Browse Source

[mod_auth] some cleanup, only search for matching auth.require path once

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2893 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.33
Stefan Bühler 8 years ago
parent
commit
2bcf65c285
  1. 28
      src/http_auth.c
  2. 5
      src/http_auth.h
  3. 4
      src/mod_auth.c

28
src/http_auth.c

@ -322,32 +322,14 @@ static int http_auth_get_password(server *srv, mod_auth_plugin_data *p, buffer *
return ret;
}
static int http_auth_match_rules(server *srv, mod_auth_plugin_data *p, const char *url, const char *username, const char *group, const char *host) {
int http_auth_match_rules(server *srv, array *req, const char *username, const char *group, const char *host) {
const char *r = NULL, *rules = NULL;
size_t i;
int username_len;
data_string *require;
array *req;
UNUSED(group);
UNUSED(host);
/* check what has to be match to fullfil the request */
/* search auth-directives for path */
for (i = 0; i < p->conf.auth_require->used; i++) {
if (p->conf.auth_require->data[i]->key->used == 0) continue;
if (0 == strncmp(url, p->conf.auth_require->data[i]->key->ptr, p->conf.auth_require->data[i]->key->used - 1)) {
break;
}
}
if (i == p->conf.auth_require->used) {
return -1;
}
req = ((data_array *)(p->conf.auth_require->data[i]))->value;
require = (data_string *)array_get_element(req, "require");
/* if we get here, the user we got a authed user */
@ -855,7 +837,7 @@ static int http_auth_basic_password_compare(server *srv, mod_auth_plugin_data *p
return -1;
}
int http_auth_basic_check(server *srv, connection *con, mod_auth_plugin_data *p, array *req, buffer *url, const char *realm_str) {
int http_auth_basic_check(server *srv, connection *con, mod_auth_plugin_data *p, array *req, const char *realm_str) {
buffer *username, *password;
char *pw;
@ -910,7 +892,7 @@ int http_auth_basic_check(server *srv, connection *con, mod_auth_plugin_data *p,
}
/* value is our allow-rules */
if (http_auth_match_rules(srv, p, url->ptr, username->ptr, NULL, NULL)) {
if (http_auth_match_rules(srv, req, username->ptr, NULL, NULL)) {
buffer_free(username);
buffer_free(password);
@ -935,7 +917,7 @@ typedef struct {
} digest_kv;
/* return values: -1: error/bad request, 0: failed, 1: success */
int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p, array *req, buffer *url, const char *realm_str) {
int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p, array *req, const char *realm_str) {
char a1[256];
char a2[256];
@ -1184,7 +1166,7 @@ int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p
}
/* value is our allow-rules */
if (http_auth_match_rules(srv, p, url->ptr, username, NULL, NULL)) {
if (http_auth_match_rules(srv, req, username, NULL, NULL)) {
buffer_free(b);
log_error_write(srv, __FILE__, __LINE__, "s",

5
src/http_auth.h

@ -66,8 +66,9 @@ typedef struct {
mod_auth_plugin_config conf, *anon_conf; /* this is only used as long as no handler_ctx is setup */
} mod_auth_plugin_data;
int http_auth_basic_check(server *srv, connection *con, mod_auth_plugin_data *p, array *req, buffer *url, const char *realm_str);
int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p, array *req, buffer *url, const char *realm_str);
int http_auth_basic_check(server *srv, connection *con, mod_auth_plugin_data *p, array *req, const char *realm_str);
int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p, array *req, const char *realm_str);
int http_auth_digest_generate_nonce(server *srv, mod_auth_plugin_data *p, buffer *fn, char hh[33]);
int http_auth_match_rules(server *srv, array *req, const char *username, const char *group, const char *host);
#endif

4
src/mod_auth.c

@ -249,13 +249,13 @@ static handler_t mod_auth_uri_handler(server *srv, connection *con, void *p_d) {
auth_type = "Basic";
if (0 == strcmp(method->value->ptr, "basic")) {
auth_satisfied = http_auth_basic_check(srv, con, p, req, con->uri.path, auth_realm+1);
auth_satisfied = http_auth_basic_check(srv, con, p, req, auth_realm+1);
}
} else if ((auth_type_len == 6) &&
(0 == strncasecmp(http_authorization, "Digest", auth_type_len))) {
auth_type = "Digest";
if (0 == strcmp(method->value->ptr, "digest")) {
if (-1 == (auth_satisfied = http_auth_digest_check(srv, con, p, req, con->uri.path, auth_realm+1))) {
if (-1 == (auth_satisfied = http_auth_digest_check(srv, con, p, req, auth_realm+1))) {
con->http_status = 400;
con->mode = DIRECT;

Loading…
Cancel
Save