diff options
author | Stefan Bühler <stbuehler@web.de> | 2013-08-30 13:14:54 +0000 |
---|---|---|
committer | Stefan Bühler <stbuehler@web.de> | 2013-08-30 13:14:54 +0000 |
commit | 2bcf65c285da190028ef4a2dfd5e36f95dcb2b09 (patch) | |
tree | d55dc489019fb81615ffdcead70d97fef818abde | |
parent | 559b198f862903885b0e54a12aa9ac31d9721002 (diff) | |
download | lighttpd-git-2bcf65c285da190028ef4a2dfd5e36f95dcb2b09.tar.gz |
[mod_auth] some cleanup, only search for matching auth.require path once
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2893 152afb58-edef-0310-8abb-c4023f1b3aa9
-rw-r--r-- | src/http_auth.c | 28 | ||||
-rw-r--r-- | src/http_auth.h | 5 | ||||
-rw-r--r-- | src/mod_auth.c | 4 |
3 files changed, 10 insertions, 27 deletions
diff --git a/src/http_auth.c b/src/http_auth.c index 447e2f9a..f8fb3fc8 100644 --- a/src/http_auth.c +++ b/src/http_auth.c @@ -322,32 +322,14 @@ static int http_auth_get_password(server *srv, mod_auth_plugin_data *p, buffer * return ret; } -static int http_auth_match_rules(server *srv, mod_auth_plugin_data *p, const char *url, const char *username, const char *group, const char *host) { +int http_auth_match_rules(server *srv, array *req, const char *username, const char *group, const char *host) { const char *r = NULL, *rules = NULL; - size_t i; int username_len; data_string *require; - array *req; UNUSED(group); UNUSED(host); - /* check what has to be match to fullfil the request */ - /* search auth-directives for path */ - for (i = 0; i < p->conf.auth_require->used; i++) { - if (p->conf.auth_require->data[i]->key->used == 0) continue; - - if (0 == strncmp(url, p->conf.auth_require->data[i]->key->ptr, p->conf.auth_require->data[i]->key->used - 1)) { - break; - } - } - - if (i == p->conf.auth_require->used) { - return -1; - } - - req = ((data_array *)(p->conf.auth_require->data[i]))->value; - require = (data_string *)array_get_element(req, "require"); /* if we get here, the user we got a authed user */ @@ -855,7 +837,7 @@ static int http_auth_basic_password_compare(server *srv, mod_auth_plugin_data *p return -1; } -int http_auth_basic_check(server *srv, connection *con, mod_auth_plugin_data *p, array *req, buffer *url, const char *realm_str) { +int http_auth_basic_check(server *srv, connection *con, mod_auth_plugin_data *p, array *req, const char *realm_str) { buffer *username, *password; char *pw; @@ -910,7 +892,7 @@ int http_auth_basic_check(server *srv, connection *con, mod_auth_plugin_data *p, } /* value is our allow-rules */ - if (http_auth_match_rules(srv, p, url->ptr, username->ptr, NULL, NULL)) { + if (http_auth_match_rules(srv, req, username->ptr, NULL, NULL)) { buffer_free(username); buffer_free(password); @@ -935,7 +917,7 @@ typedef struct { } digest_kv; /* return values: -1: error/bad request, 0: failed, 1: success */ -int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p, array *req, buffer *url, const char *realm_str) { +int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p, array *req, const char *realm_str) { char a1[256]; char a2[256]; @@ -1184,7 +1166,7 @@ int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p } /* value is our allow-rules */ - if (http_auth_match_rules(srv, p, url->ptr, username, NULL, NULL)) { + if (http_auth_match_rules(srv, req, username, NULL, NULL)) { buffer_free(b); log_error_write(srv, __FILE__, __LINE__, "s", diff --git a/src/http_auth.h b/src/http_auth.h index 5828a7ee..081cef34 100644 --- a/src/http_auth.h +++ b/src/http_auth.h @@ -66,8 +66,9 @@ typedef struct { mod_auth_plugin_config conf, *anon_conf; /* this is only used as long as no handler_ctx is setup */ } mod_auth_plugin_data; -int http_auth_basic_check(server *srv, connection *con, mod_auth_plugin_data *p, array *req, buffer *url, const char *realm_str); -int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p, array *req, buffer *url, const char *realm_str); +int http_auth_basic_check(server *srv, connection *con, mod_auth_plugin_data *p, array *req, const char *realm_str); +int http_auth_digest_check(server *srv, connection *con, mod_auth_plugin_data *p, array *req, const char *realm_str); int http_auth_digest_generate_nonce(server *srv, mod_auth_plugin_data *p, buffer *fn, char hh[33]); +int http_auth_match_rules(server *srv, array *req, const char *username, const char *group, const char *host); #endif diff --git a/src/mod_auth.c b/src/mod_auth.c index 3fa00bc6..0528ed0b 100644 --- a/src/mod_auth.c +++ b/src/mod_auth.c @@ -249,13 +249,13 @@ static handler_t mod_auth_uri_handler(server *srv, connection *con, void *p_d) { auth_type = "Basic"; if (0 == strcmp(method->value->ptr, "basic")) { - auth_satisfied = http_auth_basic_check(srv, con, p, req, con->uri.path, auth_realm+1); + auth_satisfied = http_auth_basic_check(srv, con, p, req, auth_realm+1); } } else if ((auth_type_len == 6) && (0 == strncasecmp(http_authorization, "Digest", auth_type_len))) { auth_type = "Digest"; if (0 == strcmp(method->value->ptr, "digest")) { - if (-1 == (auth_satisfied = http_auth_digest_check(srv, con, p, req, con->uri.path, auth_realm+1))) { + if (-1 == (auth_satisfied = http_auth_digest_check(srv, con, p, req, auth_realm+1))) { con->http_status = 400; con->mode = DIRECT; |