* Isolate the username and password in a POSTed form with the * username in the "username" field, and the password in the * "password" field. * * If either the username or the password is missing, this * function will return HTTP_UNAUTHORIZED. * * The location field is considered optional, and will be returned * if present. */
| 587 | * if present. |
| 588 | */ |
| 589 | static int get_form_auth(request_rec * r, |
| 590 | const char *username, |
| 591 | const char *password, |
| 592 | const char *location, |
| 593 | const char *method, |
| 594 | const char *mimetype, |
| 595 | const char *body, |
| 596 | const char **sent_user, |
| 597 | const char **sent_pw, |
| 598 | const char **sent_loc, |
| 599 | const char **sent_method, |
| 600 | const char **sent_mimetype, |
| 601 | apr_bucket_brigade **sent_body, |
| 602 | auth_form_config_rec * conf) |
| 603 | { |
| 604 | /* sanity check - are we a POST request? */ |
| 605 | |
| 606 | /* find the username and password in the form */ |
| 607 | apr_array_header_t *pairs = NULL; |
| 608 | apr_off_t len; |
| 609 | apr_size_t size; |
| 610 | int res; |
| 611 | char *buffer; |
| 612 | |
| 613 | /* have we isolated the user and pw before? */ |
| 614 | get_notes_auth(r, sent_user, sent_pw, sent_method, sent_mimetype); |
| 615 | if (sent_user && *sent_user && sent_pw && *sent_pw) { |
| 616 | return OK; |
| 617 | } |
| 618 | |
| 619 | res = ap_parse_form_data(r, NULL, &pairs, -1, conf->form_size); |
| 620 | if (res != OK) { |
| 621 | return res; |
| 622 | } |
| 623 | while (pairs && !apr_is_empty_array(pairs)) { |
| 624 | ap_form_pair_t *pair = (ap_form_pair_t *) apr_array_pop(pairs); |
| 625 | if (username && !strcmp(pair->name, username) && sent_user) { |
| 626 | apr_brigade_length(pair->value, 1, &len); |
| 627 | size = (apr_size_t) len; |
| 628 | buffer = apr_palloc(r->pool, size + 1); |
| 629 | apr_brigade_flatten(pair->value, buffer, &size); |
| 630 | buffer[len] = 0; |
| 631 | *sent_user = buffer; |
| 632 | } |
| 633 | else if (password && !strcmp(pair->name, password) && sent_pw) { |
| 634 | apr_brigade_length(pair->value, 1, &len); |
| 635 | size = (apr_size_t) len; |
| 636 | buffer = apr_palloc(r->pool, size + 1); |
| 637 | apr_brigade_flatten(pair->value, buffer, &size); |
| 638 | buffer[len] = 0; |
| 639 | *sent_pw = buffer; |
| 640 | } |
| 641 | else if (location && !strcmp(pair->name, location) && sent_loc) { |
| 642 | apr_brigade_length(pair->value, 1, &len); |
| 643 | size = (apr_size_t) len; |
| 644 | buffer = apr_palloc(r->pool, size + 1); |
| 645 | apr_brigade_flatten(pair->value, buffer, &size); |
| 646 | buffer[len] = 0; |
no test coverage detected