static void
response_callback(GtkDialog *dialog, gint response_id, LuakitAuthData *auth_data)
{
const gchar *login;
const gchar *password;
SoupURI *uri;
gboolean store_password;
switch(response_id)
{
case GTK_RESPONSE_OK:
login = gtk_entry_get_text(GTK_ENTRY(auth_data->login_entry));
password = gtk_entry_get_text(GTK_ENTRY(auth_data->password_entry));
soup_auth_authenticate(auth_data->auth, login, password);
store_password = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(auth_data->checkbutton));
if (store_password) {
uri = soup_message_get_uri(auth_data->msg);
luakit_store_password(uri, login, password);
}
default:
break;
}
soup_session_unpause_message(auth_data->session, auth_data->msg);
free_auth_data(auth_data);
gtk_widget_destroy(GTK_WIDGET(dialog));
}
static int auth_header_callback(void *ctx, char ***hdrs) {
s3_auth_data *ad = (s3_auth_data *) ctx;
time_t now = time(NULL);
#ifdef HAVE_GMTIME_R
struct tm tm_buffer;
struct tm *tm = gmtime_r(&now, &tm_buffer);
#else
struct tm *tm = gmtime(&now);
#endif
kstring_t message = { 0, 0, NULL };
unsigned char digest[DIGEST_BUFSIZ];
size_t digest_len;
if (!hdrs) { // Closing connection
free_auth_data(ad);
return 0;
}
if (now - ad->auth_time < AUTH_LIFETIME) {
// Last auth string should still be valid
*hdrs = NULL;
return 0;
}
strftime(ad->date, sizeof(ad->date), "Date: %a, %d %b %Y %H:%M:%S GMT", tm);
if (!ad->id.l || !ad->secret.l) {
ad->auth_time = now;
return copy_auth_headers(ad, hdrs);
}
if (ksprintf(&message, "%s\n\n\n%s\n%s%s%s/%s",
ad->mode == 'r' ? "GET" : "PUT", ad->date + 6,
ad->token.l ? "x-amz-security-token:" : "",
ad->token.l ? ad->token.s : "",
ad->token.l ? "\n" : "",
ad->bucket) < 0) {
return -1;
}
digest_len = s3_sign(digest, &ad->secret, &message);
ad->auth_hdr.l = 0;
if (ksprintf(&ad->auth_hdr, "Authorization: AWS %s:", ad->id.s) < 0)
goto fail;
base64_kput(digest, digest_len, &ad->auth_hdr);
free(message.s);
ad->auth_time = now;
return copy_auth_headers(ad, hdrs);
fail:
free(message.s);
return -1;
}
static hFILE * s3_rewrite(const char *s3url, const char *mode, va_list *argsp)
{
const char *bucket, *path;
char *header_list[4], **header = header_list;
kstring_t url = { 0, 0, NULL };
kstring_t profile = { 0, 0, NULL };
kstring_t host_base = { 0, 0, NULL };
kstring_t token_hdr = { 0, 0, NULL };
s3_auth_data *ad = calloc(1, sizeof(*ad));
if (!ad)
return NULL;
ad->mode = strchr(mode, 'r') ? 'r' : 'w';
// Our S3 URL format is s3[+SCHEME]://[ID[:SECRET[:TOKEN]]@]BUCKET/PATH
if (s3url[2] == '+') {
bucket = strchr(s3url, ':') + 1;
kputsn(&s3url[3], bucket - &s3url[3], &url);
}
else {
kputs("https:", &url);
bucket = &s3url[3];
}
while (*bucket == '/') kputc(*bucket++, &url);
path = bucket + strcspn(bucket, "/?#@");
if (*path == '@') {
const char *colon = strpbrk(bucket, ":@");
if (*colon != ':') {
urldecode_kput(bucket, colon - bucket, &profile);
}
else {
const char *colon2 = strpbrk(&colon[1], ":@");
urldecode_kput(bucket, colon - bucket, &ad->id);
urldecode_kput(&colon[1], colon2 - &colon[1], &ad->secret);
if (*colon2 == ':')
urldecode_kput(&colon2[1], path - &colon2[1], &ad->token);
}
bucket = &path[1];
path = bucket + strcspn(bucket, "/?#");
}
else {
// If the URL has no ID[:SECRET]@, consider environment variables.
const char *v;
if ((v = getenv("AWS_ACCESS_KEY_ID")) != NULL) kputs(v, &ad->id);
if ((v = getenv("AWS_SECRET_ACCESS_KEY")) != NULL) kputs(v, &ad->secret);
if ((v = getenv("AWS_SESSION_TOKEN")) != NULL) kputs(v, &ad->token);
if ((v = getenv("AWS_DEFAULT_PROFILE")) != NULL) kputs(v, &profile);
else if ((v = getenv("AWS_PROFILE")) != NULL) kputs(v, &profile);
else kputs("default", &profile);
}
if (ad->id.l == 0) {
const char *v = getenv("AWS_SHARED_CREDENTIALS_FILE");
parse_ini(v? v : "~/.aws/credentials", profile.s,
"aws_access_key_id", &ad->id,
"aws_secret_access_key", &ad->secret,
"aws_session_token", &ad->token, NULL);
}
if (ad->id.l == 0)
parse_ini("~/.s3cfg", profile.s, "access_key", &ad->id,
"secret_key", &ad->secret, "access_token", &ad->token,
"host_base", &host_base, NULL);
if (ad->id.l == 0)
parse_simple("~/.awssecret", &ad->id, &ad->secret);
if (host_base.l == 0)
kputs("s3.amazonaws.com", &host_base);
// Use virtual hosted-style access if possible, otherwise path-style.
if (is_dns_compliant(bucket, path)) {
kputsn(bucket, path - bucket, &url);
kputc('.', &url);
kputs(host_base.s, &url);
}
else {
kputs(host_base.s, &url);
kputc('/', &url);
kputsn(bucket, path - bucket, &url);
}
kputs(path, &url);
if (ad->token.l > 0) {
kputs("X-Amz-Security-Token: ", &token_hdr);
kputs(ad->token.s, &token_hdr);
*header++ = token_hdr.s;
}
ad->bucket = strdup(bucket);
if (!ad->bucket)
goto fail;
*header = NULL;
hFILE *fp = hopen(url.s, mode, "va_list", argsp, "httphdr:v", header_list,
"httphdr_callback", auth_header_callback,
"httphdr_callback_data", ad, NULL);
if (!fp) goto fail;
free(url.s);
free(profile.s);
free(host_base.s);
free(token_hdr.s);
return fp;
fail:
free(url.s);
free(profile.s);
free(host_base.s);
free(token_hdr.s);
free_auth_data(ad);
return NULL;
}
