/* MODULE HTAAUtil.c
* COMMON PARTS OF ACCESS AUTHORIZATION MODULE
* FOR BOTH SERVER AND BROWSER
*
* IMPORTANT:
* Routines in this module use dynamic allocation, but free
* automatically all the memory reserved by them.
*
* Therefore the caller never has to (and never should)
* free() any object returned by these functions.
*
* Therefore also all the strings returned by this package
* are only valid until the next call to the same function
* is made. This approach is selected, because of the nature
* of access authorization: no string returned by the package
* needs to be valid longer than until the next call.
*
* This also makes it easy to plug the AA package in:
* you don't have to ponder whether to free() something
* here or is it done somewhere else (because it is always
* done somewhere else).
*
* The strings that the package needs to store are copied
* so the original strings given as parameters to AA
* functions may be freed or modified with no side effects.
*
* The AA package does not free() anything else than what
* it has itself allocated.
*
* AA (Access Authorization) package means modules which
* names start with HTAA.
*
* AUTHORS:
* AL Ari Luotonen luotonen@dxcern.cern.ch
* MD Mark Donszelmann duns@vxdeop.cern.ch
*
* HISTORY:
* 8 Nov 93 MD (VMS only) Added case insensitive comparison in HTAA_templateCaseMatch
*
*
* BUGS:
*
*
*/
#include <HTUtils.h>
#include <HTAAUtil.h> /* Implemented here */
#include <HTAssoc.h> /* Assoc list */
#include <HTTCP.h>
#include <HTTP.h>
#include <LYStrings.h>
#include <LYLeaks.h>
/* PUBLIC HTAAScheme_enum()
* TRANSLATE SCHEME NAME INTO
* A SCHEME ENUMERATION
*
* ON ENTRY:
* name is a string representing the scheme name.
*
* ON EXIT:
* returns the enumerated constant for that scheme.
*/
HTAAScheme HTAAScheme_enum(const char *name)
{
char *upcased = NULL;
if (!name)
return HTAA_UNKNOWN;
StrAllocCopy(upcased, name);
LYUpperCase(upcased);
if (!strncmp(upcased, "NONE", 4)) {
FREE(upcased);
return HTAA_NONE;
} else if (!strncmp(upcased, "BASIC", 5)) {
FREE(upcased);
return HTAA_BASIC;
} else if (!strncmp(upcased, "PUBKEY", 6)) {
FREE(upcased);
return HTAA_PUBKEY;
} else if (!strncmp(upcased, "KERBEROSV4", 10)) {
FREE(upcased);
return HTAA_KERBEROS_V4;
} else if (!strncmp(upcased, "KERBEROSV5", 10)) {
FREE(upcased);
return HTAA_KERBEROS_V5;
} else {
FREE(upcased);
return HTAA_UNKNOWN;
}
}
/* PUBLIC HTAAScheme_name()
* GET THE NAME OF A GIVEN SCHEME
* ON ENTRY:
* scheme is one of the scheme enum values:
* HTAA_NONE, HTAA_BASIC, HTAA_PUBKEY, ...
*
* ON EXIT:
* returns the name of the scheme, i.e.
* "None", "Basic", "Pubkey", ...
*/
const char *HTAAScheme_name(HTAAScheme scheme)
{
switch (scheme) {
case HTAA_NONE:
return "None";
case HTAA_BASIC:
return "Basic";
case HTAA_PUBKEY:
return "Pubkey";
case HTAA_KERBEROS_V4:
return "KerberosV4";
case HTAA_KERBEROS_V5:
return "KerberosV5";
case HTAA_UNKNOWN:
return "UNKNOWN";
default:
return "THIS-IS-A-BUG";
}
}
/* PUBLIC HTAAMethod_enum()
* TRANSLATE METHOD NAME INTO AN ENUMERATED VALUE
* ON ENTRY:
* name is the method name to translate.
*
* ON EXIT:
* returns HTAAMethod enumerated value corresponding
* to the given name.
*/
HTAAMethod HTAAMethod_enum(const char *name)
{
if (!name)
return METHOD_UNKNOWN;
if (0 == strcasecomp(name, "GET"))
return METHOD_GET;
else if (0 == strcasecomp(name, "PUT"))
return METHOD_PUT;
else
return METHOD_UNKNOWN;
}
/* PUBLIC HTAAMethod_name()
* GET THE NAME OF A GIVEN METHOD
* ON ENTRY:
* method is one of the method enum values:
* METHOD_GET, METHOD_PUT, ...
*
* ON EXIT:
* returns the name of the scheme, i.e.
* "GET", "PUT", ...
*/
const char *HTAAMethod_name(HTAAMethod method)
{
switch (method) {
case METHOD_GET:
return "GET";
case METHOD_PUT:
return "PUT";
case METHOD_UNKNOWN:
return "UNKNOWN";
default:
return "THIS-IS-A-BUG";
}
}
/* PUBLIC HTAAMethod_inList()
* IS A METHOD IN A LIST OF METHOD NAMES
* ON ENTRY:
* method is the method to look for.
* list is a list of method names.
*
* ON EXIT:
* returns YES, if method was found.
* NO, if not found.
*/
BOOL HTAAMethod_inList(HTAAMethod method, HTList *list)
{
HTList *cur = list;
char *item;
while (NULL != (item = (char *) HTList_nextObject(cur))) {
CTRACE((tfp, " %s", item));
if (method == HTAAMethod_enum(item))
return YES;
}
return NO; /* Not found */
}
/* PUBLIC HTAA_templateMatch()
* STRING COMPARISON FUNCTION FOR FILE NAMES
* WITH ONE WILDCARD * IN THE TEMPLATE
* NOTE:
* This is essentially the same code as in HTRules.c, but it
* cannot be used because it is embedded in between other code.
* (In fact, HTRules.c should use this routine, but then this
* routine would have to be more sophisticated... why is life
* sometimes so hard...)
*
* ON ENTRY:
* ctemplate is a template string to match the file name
* against, may contain a single wildcard
* character * which matches zero or more
* arbitrary characters.
* filename is the filename (or pathname) to be matched
* against the template.
*
* ON EXIT:
* returns YES, if filename matches the template.
* NO, otherwise.
*/
BOOL HTAA_templateMatch(const char *ctemplate,
const char *filename)
{
const char *p = ctemplate;
const char *q = filename;
int m;
for (; *p && *q && *p == *q; p++, q++) /* Find first mismatch */
; /* do nothing else */
if (!*p && !*q)
return YES; /* Equally long equal strings */
else if ('*' == *p) { /* Wildcard */
p++; /* Skip wildcard character */
m = strlen(q) - strlen(p); /* Amount to match to wildcard */
if (m < 0)
return NO; /* No match, filename too short */
else { /* Skip the matched characters and compare */
if (strcmp(p, q + m))
return NO; /* Tail mismatch */
else
return YES; /* Tail match */
}
/* if wildcard */
} else
return NO; /* Length or character mismatch */
}
/* PUBLIC HTAA_templateCaseMatch()
* STRING COMPARISON FUNCTION FOR FILE NAMES
* WITH ONE WILDCARD * IN THE TEMPLATE (Case Insensitive)
* NOTE:
* This is essentially the same code as in HTAA_templateMatch, but
* it compares case insensitive (for VMS). Reason for this routine
* is that HTAA_templateMatch gets called from several places, also
* there where a case sensitive match is needed, so one cannot just
* change the HTAA_templateMatch routine for VMS.
*
* ON ENTRY:
* template is a template string to match the file name
* against, may contain a single wildcard
* character * which matches zero or more
* arbitrary characters.
* filename is the filename (or pathname) to be matched
* against the template.
*
* ON EXIT:
* returns YES, if filename matches the template.
* NO, otherwise.
*/
BOOL HTAA_templateCaseMatch(const char *ctemplate,
const char *filename)
{
const char *p = ctemplate;
const char *q = filename;
int m;
/* Find first mismatch */
for (; *p && *q && TOUPPER(*p) == TOUPPER(*q); p++, q++) ; /* do nothing else */
if (!*p && !*q)
return YES; /* Equally long equal strings */
else if ('*' == *p) { /* Wildcard */
p++; /* Skip wildcard character */
m = strlen(q) - strlen(p); /* Amount to match to wildcard */
if (m < 0)
return NO; /* No match, filename too short */
else { /* Skip the matched characters and compare */
if (strcasecomp(p, q + m))
return NO; /* Tail mismatch */
else
return YES; /* Tail match */
}
/* if wildcard */
} else
return NO; /* Length or character mismatch */
}
/* PUBLIC HTAA_makeProtectionTemplate()
* CREATE A PROTECTION TEMPLATE FOR THE FILES
* IN THE SAME DIRECTORY AS THE GIVEN FILE
* (Used by server if there is no fancier way for
* it to tell the client, and by browser if server
* didn't send WWW-ProtectionTemplate: field)
* ON ENTRY:
* docname is the document pathname (from URL).
*
* ON EXIT:
* returns a template matching docname, and other files
* files in that directory.
*
* E.g. /foo/bar/x.html => /foo/bar/ *
* ^
* Space only to prevent it from
* being a comment marker here,
* there really isn't any space.
*/
char *HTAA_makeProtectionTemplate(const char *docname)
{
char *ctemplate = NULL;
char *slash = NULL;
if (docname) {
StrAllocCopy(ctemplate, docname);
slash = strrchr(ctemplate, '/');
if (slash)
slash++;
else
slash = ctemplate;
*slash = '\0';
StrAllocCat(ctemplate, "*");
} else
StrAllocCopy(ctemplate, "*");
CTRACE((tfp, "make_template: made template `%s' for file `%s'\n",
ctemplate, docname));
return ctemplate;
}
/*
* Skip leading whitespace from *s forward
*/
#define SKIPWS(s) while (*s==' ' || *s=='\t') s++;
/*
* Kill trailing whitespace starting from *(s-1) backwards
*/
#define KILLWS(s) {char *c=s-1; while (*c==' ' || *c=='\t') *(c--)='\0';}
/* PUBLIC HTAA_parseArgList()
* PARSE AN ARGUMENT LIST GIVEN IN A HEADER FIELD
* ON ENTRY:
* str is a comma-separated list:
*
* item, item, item
* where
* item ::= value
* | name=value
* | name="value"
*
* Leading and trailing whitespace is ignored
* everywhere except inside quotes, so the following
* examples are equal:
*
* name=value,foo=bar
* name="value",foo="bar"
* name = value , foo = bar
* name = "value" , foo = "bar"
*
* ON EXIT:
* returns a list of name-value pairs (actually HTAssocList*).
* For items with no name, just value, the name is
* the number of order number of that item. E.g.
* "1" for the first, etc.
*/
HTAssocList *HTAA_parseArgList(char *str)
{
HTAssocList *assoc_list = HTAssocList_new();
char *cur = NULL;
char *name = NULL;
int n = 0;
if (!str)
return assoc_list;
while (*str) {
SKIPWS(str); /* Skip leading whitespace */
cur = str;
n++;
while (*cur && *cur != '=' && *cur != ',')
cur++; /* Find end of name (or lonely value without a name) */
KILLWS(cur); /* Kill trailing whitespace */
if (*cur == '=') { /* Name followed by a value */
*(cur++) = '\0'; /* Terminate name */
StrAllocCopy(name, str);
SKIPWS(cur); /* Skip WS leading the value */
str = cur;
if (*str == '"') { /* Quoted value */
str++;
cur = str;
while (*cur && *cur != '"')
cur++;
if (*cur == '"')
*(cur++) = '\0'; /* Terminate value */
/* else it is lacking terminating quote */
SKIPWS(cur); /* Skip WS leading comma */
if (*cur == ',')
cur++; /* Skip separating colon */
} else { /* Unquoted value */
while (*cur && *cur != ',')
cur++;
KILLWS(cur); /* Kill trailing whitespace */
if (*cur == ',')
*(cur++) = '\0';
/* else *cur already NULL */
}
} else { /* No name, just a value */
if (*cur == ',')
*(cur++) = '\0'; /* Terminate value */
/* else last value on line (already terminated by NULL) */
HTSprintf0(&name, "%d", n); /* Item order number for name */
}
HTAssocList_add(assoc_list, name, str);
str = cur;
} /* while *str */
FREE(name);
return assoc_list;
}
/************** HEADER LINE READER -- DOES UNFOLDING *************************/
#define BUFFER_SIZE 1024
static size_t buffer_length;
static char *buffer = 0;
static char *start_pointer;
static char *end_pointer;
static int in_soc = -1;
#ifdef LY_FIND_LEAKS
static void FreeHTAAUtil(void)
{
FREE(buffer);
}
#endif /* LY_FIND_LEAKS */
/* PUBLIC HTAA_setupReader()
* SET UP HEADER LINE READER, i.e., give
* the already-read-but-not-yet-processed
* buffer of text to be read before more
* is read from the socket.
* ON ENTRY:
* start_of_headers is a pointer to a buffer containing
* the beginning of the header lines
* (rest will be read from a socket).
* length is the number of valid characters in
* 'start_of_headers' buffer.
* soc is the socket to use when start_of_headers
* buffer is used up.
* ON EXIT:
* returns nothing.
* Subsequent calls to HTAA_getUnfoldedLine()
* will use this buffer first and then
* proceed to read from socket.
*/
void HTAA_setupReader(char *start_of_headers,
int length,
int soc)
{
if (!start_of_headers)
length = 0; /* initialize length (is this reached at all?) */
if (buffer == NULL) { /* first call? */
buffer_length = length;
if (buffer_length < BUFFER_SIZE) /* would fall below BUFFER_SIZE? */
buffer_length = BUFFER_SIZE;
buffer = (char *) malloc((size_t) (sizeof(char) * (buffer_length + 1)));
} else if (length > (int) buffer_length) { /* need more space? */
buffer_length = length;
buffer = (char *) realloc((char *) buffer,
(size_t) (sizeof(char) * (buffer_length + 1)));
}
if (buffer == NULL)
outofmem(__FILE__, "HTAA_setupReader");
#ifdef LY_FIND_LEAKS
atexit(FreeHTAAUtil);
#endif
start_pointer = buffer;
if (start_of_headers) {
strncpy(buffer, start_of_headers, length);
buffer[length] = '\0';
end_pointer = buffer + length;
} else {
*start_pointer = '\0';
end_pointer = start_pointer;
}
in_soc = soc;
}
/* PUBLIC HTAA_getUnfoldedLine()
* READ AN UNFOLDED HEADER LINE FROM SOCKET
* ON ENTRY:
* HTAA_setupReader must absolutely be called before
* this function to set up internal buffer.
*
* ON EXIT:
* returns a newly-allocated character string representing
* the read line. The line is unfolded, i.e.
* lines that begin with whitespace are appended
* to current line. E.g.
*
* Field-Name: Blaa-Blaa
* This-Is-A-Continuation-Line
* Here-Is_Another
*
* is seen by the caller as:
*
* Field-Name: Blaa-Blaa This-Is-A-Continuation-Line Here-Is_Another
*
*/
char *HTAA_getUnfoldedLine(void)
{
char *line = NULL;
char *cur;
int count;
BOOL peek_for_folding = NO;
if (in_soc < 0) {
CTRACE((tfp, "%s %s\n",
"HTAA_getUnfoldedLine: buffer not initialized",
"with function HTAA_setupReader()"));
return NULL;
}
for (;;) {
/* Reading from socket */
if (start_pointer >= end_pointer) { /*Read the next block and continue */
#ifdef USE_SSL
if (SSL_handle)
count = SSL_read(SSL_handle, buffer, BUFFER_SIZE);
else
count = NETREAD(in_soc, buffer, BUFFER_SIZE);
#else
count = NETREAD(in_soc, buffer, BUFFER_SIZE);
#endif /* USE_SSL */
if (count <= 0) {
in_soc = -1;
return line;
}
start_pointer = buffer;
end_pointer = buffer + count;
*end_pointer = '\0';
#ifdef NOT_ASCII
cur = start_pointer;
while (cur < end_pointer) {
*cur = TOASCII(*cur);
cur++;
}
#endif /*NOT_ASCII */
}
cur = start_pointer;
/* Unfolding */
if (peek_for_folding) {
if (*cur != ' ' && *cur != '\t')
return line; /* Ok, no continuation line */
else /* So this is a continuation line, continue */
peek_for_folding = NO;
}
/* Finding end-of-line */
while (cur < end_pointer && *cur != '\n') /* Find the end-of-line */
cur++; /* (or end-of-buffer). */
/* Terminating line */
if (cur < end_pointer) { /* So *cur==LF, terminate line */
*cur = '\0'; /* Overwrite LF */
if (*(cur - 1) == '\r')
*(cur - 1) = '\0'; /* Overwrite CR */
peek_for_folding = YES; /* Check for a continuation line */
}
/* Copying the result */
if (line)
StrAllocCat(line, start_pointer); /* Append */
else
StrAllocCopy(line, start_pointer); /* A new line */
start_pointer = cur + 1; /* Skip the read line */
} /* forever */
}