diff options
| author | Glenn Strauss <gstrauss@gluelogic.com> | 2021-11-28 02:22:40 -0500 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2021-11-30 13:57:46 +0100 |
| commit | aae235b6ba92662a6fb7b459614f7ee2e290ae17 (patch) | |
| tree | cfa956fc7a505f4d79336a6a00a8349aba611fb1 | |
| parent | 6ad053060d213ef356d3f3943784620b4deea05a (diff) | |
| download | curl-aae235b6ba92662a6fb7b459614f7ee2e290ae17.tar.gz | |
digest: compute user:realm:pass digest w/o userhash
https://datatracker.ietf.org/doc/html/rfc7616#section-3.4.4
... the client MUST calculate a hash of the username after
any other hash calculation ...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Closes #8066
| -rw-r--r-- | lib/vauth/digest.c | 3 | ||||
| -rw-r--r-- | tests/data/test2059 | 8 | ||||
| -rw-r--r-- | tests/data/test2063 | 8 | ||||
| -rw-r--r-- | tests/data/test2066 | 8 | ||||
| -rw-r--r-- | tests/data/test2069 | 8 |
5 files changed, 17 insertions, 18 deletions
diff --git a/lib/vauth/digest.c b/lib/vauth/digest.c index a04ffab6f..52179c265 100644 --- a/lib/vauth/digest.c +++ b/lib/vauth/digest.c @@ -722,8 +722,7 @@ static CURLcode auth_create_digest_http_message( unq(nonce-value) ":" unq(cnonce-value) */ - hashthis = aprintf("%s:%s:%s", digest->userhash ? userh : userp, - digest->realm, passwdp); + hashthis = aprintf("%s:%s:%s", userp, digest->realm, passwdp); if(!hashthis) return CURLE_OUT_OF_MEMORY; diff --git a/tests/data/test2059 b/tests/data/test2059 index 7ce80a384..0bf160c7d 100644 --- a/tests/data/test2059 +++ b/tests/data/test2059 @@ -21,7 +21,7 @@ X-Powered-By: ASP.NET HTTP/1.1 401 authentication please swsbounce
Server: Microsoft-IIS/6.0
-WWW-Authenticate: Digest realm="testrealm", algorithm="SHA-512-256", nonce="1053604144", userhash=true
+WWW-Authenticate: Digest realm="testrealm", algorithm="SHA-256", nonce="1053604144", userhash=true
Content-Type: text/html; charset=iso-8859-1
Content-Length: 0
@@ -43,7 +43,7 @@ X-Powered-By: ASP.NET HTTP/1.1 401 authentication please swsbounce
Server: Microsoft-IIS/6.0
-WWW-Authenticate: Digest realm="testrealm", algorithm="SHA-512-256", nonce="1053604144", userhash=true
+WWW-Authenticate: Digest realm="testrealm", algorithm="SHA-256", nonce="1053604144", userhash=true
Content-Type: text/html; charset=iso-8859-1
Content-Length: 0
@@ -69,7 +69,7 @@ crypto proxy </features> <name> -HTTP POST --digest with PUT, resumed upload, modified method, SHA-512-256 and userhash=true +HTTP POST --digest with PUT, resumed upload, modified method, SHA-256 and userhash=true </name> <command> http://%HOSTIP:%HTTPPORT/%TESTNUMBER -u auser:apasswd --digest -T log/%TESTNUMBER -x http://%HOSTIP:%HTTPPORT -C 2 -X GET @@ -92,7 +92,7 @@ Content-Length: 0 GET http://%HOSTIP:%HTTPPORT/%TESTNUMBER HTTP/1.1
Host: %HOSTIP:%HTTPPORT
-Authorization: Digest username="fddc3bc7b753b73ab0848fd83cb20cbbca971258eb8d20c941dd5e0b010d66be", realm="testrealm", nonce="1053604144", uri="/%TESTNUMBER", response="fc09be8192851e284e73e8b719b32a2f6f91cca0594e68713da8c49dc2c1656e", algorithm=SHA-512-256, userhash=true
+Authorization: Digest username="fddc3bc7b753b73ab0848fd83cb20cbbca971258eb8d20c941dd5e0b010d66be", realm="testrealm", nonce="1053604144", uri="/%TESTNUMBER", response="22d200df1fd02a9d3a7269ef5bbb5bf8f16f184a74907df9b64a3755489c0b42", algorithm=SHA-256, userhash=true
Content-Range: bytes 2-4/5
User-Agent: curl/%VERSION
Accept: */*
diff --git a/tests/data/test2063 b/tests/data/test2063 index 0854c8061..986a6ef6a 100644 --- a/tests/data/test2063 +++ b/tests/data/test2063 @@ -11,7 +11,7 @@ HTTP Digest auth <data> HTTP/1.1 401 Authorization Required swsclose
Server: Apache/1.3.27 (Darwin) PHP/4.1.2
-WWW-Authenticate: Digest realm="testrealm", nonce="1053604145", algorithm="SHA-512-256", userhash=true
+WWW-Authenticate: Digest realm="testrealm", nonce="1053604145", algorithm="SHA-256", userhash=true
Content-Type: text/html; charset=iso-8859-1
Content-Length: 26
@@ -32,7 +32,7 @@ This IS the real page! <datacheck> HTTP/1.1 401 Authorization Required swsclose
Server: Apache/1.3.27 (Darwin) PHP/4.1.2
-WWW-Authenticate: Digest realm="testrealm", nonce="1053604145", algorithm="SHA-512-256", userhash=true
+WWW-Authenticate: Digest realm="testrealm", nonce="1053604145", algorithm="SHA-256", userhash=true
Content-Type: text/html; charset=iso-8859-1
Content-Length: 26
@@ -56,7 +56,7 @@ http crypto </features> <name> -HTTP with RFC7616 SHA-512-256 Digest authorization and userhash=true +HTTP with RFC7616 SHA-256 Digest authorization and userhash=true </name> <command> http://%HOSTIP:%HTTPPORT/%TESTNUMBER -u testuser:testpass --digest @@ -73,7 +73,7 @@ Accept: */* GET /%TESTNUMBER HTTP/1.1
Host: %HOSTIP:%HTTPPORT
-Authorization: Digest username="75af8a3500f771e58a52093a25e7905d6e428a511285c12ea1420c73078dfd61", realm="testrealm", nonce="1053604145", uri="/%TESTNUMBER", response="43f7ab531dff687b5dc75617daa59d1fd67d648341d6d2655ca65ef5064cfb51", algorithm=SHA-512-256, userhash=true
+Authorization: Digest username="75af8a3500f771e58a52093a25e7905d6e428a511285c12ea1420c73078dfd61", realm="testrealm", nonce="1053604145", uri="/%TESTNUMBER", response="6c470aec384ab1d4e12d3ce1f5b08303d8cad177e52ebe50ec1a3e141adb0cdc", algorithm=SHA-256, userhash=true
User-Agent: curl/%VERSION
Accept: */*
diff --git a/tests/data/test2066 b/tests/data/test2066 index 1f8d1982d..4352afaf3 100644 --- a/tests/data/test2066 +++ b/tests/data/test2066 @@ -11,7 +11,7 @@ HTTP Digest auth <data> HTTP/1.1 401 Authorization Required
Server: Apache/1.3.27 (Darwin) PHP/4.1.2
-WWW-Authenticate: Digest realm="testrealm", nonce="2053604145", algorithm="SHA-512-256", userhash=true
+WWW-Authenticate: Digest realm="testrealm", nonce="2053604145", algorithm="SHA-256", userhash=true
Content-Type: text/html; charset=iso-8859-1
Content-Length: 26
@@ -32,7 +32,7 @@ This is not the real page either <datacheck> HTTP/1.1 401 Authorization Required
Server: Apache/1.3.27 (Darwin) PHP/4.1.2
-WWW-Authenticate: Digest realm="testrealm", nonce="2053604145", algorithm="SHA-512-256", userhash=true
+WWW-Authenticate: Digest realm="testrealm", nonce="2053604145", algorithm="SHA-256", userhash=true
Content-Type: text/html; charset=iso-8859-1
Content-Length: 26
@@ -56,7 +56,7 @@ http crypto </features> <name> -HTTP with RFC7616 Digest authorization with bad password, SHA-512-256 and userhash=true +HTTP with RFC7616 Digest authorization with bad password, SHA-256 and userhash=true </name> <command> http://%HOSTIP:%HTTPPORT/%TESTNUMBER -u testuser:test2pass --digest @@ -73,7 +73,7 @@ Accept: */* GET /%TESTNUMBER HTTP/1.1
Host: %HOSTIP:%HTTPPORT
-Authorization: Digest username="75af8a3500f771e58a52093a25e7905d6e428a511285c12ea1420c73078dfd61", realm="testrealm", nonce="2053604145", uri="/%TESTNUMBER", response="a2e2ae589f575fb132991d6f550ef14bf7ef697d2fef1242d2498f07eafc77dc", algorithm=SHA-512-256, userhash=true
+Authorization: Digest username="75af8a3500f771e58a52093a25e7905d6e428a511285c12ea1420c73078dfd61", realm="testrealm", nonce="2053604145", uri="/%TESTNUMBER", response="374a35326cc09e7d1ec3165aee9de01cae46daac33d8999aa1f483fa7882b86c", algorithm=SHA-256, userhash=true
User-Agent: curl/%VERSION
Accept: */*
diff --git a/tests/data/test2069 b/tests/data/test2069 index 41a0c744d..74d719fd3 100644 --- a/tests/data/test2069 +++ b/tests/data/test2069 @@ -12,7 +12,7 @@ HTTP Digest auth <data> HTTP/1.1 401 authentication please swsbounce
Server: Microsoft-IIS/6.0
-WWW-Authenticate: Digest realm="testrealm", nonce="1053604144", algorithm="SHA-512-256", userhash=true
+WWW-Authenticate: Digest realm="testrealm", nonce="1053604144", algorithm="SHA-256", userhash=true
Content-Type: text/html; charset=iso-8859-1
Content-Length: 0
@@ -29,7 +29,7 @@ ok <datacheck> HTTP/1.1 401 authentication please swsbounce
Server: Microsoft-IIS/6.0
-WWW-Authenticate: Digest realm="testrealm", nonce="1053604144", algorithm="SHA-512-256", userhash=true
+WWW-Authenticate: Digest realm="testrealm", nonce="1053604144", algorithm="SHA-256", userhash=true
Content-Type: text/html; charset=iso-8859-1
Content-Length: 0
@@ -54,7 +54,7 @@ http crypto </features> <name> -HTTP POST --digest with SHA-512-256, userhash=true and user-specified Content-Length header +HTTP POST --digest with SHA-256, userhash=true and user-specified Content-Length header </name> # This test is to ensure 'Content-Length: 0' is sent while negotiating auth # even when there is a user-specified Content-Length header. @@ -76,7 +76,7 @@ Content-Type: application/x-www-form-urlencoded POST /%TESTNUMBER HTTP/1.1
Host: %HOSTIP:%HTTPPORT
-Authorization: Digest username="fddc3bc7b753b73ab0848fd83cb20cbbca971258eb8d20c941dd5e0b010d66be", realm="testrealm", nonce="1053604144", uri="/%TESTNUMBER", response="ff13d977110a471f30de75e747976e4de78d7a3d2425cd23ff46e67f4bc9ead7", algorithm=SHA-512-256, userhash=true
+Authorization: Digest username="fddc3bc7b753b73ab0848fd83cb20cbbca971258eb8d20c941dd5e0b010d66be", realm="testrealm", nonce="1053604144", uri="/%TESTNUMBER", response="9a29f1dab407e62daa7121185f9f12db6177415e03f35d9a881550095a83378d", algorithm=SHA-256, userhash=true
User-Agent: curl/%VERSION
Accept: */*
Content-Length: 11
|