main entry point for GroupDAV functions.
$Log$
+Revision 528.18 2005/01/25 03:12:27 ajc
+* Completed HTTP "Basic" authentication, and a stub function for the
+ main entry point for GroupDAV functions.
+
Revision 528.17 2005/01/24 03:37:48 ajc
* Began laying the groundwork for http-authenticated GroupDAV sessions.
1998-12-03 Nathan Bryant <bryant@cs.usm.maine.edu>
* webserver.c: warning fix
-
int desired_session = 0;
int got_cookie = 0;
struct wcsession *TheSession, *sptr;
+ char httpauth_string[SIZ];
+ char httpauth_user[SIZ];
+ char httpauth_pass[SIZ];
+
+ strcpy(httpauth_string, "");
+ strcpy(httpauth_user, "");
+ strcpy(httpauth_pass, "");
/*
* Find out what it is that the web browser is asking for
do {
if (req_gets(sock, buf, hold) < 0) return;
+ /*
+ * Browser-based sessions use cookies for session authentication
+ */
if (!strncasecmp(buf, "Cookie: webcit=", 15)) {
cookie_to_stuff(&buf[15], &desired_session,
NULL, NULL, NULL);
got_cookie = 1;
}
+ /*
+ * GroupDAV-based sessions use HTTP authentication
+ */
+ if (!strncasecmp(buf, "Authorization: Basic ", 21)) {
+ CtdlDecodeBase64(httpauth_string, &buf[21], strlen(&buf[21]));
+ extract_token(httpauth_user, httpauth_string, 0, ':');
+ extract_token(httpauth_pass, httpauth_string, 1, ':');
+ }
+
+ /*
+ * Read in the request
+ */
hptr = (struct httprequest *)
malloc(sizeof(struct httprequest));
if (req == NULL)
}
/*
- * See if there's an existing session open with the desired ID
+ * See if there's an existing session open with the desired ID or user/pass
*/
TheSession = NULL;
- if (desired_session != 0) {
+
+ if ( (TheSession == NULL) && (strlen(httpauth_user) > 0) ) {
+ pthread_mutex_lock(&SessionListMutex);
+ for (sptr = SessionList; sptr != NULL; sptr = sptr->next) {
+ if ( (!strcasecmp(sptr->httpauth_user, httpauth_user))
+ &&(!strcasecmp(sptr->httpauth_pass, httpauth_pass)) ) {
+ TheSession = sptr;
+ }
+ }
+ pthread_mutex_unlock(&SessionListMutex);
+ }
+
+ if ( (TheSession == NULL) && (desired_session != 0) ) {
pthread_mutex_lock(&SessionListMutex);
for (sptr = SessionList; sptr != NULL; sptr = sptr->next) {
if (sptr->wc_session == desired_session) {
TheSession->serv_sock = (-1);
TheSession->chat_sock = (-1);
TheSession->wc_session = GenerateSessionID();
+ strcpy(TheSession->httpauth_user, httpauth_user);
+ strcpy(TheSession->httpauth_pass, httpauth_pass);
pthread_mutex_init(&TheSession->SessionMutex, NULL);
pthread_mutex_lock(&SessionListMutex);
#include <errno.h>
#include <stdarg.h>
#include <time.h>
+#include <pthread.h>
#include "webcit.h"
#include "webserver.h"
-void groupdav_main(char *cmd) {
+void groupdav_main(struct httprequest *req) {
+
+ struct httprequest *rptr;
if (!WC->logged_in) {
wprintf(
"HTTP/1.1 401 Authorization Required\n"
- "WWW-Authenticate: Basic realm=\"GroupDAV\"\n"
- "Connection: close\n"
+ "WWW-Authenticate: Basic realm=\"%s\"\n"
+ "Connection: close\n",
+ serv_info.serv_humannode
);
- output_headers(0, 0, 0, 0, 0, 0, 0);
wprintf("Content-Type: text/plain\n");
wprintf("\n");
wprintf("GroupDAV sessions require HTTP authentication.\n");
- wDumpContent(0);
+ return;
}
- output_static("smiley.gif"); /* FIXME */
+ wprintf(
+ "HTTP/1.1 404 Not found - FIXME\n"
+ "Connection: close\n"
+ "Content-Type: text/plain\n"
+ "\n"
+ );
+ wprintf("You are authenticated, but sent a bogus request.\n");
+ wprintf("WC->httpauth_user=%s\n", WC->httpauth_user);
+ wprintf("WC->httpauth_pass=%s\n", WC->httpauth_pass); /* FIXME don't display this */
+ wprintf("WC->wc_session =%d\n", WC->wc_session);
+
+ for (rptr=req; rptr!=NULL; rptr=rptr->next) {
+ wprintf("> %s\n", rptr->line);
+ }
}
char c_username[SIZ];
char c_password[SIZ];
char c_roomname[SIZ];
+ char c_httpauth_string[SIZ];
+ char c_httpauth_user[SIZ];
+ char c_httpauth_pass[SIZ];
char cookie[SIZ];
strcpy(c_username, "");
strcpy(c_password, "");
strcpy(c_roomname, "");
+ strcpy(c_httpauth_string, "");
+ strcpy(c_httpauth_user, "");
+ strcpy(c_httpauth_pass, "");
WC->upload_length = 0;
WC->upload = NULL;
cookie_to_stuff(cookie, NULL,
c_username, c_password, c_roomname);
}
+ else if (!strncasecmp(buf, "Authorization: Basic ", 21)) {
+ CtdlDecodeBase64(c_httpauth_string, &buf[21], strlen(&buf[21]));
+ extract_token(c_httpauth_user, c_httpauth_string, 0, ':');
+ extract_token(c_httpauth_pass, c_httpauth_string, 1, ':');
+ }
else if (!strncasecmp(buf, "Content-length: ", 16)) {
ContentLength = atoi(&buf[16]);
}
goto SKIP_ALL_THIS_CRAP;
}
#endif
+
+ /*
+ * If we're not logged in, but we have HTTP Authentication data,
+ * try logging in to Citadel using that.
+ */
+ if ((!WC->logged_in) && (strlen(c_httpauth_user) > 0) && (strlen(c_httpauth_pass) > 0)) {
+ serv_printf("USER %s", c_httpauth_user);
+ serv_gets(buf);
+ if (buf[0] == '3') {
+ serv_printf("PASS %s", c_httpauth_pass);
+ serv_gets(buf);
+ if (buf[0] == '2') {
+ become_logged_in(c_httpauth_user, c_httpauth_pass, buf);
+ strcpy(WC->httpauth_user, c_httpauth_user);
+ strcpy(WC->httpauth_pass, c_httpauth_pass);
+ }
+ }
+ }
+
/*
* The GroupDAV stuff relies on HTTP authentication instead of
* our session's authentication.
*/
if (!strncasecmp(action, "groupdav", 8)) {
- groupdav_main(cmd);
+ groupdav_main(req);
goto SKIP_ALL_THIS_CRAP;
}
#define VIEW_TASKS 4 /* Tasks view */
#define VIEW_NOTES 5 /* Notes view */
-void groupdav_main(char *);
+void groupdav_main(struct httprequest *);