webserver: comparison src/server/safs/auth.c

-:4d39adda7a38
+:b28cf69f42e8
 #include "auth.h"
 /* ------------------------------ _uudecode ------------------------------- */
-const unsigned char pr2six[256]={
+const unsigned char pr2six[256] = {
 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,
 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,62,64,64,64,63,
 52,53,54,55,56,57,58,59,60,61,64,64,64,64,64,64,64,0,1,2,3,4,5,6,7,8,9,
 10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,64,64,64,64,64,64,26,27,
 28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,
 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,
 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,
 64,64,64,64,64,64,64,64,64,64,64,64,64
 };
-char *_uudecode(char *bufcoded)
+char *_uudecode(pool_handle_t *pool, char *bufcoded) {
-{
 register char *bufin = bufcoded;
 register unsigned char *bufout;
 register int nprbytes;
 unsigned char *bufplain;
 int nbytesdecoded;
 /* Find the length */
 while(pr2six[(int)*(bufin++)] <= 63);
 nprbytes = bufin - bufcoded - 1;
 nbytesdecoded = ((nprbytes+3)/4) * 3;
-bufout = (unsigned char *) malloc(nbytesdecoded + 1);
+bufout = pool_malloc(pool, nbytesdecoded + 1);
 bufplain = bufout;
 bufin = bufcoded;
 while (nprbytes > 0) {
 bufplain[nbytesdecoded] = '\0';
 return (char *)bufplain;
 }
+int basicauth_getuser(Session *sn, Request *rq, char **user, char **pw) {
+char *auth = NULL;
+*user = NULL;
+*pw = NULL;
+char *u;
+char *p;
+if(request_header("authorization", &auth, sn, rq) == REQ_ABORTED) {
+return REQ_ABORTED;
+}
+if(!auth) {
+return REQ_NOACTION;
+}
+/* Skip leading whitespace */
+while(*auth && (*auth == ' '))
+++auth;
+if(!(*auth)) {
+protocol_status(sn, rq, PROTOCOL_FORBIDDEN, NULL);
+return REQ_ABORTED;
+}
+/* Verify correct type */
+if((strlen(auth) < 6) || strncasecmp(auth, "basic ", 6)) {
+return REQ_NOACTION;
+}
+/* Skip whitespace */
+auth += 6;
+while(*auth && (*auth == ' ')) {
+++auth;
+}
+if(!*auth) {
+return REQ_NOACTION;
+}
+/* Uuencoded user:password now */
+if(!(u = _uudecode(sn->pool, auth))) {
+return REQ_NOACTION;
+}
+if(!(p = strchr(u, ':'))) {
+pool_free(sn->pool, u);
+return REQ_NOACTION;
+}
+*p++ = '\0';
+*user = u;
+*pw = p;
+return REQ_PROCEED;
+}
 /* ------------------------------ auth_basic ------------------------------ */
 int auth_basic(pblock *param, Session *sn, Request *rq)
 {
 char *pwfile, *grpfile, *type, *auth, *user, *pw;
 * user has limited the auth to only affect a certain set of
 * paths.
 */
 rq->directive_is_cacheable = 1;
-if(request_header("authorization", &auth, sn, rq) == REQ_ABORTED)
-return REQ_ABORTED;
-if(!auth)
-return REQ_NOACTION;
 type = pblock_findval("auth-type", param);
 pwfile = pblock_findval("userdb", param);
 grpfile = pblock_findval("groupdb", param);
 pwfn = pblock_findval("userfn", param);
 grpfn = pblock_findval("groupfn", param);
 //          XP_GetAdminStr(DBT_authError1));
 protocol_status(sn, rq, PROTOCOL_SERVER_ERROR, NULL);
 return REQ_ABORTED;
 }
-/* Skip leading whitespace */
+ret = basicauth_getuser(sn, rq, &user, &pw);
-while(*auth && (*auth == ' '))
+if(ret != REQ_PROCEED) {
-++auth;
+return ret;
-if(!(*auth)) {
+}
-protocol_status(sn, rq, PROTOCOL_FORBIDDEN, NULL);
-return REQ_ABORTED;
-}
-/* Verify correct type */
-if((strlen(auth) < 6) || strncasecmp(auth, "basic ", 6))
-return REQ_NOACTION;
-/* Skip whitespace */
-auth += 6;
-while(*auth && (*auth == ' '))
-++auth;
-if(!*auth)
-return REQ_NOACTION;
-/* Uuencoded user:password now */
-if(!(user = _uudecode(auth)))
-return REQ_NOACTION;
-if(!(pw = strchr(user, ':'))) {
-free(user);
-return REQ_NOACTION;
-}
-*pw++ = '\0';
 npb = pblock_create(4);
 pblock_nvinsert("user", user, npb);
 pblock_nvinsert("pw", pw, npb);
 pblock_nvinsert("userdb", pwfile, npb);
 goto bye;
 }
 ret = REQ_PROCEED;
 bye:
 pblock_free(npb);
-free(user);
 return ret;
 }
 int auth_db(pblock *param, Session *sn, Request *rq) {
-// TODO: reimplement this function and auth_basic to avoid code redundancy
-//pblock *npb;
-//pb_param *pp;
-//int ret;
-char *auth;
 char *db;
 char *user;
 char *pw;
-if(request_header("authorization", &auth, sn, rq) == REQ_ABORTED)
-return REQ_ABORTED;
-if(!auth)
-return REQ_NOACTION;
 db = pblock_findval("db", param);
 if(!db) {
 // TODO: log error
 //          XP_GetAdminStr(DBT_authError1));
 protocol_status(sn, rq, PROTOCOL_SERVER_ERROR, NULL);
 return REQ_ABORTED;
 }
-/* Skip leading whitespace */
+int ret = basicauth_getuser(sn, rq, &user, &pw);
-while(*auth && (*auth == ' '))
+if(ret != REQ_PROCEED) {
-++auth;
+return ret;
-if(!(*auth)) {
+}
-protocol_status(sn, rq, PROTOCOL_FORBIDDEN, NULL);
-return REQ_ABORTED;
-}
-/* Verify correct type */
-if((strlen(auth) < 6) || strncasecmp(auth, "basic ", 6))
-return REQ_NOACTION;
-/* Skip whitespace */
-auth += 6;
-while(*auth && (*auth == ' '))
-++auth;
-if(!*auth)
-return REQ_NOACTION;
-/* Uuencoded user:password now */
-if(!(user = _uudecode(auth)))
-return REQ_NOACTION;
-if(!(pw = strchr(user, ':'))) {
-free(user);
-return REQ_NOACTION;
-}
-*pw++ = '\0';
 // get auth db
 ServerConfiguration *config = session_get_config(sn);
 sstr_t dbname = sstr(db);
 AuthDB *authdb = ucx_map_sstr_get(config->authdbs, dbname);
 pblock_nvinsert("auth-type", "basic", rq->vars);
 pblock_nvinsert("auth-user", user, rq->vars);
 pblock_nvinsert("auth-db", db, rq->vars);
-free(user);
 if(auth_user) {
 auth_user->free(auth_user);
 }
 return REQ_PROCEED;

Mercurial > hg > webserver / file comparison

comparison: src/server/safs/auth.c

src/server/safs/auth.c