Adding HTTP Digest Auth (but not yet enabled)

2025-08-03 20:34:24 -04:00 · 2016-12-08 20:28:28 -05:00 · 2016-12-08 20:28:28 -05:00 · bdc3d7496f
commit bdc3d7496f
parent 1a286061ff
12 changed files with 1165 additions and 7 deletions
--- a/contrib/epee/include/net/abstract_tcp_server2.inl
+++ b/contrib/epee/include/net/abstract_tcp_server2.inl
@ -683,7 +683,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
 	m_sock_count(0), m_sock_number(0), m_threads_count(0), 
 	m_pfilter(NULL), m_thread_index(0),
 		m_connection_type( connection_type ),
-    new_connection_(new connection<t_protocol_handler>(io_service_, m_config, m_sock_count, m_sock_number, m_pfilter, m_connection_type))
+    new_connection_()
  {
    create_server_type_map();
    m_thread_name_prefix = "NET";
@ -697,7 +697,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
 		m_sock_count(0), m_sock_number(0), m_threads_count(0), 
 		m_pfilter(NULL), m_thread_index(0),
 		m_connection_type(connection_type),
-    new_connection_(new connection<t_protocol_handler>(io_service_, m_config, m_sock_count, m_sock_number, m_pfilter, connection_type))
+    new_connection_()
  {
    create_server_type_map();
    m_thread_name_prefix = "NET";
@ -736,6 +736,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
    boost::asio::ip::tcp::endpoint binded_endpoint = acceptor_.local_endpoint();
    m_port = binded_endpoint.port();
    _fact_c("net/RPClog", "start accept");
+    new_connection_.reset(new connection<t_protocol_handler>(io_service_, m_config, m_sock_count, m_sock_number, m_pfilter, m_connection_type));
    acceptor_.async_accept(new_connection_->socket(),
      boost::bind(&boosted_tcp_server<t_protocol_handler>::handle_accept, this,
      boost::asio::placeholders::error));
@ -1051,7 +1052,7 @@ POP_WARNINGS
    }
    else
    {
-      _erro("[sock " << new_connection_->socket().native_handle() << "] Failed to start connection, connections_count = " << m_sock_count);
+      _erro("[sock " << new_connection_l->socket().native_handle() << "] Failed to start connection, connections_count = " << m_sock_count);
    }
    
 	new_connection_l->save_dbg_log();
--- a/contrib/epee/include/net/http_auth.h
+++ b/contrib/epee/include/net/http_auth.h
@ -0,0 +1,81 @@
+// Copyright (c) 2014-2016, The Monero Project
+//
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+//
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#pragma once
+
+#include <boost/optional/optional.hpp>
+#include <cstdint>
+#include "http_base.h"
+#include <string>
+#include <utility>
+
+namespace epee
+{
+namespace net_utils
+{
+  namespace http
+  {
+    //! Implements RFC 2617 digest auth. Digests from RFC 7616 can be added.
+    class http_auth
+    {
+    public:
+      struct login
+      {
+        login() = delete;
+        std::string username;
+        std::string password;
+      };
+
+      struct session
+      {
+        session() = delete;
+        const login credentials;
+        std::string nonce;
+        std::uint32_t counter;
+      };
+
+      http_auth() : user() {}
+      http_auth(login credentials);
+
+      //! \return Auth response, or `boost::none` iff `request` had valid auth.
+      boost::optional<http_response_info> get_response(const http_request_info& request)
+      {
+        if (user)
+        {
+          return process(request);
+        }
+        return boost::none;
+      }
+
+    private:
+      boost::optional<http_response_info> process(const http_request_info& request);
+
+      boost::optional<session> user;
+    };
+  }
+}
+}
--- a/contrib/epee/include/net/http_protocol_handler.h
+++ b/contrib/epee/include/net/http_protocol_handler.h
@ -30,9 +30,11 @@
 #ifndef _HTTP_SERVER_H_
 #define _HTTP_SERVER_H_

+#include <boost/optional/optional.hpp>
 #include <string>
 #include "net_utils_base.h"
 #include "to_nonconst_iterator.h"
+#include "http_auth.h"
 #include "http_base.h"

 namespace epee
@ -50,6 +52,7 @@ namespace net_utils
 		{
 			std::string m_folder;
 			std::string m_required_user_agent;
+			boost::optional<http_auth::login> m_user;
 			critical_section m_lock;
 		};

@ -169,11 +172,20 @@ namespace net_utils
 			http_custom_handler(i_service_endpoint* psnd_hndlr, config_type& config, t_connection_context& conn_context)
 				: simple_http_connection_handler<t_connection_context>(psnd_hndlr, config),
 					m_config(config),
-					m_conn_context(conn_context)
+					m_conn_context(conn_context),
+					m_auth(m_config.m_user ? http_auth{*m_config.m_user} : http_auth{})
 			{}
 			inline bool handle_request(const http_request_info& query_info, http_response_info& response)
 			{
 				CHECK_AND_ASSERT_MES(m_config.m_phandler, false, "m_config.m_phandler is NULL!!!!");
+
+				const auto auth_response = m_auth.get_response(query_info);
+				if (auth_response)
+				{
+					response = std::move(*auth_response);
+					return true;
+				}
+
 				//fill with default values
 				response.m_mime_tipe = "text/plain";
 				response.m_response_code = 200;
@ -202,6 +214,7 @@ namespace net_utils
 			//simple_http_connection_handler::config_type m_stub_config;
 			config_type& m_config;
 			t_connection_context& m_conn_context;
+			http_auth m_auth;
 		};
 	}
 }
--- a/contrib/epee/include/net/http_server_impl_base.h
+++ b/contrib/epee/include/net/http_server_impl_base.h
@ -52,7 +52,8 @@ namespace epee
        : m_net_server(external_io_service)
    {}

-    bool init(const std::string& bind_port = "0", const std::string& bind_ip = "0.0.0.0", const std::string &user_agent = "")
+    bool init(const std::string& bind_port = "0", const std::string& bind_ip = "0.0.0.0",
+      std::string user_agent = "", boost::optional<net_utils::http::http_auth::login> user = boost::none)
    {

      //set self as callback handler
@ -62,7 +63,8 @@ namespace epee
      m_net_server.get_config_object().m_folder = "";

      // workaround till we get auth/encryption
-      m_net_server.get_config_object().m_required_user_agent = user_agent;
+      m_net_server.get_config_object().m_required_user_agent = std::move(user_agent);
+      m_net_server.get_config_object().m_user = std::move(user);

      LOG_PRINT_L0("Binding on " << bind_ip << ":" << bind_port);
      bool res = m_net_server.init_server(bind_port, bind_ip);