diff options
Diffstat (limited to 'server/protocol.c')
-rw-r--r-- | server/protocol.c | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/server/protocol.c b/server/protocol.c index bd757666ff..2705bba812 100644 --- a/server/protocol.c +++ b/server/protocol.c @@ -1594,6 +1594,7 @@ AP_DECLARE(int) ap_get_basic_auth_pw(request_rec *r, const char **pw) t = ap_pbase64decode(r->pool, auth_line); r->user = ap_getword_nulls (r->pool, &t, ':'); + apr_table_setn(r->notes, AP_GET_BASIC_AUTH_PW_NOTE, "1"); r->ap_auth_type = "Basic"; *pw = t; @@ -1601,6 +1602,53 @@ AP_DECLARE(int) ap_get_basic_auth_pw(request_rec *r, const char **pw) return OK; } +AP_DECLARE(apr_status_t) ap_get_basic_auth_components(const request_rec *r, + const char **username, + const char **password) +{ + const char *auth_header; + const char *credentials; + const char *decoded; + const char *user; + + auth_header = (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization" + : "Authorization"; + credentials = apr_table_get(r->headers_in, auth_header); + + if (!credentials) { + /* No auth header. */ + return APR_EINVAL; + } + + if (strcasecmp(ap_getword(r->pool, &credentials, ' '), "Basic")) { + /* These aren't Basic credentials. */ + return APR_EINVAL; + } + + while (*credentials == ' ' || *credentials == '\t') { + credentials++; + } + + /* XXX Our base64 decoding functions don't actually error out if the string + * we give it isn't base64; they'll just silently stop and hand us whatever + * they've parsed up to that point. + * + * Since this function is supposed to be a drop-in replacement for the + * deprecated ap_get_basic_auth_pw(), don't fix this for 2.4.x. + */ + decoded = ap_pbase64decode(r->pool, credentials); + user = ap_getword_nulls(r->pool, &decoded, ':'); + + if (username) { + *username = user; + } + if (password) { + *password = decoded; + } + + return APR_SUCCESS; +} + struct content_length_ctx { int data_sent; /* true if the C-L filter has already sent at * least one bucket on to the next output filter |