Make digest auth support conditional (issue #232)

When libmicrohttpd is built with --disable-dauth, the digest auth
functions (MHD_digest_auth_get_username, MHD_digest_auth_check,
MHD_queue_auth_fail_response) are not available, causing linker errors.

This change detects digest auth availability at configure time and
conditionally compiles the digest auth code, following the existing
pattern used for GnuTLS support.

Changes:
- Add AC_CHECK_LIB detection for MHD_queue_auth_fail_response
- Add HAVE_DAUTH preprocessor flag when digest auth is available
- Wrap digest auth code in #ifdef HAVE_DAUTH guards
- Show digest auth status in configure summary

Author: etr

.github/workflows/verify-build.yml

@@ -248,6 +248,18 @@ jobs:
             debug: nodebug
             coverage: nocoverage
             shell: bash
+          # Test build without digest auth support (issue #232)
+          - test-group: extra
+            os: ubuntu-latest
+            os-type: ubuntu
+            build-type: no-dauth
+            compiler-family: gcc
+            c-compiler: gcc
+            cc-compiler: g++
+            debug: nodebug
+            coverage: nocoverage
+            linking: dynamic
+            shell: bash
           - test-group: extra
             os: ubuntu-latest
             os-type: ubuntu
@@ -467,7 +479,7 @@ jobs:
       with:
         path: libmicrohttpd-0.9.77
         key: ${{ matrix.os }}-${{ matrix.c-compiler }}-libmicrohttpd-0.9.77-pre-built
-      if: ${{ matrix.os-type != 'windows' }}
+      if: ${{ matrix.os-type != 'windows' && matrix.build-type != 'no-dauth' }}
 
     - name: Build libmicrohttpd dependency (if not cached)
       run: |
@@ -476,12 +488,31 @@ jobs:
         cd libmicrohttpd-0.9.77 ;
         ./configure --disable-examples ;
         make ;
-      if: ${{ matrix.os-type != 'windows' && steps.cache-libmicrohttpd.outputs.cache-hit != 'true' }}
+      if: ${{ matrix.os-type != 'windows' && matrix.build-type != 'no-dauth' && steps.cache-libmicrohttpd.outputs.cache-hit != 'true' }}
+
+    - name: Build libmicrohttpd without digest auth (no-dauth test)
+      run: |
+        curl https://s3.amazonaws.com/libhttpserver/libmicrohttpd_releases/libmicrohttpd-0.9.77.tar.gz -o libmicrohttpd-0.9.77.tar.gz ;
+        tar -xzf libmicrohttpd-0.9.77.tar.gz ;
+        cd libmicrohttpd-0.9.77 ;
+        ./configure --disable-examples --disable-dauth ;
+        make ;
+      if: ${{ matrix.build-type == 'no-dauth' }}
 
     - name: Install libmicrohttpd
       run: cd libmicrohttpd-0.9.77 ; sudo make install ;
       if: ${{ matrix.os-type != 'windows' }}
 
+    - name: Verify digest auth is disabled (no-dauth test)
+      run: |
+        # Verify that MHD_queue_auth_fail_response is NOT present in libmicrohttpd
+        if nm /usr/local/lib/libmicrohttpd.so 2>/dev/null | grep -q MHD_queue_auth_fail_response; then
+          echo "ERROR: libmicrohttpd was built WITH digest auth support" ;
+          exit 1 ;
+        fi
+        echo "Verified: libmicrohttpd built without digest auth support" ;
+      if: ${{ matrix.build-type == 'no-dauth' }}
+
     - name: Build and install libmicrohttpd (Windows)
       if: ${{ matrix.os-type == 'windows' }}
       run: |
@@ -532,6 +563,18 @@ jobs:
           ../configure --disable-fastopen;
         fi
 
+    - name: Verify libhttpserver detected no digest auth (no-dauth test)
+      run: |
+        cd build ;
+        if grep -q "Digest Auth.*:.*no" config.log; then
+          echo "Verified: libhttpserver correctly detected digest auth is disabled" ;
+        else
+          echo "ERROR: libhttpserver did not detect that digest auth is disabled" ;
+          grep "Digest Auth" config.log || echo "Digest Auth line not found" ;
+          exit 1 ;
+        fi
+      if: ${{ matrix.build-type == 'no-dauth' }}
+
     - name: Print config.log
       shell: bash
       run: |

configure.ac

@@ -149,6 +149,11 @@ fi
 AM_CONDITIONAL([COND_CROSS_COMPILE],[test x"$cond_cross_compile" = x"yes"])
 AC_SUBST(COND_CROSS_COMPILE)
 
+# Check for digest auth support in libmicrohttpd
+AC_CHECK_LIB([microhttpd], [MHD_queue_auth_fail_response],
+    [have_dauth="yes"],
+    [have_dauth="no"; AC_MSG_WARN("libmicrohttpd digest auth support not found. Digest auth will be disabled")])
+
 AC_MSG_CHECKING([whether to build with TCP_FASTOPEN support])
 AC_ARG_ENABLE([fastopen],
     [AS_HELP_STRING([--enable-fastopen],
@@ -259,6 +264,13 @@ fi
 
 AM_CONDITIONAL([HAVE_GNUTLS],[test x"$have_gnutls" = x"yes"])
 
+if test x"$have_dauth" = x"yes"; then
+    AM_CXXFLAGS="$AM_CXXFLAGS -DHAVE_DAUTH"
+    AM_CFLAGS="$AM_CXXFLAGS -DHAVE_DAUTH"
+fi
+
+AM_CONDITIONAL([HAVE_DAUTH],[test x"$have_dauth" = x"yes"])
+
 DX_HTML_FEATURE(ON)
 DX_CHM_FEATURE(OFF)
 DX_CHI_FEATURE(OFF)
@@ -309,6 +321,7 @@ AC_MSG_NOTICE([Configuration Summary:
   License         :  LGPL only
   Debug	          :  ${debugit}
   TLS Enabled     :  ${have_gnutls}
+  Digest Auth     :  ${have_dauth}
   TCP_FASTOPEN    :  ${is_fastopen_supported}
   Static          :  ${static}
   Windows build   :  ${is_windows}

src/digest_auth_fail_response.cpp

@@ -18,6 +18,8 @@
      USA
 */
 
+#ifdef HAVE_DAUTH
+
 #include "httpserver/digest_auth_fail_response.hpp"
 #include <microhttpd.h>
 #include <iosfwd>
@@ -32,3 +34,5 @@ int digest_auth_fail_response::enqueue_response(MHD_Connection* connection, MHD_
 }
 
 }  // namespace httpserver
+
+#endif  // HAVE_DAUTH

src/http_request.cpp

@@ -42,6 +42,7 @@ void http_request::set_method(const std::string& method) {
     this->method = string_utilities::to_upper_copy(method);
 }
 
+#ifdef HAVE_DAUTH
 bool http_request::check_digest_auth(const std::string& realm, const std::string& password, int nonce_timeout, bool* reload_nonce) const {
     std::string_view digested_user = get_digested_user();
 
@@ -57,6 +58,7 @@ bool http_request::check_digest_auth(const std::string& realm, const std::string
     *reload_nonce = false;
     return true;
 }
+#endif  // HAVE_DAUTH
 
 std::string_view http_request::get_connection_value(std::string_view key, enum MHD_ValueKind kind) const {
     const char* header_c = MHD_lookup_connection_value(underlying_connection, kind, key.data());
@@ -257,6 +259,7 @@ std::string_view http_request::get_pass() const {
     return cache->password;
 }
 
+#ifdef HAVE_DAUTH
 std::string_view http_request::get_digested_user() const {
     if (!cache->digested_user.empty()) {
         return cache->digested_user;
@@ -272,6 +275,7 @@ std::string_view http_request::get_digested_user() const {
 
     return cache->digested_user;
 }
+#endif  // HAVE_DAUTH
 
 #ifdef HAVE_GNUTLS
 bool http_request::has_tls_session() const {

src/httpserver.hpp

@@ -29,7 +29,9 @@
 
 #include "httpserver/basic_auth_fail_response.hpp"
 #include "httpserver/deferred_response.hpp"
+#ifdef HAVE_DAUTH
 #include "httpserver/digest_auth_fail_response.hpp"
+#endif  // HAVE_DAUTH
 #include "httpserver/file_response.hpp"
 #include "httpserver/http_arg_value.hpp"
 #include "httpserver/http_request.hpp"

src/httpserver/digest_auth_fail_response.hpp

@@ -25,6 +25,8 @@
 #ifndef SRC_HTTPSERVER_DIGEST_AUTH_FAIL_RESPONSE_HPP_
 #define SRC_HTTPSERVER_DIGEST_AUTH_FAIL_RESPONSE_HPP_
 
+#ifdef HAVE_DAUTH
+
 #include <string>
 #include "httpserver/http_utils.hpp"
 #include "httpserver/string_response.hpp"
@@ -66,4 +68,6 @@ class digest_auth_fail_response : public string_response {
 
 }  // namespace httpserver
 
+#endif  // HAVE_DAUTH
+
 #endif  // SRC_HTTPSERVER_DIGEST_AUTH_FAIL_RESPONSE_HPP_

src/httpserver/http_request.hpp

@@ -65,11 +65,13 @@ class http_request {
      **/
      std::string_view get_user() const;
 
+#ifdef HAVE_DAUTH
      /**
       * Method used to get the username extracted from a digest authentication
       * @return the username
      **/
      std::string_view get_digested_user() const;
+#endif  // HAVE_DAUTH
 
      /**
       * Method used to get the password eventually passed through basic authentication.
@@ -250,7 +252,9 @@ class http_request {
      **/
      uint16_t get_requestor_port() const;
 
+#ifdef HAVE_DAUTH
      bool check_digest_auth(const std::string& realm, const std::string& password, int nonce_timeout, bool* reload_nonce) const;
+#endif  // HAVE_DAUTH
 
      friend std::ostream &operator<< (std::ostream &os, http_request &r);
 
@@ -412,7 +416,9 @@ class http_request {
         std::string password;
         std::string querystring;
         std::string requestor_ip;
+#ifdef HAVE_DAUTH
         std::string digested_user;
+#endif  // HAVE_DAUTH
         std::map<std::string, std::vector<std::string>, http::arg_comparator> unescaped_args;
 
         bool args_populated = false;

test/integ/authentication.cpp

@@ -44,7 +44,9 @@ using httpserver::webserver;
 using httpserver::create_webserver;
 using httpserver::http_response;
 using httpserver::basic_auth_fail_response;
+#ifdef HAVE_DAUTH
 using httpserver::digest_auth_fail_response;
+#endif  // HAVE_DAUTH
 using httpserver::string_response;
 using httpserver::http_resource;
 using httpserver::http_request;
@@ -74,6 +76,7 @@ class user_pass_resource : public http_resource {
      }
 };
 
+#ifdef HAVE_DAUTH
 class digest_resource : public http_resource {
  public:
      shared_ptr<http_response> render_GET(const http_request& req) {
@@ -88,6 +91,7 @@ class digest_resource : public http_resource {
          return std::make_shared<string_response>("SUCCESS", 200, "text/plain");
      }
 };
+#endif  // HAVE_DAUTH
 
 LT_BEGIN_SUITE(authentication_suite)
     void set_up() {
@@ -150,7 +154,8 @@ LT_END_AUTO_TEST(base_auth_fail)
 //  do not run the digest auth tests on windows as curl
 //  appears to have problems with it.
 //  Will fix this separately
-#ifndef _WINDOWS
+//  Also skip if libmicrohttpd was built without digest auth support
+#if !defined(_WINDOWS) && defined(HAVE_DAUTH)
 
 LT_BEGIN_AUTO_TEST(authentication_suite, digest_auth)
     webserver ws = create_webserver(PORT)