1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
/*
* security.c -- Security handler
*
* Copyright (c) Go Ahead Software Inc., 1995-1999. All Rights Reserved.
*
* See the file "license.txt" for usage and redistribution license requirements
*/
/******************************** Description *********************************/
/*
* This module provides a basic security policy. It supports a single global
* password and ignores the username. Encoding/decoding of the password is
* -not- done.
*/
/********************************* Includes ***********************************/
#include "wsIntrn.h"
/******************************** Local Data **********************************/
static char_t websPassword[WEBS_MAX_PASS]; /* Access password (decoded) */
/*********************************** Code *************************************/
/*
* Determine if this request should be honored
*/
int websSecurityHandler(webs_t wp, char_t *urlPrefix, char_t *webDir, int arg,
char_t *url, char_t *path, char_t *query)
{
char_t *type, *password;
int flags;
a_assert(websValid(wp));
a_assert(url && *url);
a_assert(path && *path);
/*
* Get the critical request details
*/
type = websGetRequestType(wp);
password = websGetRequestPassword(wp);
flags = websGetRequestFlags(wp);
/*
* Validate the users password if required (local access is always allowed)
* We compare the decoded form of the password.
*/
if (*websPassword && !(flags & WEBS_LOCAL_REQUEST)) {
if (password && *password) {
if (gstrcmp(password, websPassword) != 0) {
websStats.access++;
websError(wp, 200, T("Access Denied\nWrong Password"));
websSetPassword(T(""));
return 1;
}
} else {
/*
* This will cause the browser to display a password / username
* dialog
*/
websStats.errors++;
websError(wp, 401, T("<html><head>Access Denied</head><body>\r\n\
Access to this document requires a password.</body>\
</html>\r\n"));
return 1;
}
}
return 0;
}
/******************************************************************************/
/*
* Delete the default security handler
*/
void websSecurityDelete()
{
websUrlHandlerDelete(websSecurityHandler);
}
/******************************************************************************/
/*
* Store the new password, expect a decoded password. Store in websPassword in
* the decoded form.
*/
void websSetPassword(char_t *password)
{
a_assert(password);
gstrncpy(websPassword, password, TSZ(websPassword));
}
/******************************************************************************/
/*
* Get password, return the decoded form
*/
char_t *websGetPassword()
{
return websPassword;
}
/******************************************************************************/
|