| 246 | } |
| 247 | |
| 248 | static int get_basic_auth(request_rec *r, const char **user, |
| 249 | const char **pw) |
| 250 | { |
| 251 | const char *auth_line; |
| 252 | char *decoded_line; |
| 253 | |
| 254 | /* Get the appropriate header */ |
| 255 | auth_line = apr_table_get(r->headers_in, (PROXYREQ_PROXY == r->proxyreq) |
| 256 | ? "Proxy-Authorization" |
| 257 | : "Authorization"); |
| 258 | |
| 259 | if (!auth_line) { |
| 260 | note_basic_auth_failure(r); |
| 261 | return HTTP_UNAUTHORIZED; |
| 262 | } |
| 263 | |
| 264 | if (ap_cstr_casecmp(ap_getword(r->pool, &auth_line, ' '), "Basic")) { |
| 265 | /* Client tried to authenticate using wrong auth scheme */ |
| 266 | ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01614) |
| 267 | "client used wrong authentication scheme: %s", r->uri); |
| 268 | note_basic_auth_failure(r); |
| 269 | return HTTP_UNAUTHORIZED; |
| 270 | } |
| 271 | |
| 272 | /* Skip leading spaces. */ |
| 273 | while (*auth_line == ' ' || *auth_line == '\t') { |
| 274 | auth_line++; |
| 275 | } |
| 276 | |
| 277 | decoded_line = ap_pbase64decode(r->pool, auth_line); |
| 278 | |
| 279 | *user = ap_getword_nulls(r->pool, (const char**)&decoded_line, ':'); |
| 280 | *pw = decoded_line; |
| 281 | |
| 282 | /* set the user, even though the user is unauthenticated at this point */ |
| 283 | r->user = (char *) *user; |
| 284 | |
| 285 | return OK; |
| 286 | } |
| 287 | |
| 288 | /* Determine user ID, and check if it really is that user, for HTTP |
| 289 | * basic authentication... |
no test coverage detected