OpenCores
URL https://opencores.org/ocsvn/openrisc_2011-10-31/openrisc_2011-10-31/trunk

Subversion Repositories openrisc_2011-10-31

[/] [openrisc/] [trunk/] [rtos/] [rtems/] [c/] [src/] [libnetworking/] [rtems_webserver/] [security.c] - Blame information for rev 261

Go to most recent revision | Details | Compare with Previous | View Log

Line No. Rev Author Line
1 30 unneback
/*
2
 * security.c -- Security handler
3
 *
4
 * Copyright (c) Go Ahead Software Inc., 1995-1999. All Rights Reserved.
5
 *
6
 * See the file "license.txt" for usage and redistribution license requirements
7
 */
8
 
9
/******************************** Description *********************************/
10
 
11
/*
12
 *      This module provides a basic security policy. It supports a single global
13
 *      password and ignores the username. Encoding/decoding of the password is
14
 *      -not- done.
15
 */
16
 
17
/********************************* Includes ***********************************/
18
 
19
#include        "wsIntrn.h"
20
 
21
/******************************** Local Data **********************************/
22
 
23
static char_t   websPassword[WEBS_MAX_PASS];    /* Access password (decoded) */
24
 
25
/*********************************** Code *************************************/
26
/*
27
 *      Determine if this request should be honored
28
 */
29
 
30
int websSecurityHandler(webs_t wp, char_t *urlPrefix, char_t *webDir, int arg,
31
                                                char_t *url, char_t *path, char_t *query)
32
{
33
        char_t  *type, *password;
34
        int             flags;
35
 
36
        a_assert(websValid(wp));
37
        a_assert(url && *url);
38
        a_assert(path && *path);
39
 
40
/*
41
 *      Get the critical request details
42
 */
43
        type = websGetRequestType(wp);
44
        password = websGetRequestPassword(wp);
45
        flags = websGetRequestFlags(wp);
46
 
47
/*
48
 *      Validate the users password if required (local access is always allowed)
49
 *      We compare the decoded form of the password.
50
 */
51
        if (*websPassword && !(flags & WEBS_LOCAL_REQUEST)) {
52
 
53
                if (password && *password) {
54
                        if (gstrcmp(password, websPassword) != 0) {
55
                                websStats.access++;
56
                                websError(wp, 200, T("Access Denied\nWrong Password"));
57
                                websSetPassword(T(""));
58
                                return 1;
59
                        }
60
                } else {
61
/*
62
 *                      This will cause the browser to display a password / username
63
 *                      dialog
64
 */
65
                        websStats.errors++;
66
                        websError(wp, 401, T("<html><head>Access Denied</head><body>\r\n\
67
                                Access to this document requires a password.</body>\
68
                                </html>\r\n"));
69
                        return 1;
70
                }
71
        }
72
        return 0;
73
}
74
 
75
/******************************************************************************/
76
/*
77
 *      Delete the default security handler
78
 */
79
 
80
void websSecurityDelete()
81
{
82
        websUrlHandlerDelete(websSecurityHandler);
83
}
84
 
85
/******************************************************************************/
86
/*
87
 *      Store the new password, expect a decoded password. Store in websPassword in
88
 *      the decoded form.
89
 */
90
 
91
void websSetPassword(char_t *password)
92
{
93
        a_assert(password);
94
 
95
        gstrncpy(websPassword, password, TSZ(websPassword));
96
}
97
 
98
/******************************************************************************/
99
/*
100
 *      Get password, return the decoded form
101
 */
102
 
103
char_t *websGetPassword()
104
{
105
        return websPassword;
106
}
107
 
108
/******************************************************************************/
109
 

powered by: WebSVN 2.1.0

© copyright 1999-2024 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.