00001 /* 00002 * Copyright (C) 2001-2003 by egnite Software GmbH. All rights reserved. 00003 * 00004 * Redistribution and use in source and binary forms, with or without 00005 * modification, are permitted provided that the following conditions 00006 * are met: 00007 * 00008 * 1. Redistributions of source code must retain the above copyright 00009 * notice, this list of conditions and the following disclaimer. 00010 * 2. Redistributions in binary form must reproduce the above copyright 00011 * notice, this list of conditions and the following disclaimer in the 00012 * documentation and/or other materials provided with the distribution. 00013 * 3. Neither the name of the copyright holders nor the names of 00014 * contributors may be used to endorse or promote products derived 00015 * from this software without specific prior written permission. 00016 * 00017 * THIS SOFTWARE IS PROVIDED BY EGNITE SOFTWARE GMBH AND CONTRIBUTORS 00018 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 00019 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 00020 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL EGNITE 00021 * SOFTWARE GMBH OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 00022 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 00023 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 00024 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 00025 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 00026 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 00027 * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 00028 * SUCH DAMAGE. 00029 * 00030 * For additional information see http://www.ethernut.de/ 00031 */ 00032 00033 /* 00034 * $Log$ 00035 * Revision 1.7 2009/03/07 00:18:13 olereinhardt 00036 * Use base64 decoder from gorp/base64/base64_decode.c instead from dencode.c 00037 * 00038 * Revision 1.6 2009/02/13 14:52:05 haraldkipp 00039 * Include memdebug.h for heap management debugging support. 00040 * 00041 * Revision 1.5 2009/02/06 15:40:29 haraldkipp 00042 * Using newly available strdup() and calloc(). 00043 * Replaced NutHeap routines by standard malloc/free. 00044 * Replaced pointer value 0 by NULL. 00045 * 00046 * Revision 1.4 2008/07/17 11:29:15 olereinhardt 00047 * Allow authentication for subdirectories 00048 * 00049 * Revision 1.3 2006/10/08 16:43:53 haraldkipp 00050 * Authentication info depended on static memory kept by the caller. Now a 00051 * local copy is held and NutClearAuth (which should have been named 00052 * NutHttpAuthClear, btw.) works correctly. 00053 * 00054 * Revision 1.2 2006/08/25 13:42:16 olereinhardt 00055 * added NutClearAuth(void); Thanks to Peter Sondermanns 00056 * 00057 * Revision 1.1.1.1 2003/05/09 14:41:56 haraldkipp 00058 * Initial using 3.2.1 00059 * 00060 * Revision 1.7 2003/02/04 18:17:31 harald 00061 * Version 3 released 00062 * 00063 * Revision 1.6 2002/06/26 17:29:49 harald 00064 * First pre-release with 2.4 stack 00065 * 00066 */ 00067 00068 #include <sys/heap.h> 00069 00070 #include <stdlib.h> 00071 #include <string.h> 00072 #include <memdebug.h> 00073 00074 #include <pro/httpd.h> 00075 #include <gorp/base64.h> 00076 00081 00082 AUTHINFO *authList = 0; 00083 00087 static AUTHINFO *NutHttpAuthLookup(CONST char *dirname, CONST char *login) 00088 { 00089 AUTHINFO *auth; 00090 00091 for (auth = authList; auth; auth = auth->auth_next) { 00092 if (dirname && (strstr(dirname, auth->auth_dirname) != dirname)) 00093 continue; 00094 if (login && strcmp(login, auth->auth_login)) 00095 continue; 00096 break; 00097 } 00098 return auth; 00099 } 00100 00116 int NutRegisterAuth(CONST char *dirname, CONST char *login) 00117 { 00118 AUTHINFO *auth; 00119 00120 /* Allocate a new list element. */ 00121 if ((auth = malloc(sizeof(AUTHINFO))) != NULL) { 00122 auth->auth_next = authList; 00123 /* Allocate the path component. */ 00124 if ((auth->auth_dirname = strdup(dirname)) != NULL) { 00125 /* Allocate the login component. */ 00126 if ((auth->auth_login = strdup(login)) != NULL) { 00127 /* Success. Add element to the list and return. */ 00128 authList = auth; 00129 return 0; 00130 } 00131 /* Allocation failed. */ 00132 free(auth->auth_dirname); 00133 } 00134 free(auth); 00135 } 00136 return -1; 00137 } 00138 00139 00146 void NutClearAuth(void) 00147 { 00148 AUTHINFO *auth; 00149 00150 while (authList) { 00151 auth = authList; 00152 authList = auth->auth_next; 00153 free(auth->auth_dirname); 00154 free(auth->auth_login); 00155 free(auth); 00156 } 00157 } 00158 00170 int NutHttpAuthValidate(REQUEST * req) 00171 { 00172 char *realm; 00173 char *cp = 0; 00174 int rc = -1; 00175 00176 /* 00177 * Get directory by chopping off filename. 00178 */ 00179 realm = req->req_url; 00180 if ((cp = strrchr(realm, '/')) != 0) 00181 *cp = 0; 00182 else 00183 realm = "."; 00184 00185 /* 00186 * Check if authorization required. 00187 */ 00188 if (NutHttpAuthLookup(realm, 0)) { 00189 /* 00190 * Check authorization. 00191 */ 00192 if (req->req_auth) { 00193 /* 00194 * Acceptint basic authorization only. 00195 */ 00196 if (strncmp(req->req_auth, "Basic ", 6) == 0) { 00197 NutDecodeBase64(req->req_auth + 6); 00198 if (NutHttpAuthLookup(realm, req->req_auth + 6)) 00199 rc = 0; 00200 } 00201 } 00202 } else 00203 rc = 0; 00204 00205 if (cp) 00206 *cp = '/'; 00207 00208 return rc; 00209 } 00210