hno@hem.passagen.se writes:
>I think this needs some more thought. The login in the authentication
>should be compared with the login i URL, and the authentication header
>should be ignored if not identical.
/*
* ftpCheckAuth
*
* Return 1 if we have everything needed to complete this request.
* Return 0 if something is missing.
*/
static int
ftpCheckAuth(ftpStateData * ftpState, char *req_hdr)
{
char *orig_user;
ftp_login_parser(ftpState->request->login, ftpState);
if (ftpState->user[0] && ftpState->password[0])
return 1; /* name and passwd both in URL */
if (!ftpState->user[0] && !ftpState->password[0])
return 1; /* no name or passwd */
if (ftpState->password[0])
return 1; /* passwd with no name? */
/* URL has name, but no passwd */
if ((auth = ftpGetBasicAuth(req_hdr)) == NULL)
return 0; /* need auth header */
orig_user = xstrdup(ftpState->user);
ftp_login_parser(auth, ftpState);
if (!strcmp(orig_user, ftpState->user)) {
xfree(orig_user);
return 1; /* same username */
}
strcpy(ftpState->user, orig_user);
xfree(orig_user);
return 0; /* different username */
}
Duane W.
Received on Tue Jul 29 2003 - 13:15:40 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:11:14 MST