search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[core] consolidate duplicated read-to-close code
[lighttpd.git] / src / http_auth.c
blob6d2ed2058d667cd964a09f608e97d5b65e813cf6
1 #include "first.h"
2
3 #include "http_auth.h"
4
5 #include <string.h>
6
7
8 static http_auth_scheme_t http_auth_schemes[8];
9
10 const http_auth_scheme_t * http_auth_scheme_get (const buffer *name)
11 {
12 int i = 0;
13 while (NULL != http_auth_schemes[i].name
14 && 0 != strcmp(http_auth_schemes[i].name, name->ptr)) {
15 ++i;
16 }
17 return (NULL != http_auth_schemes[i].name) ? http_auth_schemes+i : NULL;
18 }
19
20 void http_auth_scheme_set (const http_auth_scheme_t *scheme)
21 {
22 unsigned int i = 0;
23 while (NULL != http_auth_schemes[i].name) ++i;
24 /*(must resize http_auth_schemes[] if too many different auth schemes)*/
25 force_assert(i<(sizeof(http_auth_schemes)/sizeof(http_auth_scheme_t))-1);
26 memcpy(http_auth_schemes+i, scheme, sizeof(http_auth_scheme_t));
27 }
28
29
30 static http_auth_backend_t http_auth_backends[8];
31
32 const http_auth_backend_t * http_auth_backend_get (const buffer *name)
33 {
34 int i = 0;
35 while (NULL != http_auth_backends[i].name
36 && 0 != strcmp(http_auth_backends[i].name, name->ptr)) {
37 ++i;
38 }
39 return (NULL != http_auth_backends[i].name) ? http_auth_backends+i : NULL;
40 }
41
42 void http_auth_backend_set (const http_auth_backend_t *backend)
43 {
44 unsigned int i = 0;
45 while (NULL != http_auth_backends[i].name) ++i;
46 /*(must resize http_auth_backends[] if too many different auth backends)*/
47 force_assert(i<(sizeof(http_auth_backends)/sizeof(http_auth_backend_t))-1);
48 memcpy(http_auth_backends+i, backend, sizeof(http_auth_backend_t));
49 }
50
51 http_auth_require_t * http_auth_require_init (void)
52 {
53 http_auth_require_t *require = calloc(1, sizeof(http_auth_require_t));
54 force_assert(NULL != require);
55
56 require->realm = buffer_init();
57 require->valid_user = 0;
58 require->user = array_init();
59 require->group = array_init();
60 require->host = array_init();
61
62 return require;
63 }
64
65 void http_auth_require_free (http_auth_require_t * const require)
66 {
67 buffer_free(require->realm);
68 array_free(require->user);
69 array_free(require->group);
70 array_free(require->host);
71 free(require);
72 }
73
74 /* (case-sensitive version of array.c:array_get_index(),
75 * and common case expects small num of allowed tokens,
76 * so it is reasonably performant to simply walk the array) */
77 static int http_auth_array_contains (const array * const a, const char * const k, const size_t klen)
78 {
79 for (size_t i = 0, used = a->used; i < used; ++i) {
80 if (buffer_is_equal_string(a->data[i]->key, k, klen)) {
81 return 1;
82 }
83 }
84 return 0;
85 }
86
87 int http_auth_match_rules (const http_auth_require_t * const require, const char * const user, const char * const group, const char * const host)
88 {
89 if (NULL != user
90 && (require->valid_user
91 || http_auth_array_contains(require->user, user, strlen(user)))) {
92 return 1; /* match */
93 }
94
95 if (NULL != group
96 && http_auth_array_contains(require->group, group, strlen(group))) {
97 return 1; /* match */
98 }
99
100 if (NULL != host
101 && http_auth_array_contains(require->host, host, strlen(host))) {
102 return 1; /* match */
103 }
104
105 return 0; /* no match */
106 }
107
108 void http_auth_setenv(array *env, const char *username, size_t ulen, const char *auth_type, size_t alen) {
109 data_string *ds;
110
111 /* REMOTE_USER */
112
113 if (NULL == (ds = (data_string *)array_get_element(env, "REMOTE_USER"))) {
114 if (NULL == (ds = (data_string *)array_get_unused_element(env, TYPE_STRING))) {
115 ds = data_string_init();
116 }
117 buffer_copy_string_len(ds->key, CONST_STR_LEN("REMOTE_USER"));
118 array_insert_unique(env, (data_unset *)ds);
119 }
120 buffer_copy_string_len(ds->value, username, ulen);
121
122 /* AUTH_TYPE */
123
124 if (NULL == (ds = (data_string *)array_get_element(env, "AUTH_TYPE"))) {
125 if (NULL == (ds = (data_string *)array_get_unused_element(env, TYPE_STRING))) {
126 ds = data_string_init();
127 }
128 buffer_copy_string_len(ds->key, CONST_STR_LEN("AUTH_TYPE"));
129 array_insert_unique(env, (data_unset *)ds);
130 }
131 buffer_copy_string_len(ds->value, auth_type, alen);
132 }
133
134 int http_auth_md5_hex2bin (const char *md5hex, size_t len, unsigned char md5bin[16])
135 {
136 /* validate and transform 32-byte MD5 hex string to 16-byte binary MD5 */
137 if (32 != len) return -1; /*(Note: char *md5hex must be a 32-char string)*/
138 for (int i = 0; i < 32; i+=2) {
139 int hi = md5hex[i];
140 int lo = md5hex[i+1];
141 if ('0' <= hi && hi <= '9') hi -= '0';
142 else if ((hi |= 0x20), 'a' <= hi && hi <= 'f') hi += -'a' + 10;
143 else return -1;
144 if ('0' <= lo && lo <= '9') lo -= '0';
145 else if ((lo |= 0x20), 'a' <= lo && lo <= 'f') lo += -'a' + 10;
146 else return -1;
147 md5bin[(i >> 1)] = (unsigned char)((hi << 4) | lo);
148 }
149 return 0;
150 }
151
152 #if 0
153 int http_auth_md5_hex2lc (char *md5hex)
154 {
155 /* validate and transform 32-byte MD5 hex string to lowercase */
156 int i;
157 for (i = 0; md5hex[i]; ++i) {
158 int c = md5hex[i];
159 if ('0' <= c && c <= '9') continue;
160 else if ((c |= 0x20), 'a' <= c && c <= 'f') md5hex[i] = c;
161 else return -1;
162 }
163 return (32 == i) ? 0 : -1; /*(Note: char *md5hex must be a 32-char string)*/
164 }
165 #endif
A fast webserver with minimal memory-footprint (lighttpd)