00001 /* 00002 * Copyright (C) 2001-2003 by egnite Software GmbH. All rights reserved. 00003 * 00004 * Redistribution and use in source and binary forms, with or without 00005 * modification, are permitted provided that the following conditions 00006 * are met: 00007 * 00008 * 1. Redistributions of source code must retain the above copyright 00009 * notice, this list of conditions and the following disclaimer. 00010 * 2. Redistributions in binary form must reproduce the above copyright 00011 * notice, this list of conditions and the following disclaimer in the 00012 * documentation and/or other materials provided with the distribution. 00013 * 3. Neither the name of the copyright holders nor the names of 00014 * contributors may be used to endorse or promote products derived 00015 * from this software without specific prior written permission. 00016 * 00017 * THIS SOFTWARE IS PROVIDED BY EGNITE SOFTWARE GMBH AND CONTRIBUTORS 00018 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 00019 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 00020 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL EGNITE 00021 * SOFTWARE GMBH OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 00022 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 00023 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 00024 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 00025 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 00026 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 00027 * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 00028 * SUCH DAMAGE. 00029 * 00030 * For additional information see http://www.ethernut.de/ 00031 */ 00032 00033 /* 00034 * $Log: auth.c,v $ 00035 * Revision 1.6 2009/02/13 14:52:05 haraldkipp 00036 * Include memdebug.h for heap management debugging support. 00037 * 00038 * Revision 1.5 2009/02/06 15:40:29 haraldkipp 00039 * Using newly available strdup() and calloc(). 00040 * Replaced NutHeap routines by standard malloc/free. 00041 * Replaced pointer value 0 by NULL. 00042 * 00043 * Revision 1.4 2008/07/17 11:29:15 olereinhardt 00044 * Allow authentication for subdirectories 00045 * 00046 * Revision 1.3 2006/10/08 16:43:53 haraldkipp 00047 * Authentication info depended on static memory kept by the caller. Now a 00048 * local copy is held and NutClearAuth (which should have been named 00049 * NutHttpAuthClear, btw.) works correctly. 00050 * 00051 * Revision 1.2 2006/08/25 13:42:16 olereinhardt 00052 * added NutClearAuth(void); Thanks to Peter Sondermanns 00053 * 00054 * Revision 1.1.1.1 2003/05/09 14:41:56 haraldkipp 00055 * Initial using 3.2.1 00056 * 00057 * Revision 1.7 2003/02/04 18:17:31 harald 00058 * Version 3 released 00059 * 00060 * Revision 1.6 2002/06/26 17:29:49 harald 00061 * First pre-release with 2.4 stack 00062 * 00063 */ 00064 00065 #include <sys/heap.h> 00066 00067 #include <stdlib.h> 00068 #include <string.h> 00069 #include <memdebug.h> 00070 00071 #include "dencode.h" 00072 #include <pro/httpd.h> 00073 00078 00079 AUTHINFO *authList = 0; 00080 00084 static AUTHINFO *NutHttpAuthLookup(CONST char *dirname, CONST char *login) 00085 { 00086 AUTHINFO *auth; 00087 00088 for (auth = authList; auth; auth = auth->auth_next) { 00089 if (dirname && (strstr(dirname, auth->auth_dirname) != dirname)) 00090 continue; 00091 if (login && strcmp(login, auth->auth_login)) 00092 continue; 00093 break; 00094 } 00095 return auth; 00096 } 00097 00113 int NutRegisterAuth(CONST char *dirname, CONST char *login) 00114 { 00115 AUTHINFO *auth; 00116 00117 /* Allocate a new list element. */ 00118 if ((auth = malloc(sizeof(AUTHINFO))) != NULL) { 00119 auth->auth_next = authList; 00120 /* Allocate the path component. */ 00121 if ((auth->auth_dirname = strdup(dirname)) != NULL) { 00122 /* Allocate the login component. */ 00123 if ((auth->auth_login = strdup(login)) != NULL) { 00124 /* Success. Add element to the list and return. */ 00125 authList = auth; 00126 return 0; 00127 } 00128 /* Allocation failed. */ 00129 free(auth->auth_dirname); 00130 } 00131 free(auth); 00132 } 00133 return -1; 00134 } 00135 00136 00143 void NutClearAuth(void) 00144 { 00145 AUTHINFO *auth; 00146 00147 while (authList) { 00148 auth = authList; 00149 authList = auth->auth_next; 00150 free(auth->auth_dirname); 00151 free(auth->auth_login); 00152 free(auth); 00153 } 00154 } 00155 00167 int NutHttpAuthValidate(REQUEST * req) 00168 { 00169 char *realm; 00170 char *cp = 0; 00171 int rc = -1; 00172 00173 /* 00174 * Get directory by chopping off filename. 00175 */ 00176 realm = req->req_url; 00177 if ((cp = strrchr(realm, '/')) != 0) 00178 *cp = 0; 00179 else 00180 realm = "."; 00181 00182 /* 00183 * Check if authorization required. 00184 */ 00185 if (NutHttpAuthLookup(realm, 0)) { 00186 /* 00187 * Check authorization. 00188 */ 00189 if (req->req_auth) { 00190 /* 00191 * Acceptint basic authorization only. 00192 */ 00193 if (strncmp(req->req_auth, "Basic ", 6) == 0) { 00194 NutDecodeBase64(req->req_auth + 6); 00195 if (NutHttpAuthLookup(realm, req->req_auth + 6)) 00196 rc = 0; 00197 } 00198 } 00199 } else 00200 rc = 0; 00201 00202 if (cp) 00203 *cp = '/'; 00204 00205 return rc; 00206 } 00207