X-Git-Url: https://git.pterodactylus.net/?a=blobdiff_plain;f=libs%2Fshttpd%2Fauth.c;fp=libs%2Fshttpd%2Fauth.c;h=212232e561f0d89024867e083b28518082e04395;hb=1dee4e3cd008a27789bbce05b0eb47b0eb5d121a;hp=86f8eac22d4fb049631f0afb7c7eb797727a1e39;hpb=3dc3ac3cfe10b7196a7977e9c041c29fa141c35e;p=fms.git

diff --git a/libs/shttpd/auth.c b/libs/shttpd/auth.c
index 86f8eac..212232e 100644
--- a/libs/shttpd/auth.c
+++ b/libs/shttpd/auth.c
@@ -175,9 +175,10 @@ open_auth_file(struct shttpd_ctx *ctx, const char *path)
 	FILE		*fp = NULL;
 	int		fd;
 
-	if (ctx->global_passwd_file) {
+	if (ctx->options[OPT_AUTH_GPASSWD] != NULL) {
 		/* Use global passwords file */
-		my_snprintf(name, sizeof(name), "%s", ctx->global_passwd_file);
+		my_snprintf(name, sizeof(name), "%s",
+		    ctx->options[OPT_AUTH_GPASSWD]);
 	} else {
 		/* Try to find .htpasswd in requested directory */
 		for (p = path, e = p + strlen(p) - 1; e > p; e--)
@@ -253,7 +254,8 @@ authorize(struct conn *c, FILE *fp)
 			DBG(("[%.*s] [%.*s] [%.*s]", user.len, user.ptr,
 			    domain.len, domain.ptr, ha1.len, ha1.ptr));
 
-			if (vcmp(user_vec, &user) && !memcmp(c->ctx->auth_realm,
+			if (vcmp(user_vec, &user) &&
+			    !memcmp(c->ctx->options[OPT_AUTH_REALM],
 			    domain.ptr, domain.len)) {
 				ok = check_password(c->method, &ha1, &digest);
 				break;
@@ -267,23 +269,31 @@ authorize(struct conn *c, FILE *fp)
 int
 check_authorization(struct conn *c, const char *path)
 {
-	FILE			*fp = NULL;
-	int			authorized = 1;
-	
-#ifdef EMBEDDED
-	struct llhead	*lp;
-	struct uri_auth	*auth;
-
-	/* Check, is this URL protected by shttpd_protect_url() */
-	LL_FOREACH(&c->ctx->uri_auths, lp) {
-		auth = LL_ENTRY(lp, struct uri_auth, link);
-		if (!strncmp(c->uri, auth->uri, auth->uri_len)) {
-			fp = fopen(auth->file_name, "r");
+	FILE		*fp = NULL;
+	int		len, n, authorized = 1;
+	const char	*p, *s = c->ctx->options[OPT_PROTECT];
+	char		protected_path[FILENAME_MAX];
+
+	FOR_EACH_WORD_IN_LIST(s, len) {
+
+		if ((p = memchr(s, '=', len)) == NULL || p >= s + len || p == s)
+			continue;
+
+		if (!memcmp(c->uri, s, p - s)) {
+			
+			n = s + len - p + 1;
+			if (n > (int) sizeof(protected_path) - 1)
+				n = sizeof(protected_path) - 1;
+			
+			my_strlcpy(protected_path, p + 1, n);
+			
+			if ((fp = fopen(protected_path, "r")) == NULL)
+				elog(E_LOG, c, "check_auth: cannot open %s: %s",
+				    protected_path, strerror(errno));
 			break;
 		}
 	}
-#endif /* EMBEDDED */
-	
+
 	if (fp == NULL)
 		fp = open_auth_file(c->ctx, path);
 
@@ -301,7 +311,7 @@ is_authorized_for_put(struct conn *c)
 	FILE	*fp;
 	int	ret = 0;
 
-	if ((fp = fopen(c->ctx->put_auth_file, "r")) != NULL) {
+	if ((fp = fopen(c->ctx->options[OPT_AUTH_PUT], "r")) != NULL) {
 		ret = authorize(c, fp);
 		(void) fclose(fp);
 	}
@@ -316,7 +326,8 @@ send_authorization_request(struct conn *c)
 
 	(void) my_snprintf(buf, sizeof(buf), "Unauthorized\r\n"
 	    "WWW-Authenticate: Digest qop=\"auth\", realm=\"%s\", "
-	    "nonce=\"%lu\"", c->ctx->auth_realm, (unsigned long) current_time);
+	    "nonce=\"%lu\"", c->ctx->options[OPT_AUTH_REALM],
+	    (unsigned long) current_time);
 
 	send_server_error(c, 401, buf);
 }