projects / project / uhttpd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
clean up / fix #include
[project/uhttpd.git] / auth.c
1 /*
2 * uhttpd - Tiny single-threaded httpd
3 *
4 * Copyright (C) 2010-2012 Jo-Philipp Wich <xm@subsignal.org>
5 * Copyright (C) 2012 Felix Fietkau <nbd@openwrt.org>
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19
20 #define _GNU_SOURCE
21 #define _XOPEN_SOURCE 700
22 #include <strings.h>
23 #include "uhttpd.h"
24
25 static LIST_HEAD(auth_realms);
26
27 void uh_auth_add(const char *path, const char *user, const char *pass)
28 {
29 struct auth_realm *new = NULL;
30 struct passwd *pwd;
31 const char *new_pass = NULL;
32 char *dest_path, *dest_user, *dest_pass;
33
34 #ifdef HAVE_SHADOW
35 struct spwd *spwd;
36 #endif
37
38 /* given password refers to a passwd entry */
39 if ((strlen(pass) > 3) && !strncmp(pass, "$p$", 3)) {
40 #ifdef HAVE_SHADOW
41 /* try to resolve shadow entry */
42 spwd = getspnam(&pass[3]);
43 if (spwd)
44 new_pass = spwd->sp_pwdp;
45 #endif
46 if (!new_pass) {
47 pwd = getpwnam(&pass[3]);
48 if (pwd && pwd->pw_passwd && pwd->pw_passwd[0] &&
49 pwd->pw_passwd[0] != '!')
50 new_pass = pwd->pw_passwd;
51 }
52 } else {
53 new_pass = pass;
54 }
55
56 if (!new_pass || !new_pass[0])
57 return;
58
59 new = calloc_a(sizeof(*new),
60 &dest_path, strlen(path) + 1,
61 &dest_user, strlen(user) + 1,
62 &dest_pass, strlen(new_pass) + 1);
63
64 if (!new)
65 return;
66
67 new->path = strcpy(dest_path, path);
68 new->user = strcpy(dest_user, user);
69 new->pass = strcpy(dest_pass, new_pass);
70 list_add(&new->list, &auth_realms);
71 }
72
73 bool uh_auth_check(struct client *cl, struct path_info *pi)
74 {
75 struct http_request *req = &cl->request;
76 struct auth_realm *realm;
77 bool user_match = false;
78 char *user = NULL;
79 char *pass = NULL;
80 int plen;
81
82 if (pi->auth && !strncasecmp(pi->auth, "Basic ", 6)) {
83 const char *auth = pi->auth + 6;
84
85 uh_b64decode(uh_buf, sizeof(uh_buf), auth, strlen(auth));
86 pass = strchr(uh_buf, ':');
87 if (pass) {
88 user = uh_buf;
89 *pass++ = 0;
90 }
91 }
92
93 req->realm = NULL;
94 plen = strlen(pi->name);
95 list_for_each_entry(realm, &auth_realms, list) {
96 int rlen = strlen(realm->path);
97
98 if (plen < rlen)
99 continue;
100
101 if (strncasecmp(pi->name, realm->path, rlen) != 0)
102 continue;
103
104 req->realm = realm;
105 if (!user)
106 break;
107
108 if (strcmp(user, realm->user) != 0)
109 continue;
110
111 user_match = true;
112 break;
113 }
114
115 if (!req->realm)
116 return true;
117
118 if (user_match && !strcmp(crypt(pass, realm->pass), realm->pass))
119 return true;
120
121 uh_http_header(cl, 401, "Authorization Required");
122 ustream_printf(cl->us,
123 "WWW-Authenticate: Basic realm=\"%s\"\r\n"
124 "Content-Type: text/plain\r\n\r\n",
125 conf.realm);
126 uh_chunk_printf(cl, "Authorization Required\n");
127 uh_request_done(cl);
128
129 return false;
130 }
Tiny HTTP server