dgstauth.cpp

来自「mini http server,可以集成嵌入到程序中,实现简单的web功能」· C++ 代码 · 共 596 行 · 第 1/2 页

/*____________________________________________________________________________*\

 Copyright (c) 1997-2000 John Roy, Holger Zimmermann. All rights reserved.

 These sources, libraries and applications are
 FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
 as long as the following conditions are adhered to.

 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions
 are met:

 1. Redistributions of source code must retain the above copyright
    notice, this list of conditions and the following disclaimer. 

 2. Redistributions in binary form must reproduce the above copyright
    notice, this list of conditions and the following disclaimer in
    the documentation and/or other materials provided with the
    distribution.

 3. The name of the author may not be used to endorse or promote products
    derived from this software without specific prior written permission.

 THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
 WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 IN NO EVENT SHALL THE AUTHORS OR ITS CONTRIBUTORS BE LIABLE FOR ANY
 DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
 GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 OF THE POSSIBILITY OF SUCH DAMAGE.

 *____________________________________________________________________________*|
 *
 * $Source: /cvsroot/pi3web/Pi3Web_200/Source/HTTP/DgstAuth.cpp,v $
 * $Date: 2003/05/13 18:42:02 $
 *
 Description:
	Digest access authentication module.

\*____________________________________________________________________________*/
/* $SourceTop:$ */

#include <assert.h>
#include <stdio.h>
#include <string.h>
#include <iostream.h>
#include <ctype.h>

#include "HandBase.h"
#include "PIStrStr.h"
#include "PIString.h"
#include "Pi3API.h"
#include "PiAPI.h"
#include "StrToken.h"
#include "DeQuote.h"
#include "md5.h"

/*____________________________________________________________________________*\
 *
 Description:
\*____________________________________________________________________________*/
/*
#define D { cerr << __FILE__ << ", " << __LINE__ << endl; }
*/
#define D

/*____________________________________________________________________________*\
 *
 Description:
\*____________________________________________________________________________*/
#define KEY_CONF_REALM		"Realm"
#define KEY_CONF_USER		"User"
#define KEY_CONF_TIMEOUT	"NonceTimeout"
#define KEY_USER			"username"
#define KEY_REALM			"realm"
#define KEY_URI				"uri"
#define KEY_ALGO			"algorithm"
#define KEY_NONCE			"nonce"
#define KEY_RESP			"response"
#define DGST_AUTH_TYPE		"Digest"
#define DGST_CHALLENGE		"Digest realm=\"%s\", nonce=\"%s\""
#define DGST_STALE			", stale=\"true\""

/*____________________________________________________________________________*\
 *
 Description:
	Documentation
\*____________________________________________________________________________*/
#if 0
	/*
	** HTML documentation for this handler
	*/
/*___+++HTMLDOC_BEGIN+++___*/
Name:
	DigestAuth

Description:
    Digest access authentication authentication accordingly to RFC 2069.

Options:
<H5>Overview</H5>
<TABLE BORDER=1>
<TH>Option
<TH>Default
<TH>Values
<TH>Short Description
<TH>Example(s)

<TR>
<TD>Realm
<TD>+
<TD>A string
<TD>Realm to authenticate
<TD>Realm="Admin"

<TR>
<TD>User
<TD>+
<TD>&lt;user-name:hashed-password&gt
<TD>User record
<TD>User="holger:bc9b46aaf9b2351ceb9875148d93fda5"

<TR>
<TD>NonceTimeout
<TD>+
<TD>A number, 0 for no timeout
<TD>Timeout for authentication
<TD>NonceTimeout=3600

</TABLE>
<STRONG>-</STRONG> in the <IT>default</IT> indicates no default<BR>
<STRONG>+</STRONG> in the <IT>default</IT> indicates the field is mandatory<BR>

<H4>Description of Options</H4>
<H5>Realm</H5>
Realm to be authenticated by this handler.

<H5>User</H5>
A user belonging to this realm. Subsequent user parameters are allowed.
The user name is separated by colon from the password value. This is
H(A1) = MD5(username:realm:password) accordingly to RFC2069. Since not
the password, but only the hash value is stored, the original password
cannot computed from this value. Since the realm is part of the value,
the entry cannot be used for another realm. Password values can be
generated using a small tool delivered with Pi3Web.

<H5>NonceTimeout</H5>
Timeout value determining the lifetime of a nonce value in seconds.
After the interval has expired, a fresh nonce value is computed in
order to re-authenticate. A value of 0 means the nonce value never
expires.

Phase:
	CHECKAUTH

Returns:
	PIAPI_COMPLETED if authentication passed. INT_REDIRECT if the
	status was set to 401 to challenge, PIAPI_CONTINUE if this 
	handler choose to take no action and PIAPI_ERROR if this handler
	was invoked for a phase other than CHECKAUTH.

Note:
Example:
	<PRE>
	&lt;Object&gt;
		Name DgstAuth
		Class DgstAuthClass
	&lt;/Object&gt;

	&lt;Object&gt;
		...
		Handle DgstAuth 
		...
	&lt;/Object&gt;
	</PRE>
/*___+++HTMLDOC_END+++___*/
#endif


/*____________________________________________________________________________*\
 *
 Class:
 Description:
\*____________________________________________________________________________*/
class DigestAuth : public HandlerBaseHTTP
{
private:
	PIString sRealm;
	PIDB *pUsers;
	PIString sKey;
	time_t tTimeout;

/*____________________________________________________________________________*\
 *
 Description: Generate private key K = MD5(unique-id:PID:Thread-ID)
\*____________________________________________________________________________*/
	int ComputeKey(char *pKey) {
		enum { ID_SIZE=63, TEXT_SIZE=255 };
		char szId[ID_SIZE+1];
		if (PIPlatform_getUniqueId(szId, ID_SIZE+1) != PIAPI_COMPLETED) {
			return PIAPI_ERROR;
		};

		char szText[TEXT_SIZE+1];
		sprintf( szText, "%s:%x:%x", szId, PIPlatform_getProcessId(),
			PIThread_getCurrent() );

		MD5Encode(szText, pKey);
		return PIAPI_COMPLETED;
	}

/*____________________________________________________________________________*\
 *
 Description: Compute nonce value N = MD5(client-ip:timeout:private-key)
\*____________________________________________________________________________*/
	int ComputeNonce(PIHTTP *pPIHTTP, char *pNonce) {
		const char *pClientIP = (const char *)PIDB_lookup(pPIHTTP->pConnectionDB,
			PIDBTYPE_STRING, KEY_INT_REMOTEADDR, 0 );

		enum {TEXT_SIZE=255 };
		char szText[TEXT_SIZE+1];

		time_t ltime = tTimeout ? time( &ltime ) - (ltime % tTimeout) : 0;
		sprintf( szText, "%s:%ld:%s", pClientIP, ltime, (const char *)sKey );

		MD5Encode(szText, pNonce);
		return PIAPI_COMPLETED;
	}

/*____________________________________________________________________________*\
 *
 Description: Generate H(A2) = MD5(method:digest-uri)
\*____________________________________________________________________________*/
	int ComputeHA2( char *pHA2, const char *pMethod, const char *pUri) {
		char *pText = (char *)PIUtil_malloc(strlen(pMethod)+strlen(pUri)+2);
		if ( pText ) {
			strcpy( pText, pMethod );
			strcat( pText, ":" );
			strcat( pText, pUri );
			MD5Encode(pText, pHA2);
			PIUtil_free( pText );
			return PIAPI_COMPLETED;
		} else {
			return PIAPI_ERROR;
		}
	}

/*____________________________________________________________________________*\
 *
 Description: Compute digest D = MD5(H(A1):nonce:H(A2))
\*____________________________________________________________________________*/
	int ComputeDigest( char *pDigest, const char *pHA1, const char *pNonce, const char *pHA2) {
		enum { TEXT_SIZE=3*(32+1) }; // three md5 hashes separated by colon and trailing '\0'
		char szText[TEXT_SIZE+1];
		strcpy( szText, pHA1 );
		strcat( szText, ":" );
		strcat( szText, pNonce );
		strcat( szText, ":" );
		strcat( szText, pHA2 );

		MD5Encode(szText, pDigest);
		return PIAPI_COMPLETED;
	}

/*____________________________________________________________________________*\
 *
 Description: Create a new digest authentication challenge
\*____________________________________________________________________________*/
	int SendChallenge(PIHTTP *pPIHTTP, int stale) {
	
		char szNonce[32+1];
		if ( ComputeNonce(pPIHTTP, szNonce) != PIAPI_COMPLETED ) {
			HTTPCore_logError( pPIHTTP, "DigestAuth: Can't compute nonce value.");
			return HTTPUtil_doHTTPError( pPIHTTP, ST_INTERNALERROR );
		}

		char *pAuth = (char *)PIUtil_malloc( sizeof(DGST_CHALLENGE)
										   + sizeof(DGST_STALE)
										   + strlen(sRealm)
										   + 32 + 1 );
		if ( pAuth ) {
			sprintf( pAuth, DGST_CHALLENGE, (const char *)sRealm, szNonce );
			if (stale) strcat( pAuth, DGST_STALE );
			PIDB_replace( pPIHTTP->pResponseDB, PIDBTYPE_RFC822,
				KEY_HTTP_WWW_AUTHENTICATE, pAuth, 0 );
			PIUtil_free( pAuth );

			/* ---
			Read the rest of the request
			--- */
			if ( void *pLength = PIDB_lookup( pPIHTTP->pRequestDB, PIDBTYPE_RFC822,
				KEY_HTTP_CONTENTLENGTH, 0 ))
				{
				int iLen;