7 static char* readfile(char*);
10 * these should be done better; see the response codes in /lib/rfc/rfc2616 for
11 * more info on what should be included.
13 #define UNAUTHED "You are not authorized to see this area.\n"
16 * check for authorization for some parts of the server tree.
17 * the user name supplied with the authorization request is ignored;
18 * instead, we authenticate as the realm's user.
20 * authorization should be done before opening any files so that
21 * unauthorized users don't get to validate file names.
23 * returns 1 if authorized, 0 if unauthorized, -1 for io failure.
26 authorize(HConnect *c, char *file)
34 p0 = halloc(c, strlen(file)+STRLEN("/.httplogin")+1);
39 return hfail(c, HInternal);
43 /* ignore trailing '/'s */
46 strcpy(p, "/.httplogin");
52 n = tokenize(buf, t, nelem(t));
54 if(c->head.authuser != nil && c->head.authpass != 0){
55 for(i = 1; i+1 < n; i += 2){
56 if(strcmp(t[i], c->head.authuser) == 0
57 && strcmp(t[i+1], c->head.authpass) == 0){
65 hprint(hout, "%s 401 Unauthorized\r\n", hversion);
66 hprint(hout, "Server: Plan9\r\n");
67 hprint(hout, "Date: %D\r\n", time(nil));
68 hprint(hout, "WWW-Authenticate: Basic realm=\"%s\"\r\n", t[0]);
69 hprint(hout, "Content-Type: text/html\r\n");
70 hprint(hout, "Content-Length: %d\r\n", STRLEN(UNAUTHED));
72 hprint(hout, "Connection: close\r\n");
74 hprint(hout, "Connection: Keep-Alive\r\n");
76 if(strcmp(c->req.meth, "HEAD") != 0)
77 hprint(hout, "%s", UNAUTHED);
78 writelog(c, "Reply: 401 Unauthorized\n");
91 fd = open(file, OREAD);
95 if(d == nil){ /* shouldn't happen */
108 n = readn(fd, buf, len);