about summary refs log tree commit diff stats
path: root/WWW/Library/Implementation/HTAAServ.c
diff options
context:
space:
mode:
Diffstat (limited to 'WWW/Library/Implementation/HTAAServ.c')
-rw-r--r--WWW/Library/Implementation/HTAAServ.c166
1 files changed, 107 insertions, 59 deletions
diff --git a/WWW/Library/Implementation/HTAAServ.c b/WWW/Library/Implementation/HTAAServ.c
index c081a3fa..98779830 100644
--- a/WWW/Library/Implementation/HTAAServ.c
+++ b/WWW/Library/Implementation/HTAAServ.c
@@ -43,6 +43,9 @@
 
 #include <HTUtils.h>
 
+/*#include <stdio.h> included by HTUtils.h -- FM *//* FILE */
+#include <string.h>		/* strchr() */
+
 #include <HTString.h>
 #include <HTAccess.h>		/* HTSecure			*/
 #include <HTFile.h>		/* HTLocalName			*/
@@ -89,34 +92,45 @@ PUBLIC char *HTAA_statusMessage NOARGS
     /* 401 cases */
       case HTAA_NO_AUTH:
 	return "Unauthorized -- authentication failed";
+	break;
       case HTAA_NOT_MEMBER:
 	return "Unauthorized to access the document";
+	break;
 
     /* 403 cases */
       case HTAA_BY_RULE:
 	return "Forbidden -- by rule";
+	break;
       case HTAA_IP_MASK:
 	return "Forbidden -- server refuses to serve to your IP address";
+	break;
       case HTAA_NO_ACL:
       case HTAA_NO_ENTRY:
 	return "Forbidden -- access to file is never allowed";
+	break;
       case HTAA_SETUP_ERROR:
 	return "Forbidden -- server protection setup error";
+	break;
       case HTAA_DOTDOT:
 	return "Forbidden -- URL containing /../ disallowed";
+	break;
       case HTAA_HTBIN:
 	return "Forbidden -- /htbin feature not enabled on this server";
+	break;
 
     /* 404 cases */
       case HTAA_NOT_FOUND:
 	return "Not found -- file doesn't exist or is read protected";
+	break;
 
     /* Success */
       case HTAA_OK:
 	return "AA: Access should be ok but something went wrong";
+	break;
 
       case HTAA_OK_GATEWAY:
 	return "AA check bypassed (gatewaying) but something went wrong";
+	break;
 
     /* Others */
       default:
@@ -133,34 +147,46 @@ PRIVATE char *status_name ARGS1(HTAAFailReasonType, reason)
     /* 401 cases */
       case HTAA_NO_AUTH:
 	return "NO-AUTHENTICATION";
+	break;
       case HTAA_NOT_MEMBER:
 	return "NOT-AUTHORIZED";
+	break;
 
     /* 403 cases */
       case HTAA_BY_RULE:
 	return "FORB-RULE";
+	break;
       case HTAA_IP_MASK:
 	return "FORB-IP";
+	break;
       case HTAA_NO_ACL:
 	return "NO-ACL-FILE";
+	break;
       case HTAA_NO_ENTRY:
 	return "NO-ACL-ENTRY";
+	break;
       case HTAA_SETUP_ERROR:
 	return "SETUP-ERROR";
+	break;
       case HTAA_DOTDOT:
 	return "SLASH-DOT-DOT";
+	break;
       case HTAA_HTBIN:
 	return "HTBIN-OFF";
+	break;
 
     /* 404 cases */
       case HTAA_NOT_FOUND:
 	return "NOT-FOUND";
+	break;
 
     /* Success */
       case HTAA_OK:
 	return "OK";
+	break;
       case HTAA_OK_GATEWAY:
 	return "OK-GATEWAY";
+	break;
 
     /* Others */
       default:
@@ -203,12 +229,14 @@ PRIVATE HTAAFailReasonType check_authorization ARGS4(CONST char *,  pathname,
     htaa_user = NULL;
 
     if (!pathname) {
-	CTRACE(tfp, "HTAA_checkAuthorization: Forbidden by rule\n");
+	if (TRACE)
+	    fprintf(stderr, "HTAA_checkAuthorization: Forbidden by rule\n");
 	return HTAA_BY_RULE;
     }
-    CTRACE(tfp, "%s `%s' %s %s\n",
-		"HTAA_checkAuthorization: translated path:",
-		pathname, "method:", HTAAMethod_name(method));
+    if (TRACE)
+	fprintf(stderr, "%s `%s' %s %s\n",
+			"HTAA_checkAuthorization: translated path:",
+			pathname, "method:", HTAAMethod_name(method));
 
     /*
     ** Get protection setting (set up by callbacks from rule system)
@@ -235,9 +263,10 @@ PRIVATE HTAAFailReasonType check_authorization ARGS4(CONST char *,  pathname,
 		    htaa_user = HTAA_authenticate(scheme,
 						  scheme_specifics,
 						  prot);
-		    CTRACE(tfp, "Authentication returned: %s\n",
-				(htaa_user ? htaa_user->username
-					   : "NOT-AUTHENTICATED"));
+		    if (TRACE)
+			fprintf(stderr, "Authentication returned: %s\n",
+					(htaa_user ? htaa_user->username
+						   : "NOT-AUTHENTICATED"));
 		}
 		HTAA_resolveGroupReferences(prot->mask_group, group_def_list);
 		reason = HTAA_userAndInetInGroup(prot->mask_group,
@@ -245,13 +274,14 @@ PRIVATE HTAAFailReasonType check_authorization ARGS4(CONST char *,  pathname,
 						  ? htaa_user->username : "",
 						 HTClientHost,
 						 NULL);
-		if (reason != HTAA_OK) {
-		    CTRACE(tfp, "%s %s %s %s\n",
+		if (TRACE) {
+		    if (reason != HTAA_OK)
+			fprintf(stderr, "%s %s %s %s\n",
 				"HTAA_checkAuthorization: access denied",
 				"by mask (no ACL, only Protect rule)",
 				"host", HTClientHost);
-		} else {
-		    CTRACE(tfp, "%s %s %s %s\n",
+		    else
+			fprintf(stderr, "%s %s %s %s\n",
 				"HTAA_checkAuthorization: request from",
 				HTClientHost,
 				"accepted by only mask match (no ACL, only",
@@ -260,15 +290,17 @@ PRIVATE HTAAFailReasonType check_authorization ARGS4(CONST char *,  pathname,
 		return reason;
 	    }
 	    else {	/* 403 Forbidden */
-		CTRACE(tfp, "%s %s\n",
-			    "HTAA_checkAuthorization: Protected, but",
-			    "no mask group nor ACL -- forbidden");
+		if (TRACE)
+		    fprintf(stderr, "%s %s\n",
+				    "HTAA_checkAuthorization: Protected, but",
+				    "no mask group nor ACL -- forbidden");
 		return HTAA_NO_ACL;
 	    }
 	}
 	else { /* No protect rule and no ACL => OK 200 */
-	    CTRACE(tfp, "HTAA_checkAuthorization: %s\n",
-			"no protect rule nor ACL -- ok\n");
+	    if (TRACE)
+		fprintf(stderr, "HTAA_checkAuthorization: %s\n",
+				"no protect rule nor ACL -- ok\n");
 	    return HTAA_OK;
 	}
     }
@@ -277,13 +309,15 @@ PRIVATE HTAAFailReasonType check_authorization ARGS4(CONST char *,  pathname,
     ** Now we know that ACL exists
     */
     if (!prot) {		/* Not protected by "protect" rule */
-	CTRACE(tfp, "HTAA_checkAuthorization: default protection\n");
+	if (TRACE)
+	    fprintf(stderr, "HTAA_checkAuthorization: default protection\n");
 	prot = HTAA_getDefaultProtection(); /* Also sets current protection */
 
 	if (!prot) {		/* @@ Default protection not set ?? */
-	    CTRACE(tfp, "%s %s\n",
-			"HTAA_checkAuthorization: default protection",
-			"not set (internal server error)!!");
+	    if (TRACE)
+		fprintf(stderr, "%s %s\n",
+				"HTAA_checkAuthorization: default protection",
+				"not set (internal server error)!!");
 	    return HTAA_SETUP_ERROR;
 	}
     }
@@ -303,9 +337,10 @@ PRIVATE HTAAFailReasonType check_authorization ARGS4(CONST char *,  pathname,
 	    htaa_user = HTAA_authenticate(scheme,
 					  scheme_specifics,
 					  prot);
-	    CTRACE(tfp, "Authentication returned: %s\n",
-			(htaa_user
-			 ? htaa_user->username : "NOT-AUTHENTICATED"));
+	    if (TRACE)
+		fprintf(stderr, "Authentication returned: %s\n",
+				(htaa_user
+				 ? htaa_user->username : "NOT-AUTHENTICATED"));
 	}
 	/*
 	** Check mask group
@@ -317,18 +352,20 @@ PRIVATE HTAAFailReasonType check_authorization ARGS4(CONST char *,  pathname,
 					   HTClientHost,
 					   NULL);
 	    if (reason != HTAA_OK) {
-		CTRACE(tfp, "%s %s %s\n",
-			    "HTAA_checkAuthorization: access denied",
-			    "by mask, host:", HTClientHost);
+		if (TRACE)
+		    fprintf(stderr, "%s %s %s\n",
+				    "HTAA_checkAuthorization: access denied",
+				    "by mask, host:", HTClientHost);
 		return reason;
 	    }
 	    else {
-		CTRACE(tfp, "%s %s %s %s %s\n",
-			    "HTAA_checkAuthorization: request from",
-			    HTClientHost,
-			    "accepted by just mask group match",
-			    "(no ACL, only Protect rule, and only",
-			    "mask enabled)");
+		if (TRACE)
+		    fprintf(stderr, "%s %s %s %s %s\n",
+				    "HTAA_checkAuthorization: request from",
+				    HTClientHost,
+				    "accepted by just mask group match",
+				    "(no ACL, only Protect rule, and only",
+				    "mask enabled)");
 		/* And continue authorization checking */
 	    }
 	}
@@ -339,8 +376,9 @@ PRIVATE HTAAFailReasonType check_authorization ARGS4(CONST char *,  pathname,
 	*/
 	allowed_groups = HTAA_getAclEntry(acl_file, pathname, method);
 	if (!allowed_groups) {
-	    CTRACE(tfp, "%s `%s' %s\n",
-			"No entry for file", pathname, "in ACL");
+	    if (TRACE)
+		fprintf(stderr, "%s `%s' %s\n",
+				"No entry for file", pathname, "in ACL");
 	    HTAA_closeAcl(acl_file);
 	    return HTAA_NO_ENTRY;  /* Forbidden -- no entry in the ACL */
 	}
@@ -420,8 +458,9 @@ PUBLIC int HTAA_checkAuthorization ARGS4(CONST char *,	url,
     ** be a security hole.
     */
     if (strstr(local_copy, "/../")) {
-	CTRACE(tfp, "HTAA_checkAuthorization: %s (`%s')\n",
-		    "Illegal attempt to use /../", url);
+	if (TRACE)
+	    fprintf(stderr, "HTAA_checkAuthorization: %s (`%s')\n",
+			    "Illegal attempt to use /../", url);
 	HTAAFailReason = HTAA_DOTDOT;
     }
     else {
@@ -443,7 +482,8 @@ PUBLIC int HTAA_checkAuthorization ARGS4(CONST char *,	url,
 	}
 
 	if (!pathname) {		/* Forbidden by rule */
-	    CTRACE(tfp, "HTAA_checkAuthorization: Forbidden by rule\n");
+	    if (TRACE)
+		fprintf(stderr, "HTAA_checkAuthorization: Forbidden by rule\n");
 	    HTAAFailReason = HTAA_BY_RULE;
 	}
 	else if (HTAAFailReason != HTAA_HTBIN) {
@@ -460,7 +500,9 @@ PUBLIC int HTAA_checkAuthorization ARGS4(CONST char *,	url,
 	    }
 	    else {  /* Not local access */
 		HTAAFailReason = HTAA_OK_GATEWAY;
-		CTRACE(tfp, "HTAA_checkAuthorization: %s (%s access)\n",
+		if (TRACE)
+		    fprintf(stderr,
+			    "HTAA_checkAuthorization: %s (%s access)\n",
 			    "Gatewaying -- skipping authorization check",
 			    acc_method);
 	    }
@@ -479,14 +521,15 @@ PUBLIC int HTAA_checkAuthorization ARGS4(CONST char *,	url,
 		htaa_user && htaa_user->username
 		? htaa_user->username : "");
 	fflush(htaa_logfile);	/* Actually update it on disk */
-	CTRACE(tfp, "Log: %24.24s %s %s %s %s %s\n",
-		    ctime(&theTime),
-		    HTClientHost ? HTClientHost : "local",
-		    method_name,
-		    url,
-		    status_name(HTAAFailReason),
-		    htaa_user && htaa_user->username
-		    ? htaa_user->username : "");
+	if (TRACE)
+	    fprintf(stderr, "Log: %24.24s %s %s %s %s %s\n",
+			    ctime(&theTime),
+			    HTClientHost ? HTClientHost : "local",
+			    method_name,
+			    url,
+			    status_name(HTAAFailReason),
+			    htaa_user && htaa_user->username
+			    ? htaa_user->username : "");
     }
 
     switch (HTAAFailReason) {
@@ -494,6 +537,7 @@ PUBLIC int HTAA_checkAuthorization ARGS4(CONST char *,	url,
       case HTAA_NO_AUTH:
       case HTAA_NOT_MEMBER:
 	return 401;
+	break;
 
       case HTAA_BY_RULE:
       case HTAA_IP_MASK:
@@ -503,13 +547,16 @@ PUBLIC int HTAA_checkAuthorization ARGS4(CONST char *,	url,
       case HTAA_DOTDOT:
       case HTAA_HTBIN:
 	return 403;
+	break;
 
       case HTAA_NOT_FOUND:
 	return 404;
+	break;
 
       case HTAA_OK:
       case HTAA_OK_GATEWAY:
 	return 200;
+	break;
 
       default:
 	return 500;
@@ -546,6 +593,7 @@ PRIVATE char *compose_scheme_specifics ARGS2(HTAAScheme,	scheme,
 		    (realm ? realm : "UNKNOWN"));
 	    return result;
 	}
+	break;
 
       case HTAA_PUBKEY:
 	{
@@ -556,6 +604,7 @@ PRIVATE char *compose_scheme_specifics ARGS2(HTAAScheme,	scheme,
 		    "PUBKEY-NOT-IMPLEMENTED");
 	    return result;
 	}
+	break;
       default:
 	return NULL;
     }
@@ -581,28 +630,28 @@ PRIVATE char *compose_scheme_specifics ARGS2(HTAAScheme,	scheme,
 PUBLIC char *HTAA_composeAuthHeaders NOARGS
 {
     static char *result = NULL;
-    int  n;
+    HTAAScheme scheme;
     char *scheme_name;
     char *scheme_params;
     HTAAProt *prot = HTAA_getCurrentProtection();
 
     if (!prot) {
-	CTRACE(tfp, "%s %s\n",
-		    "HTAA_composeAuthHeaders: Document not protected",
-		    "-- why was this function called??");
+	if (TRACE)
+	    fprintf(stderr, "%s %s\n",
+			    "HTAA_composeAuthHeaders: Document not protected",
+			    "-- why was this function called??");
 	return NULL;
-    } else {
-	CTRACE(tfp, "HTAA_composeAuthHeaders: for file `%s'\n",
-		    prot->filename);
     }
+    else if (TRACE)
+	fprintf(stderr, "HTAA_composeAuthHeaders: for file `%s'\n",
+			prot->filename);
 
     FREE(result);	/* From previous call */
     if (!(result = (char*)malloc(4096)))	/* @@ */
 	outofmem(__FILE__, "HTAA_composeAuthHeaders");
     *result = '\0';
 
-    for (n = 0; n < (int) HTAA_MAX_SCHEMES; n++) {
-	HTAAScheme scheme = (HTAAScheme) n;
+    for (scheme=0; scheme < HTAA_MAX_SCHEMES; scheme++) {
 	if (-1 < HTList_indexOf(prot->valid_schemes, (void*)scheme)) {
 	    if ((scheme_name = HTAAScheme_name(scheme))) {
 		scheme_params = compose_scheme_specifics(scheme,prot);
@@ -614,10 +663,9 @@ PUBLIC char *HTAA_composeAuthHeaders NOARGS
 		}
 		strcat(result, "\r\n");
 	    } /* scheme name found */
-	    else {
-		CTRACE(tfp, "HTAA_composeAuthHeaders: %s %d\n",
-			    "No name found for scheme number", scheme);
-	    }
+	    else if (TRACE)
+		fprintf(stderr, "HTAA_composeAuthHeaders: %s %d\n",
+				"No name found for scheme number", scheme);
 	} /* scheme valid for requested document */
     } /* for every scheme */