diff options
author | Fumitoshi UKAI <ukai@debian.or.jp> | 2004-04-16 18:47:18 +0000 |
---|---|---|
committer | Fumitoshi UKAI <ukai@debian.or.jp> | 2004-04-16 18:47:18 +0000 |
commit | d02cc0c7de1154894ded7a4861bfea9790935cd2 (patch) | |
tree | 6e59dd7eaf9a69c70d3bdb183bd686d14fcd8a28 | |
parent | [w3m-dev 04063] about Makefile (diff) | |
download | w3m-d02cc0c7de1154894ded7a4861bfea9790935cd2.tar.gz w3m-d02cc0c7de1154894ded7a4861bfea9790935cd2.zip |
[w3m-dev 04064] authentication
closes: Bug#:244029: w3m: HTTP basic authentication annoyance
* fm.h (auth_cookie): deleted
* proto.h (find_auth_cookie): deleted
(add_auth_cookie): deleted
(add_auth_user_passwd): added
(invalidate_auth_user_passwd): added
* etc.c (auth_pass): add bad flag
delete file
(dir_under): deleted
(add_auth_pass_entry): add override flag
no need to check file
(find_auth_pass_entry): delete file
check bad flag
check uname
(find_auth_user_passwd): find by pu->user
(add_auth_user_passwd): added
(invalidate_auth_user_passwd): added
(parsePasswd): add no override
ignore file
(find_auth): deleted
(find_auth_cookie): deleted
(dump_auth_cookie): deleted
(add_auth_cookie): deleted
* file.c (getAuthCookie): add *uname, *pwd
rewrite
(loadGeneralFile): delete ss, add uname, pwd
use add_auth_user_passwd instead of add_auth_cookie
* url.c (HTTPrequest): don't authorization here
it should be done in getAuthCookie in loadGeneralFile
through extra_header
* ftp.c (openFTPStream): add uname
use find_auth_user_passwd instead of find_auth_cookie
use add_auth_user_passwd instead of add_auth_cookie
Diffstat (limited to '')
-rw-r--r-- | ChangeLog | 39 | ||||
-rw-r--r-- | etc.c | 165 | ||||
-rw-r--r-- | file.c | 150 | ||||
-rw-r--r-- | fm.h | 11 | ||||
-rw-r--r-- | ftp.c | 9 | ||||
-rw-r--r-- | proto.h | 9 | ||||
-rw-r--r-- | url.c | 29 |
7 files changed, 193 insertions, 219 deletions
@@ -1,3 +1,40 @@ +2004-04-17 Fumitoshi UKAI <ukai@debian.or.jp> + + * [w3m-dev 04064] authentication + closes: Bug#:244029: w3m: HTTP basic authentication annoyance + * fm.h (auth_cookie): deleted + * proto.h (find_auth_cookie): deleted + (add_auth_cookie): deleted + (add_auth_user_passwd): added + (invalidate_auth_user_passwd): added + * etc.c (auth_pass): add bad flag + delete file + (dir_under): deleted + (add_auth_pass_entry): add override flag + no need to check file + (find_auth_pass_entry): delete file + check bad flag + check uname + (find_auth_user_passwd): find by pu->user + (add_auth_user_passwd): added + (invalidate_auth_user_passwd): added + (parsePasswd): add no override + ignore file + (find_auth): deleted + (find_auth_cookie): deleted + (dump_auth_cookie): deleted + (add_auth_cookie): deleted + * file.c (getAuthCookie): add *uname, *pwd + rewrite + (loadGeneralFile): delete ss, add uname, pwd + use add_auth_user_passwd instead of add_auth_cookie + * url.c (HTTPrequest): don't authorization here + it should be done in getAuthCookie in loadGeneralFile + through extra_header + * ftp.c (openFTPStream): add uname + use find_auth_user_passwd instead of find_auth_cookie + use add_auth_user_passwd instead of add_auth_cookie + 2004-04-10 SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp> * [w3m-dev 04063] about Makefile @@ -8406,4 +8443,4 @@ a * [w3m-dev 03276] compile error on EWS4800 * release-0-2-1 * import w3m-0.2.1 -$Id: ChangeLog,v 1.918 2004/04/09 17:18:48 ukai Exp $ +$Id: ChangeLog,v 1.919 2004/04/16 18:47:18 ukai Exp $ @@ -1,4 +1,4 @@ -/* $Id: etc.c,v 1.77 2004/04/04 16:47:20 ukai Exp $ */ +/* $Id: etc.c,v 1.78 2004/04/16 18:47:19 ukai Exp $ */ #include "fm.h" #include <pwd.h> #include "myctype.h" @@ -20,10 +20,11 @@ #endif /* __WATT32__ */ struct auth_pass { + int bad; int is_proxy; Str host; int port; - Str file; +/* Str file; */ Str realm; Str uname; Str pwd; @@ -918,48 +919,55 @@ correct_irrtag(int status) return tmp; } -static int -dir_under(const char *x, const char *y) -{ - size_t len = strlen(x); - if (strcmp(x, y) == 0) - return 1; - return x[len - 1] == '/' - && strlen(y) >= len - && y[len - 1] == '/' && strncasecmp(x, y, len) == 0; -} - +/* + * RFC2617: 1.2 Access Authentication Framework + * + * The realm value (case-sensitive), in combination with the canonical root + * URL (the absoluteURI for the server whose abs_path is empty; see section + * 5.1.2 of RFC2616 ) of the server being accessed, defines the protection + * space. These realms allow the protected resources on a server to be + * partitioned into a set of protection spaces, each with its own + * authentication scheme and/or authorization database. + * + */ static void -add_auth_pass_entry(const struct auth_pass *ent, int netrc) +add_auth_pass_entry(const struct auth_pass *ent, int netrc, int override) { if ((ent->host || netrc) /* netrc accept default (host == NULL) */ - &&(ent->is_proxy || ent->file || ent->realm || netrc) + &&(ent->is_proxy || ent->realm || netrc) && ent->uname && ent->pwd) { struct auth_pass *newent = New(struct auth_pass); memcpy(newent, ent, sizeof(struct auth_pass)); - if (passwords == NULL) + if (override) { + newent->next = passwords; passwords = newent; - else if (passwords->next == NULL) - passwords->next = newent; + } else { - struct auth_pass *ep = passwords; - for (; ep->next; ep = ep->next) ; - ep->next = newent; + if (passwords == NULL) + passwords = newent; + else if (passwords->next == NULL) + passwords->next = newent; + else { + struct auth_pass *ep = passwords; + for (; ep->next; ep = ep->next) ; + ep->next = newent; + } } } /* ignore invalid entries */ } static struct auth_pass * -find_auth_pass_entry(char *host, int port, char *file, char *realm, +find_auth_pass_entry(char *host, int port, char *realm, char *uname, int is_proxy) { struct auth_pass *ent; for (ent = passwords; ent != NULL; ent = ent->next) { if (ent->is_proxy == is_proxy + && (ent->bad != TRUE) && (!ent->host || !Strcasecmp_charp(ent->host, host)) && (!ent->port || ent->port == port) - && (!ent->file || !file || dir_under(ent->file->ptr, file)) + && (!ent->uname || !uname || !Strcmp_charp(ent->uname, uname)) && (!ent->realm || !realm || !Strcmp_charp(ent->realm, realm)) ) return ent; @@ -978,7 +986,7 @@ find_auth_user_passwd(ParsedURL *pu, char *realm, *pwd = Strnew_charp(pu->pass); return 1; } - ent = find_auth_pass_entry(pu->host, pu->port, pu->file, realm, is_proxy); + ent = find_auth_pass_entry(pu->host, pu->port, realm, pu->user, is_proxy); if (ent) { *uname = ent->uname; *pwd = ent->pwd; @@ -987,13 +995,41 @@ find_auth_user_passwd(ParsedURL *pu, char *realm, return 0; } +void +add_auth_user_passwd(ParsedURL *pu, char *realm, Str uname, Str pwd, + int is_proxy) +{ + struct auth_pass ent; + memset(&ent, 0, sizeof(ent)); + + ent.is_proxy = is_proxy; + ent.host = Strnew_charp(pu->host); + ent.port = pu->port; + ent.realm = Strnew_charp(realm); + ent.uname = uname; + ent.pwd = pwd; + add_auth_pass_entry(&ent, 0, 1); +} + +void +invalidate_auth_user_passwd(ParsedURL *pu, char *realm, Str uname, Str pwd, + int is_proxy) +{ + struct auth_pass *ent; + ent = find_auth_pass_entry(pu->host, pu->port, realm, NULL, is_proxy); + if (ent) { + ent->bad = TRUE; + } + return; +} + /* passwd */ /* * machine <host> * host <host> * port <port> * proxy - * path <file> + * path <file> ; not used * realm <realm> * login <login> * passwd <passwd> @@ -1045,7 +1081,7 @@ parsePasswd(FILE * fp, int netrc) if (!strcmp(p, "machine") || !strcmp(p, "host") || (netrc && !strcmp(p, "default"))) { - add_auth_pass_entry(&ent, netrc); + add_auth_pass_entry(&ent, netrc, 0); bzero(&ent, sizeof(struct auth_pass)); if (netrc) ent.port = 21; /* XXX: getservbyname("ftp"); ? */ @@ -1067,7 +1103,7 @@ parsePasswd(FILE * fp, int netrc) } else if (!netrc && !strcmp(p, "path")) { line = next_token(arg); - ent.file = arg; + /* ent.file = arg; */ } else if (!netrc && !strcmp(p, "realm")) { /* XXX: rest of line becomes arg for realm */ @@ -1098,7 +1134,7 @@ parsePasswd(FILE * fp, int netrc) line = NULL; } } - add_auth_pass_entry(&ent, netrc); + add_auth_pass_entry(&ent, netrc, 0); } /* FIXME: gettextize? */ @@ -1164,79 +1200,6 @@ loadPasswd(void) return; } -/* authentication */ -struct auth_cookie * -find_auth(char *host, int port, char *file, char *realm) -{ - struct auth_cookie *p; - - for (p = Auth_cookie; p != NULL; p = p->next) { - if (!Strcasecmp_charp(p->host, host) && - p->port == port && - ((realm && !Strcasecmp_charp(p->realm, realm)) || - (p->file && file && dir_under(p->file->ptr, file)))) - return p; - } - return NULL; -} - -Str -find_auth_cookie(char *host, int port, char *file, char *realm) -{ - struct auth_cookie *p = find_auth(host, port, file, realm); - if (p) - return p->cookie; - return NULL; -} - -#ifdef AUTH_DEBUG -static void -dump_auth_cookie(void) -{ - if (w3m_debug) { - FILE *ff = fopen("zzzauth", "a"); - struct auth_cookie *p; - - for (p = Auth_cookie; p != NULL; p = p->next) { - Str tmp = Sprintf("%s, %d, %s, %s\n", p->host->ptr, p->port, - p->file ? (const char *)p->file->ptr : "NULL", - p->realm ? (const char *)p->realm->ptr : "NULL"); - fwrite(tmp->ptr, sizeof(char), tmp->length, ff); - } - fputc('\n', ff); - fclose(ff); - } -} -#endif - -void -add_auth_cookie(char *host, int port, char *file, char *realm, Str cookie) -{ - struct auth_cookie *p; - - p = find_auth(host, port, file, realm); - if (p && (!p->file || !Strcasecmp_charp(p->file, file))) { - if (realm && p->realm == NULL) - p->realm = Strnew_charp(realm); - p->cookie = cookie; -#ifdef AUTH_DEBUG - dump_auth_cookie(); -#endif - return; - } - p = New(struct auth_cookie); - p->host = Strnew_charp(host); - p->port = port; - p->file = file ? Strnew_charp(file) : NULL; - p->realm = Strnew_charp(realm); - p->cookie = cookie; - p->next = Auth_cookie; - Auth_cookie = p; -#ifdef AUTH_DEBUG - dump_auth_cookie(); -#endif -} - /* get last modified time */ char * last_modified(Buffer *buf) @@ -1,4 +1,4 @@ -/* $Id: file.c,v 1.234 2003/12/08 16:08:01 ukai Exp $ */ +/* $Id: file.c,v 1.235 2004/04/16 18:47:19 ukai Exp $ */ #include "fm.h" #include <sys/types.h> #include "myctype.h" @@ -1388,22 +1388,26 @@ findAuthentication(struct http_auth *hauth, Buffer *buf, char *auth_field) return hauth->scheme ? hauth : NULL; } -static Str +static void getAuthCookie(struct http_auth *hauth, char *auth_header, TextList *extra_header, ParsedURL *pu, HRequest *hr, - FormList *request) + FormList *request, + volatile Str *uname, volatile Str *pwd) { Str ss = NULL; - Str uname, pwd; Str tmp; TextListItem *i; int a_found; int auth_header_len = strlen(auth_header); char *realm = NULL; + int proxy; if (hauth) realm = qstr_unquote(get_auth_param(hauth->param, "realm"))->ptr; + if (!realm) + return; + a_found = FALSE; for (i = extra_header->first; i != NULL; i = i->next) { if (!strncasecmp(i->ptr, auth_header, auth_header_len)) { @@ -1411,9 +1415,9 @@ getAuthCookie(struct http_auth *hauth, char *auth_header, break; } } + proxy = !strncasecmp("Proxy-Authorization:", auth_header, + auth_header_len); if (a_found) { - if (!realm) - return NULL; /* This means that *-Authenticate: header is received after * Authorization: header is sent to the server. */ @@ -1424,79 +1428,81 @@ getAuthCookie(struct http_auth *hauth, char *auth_header, else fprintf(stderr, "Wrong username or password\n"); sleep(1); - ss = NULL; /* delete Authenticate: header from extra_header */ delText(extra_header, i); - + invalidate_auth_user_passwd(pu, realm, *uname, *pwd, proxy); } - if (realm && ss == NULL) { - int proxy = !strncasecmp("Proxy-Authorization:", auth_header, - auth_header_len); + *uname = NULL; + *pwd = NULL; - if (!a_found && find_auth_user_passwd(pu, realm, &uname, &pwd, proxy)) { - /* found username & password in passwd file */ ; + if (!a_found && find_auth_user_passwd(pu, realm, (Str*)uname, (Str*)pwd, + proxy)) { + /* found username & password in passwd file */ ; + } + else { + if (QuietMessage) + return; + /* input username and password */ + sleep(2); + if (fmInitialized) { + char *pp; + term_raw(); + /* FIXME: gettextize? */ + if ((pp = inputStr(Sprintf("Username for %s: ", realm)->ptr, + NULL)) == NULL) + return; + *uname = Str_conv_to_system(Strnew_charp(pp)); + if ((pp = inputLine(Sprintf("Password for %s: ", realm)->ptr, NULL, + IN_PASSWORD)) == NULL) { + *uname = NULL; + return; + } + *pwd = Str_conv_to_system(Strnew_charp(pp)); + term_cbreak(); } else { - if (QuietMessage) - return ss; - /* input username and password */ - sleep(2); - if (fmInitialized) { - char *pp; - term_raw(); + /* + * If post file is specified as '-', stdin is closed at this + * point. + * In this case, w3m cannot read username from stdin. + * So exit with error message. + * (This is same behavior as lwp-request.) + */ + if (feof(stdin) || ferror(stdin)) { /* FIXME: gettextize? */ - if ((pp = - inputStr(Sprintf("Username for %s: ", realm)->ptr, - NULL)) == NULL) - return NULL; - uname = Str_conv_to_system(Strnew_charp(pp)); - if ((pp = - inputLine(Sprintf("Password for %s: ", realm)->ptr, NULL, - IN_PASSWORD)) == NULL) - return NULL; - pwd = Str_conv_to_system(Strnew_charp(pp)); - term_cbreak(); + fprintf(stderr, "w3m: Authorization required for %s\n", + realm); + exit(1); } - else { - /* - * If post file is specified as '-', stdin is closed at this - * point. - * In this case, w3m cannot read username from stdin. - * So exit with error message. - * (This is same behavior as lwp-request.) - */ - if (feof(stdin) || ferror(stdin)) { - /* FIXME: gettextize? */ - fprintf(stderr, "w3m: Authorization required for %s\n", - realm); - exit(1); - } - - /* FIXME: gettextize? */ - printf(proxy ? "Proxy Username for %s: " : "Username for %s: ", - realm); - fflush(stdout); - uname = Strfgets(stdin); - Strchop(uname); + + /* FIXME: gettextize? */ + printf(proxy ? "Proxy Username for %s: " : "Username for %s: ", + realm); + fflush(stdout); + *uname = Strfgets(stdin); + Strchop(*uname); #ifdef HAVE_GETPASSPHRASE - pwd = Strnew_charp((char *) - getpassphrase(proxy ? "Proxy Password: " : - "Password: ")); + *pwd = Strnew_charp((char *) + getpassphrase(proxy ? "Proxy Password: " : + "Password: ")); #else - pwd = Strnew_charp((char *) - getpass(proxy ? "Proxy Password: " : - "Password: ")); + *pwd = Strnew_charp((char *) + getpass(proxy ? "Proxy Password: " : + "Password: ")); #endif - } } - ss = hauth->cred(hauth, uname, pwd, pu, hr, request); } + ss = hauth->cred(hauth, *uname, *pwd, pu, hr, request); if (ss) { tmp = Strnew_charp(auth_header); Strcat_m_charp(tmp, " ", ss->ptr, "\r\n", NULL); pushText(extra_header, tmp->ptr); } - return ss; + else { + *uname = NULL; + *pwd = NULL; + } + return; } static int @@ -1566,7 +1572,8 @@ loadGeneralFile(char *path, ParsedURL *volatile current, char *referer, int volatile searchHeader_through = TRUE; MySignalHandler(*volatile prevtrap) (SIGNAL_ARG) = NULL; TextList *extra_header = newTextList(); - volatile Str ss = NULL; + volatile Str uname = NULL; + volatile Str pwd = NULL; volatile Str realm = NULL; int volatile add_auth_cookie_flag; unsigned char status = HTST_NORMAL; @@ -1735,10 +1742,10 @@ loadGeneralFile(char *path, ParsedURL *volatile current, char *referer, } if (t == NULL) t = "text/plain"; - if (add_auth_cookie_flag && realm && ss) { + if (add_auth_cookie_flag && realm && uname && pwd) { /* If authorization is required and passed */ - add_auth_cookie(auth_pu->host, auth_pu->port, auth_pu->file, - qstr_unquote(realm)->ptr, ss); + add_auth_user_passwd(&pu, qstr_unquote(realm)->ptr, uname, pwd, + 0); add_auth_cookie_flag = 0; } if ((p = checkHeader(t_buf, "WWW-Authenticate:")) != NULL && @@ -1748,9 +1755,9 @@ loadGeneralFile(char *path, ParsedURL *volatile current, char *referer, if (findAuthentication(&hauth, t_buf, "WWW-Authenticate:") != NULL && (realm = get_auth_param(hauth.param, "realm")) != NULL) { auth_pu = &pu; - ss = getAuthCookie(&hauth, "Authorization:", extra_header, - auth_pu, &hr, request); - if (ss == NULL) { + getAuthCookie(&hauth, "Authorization:", extra_header, + auth_pu, &hr, request, &uname, &pwd); + if (uname == NULL) { /* abort */ TRAP_OFF; goto page_loaded; @@ -1769,9 +1776,10 @@ loadGeneralFile(char *path, ParsedURL *volatile current, char *referer, != NULL && (realm = get_auth_param(hauth.param, "realm")) != NULL) { auth_pu = schemeToProxy(pu.scheme); - ss = getAuthCookie(&hauth, "Proxy-Authorization:", - extra_header, auth_pu, &hr, request); - if (ss == NULL) { + getAuthCookie(&hauth, "Proxy-Authorization:", + extra_header, auth_pu, &hr, request, + &uname, &pwd); + if (uname == NULL) { /* abort */ TRAP_OFF; goto page_loaded; @@ -1,4 +1,4 @@ -/* $Id: fm.h,v 1.124 2003/10/05 18:52:51 ukai Exp $ */ +/* $Id: fm.h,v 1.125 2004/04/16 18:47:19 ukai Exp $ */ /* * w3m: WWW wo Miru utility * @@ -669,15 +669,6 @@ struct html_feed_environ { int blank_lines; }; -struct auth_cookie { - Str host; - int port; - Str file; - Str realm; - Str cookie; - struct auth_cookie *next; -}; - #ifdef USE_COOKIE struct portlist { unsigned short port; @@ -1,4 +1,4 @@ -/* $Id: ftp.c,v 1.34 2003/10/22 18:44:31 ukai Exp $ */ +/* $Id: ftp.c,v 1.35 2004/04/16 18:47:19 ukai Exp $ */ #include <stdio.h> #include <pwd.h> #include <Str.h> @@ -320,6 +320,7 @@ openFTPStream(ParsedURL *pu, URLFile *uf) int status; char *user = NULL; char *pass = NULL; + Str uname = NULL; Str pwd = NULL; int add_auth_cookie_flag = FALSE; char *realpathname = NULL; @@ -328,7 +329,6 @@ openFTPStream(ParsedURL *pu, URLFile *uf) return NULL; if (pu->user == NULL && pu->pass == NULL) { - Str uname, pwd; if (find_auth_user_passwd(pu, NULL, &uname, &pwd, 0)) { if (uname) user = uname->ptr; @@ -361,7 +361,8 @@ openFTPStream(ParsedURL *pu, URLFile *uf) else if (pu->pass) pass = pu->pass; else if (pu->user) { - pwd = find_auth_cookie(pu->host, pu->port, pu->file, pu->user); + pwd = NULL; + find_auth_user_passwd(pu, NULL, &uname, &pwd, 0); if (pwd == NULL) { if (fmInitialized) { term_raw(); @@ -394,7 +395,7 @@ openFTPStream(ParsedURL *pu, URLFile *uf) return NULL; } if (add_auth_cookie_flag) - add_auth_cookie(pu->host, pu->port, pu->file, pu->user, pwd); + add_auth_user_passwd(pu, NULL, uname, pwd, 0); ftp_read: ftp_command(¤t_ftp, "TYPE", "I", &status); @@ -1,4 +1,4 @@ -/* $Id: proto.h,v 1.98 2004/03/23 16:44:02 ukai Exp $ */ +/* $Id: proto.h,v 1.99 2004/04/16 18:47:19 ukai Exp $ */ /* * This file was automatically generated by version 1.7 of cextract. * Manual editing not recommended. @@ -617,9 +617,10 @@ extern void loadPasswd(void); extern void loadPreForm(void); extern int find_auth_user_passwd(ParsedURL *pu, char *realm, Str *uname, Str *pwd, int is_proxy); -extern Str find_auth_cookie(char *host, int port, char *file, char *realm); -extern void add_auth_cookie(char *host, int port, char *file, char *realm, - Str cookie); +extern void add_auth_user_passwd(ParsedURL *pu, char *realm, + Str uname, Str pwd, int is_proxy); +extern void invalidate_auth_user_passwd(ParsedURL *pu, char *realm, + Str uname, Str pwd, int is_proxy); extern char *last_modified(Buffer *buf); extern Str romanNumeral(int n); extern Str romanAlphabet(int n); @@ -1,4 +1,4 @@ -/* $Id: url.c,v 1.88 2004/03/30 18:06:43 ukai Exp $ */ +/* $Id: url.c,v 1.89 2004/04/16 18:47:19 ukai Exp $ */ #include "fm.h" #include <sys/types.h> #include <sys/socket.h> @@ -1400,33 +1400,6 @@ HTTPrequest(ParsedURL *pu, ParsedURL *current, HRequest *hr, TextList *extra) Strcat_charp(tmp, i->ptr); } - if (!seen_www_auth -#ifdef USE_SSL - && hr->command != HR_COMMAND_CONNECT -#endif - ) { - Str auth_cookie = find_auth_cookie(pu->host, pu->port, pu->file, NULL); - if (auth_cookie) - Strcat_m_charp(tmp, "Authorization: ", auth_cookie->ptr, - "\r\n", NULL); - } - - if (!seen_proxy_auth && (hr->flag & HR_FLAG_PROXY) -#ifdef USE_SSL - && (pu->scheme != SCM_HTTPS || hr->command == HR_COMMAND_CONNECT) -#endif - ) { - ParsedURL *proxy_pu = schemeToProxy(pu->scheme); - Str auth_cookie = - find_auth_cookie(proxy_pu->host, proxy_pu->port, proxy_pu->file, - NULL); - if (!auth_cookie && proxy_auth_cookie) - auth_cookie = proxy_auth_cookie; - if (auth_cookie) - Strcat_m_charp(tmp, "Proxy-Authorization: ", auth_cookie->ptr, - "\r\n", NULL); - } - #ifdef USE_COOKIE if (hr->command != HR_COMMAND_CONNECT && use_cookie && (cookie = find_cookie(pu))) { |