Determine user ID, and check if it really is that user, for HTTP * basic authentication... */
| 289 | * basic authentication... |
| 290 | */ |
| 291 | static int authenticate_basic_user(request_rec *r) |
| 292 | { |
| 293 | auth_basic_config_rec *conf = ap_get_module_config(r->per_dir_config, |
| 294 | &auth_basic_module); |
| 295 | const char *sent_user, *sent_pw, *current_auth; |
| 296 | const char *realm = NULL; |
| 297 | const char *digest = NULL; |
| 298 | int res; |
| 299 | authn_status auth_result; |
| 300 | authn_provider_list *current_provider; |
| 301 | |
| 302 | /* Are we configured to be Basic auth? */ |
| 303 | current_auth = ap_auth_type(r); |
| 304 | if (!current_auth || ap_cstr_casecmp(current_auth, "Basic")) { |
| 305 | return DECLINED; |
| 306 | } |
| 307 | |
| 308 | /* We need an authentication realm. */ |
| 309 | if (!ap_auth_name(r)) { |
| 310 | ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01615) |
| 311 | "need AuthName: %s", r->uri); |
| 312 | return HTTP_INTERNAL_SERVER_ERROR; |
| 313 | } |
| 314 | |
| 315 | r->ap_auth_type = (char*)current_auth; |
| 316 | |
| 317 | res = get_basic_auth(r, &sent_user, &sent_pw); |
| 318 | if (res) { |
| 319 | return res; |
| 320 | } |
| 321 | |
| 322 | if (conf->use_digest_algorithm |
| 323 | && !ap_cstr_casecmp(conf->use_digest_algorithm, "MD5")) { |
| 324 | realm = ap_auth_name(r); |
| 325 | digest = ap_md5(r->pool, |
| 326 | (unsigned char *)apr_pstrcat(r->pool, sent_user, ":", |
| 327 | realm, ":", |
| 328 | sent_pw, NULL)); |
| 329 | } |
| 330 | |
| 331 | current_provider = conf->providers; |
| 332 | do { |
| 333 | const authn_provider *provider; |
| 334 | |
| 335 | /* For now, if a provider isn't set, we'll be nice and use the file |
| 336 | * provider. |
| 337 | */ |
| 338 | if (!current_provider) { |
| 339 | provider = ap_lookup_provider(AUTHN_PROVIDER_GROUP, |
| 340 | AUTHN_DEFAULT_PROVIDER, |
| 341 | AUTHN_PROVIDER_VERSION); |
| 342 | |
| 343 | if (!provider || !provider->check_password) { |
| 344 | ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01616) |
| 345 | "No Authn provider configured"); |
| 346 | auth_result = AUTH_GENERAL_ERROR; |
| 347 | break; |
| 348 | } |
nothing calls this directly
no test coverage detected