Context Navigation

security.c @ 4e36a2f

4.104.114.84.95

Last change on this file since 4e36a2f was c1cdaa0, checked in by Joel Sherrill <joel.sherrill@…>, on 10/27/99 at 12:50:33

Patch from Emmanuel Raguet <raguet@…> and Eric Valette
<valette@…> to add a port of the GoAhead? web server
(httpd) to the RTEMS build tree. They have successfully used
this BSP on i386/pc386 and PowerPC/mcp750.

Mark and Joel spoke with Nick Berliner <nickb@…> on
26 Oct 1999 about this port and got verbal approval to include
it in RTEMS distributions.

Property mode set to 100644

File size: 2.7 KB

Line
1	/*
2	* security.c -- Security handler
3	*
4	* Copyright (c) Go Ahead Software Inc., 1995-1999. All Rights Reserved.
5	*
6	* See the file "license.txt" for usage and redistribution license requirements
7	*/
8
9	/****************************** Description *******************************/
10
11	/*
12	* This module provides a basic security policy. It supports a single global
13	* password and ignores the username. Encoding/decoding of the password is
14	* -not- done.
15	*/
16
17	/******************************* Includes *********************************/
18
19	#include "wsIntrn.h"
20
21	/****************************** Local Data ********************************/
22
23	static char_t websPassword[WEBS_MAX_PASS]; /* Access password (decoded) */
24
25	/********************************* Code ***********************************/
26	/*
27	* Determine if this request should be honored
28	*/
29
30	int websSecurityHandler(webs_t wp, char_t urlPrefix, char_t webDir, int arg,
31	char_t url, char_t path, char_t *query)
32	{
33	char_t type, password;
34	int flags;
35
36	a_assert(websValid(wp));
37	a_assert(url && *url);
38	a_assert(path && *path);
39
40	/*
41	* Get the critical request details
42	*/
43	type = websGetRequestType(wp);
44	password = websGetRequestPassword(wp);
45	flags = websGetRequestFlags(wp);
46
47	/*
48	* Validate the users password if required (local access is always allowed)
49	* We compare the decoded form of the password.
50	*/
51	if (*websPassword && !(flags & WEBS_LOCAL_REQUEST)) {
52
53	if (password && *password) {
54	if (gstrcmp(password, websPassword) != 0) {
55	websStats.access++;
56	websError(wp, 200, T("Access Denied\nWrong Password"));
57	websSetPassword(T(""));
58	return 1;
59	}
60	} else {
61	/*
62	* This will cause the browser to display a password / username
63	* dialog
64	*/
65	websStats.errors++;
66	websError(wp, 401, T("<html><head>Access Denied</head><body>\r\n\
67	Access to this document requires a password.</body>\
68	</html>\r\n"));
69	return 1;
70	}
71	}
72	return 0;
73	}
74
75	/******************************************************************************/
76	/*
77	* Delete the default security handler
78	*/
79
80	void websSecurityDelete()
81	{
82	websUrlHandlerDelete(websSecurityHandler);
83	}
84
85	/******************************************************************************/
86	/*
87	* Store the new password, expect a decoded password. Store in websPassword in
88	* the decoded form.
89	*/
90
91	void websSetPassword(char_t *password)
92	{
93	a_assert(password);
94
95	gstrncpy(websPassword, password, TSZ(websPassword));
96	}
97
98	/******************************************************************************/
99	/*
100	* Get password, return the decoded form
101	*/
102
103	char_t *websGetPassword()
104	{
105	return websPassword;
106	}
107
108	/******************************************************************************/
109

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: rtems/cpukit/httpd/security.c @ 4e36a2f

Download in other formats: