From 188341a755d31d15b0bc7da36d20ec3e196854ee Mon Sep 17 00:00:00 2001 From: bcsgh <33939446+bcsgh@users.noreply.github.com> Date: Mon, 17 May 2021 20:51:02 -0700 Subject: [PATCH 1/6] Add a getter to allow access to the gnutls_session_t. --- src/http_request.cpp | 9 +++++++++ src/httpserver/http_request.hpp | 12 ++++++++++++ 2 files changed, 21 insertions(+) diff --git a/src/http_request.cpp b/src/http_request.cpp index 0ac718e4..efcd1ac8 100644 --- a/src/http_request.cpp +++ b/src/http_request.cpp @@ -212,6 +212,15 @@ const std::string http_request::get_digested_user() const { return digested_user; } +#ifdef HAVE_GNUTLS +gnutls_session_t http_request::get_tls_session() const +{ + const MHD_ConnectionInfo * conninfo = MHD_get_connection_info(underlying_connection, MHD_CONNECTION_INFO_GNUTLS_SESSION); + + return static_cast(conninfo->tls_session); +} +#endif //HAVE_GNUTLS + const std::string http_request::get_requestor() const { const MHD_ConnectionInfo * conninfo = MHD_get_connection_info(underlying_connection, MHD_CONNECTION_INFO_CLIENT_ADDRESS); diff --git a/src/httpserver/http_request.hpp b/src/httpserver/http_request.hpp index 0f1708cf..341a9780 100644 --- a/src/httpserver/http_request.hpp +++ b/src/httpserver/http_request.hpp @@ -27,6 +27,10 @@ #include +#ifdef HAVE_GNUTLS +#include +#endif // HAVE_GNUTLS + #include #include #include @@ -183,6 +187,14 @@ class http_request { return version; } +#ifdef HAVE_GNUTLS + /** + * Method used to get the TLS session. + * @return the TLS session + **/ + gnutls_session_t get_tls_session() const; +#endif // HAVE_GNUTLS + /** * Method used to get the requestor. * @return the requestor From 605c1b0da4c230d5e786d5d3e44221d9a18390c1 Mon Sep 17 00:00:00 2001 From: bcsgh <33939446+bcsgh@users.noreply.github.com> Date: Mon, 17 May 2021 21:11:01 -0700 Subject: [PATCH 2/6] Placate lint. --- src/http_request.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/http_request.cpp b/src/http_request.cpp index efcd1ac8..4b9b2009 100644 --- a/src/http_request.cpp +++ b/src/http_request.cpp @@ -219,7 +219,7 @@ gnutls_session_t http_request::get_tls_session() const return static_cast(conninfo->tls_session); } -#endif //HAVE_GNUTLS +#endif // HAVE_GNUTLS const std::string http_request::get_requestor() const { const MHD_ConnectionInfo * conninfo = MHD_get_connection_info(underlying_connection, MHD_CONNECTION_INFO_CLIENT_ADDRESS); From 78d1897228da2ab1dbb5fc376df2d163d5e4e6ac Mon Sep 17 00:00:00 2001 From: bcsgh <33939446+bcsgh@users.noreply.github.com> Date: Mon, 17 May 2021 21:22:49 -0700 Subject: [PATCH 3/6] Placate lint, some more. --- src/http_request.cpp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/http_request.cpp b/src/http_request.cpp index 4b9b2009..1fd9f77a 100644 --- a/src/http_request.cpp +++ b/src/http_request.cpp @@ -213,8 +213,7 @@ const std::string http_request::get_digested_user() const { } #ifdef HAVE_GNUTLS -gnutls_session_t http_request::get_tls_session() const -{ +gnutls_session_t http_request::get_tls_session() const { const MHD_ConnectionInfo * conninfo = MHD_get_connection_info(underlying_connection, MHD_CONNECTION_INFO_GNUTLS_SESSION); return static_cast(conninfo->tls_session); From 83e1c6f6730fff2b951ea759a51bf7e6cd145288 Mon Sep 17 00:00:00 2001 From: bcsgh <33939446+bcsgh@users.noreply.github.com> Date: Wed, 9 Jun 2021 10:44:35 -0700 Subject: [PATCH 4/6] Document get_tls_session. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 7228d200..c61e9f8a 100644 --- a/README.md +++ b/README.md @@ -563,6 +563,7 @@ The `http_request` class has a set of methods you will have access to when imple * _**const std::string** get_pass() **const**:_ Returns the `password` as self-identified through basic authentication. The content of the password header will be parsed only if basic authentication is enabled on the server (enabled by default). * _**const std::string** get_digested_user() **const**:_ Returns the `digested user` as self-identified through digest authentication. The content of the user header will be parsed only if digest authentication is enabled on the server (enabled by default). * _**bool** check_digest_auth(**const std::string&** realm, **const std::string&** password, **int** nonce_timeout, **bool*** reload_nonce) **const**:_ Allows to check the validity of the authentication token sent through digest authentication (if the provided values in the WWW-Authenticate header are valid and sound according to RFC2716). Takes in input the `realm` of validity of the authentication, the `password` as known to the server to compare against, the `nonce_timeout` to indicate how long the nonce is valid and `reload_nonce` a boolean that will be set by the method to indicate a nonce being reloaded. The method returns `true` if the authentication is valid, `false` otherwise. +* _**gnutls_session_t** get_tls_session() **const**:_ Reurn the underlying TLS state of the current request for inspection. #### Example of handler reading arguments from a request #include From e446f6a3b7c59d7800157d5793f56081e485a987 Mon Sep 17 00:00:00 2001 From: bcsgh <33939446+bcsgh@users.noreply.github.com> Date: Wed, 9 Jun 2021 11:04:41 -0700 Subject: [PATCH 5/6] Add http_request::has_tls_session to allow checking if http_request::get_tls_session is safe to call. --- README.md | 3 ++- src/http_request.cpp | 5 +++++ src/httpserver/http_request.hpp | 6 ++++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c61e9f8a..bc0cfefc 100644 --- a/README.md +++ b/README.md @@ -563,7 +563,8 @@ The `http_request` class has a set of methods you will have access to when imple * _**const std::string** get_pass() **const**:_ Returns the `password` as self-identified through basic authentication. The content of the password header will be parsed only if basic authentication is enabled on the server (enabled by default). * _**const std::string** get_digested_user() **const**:_ Returns the `digested user` as self-identified through digest authentication. The content of the user header will be parsed only if digest authentication is enabled on the server (enabled by default). * _**bool** check_digest_auth(**const std::string&** realm, **const std::string&** password, **int** nonce_timeout, **bool*** reload_nonce) **const**:_ Allows to check the validity of the authentication token sent through digest authentication (if the provided values in the WWW-Authenticate header are valid and sound according to RFC2716). Takes in input the `realm` of validity of the authentication, the `password` as known to the server to compare against, the `nonce_timeout` to indicate how long the nonce is valid and `reload_nonce` a boolean that will be set by the method to indicate a nonce being reloaded. The method returns `true` if the authentication is valid, `false` otherwise. -* _**gnutls_session_t** get_tls_session() **const**:_ Reurn the underlying TLS state of the current request for inspection. +* _**gnutls_session_t** get_tls_session() **const**:_ Test if there is am underlying TLS state of the current request. +* _**gnutls_session_t** get_tls_session() **const**:_ Reurn the underlying TLS state of the current request for inspection. (It is an error to call this if the state does not exist.) #### Example of handler reading arguments from a request #include diff --git a/src/http_request.cpp b/src/http_request.cpp index 1fd9f77a..5f29e0cc 100644 --- a/src/http_request.cpp +++ b/src/http_request.cpp @@ -213,6 +213,11 @@ const std::string http_request::get_digested_user() const { } #ifdef HAVE_GNUTLS +bool http_request::has_tls_session() const { + const MHD_ConnectionInfo * conninfo = MHD_get_connection_info(underlying_connection, MHD_CONNECTION_INFO_GNUTLS_SESSION); + return (conninfo != nullptr); +} + gnutls_session_t http_request::get_tls_session() const { const MHD_ConnectionInfo * conninfo = MHD_get_connection_info(underlying_connection, MHD_CONNECTION_INFO_GNUTLS_SESSION); diff --git a/src/httpserver/http_request.hpp b/src/httpserver/http_request.hpp index 341a9780..2c426c05 100644 --- a/src/httpserver/http_request.hpp +++ b/src/httpserver/http_request.hpp @@ -188,6 +188,12 @@ class http_request { } #ifdef HAVE_GNUTLS + /** + * Method used to check if there is a TLS session. + * @return the TLS session + **/ + bool has_tls_session() const; + /** * Method used to get the TLS session. * @return the TLS session From 0fca94dab2bb4963a7dc18fcd640d1160d16d94c Mon Sep 17 00:00:00 2001 From: bcsgh <33939446+bcsgh@users.noreply.github.com> Date: Wed, 9 Jun 2021 12:11:27 -0700 Subject: [PATCH 6/6] Spelling and grammer. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index bc0cfefc..0385f54c 100644 --- a/README.md +++ b/README.md @@ -563,8 +563,8 @@ The `http_request` class has a set of methods you will have access to when imple * _**const std::string** get_pass() **const**:_ Returns the `password` as self-identified through basic authentication. The content of the password header will be parsed only if basic authentication is enabled on the server (enabled by default). * _**const std::string** get_digested_user() **const**:_ Returns the `digested user` as self-identified through digest authentication. The content of the user header will be parsed only if digest authentication is enabled on the server (enabled by default). * _**bool** check_digest_auth(**const std::string&** realm, **const std::string&** password, **int** nonce_timeout, **bool*** reload_nonce) **const**:_ Allows to check the validity of the authentication token sent through digest authentication (if the provided values in the WWW-Authenticate header are valid and sound according to RFC2716). Takes in input the `realm` of validity of the authentication, the `password` as known to the server to compare against, the `nonce_timeout` to indicate how long the nonce is valid and `reload_nonce` a boolean that will be set by the method to indicate a nonce being reloaded. The method returns `true` if the authentication is valid, `false` otherwise. -* _**gnutls_session_t** get_tls_session() **const**:_ Test if there is am underlying TLS state of the current request. -* _**gnutls_session_t** get_tls_session() **const**:_ Reurn the underlying TLS state of the current request for inspection. (It is an error to call this if the state does not exist.) +* _**gnutls_session_t** get_tls_session() **const**:_ Tests if there is am underlying TLS state of the current request. +* _**gnutls_session_t** get_tls_session() **const**:_ Returns the underlying TLS state of the current request for inspection. (It is an error to call this if the state does not exist.) #### Example of handler reading arguments from a request #include