📄 bsc_auth.c
字号:
/***************************************************************************
*
* CopyrIght (c) 1993 - 2001 Accelerated Technology, Inc.
*
* PROPRIETARY RIGHTS of Accelerated Technology are involved in the subject
* matter of this material. All manufacturing, reproduction, use and sales
* rights pertaining to this subject matter are governed by the license
* agreement. The recipient of this software implicity accepts the terms
* of the license.
*
****************************************************************************/
/***************************************************************************
*
* FILENAME VERSION
*
* bsc_auth.c - Basic Authentication 1.5
*
* COMPONENT
*
* Nucleus WebServ
*
* DESCRIPTION
*
* This File Contains several routines used for Initializing and
* implementing the HTTP 1.1/1.0 Basic Authentication Algorithm.
* Also contains two user plug-ins that are used to add, delete
* and show users on the system. To include this feature ws_cfg.h
* must have WS_BASIC_AUTH defined.
*
* DATA STRUCTURES
*
* None
*
* FUNCTIONS
*
* BSC_Auth_Init
* BSC_Auth_Add_Entry
* BSC_Auth_Delete_Entry
* BSC_Parse_Auth
* BSC_Base64_Decode
* BSC_Add_Delete_Auth
* BSC_Show_Users
*
*
* DEPENDENCIES
*
* bsc_auth.h
* nu_websrv.h
*
***************************************************************************/
#include "webserv/inc/nu_websr.h"
#include "net/inc/netevent.h"
#ifdef WS_BASIC_AUTH
#include "webserv/inc/wpw_auth.h"
/* 401 Unauthorized Response Field */
static CHAR BSC_Text_401[]="\
HTTP/1.1 401 Unauthorized\r\n\
WWW-Authenticate: Basic realm=\" ";
static CHAR BSC_Text_401c[] = "\"\r\n\
Content-type: text/html\r\n\
Content-length: 0\r\n\r\n";
/* 403 Forbidden Access */
static CHAR BSC_Text_H403[]="\
HTTP/1.1 403 Forbidden\r\n\
Server: Nucleus WebServ\r\n\
Content-type: text/html\r\n";
static CHAR BSC_Text_D403[]="\
<HEAD><TITLE>403 Forbidden</TITLE></HEAD>\r\n\
<BODY><H1>403 Forbidden Access</H1>\r\n";
/* Define User PLug-in for adding and deleting a user. */
static INT BSC_Add_Delete_Auth(WS_REQUEST *req);
/* Define Server Side Include Function that will show all users on
* the system.
*/
static INT BSC_Show_Users(WS_REQUEST *req);
extern struct WPW_AUTH_NODE WPW_Table[];
/* Setup Pointers to the linked List structure Basic Auth Link List */
WPW_INFO_LIST BSC_Pw_List_info;
/************************************************************************
*
* FUNCTION
*
* BSC_Auth_Init
*
* DESCRIPTION
*
*
* INPUTS
*
* None
*
* OUTPUTS
*
* NU_MEM_ALLOC Could not allocate memory
* NU_SUCCESS Success
*
************************************************************************/
INT16 BSC_Auth_Init(VOID)
{
WPW_INFO_NODE *bpwlist_info;
INT i;
/* Register the Plug-in to show all users */
HTTP_Register_Plugin(BSC_Show_Users,"userp");
/* Register the plug-in that adds or deletes a user. */
HTTP_Register_Plugin(BSC_Add_Delete_Auth,"addelu");
/* Build the Basic Authentication Password List list. */
for (i = 0; WPW_Table[i].wpw_user_id[0]; i++)
{
if (NU_Allocate_Memory (&System_Memory, (VOID **)&bpwlist_info,
sizeof (WPW_INFO_NODE),
NU_NO_SUSPEND) != NU_SUCCESS)
{
return (NU_MEM_ALLOC);
}
/* Setup the User Id name */
strcpy(bpwlist_info->wpw_user, WPW_Table[i].wpw_user_id);
/* Setup the Password */
strcpy(bpwlist_info->wpw_password, WPW_Table[i].wpw_password);
/* Add this host to the list. */
DLL_Enqueue((tqe_t *) &BSC_Pw_List_info, (tqe_t *) bpwlist_info);
}
return(NU_SUCCESS);
}
/************************************************************************
*
* FUNCTION
*
* BSC_Auth_Add_Entry
*
* DESCRIPTION
*
* This function dynamically adds a user id and password combination
* into the Nucleus WebServ's database.
*
* INPUTS
*
* *user_id
* *password
*
* OUTPUTS
*
* WPW_BASIC_AUTH_FAILED The user id and password already exist
* NU_MEM_ALLOC Could not allocate memory
* NU_SUCCESS Success
*
************************************************************************/
INT16 BSC_Auth_Add_Entry(CHAR *user_id, CHAR *password)
{
INT16 found = 0;
WPW_INFO_NODE *bpwlist_info;
/* First Verify that the user does not exist */
for(bpwlist_info = BSC_Pw_List_info.wpw_list_head ; bpwlist_info;bpwlist_info = bpwlist_info->wpw_list_next)
{
if(strcmp(bpwlist_info->wpw_user, user_id) == 0 )
{
if (strcmp(bpwlist_info->wpw_password, password) == 0)
{
found++;
break;
}
}
}
if(found)
return(WPW_BASIC_AUTH_FAILED);
/* Allocate Memory for the new database entry */
if (NU_Allocate_Memory (&System_Memory, (VOID **)&bpwlist_info,
sizeof (WPW_INFO_NODE),
NU_NO_SUSPEND) != NU_SUCCESS)
{
return (NU_MEM_ALLOC);
}
/* Setup the New User id to add */
strcpy(bpwlist_info->wpw_user, user_id);
/* Setup the password name */
strcpy(bpwlist_info->wpw_password, password);
/* Add this host to the list. */
DLL_Enqueue((tqe_t *) &BSC_Pw_List_info, (tqe_t *) bpwlist_info);
return(NU_SUCCESS);
}
/************************************************************************
*
* FUNCTION
*
* BSC_Auth_Delete_Entry
*
* DESCRIPTION
*
* This function is used to dynamically delete a combination
* of user id and password from the Nucleus WebServ's database.
*
* INPUTS
*
* *user_id
* *password
*
* OUTPUTS
*
* NU_SUCCESS Success
*
************************************************************************/
INT16 BSC_Auth_Delete_Entry(CHAR *user_id, CHAR *password)
{
WPW_INFO_NODE *bpwlist_info;
INT found = 0;
/* Searches to see if the name being asked to delete is availble */
for(bpwlist_info = BSC_Pw_List_info.wpw_list_head ; bpwlist_info ; bpwlist_info = bpwlist_info->wpw_list_next)
{
if(strcmp(bpwlist_info->wpw_user, user_id) == 0 )
{
if (strcmp(bpwlist_info->wpw_password, password)==0)
{
found++;
break;
}
}
}
if (found)
{
/* If entry is found remove it from the list and delete it. */
DLL_Remove((tqe_t *)&BSC_Pw_List_info, (tqe_t *) bpwlist_info);
NU_Deallocate_Memory(bpwlist_info);
}
else
return(WS_FAILURE);
return(NU_SUCCESS);
}
/************************************************************************
*
* FUNCTION
*
* BSC_Parse_Auth
*
* DESCRIPTION
*
* This function is used to process the Basic Authentication
* method. This inlcudes parsing the HTTP packet and getting the
* bas64 encoded user id and password. It then calls a function
* that decodes the string into a userid:password format. Then the
* database checks if the user exists on the system. If the user
* does not exist a 403 access forbidden message is sent. If the
* Authorization token is not found a 401 message is sent to pop-up
* the browser's network password method. If the user exists the
* server acts as normal.
*
* INPUTS
*
* *req
*
* OUTPUTS
*
* FAILURE Could not allocate memory
* WPW_BASIC_AUTH_FAILED Authentication failed
* NU_SUCCESS Success
*
************************************************************************/
STATUS BSC_Parse_Auth(WS_REQUEST *req)
{
static CHAR total_char[WPW_BASIC_MAX_SIZE];
static CHAR user_id[WPW_BASIC_MAX_SIZE];
static CHAR password[WPW_BASIC_MAX_SIZE];
static CHAR final_decode[WPW_BASIC_MAX_SIZE];
CHAR HUGE *s;
CHAR HUGE *l;
CHAR *req_buf_end;
CHAR buf[1000];
UINT32 len;
INT count = 0;
INT index = 0;
WPW_INFO_NODE *bpwlist;
INT16 found = 0;
UTL_Zero(user_id, WPW_BASIC_MAX_SIZE);
UTL_Zero(password, WPW_BASIC_MAX_SIZE);
UTL_Zero(final_decode, WPW_BASIC_MAX_SIZE);
UTL_Zero(total_char, WPW_BASIC_MAX_SIZE);
/* Prepare to check first Packet of Incoming HTTP data */
s = (CHAR HUGE*)req->ws_rdata->ws_lbuf;
/* Set the End of the Packet */
req_buf_end = &req->ws_rdata->ws_lbuf[req->ws_nbytes];
/* Get to the first Sequence delimeter CRLF*/
while(*s) s++;
s++;
l = s;
/* Search for HTTP 1.1 Authorization Header */
s = HTTP_Find_Token("Authorization:", (CHAR *)l, (CHAR *)req_buf_end);
if( s )
{
/* Search for the Basic Authetication Marker */
s = (CHAR HUGE*)HTTP_Find_Token("Basic", (CHAR *)s, req_buf_end);
if(s)
{
l = total_char;
s += 6;
while((*s != '\n') && (*s !='\r') && (*s) )
*l++ = *s++;
*l = '\0';
#ifdef NU_WEBSERV_DEBUG
printf("total_char = %s\r\n", total_char);
#endif
}
else
{
/* Send the 401 Response Message */
strcpy(buf, BSC_Text_401);
strcat(buf, req->ws_fname);
strcat(buf, BSC_Text_401c);
len = strlen(buf);
WS_Write_To_Net(req, buf, len, WS_FILETRNSFR);
return(WPW_BASIC_AUTH_FAILED);
}
}
else
{
/* Send the 401 Response message */
strcpy(buf, BSC_Text_401);
strcat(buf, req->ws_fname);
strcat(buf, BSC_Text_401c);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -