Args,
StrLength(Hdr->ReqLine) -
(Args - ChrPtr(Hdr->ReqLine)));
- StrBufCutAt(Hdr->ReqLine, 0, Args);
+ StrBufCutAt(Hdr->ReqLine, 0, Args - 1);
} /* don't parse them yet, maybe we don't even care... */
/* now lookup what we are going to do with this... */
Hdr->Handler = (WebcitHandler*) vHandler;
if (Hdr->Handler == NULL)
break;
- /* are we about to ignore some prefix like webcit/ ? */
+ /*
+ * If the request is prefixed by "/webcit" then chop that off. This
+ * allows a front end web server to forward all /webcit requests to us
+ * while still using the same web server port for other things.
+ */
if ((Hdr->Handler->Flags & URLNAMESPACE) == 0)
break;
} while (1);
StrBufCutLeft(Hdr->ReqLine,
Pos - ChrPtr(Hdr->ReqLine));
}
-/*
- if (Hdr->Handler == NULL)
- return 1;
-*/
- Hdr->HTTPHeaders = NewHash(1, NULL);
+ if (Hdr->Handler != NULL) {
+ if ((Hdr->Handler->Flags & BOGUS) != 0)
+ return 1;
+ Hdr->DontNeedAuth = (Hdr->Handler->Flags & ISSTATIC) != 0;
+ }
+
+ Hdr->HTTPHeaders = NewHash(1, NULL);
return 0;
}
continue;
}
if (nLine == 1) {
+ lprintf(9, "%s\n", ChrPtr(Line));
isbogus = ReadHttpSubject(Hdr, Line, HeaderName);
if (isbogus) break;
continue;
if (!isbogus)
isbogus = AnalyseHeaders(&Hdr);
+
+ if (Hdr.got_auth == AUTH_BASIC)
+ CheckAuthBasic(&Hdr);
+
/*
if (isbogus)
StrBufPlain(ReqLine, HKEY("/404"));
+TODO HKEY("/static/nocookies.html?force_close_session=yes"));
*/
/* dbg_PrintHash(HTTPHeaders, nix, NULL); */
-///HttpHeaderHandler
-
-
-
-
-
- /*
- * If the request is prefixed by "/webcit" then chop that off. This
- * allows a front end web server to forward all /webcit requests to us
- * while still using the same web server port for other things.
- * /
- if (!isbogus &&
- (StrLength(ReqLine) >= 8) &&
- (strstr(ChrPtr(ReqLine), "/webcit/")) ) {
- StrBufCutLeft(ReqLine, 7);
- }
-
/* Begin parsing the request. * /
#ifdef TECH_PREVIEW
if ((strncmp(ChrPtr(ReqLine), "/sslg", 5) != 0) &&
((sptr != NULL) && (TheSession == NULL));
sptr = sptr->next) {
- /** If HTTP-AUTH, look for a session with matching credentials * /
- if ( (////TODO check auth type here...
- &&(!strcasecmp(ChrPtr(sptr->httpauth_user), httpauth_user))
- &&(!strcasecmp(ChrPtr(sptr->httpauth_pass), httpauth_pass)) ) {
- TheSession = sptr;
- }
-
+ /** If HTTP-AUTH, look for a session with matching credentials */
+ switch (Hdr.got_auth)
+ {
+ case AUTH_BASIC:
+ if ( (Hdr.SessionKey != sptr->SessionKey))
+ continue;
+ GetAuthBasic(&Hdr);
+ if ((!strcasecmp(ChrPtr(Hdr.c_username), ChrPtr(sptr->wc_username))) &&
+ (!strcasecmp(ChrPtr(Hdr.c_password), ChrPtr(sptr->wc_password))) )
+ TheSession = sptr;
+ break;
+ case AUTH_COOKIE:
/** If cookie-session, look for a session with matching session ID */
- if ( (Hdr.desired_session != 0) && (sptr->wc_session == Hdr.desired_session)) {
- TheSession = sptr;
+ if ( (Hdr.desired_session != 0) &&
+ (sptr->wc_session == Hdr.desired_session))
+ TheSession = sptr;
+ break;
+ case NO_AUTH:
+ break;
}
-
}
pthread_mutex_unlock(&SessionListMutex);
}
malloc(sizeof(wcsession));
memset(TheSession, 0, sizeof(wcsession));
TheSession->Hdr = &Hdr;
+ TheSession->SessionKey = Hdr.SessionKey;
TheSession->serv_sock = (-1);
TheSession->chat_sock = (-1);
else {
TheSession->wc_session = Hdr.desired_session;
}
-/*
- TheSession->httpauth_user = NewStrBufPlain(httpauth_user, -1);
- TheSession->httpauth_pass = NewStrBufPlain(httpauth_user, -1);
-*/
+
pthread_setspecific(MyConKey, (void *)TheSession);
session_new_modules(TheSession);
TheSession->is_mobile = -1;
SessionList = TheSession;
pthread_mutex_unlock(&SessionListMutex);
+
+ if (StrLength(Hdr.c_language) > 0) {
+ lprintf(9, "Session cookie requests language '%s'\n", ChrPtr(Hdr.c_language));
+ set_selected_language(ChrPtr(Hdr.c_language));
+ go_selected_language();
+ }
}
/*
TheSession->Hdr = NULL;
pthread_mutex_unlock(&TheSession->SessionMutex); /* unbind */
-
http_destroy_modules(&Hdr);
-/* TODO
-
- FreeStrBuf(&c_username);
- FreeStrBuf(&c_password);
- FreeStrBuf(&c_roomname);
- FreeStrBuf(&c_httpauth_user);
- FreeStrBuf(&c_httpauth_pass);
-*/
- /* Free the request buffer */
- ///FreeStrBuf(&ReqLine);
-
}
void tmplput_nonce(StrBuf *Target, WCTemplputParams *TP)
StrBufAppendTemplate(Target, TP, WC->wc_roomname, 0);
}
-
-void Header_HandleCookie(StrBuf *Line, ParsedHttpHdrs *hdr)
-{
- hdr->RawCookie = Line;
- if (hdr->DontNeedAuth)
- return;
-/*
- c_username = NewStrBuf();
- c_password = NewStrBuf();
- c_roomname = NewStrBuf();
- safestrncpy(c_httpauth_string, "", sizeof c_httpauth_string);
- c_httpauth_user = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_USER));
- c_httpauth_pass = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_PASS));
-*/
- cookie_to_stuff(Line, &hdr->desired_session,
- hdr->c_username,
- hdr->c_password,
- hdr->c_roomname);
- hdr->got_cookie = 1;
-}
-
-
- /*
- * Browser-based sessions use cookies for session authentication
- * /
- if (!isbogus &&
- GetHash(HTTPHeaders, HKEY("COOKIE"), &vLine) &&
- (vLine != NULL)) {
- cookie_to_stuff(vLine, &desired_session,
- NULL, NULL, NULL);
- got_cookie = 1;
- }
- */
- /*
- * GroupDAV-based sessions use HTTP authentication
- */
-/*
- if (!isbogus &&
- GetHash(HTTPHeaders, HKEY("AUTHORIZATION"), &vLine) &&
- (vLine != NULL)) {
- Line = (StrBuf*)vLine;
- if (strncasecmp(ChrPtr(Line), "Basic", 5) == 0) {
- StrBufCutLeft(Line, 6);
- CtdlDecodeBase64(httpauth_string, ChrPtr(Line), StrLength(Line));
- extract_token(httpauth_user, httpauth_string, 0, ':', sizeof httpauth_user);
- extract_token(httpauth_pass, httpauth_string, 1, ':', sizeof httpauth_pass);
- }
- else
- lprintf(1, "Authentication scheme not supported! [%s]\n", ChrPtr(Line));
- }
-
-*/
-void Header_HandleAuth(StrBuf *Line, ParsedHttpHdrs *hdr)
-{
- const char *Pos = NULL;
- StrBufDecodeBase64(Line);
- StrBufExtract_NextToken(hdr->c_username, Line, &Pos, ':');
- StrBufExtract_NextToken(hdr->c_password, Line, &Pos, ':');
-}
-
void Header_HandleContentLength(StrBuf *Line, ParsedHttpHdrs *hdr)
{
hdr->ContentLength = StrToi(Line);
hdr->gzip_ok = 1;
}
}
-
-/*
-{
- c_username = NewStrBuf();
- c_password = NewStrBuf();
- c_roomname = NewStrBuf();
- safestrncpy(c_httpauth_string, "", sizeof c_httpauth_string);
- c_httpauth_user = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_USER));
- c_httpauth_pass = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_PASS));
-}
-*/
- /* *
- * These are the URL's which may be executed without a
- * session cookie already set. If it's not one of these,
- * force the session to close because cookies are
- * probably disabled on the client browser.
- * /
- else if ( (StrLength(ReqLine) > 1 )
- && (strncasecmp(ChrPtr(ReqLine), "/404", 4))
- && (Hdr.got_cookie == 0)) {
- StrBufPlain(ReqLine,
- HKEY("/static/nocookies.html"
- "?force_close_session=yes"));
- }
-*/
const char *ReqStrs[eNONE] = {
"GET",
"POST",
InitModule_CONTEXT
(void)
{
- RegisterHeaderHandler(HKEY("COOKIE"), Header_HandleCookie);
- RegisterHeaderHandler(HKEY("AUTHORIZATION"), Header_HandleAuth);
RegisterHeaderHandler(HKEY("CONTENT-LENGTH"), Header_HandleContentLength);
RegisterHeaderHandler(HKEY("CONTENT-TYPE"), Header_HandleContentType);
RegisterHeaderHandler(HKEY("USER-AGENT"), Header_HandleUserAgent);
projects / citadel.git / blobdiff