diff options
Diffstat (limited to 'src/microhttpd/basicauth.c')
-rw-r--r-- | src/microhttpd/basicauth.c | 113 |
1 files changed, 70 insertions, 43 deletions
diff --git a/src/microhttpd/basicauth.c b/src/microhttpd/basicauth.c index 9ef26dca..19315d14 100644 --- a/src/microhttpd/basicauth.c +++ b/src/microhttpd/basicauth.c | |||
@@ -25,6 +25,7 @@ | |||
25 | * @author Karlson2k (Evgeny Grin) | 25 | * @author Karlson2k (Evgeny Grin) |
26 | */ | 26 | */ |
27 | #include "basicauth.h" | 27 | #include "basicauth.h" |
28 | #include "gen_auth.h" | ||
28 | #include "platform.h" | 29 | #include "platform.h" |
29 | #include "mhd_limits.h" | 30 | #include "mhd_limits.h" |
30 | #include "internal.h" | 31 | #include "internal.h" |
@@ -33,76 +34,102 @@ | |||
33 | 34 | ||
34 | 35 | ||
35 | /** | 36 | /** |
37 | * Get request's Basic Authorisation parameters. | ||
38 | * @param connection the connection to process | ||
39 | * @return pointer to request Basic Authorisation parameters structure if | ||
40 | * request has such header (allocated in connection's pool), | ||
41 | * NULL otherwise. | ||
42 | */ | ||
43 | static const struct MHD_RqBAuth * | ||
44 | get_rq_bauth_params (struct MHD_Connection *connection) | ||
45 | { | ||
46 | const struct MHD_AuthRqHeader *rq_params; | ||
47 | |||
48 | rq_params = MHD_get_auth_rq_params_ (connection); | ||
49 | if ( (NULL == rq_params) || | ||
50 | (MHD_AUTHTYPE_BASIC != rq_params->auth_type) ) | ||
51 | return NULL; | ||
52 | |||
53 | return rq_params->params.bauth; | ||
54 | } | ||
55 | |||
56 | |||
57 | /** | ||
36 | * Get the username and password from the basic authorization header sent by the client | 58 | * Get the username and password from the basic authorization header sent by the client |
37 | * | 59 | * |
38 | * @param connection The MHD connection structure | 60 | * @param connection The MHD connection structure |
39 | * @param password a pointer for the password | 61 | * @param[out] password a pointer for the password, free using #MHD_free(). |
40 | * @return NULL if no username could be found, a pointer | 62 | * @return NULL if no username could be found, a pointer |
41 | * to the username if found | 63 | * to the username if found, free using #MHD_free(). |
42 | * @ingroup authentication | 64 | * @ingroup authentication |
43 | */ | 65 | */ |
44 | _MHD_EXTERN char * | 66 | _MHD_EXTERN char * |
45 | MHD_basic_auth_get_username_password (struct MHD_Connection *connection, | 67 | MHD_basic_auth_get_username_password (struct MHD_Connection *connection, |
46 | char **password) | 68 | char **password) |
47 | { | 69 | { |
48 | const char *header; | 70 | const struct MHD_RqBAuth *params; |
49 | char *decode; | 71 | char *decode; |
72 | size_t decode_len; | ||
50 | const char *separator; | 73 | const char *separator; |
51 | char *user; | 74 | |
52 | 75 | params = get_rq_bauth_params (connection); | |
53 | if ( (MHD_NO == MHD_lookup_connection_value_n (connection, | 76 | |
54 | MHD_HEADER_KIND, | 77 | if (NULL == params) |
55 | MHD_HTTP_HEADER_AUTHORIZATION, | 78 | return NULL; |
56 | MHD_STATICSTR_LEN_ ( | 79 | |
57 | MHD_HTTP_HEADER_AUTHORIZATION), | 80 | if ((NULL == params->token68.str) || (0 == params->token68.len)) |
58 | &header, | ||
59 | NULL)) || | ||
60 | (0 != strncmp (header, | ||
61 | _MHD_AUTH_BASIC_BASE, | ||
62 | MHD_STATICSTR_LEN_ (_MHD_AUTH_BASIC_BASE))) ) | ||
63 | return NULL; | 81 | return NULL; |
64 | header += MHD_STATICSTR_LEN_ (_MHD_AUTH_BASIC_BASE); | 82 | |
65 | if (NULL == (decode = BASE64Decode (header))) | 83 | decode = BASE64Decode (params->token68.str, params->token68.len, &decode_len); |
84 | if ((NULL == decode) || (0 == decode_len)) | ||
66 | { | 85 | { |
67 | #ifdef HAVE_MESSAGES | 86 | #ifdef HAVE_MESSAGES |
68 | MHD_DLOG (connection->daemon, | 87 | MHD_DLOG (connection->daemon, |
69 | _ ("Error decoding basic authentication.\n")); | 88 | _ ("Error decoding basic authentication.\n")); |
70 | #endif | 89 | #endif |
90 | if (NULL != decode) | ||
91 | free (decode); | ||
71 | return NULL; | 92 | return NULL; |
72 | } | 93 | } |
73 | /* Find user:password pattern */ | 94 | /* Find user:password pattern */ |
74 | if (NULL == (separator = strchr (decode, | 95 | if (NULL != (separator = memchr (decode, |
75 | ':'))) | 96 | ':', |
97 | decode_len))) | ||
76 | { | 98 | { |
77 | #ifdef HAVE_MESSAGES | 99 | char *user; |
78 | MHD_DLOG (connection->daemon, | 100 | size_t user_len; |
79 | _ ("Basic authentication doesn't contain ':' separator.\n")); | 101 | size_t password_len; |
80 | #endif | 102 | |
81 | free (decode); | 103 | user = decode; /* Reuse already allocated buffer */ |
82 | return NULL; | 104 | user_len = (size_t) (separator - decode); |
83 | } | 105 | user[user_len] = 0; |
84 | if (NULL == (user = strdup (decode))) | 106 | |
85 | { | 107 | if (NULL == password) |
86 | free (decode); | 108 | return user; |
87 | return NULL; | 109 | |
88 | } | 110 | password_len = decode_len - user_len - 1; |
89 | user[separator - decode] = '\0'; /* cut off at ':' */ | 111 | *password = (char *) malloc (password_len + 1); |
90 | if (NULL != password) | 112 | if (NULL != *password) |
91 | { | ||
92 | *password = strdup (separator + 1); | ||
93 | if (NULL == *password) | ||
94 | { | 113 | { |
114 | if (0 != password_len) | ||
115 | memcpy (*password, decode + user_len + 1, password_len); | ||
116 | (*password)[password_len] = 0; | ||
117 | |||
118 | return user; | ||
119 | } | ||
95 | #ifdef HAVE_MESSAGES | 120 | #ifdef HAVE_MESSAGES |
121 | else | ||
96 | MHD_DLOG (connection->daemon, | 122 | MHD_DLOG (connection->daemon, |
97 | _ ("Failed to allocate memory for password.\n")); | 123 | _ ("Failed to allocate memory.\n")); |
98 | #endif | 124 | #endif /* HAVE_MESSAGES */ |
99 | free (decode); | ||
100 | free (user); | ||
101 | return NULL; | ||
102 | } | ||
103 | } | 125 | } |
126 | #ifdef HAVE_MESSAGES | ||
127 | else | ||
128 | MHD_DLOG (connection->daemon, | ||
129 | _ ("Basic authentication doesn't contain ':' separator.\n")); | ||
130 | #endif | ||
104 | free (decode); | 131 | free (decode); |
105 | return user; | 132 | return NULL; |
106 | } | 133 | } |
107 | 134 | ||
108 | 135 | ||