static void ah_destroy(ne_request *req, void *session)
{
auth_session *sess = session;
struct auth_request *areq = ne_get_request_private(req, sess->spec->id);
if (areq) {
ne_free(areq);
}
}
static void lk_pre_send(ne_request *r, void *userdata, ne_buffer *req)
{
struct lh_req_cookie *lrc = ne_get_request_private(r, HOOK_ID);
if (lrc->submit != NULL) {
struct lock_list *item;
/* Add in the If header */
ne_buffer_czappend(req, "If:");
for (item = lrc->submit; item != NULL; item = item->next) {
char *uri = ne_uri_unparse(&item->lock->uri);
ne_buffer_concat(req, " <", uri, "> (<",
item->lock->token, ">)", NULL);
ne_free(uri);
}
ne_buffer_czappend(req, "\r\n");
}
}
static void ah_pre_send(ne_request *r, void *cookie, ne_buffer *request)
{
auth_session *sess = cookie;
struct auth_request *req = ne_get_request_private(r, sess->spec->id);
if (!sess->can_handle || !req) {
NE_DEBUG(NE_DBG_HTTPAUTH, "Not handling session.\n");
} else {
char *value;
NE_DEBUG(NE_DBG_HTTPAUTH, "Handling auth session.\n");
req->will_handle = 1;
switch(sess->scheme) {
case auth_scheme_basic:
value = request_basic(sess);
break;
case auth_scheme_digest:
value = request_digest(sess, req);
break;
#ifdef HAVE_GSSAPI
case auth_scheme_gssapi:
value = request_gssapi(sess);
break;
#endif
#ifdef HAVE_SSPI
case auth_scheme_sspi_negotiate:
case auth_scheme_sspi_ntlm:
value = request_sspi(sess);
break;
#endif
default:
value = NULL;
break;
}
if (value != NULL) {
ne_buffer_concat(request, sess->spec->req_hdr, ": ", value, NULL);
ne_free(value);
}
}
}
void ne_lock_using_resource(ne_request *req, const char *uri, int depth)
{
NE_DEBUG_WINSCP_CONTEXT(ne_get_session(req));
struct lh_req_cookie *lrc = ne_get_request_private(req, HOOK_ID);
struct lock_list *item;
int match;
if (lrc == NULL)
return;
/* Iterate over the list of stored locks to see if any of them
* apply to this resource */
for (item = lrc->store->locks; item != NULL; item = item->next) {
match = 0;
if (depth == NE_DEPTH_INFINITE &&
ne_path_childof(uri, item->lock->uri.path)) {
/* Case 1: this is a depth-infinity request which will
* modify a lock somewhere inside the collection. */
NE_DEBUG(NE_DBG_LOCKS, "Has child: %s\n", item->lock->token);
match = 1;
}
else if (ne_path_compare(uri, item->lock->uri.path) == 0) {
/* Case 2: this request is directly on a locked resource */
NE_DEBUG(NE_DBG_LOCKS, "Has direct lock: %s\n", item->lock->token);
match = 1;
}
else if (item->lock->depth == NE_DEPTH_INFINITE &&
ne_path_childof(item->lock->uri.path, uri)) {
/* Case 3: there is a higher-up infinite-depth lock which
* covers the resource that this request will modify. */
NE_DEBUG(NE_DBG_LOCKS, "Is child of: %s\n", item->lock->token);
match = 1;
}
if (match) {
submit_lock(lrc, item->lock);
}
}
}
void ne_lock_using_parent(ne_request *req, const char *path)
{
NE_DEBUG_WINSCP_CONTEXT(ne_get_session(req));
struct lh_req_cookie *lrc = ne_get_request_private(req, HOOK_ID);
ne_uri u = {0};
struct lock_list *item;
char *parent;
if (lrc == NULL)
return;
parent = ne_path_parent(path);
if (parent == NULL)
return;
ne_fill_server_uri(ne_get_session(req), &u);
for (item = lrc->store->locks; item != NULL; item = item->next) {
/* Only care about locks which are on this server. */
u.path = item->lock->uri.path;
if (ne_uri_cmp(&u, &item->lock->uri))
continue;
/* This lock is needed if it is an infinite depth lock which
* covers the parent, or a lock on the parent itself. */
if ((item->lock->depth == NE_DEPTH_INFINITE &&
ne_path_childof(item->lock->uri.path, parent)) ||
ne_path_compare(item->lock->uri.path, parent) == 0) {
NE_DEBUG(NE_DBG_LOCKS, "Locked parent, %s on %s\n",
item->lock->token, item->lock->uri.path);
submit_lock(lrc, item->lock);
}
}
u.path = parent; /* handy: makes u.path valid and ne_free(parent). */
ne_uri_free(&u);
}
static int ah_post_send(ne_request *req, void *cookie, const ne_status *status)
{
auth_session *sess = cookie;
struct auth_request *areq = ne_get_request_private(req, sess->spec->id);
const char *auth_hdr, *auth_info_hdr;
int ret = NE_OK;
if (!areq) return NE_OK;
auth_hdr = ne_get_response_header(req, sess->spec->resp_hdr);
auth_info_hdr = ne_get_response_header(req, sess->spec->resp_info_hdr);
if (sess->context == AUTH_CONNECT && status->code == 401 && !auth_hdr) {
/* Some broken proxies issue a 401 as a proxy auth challenge
* to a CONNECT request; handle this here. */
auth_hdr = ne_get_response_header(req, "WWW-Authenticate");
auth_info_hdr = NULL;
}
#ifdef HAVE_GSSAPI
/* whatever happens: forget the GSSAPI token cached thus far */
if (sess->gssapi_token) {
ne_free(sess->gssapi_token);
sess->gssapi_token = NULL;
}
#endif
NE_DEBUG(NE_DBG_HTTPAUTH,
"ah_post_send (#%d), code is %d (want %d), %s is %s\n",
sess->attempt, status->code, sess->spec->status_code,
sess->spec->resp_hdr, auth_hdr ? auth_hdr : "(none)");
if (auth_info_hdr && sess->scheme == auth_scheme_digest) {
if (verify_digest_response(areq, sess, auth_info_hdr)) {
NE_DEBUG(NE_DBG_HTTPAUTH, "Response authentication invalid.\n");
ne_set_error(sess->sess, "%s", _(sess->spec->fail_msg));
ret = NE_ERROR;
}
}
#ifdef HAVE_GSSAPI
/* one must wonder... has Mr Brezak actually read RFC2617? */
else if (sess->scheme == auth_scheme_gssapi
&& (status->klass == 2 || status->klass == 3)
&& auth_hdr) {
char *hdr = ne_strdup(auth_hdr);
if (verify_negotiate_response(sess, hdr)) {
NE_DEBUG(NE_DBG_HTTPAUTH, "gssapi: Mutual auth failed.\n");
ret = NE_ERROR;
}
ne_free(hdr);
}
#endif /* HAVE_GSSAPI */
else if ((status->code == sess->spec->status_code ||
(status->code == 401 && sess->context == AUTH_CONNECT)) &&
auth_hdr) {
/* note above: allow a 401 in response to a CONNECT request
* from a proxy since some buggy proxies send that. */
NE_DEBUG(NE_DBG_HTTPAUTH, "Got challenge (code %d).\n", status->code);
if (!auth_challenge(sess, auth_hdr)) {
ret = NE_RETRY;
} else {
clean_session(sess);
ret = sess->spec->fail_code;
}
}
#ifdef HAVE_SSPI
else if (sess->sspi_context) {
ne_sspi_clear_context(sess->sspi_context);
}
#endif
return ret;
}
static void lk_destroy(ne_request *req, void *userdata)
{
struct lh_req_cookie *lrc = ne_get_request_private(req, HOOK_ID);
free_list(lrc->submit, 0);
ne_free(lrc);
}
