Sun, 15 Sep 2024 09:47:36 +0200
improve sessionhandler trace logging
23
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
1 | /* |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
2 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
3 | * |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
4 | * Copyright 2008 Sun Microsystems, Inc. All rights reserved. |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
5 | * |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
6 | * THE BSD LICENSE |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
7 | * |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
8 | * Redistribution and use in source and binary forms, with or without |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
9 | * modification, are permitted provided that the following conditions are met: |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
10 | * |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
11 | * Redistributions of source code must retain the above copyright notice, this |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
12 | * list of conditions and the following disclaimer. |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
13 | * Redistributions in binary form must reproduce the above copyright notice, |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
14 | * this list of conditions and the following disclaimer in the documentation |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
15 | * and/or other materials provided with the distribution. |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
16 | * |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
17 | * Neither the name of the nor the names of its contributors may be |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
18 | * used to endorse or promote products derived from this software without |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
19 | * specific prior written permission. |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
20 | * |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
21 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
22 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
23 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
24 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
25 | * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
26 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
27 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
28 | * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
29 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
30 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
31 | * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
32 | */ |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
33 | |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
34 | #include <strings.h> |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
35 | |
59
ab25c0a231d0
some fixes and new public APIs
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
51
diff
changeset
|
36 | #include "../public/auth.h" |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
37 | #include "../daemon/config.h" |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
38 | #include "../daemon/session.h" |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
39 | |
23
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
40 | #include "auth.h" |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
41 | |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
42 | |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
43 | /* ------------------------------ _uudecode ------------------------------- */ |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
44 | |
62
c47e081b6c0f
added keyfile based authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
59
diff
changeset
|
45 | static const unsigned char pr2six[256] = { |
23
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
46 | 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64, |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
47 | 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,62,64,64,64,63, |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
48 | 52,53,54,55,56,57,58,59,60,61,64,64,64,64,64,64,64,0,1,2,3,4,5,6,7,8,9, |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
49 | 10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,64,64,64,64,64,64,26,27, |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
50 | 28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51, |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
51 | 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64, |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
52 | 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64, |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
53 | 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64, |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
54 | 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64, |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
55 | 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64, |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
56 | 64,64,64,64,64,64,64,64,64,64,64,64,64 |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
57 | }; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
58 | |
51 | 59 | char *_uudecode(pool_handle_t *pool, char *bufcoded) { |
23
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
60 | register char *bufin = bufcoded; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
61 | register unsigned char *bufout; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
62 | register int nprbytes; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
63 | unsigned char *bufplain; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
64 | int nbytesdecoded; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
65 | |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
66 | /* Find the length */ |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
67 | while(pr2six[(int)*(bufin++)] <= 63); |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
68 | nprbytes = bufin - bufcoded - 1; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
69 | nbytesdecoded = ((nprbytes+3)/4) * 3; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
70 | |
51 | 71 | bufout = pool_malloc(pool, nbytesdecoded + 1); |
23
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
72 | bufplain = bufout; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
73 | |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
74 | bufin = bufcoded; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
75 | |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
76 | while (nprbytes > 0) { |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
77 | *(bufout++) = (unsigned char) |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
78 | (pr2six[(int)(*bufin)] << 2 | pr2six[(int)bufin[1]] >> 4); |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
79 | *(bufout++) = (unsigned char) |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
80 | (pr2six[(int)bufin[1]] << 4 | pr2six[(int)bufin[2]] >> 2); |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
81 | *(bufout++) = (unsigned char) |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
82 | (pr2six[(int)bufin[2]] << 6 | pr2six[(int)bufin[3]]); |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
83 | bufin += 4; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
84 | nprbytes -= 4; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
85 | } |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
86 | |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
87 | if(nprbytes & 03) { |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
88 | if(pr2six[(int)bufin[-2]] > 63) |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
89 | nbytesdecoded -= 2; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
90 | else |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
91 | nbytesdecoded -= 1; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
92 | } |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
93 | bufplain[nbytesdecoded] = '\0'; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
94 | |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
95 | return (char *)bufplain; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
96 | } |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
97 | |
51 | 98 | int basicauth_getuser(Session *sn, Request *rq, char **user, char **pw) { |
99 | char *auth = NULL; | |
100 | *user = NULL; | |
101 | *pw = NULL; | |
102 | char *u; | |
103 | char *p; | |
104 | ||
105 | if(request_header("authorization", &auth, sn, rq) == REQ_ABORTED) { | |
106 | return REQ_ABORTED; | |
107 | } | |
108 | ||
109 | if(!auth) { | |
110 | return REQ_NOACTION; | |
111 | } | |
112 | ||
113 | /* Skip leading whitespace */ | |
114 | while(*auth && (*auth == ' ')) | |
115 | ++auth; | |
116 | if(!(*auth)) { | |
117 | protocol_status(sn, rq, PROTOCOL_FORBIDDEN, NULL); | |
118 | return REQ_ABORTED; | |
119 | } | |
120 | ||
121 | /* Verify correct type */ | |
122 | if((strlen(auth) < 6) || strncasecmp(auth, "basic ", 6)) { | |
123 | return REQ_NOACTION; | |
124 | } | |
125 | ||
126 | /* Skip whitespace */ | |
127 | auth += 6; | |
128 | while(*auth && (*auth == ' ')) { | |
129 | ++auth; | |
130 | } | |
131 | ||
132 | if(!*auth) { | |
133 | return REQ_NOACTION; | |
134 | } | |
135 | ||
136 | /* Uuencoded user:password now */ | |
137 | if(!(u = _uudecode(sn->pool, auth))) { | |
138 | return REQ_NOACTION; | |
139 | } | |
140 | ||
141 | if(!(p = strchr(u, ':'))) { | |
142 | pool_free(sn->pool, u); | |
143 | return REQ_NOACTION; | |
144 | } | |
145 | *p++ = '\0'; | |
146 | ||
147 | *user = u; | |
148 | *pw = p; | |
149 | ||
150 | return REQ_PROCEED; | |
151 | } | |
152 | ||
23
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
153 | /* ------------------------------ auth_basic ------------------------------ */ |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
154 | |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
155 | int auth_basic(pblock *param, Session *sn, Request *rq) |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
156 | { |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
157 | char *pwfile, *grpfile, *type, *auth, *user, *pw; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
158 | char *pwfn, *grpfn; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
159 | pblock *npb; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
160 | pb_param *pp; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
161 | int ret; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
162 | |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
163 | /* Although this is authorization (which is not cacheable) the |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
164 | * check is not actually done until we call require-auth. So |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
165 | * this part is cacheable; require-auth can be cacheable if the |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
166 | * user has limited the auth to only affect a certain set of |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
167 | * paths. |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
168 | */ |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
169 | rq->directive_is_cacheable = 1; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
170 | |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
171 | type = pblock_findval("auth-type", param); |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
172 | pwfile = pblock_findval("userdb", param); |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
173 | grpfile = pblock_findval("groupdb", param); |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
174 | pwfn = pblock_findval("userfn", param); |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
175 | grpfn = pblock_findval("groupfn", param); |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
176 | |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
177 | if((!type) || (!pwfile) || (!pwfn) || (grpfile && !grpfn)) { |
77 | 178 | log_ereport(LOG_MISCONFIG, "basic-auth: missing parameter"); |
23
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
179 | protocol_status(sn, rq, PROTOCOL_SERVER_ERROR, NULL); |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
180 | return REQ_ABORTED; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
181 | } |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
182 | |
51 | 183 | ret = basicauth_getuser(sn, rq, &user, &pw); |
184 | if(ret != REQ_PROCEED) { | |
185 | return ret; | |
23
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
186 | } |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
187 | |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
188 | npb = pblock_create(4); |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
189 | pblock_nvinsert("user", user, npb); |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
190 | pblock_nvinsert("pw", pw, npb); |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
191 | pblock_nvinsert("userdb", pwfile, npb); |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
192 | if(grpfile) |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
193 | pblock_nvinsert("groupdb", grpfile, npb); |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
194 | pblock_nvinsert("fn", pwfn, npb); |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
195 | |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
196 | if ((ret = func_exec(npb, sn, rq)) != REQ_PROCEED) |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
197 | { |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
198 | goto bye; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
199 | } |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
200 | |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
201 | pblock_nvinsert("auth-type", "basic", rq->vars); |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
202 | pblock_nvinsert("auth-user", user, rq->vars); |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
203 | pblock_nvinsert("auth-db", pwfile, rq->vars); |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
204 | #if defined(XP_WIN32) || defined(MCC_ADMSERV) |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
205 | /* MLM - the admin server needs this password information, |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
206 | * so I'm putting it back */ |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
207 | pblock_nvinsert("auth-password", pw, rq->vars); |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
208 | #endif /* XP_WIN32 */ |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
209 | |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
210 | if(grpfile) { |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
211 | pblock_nvinsert("groupdb", grpfile, npb); |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
212 | pp = pblock_find("fn", npb); |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
213 | free(pp->value); |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
214 | pp->value = strdup(grpfn); |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
215 | |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
216 | if( (ret = func_exec(npb, sn, rq)) != REQ_PROCEED ) |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
217 | goto bye; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
218 | } |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
219 | ret = REQ_PROCEED; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
220 | bye: |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
221 | pblock_free(npb); |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
222 | return ret; |
a2c8fc23c90e
Added basic authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff
changeset
|
223 | } |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
224 | |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
225 | int auth_db(pblock *param, Session *sn, Request *rq) { |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
226 | char *db; |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
227 | char *user; |
51 | 228 | char *pw; |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
229 | |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
230 | db = pblock_findval("db", param); |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
231 | |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
232 | if(!db) { |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
233 | // TODO: log error |
77 | 234 | log_ereport(LOG_MISCONFIG, "basic-auth: missing db parameter"); |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
235 | protocol_status(sn, rq, PROTOCOL_SERVER_ERROR, NULL); |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
236 | return REQ_ABORTED; |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
237 | } |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
238 | |
51 | 239 | int ret = basicauth_getuser(sn, rq, &user, &pw); |
240 | if(ret != REQ_PROCEED) { | |
241 | return ret; | |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
242 | } |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
243 | |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
244 | // get auth db |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
245 | ServerConfiguration *config = session_get_config(sn); |
415
d938228c382e
switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
77
diff
changeset
|
246 | AuthDB *authdb = cxMapGet(config->authdbs, cx_hash_key_str(db)); |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
247 | |
467
4d038bc6f86e
refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
415
diff
changeset
|
248 | User *auth_user = authdb->get_user(authdb, sn, rq, user); |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
249 | if(auth_user && !auth_user->verify_password(auth_user, pw)) { |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
250 | fprintf(stderr, "authdb user not authenticated: %s\n", user); |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
251 | free(user); |
48
37a512d7b8f6
fixed some memory leaks
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
38
diff
changeset
|
252 | auth_user->free(auth_user); |
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
253 | return REQ_NOACTION; |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
254 | } |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
255 | |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
256 | |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
257 | pblock_nvinsert("auth-type", "basic", rq->vars); |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
258 | pblock_nvinsert("auth-user", user, rq->vars); |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
259 | pblock_nvinsert("auth-db", db, rq->vars); |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
260 | |
49 | 261 | if(auth_user) { |
262 | auth_user->free(auth_user); | |
263 | } | |
264 | ||
38
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
265 | return REQ_PROCEED; |
d07810b02147
added ldap authentication
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
23
diff
changeset
|
266 | } |