src/server/safs/auth.c

Tue, 01 Jan 2013 19:22:56 +0100

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Tue, 01 Jan 2013 19:22:56 +0100
changeset 44
3da1f7b6847f
parent 38
d07810b02147
child 48
37a512d7b8f6
permissions
-rw-r--r--

added some error messages

23
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
1 /*
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
3 *
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
4 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
5 *
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
6 * THE BSD LICENSE
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
7 *
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
8 * Redistribution and use in source and binary forms, with or without
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
9 * modification, are permitted provided that the following conditions are met:
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
10 *
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
11 * Redistributions of source code must retain the above copyright notice, this
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
12 * list of conditions and the following disclaimer.
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
13 * Redistributions in binary form must reproduce the above copyright notice,
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
14 * this list of conditions and the following disclaimer in the documentation
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
15 * and/or other materials provided with the distribution.
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
16 *
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
17 * Neither the name of the nor the names of its contributors may be
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
18 * used to endorse or promote products derived from this software without
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
19 * specific prior written permission.
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
20 *
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
22 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
24 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
25 * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
26 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
27 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
28 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
29 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
30 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
31 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
32 */
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
33
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
34 #include <strings.h>
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
35
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
36 #include "../daemon/authdb.h"
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
37 #include "../daemon/config.h"
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
38 #include "../daemon/session.h"
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
39
23
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
40 #include "auth.h"
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
41
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
42
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
43 /* ------------------------------ _uudecode ------------------------------- */
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
44
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
45 const unsigned char pr2six[256]={
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
46 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
47 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,62,64,64,64,63,
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
48 52,53,54,55,56,57,58,59,60,61,64,64,64,64,64,64,64,0,1,2,3,4,5,6,7,8,9,
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
49 10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,64,64,64,64,64,64,26,27,
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
50 28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
51 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
52 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
53 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
54 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
55 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
56 64,64,64,64,64,64,64,64,64,64,64,64,64
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
57 };
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
58
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
59 char *_uudecode(char *bufcoded)
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
60 {
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
61 register char *bufin = bufcoded;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
62 register unsigned char *bufout;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
63 register int nprbytes;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
64 unsigned char *bufplain;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
65 int nbytesdecoded;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
66
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
67 /* Find the length */
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
68 while(pr2six[(int)*(bufin++)] <= 63);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
69 nprbytes = bufin - bufcoded - 1;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
70 nbytesdecoded = ((nprbytes+3)/4) * 3;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
71
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
72 bufout = (unsigned char *) malloc(nbytesdecoded + 1);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
73 bufplain = bufout;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
74
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
75 bufin = bufcoded;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
76
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
77 while (nprbytes > 0) {
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
78 *(bufout++) = (unsigned char)
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
79 (pr2six[(int)(*bufin)] << 2 | pr2six[(int)bufin[1]] >> 4);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
80 *(bufout++) = (unsigned char)
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
81 (pr2six[(int)bufin[1]] << 4 | pr2six[(int)bufin[2]] >> 2);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
82 *(bufout++) = (unsigned char)
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
83 (pr2six[(int)bufin[2]] << 6 | pr2six[(int)bufin[3]]);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
84 bufin += 4;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
85 nprbytes -= 4;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
86 }
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
87
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
88 if(nprbytes & 03) {
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
89 if(pr2six[(int)bufin[-2]] > 63)
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
90 nbytesdecoded -= 2;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
91 else
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
92 nbytesdecoded -= 1;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
93 }
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
94 bufplain[nbytesdecoded] = '\0';
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
95
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
96 return (char *)bufplain;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
97 }
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
98
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
99 /* ------------------------------ auth_basic ------------------------------ */
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
100
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
101 int auth_basic(pblock *param, Session *sn, Request *rq)
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
102 {
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
103 char *pwfile, *grpfile, *type, *auth, *user, *pw;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
104 char *pwfn, *grpfn;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
105 pblock *npb;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
106 pb_param *pp;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
107 int ret;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
108
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
109 /* Although this is authorization (which is not cacheable) the
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
110 * check is not actually done until we call require-auth. So
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
111 * this part is cacheable; require-auth can be cacheable if the
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
112 * user has limited the auth to only affect a certain set of
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
113 * paths.
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
114 */
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
115 rq->directive_is_cacheable = 1;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
116
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
117 if(request_header("authorization", &auth, sn, rq) == REQ_ABORTED)
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
118 return REQ_ABORTED;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
119
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
120 if(!auth)
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
121 return REQ_NOACTION;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
122
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
123 type = pblock_findval("auth-type", param);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
124 pwfile = pblock_findval("userdb", param);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
125 grpfile = pblock_findval("groupdb", param);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
126 pwfn = pblock_findval("userfn", param);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
127 grpfn = pblock_findval("groupfn", param);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
128
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
129 if((!type) || (!pwfile) || (!pwfn) || (grpfile && !grpfn)) {
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
130 // TODO: log error
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
131 //log_error(LOG_MISCONFIG, "basic-auth", sn, rq,
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
132 // XP_GetAdminStr(DBT_authError1));
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
133 protocol_status(sn, rq, PROTOCOL_SERVER_ERROR, NULL);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
134 return REQ_ABORTED;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
135 }
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
136
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
137 /* Skip leading whitespace */
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
138 while(*auth && (*auth == ' '))
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
139 ++auth;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
140 if(!(*auth)) {
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
141 protocol_status(sn, rq, PROTOCOL_FORBIDDEN, NULL);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
142 return REQ_ABORTED;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
143 }
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
144
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
145 /* Verify correct type */
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
146 if((strlen(auth) < 6) || strncasecmp(auth, "basic ", 6))
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
147 return REQ_NOACTION;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
148
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
149 /* Skip whitespace */
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
150 auth += 6;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
151 while(*auth && (*auth == ' '))
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
152 ++auth;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
153
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
154 if(!*auth)
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
155 return REQ_NOACTION;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
156
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
157 /* Uuencoded user:password now */
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
158 if(!(user = _uudecode(auth)))
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
159 return REQ_NOACTION;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
160
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
161 if(!(pw = strchr(user, ':'))) {
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
162 free(user);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
163 return REQ_NOACTION;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
164 }
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
165 *pw++ = '\0';
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
166
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
167 npb = pblock_create(4);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
168 pblock_nvinsert("user", user, npb);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
169 pblock_nvinsert("pw", pw, npb);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
170 pblock_nvinsert("userdb", pwfile, npb);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
171 if(grpfile)
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
172 pblock_nvinsert("groupdb", grpfile, npb);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
173 pblock_nvinsert("fn", pwfn, npb);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
174
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
175 if ((ret = func_exec(npb, sn, rq)) != REQ_PROCEED)
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
176 {
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
177 goto bye;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
178 }
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
179
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
180 pblock_nvinsert("auth-type", "basic", rq->vars);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
181 pblock_nvinsert("auth-user", user, rq->vars);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
182 pblock_nvinsert("auth-db", pwfile, rq->vars);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
183 #if defined(XP_WIN32) || defined(MCC_ADMSERV)
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
184 /* MLM - the admin server needs this password information,
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
185 * so I'm putting it back */
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
186 pblock_nvinsert("auth-password", pw, rq->vars);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
187 #endif /* XP_WIN32 */
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
188
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
189 if(grpfile) {
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
190 pblock_nvinsert("groupdb", grpfile, npb);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
191 pp = pblock_find("fn", npb);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
192 free(pp->value);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
193 pp->value = strdup(grpfn);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
194
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
195 if( (ret = func_exec(npb, sn, rq)) != REQ_PROCEED )
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
196 goto bye;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
197 }
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
198 ret = REQ_PROCEED;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
199 bye:
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
200 pblock_free(npb);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
201 free(user);
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
202 return ret;
a2c8fc23c90e Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
203 }
38
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
204
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
205 int auth_db(pblock *param, Session *sn, Request *rq) {
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
206 // TODO: reimplement this function and auth_basic to avoid code redundancy
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
207
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
208 //pblock *npb;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
209 //pb_param *pp;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
210 //int ret;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
211
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
212 char *auth;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
213 char *db;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
214 char *user;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
215 char *pw;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
216
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
217 if(request_header("authorization", &auth, sn, rq) == REQ_ABORTED)
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
218 return REQ_ABORTED;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
219
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
220 if(!auth)
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
221 return REQ_NOACTION;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
222
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
223 db = pblock_findval("db", param);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
224
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
225 if(!db) {
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
226 // TODO: log error
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
227 //log_error(LOG_MISCONFIG, "basic-auth", sn, rq,
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
228 // XP_GetAdminStr(DBT_authError1));
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
229 protocol_status(sn, rq, PROTOCOL_SERVER_ERROR, NULL);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
230 return REQ_ABORTED;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
231 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
232
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
233 /* Skip leading whitespace */
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
234 while(*auth && (*auth == ' '))
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
235 ++auth;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
236 if(!(*auth)) {
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
237 protocol_status(sn, rq, PROTOCOL_FORBIDDEN, NULL);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
238 return REQ_ABORTED;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
239 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
240
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
241 /* Verify correct type */
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
242 if((strlen(auth) < 6) || strncasecmp(auth, "basic ", 6))
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
243 return REQ_NOACTION;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
244
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
245 /* Skip whitespace */
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
246 auth += 6;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
247 while(*auth && (*auth == ' '))
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
248 ++auth;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
249
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
250 if(!*auth)
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
251 return REQ_NOACTION;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
252
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
253 /* Uuencoded user:password now */
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
254 if(!(user = _uudecode(auth)))
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
255 return REQ_NOACTION;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
256
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
257 if(!(pw = strchr(user, ':'))) {
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
258 free(user);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
259 return REQ_NOACTION;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
260 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
261 *pw++ = '\0';
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
262
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
263 // get auth db
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
264 ServerConfiguration *config = session_get_config(sn);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
265 sstr_t dbname = sstr(db);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
266 AuthDB *authdb = ucx_map_sstr_get(config->authdbs, dbname);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
267
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
268 User *auth_user = authdb->get_user(authdb, user);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
269 if(auth_user && !auth_user->verify_password(auth_user, pw)) {
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
270 fprintf(stderr, "authdb user not authenticated: %s\n", user);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
271 free(user);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
272 return REQ_NOACTION;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
273 }
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
274
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
275
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
276 pblock_nvinsert("auth-type", "basic", rq->vars);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
277 pblock_nvinsert("auth-user", user, rq->vars);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
278 pblock_nvinsert("auth-db", db, rq->vars);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
279
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
280 free(user);
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
281 return REQ_PROCEED;
d07810b02147 added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 23
diff changeset
282 }

mercurial