URL https://opencores.org/ocsvn/openrisc_me/openrisc_me/trunk

Subversion Repositories openrisc_me

[/] [openrisc/] [trunk/] [rtos/] [rtems/] [c/] [src/] [libnetworking/] [rtems_webserver/] [security.c] - Blame information for rev 30

Go to most recent revision | Details | Compare with Previous | View Log


/*
 * security.c -- Security handler
 *
 * Copyright (c) Go Ahead Software Inc., 1995-1999. All Rights Reserved.
 *
 * See the file "license.txt" for usage and redistribution license requirements
 */
 
/******************************** Description *********************************/
 
/*
 *      This module provides a basic security policy. It supports a single global
 *      password and ignores the username. Encoding/decoding of the password is
 *      -not- done.
 */
 
/********************************* Includes ***********************************/
 
#include        "wsIntrn.h"
 
/******************************** Local Data **********************************/
 
static char_t   websPassword[WEBS_MAX_PASS];    /* Access password (decoded) */
 
/*********************************** Code *************************************/
/*
 *      Determine if this request should be honored
 */
 
int websSecurityHandler(webs_t wp, char_t *urlPrefix, char_t *webDir, int arg,
                                                char_t *url, char_t *path, char_t *query)
{
        char_t  *type, *password;
        int             flags;
 
        a_assert(websValid(wp));
        a_assert(url && *url);
        a_assert(path && *path);
 
/*
 *      Get the critical request details
 */
        type = websGetRequestType(wp);
        password = websGetRequestPassword(wp);
        flags = websGetRequestFlags(wp);
 
/*
 *      Validate the users password if required (local access is always allowed)
 *      We compare the decoded form of the password.
 */
        if (*websPassword && !(flags & WEBS_LOCAL_REQUEST)) {
 
                if (password && *password) {
                        if (gstrcmp(password, websPassword) != 0) {
                                websStats.access++;
                                websError(wp, 200, T("Access Denied\nWrong Password"));
                                websSetPassword(T(""));
                                return 1;
                        }
                } else {
/*
 *                      This will cause the browser to display a password / username
 *                      dialog
 */
                        websStats.errors++;
                        websError(wp, 401, T("<html><head>Access Denied</head><body>\r\n\
                                Access to this document requires a password.</body>\
                                </html>\r\n"));
                        return 1;
                }
        }
        return 0;
}
 
/******************************************************************************/
/*
 *      Delete the default security handler
 */
 
void websSecurityDelete()
{
        websUrlHandlerDelete(websSecurityHandler);
}
 
/******************************************************************************/
/*
 *      Store the new password, expect a decoded password. Store in websPassword in
 *      the decoded form.
 */
 
void websSetPassword(char_t *password)
{
        a_assert(password);
 
        gstrncpy(websPassword, password, TSZ(websPassword));
}
 
/******************************************************************************/
/*
 *      Get password, return the decoded form
 */
 
char_t *websGetPassword()
{
        return websPassword;
}
 
/******************************************************************************/
 

Line No.	Rev	Author	Line
1	30	unneback	`/*`
2			`* security.c -- Security handler`
3			`*`
4			`* Copyright (c) Go Ahead Software Inc., 1995-1999. All Rights Reserved.`
5			`*`
6			`* See the file "license.txt" for usage and redistribution license requirements`
7			`*/`
8
9			`/****************************** Description *******************************/`
10
11			`/*`
12			`* This module provides a basic security policy. It supports a single global`
13			`* password and ignores the username. Encoding/decoding of the password is`
14			`* -not- done.`
15			`*/`
16
17			`/******************************* Includes *********************************/`
18
19			`#include "wsIntrn.h"`
20
21			`/****************************** Local Data ********************************/`
22
23			`static char_t websPassword[WEBS_MAX_PASS]; /* Access password (decoded) */`
24
25			`/********************************* Code ***********************************/`
26			`/*`
27			`* Determine if this request should be honored`
28			`*/`
29
30			`int websSecurityHandler(webs_t wp, char_t urlPrefix, char_t webDir, int arg,`
31			`char_t url, char_t path, char_t *query)`
32			`{`
33			`char_t type, password;`
34			`int flags;`
35
36			`a_assert(websValid(wp));`
37			`a_assert(url && *url);`
38			`a_assert(path && *path);`
39
40			`/*`
41			`* Get the critical request details`
42			`*/`
43			`type = websGetRequestType(wp);`
44			`password = websGetRequestPassword(wp);`
45			`flags = websGetRequestFlags(wp);`
46
47			`/*`
48			`* Validate the users password if required (local access is always allowed)`
49			`* We compare the decoded form of the password.`
50			`*/`
51			`if (*websPassword && !(flags & WEBS_LOCAL_REQUEST)) {`
52
53			`if (password && *password) {`
54			`if (gstrcmp(password, websPassword) != 0) {`
55			`websStats.access++;`
56			`websError(wp, 200, T("Access Denied\nWrong Password"));`
57			`websSetPassword(T(""));`
58			`return 1;`
59			`}`
60			`} else {`
61			`/*`
62			`* This will cause the browser to display a password / username`
63			`* dialog`
64			`*/`
65			`websStats.errors++;`
66			`websError(wp, 401, T("<html><head>Access Denied</head><body>\r\n\`
67			`Access to this document requires a password.</body>\`
68			`</html>\r\n"));`
69			`return 1;`
70			`}`
71			`}`
72			`return 0;`
73			`}`
74
75			`/******************************************************************************/`
76			`/*`
77			`* Delete the default security handler`
78			`*/`
79
80			`void websSecurityDelete()`
81			`{`
82			`websUrlHandlerDelete(websSecurityHandler);`
83			`}`
84
85			`/******************************************************************************/`
86			`/*`
87			`* Store the new password, expect a decoded password. Store in websPassword in`
88			`* the decoded form.`
89			`*/`
90
91			`void websSetPassword(char_t *password)`
92			`{`
93			`a_assert(password);`
94
95			`gstrncpy(websPassword, password, TSZ(websPassword));`
96			`}`
97
98			`/******************************************************************************/`
99			`/*`
100			`* Get password, return the decoded form`
101			`*/`
102
103			`char_t *websGetPassword()`
104			`{`
105			`return websPassword;`
106			`}`
107
108			`/******************************************************************************/`
109

Browse

Tools

Subversion Repositories openrisc_me

[/] [openrisc/] [trunk/] [rtos/] [rtems/] [c/] [src/] [libnetworking/] [rtems_webserver/] [security.c] - Blame information for rev 30