version 0.2.1

[fms.git] / libs / shttpd / auth.c

diff --git a/libs/shttpd/auth.c b/libs/shttpd/auth.c
index 86f8eac..212232e 100644 (file)
--- a/libs/shttpd/auth.c
+++ b/libs/shttpd/auth.c
@@ -175,9 +175,10 @@ open_auth_file(struct shttpd_ctx *ctx, const char *path)
        FILE            *fp = NULL;
        int             fd;
 
-       if (ctx->global_passwd_file) {
+       if (ctx->options[OPT_AUTH_GPASSWD] != NULL) {
                /* Use global passwords file */
-               my_snprintf(name, sizeof(name), "%s", ctx->global_passwd_file);
+               my_snprintf(name, sizeof(name), "%s",
+                   ctx->options[OPT_AUTH_GPASSWD]);
        } else {
                /* Try to find .htpasswd in requested directory */
                for (p = path, e = p + strlen(p) - 1; e > p; e--)
@@ -253,7 +254,8 @@ authorize(struct conn *c, FILE *fp)
                        DBG(("[%.*s] [%.*s] [%.*s]", user.len, user.ptr,
                            domain.len, domain.ptr, ha1.len, ha1.ptr));
 
-                       if (vcmp(user_vec, &user) && !memcmp(c->ctx->auth_realm,
+                       if (vcmp(user_vec, &user) &&
+                           !memcmp(c->ctx->options[OPT_AUTH_REALM],
                            domain.ptr, domain.len)) {
                                ok = check_password(c->method, &ha1, &digest);
                                break;
@@ -267,23 +269,31 @@ authorize(struct conn *c, FILE *fp)
 int
 check_authorization(struct conn *c, const char *path)
 {
-       FILE                    *fp = NULL;
-       int                     authorized = 1;
-       
-#ifdef EMBEDDED
-       struct llhead   *lp;
-       struct uri_auth *auth;
-
-       /* Check, is this URL protected by shttpd_protect_url() */
-       LL_FOREACH(&c->ctx->uri_auths, lp) {
-               auth = LL_ENTRY(lp, struct uri_auth, link);
-               if (!strncmp(c->uri, auth->uri, auth->uri_len)) {
-                       fp = fopen(auth->file_name, "r");
+       FILE            *fp = NULL;
+       int             len, n, authorized = 1;
+       const char      *p, *s = c->ctx->options[OPT_PROTECT];
+       char            protected_path[FILENAME_MAX];
+
+       FOR_EACH_WORD_IN_LIST(s, len) {
+
+               if ((p = memchr(s, '=', len)) == NULL || p >= s + len || p == s)
+                       continue;
+
+               if (!memcmp(c->uri, s, p - s)) {
+                       
+                       n = s + len - p + 1;
+                       if (n > (int) sizeof(protected_path) - 1)
+                               n = sizeof(protected_path) - 1;
+                       
+                       my_strlcpy(protected_path, p + 1, n);
+                       
+                       if ((fp = fopen(protected_path, "r")) == NULL)
+                               elog(E_LOG, c, "check_auth: cannot open %s: %s",
+                                   protected_path, strerror(errno));
                        break;
                }
        }
-#endif /* EMBEDDED */
-       
+
        if (fp == NULL)
                fp = open_auth_file(c->ctx, path);
 
@@ -301,7 +311,7 @@ is_authorized_for_put(struct conn *c)
        FILE    *fp;
        int     ret = 0;
 
-       if ((fp = fopen(c->ctx->put_auth_file, "r")) != NULL) {
+       if ((fp = fopen(c->ctx->options[OPT_AUTH_PUT], "r")) != NULL) {
                ret = authorize(c, fp);
                (void) fclose(fp);
        }
@@ -316,7 +326,8 @@ send_authorization_request(struct conn *c)
 
        (void) my_snprintf(buf, sizeof(buf), "Unauthorized\r\n"
            "WWW-Authenticate: Digest qop=\"auth\", realm=\"%s\", "
-           "nonce=\"%lu\"", c->ctx->auth_realm, (unsigned long) current_time);
+           "nonce=\"%lu\"", c->ctx->options[OPT_AUTH_REALM],
+           (unsigned long) current_time);
 
        send_server_error(c, 401, buf);
 }