From 61bede3ffd39045df220b01bece93708949d686a Mon Sep 17 00:00:00 2001 From: nishi Date: Sat, 20 Apr 2024 02:24:31 +0000 Subject: [PATCH] trying to get cookie auth works git-svn-id: file:///raid/svn-main/nishi-mandshurica/trunk@49 f982e544-4a7d-3444-ad1a-fde59a2a69f1 --- Mandshurica/config.c | 3 +- Mandshurica/mandshurica.h | 5 +++ Mandshurica/ms_util.h | 1 + Mandshurica/util.c | 9 +++++ Module/Makefile | 8 +++- Module/cookie.c | 22 +++++++++++ Module/http.c | 81 ++++++++++++++++++++++++++++++++++----- 7 files changed, 118 insertions(+), 11 deletions(-) diff --git a/Mandshurica/config.c b/Mandshurica/config.c index 093b44d..743247a 100644 --- a/Mandshurica/config.c +++ b/Mandshurica/config.c @@ -32,6 +32,7 @@ #include "ms_config.h" #include "mandshurica.h" +#include "ms_crypto.h" #include "ms_file.h" #include "ms_log.h" #include "ms_template.h" @@ -88,7 +89,7 @@ char* mandshurica_get_param(const char* param) { return NULL; } -struct mandshurica_config config = {.mandshurica_log = mandshurica_log, .mandshurica_get_param = mandshurica_get_param, .mandshurica_parse_template = mandshurica_parse_template, .mandshurica_load = mandshurica_load}; +struct mandshurica_config config = {.mandshurica_log = mandshurica_log, .mandshurica_get_param = mandshurica_get_param, .mandshurica_parse_template = mandshurica_parse_template, .mandshurica_load = mandshurica_load, .mandshurica_sha512 = mandshurica_sha512}; int mandshurica_load_config(const char* path) { if(server_root == NULL) { diff --git a/Mandshurica/mandshurica.h b/Mandshurica/mandshurica.h index 9db8df4..b1206ca 100644 --- a/Mandshurica/mandshurica.h +++ b/Mandshurica/mandshurica.h @@ -42,11 +42,16 @@ #define MS_MOD_SRV "SRV" #define MS_MOD_AUTH "AUTH" +#define MS_AUTH_ERROR -1 +#define MS_AUTH_OK 0 +#define MS_AUTH_FAIL 1 + struct mandshurica_config { void (*mandshurica_log)(const char*, const char*); char* (*mandshurica_get_param)(const char* param); char* (*mandshurica_parse_template)(const char* data); char* (*mandshurica_load)(const char* path, char** type, char** lastmod, uint64_t* len); + char* (*mandshurica_sha512)(const char* pwd); struct mandshurica_mod*** libs; }; diff --git a/Mandshurica/ms_util.h b/Mandshurica/ms_util.h index d06c737..6afd962 100644 --- a/Mandshurica/ms_util.h +++ b/Mandshurica/ms_util.h @@ -39,5 +39,6 @@ char* mandshurica_strdup(const char* str); char* mandshurica_path(const char* path); bool mandshurica_strequ(const char* str1, const char* str2); bool mandshurica_strcaseequ(const char* str1, const char* str2); +char* mandshurica_parse_form(const char* form, const char* name); #endif diff --git a/Mandshurica/util.c b/Mandshurica/util.c index 36213bb..1475409 100644 --- a/Mandshurica/util.c +++ b/Mandshurica/util.c @@ -133,3 +133,12 @@ bool mandshurica_strcaseequ(const char* str1, const char* str2) { } return true; } + +char* mandshurica_parse_form(const char* form, const char* name) { + int i; + char cbuf[2]; + cbuf[1] = 0; + for(i = 0;; i++) { + } + return NULL; +} diff --git a/Module/Makefile b/Module/Makefile index b536a03..d73b1e5 100644 --- a/Module/Makefile +++ b/Module/Makefile @@ -12,12 +12,18 @@ endif all: ./subversion.so ./syslog.so ./http.so ./cookie.so -./%.so: ./%.o ./util.o +./%.so: ./%.o ./util.o ./db.o ./crypto.o $(CC) $(LDFLAGS) $(EXTRA_LDFLAGS) -o $@ $^ $(LIBS) $(EXTRA_LIBS) ./util.o: ../Mandshurica/util.c $(CC) $(CFLAGS) $(EXTRA_CFLAGS) -c -o $@ $< +./db.o: ../Mandshurica/db.c + $(CC) $(CFLAGS) $(EXTRA_CFLAGS) -c -o $@ $< + +./crypto.o: ../Mandshurica/crypto.c + $(CC) $(CFLAGS) $(EXTRA_CFLAGS) -c -o $@ $< + ./%.o: ./%.c ../Mandshurica/mandshurica.h $(CC) $(CFLAGS) $(EXTRA_CFLAGS) -c -o $@ $< diff --git a/Module/cookie.c b/Module/cookie.c index a07312b..3aca139 100644 --- a/Module/cookie.c +++ b/Module/cookie.c @@ -29,6 +29,7 @@ /* --- END LICENSE --- */ #include "../Mandshurica/mandshurica.h" +#include "../Mandshurica/ms_db.h" #include "../Mandshurica/ms_log.h" #include "../Mandshurica/ms_util.h" @@ -60,3 +61,24 @@ int mod_init(struct mandshurica_config* _config) { return 0; } + +int mod_auth(const char* username, const char* password) { + struct ms_db* db = mandshurica_db_open(config->mandshurica_get_param("CookieDB")); + if(db != NULL) { + char* pwd = mandshurica_db_get(db, username); + if(pwd == NULL) { + mandshurica_db_close(db); + return MS_AUTH_ERROR; + } else { + char* sh = config->mandshurica_sha512(password); + if(strcmp(sh, pwd) == 0) { + free(sh); + return MS_AUTH_OK; + } + free(sh); + return MS_AUTH_FAIL; + } + mandshurica_db_close(db); + } + return MS_AUTH_ERROR; +} diff --git a/Module/http.c b/Module/http.c index 28aa416..3f3a774 100644 --- a/Module/http.c +++ b/Module/http.c @@ -154,16 +154,73 @@ void http_handler(int sock) { headers = NULL; } unsigned long long conlen = 0; + unsigned long long conincr = 0; + char* postbuf = NULL; while(true) { int len = recv(sock, buf, BUFFER_SIZE, 0); if(len <= 0) goto goquit; int i; for(i = 0; i < len; i++) { cbuf[0] = buf[i]; - if(conlen > 0){ + if(conlen > 0) { conlen--; - printf("%c", cbuf[0]); - fflush(stdout); + postbuf[conincr] = cbuf[0]; + conincr++; + if(conlen == 0) { + if(headers != NULL) { + int j; + bool hastype = false; + bool form = false; + for(j = 0; headers[j] != NULL; j += 2) { + if(mandshurica_strcaseequ(headers[j], "Content-Type")) { + if(mandshurica_strcaseequ(headers[j + 1], "application/x-www-form-urlencoded")) { + form = true; + hastype = true; + break; + } + } + } + if(!hastype) { + send(sock, "HTTP/1.1 415 Unsupported Media Type\r\n", 28 + 9, 0); + send(sock, "Connection: keep-alive\r\n", 24, 0); + send(sock, "Content-Length: 0\r\n", 19, 0); + send(sock, "\r\n", 2, 0); + } else if(form) { + bool sent = false; + for(j = 0; (*config->libs)[j] != NULL; j++) { + const char* type = (const char*)dlsym((*config->libs)[j]->lib, "mod_type"); + if(strcmp(type, MS_MOD_AUTH) == 0) { + const char* httppath = (const char*)dlsym((*config->libs)[j]->lib, "mod_http_path"); + if(httppath != NULL) { + if(strcmp(httppath, path) == 0) { + int (*mod_auth)(const char*, const char*) = (int (*)(const char*, const char*))dlsym((*config->libs)[j]->lib, "mod_auth"); + char* usr = mandshurica_parse_form(postbuf, "username"); + char* pwd = mandshurica_parse_form(postbuf, "password"); + printf("%s, %s\n", usr == NULL ? "(null)" : usr, pwd == NULL ? "(null)" : pwd); + sent = true; + } + } + } + } + if(!sent) { + send(sock, "HTTP/1.1 403 Forbidden\r\n", 15 + 9, 0); + send(sock, "Connection: keep-alive\r\n", 24, 0); + send(sock, "Content-Length: 0\r\n", 19, 0); + send(sock, "\r\n", 2, 0); + } + } else { + send(sock, "HTTP/1.1 500 Internal Server Error\r\n", 15 + 9 + 12, 0); + send(sock, "Connection: keep-alive\r\n", 24, 0); + send(sock, "Content-Length: 0\r\n", 19, 0); + send(sock, "\r\n", 2, 0); + } + } + + fflush(stdout); + free(postbuf); + state = 0; + goto reset; + } continue; } if(state == 0) { @@ -193,29 +250,35 @@ void http_handler(int sock) { count++; if(count == 2) { if(strcmp(method, "POST") == 0) { - if(headers != NULL){ + if(headers != NULL) { int j; bool haslen = false; - for(j = 0; headers[j] != NULL; j += 2){ - if(mandshurica_strcaseequ(headers[j], "Content-Length")){ + for(j = 0; headers[j] != NULL; j += 2) { + if(mandshurica_strcaseequ(headers[j], "Content-Length")) { haslen = true; conlen = atoll(headers[j + 1]); + conincr = 0; + postbuf = malloc(conlen + 1); + postbuf[conlen] = 0; + count = 0; break; } } - if(!haslen){ + if(!haslen) { send(sock, "HTTP/1.1 400 Bad Request\r\n", 17 + 9, 0); send(sock, "Connection: keep-alive\r\n", 24, 0); send(sock, "Content-Length: 0\r\n", 19, 0); send(sock, "\r\n", 2, 0); + } else { + continue; } - }else{ + } else { send(sock, "HTTP/1.1 400 Bad Request\r\n", 17 + 9, 0); send(sock, "Connection: keep-alive\r\n", 24, 0); send(sock, "Content-Length: 0\r\n", 19, 0); send(sock, "\r\n", 2, 0); } - }else if(strcmp(method, "GET") == 0) { + } else if(strcmp(method, "GET") == 0) { char* chpath = mandshurica_strcat(webroot, path); struct stat st2; if(stat(chpath, &st2) != 0) { -- 2.43.0