/* This file is part of libmicrohttpd Copyright (C) 2010, 2011, 2012 Daniel Pittman and Christian Grothoff This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ /** * @file basicauth.c * @brief Implements HTTP basic authentication methods * @author Amr Ali * @author Matthieu Speder */ #include "platform.h" #include <limits.h> #include "internal.h" #include "base64.h" /** * Beginning string for any valid Basic authentication header. */ #define _BASIC_BASE "Basic " /** * Get the username and password from the basic authorization header sent by the client * * @param connection The MHD connection structure * @param password a pointer for the password * @return NULL if no username could be found, a pointer * to the username if found * @ingroup authentication */ char * MHD_basic_auth_get_username_password (struct MHD_Connection *connection, char** password) { const char *header; char *decode; const char *separator; char *user; if ( (NULL == (header = MHD_lookup_connection_value (connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_AUTHORIZATION))) || (0 != strncmp (header, _BASIC_BASE, strlen(_BASIC_BASE))) ) return NULL; header += strlen (_BASIC_BASE); if (NULL == (decode = BASE64Decode (header))) { #if HAVE_MESSAGES MHD_DLOG (connection->daemon, "Error decoding basic authentication\n"); #endif return NULL; } /* Find user:password pattern */ if (NULL == (separator = strchr (decode, ':'))) { #if HAVE_MESSAGES MHD_DLOG(connection->daemon, "Basic authentication doesn't contain ':' separator\n"); #endif free (decode); return NULL; } if (NULL == (user = strdup (decode))) { free (decode); return NULL; } user[separator - decode] = '\0'; /* cut off at ':' */ if (NULL != password) { *password = strdup (separator + 1); if (NULL == *password) { #if HAVE_MESSAGES MHD_DLOG(connection->daemon, "Failed to allocate memory for password\n"); #endif free (decode); free (user); return NULL; } } free (decode); return user; } /** * Queues a response to request basic authentication from the client. * The given response object is expected to include the payload for * the response; the "WWW-Authenticate" header will be added and the * response queued with the 'UNAUTHORIZED' status code. * * @param connection The MHD connection structure * @param realm the realm presented to the client * @param response response object to modify and queue * @return #MHD_YES on success, #MHD_NO otherwise * @ingroup authentication */ int MHD_queue_basic_auth_fail_response (struct MHD_Connection *connection, const char *realm, struct MHD_Response *response) { int ret; size_t hlen = strlen(realm) + strlen("Basic realm=\"\"") + 1; char *header; header = (char*)malloc(hlen); if (NULL == header) { #if HAVE_MESSAGES MHD_DLOG(connection->daemon, "Failed to allocate memory for auth header\n"); #endif /* HAVE_MESSAGES */ return MHD_NO; } MHD_snprintf_ (header, hlen, "Basic realm=\"%s\"", realm); ret = MHD_add_response_header (response, MHD_HTTP_HEADER_WWW_AUTHENTICATE, header); free(header); if (MHD_YES == ret) ret = MHD_queue_response (connection, MHD_HTTP_UNAUTHORIZED, response); return ret; } /* end of basicauth.c */