Subversion Repositories openrisc

/*
 * security.c -- Security handler
 *
 * Copyright (c) Go Ahead Software Inc., 1995-1999. All Rights Reserved.
 *
 * See the file "license.txt" for usage and redistribution license requirements
 */
 
/******************************** Description *********************************/
 
/*
 *	This module provides a basic security policy. It supports a single global
 *	password and ignores the username. Encoding/decoding of the password is 
 *	-not- done.
 */
 
/********************************* Includes ***********************************/
 
#include	"wsIntrn.h"
 
/******************************** Local Data **********************************/
 
static char_t	websPassword[WEBS_MAX_PASS];	/* Access password (decoded) */
 
/*********************************** Code *************************************/
/*
 *	Determine if this request should be honored
 */
 
int websSecurityHandler(webs_t wp, char_t *urlPrefix, char_t *webDir, int arg, 
						char_t *url, char_t *path, char_t *query)
{
	char_t	*type, *password;
	int		flags;
 
	a_assert(websValid(wp));
	a_assert(url && *url);
	a_assert(path && *path);
 
/*
 *	Get the critical request details
 */
	type = websGetRequestType(wp);
	password = websGetRequestPassword(wp);
	flags = websGetRequestFlags(wp);
 
/*
 *	Validate the users password if required (local access is always allowed)
 *	We compare the decoded form of the password.
 */
	if (*websPassword && !(flags & WEBS_LOCAL_REQUEST)) {
 
		if (password && *password) {
			if (gstrcmp(password, websPassword) != 0) {
				websStats.access++;
				websError(wp, 200, T("Access Denied\nWrong Password"));
				websSetPassword(T(""));
				return 1;
			}
		} else {
/*
 *			This will cause the browser to display a password / username
 *			dialog
 */
			websStats.errors++;
			websError(wp, 401, T("<html><head>Access Denied</head><body>\r\n\
				Access to this document requires a password.</body>\
				</html>\r\n"));
			return 1;
		}
	}
	return 0;
}
 
/******************************************************************************/
/*
 *	Delete the default security handler
 */
 
void websSecurityDelete()
{
	websUrlHandlerDelete(websSecurityHandler);
}
 
/******************************************************************************/
/*
 *	Store the new password, expect a decoded password. Store in websPassword in 
 *	the decoded form.
 */
 
void websSetPassword(char_t *password)
{
	a_assert(password);
 
	gstrncpy(websPassword, password, TSZ(websPassword));
}
 
/******************************************************************************/
/*
 *	Get password, return the decoded form
 */
 
char_t *websGetPassword()
{
	return websPassword;
}
 
/******************************************************************************/