| /* |
| This file is part of libmicrohttpd |
| Copyright (C) 2010, 2011, 2012 Daniel Pittman and Christian Grothoff |
| Copyright (C) 2014-2022 Evgeny Grin (Karlson2k) |
| |
| This library is free software; you can redistribute it and/or |
| modify it under the terms of the GNU Lesser General Public |
| License as published by the Free Software Foundation; either |
| version 2.1 of the License, or (at your option) any later version. |
| |
| This library is distributed in the hope that it will be useful, |
| but WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| Lesser General Public License for more details. |
| |
| You should have received a copy of the GNU Lesser General Public |
| License along with this library; if not, write to the Free Software |
| Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
| */ |
| /** |
| * @file basicauth.c |
| * @brief Implements HTTP basic authentication methods |
| * @author Amr Ali |
| * @author Matthieu Speder |
| * @author Karlson2k (Evgeny Grin) |
| */ |
| #include "basicauth.h" |
| #include "gen_auth.h" |
| #include "platform.h" |
| #include "mhd_limits.h" |
| #include "internal.h" |
| #include "mhd_compat.h" |
| #include "mhd_str.h" |
| |
| |
| /** |
| * Get the username and password from the Basic Authorisation header |
| * sent by the client |
| * |
| * @param connection the MHD connection structure |
| * @return NULL if no valid Basic Authentication header is present in |
| * current request, or |
| * pointer to structure with username and password, which must be |
| * freed by #MHD_free(). |
| * @note Available since #MHD_VERSION 0x00097517 |
| * @ingroup authentication |
| */ |
| _MHD_EXTERN struct MHD_BasicAuthInfo * |
| MHD_basic_auth_get_username_password3 (struct MHD_Connection *connection) |
| { |
| const struct MHD_RqBAuth *params; |
| size_t decoded_max_len; |
| struct MHD_BasicAuthInfo *ret; |
| |
| params = MHD_get_rq_bauth_params_ (connection); |
| |
| if (NULL == params) |
| return NULL; |
| |
| if ((NULL == params->token68.str) || (0 == params->token68.len)) |
| return NULL; |
| |
| decoded_max_len = MHD_base64_max_dec_size_ (params->token68.len); |
| ret = (struct MHD_BasicAuthInfo *) malloc (sizeof(struct MHD_BasicAuthInfo) |
| + decoded_max_len + 1); |
| if (NULL != ret) |
| { |
| size_t decoded_len; |
| char *decoded; |
| |
| decoded = (char *) (ret + 1); |
| decoded_len = MHD_base64_to_bin_n (params->token68.str, params->token68.len, |
| decoded, decoded_max_len); |
| mhd_assert (decoded_max_len >= decoded_len); |
| if (0 != decoded_len) |
| { |
| size_t username_len; |
| char *colon; |
| |
| colon = memchr (decoded, ':', decoded_len); |
| if (NULL != colon) |
| { |
| size_t password_pos; |
| size_t password_len; |
| |
| username_len = (size_t) (colon - decoded); |
| password_pos = username_len + 1; |
| password_len = decoded_len - password_pos; |
| ret->password = decoded + password_pos; |
| ret->password[password_len] = 0; /* Zero-terminate the string */ |
| ret->password_len = password_len; |
| } |
| else |
| { |
| username_len = decoded_len; |
| ret->password = NULL; |
| ret->password_len = 0; |
| } |
| ret->username = decoded; |
| ret->username[username_len] = 0; /* Zero-terminate the string */ |
| ret->username_len = username_len; |
| |
| return ret; /* Success exit point */ |
| } |
| #ifdef HAVE_MESSAGES |
| else |
| MHD_DLOG (connection->daemon, |
| _ ("Error decoding Basic Authorization authentication.\n")); |
| #endif /* HAVE_MESSAGES */ |
| |
| free (ret); |
| } |
| #ifdef HAVE_MESSAGES |
| else |
| { |
| MHD_DLOG (connection->daemon, |
| _ ("Failed to allocate memory to process " \ |
| "Basic Authorization authentication.\n")); |
| } |
| #endif /* HAVE_MESSAGES */ |
| |
| return NULL; /* Failure exit point */ |
| } |
| |
| |
| /** |
| * Get the username and password from the basic authorization header sent by the client |
| * |
| * @param connection The MHD connection structure |
| * @param[out] password a pointer for the password, free using #MHD_free(). |
| * @return NULL if no username could be found, a pointer |
| * to the username if found, free using #MHD_free(). |
| * @deprecated use #MHD_basic_auth_get_username_password3() |
| * @ingroup authentication |
| */ |
| _MHD_EXTERN char * |
| MHD_basic_auth_get_username_password (struct MHD_Connection *connection, |
| char **password) |
| { |
| struct MHD_BasicAuthInfo *info; |
| |
| info = MHD_basic_auth_get_username_password3 (connection); |
| if (NULL == info) |
| return NULL; |
| |
| /* For backward compatibility this function must return NULL if |
| * no password is provided */ |
| if (NULL != info->password) |
| { |
| char *username; |
| |
| username = malloc (info->username_len + 1); |
| if (NULL != username) |
| { |
| memcpy (username, info->username, info->username_len + 1); |
| mhd_assert (0 == username[info->username_len]); |
| if (NULL != password) |
| { |
| *password = malloc (info->password_len + 1); |
| if (NULL != *password) |
| { |
| memcpy (*password, info->password, info->password_len + 1); |
| mhd_assert (0 == (*password)[info->password_len]); |
| |
| free (info); |
| return username; /* Success exit point */ |
| } |
| #ifdef HAVE_MESSAGES |
| else |
| MHD_DLOG (connection->daemon, |
| _ ("Failed to allocate memory.\n")); |
| #endif /* HAVE_MESSAGES */ |
| } |
| else |
| { |
| free (info); |
| return username; /* Success exit point */ |
| } |
| |
| free (username); |
| } |
| #ifdef HAVE_MESSAGES |
| else |
| MHD_DLOG (connection->daemon, |
| _ ("Failed to allocate memory.\n")); |
| #endif /* HAVE_MESSAGES */ |
| |
| } |
| free (info); |
| if (NULL != password) |
| *password = NULL; |
| return NULL; /* Failure exit point */ |
| } |
| |
| |
| /** |
| * Queues a response to request basic authentication from the client. |
| * |
| * The given response object is expected to include the payload for |
| * the response; the "WWW-Authenticate" header will be added and the |
| * response queued with the 'UNAUTHORIZED' status code. |
| * |
| * See RFC 7617#section-2 for details. |
| * |
| * The @a response is modified by this function. The modified response object |
| * can be used to respond subsequent requests by #MHD_queue_response() |
| * function with status code #MHD_HTTP_UNAUTHORIZED and must not be used again |
| * with MHD_queue_basic_auth_fail_response3() function. The response could |
| * be destroyed right after call of this function. |
| * |
| * @param connection the MHD connection structure |
| * @param realm the realm presented to the client |
| * @param prefer_utf8 if not set to #MHD_NO, parameter'charset="UTF-8"' will |
| * be added, indicating for client that UTF-8 encoding |
| * is preferred |
| * @param response the response object to modify and queue; the NULL |
| * is tolerated |
| * @return #MHD_YES on success, #MHD_NO otherwise |
| * @note Available since #MHD_VERSION 0x00097516 |
| * @ingroup authentication |
| */ |
| _MHD_EXTERN enum MHD_Result |
| MHD_queue_basic_auth_fail_response3 (struct MHD_Connection *connection, |
| const char *realm, |
| int prefer_utf8, |
| struct MHD_Response *response) |
| { |
| static const char prefix[] = "Basic realm=\""; |
| static const char suff_charset[] = "\", charset=\"UTF-8\""; |
| static const size_t prefix_len = MHD_STATICSTR_LEN_ (prefix); |
| static const size_t suff_simple_len = MHD_STATICSTR_LEN_ ("\""); |
| static const size_t suff_charset_len = |
| MHD_STATICSTR_LEN_ (suff_charset); |
| enum MHD_Result ret; |
| char *h_str; |
| size_t h_maxlen; |
| size_t suffix_len; |
| size_t realm_len; |
| size_t realm_quoted_len; |
| size_t pos; |
| |
| if (NULL == response) |
| return MHD_NO; |
| |
| suffix_len = (0 == prefer_utf8) ? suff_simple_len : suff_charset_len; |
| realm_len = strlen (realm); |
| h_maxlen = prefix_len + realm_len * 2 + suffix_len; |
| |
| h_str = (char *) malloc (h_maxlen + 1); |
| if (NULL == h_str) |
| { |
| #ifdef HAVE_MESSAGES |
| MHD_DLOG (connection->daemon, |
| "Failed to allocate memory for Basic Authentication header.\n"); |
| #endif /* HAVE_MESSAGES */ |
| return MHD_NO; |
| } |
| memcpy (h_str, prefix, prefix_len); |
| pos = prefix_len; |
| realm_quoted_len = MHD_str_quote (realm, realm_len, h_str + pos, |
| h_maxlen - prefix_len - suffix_len); |
| pos += realm_quoted_len; |
| mhd_assert (pos + suffix_len <= h_maxlen); |
| if (0 == prefer_utf8) |
| { |
| h_str[pos++] = '\"'; |
| h_str[pos++] = 0; /* Zero terminate the result */ |
| mhd_assert (pos <= h_maxlen + 1); |
| } |
| else |
| { |
| /* Copy with the final zero-termination */ |
| mhd_assert (pos + suff_charset_len <= h_maxlen); |
| memcpy (h_str + pos, suff_charset, suff_charset_len + 1); |
| mhd_assert (0 == h_str[pos + suff_charset_len]); |
| } |
| |
| ret = MHD_add_response_header (response, |
| MHD_HTTP_HEADER_WWW_AUTHENTICATE, |
| h_str); |
| free (h_str); |
| if (MHD_NO != ret) |
| { |
| ret = MHD_queue_response (connection, |
| MHD_HTTP_UNAUTHORIZED, |
| response); |
| } |
| else |
| { |
| #ifdef HAVE_MESSAGES |
| MHD_DLOG (connection->daemon, |
| _ ("Failed to add Basic Authentication header.\n")); |
| #endif /* HAVE_MESSAGES */ |
| } |
| return ret; |
| } |
| |
| |
| /** |
| * Queues a response to request basic authentication from the client |
| * The given response object is expected to include the payload for |
| * the response; the "WWW-Authenticate" header will be added and the |
| * response queued with the 'UNAUTHORIZED' status code. |
| * |
| * @param connection The MHD connection structure |
| * @param realm the realm presented to the client |
| * @param response response object to modify and queue; the NULL is tolerated |
| * @return #MHD_YES on success, #MHD_NO otherwise |
| * @deprecated use MHD_queue_basic_auth_fail_response3() |
| * @ingroup authentication |
| */ |
| _MHD_EXTERN enum MHD_Result |
| MHD_queue_basic_auth_fail_response (struct MHD_Connection *connection, |
| const char *realm, |
| struct MHD_Response *response) |
| { |
| return MHD_queue_basic_auth_fail_response3 (connection, realm, MHD_NO, |
| response); |
| } |
| |
| |
| /* end of basicauth.c */ |
