handler_t basic_authentication_handler(server *srv, connection *con, plugin_data *p) { data_string *ds_auth = (data_string *)array_get_element(con->request.headers, "Authorization"); buffer *user = buffer_init(); buffer *pass = buffer_init(); buffer_copy_string(user, " "); buffer_copy_string(pass, " "); //Cdbg(DBE, "*********** con->request.uri..%s", con->request.uri->ptr); char *auth_username = NULL; char *auth_password = NULL; if( smbc_parser_basic_authentication(srv, con, &auth_username, &auth_password) != 1 ){ if(con->smb_info==NULL) goto error_401; //Cdbg(DBE, "1111111, %s, %s", con->smb_info->username->ptr, con->smb_info->password->ptr); if( con->smb_info->username->used && con->smb_info->password->used ){ buffer_copy_string_buffer(user, con->smb_info->username); buffer_copy_string_buffer(pass, con->smb_info->password); } Cdbg(DBE, "fail smbc_parser_basic_authentication-> %s, %s", user->ptr, pass->ptr); } else{ buffer_copy_string(user, auth_username); buffer_copy_string(pass, auth_password); free(auth_username); free(auth_password); } time_t cur_time = time(NULL); double result = difftime(cur_time, con->smb_info->auth_time); Cdbg(DBE, "difftime=[%1f]", result); if(con->smb_info->qflag == SMB_HOST_QUERY) { data_string *ds2 = (data_string *)array_get_element(con->request.headers, "user-Agent"); //- MUST login again more than 30 minutes if(result>1800){ goto error_401; } if( con->smb_info && buffer_is_equal_string(con->smb_info->username, "RELOGIN", 7) ){ buffer_reset(con->smb_info->username); buffer_reset(con->smb_info->password); goto error_401; } if(con->smb_info->username->used && con->smb_info->password->used){ buffer_copy_string_buffer(user, con->smb_info->username); buffer_copy_string_buffer(pass, con->smb_info->password); Cdbg(DBE, "SMB_HOST_QUERY-->copy from smb_info user=[%s], pass=[%s]", user->ptr, pass->ptr); } #if EMBEDDED_EANBLE if( strcmp(user->ptr, nvram_get_http_username())!=0 || strcmp(pass->ptr, nvram_get_http_passwd())!=0 ){ Cdbg(DBE, "smbc_host_account_authentication fail user=[%s], pass=[%s]", user->ptr, pass->ptr); goto error_401; } #else if( strcmp(user->ptr, "admin")!=0 || strcmp(pass->ptr, "admin")!=0 ){ Cdbg(DBE, "smbc_host_account_authentication fail user=[%s], pass=[%s]", user->ptr, pass->ptr); goto error_401; } #endif } else { //- check user / password struct stat st; if( con->smb_info && buffer_is_equal_string(con->smb_info->username, "RELOGIN", 7) ){ buffer_reset(con->smb_info->username); buffer_reset(con->smb_info->password); goto error_401; } int res = smbc_server_check_creds( con->smb_info->server->ptr, con->smb_info->share->ptr, con->smb_info->workgroup->ptr, user->ptr, pass->ptr ); //if( res == NT_STATUS_V(NT_STATUS_NOT_SUPPORTED)) { if( res == 0xc00000bb ){ buffer_free(user); buffer_free(pass); con->http_status = 406; return HANDLER_FINISHED; } else if(res != 0) { //the username/password for smb_server is not correct if(con->smb_info->username->used && con->smb_info->password->used){ buffer_copy_string_buffer(user, con->smb_info->username); buffer_copy_string_buffer(pass, con->smb_info->password); Cdbg(DBE, "Try to login again, server=%s, share=%s, user=%s, pass=%s", con->smb_info->server->ptr, con->smb_info->share->ptr, user->ptr, pass->ptr); //- MUST login again more than 30 minutes if(result>1800){ buffer_copy_string(pass, ""); } //sprintf(strr, "smb://%s:%s@%s", user->ptr, pass->ptr, con->request.uri->ptr+1); int res = smbc_server_check_creds(con->smb_info->server->ptr, con->smb_info->share->ptr, con->smb_info->workgroup->ptr, user->ptr, pass->ptr); if(res != 0) goto error_401; } else goto error_401; } } con->smb_info->auth_time = time(NULL); if( !buffer_is_equal_string(user, "no", 2) && !buffer_is_equal_string(pass, "no", 2)){ buffer_copy_string_buffer(con->smb_info->username, user); buffer_copy_string_buffer(con->smb_info->password, pass); Cdbg(DBE, "save username=[%s], password=[%s], time=[%d] to con->smb_info", con->smb_info->username->ptr, con->smb_info->password->ptr, con->smb_info->auth_time); } buffer_free(user); buffer_free(pass); return HANDLER_UNSET; error_401: buffer_free(user); buffer_free(pass); if(con->smb_info) con->smb_info->auth_time = time(NULL); smbc_wrapper_response_401(srv, con); return HANDLER_FINISHED; }
handler_t basic_authentication_handler(server *srv, connection *con, plugin_data *p) { data_string *ds_auth = (data_string *)array_get_element(con->request.headers, "Authorization"); data_string *ds_useragent = (data_string *)array_get_element(con->request.headers, "user-Agent"); buffer *user = buffer_init(); buffer *pass = buffer_init(); buffer_copy_string(user, " "); buffer_copy_string(pass, " "); int get_account_from_smb_info = 0; char *auth_username = NULL; char *auth_password = NULL; if( smbc_parser_basic_authentication(srv, con, &auth_username, &auth_password) != 1 ){ if(con->smb_info==NULL) goto error_401; if( con->smb_info->username->used && con->smb_info->password->used ){ buffer_copy_string_buffer(user, con->smb_info->username); buffer_copy_string_buffer(pass, con->smb_info->password); get_account_from_smb_info = 1; } Cdbg(DBE, "fail smbc_parser_basic_authentication-> %s, %s", user->ptr, pass->ptr); } else{ buffer_copy_string(user, auth_username); buffer_copy_string(pass, auth_password); free(auth_username); free(auth_password); } time_t cur_time = time(NULL); double result = difftime(cur_time, con->smb_info->auth_time); if(con->smb_info->qflag == SMB_HOST_QUERY) { data_string *ds2 = (data_string *)array_get_element(con->request.headers, "user-Agent"); //- MUST login again more than 30 minutes if(result>1800){ goto error_401; } if( con->smb_info && buffer_is_equal_string(con->smb_info->username, "RELOGIN", 7) ){ buffer_reset(con->smb_info->username); buffer_reset(con->smb_info->password); goto error_401; } /* if(con->smb_info->username->used && con->smb_info->password->used){ buffer_copy_string_buffer(user, con->smb_info->username); buffer_copy_string_buffer(pass, con->smb_info->password); Cdbg(DBE, "SMB_HOST_QUERY-->copy from smb_info user=[%s], pass=[%s]", user->ptr, pass->ptr); } */ #if EMBEDDED_EANBLE char* webav_user = nvram_get_http_username(); char* webav_pass = nvram_get_http_passwd(); char* enable_webdav_block = nvram_get_enable_webdav_lock(); char* is_webdav_block = nvram_get_webdav_acc_lock(); int try_times = atoi(nvram_get_webdav_lock_times()); int try_interval = atoi(nvram_get_webdav_lock_interval())*60; #else char* webav_user = "******"; char* webav_pass = "******"; char* enable_webdav_block = "1"; char* is_webdav_block = g_is_webdav_block; int try_times = 3; int try_interval = 1*60; //- 1 minutes #endif int isBrowser = ( ds_useragent && (strstr( ds_useragent->value->ptr, "Mozilla" ) || strstr( ds_useragent->value->ptr, "Opera" ))) ? 1 : 0; if( isBrowser==1 && strcmp(enable_webdav_block, "1") == 0 && strcmp(is_webdav_block, "1") == 0 ){ Cdbg(DBE, "Direct go to 455 error page"); goto error_455; } if( strcmp(user->ptr, webav_user)!=0 || strcmp(pass->ptr, webav_pass)!=0 ){ if( isBrowser==1 && strcmp(enable_webdav_block, "1") == 0 && con->smb_info && ds_auth!=NULL ){ //if( isBrowser==1 && strcmp(enable_webdav_block, "1") == 0 && con->smb_info ){ con->smb_info->login_count++; time_t current_time = time(NULL); double result2 = difftime(cur_time, con->smb_info->login_begin_time); if( result2 > try_interval ){ con->smb_info->login_count = 1; } if(con->smb_info->login_count==1) con->smb_info->login_begin_time = time(NULL); Cdbg(DBE, "con->smb_info->login_count=[%d][%d]", con->smb_info->login_count, try_times); if(con->smb_info->login_count>=try_times){ con->smb_info->login_count = 0; #if EMBEDDED_EANBLE nvram_set_webdav_acc_lock("1"); #else g_is_webdav_block = "1"; #endif Cdbg(DBE, "error_455..."); goto error_455; } } goto error_401; } if(con->smb_info){ con->smb_info->login_count = 0; } if(!get_account_from_smb_info){ log_sys_write(srv, "ssss", "User", user->ptr, "login from ip", con->dst_addr_buf->ptr); buffer_copy_string_buffer(srv->last_login_info, srv->cur_login_info); buffer_copy_string(srv->cur_login_info, user->ptr); buffer_append_string(srv->cur_login_info, ">"); char srv_time[255]; strftime(srv_time, 254, "%Y/%m/%d %H:%M:%S", localtime(&(srv->cur_ts))); buffer_append_string(srv->cur_login_info, srv_time); buffer_append_string(srv->cur_login_info, ">"); buffer_append_string(srv->cur_login_info, con->dst_addr_buf->ptr); #if EMBEDDED_EANBLE nvram_set_webdav_last_login_info(srv->last_login_info->ptr); #endif } } else { //- check user / password struct stat st; if( con->smb_info && buffer_is_equal_string(con->smb_info->username, "RELOGIN", 7) ){ buffer_reset(con->smb_info->username); buffer_reset(con->smb_info->password); goto error_401; } int res = smbc_server_check_creds( con->smb_info->server->ptr, con->smb_info->share->ptr, con->smb_info->workgroup->ptr, user->ptr, pass->ptr ); //if( res == NT_STATUS_V(NT_STATUS_NOT_SUPPORTED)) { if( res == 0xc00000bb ){ buffer_free(user); buffer_free(pass); con->http_status = 406; return HANDLER_FINISHED; } else if(res != 0) { //the username/password for smb_server is not correct if(con->smb_info->username->used && con->smb_info->password->used){ buffer_copy_string_buffer(user, con->smb_info->username); buffer_copy_string_buffer(pass, con->smb_info->password); Cdbg(DBE, "Try to login again, server=%s, share=%s, user=%s, pass=%s", con->smb_info->server->ptr, con->smb_info->share->ptr, user->ptr, pass->ptr); //- MUST login again more than 30 minutes if(result>1800){ buffer_copy_string(pass, ""); } int res = smbc_server_check_creds(con->smb_info->server->ptr, con->smb_info->share->ptr, con->smb_info->workgroup->ptr, user->ptr, pass->ptr); if(res != 0) goto error_401; } else goto error_401; } if(!get_account_from_smb_info) log_sys_write(srv, "sssbss", "User", user->ptr, "login", con->smb_info->server, "from ip", con->dst_addr_buf->ptr); } con->smb_info->auth_time = time(NULL); if( !buffer_is_equal_string(user, "no", 2) && !buffer_is_equal_string(pass, "no", 2)){ buffer_copy_string_buffer(con->smb_info->username, user); buffer_copy_string_buffer(con->smb_info->password, pass); Cdbg(DBE, "save username=[%s], password=[%s], time=[%d] to con->smb_info", con->smb_info->username->ptr, con->smb_info->password->ptr, con->smb_info->auth_time); } buffer_free(user); buffer_free(pass); return HANDLER_UNSET; error_401: buffer_free(user); buffer_free(pass); if(con->smb_info) con->smb_info->auth_time = time(NULL); smbc_wrapper_response_401(srv, con); return HANDLER_FINISHED; error_455: //- Block webdav buffer_free(user); buffer_free(pass); con->http_status = 455; return HANDLER_FINISHED; }