src/server/safs/auth.c@ef3c8a0e1fee (annotated)
src/server/safs/auth.c
Sun, 27 Nov 2022 13:33:30 +0100
- author
- Olaf Wintermann <olaf.wintermann@gmail.com>
- date
- Sun, 27 Nov 2022 13:33:30 +0100
- changeset 443
- ef3c8a0e1fee
- parent 415
- d938228c382e
- child 467
- 4d038bc6f86e
- permissions
- -rw-r--r--
improve daemon startup
parent will wait until daemon is started and returns error code if startup failed
daemon startup log messages will be printed by parent
|
23
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
1 | /* |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
2 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
3 | * |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
4 | * Copyright 2008 Sun Microsystems, Inc. All rights reserved. |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
5 | * |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
6 | * THE BSD LICENSE |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
7 | * |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
8 | * Redistribution and use in source and binary forms, with or without |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
9 | * modification, are permitted provided that the following conditions are met: |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
10 | * |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
11 | * Redistributions of source code must retain the above copyright notice, this |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
12 | * list of conditions and the following disclaimer. |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
13 | * Redistributions in binary form must reproduce the above copyright notice, |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
14 | * this list of conditions and the following disclaimer in the documentation |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
15 | * and/or other materials provided with the distribution. |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
16 | * |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
17 | * Neither the name of the nor the names of its contributors may be |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
18 | * used to endorse or promote products derived from this software without |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
19 | * specific prior written permission. |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
20 | * |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
21 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
22 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
23 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
24 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
25 | * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
26 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
27 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
28 | * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
29 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
30 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
31 | * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
32 | */ |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
33 | |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
34 | #include <strings.h> |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
35 | |
|
59
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
51
diff
changeset
|
36 | #include "../public/auth.h" |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
37 | #include "../daemon/config.h" |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
38 | #include "../daemon/session.h" |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
39 | |
|
23
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
40 | #include "auth.h" |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
41 | |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
42 | |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
43 | /* ------------------------------ _uudecode ------------------------------- */ |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
44 | |
|
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
45 | static const unsigned char pr2six[256] = { |
|
23
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
46 | 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64, |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
47 | 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,62,64,64,64,63, |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
48 | 52,53,54,55,56,57,58,59,60,61,64,64,64,64,64,64,64,0,1,2,3,4,5,6,7,8,9, |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
49 | 10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,64,64,64,64,64,64,26,27, |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
50 | 28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51, |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
51 | 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64, |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
52 | 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64, |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
53 | 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64, |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
54 | 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64, |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
55 | 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64, |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
56 | 64,64,64,64,64,64,64,64,64,64,64,64,64 |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
57 | }; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
58 | |
| 51 | 59 | char *_uudecode(pool_handle_t *pool, char *bufcoded) { |
|
23
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
60 | register char *bufin = bufcoded; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
61 | register unsigned char *bufout; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
62 | register int nprbytes; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
63 | unsigned char *bufplain; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
64 | int nbytesdecoded; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
65 | |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
66 | /* Find the length */ |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
67 | while(pr2six[(int)*(bufin++)] <= 63); |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
68 | nprbytes = bufin - bufcoded - 1; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
69 | nbytesdecoded = ((nprbytes+3)/4) * 3; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
70 | |
| 51 | 71 | bufout = pool_malloc(pool, nbytesdecoded + 1); |
|
23
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
72 | bufplain = bufout; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
73 | |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
74 | bufin = bufcoded; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
75 | |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
76 | while (nprbytes > 0) { |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
77 | *(bufout++) = (unsigned char) |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
78 | (pr2six[(int)(*bufin)] << 2 | pr2six[(int)bufin[1]] >> 4); |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
79 | *(bufout++) = (unsigned char) |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
80 | (pr2six[(int)bufin[1]] << 4 | pr2six[(int)bufin[2]] >> 2); |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
81 | *(bufout++) = (unsigned char) |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
82 | (pr2six[(int)bufin[2]] << 6 | pr2six[(int)bufin[3]]); |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
83 | bufin += 4; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
84 | nprbytes -= 4; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
85 | } |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
86 | |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
87 | if(nprbytes & 03) { |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
88 | if(pr2six[(int)bufin[-2]] > 63) |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
89 | nbytesdecoded -= 2; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
90 | else |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
91 | nbytesdecoded -= 1; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
92 | } |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
93 | bufplain[nbytesdecoded] = '\0'; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
94 | |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
95 | return (char *)bufplain; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
96 | } |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
97 | |
| 51 | 98 | int basicauth_getuser(Session *sn, Request *rq, char **user, char **pw) { |
| 99 | char *auth = NULL; | |
| 100 | *user = NULL; | |
| 101 | *pw = NULL; | |
| 102 | char *u; | |
| 103 | char *p; | |
| 104 | ||
| 105 | if(request_header("authorization", &auth, sn, rq) == REQ_ABORTED) { | |
| 106 | return REQ_ABORTED; | |
| 107 | } | |
| 108 | ||
| 109 | if(!auth) { | |
| 110 | return REQ_NOACTION; | |
| 111 | } | |
| 112 | ||
| 113 | /* Skip leading whitespace */ | |
| 114 | while(*auth && (*auth == ' ')) | |
| 115 | ++auth; | |
| 116 | if(!(*auth)) { | |
| 117 | protocol_status(sn, rq, PROTOCOL_FORBIDDEN, NULL); | |
| 118 | return REQ_ABORTED; | |
| 119 | } | |
| 120 | ||
| 121 | /* Verify correct type */ | |
| 122 | if((strlen(auth) < 6) || strncasecmp(auth, "basic ", 6)) { | |
| 123 | return REQ_NOACTION; | |
| 124 | } | |
| 125 | ||
| 126 | /* Skip whitespace */ | |
| 127 | auth += 6; | |
| 128 | while(*auth && (*auth == ' ')) { | |
| 129 | ++auth; | |
| 130 | } | |
| 131 | ||
| 132 | if(!*auth) { | |
| 133 | return REQ_NOACTION; | |
| 134 | } | |
| 135 | ||
| 136 | /* Uuencoded user:password now */ | |
| 137 | if(!(u = _uudecode(sn->pool, auth))) { | |
| 138 | return REQ_NOACTION; | |
| 139 | } | |
| 140 | ||
| 141 | if(!(p = strchr(u, ':'))) { | |
| 142 | pool_free(sn->pool, u); | |
| 143 | return REQ_NOACTION; | |
| 144 | } | |
| 145 | *p++ = '\0'; | |
| 146 | ||
| 147 | *user = u; | |
| 148 | *pw = p; | |
| 149 | ||
| 150 | return REQ_PROCEED; | |
| 151 | } | |
| 152 | ||
|
23
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
153 | /* ------------------------------ auth_basic ------------------------------ */ |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
154 | |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
155 | int auth_basic(pblock *param, Session *sn, Request *rq) |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
156 | { |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
157 | char *pwfile, *grpfile, *type, *auth, *user, *pw; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
158 | char *pwfn, *grpfn; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
159 | pblock *npb; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
160 | pb_param *pp; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
161 | int ret; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
162 | |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
163 | /* Although this is authorization (which is not cacheable) the |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
164 | * check is not actually done until we call require-auth. So |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
165 | * this part is cacheable; require-auth can be cacheable if the |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
166 | * user has limited the auth to only affect a certain set of |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
167 | * paths. |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
168 | */ |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
169 | rq->directive_is_cacheable = 1; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
170 | |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
171 | type = pblock_findval("auth-type", param); |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
172 | pwfile = pblock_findval("userdb", param); |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
173 | grpfile = pblock_findval("groupdb", param); |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
174 | pwfn = pblock_findval("userfn", param); |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
175 | grpfn = pblock_findval("groupfn", param); |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
176 | |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
177 | if((!type) || (!pwfile) || (!pwfn) || (grpfile && !grpfn)) { |
| 77 | 178 | log_ereport(LOG_MISCONFIG, "basic-auth: missing parameter"); |
|
23
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
179 | protocol_status(sn, rq, PROTOCOL_SERVER_ERROR, NULL); |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
180 | return REQ_ABORTED; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
181 | } |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
182 | |
| 51 | 183 | ret = basicauth_getuser(sn, rq, &user, &pw); |
| 184 | if(ret != REQ_PROCEED) { | |
| 185 | return ret; | |
|
23
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
186 | } |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
187 | |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
188 | npb = pblock_create(4); |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
189 | pblock_nvinsert("user", user, npb); |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
190 | pblock_nvinsert("pw", pw, npb); |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
191 | pblock_nvinsert("userdb", pwfile, npb); |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
192 | if(grpfile) |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
193 | pblock_nvinsert("groupdb", grpfile, npb); |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
194 | pblock_nvinsert("fn", pwfn, npb); |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
195 | |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
196 | if ((ret = func_exec(npb, sn, rq)) != REQ_PROCEED) |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
197 | { |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
198 | goto bye; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
199 | } |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
200 | |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
201 | pblock_nvinsert("auth-type", "basic", rq->vars); |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
202 | pblock_nvinsert("auth-user", user, rq->vars); |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
203 | pblock_nvinsert("auth-db", pwfile, rq->vars); |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
204 | #if defined(XP_WIN32) || defined(MCC_ADMSERV) |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
205 | /* MLM - the admin server needs this password information, |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
206 | * so I'm putting it back */ |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
207 | pblock_nvinsert("auth-password", pw, rq->vars); |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
208 | #endif /* XP_WIN32 */ |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
209 | |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
210 | if(grpfile) { |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
211 | pblock_nvinsert("groupdb", grpfile, npb); |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
212 | pp = pblock_find("fn", npb); |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
213 | free(pp->value); |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
214 | pp->value = strdup(grpfn); |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
215 | |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
216 | if( (ret = func_exec(npb, sn, rq)) != REQ_PROCEED ) |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
217 | goto bye; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
218 | } |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
219 | ret = REQ_PROCEED; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
220 | bye: |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
221 | pblock_free(npb); |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
222 | return ret; |
|
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
223 | } |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
224 | |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
225 | int auth_db(pblock *param, Session *sn, Request *rq) { |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
226 | char *db; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
227 | char *user; |
| 51 | 228 | char *pw; |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
229 | |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
230 | db = pblock_findval("db", param); |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
231 | |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
232 | if(!db) { |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
233 | // TODO: log error |
| 77 | 234 | log_ereport(LOG_MISCONFIG, "basic-auth: missing db parameter"); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
235 | protocol_status(sn, rq, PROTOCOL_SERVER_ERROR, NULL); |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
236 | return REQ_ABORTED; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
237 | } |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
238 | |
| 51 | 239 | int ret = basicauth_getuser(sn, rq, &user, &pw); |
| 240 | if(ret != REQ_PROCEED) { | |
| 241 | return ret; | |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
242 | } |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
243 | |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
244 | // get auth db |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
245 | ServerConfiguration *config = session_get_config(sn); |
|
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
77
diff
changeset
|
246 | AuthDB *authdb = cxMapGet(config->authdbs, cx_hash_key_str(db)); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
247 | |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
248 | User *auth_user = authdb->get_user(authdb, user); |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
249 | if(auth_user && !auth_user->verify_password(auth_user, pw)) { |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
250 | fprintf(stderr, "authdb user not authenticated: %s\n", user); |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
251 | free(user); |
|
48
37a512d7b8f6
fixed some memory leaks
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
38
diff
changeset
|
252 | auth_user->free(auth_user); |
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
253 | return REQ_NOACTION; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
254 | } |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
255 | |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
256 | |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
257 | pblock_nvinsert("auth-type", "basic", rq->vars); |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
258 | pblock_nvinsert("auth-user", user, rq->vars); |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
259 | pblock_nvinsert("auth-db", db, rq->vars); |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
260 | |
| 49 | 261 | if(auth_user) { |
| 262 | auth_user->free(auth_user); | |
| 263 | } | |
| 264 | ||
|
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
265 | return REQ_PROCEED; |
|
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
266 | } |
