ret_t
cherokee_validator_file_init_base (cherokee_validator_file_t *validator,
cherokee_validator_file_props_t *props,
cherokee_plugin_info_validator_t *info)
{
return cherokee_validator_init_base (VALIDATOR(validator),
VALIDATOR_PROPS(props), info);
}
ret_t
cherokee_validator_htdigest_new (cherokee_validator_htdigest_t **htdigest, cherokee_module_props_t *props)
{
CHEROKEE_NEW_STRUCT(n,validator_htdigest);
/* Init
*/
cherokee_validator_file_init_base (VFILE(n),
PROP_VFILE(props),
PLUGIN_INFO_VALIDATOR_PTR(htdigest));
VALIDATOR(n)->support = http_auth_basic | http_auth_digest;
MODULE(n)->free = (module_func_free_t) cherokee_validator_htdigest_free;
VALIDATOR(n)->check = (validator_func_check_t) cherokee_validator_htdigest_check;
VALIDATOR(n)->add_headers = (validator_func_add_headers_t) cherokee_validator_htdigest_add_headers;
/* Return obj
*/
*htdigest = n;
return ret_ok;
}
static ret_t
validate_digest (cherokee_validator_htdigest_t *htdigest, cherokee_connection_t *conn, cherokee_buffer_t *file)
{
int re;
ret_t ret;
char *user = NULL;
char *realm = NULL;
char *passwd = NULL;
cherokee_buffer_t buf = CHEROKEE_BUF_INIT;
/* Sanity check
*/
if (cherokee_buffer_is_empty (&conn->validator->response))
return ret_error;
/* Extact the right entry information
*/
ret = extract_user_entry (file, conn->validator->user.buf, &user, &realm, &passwd);
if (unlikely(ret != ret_ok))
return ret;
/* Build the hash:
* In this case passwd is the HA1 hash: md5(user:realm:passwd)
*/
ret = cherokee_validator_digest_response (VALIDATOR(htdigest), passwd, &buf, conn);
if (unlikely(ret != ret_ok))
goto go_out;
/* Compare and return
*/
re = cherokee_buffer_cmp_buf (&conn->validator->response, &buf);
go_out:
cherokee_buffer_mrproper (&buf);
return (re == 0) ? ret_ok : ret_deny;
}
TlvParser(VALIDATOR const &v = VALIDATOR(), SER const &s = SER(), DESER const &d = DESER()) : validator_(v), serializer_(s), deserializer_(d) {}
ret_t
cherokee_validator_file_free_base (cherokee_validator_file_t *validator)
{
return cherokee_validator_free_base (VALIDATOR(validator));
}
ret_t
cherokee_validator_plain_check (cherokee_validator_plain_t *plain,
cherokee_connection_t *conn)
{
int re;
ret_t ret;
const char *p;
const char *end;
cherokee_buffer_t *fpass;
cherokee_buffer_t file = CHEROKEE_BUF_INIT;
cherokee_buffer_t buser = CHEROKEE_BUF_INIT;
cherokee_buffer_t bpass = CHEROKEE_BUF_INIT;
/* Sanity check */
if (unlikely ((conn->validator == NULL) ||
cherokee_buffer_is_empty(&conn->validator->user))) {
return ret_error;
}
/* Get the full path to the file */
ret = cherokee_validator_file_get_full_path (VFILE(plain), conn, &fpass,
&CONN_THREAD(conn)->tmp_buf1);
if (ret != ret_ok) {
ret = ret_error;
goto out;
}
/* Read its contents */
ret = cherokee_buffer_read_file (&file, fpass->buf);
if (ret != ret_ok) {
ret = ret_error;
goto out;
}
if (! cherokee_buffer_is_ending(&file, '\n'))
cherokee_buffer_add_str (&file, "\n");
p = file.buf;
end = file.buf + file.len;
while (p < end) {
char *eol;
char *colon;
/* Look for the EOL
*/
eol = strchr (p, '\n');
if (eol == NULL) {
ret = ret_ok;
goto out;
}
*eol = '\0';
/* Skip comments
*/
if (p[0] == '#')
goto next;
colon = strchr (p, ':');
if (colon == NULL) {
goto next;
}
/* Is it the right user?
*/
cherokee_buffer_clean (&buser);
cherokee_buffer_add (&buser, p, colon - p);
re = cherokee_buffer_cmp_buf (&buser, &conn->validator->user);
if (re != 0)
goto next;
/* Check the password
*/
cherokee_buffer_clean (&bpass);
cherokee_buffer_add (&bpass, colon+1, eol - (colon+1));
switch (conn->req_auth_type) {
case http_auth_basic:
/* Empty password
*/
if (cherokee_buffer_is_empty (&bpass) &&
cherokee_buffer_is_empty (&conn->validator->passwd)) {
ret = ret_ok;
goto out;
}
/* Check the passwd
*/
re = cherokee_buffer_cmp_buf (&bpass, &conn->validator->passwd);
if (re != 0)
ret = ret_deny;
goto out;
case http_auth_digest:
ret = cherokee_validator_digest_check (VALIDATOR(plain), &bpass, conn);
goto out;
default:
SHOULDNT_HAPPEN;
}
/* A user entry has been tested and failed
*/
ret = ret_deny;
goto out;
next:
p = eol + 1;
/* Reached the end without success
*/
if (p >= end) {
ret = ret_deny;
goto out;
}
}
out:
cherokee_buffer_mrproper (&file);
cherokee_buffer_mrproper (&buser);
cherokee_buffer_mrproper (&bpass);
return ret;
}
