[En-Nut-Discussion] HTTP password protection - better solution
Peter Sodermanns
peter.sodermanns at aixcon.de
Wed Aug 30 12:31:32 CEST 2006
Hi Edwin,
thanks for your critics.
I agree that my solution is not so embedded-like and implemented your
proposal:
auth.c:
---------------------------------------------------------------------
/*!
* \brief Clear all authorization entries.
*/
int NutClearAuth(void)
{
AUTHINFO *auth;
AUTHINFO *next;
auth = authList;
while (auth) {
next = auth->auth_next;
if (auth->auth_dirname) {
if (NutHeapFree((char *) auth->auth_dirname) == 0) {
auth->auth_dirname = 0;
}
}
if (auth->auth_login) {
if (NutHeapFree((char *) auth->auth_login) == 0) {
auth->auth_login = 0;
}
}
NutHeapFree(auth);
auth = next;
}
return 0;
}
/*!
* \brief Change name and/or password for an existing authorization entry.
*
* \param dirname Name of the directory to protect.
* \param oldlogin Current login (name:password).
* \param newlogin Changed login (name:password).
*
* \return 0 on success, -1 otherwise.
*/
int NutChangeAuth(CONST char *dirname, CONST char *oldlogin, CONST char
*newlogin)
{
AUTHINFO *auth;
auth = (NutHttpAuthLookup(dirname, oldlogin));
if (auth) {
strcpy((char *) auth->auth_login, newlogin);
return 0;
} else {
return -1;
}
}
/*!
* \brief Register an authorization entry.
*
* Protect a specified directory from unauthorized access.
*
* \warning Directories not registered by this function are
* accessible by anyone.
*
* \param dirname Name of the directory to protect.
* Max length of dirname is 255 characters.
* \param login Required login to access this directory. This
* string must contain a user name, followed by
* a colon followed by an uncrypted password.
* Max length of login is 41 characters.
*
* \return 0 on success, -1 otherwise.
*/
int NutRegisterAuth(CONST char *dirname, CONST char *login)
{
AUTHINFO *auth;
if ((auth = NutHeapAlloc(sizeof(AUTHINFO))) == 0)
return -1;
auth->auth_next = authList;
auth->auth_dirname = dirname;
auth->auth_login = login;
authList = auth;
return 0;
}
---------------------------------------------------------------------
The declaration of AUTHINFO remains unchanged, in httpd.h only the
function declarations are added.
httpd.c:
---------------------------------------------------------------------
__BEGIN_DECLS
extern int NutHttpAuthValidate(REQUEST * req);
extern int NutRegisterAuth(CONST char *dirname, CONST char *login);
extern int NutClearAuth(void);
extern int NutChangeAuth(CONST char *dirname, CONST char *oldlogin,
CONST char *newlogin);
__END_DECLS
---------------------------------------------------------------------
Development is an iterative process...
Kind regards
Peter
More information about the En-Nut-Discussion
mailing list