[libmicrohttpd] Upgrade to digest authentication

Thu, 29 Oct 2020 09:11:11 -0700

Hi, 
I'm trying to update my 8 year old code to use digest authentication
where previously it only supported basic. 
I'm trying to use *con_cls (*ptr in my code) to determine when to
authenticate but it's not working, *con_cls always seems to be null,
even after I've set it, so it's authenticating every time. 
I mostly get MHD_digest_auth_check() failures returning INVALID_NONCE
and the Client never stops asking for credentials even when the
authentication passes, which it does occasionally. I'm missing something crucial but I can't see it. The authentication part of my access_handler is shown below Many thanks David 
static int aptr;
if (bDigestAuth)
{
printf("URL:%s, con_cls:%p\r\n", url, *ptr);
//HACK to see if digest authentication works and allows ONVIF
snapshorUri test to pass
//Only works for Admin-Admin
if (&aptr != *ptr)
{
 /* Only authenticate on first call of session*/
 char *username;
const char *password = "Admin"; g_CameraData->GetRealmName(g_szRealm, sizeof(g_szRealm)); 
 username = MHD_digest_auth_get_username(connection);
 if (username == NULL)
 {
   response = MHD_create_response_from_data (strlen (NOTAUTH_RESPONSE),
   (void *) NOTAUTH_RESPONSE,
   MHD_NO, MHD_NO);
   ret = MHD_queue_auth_fail_response(connection, g_szRealm,
     OPAQUE,
     response,
     MHD_NO);
   MHD_destroy_response(response);
   pthread_mutex_unlock (&m_AuthMutex); //unlock after authorization
   // printf("Failed digest auth, no username\r\n");
   return ret;
 }
 printf("Applying digest auth to user: %s, realm:%s, con_cls:%p\r\n",
username, g_szRealm, *ptr);
 *ptr = &aptr; //set this for session
 ret = MHD_digest_auth_check(connection, g_szRealm,
   username,
   password,
   300);
 printf("Checking digest auth for username: %s, password: %s,
realm:%s\r\n", username, password, g_szRealm);
 free(username);
 if ( (ret == MHD_INVALID_NONCE) ||
   (ret == MHD_NO) )
 {
   printf("Failed digest auth, invalid nonce, ret:%d\r\n", ret);
   response = MHD_create_response_from_data (strlen (NOTAUTH_RESPONSE),
     (void *) NOTAUTH_RESPONSE,
     MHD_NO, MHD_NO);
   if (NULL == response)
     return MHD_NO;
   ret = MHD_queue_auth_fail_response(connection, g_szRealm,
     OPAQUE,
     response,
     (ret == MHD_INVALID_NONCE) ? MHD_YES : MHD_NO);
   MHD_destroy_response(response);
   pthread_mutex_unlock (&m_AuthMutex); //unlock after authorization
   return ret;
 }
 //PASSED
 printf("PASSED digest auth\r\n");
}
else
{
  printf("No digest auth required\r\n");
}
}

Reply via email to