static int http_da_verify_method(struct soap *soap, const char *method, const char *passwd) { struct http_da_data *data = (struct http_da_data*)soap_lookup_plugin(soap, http_da_id); char HA1hex[65], entityHAhex[65], response[65], responseHA[32]; size_t smd_len = 16; if (!data) return SOAP_ERR; if (data->alg && !soap_tag_cmp(data->alg, "SHA-256*")) smd_len = 32; /* reject if none or basic authentication was used */ if (!soap->authrealm || !soap->userid || soap->passwd) /* passwd is set when basic auth is used */ return SOAP_ERR; /* require at least qop="auth" to prevent replay attacks */ if (!data->qop) return SOAP_ERR; if (http_da_session_update(soap->authrealm, data->nonce, data->opaque, data->cnonce, data->ncount)) return SOAP_ERR; if (http_da_calc_HA1(soap, &data->smd_data, data->alg, soap->userid, soap->authrealm, passwd, data->nonce, data->cnonce, HA1hex)) return soap->error; if (!soap_tag_cmp(data->qop, "auth-int")) (void)soap_s2hex(soap, (unsigned char*)data->digest, entityHAhex, smd_len); if (http_da_calc_response(soap, &data->smd_data, data->alg, HA1hex, data->nonce, data->ncount, data->cnonce, data->qop, method, soap->path, entityHAhex, response, responseHA)) return soap->error; /* check digest response values */ if (memcmp(data->response, responseHA, smd_len)) return SOAP_ERR; return SOAP_OK; }
static int http_da_verify_method(struct soap *soap, char *method, char *passwd) { struct http_da_data *data = (struct http_da_data*)soap_lookup_plugin(soap, http_da_id); char HA1[33], entityHAhex[33], response[33]; if (!data) return SOAP_ERR; /* reject if none or basic authentication was used */ if (!soap->authrealm || !soap->userid || soap->passwd) /* passwd is set when basic auth is used */ return SOAP_ERR; /* require at least qop="auth" to prevent replay attacks */ if (!data->qop) return SOAP_ERR; if (http_da_session_update(soap->authrealm, data->nonce, data->opaque, data->cnonce, data->ncount)) return SOAP_ERR; http_da_calc_HA1(soap, &data->context, NULL, soap->userid, soap->authrealm, passwd, data->nonce, data->cnonce, HA1); if (!soap_tag_cmp(data->qop, "auth-int")) soap_s2hex(soap, (unsigned char*)data->digest, entityHAhex, 16); http_da_calc_response(soap, &data->context, HA1, data->nonce, data->ncount, data->cnonce, data->qop, method, soap->path, entityHAhex, response); #ifdef SOAP_DEBUG fprintf(stderr, "Debug message: verifying client response=%s with calculated digest=%s\n", data->response, response); #endif /* check digest response values */ if (strcmp(data->response, response)) return SOAP_ERR; return SOAP_OK; }