From 9835e2ae736235810b4ea1c162ca5e65c547e770 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 18 May 2024 04:49:50 +0200 Subject: Merging upstream version 1.71.1+dfsg1. Signed-off-by: Daniel Baumann --- vendor/http-auth/.cargo-checksum.json | 2 +- vendor/http-auth/CHANGELOG.md | 11 +- vendor/http-auth/Cargo.lock | 169 +++++++++++++++++--------- vendor/http-auth/Cargo.toml | 39 ++++-- vendor/http-auth/README.md | 51 ++------ vendor/http-auth/build.rs | 136 --------------------- vendor/http-auth/design/20211020-new-crate.md | 57 +++++++++ vendor/http-auth/design/README.md | 1 + vendor/http-auth/src/basic.rs | 5 +- vendor/http-auth/src/lib.rs | 23 +--- vendor/http-auth/src/parser.rs | 2 +- vendor/http-auth/src/table.rs | 135 ++++++++++++++++++++ 12 files changed, 364 insertions(+), 267 deletions(-) delete mode 100644 vendor/http-auth/build.rs create mode 100644 vendor/http-auth/design/20211020-new-crate.md create mode 100644 vendor/http-auth/design/README.md create mode 100644 vendor/http-auth/src/table.rs (limited to 'vendor/http-auth') diff --git a/vendor/http-auth/.cargo-checksum.json b/vendor/http-auth/.cargo-checksum.json index 59ce8579a..091180147 100644 --- a/vendor/http-auth/.cargo-checksum.json +++ b/vendor/http-auth/.cargo-checksum.json @@ -1 +1 @@ -{"files":{"CHANGELOG.md":"30d41f9637e61db485d133d00ec51436c8193c470327fba0bbc1bc78c47f68b2","Cargo.lock":"9bb234a5ffdb53064979fa28964d90fcfeef6aa6c9dffb1f3014e7f59ac1808e","Cargo.toml":"376152840ce224bcf24137dd4a28ab844bf666de3ce85244644bb71209ce3145","LICENSE-APACHE.txt":"531ae0e8652952207e2e577daa311955290f78380be845087f2acd86d808df7d","LICENSE-MIT.txt":"ed057943f5d1306ad0c87d38e1e523b9e167dce174ef7138fa27200c7cf1243f","README.md":"dd83686e7205081302f20f3bdd73a6555956a0b8ec1622795dda3f010158f8fd","build.rs":"700d886f3f3b6361c5e56542a7c395d12bf93bf19223996bf7de3e40fe8ad98b","examples/reqwest.rs":"e14686de096ba44a6402e7daa62d35b5a62d6448b1068fddbde327311b274fb5","src/basic.rs":"5b8f424d6e4d983d0e0d769c44cd73d10de3b5fa413b423aaf0b699edb0adac3","src/digest.rs":"378700648fe09ad736d3d84e4a6b8e7785fe01593ad332029ab037676d80ce88","src/lib.rs":"0b55273b9b8b428f06195d58d63efd062b246aa8bfafb10c4de44ba0dc7e6d22","src/parser.rs":"9556546afaece815485fe9884510c95e19884f1e7f1e6f6b47750522804dbf5b"},"package":"c0b40b39d66c28829a0cf4d09f7e139ff8201f7500a5083732848ed3b4b4d850"} \ No newline at end of file +{"files":{"CHANGELOG.md":"b6ffff5ec9e72ea8e88bec34f178036a9d752a5a8a655ec5ee905860fa53aba9","Cargo.lock":"5fd2d478d6bc9519d048b7818aa17c184d9b058106508e2db51d05087eed09f4","Cargo.toml":"8d46be8785979bbcffb49b0acc42710d4e4b47fcc133c6e0cf69804bfea52bbb","LICENSE-APACHE.txt":"531ae0e8652952207e2e577daa311955290f78380be845087f2acd86d808df7d","LICENSE-MIT.txt":"ed057943f5d1306ad0c87d38e1e523b9e167dce174ef7138fa27200c7cf1243f","README.md":"f4902ad2696d024be666683223b1f6147dbc90da92cd04f2e8ea7535481c4c42","design/20211020-new-crate.md":"a0655feafd0b32313cb1938658aa53fc99560167f0726c1da6dcd8b73ba9494a","design/README.md":"70752e474dca133dad62e786ede1c3b89ddf81be3758103ca68a5ea3f3a818e2","examples/reqwest.rs":"e14686de096ba44a6402e7daa62d35b5a62d6448b1068fddbde327311b274fb5","src/basic.rs":"25b67f1ebd4fd983c2b6116200bea370da8df6a7128b9015356056f241b80083","src/digest.rs":"378700648fe09ad736d3d84e4a6b8e7785fe01593ad332029ab037676d80ce88","src/lib.rs":"42bb0cefc4ac71b9834186aee4736fdbda56640e28dd739d91ba61eb43c0440a","src/parser.rs":"85455f40700f2598cc2adf4629d11edc3b0022ce66bb9bf35010b9f7a7d6031f","src/table.rs":"1f391d9074c7a0a1284f768178b9ebfebe2a059a593fd1679d13cf5b6135a39a"},"package":"5430cacd7a1f9a02fbeb350dfc81a0e5ed42d81f3398cb0ba184017f85bdcfbc"} \ No newline at end of file diff --git a/vendor/http-auth/CHANGELOG.md b/vendor/http-auth/CHANGELOG.md index 8aaf39ed8..0b06796c7 100644 --- a/vendor/http-auth/CHANGELOG.md +++ b/vendor/http-auth/CHANGELOG.md @@ -1,4 +1,13 @@ -## `v0.1.6` (2021-05-02) +## `v0.1.8` (2023-01-30) + +* upgrade `base64` dependency from 0.20 to 0.21. + +## `v0.1.7` (2023-01-05) + +* bump minimum Rust version to 1.57. +* upgrade `base64` dependency from 0.13 to 0.20. + +## `v0.1.6` (2022-05-02) * upgrade `digest`, `md5`, and `sha2` dependencies. diff --git a/vendor/http-auth/Cargo.lock b/vendor/http-auth/Cargo.lock index 3f6855440..80be9a1d6 100644 --- a/vendor/http-auth/Cargo.lock +++ b/vendor/http-auth/Cargo.lock @@ -13,15 +13,15 @@ dependencies = [ [[package]] name = "autocfg" -version = "1.0.1" +version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a" +checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" [[package]] name = "base64" -version = "0.13.0" +version = "0.21.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "904dfeac50f3cdaba28fc6f57fdcddb75f49ed61346676a78c4ffe55877802fd" +checksum = "a4a4ddaa51a5bc52a6948f74c06d20aaaddb71924eab79b8c97a8c556e942d6a" [[package]] name = "bitflags" @@ -229,14 +229,14 @@ checksum = "7fcd999463524c52659517fe2cea98493cfe485d10565e7b0fb07dbba7ad2753" dependencies = [ "cfg-if", "libc", - "wasi", + "wasi 0.10.2+wasi-snapshot-preview1", ] [[package]] name = "h2" -version = "0.3.7" +version = "0.3.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7fd819562fcebdac5afc5c113c3ec36f902840b70fd4fc458799c8ce4607ae55" +checksum = "5f9f29bc9dda355256b2916cf526ab02ce0aeaaaf2bad60d65ef3f12f11dd0f4" dependencies = [ "bytes", "fnv", @@ -280,12 +280,12 @@ checksum = "1323096b05d41827dadeaee54c9981958c0f94e670bc94ed80037d1a7b8b186b" dependencies = [ "bytes", "fnv", - "itoa", + "itoa 0.4.8", ] [[package]] name = "http-auth" -version = "0.1.6" +version = "0.1.8" dependencies = [ "base64", "digest", @@ -313,9 +313,9 @@ dependencies = [ [[package]] name = "httparse" -version = "1.5.1" +version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "acd94fdbe1d4ff688b67b04eee2e17bd50995534a61539e45adfefb45e5e5503" +checksum = "d897f394bad6a705d5f4104762e116a75639e470d80901eed05a860a95cb1904" [[package]] name = "httpdate" @@ -325,9 +325,9 @@ checksum = "c4a1e36c821dbe04574f602848a19f742f4fb3c98d40449f11bcad18d6b17421" [[package]] name = "hyper" -version = "0.14.15" +version = "0.14.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "436ec0091e4f20e655156a30a0df3770fe2900aa301e548e08446ec794b6953c" +checksum = "034711faac9d2166cb1baf1a2fb0b60b1f277f8492fd72176c17f3515e1abd3c" dependencies = [ "bytes", "futures-channel", @@ -338,7 +338,7 @@ dependencies = [ "http-body", "httparse", "httpdate", - "itoa", + "itoa 1.0.5", "pin-project-lite", "socket2", "tokio", @@ -393,6 +393,12 @@ version = "0.4.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b71991ff56294aa922b450139ee08b3bfc70982c6b2c7562771375cf73542dd4" +[[package]] +name = "itoa" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fad582f4b9e86b6caa621cabeb0963332d92eea04729ab12892c2533951e6440" + [[package]] name = "js-sys" version = "0.3.55" @@ -410,9 +416,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.108" +version = "0.2.139" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8521a1b57e76b1ec69af7599e75e38e7b7fad6610f037db8c79b127201b5d119" +checksum = "201de327520df007757c1f0adce6e827fe8562fbc28bfd9c15571c66ca1f5f79" [[package]] name = "log" @@ -452,31 +458,21 @@ checksum = "2a60c7ce501c71e03a9c9c0d35b861413ae925bd979cc7a4e30d060069aaac8d" [[package]] name = "mio" -version = "0.7.14" +version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8067b404fe97c70829f082dec8bcf4f71225d7eaea1d8645349cb76fa06205cc" +checksum = "e5d732bc30207a6423068df043e3d02e0735b155ad7ce1a6f76fe2baa5b158de" dependencies = [ "libc", "log", - "miow", - "ntapi", - "winapi", -] - -[[package]] -name = "miow" -version = "0.3.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b9f1c5b025cda876f66ef43a113f91ebc9f4ccef34843000e0adf6ebbab84e21" -dependencies = [ - "winapi", + "wasi 0.11.0+wasi-snapshot-preview1", + "windows-sys", ] [[package]] name = "native-tls" -version = "0.2.8" +version = "0.2.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48ba9f7719b5a0f42f338907614285fb5fd70e53858141f69898a1fb7203b24d" +checksum = "07226173c32f2926027b63cce4bcd8076c3552846cbe7925f3aaffeac0a3b92e" dependencies = [ "lazy_static", "libc", @@ -490,15 +486,6 @@ dependencies = [ "tempfile", ] -[[package]] -name = "ntapi" -version = "0.3.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3f6bb902e437b6d86e03cce10a7e2af662292c5dfef23b65899ea3ac9354ad44" -dependencies = [ - "winapi", -] - [[package]] name = "num_cpus" version = "1.13.0" @@ -677,25 +664,26 @@ dependencies = [ [[package]] name = "reqwest" -version = "0.11.7" +version = "0.11.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "07bea77bc708afa10e59905c3d4af7c8fd43c9214251673095ff8b14345fcbc5" +checksum = "21eed90ec8570952d53b772ecf8f206aa1ec9a3d76b2521c56c42973f2d91ee9" dependencies = [ "base64", "bytes", "encoding_rs", "futures-core", "futures-util", + "h2", "http", "http-body", "hyper", "hyper-tls", "ipnet", "js-sys", - "lazy_static", "log", "mime", "native-tls", + "once_cell", "percent-encoding", "pin-project-lite", "serde", @@ -703,6 +691,7 @@ dependencies = [ "serde_urlencoded", "tokio", "tokio-native-tls", + "tower-service", "url", "wasm-bindgen", "wasm-bindgen-futures", @@ -761,19 +750,19 @@ version = "1.0.72" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d0ffa0837f2dfa6fb90868c2b5468cad482e175f7dad97e7421951e663f2b527" dependencies = [ - "itoa", + "itoa 0.4.8", "ryu", "serde", ] [[package]] name = "serde_urlencoded" -version = "0.7.0" +version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "edfa57a7f8d9c1d260a549e7224100f6c43d43f9103e06dd8b4095a9b2b43ce9" +checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd" dependencies = [ "form_urlencoded", - "itoa", + "itoa 1.0.5", "ryu", "serde", ] @@ -797,9 +786,9 @@ checksum = "9def91fd1e018fe007022791f865d0ccc9b3a0d5001e01aabb8b40e46000afb5" [[package]] name = "socket2" -version = "0.4.2" +version = "0.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5dc90fe6c7be1a323296982db1836d1ea9e47b6839496dde9a541bc496df3516" +checksum = "02e2d2db9033d13a1567121ddd7a095ee144db4e1ca1b1bda3419bc0da294ebd" dependencies = [ "libc", "winapi", @@ -847,9 +836,9 @@ checksum = "cda74da7e1a664f795bb1f8a87ec406fb89a02522cf6e50620d016add6dbbf5c" [[package]] name = "tokio" -version = "1.14.0" +version = "1.25.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70e992e41e0d2fb9f755b37446f20900f64446ef54874f40a60c78f021ac6144" +checksum = "c8e00990ebabbe4c14c08aca901caed183ecd5c09562a12c824bb53d3c3fd3af" dependencies = [ "autocfg", "bytes", @@ -858,7 +847,8 @@ dependencies = [ "mio", "num_cpus", "pin-project-lite", - "winapi", + "socket2", + "windows-sys", ] [[package]] @@ -873,16 +863,16 @@ dependencies = [ [[package]] name = "tokio-util" -version = "0.6.9" +version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e99e1983e5d376cd8eb4b66604d2e99e79f5bd988c3055891dcd8c9e2604cc0" +checksum = "0bb2e075f03b3d66d8d8785356224ba688d2906a371015e225beeb65ca92c740" dependencies = [ "bytes", "futures-core", "futures-sink", - "log", "pin-project-lite", "tokio", + "tracing", ] [[package]] @@ -984,6 +974,12 @@ version = "0.10.2+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6" +[[package]] +name = "wasi" +version = "0.11.0+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" + [[package]] name = "wasm-bindgen" version = "0.2.78" @@ -1082,11 +1078,68 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" +[[package]] +name = "windows-sys" +version = "0.42.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a3e1820f08b8513f676f7ab6c1f99ff312fb97b553d30ff4dd86f9f15728aa7" +dependencies = [ + "windows_aarch64_gnullvm", + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_gnullvm", + "windows_x86_64_msvc", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.42.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8c9864e83243fdec7fc9c5444389dcbbfd258f745e7853198f365e3c4968a608" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.42.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c8b1b673ffc16c47a9ff48570a9d85e25d265735c503681332589af6253c6c7" + +[[package]] +name = "windows_i686_gnu" +version = "0.42.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "de3887528ad530ba7bdbb1faa8275ec7a1155a45ffa57c37993960277145d640" + +[[package]] +name = "windows_i686_msvc" +version = "0.42.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf4d1122317eddd6ff351aa852118a2418ad4214e6613a50e0191f7004372605" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.42.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c1040f221285e17ebccbc2591ffdc2d44ee1f9186324dd3e84e99ac68d699c45" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.42.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "628bfdf232daa22b0d64fdb62b09fcc36bb01f05a3939e20ab73aaf9470d0463" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.42.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "447660ad36a13288b1db4d4248e857b510e8c3a225c822ba4fb748c0aafecffd" + [[package]] name = "winreg" -version = "0.7.0" +version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0120db82e8a1e0b9fb3345a539c478767c0048d842860994d96113d5b667bd69" +checksum = "80d0f4e272c85def139476380b12f9ac60926689dd2e01d4923222f40580869d" dependencies = [ "winapi", ] diff --git a/vendor/http-auth/Cargo.toml b/vendor/http-auth/Cargo.toml index 8e7f6e17e..5d2607f1d 100644 --- a/vendor/http-auth/Cargo.toml +++ b/vendor/http-auth/Cargo.toml @@ -11,24 +11,39 @@ [package] edition = "2018" +rust-version = "1.57.0" name = "http-auth" -version = "0.1.6" +version = "0.1.8" description = "HTTP authentication: parse challenge lists, respond to Basic and Digest challenges. Likely to be extended with server support and additional auth schemes." readme = "README.md" -keywords = ["http", "authentication", "digest", "basic"] -categories = ["authentication", "parser-implementations", "web-programming::http-client"] +keywords = [ + "http", + "authentication", + "digest", + "basic", +] +categories = [ + "authentication", + "parser-implementations", + "web-programming::http-client", +] license = "MIT/Apache-2.0" repository = "https://github.com/scottlamb/http-auth" resolver = "2" + [package.metadata.docs.rs] +rustdoc-args = [ + "--cfg", + "docsrs", +] all-features = true -rustdoc-args = ["--cfg", "docsrs"] [[example]] name = "reqwest" required-features = ["http"] + [dependencies.base64] -version = "0.13.0" +version = "0.21.0" optional = true [dependencies.digest] @@ -61,6 +76,7 @@ optional = true [dependencies.sha2] version = "0.10" optional = true + [dev-dependencies.pretty_assertions] version = "1.0.0" @@ -70,6 +86,15 @@ features = ["blocking"] [features] basic-scheme = ["base64"] -default = ["basic-scheme", "digest-scheme"] -digest-scheme = ["digest", "hex", "md-5", "rand", "sha2"] +default = [ + "basic-scheme", + "digest-scheme", +] +digest-scheme = [ + "digest", + "hex", + "md-5", + "rand", + "sha2", +] trace = ["log"] diff --git a/vendor/http-auth/README.md b/vendor/http-auth/README.md index b44c5ed15..a7dac1230 100644 --- a/vendor/http-auth/README.md +++ b/vendor/http-auth/README.md @@ -21,8 +21,8 @@ also used by some other protocols such as RTSP. ## Status -Young but well-tested. The API may change to improve ergonomics and -functionality. New functionality is likely to be added. PRs welcome! +Well-tested, suitable for production. The API may change to improve ergonomics +and functionality. New functionality is likely to be added. PRs welcome! ## Goals @@ -30,63 +30,26 @@ In order: 1. **sound.** Currently no `unsafe` blocks in `http-auth` itself. All dependencies are common, trusted crates. -3. **correct.** Precisely implements the specifications except where noted. +2. **correct.** Precisely implements the specifications except where noted. Fuzz tests verify the hand-written parser never panics and matches a nom-based reference implementation. -4. **light-weight.** Minimal dependencies; uses Cargo features so callers can +3. **light-weight.** Minimal dependencies; uses Cargo features so callers can avoid them when undesired. Simple code that minimizes monomorphization bloat. Small data structures; eg `http_auth::DigestClient` currently weighs in at 32 bytes plus one allocation for all string fields. -6. **complete.** Implements both parsing and responding to challenges. +4. **complete.** Implements both parsing and responding to challenges. (Currently only supports the client side and responding to the most common `Basic` and `Digest` schemes; future expansion is likely.) -7. **ergonomic.** Creating a client for responding to a password challenge is +5. **ergonomic.** Creating a client for responding to a password challenge is a one-liner from a string header or a [`http::header::GetAll`](https://docs.rs/http/0.2.5/http/header/struct.GetAll.html). -8. **fast enough.** HTTP authentication is a small part of a real program, and +6. **fast enough.** HTTP authentication is a small part of a real program, and `http-auth`'s CPU usage should never be noticeable. For `Digest`'s cryptographic operations, it uses popular optimized crates. In other respects, `http-auth` is likely at least as efficient as other HTTP authentication crates, although I have no reason to believe their performance is problematic. -## Why a new crate? - -There are at least a couple other available crates relating to HTTP -authentication. You may prefer them. Here's why `http-auth`'s author decided -not to use them. - -### [`www-authenticate`](https://crates.io/crates/www-authenticate) - -* sound: `www-authenticate` has some unsound `transmute`s to static lifetime. - (These likely aren't hard to fix though.) -* light-weight: `www-authenticate` depends on `hyperx` and `unicase`, large - dependencies which many useful programs don't include. -* complete: `www-authenticate` only supports parsing of challenge lists, not - responding to them. - -### [`digest_auth`](https://crates.io/crates/digest_auth) - -* complete: `digest_auth` only supports `Digest`. It can't parse multiple - challenges and will fail if given a list that starts with another scheme. - Thus, if the server follows the advice of - [RFC 7235 section 2.1](https://datatracker.ietf.org/doc/html/rfc7235) and - lists another scheme such as `Basic` first, `digest_auth`'s parsing is - insufficient. - -### `www-authenticate` + `digest_auth` together - -In addition to the `www-authenticate` caveats above, responding to password -challenges by using both `www-authenticate` and `digest_auth` is not complete -and ergonomic. The caller must do extra work: - -* explicitly consider both `Digest` and `Basic`, rather than using the - abstract `http_auth::PasswordClient` that chooses the challenge for you. -* when responding to a `Digest` challenge, construct a matching - `digest_auth::WwwAuthenticateHeader` from the - `www_authenticate::DigestChallenge`. -* when responding to a `Basic` challenge, do the encoding manually. - ## Author Scott Lamb <slamb@slamb.org> diff --git a/vendor/http-auth/build.rs b/vendor/http-auth/build.rs deleted file mode 100644 index 3cedde171..000000000 --- a/vendor/http-auth/build.rs +++ /dev/null @@ -1,136 +0,0 @@ -// Copyright (C) 2021 Scott Lamb -// SPDX-License-Identifier: MIT OR Apache-2.0 - -//! Builds `char_class_table.bin`, a table of byte values to the character -//! classes the respective bytes are part of. Most classes are referenced from -//! [RFC 7235 Appendix B: Imported ABNF](https://datatracker.ietf.org/doc/html/rfc7235#appendix-B) -//! or [RFC 7235 Appendix C: Collected ABNF](https://datatracker.ietf.org/doc/html/rfc7235#appendix-C). - -// Must match lib.rs declaration exactly. -const C_TCHAR: u8 = 1; -const C_QDTEXT: u8 = 2; -const C_ESCAPABLE: u8 = 4; -const C_OWS: u8 = 8; -const C_ATTR: u8 = 16; - -/// Returns if the byte is a `tchar` as defined in -/// [RFC 7230 section 3.2.6](https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.6). -fn is_tchar(b: u8) -> bool { - // tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" - // / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~" - // / DIGIT / ALPHA - // ; any VCHAR, except delimiters - matches!(b, - b'!' - | b'#' - | b'$' - | b'%' - | b'&' - | b'\'' - | b'*' - | b'+' - | b'-' - | b'.' - | b'^' - | b'_' - | b'`' - | b'|' - | b'~' - | b'0'..=b'9' - | b'a'..=b'z' - | b'A'..=b'Z') -} - -/// Returns true if the byte is a valid `qdtext` (excluding `obs-text`), as defined in -/// [RFC 7230 section 3.2.6](https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.6). -/// -/// ```text -/// quoted-string = DQUOTE *( qdtext / quoted-pair ) DQUOTE -/// qdtext = HTAB / SP /%x21 / %x23-5B / %x5D-7E / obs-text -/// obs-text = %x80-FF -/// quoted-pair = "\" ( HTAB / SP / VCHAR / obs-text ) -/// VCHAR = %x21-7E -/// ; visible (printing) characters -/// ``` -fn is_qdtext(b: u8) -> bool { - matches!(b, b'\t' | b' ' | 0x21 | 0x23..=0x5B | 0x5D..=0x7E) -} - -/// Returns true if the byte is a valid end of a `quoted-pair`, as defined in -/// [RFC 7230 section 3.2.6](https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.6). -fn is_escapable(b: u8) -> bool { - matches!(b, b'\t' | b' ' | 0x21..=0x7E | 0x80..=0xFF) -} - -/// Returns true if the byte is a valid `attr-char` as defined in -/// [RFC 5987 section 3.2.1](https://datatracker.ietf.org/doc/html/rfc5987#section-3.2.1). -/// -/// ```text -/// attr-char = ALPHA / DIGIT -/// / "!" / "#" / "$" / "&" / "+" / "-" / "." -/// / "^" / "_" / "`" / "|" / "~" -/// ; token except ( "*" / "'" / "%" ) -/// ``` -fn is_attr(b: u8) -> bool { - matches!(b, - b'a'..=b'z' - | b'A'..=b'Z' - | b'0'..=b'9' - | b'!' - | b'#' - | b'$' - | b'&' - | b'+' - | b'-' - | b'.' - | b'^' - | b'_' - | b'`' - | b'|' - | b'~') -} - -/// Returns true if the byte is valid optional whitespace as in [RFC 7230 section -/// 3.2.3](https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.3). -/// -/// ```text -/// OWS = *( SP / HTAB ) -/// ; optional whitespace -/// ``` -fn is_ows(b: u8) -> bool { - matches!(b, b' ' | b'\t') -} - -fn main() { - // This build script depends only on itself. - // https://doc.rust-lang.org/cargo/reference/build-scripts.html#cargorerun-if-changedpath - println!("cargo:rerun-if-changed=build.rs"); - - let mut table = [0u8; 128]; - for (i, e) in table.iter_mut().enumerate() { - let b = i as u8; - let mut classes = 0; - if is_tchar(b) { - classes |= C_TCHAR; - } - if is_qdtext(b) { - classes |= C_QDTEXT; - } - if is_escapable(b) { - classes |= C_ESCAPABLE; - } - if is_ows(b) { - classes |= C_OWS; - } - if is_attr(b) { - classes |= C_ATTR; - } - *e = classes; - } - - let mut out_path = std::path::PathBuf::new(); - let out_dir = std::env::var("OUT_DIR").unwrap(); - out_path.push(out_dir); - out_path.push("char_class_table.bin"); - std::fs::write(&out_path, table).unwrap(); -} diff --git a/vendor/http-auth/design/20211020-new-crate.md b/vendor/http-auth/design/20211020-new-crate.md new file mode 100644 index 000000000..e219ee3e2 --- /dev/null +++ b/vendor/http-auth/design/20211020-new-crate.md @@ -0,0 +1,57 @@ +# Write a new HTTP authentication crate + +Date: 2022-10-20 + +# Problem statement + +I'd like a crate for HTTP authentication that has the following goals +(described more in [`http-auth`'s README](../README.md)): + +1. sound +2. correct +3. light-weight +4. complete +5. ergonomic +6. fast enough + +## Considered options + +* Write a new crate +* Use/extend an existing crate + +The existing crates don't seem to match these goals partially well: + +### [`www-authenticate`](https://crates.io/crates/www-authenticate) + +* sound: `www-authenticate` has some unsound `transmute`s to static lifetime. + (These likely aren't hard to fix though.) +* light-weight: `www-authenticate` depends on `hyperx` and `unicase`, large + dependencies which many useful programs don't include. +* complete: `www-authenticate` only supports parsing of challenge lists, not + responding to them. + +### [`digest_auth`](https://crates.io/crates/digest_auth) + +* complete: `digest_auth` only supports `Digest`. It can't parse multiple + challenges and will fail if given a list that starts with another scheme. + Thus, if the server follows the advice of + [RFC 7235 section 2.1](https://datatracker.ietf.org/doc/html/rfc7235) and + lists another scheme such as `Basic` first, `digest_auth`'s parsing is + insufficient. + +### `www-authenticate` + `digest_auth` together + +In addition to the "sound" and "light-weight" `www-authenticate` caveats above, +responding to password challenges by using both `www-authenticate` and +`digest_auth` is still incomplete and not ergonomic. The caller must do extra work: + +* explicitly consider both `Digest` and `Basic`, rather than using the + abstract `http_auth::PasswordClient` that chooses the challenge for you. +* when responding to a `Digest` challenge, construct a matching + `digest_auth::WwwAuthenticateHeader` from the + `www_authenticate::DigestChallenge`. +* when responding to a `Basic` challenge, do the encoding manually. + +## Decision Outcome + +Write the new `http-auth` crate. diff --git a/vendor/http-auth/design/README.md b/vendor/http-auth/design/README.md new file mode 100644 index 000000000..3fd143f1d --- /dev/null +++ b/vendor/http-auth/design/README.md @@ -0,0 +1 @@ +This directory records design decisions, in the [ADR style](https://adr.github.io/). diff --git a/vendor/http-auth/src/basic.rs b/vendor/http-auth/src/basic.rs index d8e94ab65..14873c8e3 100644 --- a/vendor/http-auth/src/basic.rs +++ b/vendor/http-auth/src/basic.rs @@ -28,11 +28,12 @@ use crate::ChallengeRef; /// "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==", /// ); pub fn encode_credentials(username: &str, password: &str) -> String { + use base64::Engine as _; let user_pass = format!("{}:{}", username, password); const PREFIX: &str = "Basic "; let mut value = String::with_capacity(PREFIX.len() + base64_encoded_len(user_pass.len())); value.push_str(PREFIX); - base64::encode_config_buf(&user_pass[..], base64::STANDARD, &mut value); + base64::engine::general_purpose::STANDARD.encode_string(&user_pass[..], &mut value); value } @@ -53,7 +54,7 @@ pub struct BasicClient { impl BasicClient { pub fn realm(&self) -> &str { - &*self.realm + &self.realm } /// Responds to the challenge with the supplied parameters. diff --git a/vendor/http-auth/src/lib.rs b/vendor/http-auth/src/lib.rs index 13a657ebb..59f7f665f 100644 --- a/vendor/http-auth/src/lib.rs +++ b/vendor/http-auth/src/lib.rs @@ -85,6 +85,8 @@ pub mod basic; #[cfg_attr(docsrs, doc(cfg(feature = "digest-scheme")))] pub mod digest; +mod table; + pub use parser::ChallengeParser; #[cfg(feature = "basic-scheme")] @@ -95,21 +97,10 @@ pub use crate::basic::BasicClient; #[cfg_attr(docsrs, doc(cfg(feature = "digest-scheme")))] pub use crate::digest::DigestClient; -// Must match build.rs exactly. -const C_TCHAR: u8 = 1; -const C_QDTEXT: u8 = 2; -const C_ESCAPABLE: u8 = 4; -const C_OWS: u8 = 8; - -#[cfg_attr(not(feature = "digest-scheme"), allow(unused))] -const C_ATTR: u8 = 16; +use crate::table::{char_classes, C_ESCAPABLE, C_OWS, C_QDTEXT, C_TCHAR}; -/// Returns a bitmask of `C_*` values indicating character classes. -fn char_classes(b: u8) -> u8 { - // This table is built by build.rs. - const TABLE: &[u8; 128] = include_bytes!(concat!(env!("OUT_DIR"), "/char_class_table.bin")); - *TABLE.get(usize::from(b)).unwrap_or(&0) -} +#[cfg(feature = "digest-scheme")] +use crate::table::C_ATTR; /// Parsed challenge (scheme and body) using references to the original header value. /// Produced by [`crate::parser::ChallengeParser`]. @@ -160,9 +151,7 @@ struct ParamsPrinter<'i>(&'i [ChallengeParamRef<'i>]); impl<'i> std::fmt::Debug for ParamsPrinter<'i> { fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { - f.debug_map() - .entries(self.0.iter().map(|&(ref k, ref v)| (k, v))) - .finish() + f.debug_map().entries(self.0.iter().copied()).finish() } } diff --git a/vendor/http-auth/src/parser.rs b/vendor/http-auth/src/parser.rs index a6eedf5b0..4c3aad7b8 100644 --- a/vendor/http-auth/src/parser.rs +++ b/vendor/http-auth/src/parser.rs @@ -127,7 +127,7 @@ impl<'i> Display for Error<'i> { "{} at byte {}: {:?}", self.error, self.pos, - format!( + format_args!( "{}(HERE-->){}", &self.input[..self.pos], &self.input[self.pos..] diff --git a/vendor/http-auth/src/table.rs b/vendor/http-auth/src/table.rs new file mode 100644 index 000000000..64a05d8b4 --- /dev/null +++ b/vendor/http-auth/src/table.rs @@ -0,0 +1,135 @@ +// Copyright (C) 2021 Scott Lamb +// SPDX-License-Identifier: MIT OR Apache-2.0 + +//! Builds and offers lookup on a table of byte values to the character +//! classes the respective bytes are part of. Most classes are referenced from +//! [RFC 7235 Appendix B: Imported ABNF](https://datatracker.ietf.org/doc/html/rfc7235#appendix-B) +//! or [RFC 7235 Appendix C: Collected ABNF](https://datatracker.ietf.org/doc/html/rfc7235#appendix-C). + +pub(crate) const C_TCHAR: u8 = 1; +pub(crate) const C_QDTEXT: u8 = 2; +pub(crate) const C_ESCAPABLE: u8 = 4; +pub(crate) const C_OWS: u8 = 8; +pub(crate) const C_ATTR: u8 = 16; + +static TABLE: [u8; 128] = build_table(); + +pub(crate) fn char_classes(b: u8) -> u8 { + *TABLE.get(usize::from(b)).unwrap_or(&0) +} + +const fn build_table() -> [u8; 128] { + // It'd be nice to use array::from_fn here, but it wasn't stablized until Rust 1.63. + let mut table = [0u8; 128]; + let mut i = 0; + while i < 128 { + let b = i as u8; + let mut classes = 0; + if is_tchar(b) { + classes |= C_TCHAR; + } + if is_qdtext(b) { + classes |= C_QDTEXT; + } + if is_escapable(b) { + classes |= C_ESCAPABLE; + } + if is_ows(b) { + classes |= C_OWS; + } + if is_attr(b) { + classes |= C_ATTR; + } + table[i] = classes; + i += 1; + } + table +} + +/// Returns if the byte is a `tchar` as defined in +/// [RFC 7230 section 3.2.6](https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.6). +const fn is_tchar(b: u8) -> bool { + // tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" + // / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~" + // / DIGIT / ALPHA + // ; any VCHAR, except delimiters + matches!(b, + b'!' + | b'#' + | b'$' + | b'%' + | b'&' + | b'\'' + | b'*' + | b'+' + | b'-' + | b'.' + | b'^' + | b'_' + | b'`' + | b'|' + | b'~' + | b'0'..=b'9' + | b'a'..=b'z' + | b'A'..=b'Z') +} + +/// Returns true if the byte is a valid `qdtext` (excluding `obs-text`), as defined in +/// [RFC 7230 section 3.2.6](https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.6). +/// +/// ```text +/// quoted-string = DQUOTE *( qdtext / quoted-pair ) DQUOTE +/// qdtext = HTAB / SP /%x21 / %x23-5B / %x5D-7E / obs-text +/// obs-text = %x80-FF +/// quoted-pair = "\" ( HTAB / SP / VCHAR / obs-text ) +/// VCHAR = %x21-7E +/// ; visible (printing) characters +/// ``` +const fn is_qdtext(b: u8) -> bool { + matches!(b, b'\t' | b' ' | 0x21 | 0x23..=0x5B | 0x5D..=0x7E) +} + +/// Returns true if the byte is a valid end of a `quoted-pair`, as defined in +/// [RFC 7230 section 3.2.6](https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.6). +const fn is_escapable(b: u8) -> bool { + matches!(b, b'\t' | b' ' | 0x21..=0x7E | 0x80..=0xFF) +} + +/// Returns true if the byte is a valid `attr-char` as defined in +/// [RFC 5987 section 3.2.1](https://datatracker.ietf.org/doc/html/rfc5987#section-3.2.1). +/// +/// ```text +/// attr-char = ALPHA / DIGIT +/// / "!" / "#" / "$" / "&" / "+" / "-" / "." +/// / "^" / "_" / "`" / "|" / "~" +/// ; token except ( "*" / "'" / "%" ) +/// ``` +const fn is_attr(b: u8) -> bool { + matches!(b, + b'a'..=b'z' + | b'A'..=b'Z' + | b'0'..=b'9' + | b'!' + | b'#' + | b'$' + | b'&' + | b'+' + | b'-' + | b'.' + | b'^' + | b'_' + | b'`' + | b'|' + | b'~') +} + +/// Returns true if the byte is valid optional whitespace as in [RFC 7230 section +/// 3.2.3](https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.3). +/// +/// ```text +/// OWS = *( SP / HTAB ) +/// ; optional whitespace +/// ``` +const fn is_ows(b: u8) -> bool { + matches!(b, b' ' | b'\t') +} -- cgit v1.2.3