X-Git-Url: http://git.archive.openwrt.org/?p=project%2Fuhttpd.git;a=blobdiff_plain;f=auth.c;h=69ccf468334d5d15264d5dc0793233020f7f5971;hp=da7263f7120e0daab393d56d9a88a69f4ef3fb8b;hb=ccd9717ba5d501b45fda957f0ea41c4660ef414c;hpb=5ddf71b3638788f8d1dd1d312ec79acfac7f3e74

diff --git a/auth.c b/auth.c
index da7263f..69ccf46 100644
--- a/auth.c
+++ b/auth.c
@@ -1,22 +1,28 @@
 /*
  * uhttpd - Tiny single-threaded httpd
  *
- *   Copyright (C) 2010-2012 Jo-Philipp Wich <xm@subsignal.org>
- *   Copyright (C) 2012 Felix Fietkau <nbd@openwrt.org>
+ *   Copyright (C) 2010-2013 Jo-Philipp Wich <xm@subsignal.org>
+ *   Copyright (C) 2013 Felix Fietkau <nbd@openwrt.org>
  *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
+#define _GNU_SOURCE
+#define _XOPEN_SOURCE	700
+#include <strings.h>
+#ifdef HAVE_SHADOW
+#include <shadow.h>
+#endif
 #include "uhttpd.h"
 
 static LIST_HEAD(auth_realms);
@@ -26,6 +32,7 @@ void uh_auth_add(const char *path, const char *user, const char *pass)
 	struct auth_realm *new = NULL;
 	struct passwd *pwd;
 	const char *new_pass = NULL;
+	char *dest_path, *dest_user, *dest_pass;
 
 #ifdef HAVE_SHADOW
 	struct spwd *spwd;
@@ -52,12 +59,91 @@ void uh_auth_add(const char *path, const char *user, const char *pass)
 	if (!new_pass || !new_pass[0])
 		return;
 
-	new = calloc(1, sizeof(*new));
+	new = calloc_a(sizeof(*new),
+		&dest_path, strlen(path) + 1,
+		&dest_user, strlen(user) + 1,
+		&dest_pass, strlen(new_pass) + 1);
+
 	if (!new)
 		return;
 
-	snprintf(new->path, sizeof(new->path), "%s", path);
-	snprintf(new->user, sizeof(new->user), "%s", user);
-	snprintf(new->pass, sizeof(new->user), "%s", new_pass);
+	new->path = strcpy(dest_path, path);
+	new->user = strcpy(dest_user, user);
+	new->pass = strcpy(dest_pass, new_pass);
 	list_add(&new->list, &auth_realms);
 }
+
+bool uh_auth_check(struct client *cl, const char *path, const char *auth,
+                   char **uptr, char **pptr)
+{
+	struct http_request *req = &cl->request;
+	struct auth_realm *realm;
+	bool user_match = false;
+	char *user = NULL;
+	char *pass = NULL;
+	int plen;
+
+	if (uptr)
+		*uptr = NULL;
+
+	if (pptr)
+		*pptr = NULL;
+
+	if (auth && !strncasecmp(auth, "Basic ", 6)) {
+		auth += 6;
+
+		uh_b64decode(uh_buf, sizeof(uh_buf), auth, strlen(auth));
+		pass = strchr(uh_buf, ':');
+		if (pass) {
+			user = uh_buf;
+			*pass++ = 0;
+		}
+	}
+
+	req->realm = NULL;
+	plen = strlen(path);
+	list_for_each_entry(realm, &auth_realms, list) {
+		int rlen = strlen(realm->path);
+
+		if (plen < rlen)
+			continue;
+
+		if (strncasecmp(path, realm->path, rlen) != 0)
+			continue;
+
+		req->realm = realm;
+		if (!user)
+			break;
+
+		if (strcmp(user, realm->user) != 0)
+			continue;
+
+		user_match = true;
+		break;
+	}
+
+	if (!req->realm)
+		return true;
+
+	if (user_match &&
+	    (!strcmp(pass, realm->pass) ||
+	     !strcmp(crypt(pass, realm->pass), realm->pass))) {
+		if (uptr)
+			*uptr = user;
+
+		if (pptr)
+			*pptr = pass;
+
+		return true;
+	}
+
+	uh_http_header(cl, 401, "Authorization Required");
+	ustream_printf(cl->us,
+				  "WWW-Authenticate: Basic realm=\"%s\"\r\n"
+				  "Content-Type: text/plain\r\n\r\n",
+				  conf.realm);
+	uh_chunk_printf(cl, "Authorization Required\n");
+	uh_request_done(cl);
+
+	return false;
+}