Boolean ClientAuthenticator::checkResponseHeaderForChallenge(
Array<HTTPHeader> headers)
{
//
// Search for "WWW-Authenticate" header:
//
const char* authHeader;
String authType;
String authChallenge;
String authRealm;
if (!HTTPMessage::lookupHeader(
headers, WWW_AUTHENTICATE, authHeader, false))
{
return false;
}
//
// Parse the authentication challenge header
//
if (!_parseAuthHeader(authHeader, authType, authChallenge))
{
throw InvalidAuthHeader();
}
if (String::equal(authType, "Local"))
{
_authType = ClientAuthenticator::LOCAL;
authRealm = _parseBasicRealm(authChallenge);
if (authRealm.size() == 0)
return false;
}
else if ( String::equal(authType, "Basic"))
{
_authType = ClientAuthenticator::BASIC;
authRealm = _parseBasicRealm(authChallenge);
if (authRealm.size() == 0)
return false;
}
else if ( String::equal(authType, "Digest"))
{
_authType = ClientAuthenticator::DIGEST;
}
else if ( String::equal(authType, "Negotiate"))
{
_authType = ClientAuthenticator::NEGOTIATE;
#ifdef PEGASUS_NEGOTIATE_AUTHENTICATION
_session->parseChallenge(authChallenge);
#endif
}
else
{
throw InvalidAuthHeader();
}
if (_challengeReceived)
{
// Do not respond to a challenge more than once.
// Only Negotiate authentication can take multiple roundtrips,
// but stop it when the server returns empty challenge.
if (_authType != ClientAuthenticator::NEGOTIATE
|| authChallenge.size() == 0)
{
return false;
}
}
_challengeReceived = true;
if (_authType == ClientAuthenticator::LOCAL)
{
String filePath = authRealm;
FileSystem::translateSlashes(filePath);
// Check whether the directory is a valid pre-defined directory.
//
Uint32 index = filePath.reverseFind('/');
if (index != PEG_NOT_FOUND)
{
String dirName = filePath.subString(0,index);
if (!String::equal(dirName, String(PEGASUS_LOCAL_AUTH_DIR)))
{
// Refuse to respond to the challenge when the file is
// not in the expected directory
return false;
}
}
_localAuthFile = authRealm;
}
return true;
}
Boolean ClientAuthenticator::checkResponseHeaderForChallenge(
Array<HTTPHeader> headers)
{
//
// Search for "WWW-Authenticate" header:
//
const char* authHeader;
String authType;
String authRealm;
if (!HTTPMessage::lookupHeader(
headers, WWW_AUTHENTICATE, authHeader, false))
{
return false;
}
if (_challengeReceived)
{
// Do not respond to a challenge more than once
return false;
}
else
{
_challengeReceived = true;
//
// Parse the authentication challenge header
//
if (!_parseAuthHeader(authHeader, authType, authRealm))
{
throw InvalidAuthHeader();
}
if (String::equal(authType, "Local"))
{
_authType = ClientAuthenticator::LOCAL;
}
else if ( String::equal(authType, "Basic"))
{
_authType = ClientAuthenticator::BASIC;
}
else if ( String::equal(authType, "Digest"))
{
_authType = ClientAuthenticator::DIGEST;
}
else
{
throw InvalidAuthHeader();
}
if (_authType == ClientAuthenticator::LOCAL)
{
String filePath = authRealm;
FileSystem::translateSlashes(filePath);
// Check whether the directory is a valid pre-defined directory.
//
Uint32 index = filePath.reverseFind('/');
if (index != PEG_NOT_FOUND)
{
String dirName = filePath.subString(0,index);
#if 0
if (!String::equal(dirName, String(PEGASUS_LOCAL_AUTH_DIR)))
{
// Refuse to respond to the challenge when the file is
// not in the expected directory
return false;
}
#endif
}
_localAuthFile = authRealm;
}
return true;
}
}
