auth.c

Go to the documentation of this file.
00001 /*
00002  * Copyright (C) 2001-2003 by egnite Software GmbH. All rights reserved.
00003  *
00004  * Redistribution and use in source and binary forms, with or without
00005  * modification, are permitted provided that the following conditions
00006  * are met:
00007  *
00008  * 1. Redistributions of source code must retain the above copyright
00009  *    notice, this list of conditions and the following disclaimer.
00010  * 2. Redistributions in binary form must reproduce the above copyright
00011  *    notice, this list of conditions and the following disclaimer in the
00012  *    documentation and/or other materials provided with the distribution.
00013  * 3. Neither the name of the copyright holders nor the names of
00014  *    contributors may be used to endorse or promote products derived
00015  *    from this software without specific prior written permission.
00016  *
00017  * THIS SOFTWARE IS PROVIDED BY EGNITE SOFTWARE GMBH AND CONTRIBUTORS
00018  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
00019  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
00020  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL EGNITE
00021  * SOFTWARE GMBH OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
00022  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
00023  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
00024  * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
00025  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
00026  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
00027  * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
00028  * SUCH DAMAGE.
00029  *
00030  * For additional information see http://www.ethernut.de/
00031  */
00032 
00033 /*
00034  * $Log: auth.c,v $
00035  * Revision 1.6  2009/02/13 14:52:05  haraldkipp
00036  * Include memdebug.h for heap management debugging support.
00037  *
00038  * Revision 1.5  2009/02/06 15:40:29  haraldkipp
00039  * Using newly available strdup() and calloc().
00040  * Replaced NutHeap routines by standard malloc/free.
00041  * Replaced pointer value 0 by NULL.
00042  *
00043  * Revision 1.4  2008/07/17 11:29:15  olereinhardt
00044  * Allow authentication for subdirectories
00045  *
00046  * Revision 1.3  2006/10/08 16:43:53  haraldkipp
00047  * Authentication info depended on static memory kept by the caller. Now a
00048  * local copy is held and NutClearAuth (which should have been named
00049  * NutHttpAuthClear, btw.) works correctly.
00050  *
00051  * Revision 1.2  2006/08/25 13:42:16  olereinhardt
00052  * added NutClearAuth(void); Thanks to Peter Sondermanns
00053  *
00054  * Revision 1.1.1.1  2003/05/09 14:41:56  haraldkipp
00055  * Initial using 3.2.1
00056  *
00057  * Revision 1.7  2003/02/04 18:17:31  harald
00058  * Version 3 released
00059  *
00060  * Revision 1.6  2002/06/26 17:29:49  harald
00061  * First pre-release with 2.4 stack
00062  *
00063  */
00064 
00065 #include <sys/heap.h>
00066 
00067 #include <stdlib.h>
00068 #include <string.h>
00069 #include <memdebug.h>
00070 
00071 #include "dencode.h"
00072 #include <pro/httpd.h>
00073 
00078 
00079 AUTHINFO *authList = 0;
00080 
00084 static AUTHINFO *NutHttpAuthLookup(CONST char *dirname, CONST char *login)
00085 {
00086     AUTHINFO *auth;
00087 
00088     for (auth = authList; auth; auth = auth->auth_next) {
00089         if (dirname && (strstr(dirname, auth->auth_dirname) != dirname))
00090             continue;
00091         if (login && strcmp(login, auth->auth_login))
00092             continue;
00093         break;
00094     }
00095     return auth;
00096 }
00097 
00113 int NutRegisterAuth(CONST char *dirname, CONST char *login)
00114 {
00115     AUTHINFO *auth;
00116 
00117     /* Allocate a new list element. */
00118     if ((auth = malloc(sizeof(AUTHINFO))) != NULL) {
00119         auth->auth_next = authList;
00120         /* Allocate the path component. */
00121         if ((auth->auth_dirname = strdup(dirname)) != NULL) {
00122             /* Allocate the login component. */
00123             if ((auth->auth_login = strdup(login)) != NULL) {
00124                 /* Success. Add element to the list and return. */
00125                 authList = auth;
00126                 return 0;
00127             }
00128             /* Allocation failed. */
00129             free(auth->auth_dirname);
00130         }
00131         free(auth);
00132     }
00133     return -1;
00134 }
00135 
00136 
00143 void NutClearAuth(void)
00144 {
00145     AUTHINFO *auth;
00146 
00147     while (authList) {
00148         auth = authList;
00149         authList = auth->auth_next;
00150         free(auth->auth_dirname);
00151         free(auth->auth_login);
00152         free(auth);
00153     }
00154 }
00155 
00167 int NutHttpAuthValidate(REQUEST * req)
00168 {
00169     char *realm;
00170     char *cp = 0;
00171     int rc = -1;
00172 
00173     /*
00174      * Get directory by chopping off filename.
00175      */
00176     realm = req->req_url;
00177     if ((cp = strrchr(realm, '/')) != 0)
00178         *cp = 0;
00179     else
00180         realm = ".";
00181 
00182     /*
00183      * Check if authorization required.
00184      */
00185     if (NutHttpAuthLookup(realm, 0)) {
00186         /*
00187          * Check authorization.
00188          */
00189         if (req->req_auth) {
00190             /*
00191              * Acceptint basic authorization only.
00192              */
00193             if (strncmp(req->req_auth, "Basic ", 6) == 0) {
00194                 NutDecodeBase64(req->req_auth + 6);
00195                 if (NutHttpAuthLookup(realm, req->req_auth + 6))
00196                     rc = 0;
00197             }
00198         }
00199     } else
00200         rc = 0;
00201 
00202     if (cp)
00203         *cp = '/';
00204 
00205     return rc;
00206 }
00207 

© 2000-2007 by egnite Software GmbH - visit http://www.ethernut.de/