Beispiel #1
0
/** Authenticate a request with @b Digest authentication scheme.
 */
void auth_method_digest(auth_mod_t *am,
                        auth_status_t *as,
                        msg_auth_t *au,
                        auth_challenger_t const *ach)
{
    as->as_allow = as->as_allow || auth_allow_check(am, as) == 0;

    if (as->as_realm)
        au = auth_digest_credentials(au, as->as_realm, am->am_opaque);
    else
        au = NULL;

    if (as->as_allow) {
        SU_DEBUG_5(("%s: allow unauthenticated %s\n", __func__, as->as_method));
        as->as_status = 0, as->as_phrase = NULL;
        as->as_match = (msg_header_t *)au;
        return;
    }

    if (au) {
        auth_response_t ar[1] = {{ sizeof(ar) }};
        auth_digest_response_get(as->as_home, ar, au->au_params);
        as->as_match = (msg_header_t *)au;
        auth_check_digest(am, as, ar, ach);
    }
    else {
        /* There was no matching credentials, send challenge */
        SU_DEBUG_5(("%s: no credentials matched\n", __func__));
        auth_challenge_digest(am, as, ach);
    }
}
/** Authenticate a request with @b Basic authentication scheme.
 *
 */
void auth_method_basic(auth_mod_t *am,
		       auth_status_t *as,
		       msg_auth_t *au,
		       auth_challenger_t const *ach)
{
  char *userpass, buffer[128];
  size_t n, upsize;
  char *pass;
  auth_passwd_t *apw;

  if (!as->as_realm)
    return;

  userpass = buffer, upsize = sizeof buffer;

  for (au = auth_mod_credentials(au, "Basic", NULL);
       au;
       au = auth_mod_credentials(au->au_next, "Basic", NULL)) {
    if (!au->au_params)
      continue;
    n = base64_d(userpass, upsize - 1, au->au_params[0]);
    if (n >= INT_MAX)
      continue;
    if (n >= upsize) {
      void *b = realloc(userpass == buffer ? NULL : userpass, upsize = n + 1);
      if (b == NULL)
	break;
      base64_d(userpass = b, upsize - 1, au->au_params[0]);
    }
    userpass[n] = 0;
    if (!(pass = strchr(userpass, ':')))
      continue;
    *pass++ = '\0';
    SU_DEBUG_5(("auth_method_basic: %s => %s:%s\n",
		au->au_params[0], userpass, pass));

    if (!(apw = auth_mod_getpass(am, userpass, as->as_realm)))
      continue;
    if (strcmp(apw->apw_pass, pass))
      continue;

    as->as_user = apw->apw_user;
    as->as_anonymous = apw == am->am_anon_user;
    as->as_ident = apw->apw_ident;
    as->as_match = (msg_header_t *)au;
    as->as_status = 0;	/* Successful authentication! */

    break;
  }

  if (userpass != buffer)
    free(userpass);

  if (au)
    return;

  if (auth_allow_check(am, as))
    auth_challenge_basic(am, as, ach);
}