#include "webserver.h"
#include <ctype.h>
+extern uint32_t hashlittle( const void *key, size_t length, uint32_t initval);
void display_reg(int during_login);
void Header_HandleAuth(StrBuf *Line, ParsedHttpHdrs *hdr)
{
- const char *Pos = NULL;
- if (strncasecmp(ChrPtr(Line), "Basic", 5) == 0) {
- StrBufCutLeft(Line, 6);
- StrBufDecodeBase64(Line);
- StrBufExtract_NextToken(hdr->c_username, Line, &Pos, ':');
- StrBufExtract_NextToken(hdr->c_password, Line, &Pos, ':');
- hdr->got_auth = AUTH_BASIC;
+ if (hdr->got_auth == NO_AUTH) /* don't override cookie auth... */
+ {
+ if (strncasecmp(ChrPtr(Line), "Basic", 5) == 0) {
+ StrBufCutLeft(Line, 6);
+ StrBufDecodeBase64(Line);
+ hdr->plainauth = Line;
+ hdr->got_auth = AUTH_BASIC;
+ }
+ else
+ lprintf(1, "Authentication scheme not supported! [%s]\n", ChrPtr(Line));
}
- else
- lprintf(1, "Authentication scheme not supported! [%s]\n", ChrPtr(Line));
+}
+
+void CheckAuthBasic(ParsedHttpHdrs *hdr)
+{
+/*
+ todo: enable this if we can have other sessions than authenticated ones.
+ if (hdr->DontNeedAuth)
+ return;
+*/
+ StrBufAppendBuf(hdr->plainauth, hdr->user_agent, 0);
+ hdr->SessionKey = hashlittle(SKEY(hdr->plainauth), 89479832);
+
+}
+
+void GetAuthBasic(ParsedHttpHdrs *hdr)
+{
+ const char *Pos = NULL;
+ if (hdr->c_username == NULL)
+ hdr->c_username = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_USER));
+ if (hdr->c_password == NULL)
+ hdr->c_password = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_PASS));
+ StrBufExtract_NextToken(hdr->c_username, hdr->plainauth, &Pos, ':');
+ StrBufExtract_NextToken(hdr->c_password, hdr->plainauth, &Pos, ':');
}
void Header_HandleCookie(StrBuf *Line, ParsedHttpHdrs *hdr)
{
- hdr->RawCookie = Line;
+ const char *pch;
+/*
+ todo: enable this if we can have other sessions than authenticated ones.
if (hdr->DontNeedAuth)
return;
+*/
+ hdr->RawCookie = Line;
+
+ pch = strstr(ChrPtr(hdr->RawCookie), "webcit=");
+
+ if (pch != NULL)
+ StrBufCutLeft(hdr->RawCookie, (pch - ChrPtr(hdr->RawCookie)) + 7);
+
+ StrBufDecodeHex(hdr->RawCookie);
+
if (hdr->c_username == NULL)
hdr->c_username = NewStrBufPlain(HKEY(DEFAULT_HTTPAUTH_USER));
if (hdr->c_password == NULL)
FreeStrBuf(&sess->wc_fullname);
FreeStrBuf(&sess->wc_password);
FreeStrBuf(&sess->wc_roomname);
- FreeStrBuf(&sess->httpauth_user);
FreeStrBuf(&sess->httpauth_pass);
FreeStrBuf(&sess->cs_inet_email);
}
StrBufCutLeft(Hdr->ReqLine,
Pos - ChrPtr(Hdr->ReqLine));
}
-/*
- if (Hdr->Handler == NULL)
- return 1;
-*/
- Hdr->HTTPHeaders = NewHash(1, NULL);
+ if (Hdr->Handler != NULL) {
+ if ((Hdr->Handler->Flags & BOGUS) != 0)
+ return 1;
+ Hdr->DontNeedAuth = (Hdr->Handler->Flags & ISSTATIC) != 0;
+ }
+
+ Hdr->HTTPHeaders = NewHash(1, NULL);
return 0;
}
if (!isbogus)
isbogus = AnalyseHeaders(&Hdr);
+
+ if (Hdr.got_auth == AUTH_BASIC)
+ CheckAuthBasic(&Hdr);
+
/*
if (isbogus)
StrBufPlain(ReqLine, HKEY("/404"));
((sptr != NULL) && (TheSession == NULL));
sptr = sptr->next) {
- /** If HTTP-AUTH, look for a session with matching credentials * /
- if ( (////TODO check auth type here...
- &&(!strcasecmp(ChrPtr(sptr->httpauth_user), httpauth_user))
- &&(!strcasecmp(ChrPtr(sptr->httpauth_pass), httpauth_pass)) ) {
- TheSession = sptr;
- }
-
+ /** If HTTP-AUTH, look for a session with matching credentials */
+ switch (Hdr.got_auth)
+ {
+ case AUTH_BASIC:
+ if ( (Hdr.SessionKey != sptr->SessionKey))
+ continue;
+ GetAuthBasic(&Hdr);
+ if ((!strcasecmp(ChrPtr(Hdr.c_username), ChrPtr(sptr->wc_username))) &&
+ (!strcasecmp(ChrPtr(Hdr.c_password), ChrPtr(sptr->wc_password))) )
+ TheSession = sptr;
+ break;
+ case AUTH_COOKIE:
/** If cookie-session, look for a session with matching session ID */
- if ( (Hdr.desired_session != 0) && (sptr->wc_session == Hdr.desired_session)) {
- TheSession = sptr;
+ if ( (Hdr.desired_session != 0) &&
+ (sptr->wc_session == Hdr.desired_session))
+ TheSession = sptr;
+ break;
+ case NO_AUTH:
+ break;
}
-
}
pthread_mutex_unlock(&SessionListMutex);
}
malloc(sizeof(wcsession));
memset(TheSession, 0, sizeof(wcsession));
TheSession->Hdr = &Hdr;
+ TheSession->SessionKey = Hdr.SessionKey;
TheSession->serv_sock = (-1);
TheSession->chat_sock = (-1);
else {
TheSession->wc_session = Hdr.desired_session;
}
-/*
- TheSession->httpauth_user = NewStrBufPlain(httpauth_user, -1);
- TheSession->httpauth_pass = NewStrBufPlain(httpauth_user, -1);
-*/
+
pthread_setspecific(MyConKey, (void *)TheSession);
session_new_modules(TheSession);
StrBuf *pass,
StrBuf *room)
{
- const char *pch;
- char buf[SIZ];
- StrBuf *Buf;
- int i, len;
-
- pch = strstr(ChrPtr(cookie), "webcit=");
-
- if (pch != NULL)
- StrBufCutLeft(cookie, (pch - ChrPtr(cookie)) + 7);
-
- strcpy(buf, "");
- len = StrLength(cookie) / 2;
- pch = ChrPtr(cookie);
- for (i=0; i<len; ++i) {
- buf[i] = xtoi(&pch[i*2], 2);
- buf[i+1] = 0;
- }
- Buf = NewStrBufPlain(buf, i);
-
/* debug
char t[256];
extract_token(t, buf, 0, '|', sizeof t);
debug */
if (session != NULL)
- *session = StrBufExtract_int(Buf, 0, '|');
+ *session = StrBufExtract_int(cookie, 0, '|');
if (user != NULL)
- StrBufExtract_token(user, Buf, 1, '|');
+ StrBufExtract_token(user, cookie, 1, '|');
if (pass != NULL)
- StrBufExtract_token(pass, Buf, 2, '|');
+ StrBufExtract_token(pass, cookie, 2, '|');
if (room != NULL)
- StrBufExtract_token(room, Buf, 3, '|');
- FreeStrBuf(&Buf);
+ StrBufExtract_token(room, cookie, 3, '|');
}
/*@}*/
int DontNeedAuth;
int got_auth;
+ int SessionKey;
long ContentLength;
time_t if_modified_since;
int gzip_ok; /**< Nonzero if Accept-encoding: gzip */
StrBuf *http_host; /**< HTTP Host: header */
StrBuf *browser_host;
StrBuf *user_agent;
+ StrBuf *plainauth;
StrBuf *this_page; /**< URL of current page */
StrBuf *PlainArgs; /*TODO: freeme*/
int is_mobile; /**< Client is a handheld browser */
int ctdl_pid; /**< Session ID on the Citadel server */
int nonce; /**< session nonce (to prevent session riding) */
+ int SessionKey;
/* Session local Members */
int serv_sock; /**< Client socket to Citadel server */
/* accounting */
StrBuf *wc_username; /**< login name of current user */
- StrBuf *httpauth_user; /**< only for GroupDAV sessions */
StrBuf *wc_fullname; /**< Screen name of current user */
StrBuf *wc_password; /**< Password of current user */
StrBuf *httpauth_pass; /**< only for GroupDAV sessions */
void confirm_delete_msg(void);
void display_success(char *);
void authorization_required(const char *message);
+void CheckAuthBasic(ParsedHttpHdrs *hdr);
+void GetAuthBasic(ParsedHttpHdrs *hdr);
+
int ReEstablish_Session(void);
void server_to_text(void);