projects / project / uhttpd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ubus: increase maximum ubus request size to 64KB
[project/uhttpd.git] / auth.c
1 /*
2 * uhttpd - Tiny single-threaded httpd
3 *
4 * Copyright (C) 2010-2013 Jo-Philipp Wich <xm@subsignal.org>
5 * Copyright (C) 2013 Felix Fietkau <nbd@openwrt.org>
6 *
7 * Permission to use, copy, modify, and/or distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 */
19
20 #define _GNU_SOURCE
21 #define _XOPEN_SOURCE 700
22 #include <strings.h>
23 #ifdef HAVE_SHADOW
24 #include <shadow.h>
25 #endif
26 #include "uhttpd.h"
27
28 static LIST_HEAD(auth_realms);
29
30 void uh_auth_add(const char *path, const char *user, const char *pass)
31 {
32 struct auth_realm *new = NULL;
33 struct passwd *pwd;
34 const char *new_pass = NULL;
35 char *dest_path, *dest_user, *dest_pass;
36
37 #ifdef HAVE_SHADOW
38 struct spwd *spwd;
39 #endif
40
41 /* given password refers to a passwd entry */
42 if ((strlen(pass) > 3) && !strncmp(pass, "$p$", 3)) {
43 #ifdef HAVE_SHADOW
44 /* try to resolve shadow entry */
45 spwd = getspnam(&pass[3]);
46 if (spwd)
47 new_pass = spwd->sp_pwdp;
48 #endif
49 if (!new_pass) {
50 pwd = getpwnam(&pass[3]);
51 if (pwd && pwd->pw_passwd && pwd->pw_passwd[0] &&
52 pwd->pw_passwd[0] != '!')
53 new_pass = pwd->pw_passwd;
54 }
55 } else {
56 new_pass = pass;
57 }
58
59 if (!new_pass || !new_pass[0])
60 return;
61
62 new = calloc_a(sizeof(*new),
63 &dest_path, strlen(path) + 1,
64 &dest_user, strlen(user) + 1,
65 &dest_pass, strlen(new_pass) + 1);
66
67 if (!new)
68 return;
69
70 new->path = strcpy(dest_path, path);
71 new->user = strcpy(dest_user, user);
72 new->pass = strcpy(dest_pass, new_pass);
73 list_add(&new->list, &auth_realms);
74 }
75
76 bool uh_auth_check(struct client *cl, const char *path, const char *auth,
77 char **uptr, char **pptr)
78 {
79 struct http_request *req = &cl->request;
80 struct auth_realm *realm;
81 bool user_match = false;
82 char *user = NULL;
83 char *pass = NULL;
84 int plen;
85
86 if (uptr)
87 *uptr = NULL;
88
89 if (pptr)
90 *pptr = NULL;
91
92 if (auth && !strncasecmp(auth, "Basic ", 6)) {
93 auth += 6;
94
95 uh_b64decode(uh_buf, sizeof(uh_buf), auth, strlen(auth));
96 pass = strchr(uh_buf, ':');
97 if (pass) {
98 user = uh_buf;
99 *pass++ = 0;
100 }
101 }
102
103 req->realm = NULL;
104 plen = strlen(path);
105 list_for_each_entry(realm, &auth_realms, list) {
106 int rlen = strlen(realm->path);
107
108 if (plen < rlen)
109 continue;
110
111 if (strncasecmp(path, realm->path, rlen) != 0)
112 continue;
113
114 req->realm = realm;
115 if (!user)
116 break;
117
118 if (strcmp(user, realm->user) != 0)
119 continue;
120
121 user_match = true;
122 break;
123 }
124
125 if (!req->realm)
126 return true;
127
128 if (user_match &&
129 (!strcmp(pass, realm->pass) ||
130 !strcmp(crypt(pass, realm->pass), realm->pass))) {
131 if (uptr)
132 *uptr = user;
133
134 if (pptr)
135 *pptr = pass;
136
137 return true;
138 }
139
140 uh_http_header(cl, 401, "Authorization Required");
141 ustream_printf(cl->us,
142 "WWW-Authenticate: Basic realm=\"%s\"\r\n"
143 "Content-Type: text/plain\r\n\r\n",
144 conf.realm);
145 uh_chunk_printf(cl, "Authorization Required\n");
146 uh_request_done(cl);
147
148 return false;
149 }
Tiny HTTP server