1 | /* |
---|
2 | * security.c -- Security handler |
---|
3 | * |
---|
4 | * Copyright (c) Go Ahead Software Inc., 1995-1999. All Rights Reserved. |
---|
5 | * |
---|
6 | * See the file "license.txt" for usage and redistribution license requirements |
---|
7 | */ |
---|
8 | |
---|
9 | /******************************** Description *********************************/ |
---|
10 | |
---|
11 | /* |
---|
12 | * This module provides a basic security policy. It supports a single global |
---|
13 | * password and ignores the username. Encoding/decoding of the password is |
---|
14 | * -not- done. |
---|
15 | */ |
---|
16 | |
---|
17 | /********************************* Includes ***********************************/ |
---|
18 | |
---|
19 | #include "wsIntrn.h" |
---|
20 | |
---|
21 | /******************************** Local Data **********************************/ |
---|
22 | |
---|
23 | static char_t websPassword[WEBS_MAX_PASS]; /* Access password (decoded) */ |
---|
24 | |
---|
25 | /*********************************** Code *************************************/ |
---|
26 | /* |
---|
27 | * Determine if this request should be honored |
---|
28 | */ |
---|
29 | |
---|
30 | int websSecurityHandler(webs_t wp, char_t *urlPrefix, char_t *webDir, int arg, |
---|
31 | char_t *url, char_t *path, char_t *query) |
---|
32 | { |
---|
33 | char_t *type, *password; |
---|
34 | int flags; |
---|
35 | |
---|
36 | a_assert(websValid(wp)); |
---|
37 | a_assert(url && *url); |
---|
38 | a_assert(path && *path); |
---|
39 | |
---|
40 | /* |
---|
41 | * Get the critical request details |
---|
42 | */ |
---|
43 | type = websGetRequestType(wp); |
---|
44 | password = websGetRequestPassword(wp); |
---|
45 | flags = websGetRequestFlags(wp); |
---|
46 | |
---|
47 | /* |
---|
48 | * Validate the users password if required (local access is always allowed) |
---|
49 | * We compare the decoded form of the password. |
---|
50 | */ |
---|
51 | if (*websPassword && !(flags & WEBS_LOCAL_REQUEST)) { |
---|
52 | |
---|
53 | if (password && *password) { |
---|
54 | if (gstrcmp(password, websPassword) != 0) { |
---|
55 | websStats.access++; |
---|
56 | websError(wp, 200, T("Access Denied\nWrong Password")); |
---|
57 | websSetPassword(T("")); |
---|
58 | return 1; |
---|
59 | } |
---|
60 | } else { |
---|
61 | /* |
---|
62 | * This will cause the browser to display a password / username |
---|
63 | * dialog |
---|
64 | */ |
---|
65 | websStats.errors++; |
---|
66 | websError(wp, 401, T("<html><head>Access Denied</head><body>\r\n\ |
---|
67 | Access to this document requires a password.</body>\ |
---|
68 | </html>\r\n")); |
---|
69 | return 1; |
---|
70 | } |
---|
71 | } |
---|
72 | return 0; |
---|
73 | } |
---|
74 | |
---|
75 | /******************************************************************************/ |
---|
76 | /* |
---|
77 | * Delete the default security handler |
---|
78 | */ |
---|
79 | |
---|
80 | void websSecurityDelete() |
---|
81 | { |
---|
82 | websUrlHandlerDelete(websSecurityHandler); |
---|
83 | } |
---|
84 | |
---|
85 | /******************************************************************************/ |
---|
86 | /* |
---|
87 | * Store the new password, expect a decoded password. Store in websPassword in |
---|
88 | * the decoded form. |
---|
89 | */ |
---|
90 | |
---|
91 | void websSetPassword(char_t *password) |
---|
92 | { |
---|
93 | a_assert(password); |
---|
94 | |
---|
95 | gstrncpy(websPassword, password, TSZ(websPassword)); |
---|
96 | } |
---|
97 | |
---|
98 | /******************************************************************************/ |
---|
99 | /* |
---|
100 | * Get password, return the decoded form |
---|
101 | */ |
---|
102 | |
---|
103 | char_t *websGetPassword() |
---|
104 | { |
---|
105 | return websPassword; |
---|
106 | } |
---|
107 | |
---|
108 | /******************************************************************************/ |
---|
109 | |
---|