src/server/safs/auth.c

changeset 51
b28cf69f42e8
parent 49
1fd94945796e
child 59
ab25c0a231d0
equal deleted inserted replaced
50:4d39adda7a38 51:b28cf69f42e8
40 #include "auth.h" 40 #include "auth.h"
41 41
42 42
43 /* ------------------------------ _uudecode ------------------------------- */ 43 /* ------------------------------ _uudecode ------------------------------- */
44 44
45 const unsigned char pr2six[256]={ 45 const unsigned char pr2six[256] = {
46 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64, 46 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,
47 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,62,64,64,64,63, 47 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,62,64,64,64,63,
48 52,53,54,55,56,57,58,59,60,61,64,64,64,64,64,64,64,0,1,2,3,4,5,6,7,8,9, 48 52,53,54,55,56,57,58,59,60,61,64,64,64,64,64,64,64,0,1,2,3,4,5,6,7,8,9,
49 10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,64,64,64,64,64,64,26,27, 49 10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,64,64,64,64,64,64,26,27,
50 28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51, 50 28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,
54 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64, 54 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,
55 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64, 55 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,
56 64,64,64,64,64,64,64,64,64,64,64,64,64 56 64,64,64,64,64,64,64,64,64,64,64,64,64
57 }; 57 };
58 58
59 char *_uudecode(char *bufcoded) 59 char *_uudecode(pool_handle_t *pool, char *bufcoded) {
60 {
61 register char *bufin = bufcoded; 60 register char *bufin = bufcoded;
62 register unsigned char *bufout; 61 register unsigned char *bufout;
63 register int nprbytes; 62 register int nprbytes;
64 unsigned char *bufplain; 63 unsigned char *bufplain;
65 int nbytesdecoded; 64 int nbytesdecoded;
67 /* Find the length */ 66 /* Find the length */
68 while(pr2six[(int)*(bufin++)] <= 63); 67 while(pr2six[(int)*(bufin++)] <= 63);
69 nprbytes = bufin - bufcoded - 1; 68 nprbytes = bufin - bufcoded - 1;
70 nbytesdecoded = ((nprbytes+3)/4) * 3; 69 nbytesdecoded = ((nprbytes+3)/4) * 3;
71 70
72 bufout = (unsigned char *) malloc(nbytesdecoded + 1); 71 bufout = pool_malloc(pool, nbytesdecoded + 1);
73 bufplain = bufout; 72 bufplain = bufout;
74 73
75 bufin = bufcoded; 74 bufin = bufcoded;
76 75
77 while (nprbytes > 0) { 76 while (nprbytes > 0) {
94 bufplain[nbytesdecoded] = '\0'; 93 bufplain[nbytesdecoded] = '\0';
95 94
96 return (char *)bufplain; 95 return (char *)bufplain;
97 } 96 }
98 97
98 int basicauth_getuser(Session *sn, Request *rq, char **user, char **pw) {
99 char *auth = NULL;
100 *user = NULL;
101 *pw = NULL;
102 char *u;
103 char *p;
104
105 if(request_header("authorization", &auth, sn, rq) == REQ_ABORTED) {
106 return REQ_ABORTED;
107 }
108
109 if(!auth) {
110 return REQ_NOACTION;
111 }
112
113 /* Skip leading whitespace */
114 while(*auth && (*auth == ' '))
115 ++auth;
116 if(!(*auth)) {
117 protocol_status(sn, rq, PROTOCOL_FORBIDDEN, NULL);
118 return REQ_ABORTED;
119 }
120
121 /* Verify correct type */
122 if((strlen(auth) < 6) || strncasecmp(auth, "basic ", 6)) {
123 return REQ_NOACTION;
124 }
125
126 /* Skip whitespace */
127 auth += 6;
128 while(*auth && (*auth == ' ')) {
129 ++auth;
130 }
131
132 if(!*auth) {
133 return REQ_NOACTION;
134 }
135
136 /* Uuencoded user:password now */
137 if(!(u = _uudecode(sn->pool, auth))) {
138 return REQ_NOACTION;
139 }
140
141 if(!(p = strchr(u, ':'))) {
142 pool_free(sn->pool, u);
143 return REQ_NOACTION;
144 }
145 *p++ = '\0';
146
147 *user = u;
148 *pw = p;
149
150 return REQ_PROCEED;
151 }
152
99 /* ------------------------------ auth_basic ------------------------------ */ 153 /* ------------------------------ auth_basic ------------------------------ */
100 154
101 int auth_basic(pblock *param, Session *sn, Request *rq) 155 int auth_basic(pblock *param, Session *sn, Request *rq)
102 { 156 {
103 char *pwfile, *grpfile, *type, *auth, *user, *pw; 157 char *pwfile, *grpfile, *type, *auth, *user, *pw;
112 * user has limited the auth to only affect a certain set of 166 * user has limited the auth to only affect a certain set of
113 * paths. 167 * paths.
114 */ 168 */
115 rq->directive_is_cacheable = 1; 169 rq->directive_is_cacheable = 1;
116 170
117 if(request_header("authorization", &auth, sn, rq) == REQ_ABORTED)
118 return REQ_ABORTED;
119
120 if(!auth)
121 return REQ_NOACTION;
122
123 type = pblock_findval("auth-type", param); 171 type = pblock_findval("auth-type", param);
124 pwfile = pblock_findval("userdb", param); 172 pwfile = pblock_findval("userdb", param);
125 grpfile = pblock_findval("groupdb", param); 173 grpfile = pblock_findval("groupdb", param);
126 pwfn = pblock_findval("userfn", param); 174 pwfn = pblock_findval("userfn", param);
127 grpfn = pblock_findval("groupfn", param); 175 grpfn = pblock_findval("groupfn", param);
132 // XP_GetAdminStr(DBT_authError1)); 180 // XP_GetAdminStr(DBT_authError1));
133 protocol_status(sn, rq, PROTOCOL_SERVER_ERROR, NULL); 181 protocol_status(sn, rq, PROTOCOL_SERVER_ERROR, NULL);
134 return REQ_ABORTED; 182 return REQ_ABORTED;
135 } 183 }
136 184
137 /* Skip leading whitespace */ 185 ret = basicauth_getuser(sn, rq, &user, &pw);
138 while(*auth && (*auth == ' ')) 186 if(ret != REQ_PROCEED) {
139 ++auth; 187 return ret;
140 if(!(*auth)) { 188 }
141 protocol_status(sn, rq, PROTOCOL_FORBIDDEN, NULL);
142 return REQ_ABORTED;
143 }
144
145 /* Verify correct type */
146 if((strlen(auth) < 6) || strncasecmp(auth, "basic ", 6))
147 return REQ_NOACTION;
148
149 /* Skip whitespace */
150 auth += 6;
151 while(*auth && (*auth == ' '))
152 ++auth;
153
154 if(!*auth)
155 return REQ_NOACTION;
156
157 /* Uuencoded user:password now */
158 if(!(user = _uudecode(auth)))
159 return REQ_NOACTION;
160
161 if(!(pw = strchr(user, ':'))) {
162 free(user);
163 return REQ_NOACTION;
164 }
165 *pw++ = '\0';
166 189
167 npb = pblock_create(4); 190 npb = pblock_create(4);
168 pblock_nvinsert("user", user, npb); 191 pblock_nvinsert("user", user, npb);
169 pblock_nvinsert("pw", pw, npb); 192 pblock_nvinsert("pw", pw, npb);
170 pblock_nvinsert("userdb", pwfile, npb); 193 pblock_nvinsert("userdb", pwfile, npb);
196 goto bye; 219 goto bye;
197 } 220 }
198 ret = REQ_PROCEED; 221 ret = REQ_PROCEED;
199 bye: 222 bye:
200 pblock_free(npb); 223 pblock_free(npb);
201 free(user);
202 return ret; 224 return ret;
203 } 225 }
204 226
205 int auth_db(pblock *param, Session *sn, Request *rq) { 227 int auth_db(pblock *param, Session *sn, Request *rq) {
206 // TODO: reimplement this function and auth_basic to avoid code redundancy
207
208 //pblock *npb;
209 //pb_param *pp;
210 //int ret;
211
212 char *auth;
213 char *db; 228 char *db;
214 char *user; 229 char *user;
215 char *pw; 230 char *pw;
216
217 if(request_header("authorization", &auth, sn, rq) == REQ_ABORTED)
218 return REQ_ABORTED;
219
220 if(!auth)
221 return REQ_NOACTION;
222 231
223 db = pblock_findval("db", param); 232 db = pblock_findval("db", param);
224 233
225 if(!db) { 234 if(!db) {
226 // TODO: log error 235 // TODO: log error
228 // XP_GetAdminStr(DBT_authError1)); 237 // XP_GetAdminStr(DBT_authError1));
229 protocol_status(sn, rq, PROTOCOL_SERVER_ERROR, NULL); 238 protocol_status(sn, rq, PROTOCOL_SERVER_ERROR, NULL);
230 return REQ_ABORTED; 239 return REQ_ABORTED;
231 } 240 }
232 241
233 /* Skip leading whitespace */ 242 int ret = basicauth_getuser(sn, rq, &user, &pw);
234 while(*auth && (*auth == ' ')) 243 if(ret != REQ_PROCEED) {
235 ++auth; 244 return ret;
236 if(!(*auth)) { 245 }
237 protocol_status(sn, rq, PROTOCOL_FORBIDDEN, NULL);
238 return REQ_ABORTED;
239 }
240
241 /* Verify correct type */
242 if((strlen(auth) < 6) || strncasecmp(auth, "basic ", 6))
243 return REQ_NOACTION;
244
245 /* Skip whitespace */
246 auth += 6;
247 while(*auth && (*auth == ' '))
248 ++auth;
249
250 if(!*auth)
251 return REQ_NOACTION;
252
253 /* Uuencoded user:password now */
254 if(!(user = _uudecode(auth)))
255 return REQ_NOACTION;
256
257 if(!(pw = strchr(user, ':'))) {
258 free(user);
259 return REQ_NOACTION;
260 }
261 *pw++ = '\0';
262 246
263 // get auth db 247 // get auth db
264 ServerConfiguration *config = session_get_config(sn); 248 ServerConfiguration *config = session_get_config(sn);
265 sstr_t dbname = sstr(db); 249 sstr_t dbname = sstr(db);
266 AuthDB *authdb = ucx_map_sstr_get(config->authdbs, dbname); 250 AuthDB *authdb = ucx_map_sstr_get(config->authdbs, dbname);
276 260
277 pblock_nvinsert("auth-type", "basic", rq->vars); 261 pblock_nvinsert("auth-type", "basic", rq->vars);
278 pblock_nvinsert("auth-user", user, rq->vars); 262 pblock_nvinsert("auth-user", user, rq->vars);
279 pblock_nvinsert("auth-db", db, rq->vars); 263 pblock_nvinsert("auth-db", db, rq->vars);
280 264
281 free(user);
282 if(auth_user) { 265 if(auth_user) {
283 auth_user->free(auth_user); 266 auth_user->free(auth_user);
284 } 267 }
285 268
286 return REQ_PROCEED; 269 return REQ_PROCEED;

mercurial