summaryrefslogblamecommitdiffstats
path: root/cpukit/httpd/security.c
blob: 01d4000f40f61258109437321c0858e22ebb0cc9 (plain) (tree) 
c1cdaa0ce8













































































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109













































































































                                                                                         
/*
 * security.c -- Security handler
 *
 * Copyright (c) Go Ahead Software Inc., 1995-1999. All Rights Reserved.
 *
 * See the file "license.txt" for usage and redistribution license requirements
 */

/******************************** Description *********************************/

/*
 *	This module provides a basic security policy. It supports a single global
 *	password and ignores the username. Encoding/decoding of the password is 
 *	-not- done.
 */

/********************************* Includes ***********************************/

#include	"wsIntrn.h"

/******************************** Local Data **********************************/

static char_t	websPassword[WEBS_MAX_PASS];	/* Access password (decoded) */

/*********************************** Code *************************************/
/*
 *	Determine if this request should be honored
 */

int websSecurityHandler(webs_t wp, char_t *urlPrefix, char_t *webDir, int arg, 
						char_t *url, char_t *path, char_t *query)
{
	char_t	*type, *password;
	int		flags;

	a_assert(websValid(wp));
	a_assert(url && *url);
	a_assert(path && *path);

/*
 *	Get the critical request details
 */
	type = websGetRequestType(wp);
	password = websGetRequestPassword(wp);
	flags = websGetRequestFlags(wp);

/*
 *	Validate the users password if required (local access is always allowed)
 *	We compare the decoded form of the password.
 */
	if (*websPassword && !(flags & WEBS_LOCAL_REQUEST)) {

		if (password && *password) {
			if (gstrcmp(password, websPassword) != 0) {
				websStats.access++;
				websError(wp, 200, T("Access Denied\nWrong Password"));
				websSetPassword(T(""));
				return 1;
			}
		} else {
/*
 *			This will cause the browser to display a password / username
 *			dialog
 */
			websStats.errors++;
			websError(wp, 401, T("<html><head>Access Denied</head><body>\r\n\
				Access to this document requires a password.</body>\
				</html>\r\n"));
			return 1;
		}
	}
	return 0;
}

/******************************************************************************/
/*
 *	Delete the default security handler
 */

void websSecurityDelete()
{
	websUrlHandlerDelete(websSecurityHandler);
}

/******************************************************************************/
/*
 *	Store the new password, expect a decoded password. Store in websPassword in 
 *	the decoded form.
 */

void websSetPassword(char_t *password)
{
	a_assert(password);

	gstrncpy(websPassword, password, TSZ(websPassword));
}

/******************************************************************************/
/*
 *	Get password, return the decoded form
 */

char_t *websGetPassword()
{
	return websPassword;
}

/******************************************************************************/
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-02 14:39:25 +0000