 19:57:42 +08:00
|
|
|
void Curl_http_auth_cleanup_digest(struct Curl_easy *data)
|
2004-05-04 15:52:53 +08:00
|
|
|
{
|
2016-03-13 19:28:42 +08:00
|
|
|
Curl_auth_digest_cleanup(&data->state.digest);
|
|
|
|
Curl_auth_digest_cleanup(&data->state.proxydigest);
|
2004-05-04 15:52:53 +08:00
|
|
|
}
|
|
|
|
|
2003-05-23 00:09:54 +08:00
|
|
|
#endif
|