+static char uh_realms[UH_LIMIT_AUTHREALMS * sizeof(struct auth_realm)] = { 0 };
+static int uh_realm_count = 0;
+
+struct auth_realm * uh_auth_add(
+ char *path, char *realm, char *user, char *pass
+) {
+ struct auth_realm *new = NULL;
+ struct passwd *pwd;
+ struct spwd *spwd;
+
+ if( uh_realm_count < UH_LIMIT_AUTHREALMS )
+ {
+ new = (struct auth_realm *)
+ &uh_realms[uh_realm_count * sizeof(struct auth_realm)];
+
+ memset(new, 0, sizeof(struct auth_realm));
+
+ memcpy(new->realm, realm,
+ min(strlen(realm), sizeof(new->realm) - 1));
+
+ memcpy(new->path, path,
+ min(strlen(path), sizeof(new->path) - 1));
+
+ memcpy(new->user, user,
+ min(strlen(user), sizeof(new->user) - 1));
+
+ /* given password refers to a passwd entry */
+ if( (strlen(pass) > 3) && !strncmp(pass, "$p$", 3) )
+ {
+ /* try to resolve shadow entry */
+ if( ((spwd = getspnam(&pass[3])) != NULL) && spwd->sp_pwdp )
+ {
+ memcpy(new->pass, spwd->sp_pwdp,
+ min(strlen(spwd->sp_pwdp), sizeof(new->pass) - 1));
+ }
+
+ /* try to resolve passwd entry */
+ else if( ((pwd = getpwnam(&pass[3])) != NULL) && pwd->pw_passwd &&
+ (pwd->pw_passwd[0] != '!') && (pwd->pw_passwd[0] != 0)
+ ) {
+ memcpy(new->pass, pwd->pw_passwd,
+ min(strlen(pwd->pw_passwd), sizeof(new->pass) - 1));
+ }
+ }
+
+ /* ordinary pwd */
+ else
+ {
+ memcpy(new->pass, pass,
+ min(strlen(pass), sizeof(new->pass) - 1));
+ }
+
+ uh_realm_count++;
+ }
+
+ return new;
+}
+
+int uh_auth_check(
+ struct client *cl, struct http_request *req, struct path_info *pi
+) {
+ int i, plen, rlen, protected;
+ char buffer[UH_LIMIT_MSGHEAD];
+ char *user = NULL;
+ char *pass = NULL;
+
+ struct auth_realm *realm = NULL;
+
+ plen = strlen(pi->name);
+ protected = 0;
+
+ /* check whether at least one realm covers the requested url */
+ for( i = 0; i < uh_realm_count; i++ )
+ {
+ realm = (struct auth_realm *)
+ &uh_realms[i * sizeof(struct auth_realm)];
+
+ rlen = strlen(realm->path);
+
+ if( (plen >= rlen) && !strncasecmp(pi->name, realm->path, rlen) )
+ {
+ req->realm = realm;
+ protected = 1;
+ break;
+ }
+ }
+
+ /* requested resource is covered by a realm */
+ if( protected )
+ {
+ /* try to get client auth info */
+ foreach_header(i, req->headers)
+ {
+ if( !strcasecmp(req->headers[i], "Authorization") &&
+ (strlen(req->headers[i+1]) > 6) &&
+ !strncasecmp(req->headers[i+1], "Basic ", 6)
+ ) {
+ memset(buffer, 0, sizeof(buffer));
+ uh_b64decode(buffer, sizeof(buffer) - 1,
+ (unsigned char *) &req->headers[i+1][6],
+ strlen(req->headers[i+1]) - 6);
+
+ if( (pass = strchr(buffer, ':')) != NULL )
+ {
+ user = buffer;
+ *pass++ = 0;
+ }
+
+ break;
+ }
+ }
+
+ /* have client auth */
+ if( user && pass )
+ {
+ /* find matching realm */
+ for( i = 0, realm = NULL; i < uh_realm_count; i++ )
+ {
+ realm = (struct auth_realm *)
+ &uh_realms[i * sizeof(struct auth_realm)];
+
+ rlen = strlen(realm->path);
+
+ if( (plen >= rlen) &&
+ !strncasecmp(pi->name, realm->path, rlen) &&
+ !strcmp(user, realm->user)
+ ) {
+ req->realm = realm;
+ break;
+ }
+
+ realm = NULL;
+ }
+
+ /* found a realm matching the username */
+ if( realm )
+ {
+ /* is a crypt passwd */
+ if( realm->pass[0] == '$' )
+ pass = crypt(pass, realm->pass);
+
+ /* check user pass */
+ if( !strcmp(pass, realm->pass) )
+ return 1;
+ }
+ }
+
+ /* 401 */
+ uh_http_sendf(cl, NULL,
+ "HTTP/%.1f 401 Authorization Required\r\n"
+ "WWW-Authenticate: Basic realm=\"%s\"\r\n"
+ "Content-Type: text/plain\r\n"
+ "Content-Length: 23\r\n\r\n"
+ "Authorization Required\n",
+ req->version, realm ? realm->realm : ""
+ );
+
+ return 0;
+ }
+
+ return 1;
+}
+
+