bool
RequestAuth(TSession * const sessionP,
const char * const credential,
const char * const user,
const char * const pass) {
/*----------------------------------------------------------------------------
Authenticate requester, in a very simplistic fashion.
If the request executing on session *sessionP specifies basic
authentication (via Authorization header) with username 'user', password
'pass', then return TRUE. Else, return FALSE and set up an authorization
failure response (HTTP response status 401) that says user must supply an
identity in the 'credential' domain.
When we return TRUE, we also set the username in the request info for the
session to 'user' so that a future SessionGetRequestInfo can get it.
-----------------------------------------------------------------------------*/
bool authorized;
char * authHdrPtr;
authHdrPtr = RequestHeaderValue(sessionP, "authorization");
if (authHdrPtr) {
const char * authType;
NextToken((const char **)&authHdrPtr);
GetTokenConst(&authHdrPtr, &authType);
authType = GetToken(&authHdrPtr);
if (authType) {
if (xmlrpc_strcaseeq(authType, "basic")) {
const char * userPass;
char userPassEncoded[80];
NextToken((const char **)&authHdrPtr);
xmlrpc_asprintf(&userPass, "%s:%s", user, pass);
xmlrpc_base64Encode(userPass, userPassEncoded);
xmlrpc_strfree(userPass);
if (xmlrpc_streq(authHdrPtr, userPassEncoded)) {
sessionP->requestInfo.user = strdup(user);
authorized = TRUE;
} else
authorized = FALSE;
} else
authorized = FALSE;
} else
authorized = FALSE;
} else
authorized = FALSE;
if (!authorized) {
const char * hdrValue;
xmlrpc_asprintf(&hdrValue, "Basic realm=\"%s\"", credential);
ResponseAddField(sessionP, "WWW-Authenticate", hdrValue);
xmlrpc_strfree(hdrValue);
ResponseStatus(sessionP, 401);
}
return authorized;
}
abyss_bool
RequestAuth(TSession * const sessionP,
const char * const credential,
const char * const user,
const char * const pass) {
/*----------------------------------------------------------------------------
Authenticate requester, in a very simplistic fashion.
If the request executing on session *sessionP specifies basic
authentication (via Authorization header) with username 'user', password
'pass', then return true. Else, return false and set up an authorization
failure response (HTTP response status 401) that says user must supply an
identity in the 'credential' domain.
When we return true, we also set the username in the request info for the
session to 'user' so that a future SessionGetRequestInfo can get it.
-----------------------------------------------------------------------------*/
bool authorized;
const char * authValue;
authValue = RequestHeaderValue(sessionP, "authorization");
if (authValue) {
char * const valueBuffer = malloc(strlen(authValue));
/* A buffer we can mangle as we parse the authorization: value */
if (!authValue)
/* Should return error, but we have no way to do that */
authorized = false;
else {
const char * authType;
char * authHdrPtr;
strcpy(valueBuffer, authValue);
authHdrPtr = &valueBuffer[0];
NextToken((const char **)&authHdrPtr);
GetTokenConst(&authHdrPtr, &authType);
if (authType) {
if (xmlrpc_strcaseeq(authType, "basic")) {
const char * userPass;
char userPassEncoded[80];
NextToken((const char **)&authHdrPtr);
xmlrpc_asprintf(&userPass, "%s:%s", user, pass);
xmlrpc_base64Encode(userPass, userPassEncoded);
xmlrpc_strfree(userPass);
if (xmlrpc_streq(authHdrPtr, userPassEncoded)) {
sessionP->requestInfo.user = xmlrpc_strdupsol(user);
authorized = true;
} else
authorized = false;
} else
authorized = false;
} else
authorized = false;
free(valueBuffer);
}
} else
authorized = false;
if (!authorized) {
const char * hdrValue;
xmlrpc_asprintf(&hdrValue, "Basic realm=\"%s\"", credential);
ResponseAddField(sessionP, "WWW-Authenticate", hdrValue);
xmlrpc_strfree(hdrValue);
ResponseStatus(sessionP, 401);
}
return authorized;
}
static abyss_bool http_directory_auth(TSession *r, char *domain_name)
{
char *p = NULL;
char *x = NULL;
char z[256] = "", t[80] = "";
char user[512] = "" ;
char *pass = NULL;
const char *mypass1 = NULL, *mypass2 = NULL;
const char *box = NULL;
int at = 0;
char *dp = NULL;
abyss_bool rval = FALSE;
char *dup_domain = NULL;
p = RequestHeaderValue(r, "authorization");
if (p) {
NextToken((const char **const) &p);
x = GetToken(&p);
if (x) {
if (!strcasecmp(x, "basic")) {
NextToken((const char **const) &p);
switch_b64_decode(p, user, sizeof(user));
if ((pass = strchr(user, ':'))) {
*pass++ = '\0';
}
if ((dp = strchr(user, '@'))) {
*dp++ = '\0';
domain_name = dp;
at++;
}
if (!domain_name) {
if (globals.virtual_host) {
if ((domain_name = (char *) r->requestInfo.host)) {
if (!strncasecmp(domain_name, "www.", 3)) {
domain_name += 4;
}
}
}
if (!domain_name) {
if (globals.default_domain) {
domain_name = globals.default_domain;
} else {
if ((dup_domain = switch_core_get_variable_dup("domain"))) {
domain_name = dup_domain;
}
}
}
}
if (zstr(user) || zstr(domain_name)) {
goto fail;
}
if (!zstr(globals.realm) && !zstr(globals.user) && !zstr(globals.pass)) {
if (at) {
switch_snprintf(z, sizeof(z), "%s@%s:%s", globals.user, globals.realm, globals.pass);
} else {
switch_snprintf(z, sizeof(z), "%s:%s", globals.user, globals.pass);
}
xmlrpc_base64Encode(z, t);
if (!strcmp(p, t)) {
goto authed;
}
}
if (!user_attributes(user, domain_name, &mypass1, &mypass2, &box, NULL)) {
goto fail;
}
if (!zstr(mypass2) && !strcasecmp(mypass2, "user-choose")) {
switch_safe_free(mypass2);
}
if (!mypass1) {
goto authed;
} else {
if (at) {
switch_snprintf(z, sizeof(z), "%s@%s:%s", user, domain_name, mypass1);
} else {
switch_snprintf(z, sizeof(z), "%s:%s", user, mypass1);
}
xmlrpc_base64Encode(z, t);
if (!strcmp(p, t)) {
goto authed;
}
if (mypass2) {
if (at) {
switch_snprintf(z, sizeof(z), "%s@%s:%s", user, domain_name, mypass2);
} else {
switch_snprintf(z, sizeof(z), "%s:%s", user, mypass2);
}
xmlrpc_base64Encode(z, t);
if (!strcmp(p, t)) {
goto authed;
}
}
if (box) {
if (at) {
switch_snprintf(z, sizeof(z), "%s@%s:%s", box, domain_name, mypass1);
} else {
switch_snprintf(z, sizeof(z), "%s:%s", box, mypass1);
}
xmlrpc_base64Encode(z, t);
if (!strcmp(p, t)) {
goto authed;
}
if (mypass2) {
if (at) {
switch_snprintf(z, sizeof(z), "%s@%s:%s", box, domain_name, mypass2);
} else {
switch_snprintf(z, sizeof(z), "%s:%s", box, mypass2);
}
xmlrpc_base64Encode(z, t);
if (!strcmp(p, t)) {
goto authed;
}
}
}
}
goto fail;
authed:
switch_snprintf(z, sizeof(z), "%s@%s", (box ? box : user), domain_name);
r->requestInfo.user = strdup(z);
ResponseAddField(r, "freeswitch-user", (box ? box : user));
ResponseAddField(r, "freeswitch-domain", domain_name);
rval = TRUE;
goto done;
}
}
}
fail:
switch_snprintf(z, sizeof(z), "Basic realm=\"%s\"", domain_name ? domain_name : globals.realm);
ResponseAddField(r, "WWW-Authenticate", z);
ResponseStatus(r, 401);
done:
switch_safe_free(mypass1);
switch_safe_free(mypass2);
switch_safe_free(box);
switch_safe_free(dup_domain);
return rval;
}
