/* ** (c) COPYRIGHT MIT 1995. ** Please first read the full copyright statement in the file COPYRIGH. */This module handles the registration of multiple Access authentication schemes with support for both clients and servers. The module allows multiple authentication schemes to be registered at run time so that the client and server easily can extend the set of authentication schemes. The Library does already support two welknown schemes from the HTTP specification: basic and digest but othes can be added.
Authentication information is kept separate from the various autehntication schemes so that the management of authentication information such as challenges and credentials can be handed independent of the scheme used. All information about authentication information is stored in a Authentication Information base.
This module is implemented by HTAAUtil.c, and it is a part of the W3C Reference Library.
#ifndef HTAAUTIL_H #define HTAAUTIL_H #include "HTAssoc.h" #include "HTReq.h"
#ifndef PASSWD_FILE #define PASSWD_FILE "/tmp/passwd" #endif #ifndef GROUP_FILE #define GROUP_FILE "/tmp/group" #endif #define ACL_FILE_NAME ".www_acl" /* ** Numeric constants */ #define MAX_USERNAME_LEN 16 /* @@ Longest allowed username */ #define MAX_PASSWORD_LEN 4*13 /* @@ Longest allowed password */ /* (encrypted, so really only 4*8)*/ #define MAX_METHODNAME_LEN 12 /* @@ Longest allowed method name */ #define MAX_FIELDNAME_LEN 16 /* @@ Longest field name in */ /* protection setup file */ #define MAX_PATHNAME_LEN 80 /* @@ Longest passwd/group file */ /* patname to allow */We need to define the following structures as they are used in the HTRequest object.
/* ** Access Authorization failure reasons */ typedef enum { HTAA_OK, /* 200 OK */ HTAA_OK_GATEWAY, /* 200 OK, acting as a gateway */ HTAA_OK_REDIRECT, /* 302 OK, redirected */ HTAA_NO_AUTH, /* 401 Unauthorized, not authenticated */ HTAA_NOT_MEMBER, /* 401 Unauthorized, not authorized */ HTAA_IP_MASK, /* 403 Forbidden by IP mask */ HTAA_IP_MASK_PROXY, /* 403 Forbidden by IP mask on proxy */ HTAA_BY_RULE, /* 403 Forbidden by rule */ HTAA_NO_ACL, /* 403 Forbidden, ACL non-existent */ HTAA_NO_ENTRY, /* 403 Forbidden, no ACL entry */ HTAA_SETUP_ERROR, /* 403 Forbidden, server setup error */ HTAA_DOTDOT, /* 403 Forbidden, URL with /../ illegal */ HTAA_HTBIN, /* 403 Forbidden, /htbin not enabled */ HTAA_INVALID_REDIRECT, /* 403 Forbidden, bad redirection setup */ HTAA_INVALID_USER, /* 403 Forbidden, bad user directory */ HTAA_NOT_ALLOWED, /* 403 Forbidden, dangerous method must */ /* be explicitly allowed */ HTAA_NOT_FOUND, /* 404 Not found, or read protected */ HTAA_MULTI_FAILED /* 404 No suitable presentation found */ } HTAAFailReason;
<scheme>
part of the
WWW-authenticate
HTTP header.
challenge
and credentials.
. Both
are association lists but the format is completely for the
parser
and the generator
callback functions
to manage. By using callback functions for parsing and generating
valid authentication/authorization information, this module is
independent of each scheme and hence allows for highly different
schemes.
scheme
parameter is to tell the current authentication
scheme. That way, the same callback functions can be for multiple
schemes if needed.
typedef BOOL HTAuthParCallback (HTRequest * request, const char * scheme); typedef BOOL HTAuthGenCallback (HTRequest * request, const char * scheme, char * realm, void * data); typedef BOOL HTAuthGcCallback (const char * scheme, void * data);
extern BOOL HTAuthCall_add (const char * scheme, HTAuthParCallback * parser, HTAuthGenCallback * generator, HTAuthGcCallback * gc);
extern BOOL HTAuthCall_delete (const char * scheme); extern BOOL HTAuthCall_deleteAll (void);
extern BOOL HTAuth_parse (HTRequest * request);
extern BOOL HTAuth_generate (HTRequest * request);
extern BOOL HTAuth_cleanup (const char * scheme, void * data);
node
referenced by a realm and a
URL template. Normally applications would only keep one auth base but if it wants different protection setup as a function of different interfaces then it can have one auth base representing each interface.
Server applications can have different authentication setups for each hostname and port number they control. For example, a server with interfaces "www.foo.com" and "internal.foo.com" can have different protection setups for each interface.
extern BOOL HTAuthInfo_add (const char * scheme, char * url, char * realm, void * data);
extern BOOL HTAuthInfo_deleteAll (void);
#endif /* NOT HTAAUTIL_H */