comparison: src/server/safs/auth.c
src/server/safs/auth.c
- changeset 38
- d07810b02147
- parent 23
- a2c8fc23c90e
- child 48
- 37a512d7b8f6
equal
deleted
inserted
replaced
| 37:360b9aabe17e | 38:d07810b02147 |
|---|---|
| 31 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 31 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 32 */ | 32 */ |
| 33 | 33 |
| 34 #include <strings.h> | 34 #include <strings.h> |
| 35 | 35 |
| 36 #include "../daemon/authdb.h" | |
| 37 #include "../daemon/config.h" | |
| 38 #include "../daemon/session.h" | |
| 39 | |
| 36 #include "auth.h" | 40 #include "auth.h" |
| 37 | 41 |
| 38 | 42 |
| 39 /* ------------------------------ _uudecode ------------------------------- */ | 43 /* ------------------------------ _uudecode ------------------------------- */ |
| 40 | 44 |
| 195 bye: | 199 bye: |
| 196 pblock_free(npb); | 200 pblock_free(npb); |
| 197 free(user); | 201 free(user); |
| 198 return ret; | 202 return ret; |
| 199 } | 203 } |
| 204 | |
| 205 int auth_db(pblock *param, Session *sn, Request *rq) { | |
| 206 // TODO: reimplement this function and auth_basic to avoid code redundancy | |
| 207 | |
| 208 //pblock *npb; | |
| 209 //pb_param *pp; | |
| 210 //int ret; | |
| 211 | |
| 212 char *auth; | |
| 213 char *db; | |
| 214 char *user; | |
| 215 char *pw; | |
| 216 | |
| 217 if(request_header("authorization", &auth, sn, rq) == REQ_ABORTED) | |
| 218 return REQ_ABORTED; | |
| 219 | |
| 220 if(!auth) | |
| 221 return REQ_NOACTION; | |
| 222 | |
| 223 db = pblock_findval("db", param); | |
| 224 | |
| 225 if(!db) { | |
| 226 // TODO: log error | |
| 227 //log_error(LOG_MISCONFIG, "basic-auth", sn, rq, | |
| 228 // XP_GetAdminStr(DBT_authError1)); | |
| 229 protocol_status(sn, rq, PROTOCOL_SERVER_ERROR, NULL); | |
| 230 return REQ_ABORTED; | |
| 231 } | |
| 232 | |
| 233 /* Skip leading whitespace */ | |
| 234 while(*auth && (*auth == ' ')) | |
| 235 ++auth; | |
| 236 if(!(*auth)) { | |
| 237 protocol_status(sn, rq, PROTOCOL_FORBIDDEN, NULL); | |
| 238 return REQ_ABORTED; | |
| 239 } | |
| 240 | |
| 241 /* Verify correct type */ | |
| 242 if((strlen(auth) < 6) || strncasecmp(auth, "basic ", 6)) | |
| 243 return REQ_NOACTION; | |
| 244 | |
| 245 /* Skip whitespace */ | |
| 246 auth += 6; | |
| 247 while(*auth && (*auth == ' ')) | |
| 248 ++auth; | |
| 249 | |
| 250 if(!*auth) | |
| 251 return REQ_NOACTION; | |
| 252 | |
| 253 /* Uuencoded user:password now */ | |
| 254 if(!(user = _uudecode(auth))) | |
| 255 return REQ_NOACTION; | |
| 256 | |
| 257 if(!(pw = strchr(user, ':'))) { | |
| 258 free(user); | |
| 259 return REQ_NOACTION; | |
| 260 } | |
| 261 *pw++ = '\0'; | |
| 262 | |
| 263 // get auth db | |
| 264 ServerConfiguration *config = session_get_config(sn); | |
| 265 sstr_t dbname = sstr(db); | |
| 266 AuthDB *authdb = ucx_map_sstr_get(config->authdbs, dbname); | |
| 267 | |
| 268 User *auth_user = authdb->get_user(authdb, user); | |
| 269 if(auth_user && !auth_user->verify_password(auth_user, pw)) { | |
| 270 fprintf(stderr, "authdb user not authenticated: %s\n", user); | |
| 271 free(user); | |
| 272 return REQ_NOACTION; | |
| 273 } | |
| 274 | |
| 275 | |
| 276 pblock_nvinsert("auth-type", "basic", rq->vars); | |
| 277 pblock_nvinsert("auth-user", user, rq->vars); | |
| 278 pblock_nvinsert("auth-db", db, rq->vars); | |
| 279 | |
| 280 free(user); | |
| 281 return REQ_PROCEED; | |
| 282 } |
