From 18024037b515bfff83e0230b35151babe6005e18 Mon Sep 17 00:00:00 2001 From: "Thomas E. Dickey" Date: Fri, 6 Nov 1998 16:18:09 -0500 Subject: snapshot of project "lynx", label v2-8-1dev_4 --- WWW/Library/Implementation/HTAAServ.c | 166 ++++++++++++++++++++++------------ 1 file changed, 107 insertions(+), 59 deletions(-) (limited to 'WWW/Library/Implementation/HTAAServ.c') diff --git a/WWW/Library/Implementation/HTAAServ.c b/WWW/Library/Implementation/HTAAServ.c index c081a3fa..98779830 100644 --- a/WWW/Library/Implementation/HTAAServ.c +++ b/WWW/Library/Implementation/HTAAServ.c @@ -43,6 +43,9 @@ #include +/*#include included by HTUtils.h -- FM *//* FILE */ +#include /* strchr() */ + #include #include /* HTSecure */ #include /* HTLocalName */ @@ -89,34 +92,45 @@ PUBLIC char *HTAA_statusMessage NOARGS /* 401 cases */ case HTAA_NO_AUTH: return "Unauthorized -- authentication failed"; + break; case HTAA_NOT_MEMBER: return "Unauthorized to access the document"; + break; /* 403 cases */ case HTAA_BY_RULE: return "Forbidden -- by rule"; + break; case HTAA_IP_MASK: return "Forbidden -- server refuses to serve to your IP address"; + break; case HTAA_NO_ACL: case HTAA_NO_ENTRY: return "Forbidden -- access to file is never allowed"; + break; case HTAA_SETUP_ERROR: return "Forbidden -- server protection setup error"; + break; case HTAA_DOTDOT: return "Forbidden -- URL containing /../ disallowed"; + break; case HTAA_HTBIN: return "Forbidden -- /htbin feature not enabled on this server"; + break; /* 404 cases */ case HTAA_NOT_FOUND: return "Not found -- file doesn't exist or is read protected"; + break; /* Success */ case HTAA_OK: return "AA: Access should be ok but something went wrong"; + break; case HTAA_OK_GATEWAY: return "AA check bypassed (gatewaying) but something went wrong"; + break; /* Others */ default: @@ -133,34 +147,46 @@ PRIVATE char *status_name ARGS1(HTAAFailReasonType, reason) /* 401 cases */ case HTAA_NO_AUTH: return "NO-AUTHENTICATION"; + break; case HTAA_NOT_MEMBER: return "NOT-AUTHORIZED"; + break; /* 403 cases */ case HTAA_BY_RULE: return "FORB-RULE"; + break; case HTAA_IP_MASK: return "FORB-IP"; + break; case HTAA_NO_ACL: return "NO-ACL-FILE"; + break; case HTAA_NO_ENTRY: return "NO-ACL-ENTRY"; + break; case HTAA_SETUP_ERROR: return "SETUP-ERROR"; + break; case HTAA_DOTDOT: return "SLASH-DOT-DOT"; + break; case HTAA_HTBIN: return "HTBIN-OFF"; + break; /* 404 cases */ case HTAA_NOT_FOUND: return "NOT-FOUND"; + break; /* Success */ case HTAA_OK: return "OK"; + break; case HTAA_OK_GATEWAY: return "OK-GATEWAY"; + break; /* Others */ default: @@ -203,12 +229,14 @@ PRIVATE HTAAFailReasonType check_authorization ARGS4(CONST char *, pathname, htaa_user = NULL; if (!pathname) { - CTRACE(tfp, "HTAA_checkAuthorization: Forbidden by rule\n"); + if (TRACE) + fprintf(stderr, "HTAA_checkAuthorization: Forbidden by rule\n"); return HTAA_BY_RULE; } - CTRACE(tfp, "%s `%s' %s %s\n", - "HTAA_checkAuthorization: translated path:", - pathname, "method:", HTAAMethod_name(method)); + if (TRACE) + fprintf(stderr, "%s `%s' %s %s\n", + "HTAA_checkAuthorization: translated path:", + pathname, "method:", HTAAMethod_name(method)); /* ** Get protection setting (set up by callbacks from rule system) @@ -235,9 +263,10 @@ PRIVATE HTAAFailReasonType check_authorization ARGS4(CONST char *, pathname, htaa_user = HTAA_authenticate(scheme, scheme_specifics, prot); - CTRACE(tfp, "Authentication returned: %s\n", - (htaa_user ? htaa_user->username - : "NOT-AUTHENTICATED")); + if (TRACE) + fprintf(stderr, "Authentication returned: %s\n", + (htaa_user ? htaa_user->username + : "NOT-AUTHENTICATED")); } HTAA_resolveGroupReferences(prot->mask_group, group_def_list); reason = HTAA_userAndInetInGroup(prot->mask_group, @@ -245,13 +274,14 @@ PRIVATE HTAAFailReasonType check_authorization ARGS4(CONST char *, pathname, ? htaa_user->username : "", HTClientHost, NULL); - if (reason != HTAA_OK) { - CTRACE(tfp, "%s %s %s %s\n", + if (TRACE) { + if (reason != HTAA_OK) + fprintf(stderr, "%s %s %s %s\n", "HTAA_checkAuthorization: access denied", "by mask (no ACL, only Protect rule)", "host", HTClientHost); - } else { - CTRACE(tfp, "%s %s %s %s\n", + else + fprintf(stderr, "%s %s %s %s\n", "HTAA_checkAuthorization: request from", HTClientHost, "accepted by only mask match (no ACL, only", @@ -260,15 +290,17 @@ PRIVATE HTAAFailReasonType check_authorization ARGS4(CONST char *, pathname, return reason; } else { /* 403 Forbidden */ - CTRACE(tfp, "%s %s\n", - "HTAA_checkAuthorization: Protected, but", - "no mask group nor ACL -- forbidden"); + if (TRACE) + fprintf(stderr, "%s %s\n", + "HTAA_checkAuthorization: Protected, but", + "no mask group nor ACL -- forbidden"); return HTAA_NO_ACL; } } else { /* No protect rule and no ACL => OK 200 */ - CTRACE(tfp, "HTAA_checkAuthorization: %s\n", - "no protect rule nor ACL -- ok\n"); + if (TRACE) + fprintf(stderr, "HTAA_checkAuthorization: %s\n", + "no protect rule nor ACL -- ok\n"); return HTAA_OK; } } @@ -277,13 +309,15 @@ PRIVATE HTAAFailReasonType check_authorization ARGS4(CONST char *, pathname, ** Now we know that ACL exists */ if (!prot) { /* Not protected by "protect" rule */ - CTRACE(tfp, "HTAA_checkAuthorization: default protection\n"); + if (TRACE) + fprintf(stderr, "HTAA_checkAuthorization: default protection\n"); prot = HTAA_getDefaultProtection(); /* Also sets current protection */ if (!prot) { /* @@ Default protection not set ?? */ - CTRACE(tfp, "%s %s\n", - "HTAA_checkAuthorization: default protection", - "not set (internal server error)!!"); + if (TRACE) + fprintf(stderr, "%s %s\n", + "HTAA_checkAuthorization: default protection", + "not set (internal server error)!!"); return HTAA_SETUP_ERROR; } } @@ -303,9 +337,10 @@ PRIVATE HTAAFailReasonType check_authorization ARGS4(CONST char *, pathname, htaa_user = HTAA_authenticate(scheme, scheme_specifics, prot); - CTRACE(tfp, "Authentication returned: %s\n", - (htaa_user - ? htaa_user->username : "NOT-AUTHENTICATED")); + if (TRACE) + fprintf(stderr, "Authentication returned: %s\n", + (htaa_user + ? htaa_user->username : "NOT-AUTHENTICATED")); } /* ** Check mask group @@ -317,18 +352,20 @@ PRIVATE HTAAFailReasonType check_authorization ARGS4(CONST char *, pathname, HTClientHost, NULL); if (reason != HTAA_OK) { - CTRACE(tfp, "%s %s %s\n", - "HTAA_checkAuthorization: access denied", - "by mask, host:", HTClientHost); + if (TRACE) + fprintf(stderr, "%s %s %s\n", + "HTAA_checkAuthorization: access denied", + "by mask, host:", HTClientHost); return reason; } else { - CTRACE(tfp, "%s %s %s %s %s\n", - "HTAA_checkAuthorization: request from", - HTClientHost, - "accepted by just mask group match", - "(no ACL, only Protect rule, and only", - "mask enabled)"); + if (TRACE) + fprintf(stderr, "%s %s %s %s %s\n", + "HTAA_checkAuthorization: request from", + HTClientHost, + "accepted by just mask group match", + "(no ACL, only Protect rule, and only", + "mask enabled)"); /* And continue authorization checking */ } } @@ -339,8 +376,9 @@ PRIVATE HTAAFailReasonType check_authorization ARGS4(CONST char *, pathname, */ allowed_groups = HTAA_getAclEntry(acl_file, pathname, method); if (!allowed_groups) { - CTRACE(tfp, "%s `%s' %s\n", - "No entry for file", pathname, "in ACL"); + if (TRACE) + fprintf(stderr, "%s `%s' %s\n", + "No entry for file", pathname, "in ACL"); HTAA_closeAcl(acl_file); return HTAA_NO_ENTRY; /* Forbidden -- no entry in the ACL */ } @@ -420,8 +458,9 @@ PUBLIC int HTAA_checkAuthorization ARGS4(CONST char *, url, ** be a security hole. */ if (strstr(local_copy, "/../")) { - CTRACE(tfp, "HTAA_checkAuthorization: %s (`%s')\n", - "Illegal attempt to use /../", url); + if (TRACE) + fprintf(stderr, "HTAA_checkAuthorization: %s (`%s')\n", + "Illegal attempt to use /../", url); HTAAFailReason = HTAA_DOTDOT; } else { @@ -443,7 +482,8 @@ PUBLIC int HTAA_checkAuthorization ARGS4(CONST char *, url, } if (!pathname) { /* Forbidden by rule */ - CTRACE(tfp, "HTAA_checkAuthorization: Forbidden by rule\n"); + if (TRACE) + fprintf(stderr, "HTAA_checkAuthorization: Forbidden by rule\n"); HTAAFailReason = HTAA_BY_RULE; } else if (HTAAFailReason != HTAA_HTBIN) { @@ -460,7 +500,9 @@ PUBLIC int HTAA_checkAuthorization ARGS4(CONST char *, url, } else { /* Not local access */ HTAAFailReason = HTAA_OK_GATEWAY; - CTRACE(tfp, "HTAA_checkAuthorization: %s (%s access)\n", + if (TRACE) + fprintf(stderr, + "HTAA_checkAuthorization: %s (%s access)\n", "Gatewaying -- skipping authorization check", acc_method); } @@ -479,14 +521,15 @@ PUBLIC int HTAA_checkAuthorization ARGS4(CONST char *, url, htaa_user && htaa_user->username ? htaa_user->username : ""); fflush(htaa_logfile); /* Actually update it on disk */ - CTRACE(tfp, "Log: %24.24s %s %s %s %s %s\n", - ctime(&theTime), - HTClientHost ? HTClientHost : "local", - method_name, - url, - status_name(HTAAFailReason), - htaa_user && htaa_user->username - ? htaa_user->username : ""); + if (TRACE) + fprintf(stderr, "Log: %24.24s %s %s %s %s %s\n", + ctime(&theTime), + HTClientHost ? HTClientHost : "local", + method_name, + url, + status_name(HTAAFailReason), + htaa_user && htaa_user->username + ? htaa_user->username : ""); } switch (HTAAFailReason) { @@ -494,6 +537,7 @@ PUBLIC int HTAA_checkAuthorization ARGS4(CONST char *, url, case HTAA_NO_AUTH: case HTAA_NOT_MEMBER: return 401; + break; case HTAA_BY_RULE: case HTAA_IP_MASK: @@ -503,13 +547,16 @@ PUBLIC int HTAA_checkAuthorization ARGS4(CONST char *, url, case HTAA_DOTDOT: case HTAA_HTBIN: return 403; + break; case HTAA_NOT_FOUND: return 404; + break; case HTAA_OK: case HTAA_OK_GATEWAY: return 200; + break; default: return 500; @@ -546,6 +593,7 @@ PRIVATE char *compose_scheme_specifics ARGS2(HTAAScheme, scheme, (realm ? realm : "UNKNOWN")); return result; } + break; case HTAA_PUBKEY: { @@ -556,6 +604,7 @@ PRIVATE char *compose_scheme_specifics ARGS2(HTAAScheme, scheme, "PUBKEY-NOT-IMPLEMENTED"); return result; } + break; default: return NULL; } @@ -581,28 +630,28 @@ PRIVATE char *compose_scheme_specifics ARGS2(HTAAScheme, scheme, PUBLIC char *HTAA_composeAuthHeaders NOARGS { static char *result = NULL; - int n; + HTAAScheme scheme; char *scheme_name; char *scheme_params; HTAAProt *prot = HTAA_getCurrentProtection(); if (!prot) { - CTRACE(tfp, "%s %s\n", - "HTAA_composeAuthHeaders: Document not protected", - "-- why was this function called??"); + if (TRACE) + fprintf(stderr, "%s %s\n", + "HTAA_composeAuthHeaders: Document not protected", + "-- why was this function called??"); return NULL; - } else { - CTRACE(tfp, "HTAA_composeAuthHeaders: for file `%s'\n", - prot->filename); } + else if (TRACE) + fprintf(stderr, "HTAA_composeAuthHeaders: for file `%s'\n", + prot->filename); FREE(result); /* From previous call */ if (!(result = (char*)malloc(4096))) /* @@ */ outofmem(__FILE__, "HTAA_composeAuthHeaders"); *result = '\0'; - for (n = 0; n < (int) HTAA_MAX_SCHEMES; n++) { - HTAAScheme scheme = (HTAAScheme) n; + for (scheme=0; scheme < HTAA_MAX_SCHEMES; scheme++) { if (-1 < HTList_indexOf(prot->valid_schemes, (void*)scheme)) { if ((scheme_name = HTAAScheme_name(scheme))) { scheme_params = compose_scheme_specifics(scheme,prot); @@ -614,10 +663,9 @@ PUBLIC char *HTAA_composeAuthHeaders NOARGS } strcat(result, "\r\n"); } /* scheme name found */ - else { - CTRACE(tfp, "HTAA_composeAuthHeaders: %s %d\n", - "No name found for scheme number", scheme); - } + else if (TRACE) + fprintf(stderr, "HTAA_composeAuthHeaders: %s %d\n", + "No name found for scheme number", scheme); } /* scheme valid for requested document */ } /* for every scheme */ -- cgit 1.4.1-2-gfad0