1 files changed, 70 insertions, 43 deletions
diff --git a/src/microhttpd/basicauth.c b/src/microhttpd/basicauth.c
index 9ef26dca..19315d14 100644
--- a/src/microhttpd/basicauth.c
+++ b/src/microhttpd/basicauth.c
@@ -25,6 +25,7 @@
 * @author Karlson2k (Evgeny Grin)
 */
 #include "basicauth.h"
+#include "gen_auth.h"
 #include "platform.h"
 #include "mhd_limits.h"
 #include "internal.h"
@@ -33,76 +34,102 @@
 /**
+ * Get request's Basic Authorisation parameters.
+ * @param connection the connection to process
+ * @return pointer to request Basic Authorisation parameters structure if
+ *         request has such header (allocated in connection's pool),
+ *         NULL otherwise.
+ */
+static const struct MHD_RqBAuth *
+get_rq_bauth_params (struct MHD_Connection *connection)
+{
+  const struct MHD_AuthRqHeader *rq_params;
+  rq_params = MHD_get_auth_rq_params_ (connection);
+  if ( (NULL == rq_params) ||
+       (MHD_AUTHTYPE_BASIC != rq_params->auth_type) )
+    return NULL;
+  return rq_params->params.bauth;
+}
+/**
 * Get the username and password from the basic authorization header sent by the client
 *
 * @param connection The MHD connection structure
- * @param password a pointer for the password
+ * @param[out] password a pointer for the password, free using #MHD_free().
 * @return NULL if no username could be found, a pointer
- *      to the username if found
+ *      to the username if found, free using #MHD_free().
 * @ingroup authentication
 */
 _MHD_EXTERN char *
 MHD_basic_auth_get_username_password (struct MHD_Connection *connection,
                                      char **password)
 {
-  const char *header;
+  const struct MHD_RqBAuth *params;
  char *decode;
+  size_t decode_len;
  const char *separator;
-  char *user;
+  params = get_rq_bauth_params (connection);
-  if ( (MHD_NO == MHD_lookup_connection_value_n (connection,
-                                                 MHD_HEADER_KIND,
+  if (NULL == params)
-                                                 MHD_HTTP_HEADER_AUTHORIZATION,
+    return NULL;
-                                                 MHD_STATICSTR_LEN_ (
-                                                   MHD_HTTP_HEADER_AUTHORIZATION),
+  if ((NULL == params->token68.str) || (0 == params->token68.len))
-                                                 &header,
-                                                 NULL)) ||
-       (0 != strncmp (header,
-                      _MHD_AUTH_BASIC_BASE,
-                      MHD_STATICSTR_LEN_ (_MHD_AUTH_BASIC_BASE))) )
    return NULL;
-  header += MHD_STATICSTR_LEN_ (_MHD_AUTH_BASIC_BASE);
-  if (NULL == (decode = BASE64Decode (header)))
+  decode = BASE64Decode (params->token68.str, params->token68.len, &decode_len);
+  if ((NULL == decode) || (0 == decode_len))
  {
 #ifdef HAVE_MESSAGES
    MHD_DLOG (connection->daemon,
              _ ("Error decoding basic authentication.\n"));
 #endif
+    if (NULL != decode)
+      free (decode);
    return NULL;
  }
  /* Find user:password pattern */
-  if (NULL == (separator = strchr (decode,
+  if (NULL != (separator = memchr (decode,
-                                   ':')))
+                                   ':',
+                                   decode_len)))
  {
-#ifdef HAVE_MESSAGES
+    char *user;
-    MHD_DLOG (connection->daemon,
+    size_t user_len;
-              _ ("Basic authentication doesn't contain ':' separator.\n"));
+    size_t password_len;
-#endif
-    free (decode);
+    user = decode; /* Reuse already allocated buffer */
-    return NULL;
+    user_len = (size_t) (separator - decode);
-  }
+    user[user_len] = 0;
-  if (NULL == (user = strdup (decode)))
-  {
+    if (NULL == password)
-    free (decode);
+      return user;
-    return NULL;
-  }
+    password_len = decode_len - user_len - 1;
-  user[separator - decode] = '\0'; /* cut off at ':' */
+    *password = (char *) malloc (password_len + 1);
-  if (NULL != password)
+    if (NULL != *password)
-  {
-    *password = strdup (separator + 1);
-    if (NULL == *password)
    {
+      if (0 != password_len)
+        memcpy (*password, decode + user_len + 1, password_len);
+      (*password)[password_len] = 0;
+      return user;
+    }
 #ifdef HAVE_MESSAGES
+    else
      MHD_DLOG (connection->daemon,
-                _ ("Failed to allocate memory for password.\n"));
+                _ ("Failed to allocate memory.\n"));
-#endif
+#endif /* HAVE_MESSAGES */
-      free (decode);
-      free (user);
-      return NULL;
-    }
  }
+#ifdef HAVE_MESSAGES
+  else
+    MHD_DLOG (connection->daemon,
+              _ ("Basic authentication doesn't contain ':' separator.\n"));
+#endif
  free (decode);
-  return user;
+  return NULL;
 }

diff --git a/src/microhttpd/basicauth.c b/src/microhttpd/basicauth.c index 9ef26dca..19315d14 100644 --- a/src/microhttpd/basicauth.c +++ b/src/microhttpd/basicauth.c
@@ -25,6 +25,7 @@
25	* @author Karlson2k (Evgeny Grin)	25	* @author Karlson2k (Evgeny Grin)
26	*/	26	*/
27	#include "basicauth.h"	27	#include "basicauth.h"
		28	#include "gen_auth.h"
28	#include "platform.h"	29	#include "platform.h"
29	#include "mhd_limits.h"	30	#include "mhd_limits.h"
30	#include "internal.h"	31	#include "internal.h"
@@ -33,76 +34,102 @@
33		34
34		35
35	/**	36	/**
		37	* Get request's Basic Authorisation parameters.
		38	* @param connection the connection to process
		39	* @return pointer to request Basic Authorisation parameters structure if
		40	* request has such header (allocated in connection's pool),
		41	* NULL otherwise.
		42	*/
		43	static const struct MHD_RqBAuth *
		44	get_rq_bauth_params (struct MHD_Connection *connection)
		45	{
		46	const struct MHD_AuthRqHeader *rq_params;
		47
		48	rq_params = MHD_get_auth_rq_params_ (connection);
		49	if ( (NULL == rq_params) \|\|
		50	(MHD_AUTHTYPE_BASIC != rq_params->auth_type) )
		51	return NULL;
		52
		53	return rq_params->params.bauth;
		54	}
		55
		56
		57	/**
36	* Get the username and password from the basic authorization header sent by the client	58	* Get the username and password from the basic authorization header sent by the client
37	*	59	*
38	* @param connection The MHD connection structure	60	* @param connection The MHD connection structure
39	* @param password a pointer for the password	61	* @param[out] password a pointer for the password, free using #MHD_free().
40	* @return NULL if no username could be found, a pointer	62	* @return NULL if no username could be found, a pointer
41	* to the username if found	63	* to the username if found, free using #MHD_free().
42	* @ingroup authentication	64	* @ingroup authentication
43	*/	65	*/
44	_MHD_EXTERN char *	66	_MHD_EXTERN char *
45	MHD_basic_auth_get_username_password (struct MHD_Connection *connection,	67	MHD_basic_auth_get_username_password (struct MHD_Connection *connection,
46	char **password)	68	char **password)
47	{	69	{
48	const char *header;	70	const struct MHD_RqBAuth *params;
49	char *decode;	71	char *decode;
		72	size_t decode_len;
50	const char *separator;	73	const char *separator;
51	char *user;	74
52		75	params = get_rq_bauth_params (connection);
53	if ( (MHD_NO == MHD_lookup_connection_value_n (connection,	76
54	MHD_HEADER_KIND,	77	if (NULL == params)
55	MHD_HTTP_HEADER_AUTHORIZATION,	78	return NULL;
56	MHD_STATICSTR_LEN_ (	79
57	MHD_HTTP_HEADER_AUTHORIZATION),	80	if ((NULL == params->token68.str) \|\| (0 == params->token68.len))
58	&header,
59	NULL)) \|\|
60	(0 != strncmp (header,
61	_MHD_AUTH_BASIC_BASE,
62	MHD_STATICSTR_LEN_ (_MHD_AUTH_BASIC_BASE))) )
63	return NULL;	81	return NULL;
64	header += MHD_STATICSTR_LEN_ (_MHD_AUTH_BASIC_BASE);	82
65	if (NULL == (decode = BASE64Decode (header)))	83	decode = BASE64Decode (params->token68.str, params->token68.len, &decode_len);
		84	if ((NULL == decode) \|\| (0 == decode_len))
66	{	85	{
67	#ifdef HAVE_MESSAGES	86	#ifdef HAVE_MESSAGES
68	MHD_DLOG (connection->daemon,	87	MHD_DLOG (connection->daemon,
69	_ ("Error decoding basic authentication.\n"));	88	_ ("Error decoding basic authentication.\n"));
70	#endif	89	#endif
		90	if (NULL != decode)
		91	free (decode);
71	return NULL;	92	return NULL;
72	}	93	}
73	/* Find user:password pattern */	94	/* Find user:password pattern */
74	if (NULL == (separator = strchr (decode,	95	if (NULL != (separator = memchr (decode,
75	':')))	96	':',
		97	decode_len)))
76	{	98	{
77	#ifdef HAVE_MESSAGES	99	char *user;
78	MHD_DLOG (connection->daemon,	100	size_t user_len;
79	_ ("Basic authentication doesn't contain ':' separator.\n"));	101	size_t password_len;
80	#endif	102
81	free (decode);	103	user = decode; /* Reuse already allocated buffer */
82	return NULL;	104	user_len = (size_t) (separator - decode);
83	}	105	user[user_len] = 0;
84	if (NULL == (user = strdup (decode)))	106
85	{	107	if (NULL == password)
86	free (decode);	108	return user;
87	return NULL;	109
88	}	110	password_len = decode_len - user_len - 1;
89	user[separator - decode] = '\0'; /* cut off at ':' */	111	password = (char ) malloc (password_len + 1);
90	if (NULL != password)	112	if (NULL != *password)
91	{
92	*password = strdup (separator + 1);
93	if (NULL == *password)
94	{	113	{
		114	if (0 != password_len)
		115	memcpy (*password, decode + user_len + 1, password_len);
		116	(*password)[password_len] = 0;
		117
		118	return user;
		119	}
95	#ifdef HAVE_MESSAGES	120	#ifdef HAVE_MESSAGES
		121	else
96	MHD_DLOG (connection->daemon,	122	MHD_DLOG (connection->daemon,
97	_ ("Failed to allocate memory for password.\n"));	123	_ ("Failed to allocate memory.\n"));
98	#endif	124	#endif /* HAVE_MESSAGES */
99	free (decode);
100	free (user);
101	return NULL;
102	}
103	}	125	}
		126	#ifdef HAVE_MESSAGES
		127	else
		128	MHD_DLOG (connection->daemon,
		129	_ ("Basic authentication doesn't contain ':' separator.\n"));
		130	#endif
104	free (decode);	131	free (decode);
105	return user;	132	return NULL;
106	}	133	}
107		134
108		135