w3m

Unnamed repository; edit this file to name it for gitweb.
git clone https://logand.com/git/w3m.git/
Log | Files | Refs | README

commit 4f9588f6b3c55fb1e9c57871eae0d69ca917c923
parent 76a17e1b2ff797c305905f6aa82c737cb9a936e3
Author: ukai <ukai>
Date:   Tue, 24 Sep 2002 16:35:02 +0000

[w3m-dev 03318] Re: Passwords
* etc.c (struct auth_path): added
	(passwords): added
	(dir_under): added
	(add_auth_pass_entry): added
	(find_auth_pass_entry): added
	(find_auth_user_passwd): added
	(loadPasswd): added
	(find_auth): dir_under()
	(add_auth_cookie): check file
* file.c (find_auth_user_passwd): removed
	(getAuthCookie): use delText()
			check proxy
	(get_auth_cookie): removed
	(loadGeneralFile): auth_pu
* proto.h (schemeToProxy): added
	(get_auth_cookie): removed
	(loadPasswd): added
	(find_auth_user_passwd): added
* rc.c (sync_with_option): loadPasswd()
* textlist.c (delValue): added
* textlist.h (delValue): added
	(delText): added
* url.c (HTTPrequest): seen_www_auth
	(schemeToProxy): added
From: AIDA Shinra <aida-s@jcom.home.ne.jp>

Diffstat:
MChangeLog | 28++++++++++++++++++++++++++++
Mconv.c | 2+-
Metc.c | 186++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
Mfile.c | 133+++++++++++--------------------------------------------------------------------
Mproto.h | 7++++---
Mrc.c | 1+
Mtextlist.c | 14++++++++++++++
Mtextlist.h | 2++
Murl.c | 53++++++++++++++++++++++++++++++++++++++++++++++++-----
9 files changed, 300 insertions(+), 126 deletions(-)

diff --git a/ChangeLog b/ChangeLog @@ -1,3 +1,31 @@ +2002-09-25 AIDA Shinra <aida-s@jcom.home.ne.jp> + + * [w3m-dev 03318] Re: Passwords + * etc.c (struct auth_path): added + (passwords): added + (dir_under): added + (add_auth_pass_entry): added + (find_auth_pass_entry): added + (find_auth_user_passwd): added + (loadPasswd): added + (find_auth): dir_under() + (add_auth_cookie): check file + * file.c (find_auth_user_passwd): removed + (getAuthCookie): use delText() + check proxy + (get_auth_cookie): removed + (loadGeneralFile): auth_pu + * proto.h (schemeToProxy): added + (get_auth_cookie): removed + (loadPasswd): added + (find_auth_user_passwd): added + * rc.c (sync_with_option): loadPasswd() + * textlist.c (delValue): added + * textlist.h (delValue): added + (delText): added + * url.c (HTTPrequest): seen_www_auth + (schemeToProxy): added + 2002-09-11 Fumitoshi UKAI <ukai@debian.or.jp> * [w3m-dev 03312] Re: Passwords diff --git a/conv.c b/conv.c @@ -237,7 +237,7 @@ cConvSE(Str is) state = SJIS_SHIFT_L; } else if (0xe0 <= *p && *p <= 0xef) { /* JIS X 0208 */ -/* } else if (0xe0 <= *p && *p <= 0xfc) { *//* JIS X 0213 */ + /* } else if (0xe0 <= *p && *p <= 0xfc) { *//* JIS X 0213 */ ub = (*p & 0x7f) - 0x40; state = SJIS_SHIFT_H; } diff --git a/etc.c b/etc.c @@ -24,6 +24,18 @@ #define close(x) close_s(x) #endif /* __WATT32__ */ +struct auth_pass { + int is_proxy; + Str host; + int port; + Str file; + Str realm; + Str uname; + Str pwd; + struct auth_pass *next; +}; + +struct auth_pass *passwords = NULL; int columnSkip(Buffer *buf, int offset) @@ -838,6 +850,150 @@ correct_irrtag(int status) return tmp; } +static int +dir_under(const char *x, const char *y) +{ + size_t len = strlen(x); + return x[len - 1] == '/' + && strlen(y) >= len + && y[len - 1] == '/' && strncasecmp(x, y, len) == 0; +} + +static void +add_auth_pass_entry(const struct auth_pass *ent) +{ + if (ent->host && (ent->is_proxy || ent->file || ent->realm) + && ent->uname && ent->pwd) { + struct auth_pass *newent = New(struct auth_pass); + memcpy(newent, ent, sizeof(struct auth_pass)); + newent->next = passwords; + passwords = newent; + } + /* ignore invalid entries */ +} + +static struct auth_pass * +find_auth_pass_entry(char *host, int port, char *file, char *realm, + int is_proxy) +{ + struct auth_pass *ent; + for (ent = passwords; ent != NULL; ent = ent->next) { + if (ent->is_proxy == is_proxy && !Strcmp_charp(ent->host, host) + && (!ent->port || ent->port == port) + && (!ent->file || !file || dir_under(ent->file->ptr, file)) + && (!ent->realm || !realm || !Strcmp_charp(ent->realm, realm)) + ) + return ent; + } + return NULL; +} + +int +find_auth_user_passwd(char *host, int port, char *file, char *realm, + Str *uname, Str *pwd, int is_proxy) +{ + struct auth_pass *ent; + ent = find_auth_pass_entry(host, port, file, realm, is_proxy); + if (ent) { + *uname = ent->uname; + *pwd = ent->pwd; + return 1; + } + return 0; +} + +/* passwd */ +/* + * machine <name> + * port <port> + * proxy + * path <file> + * realm <realm> + * login <login> + * passwd <passwd> + */ + +#define PASS_IS_READABLE_MSG "SECURITY NOTE: password file must not be accessible by others" +void +loadPasswd(void) +{ + struct stat st; + FILE *fp; + struct auth_pass ent; + + if (passwd_file == NULL) + return; + if (stat(expandName(passwd_file), &st) < 0) + return; + + /* check permissions, if group or others readable or writable, + * refuse it, because it's insecure. + */ + if ((st.st_mode & (S_IRWXG | S_IRWXO)) != 0) { + if (fmInitialized) { + message(PASS_IS_READABLE_MSG, 0, 0); + refresh(); + } + else { + fputs(PASS_IS_READABLE_MSG, stderr); + fputc('\n', stderr); + } + sleep(2); + return; + } + + fp = fopen(expandName(passwd_file), "r"); + if (fp == NULL) + return; /* never? */ + + bzero(&ent, sizeof(struct auth_pass)); + while (1) { + Str line; + Str arg = NULL; + char *p, *q; + + line = Strfgets(fp); + if (line->length == 0) + break; + p = line->ptr; + p[line->length - 1] = '\0'; /* remove CR */ + SKIP_BLANKS(p); + + if (*p == '#' || *p == '\0') + continue; /* comment or empty line */ + q = p; + SKIP_NON_BLANKS(q); + if (*q != '\0') { + *q++ = '\0'; + SKIP_BLANKS(q); + if (*q != '\0') + arg = Strnew_charp(q); + } + + if (!strcmp(p, "machine")) { + add_auth_pass_entry(&ent); + bzero(&ent, sizeof(struct auth_pass)); + ent.host = arg; + } + else if (!strcmp(p, "port") && arg) + ent.port = atoi(arg->ptr); + else if (!strcmp(p, "proxy") && !arg) + ent.is_proxy = 1; + else if (!strcmp(p, "path")) + ent.file = arg; + else if (!strcmp(p, "realm")) + ent.realm = arg; + else if (!strcmp(p, "login")) + ent.uname = arg; + else if (!strcmp(p, "password")) + ent.pwd = arg; + /* ignore */ + } + add_auth_pass_entry(&ent); + fclose(fp); + return; +} + /* authentication */ struct auth_cookie * find_auth(char *host, int port, char *file, char *realm) @@ -848,7 +1004,7 @@ find_auth(char *host, int port, char *file, char *realm) if (!Strcasecmp_charp(p->host, host) && p->port == port && ((realm && !Strcasecmp_charp(p->realm, realm)) || - (p->file && file && !Strcasecmp_charp(p->file, file)))) + (p->file && file && dir_under(p->file->ptr, file)))) return p; } return NULL; @@ -863,16 +1019,39 @@ find_auth_cookie(char *host, int port, char *file, char *realm) return NULL; } +#ifdef AUTH_DEBUG +static void +dump_auth_cookie(void) +{ + if (w3m_debug) { + FILE *ff = fopen("zzzauth", "a"); + struct auth_cookie *p; + + for (p = Auth_cookie; p != NULL; p = p->next) { + Str tmp = Sprintf("%s, %d, %s, %s\n", p->host->ptr, p->port, + p->file ? (const char *)p->file->ptr : "NULL", + p->realm ? (const char *)p->realm->ptr : "NULL"); + fwrite(tmp->ptr, sizeof(char), tmp->length, ff); + } + fputc('\n', ff); + fclose(ff); + } +} +#endif + void add_auth_cookie(char *host, int port, char *file, char *realm, Str cookie) { struct auth_cookie *p; p = find_auth(host, port, file, realm); - if (p) { + if (p && (!p->file || !Strcasecmp_charp(p->file, file))) { if (realm && p->realm == NULL) p->realm = Strnew_charp(realm); p->cookie = cookie; +#ifdef AUTH_DEBUG + dump_auth_cookie(); +#endif return; } p = New(struct auth_cookie); @@ -883,6 +1062,9 @@ add_auth_cookie(char *host, int port, char *file, char *realm, Str cookie) p->cookie = cookie; p->next = Auth_cookie; Auth_cookie = p; +#ifdef AUTH_DEBUG + dump_auth_cookie(); +#endif } /* get last modified time */ diff --git a/file.c b/file.c @@ -1342,92 +1342,6 @@ findAuthentication(struct http_auth *hauth, Buffer *buf, char *auth_field) return hauth->scheme ? hauth : NULL; } -/* passwd */ -/* - * machine <name> - * port <port> - * path <file> - * realm <realm> - * login <login> - * passwd <passwd> - */ -static int -find_auth_user_passwd(char *host, int port, char *file, char *realm, - Str *uname, Str *pwd) -{ - struct stat st; - FILE *fp; - Str line; - char *d, *tok; - int matched = 0; - - *uname = NULL; - *pwd = NULL; - if (passwd_file == NULL) - return 0; - if (stat(expandName(passwd_file), &st) < 0) - return 0; - - /* check permissions, if group or others readable or writable, - * refuse it, because it's insecure. - */ - if ((st.st_mode & (S_IRWXG | S_IRWXO)) != 0) - return 0; - - fp = fopen(expandName(passwd_file), "r"); - if (fp == NULL) - return 0; /* never? */ - - while ((line = Strfgets(fp))->length > 0) { - d = line->ptr; - if (d[0] == '#') - continue; - tok = strtok(d, " \t\n\r"); - if (tok == NULL) - continue; - d = strtok(NULL, "\n\r"); - if (d == NULL) - continue; - if (strcmp(tok, "machine") == 0) { - if (matched && *uname && *pwd) - break; - *uname = NULL; - *pwd = NULL; - if (strcmp(d, host) == 0) - matched = 1; - continue; - } - else if (strcmp(tok, "port") == 0) { - if (matched && (atoi(d) != port)) - matched = 0; - } - else if (strcmp(tok, "path") == 0) { - if (matched && file && (strcmp(d, file) != 0)) - matched = 0; - } - else if (strcmp(tok, "realm") == 0) { - if (matched && realm && (strcmp(d, realm) != 0)) - matched = 0; - } - else if (strcmp(tok, "login") == 0) { - if (matched) - *uname = Strnew_charp(d); - } - else if (strcmp(tok, "password") == 0 || strcmp(tok, "passwd") == 0) { - if (matched) - *pwd = Strnew_charp(d); - } - else { - /* ignore? */ ; - } - } - fclose(fp); - if (matched && *uname && *pwd) - return 1; - - return 0; -} - static Str getAuthCookie(struct http_auth *hauth, char *auth_header, TextList *extra_header, ParsedURL *pu, HRequest *hr, @@ -1436,7 +1350,7 @@ getAuthCookie(struct http_auth *hauth, char *auth_header, Str ss; Str uname, pwd; Str tmp; - TextListItem *i, **i0; + TextListItem *i; int a_found; int auth_header_len = strlen(auth_header); char *realm = NULL; @@ -1445,8 +1359,7 @@ getAuthCookie(struct http_auth *hauth, char *auth_header, realm = qstr_unquote(get_auth_param(hauth->param, "realm"))->ptr; a_found = FALSE; - for (i0 = &(extra_header->first), i = *i0; i != NULL; - i0 = &(i->next), i = *i0) { + for (i = extra_header->first; i != NULL; i = i->next) { if (!strncasecmp(i->ptr, auth_header, auth_header_len)) { a_found = TRUE; break; @@ -1466,15 +1379,19 @@ getAuthCookie(struct http_auth *hauth, char *auth_header, fprintf(stderr, "Wrong username or password\n"); sleep(1); ss = NULL; - *i0 = i->next; /* delete Authenticate: header from * - * extra_header */ + /* delete Authenticate: header from extra_header */ + delText(extra_header, i); + } else ss = find_auth_cookie(pu->host, pu->port, pu->file, realm); if (realm && ss == NULL) { + int proxy = !strncasecmp("Proxy-Authorization:", auth_header, + auth_header_len); + if (!a_found && find_auth_user_passwd(pu->host, pu->port, pu->file, realm, - &uname, &pwd)) { + &uname, &pwd, proxy)) { /* found username & password in passwd file */ ; } else { @@ -1497,9 +1414,6 @@ getAuthCookie(struct http_auth *hauth, char *auth_header, pwd = Str_conv_to_system(Strnew_charp(pp)); } else { - int proxy = !strncasecmp("Proxy-Authorization:", auth_header, - auth_header_len); - /* * If post file is specified as '-', stdin is closed at this * point. @@ -1539,16 +1453,6 @@ getAuthCookie(struct http_auth *hauth, char *auth_header, return ss; } -void -get_auth_cookie(char *auth_header, - TextList *extra_header, ParsedURL *pu, HRequest *hr, - FormList *request) -{ - getAuthCookie(NULL, auth_header, extra_header, pu, hr, request); -} - - - static int same_url_p(ParsedURL *pu1, ParsedURL *pu2) { @@ -1584,6 +1488,7 @@ loadGeneralFile(char *path, ParsedURL *volatile current, char *referer, URLOption url_option; Str tmp; HRequest hr; + ParsedURL *volatile auth_pu; tpath = path; prevtrap = NULL; @@ -1774,7 +1679,7 @@ loadGeneralFile(char *path, ParsedURL *volatile current, char *referer, } if (add_auth_cookie_flag && realm && ss) { /* If authorization is required and passed */ - add_auth_cookie(pu.host, pu.port, pu.file, + add_auth_cookie(auth_pu->host, auth_pu->port, auth_pu->file, qstr_unquote(realm)->ptr, ss); add_auth_cookie_flag = 0; } @@ -1784,8 +1689,9 @@ loadGeneralFile(char *path, ParsedURL *volatile current, char *referer, struct http_auth hauth; if (findAuthentication(&hauth, t_buf, "WWW-Authenticate:") != NULL && (realm = get_auth_param(hauth.param, "realm")) != NULL) { - ss = getAuthCookie(&hauth, "Authorization:", extra_header, &pu, - &hr, request); + auth_pu = &pu; + ss = getAuthCookie(&hauth, "Authorization:", extra_header, + auth_pu, &hr, request); if (ss == NULL) { /* abort */ UFclose(&f); @@ -1805,10 +1711,9 @@ loadGeneralFile(char *path, ParsedURL *volatile current, char *referer, if (findAuthentication(&hauth, t_buf, "Proxy-Authenticate:") != NULL && (realm = get_auth_param(hauth.param, "realm")) != NULL) { + auth_pu = schemeToProxy(pu.scheme); ss = getAuthCookie(&hauth, "Proxy-Authorization:", - extra_header, &HTTP_proxy_parsed, &hr, - request); - proxy_auth_cookie = ss; + extra_header, auth_pu, &hr, request); if (ss == NULL) { /* abort */ UFclose(&f); @@ -1816,15 +1721,13 @@ loadGeneralFile(char *path, ParsedURL *volatile current, char *referer, return NULL; } UFclose(&f); + add_auth_cookie_flag = 1; status = HTST_NORMAL; goto load_doc; } } /* XXX: RFC2617 3.2.3 Authentication-Info: ? */ - if (add_auth_cookie_flag) - /* If authorization is required and passed */ - add_auth_cookie(pu.host, pu.port, pu.file, - qstr_unquote(realm)->ptr, ss); + if (status == HTST_CONNECT) { of = &f; goto load_doc; diff --git a/proto.h b/proto.h @@ -127,14 +127,12 @@ extern void initURIMethods(); extern Str searchURIMethods(ParsedURL *pu); extern void chkExternalURIBuffer(Buffer *buf); #endif +extern ParsedURL *schemeToProxy(int scheme); extern void examineFile(char *path, URLFile *uf); extern char *acceptableEncoding(); extern int dir_exist(char *path); extern Str convertLine(URLFile *uf, Str line, char *code, int mode); extern Buffer *loadFile(char *path); -extern void get_auth_cookie(char *auth_header, - TextList *extra_header, ParsedURL *pu, - HRequest *hr, FormList *request); extern Buffer *loadGeneralFile(char *path, ParsedURL *current, char *referer, int flag, FormList *request); extern int is_boundary(int, int); @@ -522,6 +520,9 @@ extern Buffer *dirBuffer(char *dirname); extern void set_environ(char *var, char *value); extern FILE *localcgi_post(char *, char *, FormList *, char *); extern FILE *localcgi_get(char *, char *, char *); +extern void loadPasswd(void); +extern int find_auth_user_passwd(char *host, int port, char *file, char *realm, + Str *uname, Str *pwd, int is_proxy); extern Str find_auth_cookie(char *host, int port, char *file, char *realm); extern void add_auth_cookie(char *host, int port, char *file, char *realm, Str cookie); diff --git a/rc.c b/rc.c @@ -1234,6 +1234,7 @@ sync_with_option(void) if (fmInitialized && displayImage) initImage(); #endif + loadPasswd(); if (AcceptLang == NULL || *AcceptLang == '\0') { #if LANG == JA diff --git a/textlist.c b/textlist.c @@ -79,6 +79,20 @@ rpopValue(GeneralList *tl) return f->ptr; } +void +delValue(GeneralList *tl, ListItem *it) +{ + if (it->prev) + it->prev->next = it->next; + else + tl->first = it->next; + if (it->next) + it->next->prev = it->prev; + else + tl->last = it->prev; + tl->nitem--; +} + GeneralList * appendGeneralList(GeneralList *tl, GeneralList *tl2) { diff --git a/textlist.h b/textlist.h @@ -22,6 +22,7 @@ extern GeneralList *newGeneralList(void); extern void pushValue(GeneralList *tl, void *s); extern void *popValue(GeneralList *tl); extern void *rpopValue(GeneralList *tl); +extern void delValue(GeneralList *tl, ListItem *it); extern GeneralList *appendGeneralList(GeneralList *, GeneralList *); /* Text list */ @@ -42,6 +43,7 @@ typedef struct _textlist { #define pushText(tl, s) pushValue((GeneralList *)(tl), (void *)allocStr((s)?(s):"",-1)) #define popText(tl) ((char *)popValue((GeneralList *)(tl))) #define rpopText(tl) ((char *)rpopValue((GeneralList *)(tl))) +#define delText(tl, i) delValue((GeneralList *)(tl), (void *)(i)) #define appendTextList(tl, tl2) ((TextList *)appendGeneralList((GeneralList *)(tl), (GeneralList *)(tl2))) /* Line text list */ diff --git a/url.c b/url.c @@ -1282,6 +1282,7 @@ HTTPrequest(ParsedURL *pu, ParsedURL *current, HRequest *hr, TextList *extra) { Str tmp; TextListItem *i; + int seen_www_auth = 0; int seen_proxy_auth = 0; #ifdef USE_COOKIE Str cookie; @@ -1296,16 +1297,32 @@ HTTPrequest(ParsedURL *pu, ParsedURL *current, HRequest *hr, TextList *extra) Strcat_charp(tmp, otherinfo(pu, current, hr->referer)); if (extra != NULL) for (i = extra->first; i != NULL; i = i->next) { + if (strncasecmp(i->ptr, "Authorization:", + sizeof("Authorization:") - 1) == 0) + seen_www_auth = 1; if (strncasecmp(i->ptr, "Proxy-Authorization:", sizeof("Proxy-Authorization:") - 1) == 0) seen_proxy_auth = 1; Strcat_charp(tmp, i->ptr); } - if (!seen_proxy_auth && (hr->flag & HR_FLAG_PROXY) - && proxy_auth_cookie != NULL) - Strcat_m_charp(tmp, "Proxy-Authorization: ", proxy_auth_cookie->ptr, - "\r\n", NULL); + if (!seen_www_auth) { + Str auth_cookie = find_auth_cookie(pu->host, pu->port, pu->file, NULL); + if (!auth_cookie && proxy_auth_cookie) + auth_cookie = proxy_auth_cookie; + if (auth_cookie) + Strcat_m_charp(tmp, "Authorization: ", auth_cookie->ptr, + "\r\n", NULL); + } + + if (!seen_proxy_auth && (hr->flag & HR_FLAG_PROXY)) { + ParsedURL *proxy_pu = schemeToProxy(pu->scheme); + Str auth_cookie = find_auth_cookie( + proxy_pu->host, proxy_pu->port, proxy_pu->file, NULL); + if (auth_cookie) + Strcat_m_charp(tmp, "Proxy-Authorization: ", auth_cookie->ptr, + "\r\n", NULL); + } #ifdef USE_COOKIE if (hr->command != HR_COMMAND_CONNECT && @@ -1545,7 +1562,6 @@ openURL(char *url, ParsedURL *pu, ParsedURL *current, #ifdef USE_SSL case SCM_HTTPS: #endif /* USE_SSL */ - get_auth_cookie("Authorization:", extra_header, pu, hr, request); if (pu->file == NULL) pu->file = allocStr("/", -1); if (request && request->method == FORM_METHOD_POST && request->body) @@ -2138,3 +2154,30 @@ chkExternalURIBuffer(Buffer *buf) } } #endif + +ParsedURL * +schemeToProxy(int scheme) +{ + ParsedURL *pu = NULL; /* for gcc */ + switch (scheme) { + case SCM_HTTP: +#ifdef USE_SSL + case SCM_HTTPS: +#endif + pu = &HTTP_proxy_parsed; + break; + case SCM_FTP: + pu = &FTP_proxy_parsed; + break; +#ifdef USE_GOPHER + case SCM_GOPHER: + pu = &GOPHER_proxy_parsed; + break; +#endif +#ifdef DEBUG + default: + abort(); +#endif + } + return pu; +}