URL https://opencores.org/ocsvn/openrisc/openrisc/trunk

Subversion Repositories openrisc

[/] [openrisc/] [trunk/] [rtos/] [ecos-3.0/] [packages/] [net/] [athttpd/] [current/] [src/] [auth.c] - Blame information for rev 867

Go to most recent revision | Details | Compare with Previous | View Log


/* =================================================================
 *
 *      auth.c
 *
 *      Handles basic authentication.
 *
 * =================================================================
 * ####ECOSGPLCOPYRIGHTBEGIN####
 * -------------------------------------------
 * This file is part of eCos, the Embedded Configurable Operating System.
 * Copyright (C) 2005 Free Software Foundation, Inc.
 *
 * eCos is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by the Free
 * Software Foundation; either version 2 or (at your option) any later
 * version.
 *
 * eCos is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with eCos; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 *
 * As a special exception, if other files instantiate templates or use
 * macros or inline functions from this file, or you compile this file
 * and link it with other works to produce a work based on this file,
 * this file does not by itself cause the resulting work to be covered by
 * the GNU General Public License. However the source code for this file
 * must still be made available in accordance with section (3) of the GNU
 * General Public License v2.
 *
 * This exception does not invalidate any other reasons why a work based
 * on this file might be covered by the GNU General Public License.
 * -------------------------------------------
 * ####ECOSGPLCOPYRIGHTEND####
 * =================================================================
 * #####DESCRIPTIONBEGIN####
 *
 *  Author(s):    Anthony Tonizzo (atonizzo@gmail.com)
 *  Contributors:
 *  Date:         2006-06-12
 *  Purpose:
 *  Description:
 *
 * ####DESCRIPTIONEND####
 *
 * =================================================================
 */
#include <pkgconf/hal.h>
#include <pkgconf/kernel.h>
#include <cyg/kernel/kapi.h>           // Kernel API.
#include <cyg/hal/hal_tables.h>
 
#include <stdio.h>
 
#include <network.h>
#include <string.h>
 
#include <cyg/athttpd/http.h>
#include <cyg/athttpd/md5.h>
 
// This is a string that contains the domain that is currently authorized.
cyg_uint8 *cyg_httpd_current_authName;
 
CYG_HAL_TABLE_BEGIN(cyg_httpd_auth_table, httpd_auth_table );
CYG_HAL_TABLE_END(cyg_httpd_auth_table_end, httpd_auth_table );
 
__externC cyg_httpd_auth_table_entry cyg_httpd_auth_table[];
__externC cyg_httpd_auth_table_entry cyg_httpd_auth_table_end[];
 
// Variables used for authorization. The header parsing code will only copy
//  up to AUTH_STORAGE_BUFFER_LENGTH bytes into cyg_httpd_md5_response to
//  avoid overflow.
char cyg_httpd_md5_response[AUTH_STORAGE_BUFFER_LENGTH + 1];
char cyg_httpd_md5_digest[AUTH_STORAGE_BUFFER_LENGTH + 1];
char cyg_httpd_md5_nonce[33];
char cyg_httpd_md5_cnonce[33];
char cyg_httpd_md5_noncecount[9];
char cyg_httpd_md5_ha2[HASHHEXLEN+1] = {'\0'};
char cyg_httpd_md5_ha1[HASHHEXLEN+1];
 
char b64string[] =
    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
 
cyg_httpd_auth_table_entry*
cyg_httpd_auth_entry_from_path(char *authPath)
{
    cyg_httpd_auth_table_entry *entry = cyg_httpd_auth_table;
    if (strcmp(authPath, "/") != 0)
        while (entry != cyg_httpd_auth_table_end)
        {
            if (strncmp(entry->auth_dirname,
                        authPath,
                        strlen(entry->auth_dirname)) == 0)
                return entry;
            entry++;
        }
    else
        while (entry != cyg_httpd_auth_table_end)
        {
            if (strcmp(entry->auth_dirname, authPath) == 0)
                return entry;
            entry++;
        }
 
    return (cyg_httpd_auth_table_entry *)0;
}
 
cyg_httpd_auth_table_entry*
cyg_httpd_auth_entry_from_domain(char *authDomain)
{
    cyg_httpd_auth_table_entry *entry = cyg_httpd_auth_table;
    while (entry != cyg_httpd_auth_table_end)
    {
        if (!strncmp((const char*)authDomain,
                       entry->auth_domainname,
                       strlen(entry->auth_domainname)))
            return entry;
        entry++;
    }
 
    return (cyg_httpd_auth_table_entry *)0;
}
 
static cyg_int32
cyg_httpd_base64_decode(char* to, char* from, cyg_uint32 len )
{
    char     *fromp = from;
    char     *top = to;
    char     *p;
    char      cbyte;
    char      obyte;
    cyg_int32 padding = 0;
 
    for (; len >= 4; len -= 4)
    {
        if ((cbyte = *fromp++) == '=')
            cbyte = 0;
        else
        {
            if (badchar(cbyte, p ) )
                return -1;
            cbyte = (p - b64string);
        }
        obyte = cbyte << 2;
 
        if ((cbyte = *fromp++) == '=')
            cbyte = 0;
        else
        {
            if (badchar(cbyte, p))
                return -1;
            cbyte = p - b64string;
        }
        obyte |= cbyte >> 4;
        *top++ = obyte;
 
        obyte = cbyte << 4;
        if ((cbyte = *fromp++) == '=')
        {
            cbyte = 0;
            padding++;
        }
        else
        {
            padding = 0;
            if (badchar(cbyte, p))
                return -1;
            cbyte = p - b64string;
        }
        obyte |= cbyte >> 2;
        *top++ = obyte;
 
        obyte = cbyte << 6;
        if ((cbyte = *fromp++) == '=')
        {
            cbyte = 0;
            padding++;
        }
        else
        {
            padding = 0;
            if (badchar(cbyte, p))
                return -1;
            cbyte = p - b64string;
        }
        obyte |= cbyte;
        *top++ = obyte;
    }
 
    *top = 0;
    if (len)
        return -1;
    return (top - to) - padding;
}
 
// The following code is a slightly modified version of those available at the
//  end of RFC1270.
static void cyg_httpd_cvthex(HASH Bin, HASHHEX Hex)
{
    unsigned short i;
    unsigned char j;
 
    for (i = 0; i < HASHLEN; i++)
    {
        j = (Bin[i] >> 4) & 0xf;
        if (j <= 9)
            Hex[i*2] = (j + '0');
         else
            Hex[i*2] = (j + 'a' - 10);
        j = Bin[i] & 0xf;
        if (j <= 9)
            Hex[i*2+1] = (j + '0');
         else
            Hex[i*2+1] = (j + 'a' - 10);
    };
    Hex[HASHHEXLEN] = '\0';
};
 
// Calculate H(A1) as per spec.
static void
cyg_httpd_digest_calc_HA1( char    *pszAlg,
                           char    *pszUserName,
                           char    *pszRealm,
                           char    *pszPassword,
                           char    *pszNonce,
                           char    *pszCNonce,
                           HASHHEX  SessionKey )
{
      MD5_CTX Md5Ctx;
      HASH HA1;
 
      MD5Init(&Md5Ctx);
      MD5Update(&Md5Ctx, (unsigned char*)pszUserName, strlen(pszUserName));
      MD5Update(&Md5Ctx, (unsigned char*)":", 1);
      MD5Update(&Md5Ctx, (unsigned char*)pszRealm, strlen(pszRealm));
      MD5Update(&Md5Ctx, (unsigned char*)":", 1);
      MD5Update(&Md5Ctx, (unsigned char*)pszPassword, strlen(pszPassword));
      MD5Final((unsigned char*)HA1, &Md5Ctx);
      if (strcmp(pszAlg, "md5-sess") == 0)
      {
          MD5Init(&Md5Ctx);
          MD5Update(&Md5Ctx, (unsigned char*)HA1, HASHLEN);
          MD5Update(&Md5Ctx, (unsigned char*)":", 1);
          MD5Update(&Md5Ctx, (unsigned char*)pszNonce, strlen(pszNonce));
          MD5Update(&Md5Ctx, (unsigned char*)":", 1);
          MD5Update(&Md5Ctx, (unsigned char*)pszCNonce, strlen(pszCNonce));
          MD5Final((unsigned char*)HA1, &Md5Ctx);
      };
      cyg_httpd_cvthex(HA1, SessionKey);
};
 
// Calculate request-digest/response-digest as per HTTP Digest spec.
void
cyg_httpd_digest_calc_response(HASHHEX  HA1,
                               char    *pszNonce,
                               char    *pszNonceCount,
                               char    *pszCNonce,
                               char    *pszQop,
                               char    *pszMethod,
                               char    *pszDigestUri,
                               HASHHEX  HEntity,
                               HASHHEX  Response)
{
    MD5_CTX Md5Ctx;
    HASH HA2;
    HASH RespHash;
    HASHHEX HA2Hex;
 
    // Calculate H(A2).
    MD5Init(&Md5Ctx);
    MD5Update(&Md5Ctx, (unsigned char*)pszMethod, strlen(pszMethod));
    MD5Update(&Md5Ctx, (unsigned char*)":", 1);
    MD5Update(&Md5Ctx, (unsigned char*)pszDigestUri, strlen(pszDigestUri));
    if (strcmp(pszQop, "auth-int") == 0) {
        MD5Update(&Md5Ctx, (unsigned char*)":", 1);
        MD5Update(&Md5Ctx, (unsigned char*)HEntity, HASHHEXLEN);
    };
    MD5Final((unsigned char*)HA2, &Md5Ctx);
    cyg_httpd_cvthex(HA2, HA2Hex);
 
    // calculate response
    MD5Init(&Md5Ctx);
    MD5Update(&Md5Ctx, (unsigned char*)HA1, HASHHEXLEN);
    MD5Update(&Md5Ctx, (unsigned char*)":", 1);
    MD5Update(&Md5Ctx, (unsigned char*)pszNonce, strlen(pszNonce));
    MD5Update(&Md5Ctx, (unsigned char*)":", 1);
    if (*pszQop)
    {
        MD5Update(&Md5Ctx, (unsigned char*)pszNonceCount, strlen(pszNonceCount));
        MD5Update(&Md5Ctx, (unsigned char*)":", 1);
        MD5Update(&Md5Ctx, (unsigned char*)pszCNonce, strlen(pszCNonce));
        MD5Update(&Md5Ctx, (unsigned char*)":", 1);
        MD5Update(&Md5Ctx, (unsigned char*)pszQop, strlen(pszQop));
        MD5Update(&Md5Ctx, (unsigned char*)":", 1);
    };
    MD5Update(&Md5Ctx, (unsigned char*)HA2Hex, HASHHEXLEN);
    MD5Final((unsigned char*)RespHash, &Md5Ctx);
    cyg_httpd_cvthex(RespHash, Response);
};
 
cyg_httpd_auth_table_entry*
cyg_httpd_is_authenticated(char* fname)
{
    // Let's check if the directory access needs authorization. The 
    //  authentication is done on the directory name.
    cyg_httpd_auth_table_entry* entry =
                                cyg_httpd_auth_entry_from_path(fname);
    if (entry != 0)
    {
        if (entry->auth_mode == CYG_HTTPD_AUTH_BASIC)
        {
            cyg_httpd_base64_decode(cyg_httpd_md5_digest,
                                    cyg_httpd_md5_response,
                                    strlen(cyg_httpd_md5_response));
            char *colon = rindex(cyg_httpd_md5_digest, ':');
            if (colon == NULL)
            {
                return (httpstate.needs_auth = entry);
            }
            else
            {
                *colon = '\0'; // Crypto now has the username.
 
                // In the case of a 'Basic" authentication, the HTTP header
                //  did not return to us the domain name that we sent when we
                //  challenged the request: The only things that are returned 
                //  are the username:password duo. In this case I will just 
                //  compare the entry's username/password to those read from 
                //  the header.
                if ((strcmp(entry->auth_username,cyg_httpd_md5_digest) != 0) ||
                                 (strcmp(entry->auth_password, ++colon) != 0))
                    return (httpstate.needs_auth = entry);
            }
        }
        else
        {
            char *cyg_httpd_md5_method;
 
            switch (httpstate.method)
            {
            case CYG_HTTPD_METHOD_GET:
                cyg_httpd_md5_method = "GET";
                break;
            case CYG_HTTPD_METHOD_POST:
                cyg_httpd_md5_method = "POST";
                break;
            default:
                cyg_httpd_md5_method = "HEAD";
                break;
            }
            cyg_httpd_digest_calc_HA1(CYG_HTTPD_MD5_AUTH_NAME,
                                      entry->auth_username,
                                      entry->auth_domainname,
                                      entry->auth_password,
                                      cyg_httpd_md5_nonce,
                                      cyg_httpd_md5_cnonce,
                                      cyg_httpd_md5_ha1);
            cyg_httpd_digest_calc_response(cyg_httpd_md5_ha1,
                                           cyg_httpd_md5_nonce,
                                           cyg_httpd_md5_noncecount,
                                           cyg_httpd_md5_cnonce,
                                           CYG_HTTPD_MD5_AUTH_QOP,
                                           cyg_httpd_md5_method,
                                           httpstate.url,
                                           cyg_httpd_md5_ha2,
                                           cyg_httpd_md5_digest);
            if (strcmp(cyg_httpd_md5_response, cyg_httpd_md5_digest) != 0)
                return (httpstate.needs_auth = entry);
        }
    }
    // No need for authentication...
    return (cyg_httpd_auth_table_entry*)0;
}
 
char*
cyg_httpd_digest_data(char *dest, char *src)
{
    int exit = 0;
    while (exit == 0)
    {
        switch (*src )
        {
        case '\r':
        case '\n':
            *dest = '\0';
            exit = 1;
            break;
        case ',':
            // If it is a comma there might or might not be a blank space
            //  following it (IE7 inserts no spaces, everyone else does...)
            //  so before exiting the loop remove any blank space that follows.
            if (src[1] == ' ')
                src++;
        case ' ':
            src++;
            *dest = '\0';
            exit = 1;
            break;
        case '"':
            src++;
            break;
        default:
            *dest++ = *src++;
        }
    }
    return src;
}
 
// Skips through fields we do not need.
char*
cyg_httpd_digest_skip(char *p)
{
    if (*p == '"')
    {
        p++;
        while ((*p != '"') && (*p != '\n'))
            p++;
        p++;
        if (*p == ',')
            p++;
        if (*p == ' ')
            p++;
        if (*p == '\n')
            p++;
    }
    else
    {
        while ((*p != ' ') && (*p != '\n'))
            p++;
        if (*p == ',')
            p++;
        if (*p == ' ')
            p++;
        if (*p == '\n')
            p++;
    }
    return p;
}

Browse

Tools

Subversion Repositories openrisc

[/] [openrisc/] [trunk/] [rtos/] [ecos-3.0/] [packages/] [net/] [athttpd/] [current/] [src/] [auth.c] - Blame information for rev 867

Line No.	Rev	Author	Line
1	786	skrzyp	`/* =================================================================`
2			`*`
3			`* auth.c`
4			`*`
5			`* Handles basic authentication.`
6			`*`
7			`* =================================================================`
8			`* ####ECOSGPLCOPYRIGHTBEGIN####`
9			`* -------------------------------------------`
10			`* This file is part of eCos, the Embedded Configurable Operating System.`
11			`* Copyright (C) 2005 Free Software Foundation, Inc.`
12			`*`
13			`* eCos is free software; you can redistribute it and/or modify it under`
14			`* the terms of the GNU General Public License as published by the Free`
15			`* Software Foundation; either version 2 or (at your option) any later`
16			`* version.`
17			`*`
18			`* eCos is distributed in the hope that it will be useful, but WITHOUT`
19			`* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or`
20			`* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License`
21			`* for more details.`
22			`*`
23			`* You should have received a copy of the GNU General Public License`
24			`* along with eCos; if not, write to the Free Software Foundation, Inc.,`
25			`* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.`
26			`*`
27			`* As a special exception, if other files instantiate templates or use`
28			`* macros or inline functions from this file, or you compile this file`
29			`* and link it with other works to produce a work based on this file,`
30			`* this file does not by itself cause the resulting work to be covered by`
31			`* the GNU General Public License. However the source code for this file`
32			`* must still be made available in accordance with section (3) of the GNU`
33			`* General Public License v2.`
34			`*`
35			`* This exception does not invalidate any other reasons why a work based`
36			`* on this file might be covered by the GNU General Public License.`
37			`* -------------------------------------------`
38			`* ####ECOSGPLCOPYRIGHTEND####`
39			`* =================================================================`
40			`* #####DESCRIPTIONBEGIN####`
41			`*`
42			`* Author(s): Anthony Tonizzo (atonizzo@gmail.com)`
43			`* Contributors:`
44			`* Date: 2006-06-12`
45			`* Purpose:`
46			`* Description:`
47			`*`
48			`* ####DESCRIPTIONEND####`
49			`*`
50			`* =================================================================`
51			`*/`
52			`#include <pkgconf/hal.h>`
53			`#include <pkgconf/kernel.h>`
54			`#include <cyg/kernel/kapi.h> // Kernel API.`
55			`#include <cyg/hal/hal_tables.h>`
56
57			`#include <stdio.h>`
58
59			`#include <network.h>`
60			`#include <string.h>`
61
62			`#include <cyg/athttpd/http.h>`
63			`#include <cyg/athttpd/md5.h>`
64
65			`// This is a string that contains the domain that is currently authorized.`
66			`cyg_uint8 *cyg_httpd_current_authName;`
67
68			`CYG_HAL_TABLE_BEGIN(cyg_httpd_auth_table, httpd_auth_table );`
69			`CYG_HAL_TABLE_END(cyg_httpd_auth_table_end, httpd_auth_table );`
70
71			`__externC cyg_httpd_auth_table_entry cyg_httpd_auth_table[];`
72			`__externC cyg_httpd_auth_table_entry cyg_httpd_auth_table_end[];`
73
74			`// Variables used for authorization. The header parsing code will only copy`
75			`// up to AUTH_STORAGE_BUFFER_LENGTH bytes into cyg_httpd_md5_response to`
76			`// avoid overflow.`
77			`char cyg_httpd_md5_response[AUTH_STORAGE_BUFFER_LENGTH + 1];`
78			`char cyg_httpd_md5_digest[AUTH_STORAGE_BUFFER_LENGTH + 1];`
79			`char cyg_httpd_md5_nonce[33];`
80			`char cyg_httpd_md5_cnonce[33];`
81			`char cyg_httpd_md5_noncecount[9];`
82			`char cyg_httpd_md5_ha2[HASHHEXLEN+1] = {'\0'};`
83			`char cyg_httpd_md5_ha1[HASHHEXLEN+1];`
84
85			`char b64string[] =`
86			`"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";`
87
88			`cyg_httpd_auth_table_entry*`
89			`cyg_httpd_auth_entry_from_path(char *authPath)`
90			`{`
91			`cyg_httpd_auth_table_entry *entry = cyg_httpd_auth_table;`
92			`if (strcmp(authPath, "/") != 0)`
93			`while (entry != cyg_httpd_auth_table_end)`
94			`{`
95			`if (strncmp(entry->auth_dirname,`
96			`authPath,`
97			`strlen(entry->auth_dirname)) == 0)`
98			`return entry;`
99			`entry++;`
100			`}`
101			`else`
102			`while (entry != cyg_httpd_auth_table_end)`
103			`{`
104			`if (strcmp(entry->auth_dirname, authPath) == 0)`
105			`return entry;`
106			`entry++;`
107			`}`
108
109			`return (cyg_httpd_auth_table_entry *)0;`
110			`}`
111
112			`cyg_httpd_auth_table_entry*`
113			`cyg_httpd_auth_entry_from_domain(char *authDomain)`
114			`{`
115			`cyg_httpd_auth_table_entry *entry = cyg_httpd_auth_table;`
116			`while (entry != cyg_httpd_auth_table_end)`
117			`{`
118			`if (!strncmp((const char*)authDomain,`
119			`entry->auth_domainname,`
120			`strlen(entry->auth_domainname)))`
121			`return entry;`
122			`entry++;`
123			`}`
124
125			`return (cyg_httpd_auth_table_entry *)0;`
126			`}`
127
128			`static cyg_int32`
129			`cyg_httpd_base64_decode(char* to, char* from, cyg_uint32 len )`
130			`{`
131			`char *fromp = from;`
132			`char *top = to;`
133			`char *p;`
134			`char cbyte;`
135			`char obyte;`
136			`cyg_int32 padding = 0;`
137
138			`for (; len >= 4; len -= 4)`
139			`{`
140			`if ((cbyte = *fromp++) == '=')`
141			`cbyte = 0;`
142			`else`
143			`{`
144			`if (badchar(cbyte, p ) )`
145			`return -1;`
146			`cbyte = (p - b64string);`
147			`}`
148			`obyte = cbyte << 2;`
149
150			`if ((cbyte = *fromp++) == '=')`
151			`cbyte = 0;`
152			`else`
153			`{`
154			`if (badchar(cbyte, p))`
155			`return -1;`
156			`cbyte = p - b64string;`
157			`}`
158			`obyte \|= cbyte >> 4;`
159			`*top++ = obyte;`
160
161			`obyte = cbyte << 4;`
162			`if ((cbyte = *fromp++) == '=')`
163			`{`
164			`cbyte = 0;`
165			`padding++;`
166			`}`
167			`else`
168			`{`
169			`padding = 0;`
170			`if (badchar(cbyte, p))`
171			`return -1;`
172			`cbyte = p - b64string;`
173			`}`
174			`obyte \|= cbyte >> 2;`
175			`*top++ = obyte;`
176
177			`obyte = cbyte << 6;`
178			`if ((cbyte = *fromp++) == '=')`
179			`{`
180			`cbyte = 0;`
181			`padding++;`
182			`}`
183			`else`
184			`{`
185			`padding = 0;`
186			`if (badchar(cbyte, p))`
187			`return -1;`
188			`cbyte = p - b64string;`
189			`}`
190			`obyte \|= cbyte;`
191			`*top++ = obyte;`
192			`}`
193
194			`*top = 0;`
195			`if (len)`
196			`return -1;`
197			`return (top - to) - padding;`
198			`}`
199
200			`// The following code is a slightly modified version of those available at the`
201			`// end of RFC1270.`
202			`static void cyg_httpd_cvthex(HASH Bin, HASHHEX Hex)`
203			`{`
204			`unsigned short i;`
205			`unsigned char j;`
206
207			`for (i = 0; i < HASHLEN; i++)`
208			`{`
209			`j = (Bin[i] >> 4) & 0xf;`
210			`if (j <= 9)`
211			`Hex[i*2] = (j + '0');`
212			`else`
213			`Hex[i*2] = (j + 'a' - 10);`
214			`j = Bin[i] & 0xf;`
215			`if (j <= 9)`
216			`Hex[i*2+1] = (j + '0');`
217			`else`
218			`Hex[i*2+1] = (j + 'a' - 10);`
219			`};`
220			`Hex[HASHHEXLEN] = '\0';`
221			`};`
222
223			`// Calculate H(A1) as per spec.`
224			`static void`
225			`cyg_httpd_digest_calc_HA1( char *pszAlg,`
226			`char *pszUserName,`
227			`char *pszRealm,`
228			`char *pszPassword,`
229			`char *pszNonce,`
230			`char *pszCNonce,`
231			`HASHHEX SessionKey )`
232			`{`
233			`MD5_CTX Md5Ctx;`
234			`HASH HA1;`
235
236			`MD5Init(&Md5Ctx);`
237			`MD5Update(&Md5Ctx, (unsigned char*)pszUserName, strlen(pszUserName));`
238			`MD5Update(&Md5Ctx, (unsigned char*)":", 1);`
239			`MD5Update(&Md5Ctx, (unsigned char*)pszRealm, strlen(pszRealm));`
240			`MD5Update(&Md5Ctx, (unsigned char*)":", 1);`
241			`MD5Update(&Md5Ctx, (unsigned char*)pszPassword, strlen(pszPassword));`
242			`MD5Final((unsigned char*)HA1, &Md5Ctx);`
243			`if (strcmp(pszAlg, "md5-sess") == 0)`
244			`{`
245			`MD5Init(&Md5Ctx);`
246			`MD5Update(&Md5Ctx, (unsigned char*)HA1, HASHLEN);`
247			`MD5Update(&Md5Ctx, (unsigned char*)":", 1);`
248			`MD5Update(&Md5Ctx, (unsigned char*)pszNonce, strlen(pszNonce));`
249			`MD5Update(&Md5Ctx, (unsigned char*)":", 1);`
250			`MD5Update(&Md5Ctx, (unsigned char*)pszCNonce, strlen(pszCNonce));`
251			`MD5Final((unsigned char*)HA1, &Md5Ctx);`
252			`};`
253			`cyg_httpd_cvthex(HA1, SessionKey);`
254			`};`
255
256			`// Calculate request-digest/response-digest as per HTTP Digest spec.`
257			`void`
258			`cyg_httpd_digest_calc_response(HASHHEX HA1,`
259			`char *pszNonce,`
260			`char *pszNonceCount,`
261			`char *pszCNonce,`
262			`char *pszQop,`
263			`char *pszMethod,`
264			`char *pszDigestUri,`
265			`HASHHEX HEntity,`
266			`HASHHEX Response)`
267			`{`
268			`MD5_CTX Md5Ctx;`
269			`HASH HA2;`
270			`HASH RespHash;`
271			`HASHHEX HA2Hex;`
272
273			`// Calculate H(A2).`
274			`MD5Init(&Md5Ctx);`
275			`MD5Update(&Md5Ctx, (unsigned char*)pszMethod, strlen(pszMethod));`
276			`MD5Update(&Md5Ctx, (unsigned char*)":", 1);`
277			`MD5Update(&Md5Ctx, (unsigned char*)pszDigestUri, strlen(pszDigestUri));`
278			`if (strcmp(pszQop, "auth-int") == 0) {`
279			`MD5Update(&Md5Ctx, (unsigned char*)":", 1);`
280			`MD5Update(&Md5Ctx, (unsigned char*)HEntity, HASHHEXLEN);`
281			`};`
282			`MD5Final((unsigned char*)HA2, &Md5Ctx);`
283			`cyg_httpd_cvthex(HA2, HA2Hex);`
284
285			`// calculate response`
286			`MD5Init(&Md5Ctx);`
287			`MD5Update(&Md5Ctx, (unsigned char*)HA1, HASHHEXLEN);`
288			`MD5Update(&Md5Ctx, (unsigned char*)":", 1);`
289			`MD5Update(&Md5Ctx, (unsigned char*)pszNonce, strlen(pszNonce));`
290			`MD5Update(&Md5Ctx, (unsigned char*)":", 1);`
291			`if (*pszQop)`
292			`{`
293			`MD5Update(&Md5Ctx, (unsigned char*)pszNonceCount, strlen(pszNonceCount));`
294			`MD5Update(&Md5Ctx, (unsigned char*)":", 1);`
295			`MD5Update(&Md5Ctx, (unsigned char*)pszCNonce, strlen(pszCNonce));`
296			`MD5Update(&Md5Ctx, (unsigned char*)":", 1);`
297			`MD5Update(&Md5Ctx, (unsigned char*)pszQop, strlen(pszQop));`
298			`MD5Update(&Md5Ctx, (unsigned char*)":", 1);`
299			`};`
300			`MD5Update(&Md5Ctx, (unsigned char*)HA2Hex, HASHHEXLEN);`
301			`MD5Final((unsigned char*)RespHash, &Md5Ctx);`
302			`cyg_httpd_cvthex(RespHash, Response);`
303			`};`
304
305			`cyg_httpd_auth_table_entry*`
306			`cyg_httpd_is_authenticated(char* fname)`
307			`{`
308			`// Let's check if the directory access needs authorization. The`
309			`// authentication is done on the directory name.`
310			`cyg_httpd_auth_table_entry* entry =`
311			`cyg_httpd_auth_entry_from_path(fname);`
312			`if (entry != 0)`
313			`{`
314			`if (entry->auth_mode == CYG_HTTPD_AUTH_BASIC)`
315			`{`
316			`cyg_httpd_base64_decode(cyg_httpd_md5_digest,`
317			`cyg_httpd_md5_response,`
318			`strlen(cyg_httpd_md5_response));`
319			`char *colon = rindex(cyg_httpd_md5_digest, ':');`
320			`if (colon == NULL)`
321			`{`
322			`return (httpstate.needs_auth = entry);`
323			`}`
324			`else`
325			`{`
326			`*colon = '\0'; // Crypto now has the username.`
327
328			`// In the case of a 'Basic" authentication, the HTTP header`
329			`// did not return to us the domain name that we sent when we`
330			`// challenged the request: The only things that are returned`
331			`// are the username:password duo. In this case I will just`
332			`// compare the entry's username/password to those read from`
333			`// the header.`
334			`if ((strcmp(entry->auth_username,cyg_httpd_md5_digest) != 0) \|\|`
335			`(strcmp(entry->auth_password, ++colon) != 0))`
336			`return (httpstate.needs_auth = entry);`
337			`}`
338			`}`
339			`else`
340			`{`
341			`char *cyg_httpd_md5_method;`
342
343			`switch (httpstate.method)`
344			`{`
345			`case CYG_HTTPD_METHOD_GET:`
346			`cyg_httpd_md5_method = "GET";`
347			`break;`
348			`case CYG_HTTPD_METHOD_POST:`
349			`cyg_httpd_md5_method = "POST";`
350			`break;`
351			`default:`
352			`cyg_httpd_md5_method = "HEAD";`
353			`break;`
354			`}`
355			`cyg_httpd_digest_calc_HA1(CYG_HTTPD_MD5_AUTH_NAME,`
356			`entry->auth_username,`
357			`entry->auth_domainname,`
358			`entry->auth_password,`
359			`cyg_httpd_md5_nonce,`
360			`cyg_httpd_md5_cnonce,`
361			`cyg_httpd_md5_ha1);`
362			`cyg_httpd_digest_calc_response(cyg_httpd_md5_ha1,`
363			`cyg_httpd_md5_nonce,`
364			`cyg_httpd_md5_noncecount,`
365			`cyg_httpd_md5_cnonce,`
366			`CYG_HTTPD_MD5_AUTH_QOP,`
367			`cyg_httpd_md5_method,`
368			`httpstate.url,`
369			`cyg_httpd_md5_ha2,`
370			`cyg_httpd_md5_digest);`
371			`if (strcmp(cyg_httpd_md5_response, cyg_httpd_md5_digest) != 0)`
372			`return (httpstate.needs_auth = entry);`
373			`}`
374			`}`
375			`// No need for authentication...`
376			`return (cyg_httpd_auth_table_entry*)0;`
377			`}`
378
379			`char*`
380			`cyg_httpd_digest_data(char dest, char src)`
381			`{`
382			`int exit = 0;`
383			`while (exit == 0)`
384			`{`
385			`switch (*src )`
386			`{`
387			`case '\r':`
388			`case '\n':`
389			`*dest = '\0';`
390			`exit = 1;`
391			`break;`
392			`case ',':`
393			`// If it is a comma there might or might not be a blank space`
394			`// following it (IE7 inserts no spaces, everyone else does...)`
395			`// so before exiting the loop remove any blank space that follows.`
396			`if (src[1] == ' ')`
397			`src++;`
398			`case ' ':`
399			`src++;`
400			`*dest = '\0';`
401			`exit = 1;`
402			`break;`
403			`case '"':`
404			`src++;`
405			`break;`
406			`default:`
407			`dest++ = src++;`
408			`}`
409			`}`
410			`return src;`
411			`}`
412
413			`// Skips through fields we do not need.`
414			`char*`
415			`cyg_httpd_digest_skip(char *p)`
416			`{`
417			`if (*p == '"')`
418			`{`
419			`p++;`
420			`while ((p != '"') && (p != '\n'))`
421			`p++;`
422			`p++;`
423			`if (*p == ',')`
424			`p++;`
425			`if (*p == ' ')`
426			`p++;`
427			`if (*p == '\n')`
428			`p++;`
429			`}`
430			`else`
431			`{`
432			`while ((p != ' ') && (p != '\n'))`
433			`p++;`
434			`if (*p == ',')`
435			`p++;`
436			`if (*p == ' ')`
437			`p++;`
438			`if (*p == '\n')`
439			`p++;`
440			`}`
441			`return p;`
442			`}`