/* Implements serf__auth_handler_func_t callback. */
static apr_status_t
serf__handle_digest_auth(int code,
serf_request_t *request,
serf_bucket_t *response,
const char *auth_hdr,
const char *auth_attr,
apr_pool_t *pool)
{
char *attrs;
char *nextkv;
const char *realm, *realm_name = NULL;
const char *nonce = NULL;
const char *algorithm = NULL;
const char *qop = NULL;
const char *opaque = NULL;
const char *key;
serf_connection_t *conn = request->conn;
serf_context_t *ctx = conn->ctx;
serf__authn_info_t *authn_info;
digest_authn_info_t *digest_info;
apr_status_t status;
apr_pool_t *cred_pool;
char *username, *password;
/* Can't do Digest authentication if there's no callback to get
username & password. */
if (!ctx->cred_cb) {
return SERF_ERROR_AUTHN_FAILED;
}
if (code == 401) {
authn_info = serf__get_authn_info_for_server(conn);
} else {
authn_info = &ctx->proxy_authn_info;
}
digest_info = authn_info->baton;
/* Need a copy cuz we're going to write NUL characters into the string. */
attrs = apr_pstrdup(pool, auth_attr);
/* We're expecting a list of key=value pairs, separated by a comma.
Ex. realm="SVN Digest",
nonce="f+zTl/leBAA=e371bd3070adfb47b21f5fc64ad8cc21adc371a5",
algorithm=MD5, qop="auth" */
for ( ; (key = apr_strtok(attrs, ",", &nextkv)) != NULL; attrs = NULL) {
char *val;
val = strchr(key, '=');
if (val == NULL)
continue;
*val++ = '\0';
/* skip leading spaces */
while (*key && *key == ' ')
key++;
/* If the value is quoted, then remove the quotes. */
if (*val == '"') {
apr_size_t last = strlen(val) - 1;
if (val[last] == '"') {
val[last] = '\0';
val++;
}
}
if (strcmp(key, "realm") == 0)
realm_name = val;
else if (strcmp(key, "nonce") == 0)
nonce = val;
else if (strcmp(key, "algorithm") == 0)
algorithm = val;
else if (strcmp(key, "qop") == 0)
qop = val;
else if (strcmp(key, "opaque") == 0)
opaque = val;
/* Ignore all unsupported attributes. */
}
if (!realm_name) {
return SERF_ERROR_AUTHN_MISSING_ATTRIBUTE;
}
realm = serf__construct_realm(code == 401 ? HOST : PROXY,
conn, realm_name,
pool);
/* Ask the application for credentials */
apr_pool_create(&cred_pool, pool);
status = serf__provide_credentials(ctx,
&username, &password,
request,
code, authn_info->scheme->name,
realm, cred_pool);
if (status) {
apr_pool_destroy(cred_pool);
return status;
}
digest_info->header = (code == 401) ? "Authorization" :
"Proxy-Authorization";
/* Store the digest authentication parameters in the context cached for
this server in the serf context, so we can use it to create the
Authorization header when setting up requests on the same or different
connections (e.g. in case of KeepAlive off on the server).
TODO: we currently don't cache this info per realm, so each time a request
'switches realms', we have to ask the application for new credentials. */
digest_info->pool = conn->pool;
digest_info->qop = apr_pstrdup(digest_info->pool, qop);
digest_info->nonce = apr_pstrdup(digest_info->pool, nonce);
digest_info->cnonce = NULL;
digest_info->opaque = apr_pstrdup(digest_info->pool, opaque);
digest_info->algorithm = apr_pstrdup(digest_info->pool, algorithm);
digest_info->realm = apr_pstrdup(digest_info->pool, realm_name);
digest_info->username = apr_pstrdup(digest_info->pool, username);
digest_info->digest_nc++;
status = build_digest_ha1(&digest_info->ha1, username, password,
digest_info->realm, digest_info->pool);
apr_pool_destroy(cred_pool);
/* If the handshake is finished tell serf it can send as much requests as it
likes. */
serf__connection_set_pipelining(conn, 1);
return status;
}
/* Implements serf__auth_handler_func_t callback. */
static apr_status_t
serf__handle_basic_auth(const serf__authn_scheme_t *scheme,
int code,
serf_request_t *request,
serf_bucket_t *response,
const char *auth_hdr,
const char *auth_attr,
apr_pool_t *pool)
{
const char *tmp;
apr_size_t tmp_len;
serf_connection_t *conn = request->conn;
serf_context_t *ctx = conn->ctx;
serf__authn_info_t *authn_info;
basic_authn_info_t *basic_info;
apr_status_t status;
apr_pool_t *cred_pool;
char *username, *password, *realm_name;
const char *eq, *realm = NULL;
/* Can't do Basic authentication if there's no callback to get
username & password. */
if (!ctx->cred_cb) {
return SERF_ERROR_AUTHN_FAILED;
}
if (code == 401) {
authn_info = serf__get_authn_info_for_server(conn);
} else {
authn_info = &ctx->proxy_authn_info;
}
basic_info = authn_info->baton;
realm_name = NULL;
eq = strchr(auth_attr, '=');
if (eq && strncasecmp(auth_attr, "realm", 5) == 0) {
realm_name = apr_pstrdup(pool, eq + 1);
if (realm_name[0] == '\"') {
apr_size_t realm_len;
realm_len = strlen(realm_name);
if (realm_name[realm_len - 1] == '\"') {
realm_name[realm_len - 1] = '\0';
realm_name++;
}
}
if (!realm_name) {
return SERF_ERROR_AUTHN_MISSING_ATTRIBUTE;
}
realm = serf__construct_realm(code == 401 ? HOST : PROXY,
conn, realm_name,
pool);
}
/* Ask the application for credentials */
apr_pool_create(&cred_pool, pool);
status = serf__provide_credentials(ctx,
&username, &password,
request,
code, scheme->name,
realm, cred_pool);
if (status) {
apr_pool_destroy(cred_pool);
return status;
}
tmp = apr_pstrcat(conn->pool, username, ":", password, NULL);
tmp_len = strlen(tmp);
apr_pool_destroy(cred_pool);
serf__encode_auth_header(&basic_info->value,
scheme->name,
tmp, tmp_len, pool);
basic_info->header = (code == 401) ? "Authorization" : "Proxy-Authorization";
return APR_SUCCESS;
}
