MCPcopy Create free account
hub / github.com/apache/httpd / ap_get_basic_auth_components

Function ap_get_basic_auth_components

server/protocol.c:1802–1847  ·  view source on GitHub ↗

Source from the content-addressed store, hash-verified

1800}
1801
1802AP_DECLARE(apr_status_t) ap_get_basic_auth_components(const request_rec *r,
1803 const char **username,
1804 const char **password)
1805{
1806 const char *auth_header;
1807 const char *credentials;
1808 const char *decoded;
1809 const char *user;
1810
1811 auth_header = (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization"
1812 : "Authorization";
1813 credentials = apr_table_get(r->headers_in, auth_header);
1814
1815 if (!credentials) {
1816 /* No auth header. */
1817 return APR_EINVAL;
1818 }
1819
1820 if (ap_cstr_casecmp(ap_getword(r->pool, &credentials, ' '), "Basic")) {
1821 /* These aren't Basic credentials. */
1822 return APR_EINVAL;
1823 }
1824
1825 while (*credentials == ' ' || *credentials == '\t') {
1826 credentials++;
1827 }
1828
1829 /* XXX Our base64 decoding functions don't actually error out if the string
1830 * we give it isn't base64; they'll just silently stop and hand us whatever
1831 * they've parsed up to that point.
1832 *
1833 * Since this function is supposed to be a drop-in replacement for the
1834 * deprecated ap_get_basic_auth_pw(), don't fix this for 2.4.x.
1835 */
1836 decoded = ap_pbase64decode(r->pool, credentials);
1837 user = ap_getword_nulls(r->pool, &decoded, ':');
1838
1839 if (username) {
1840 *username = user;
1841 }
1842 if (password) {
1843 *password = decoded;
1844 }
1845
1846 return APR_SUCCESS;
1847}
1848
1849struct content_length_ctx {
1850 int data_sent; /* true if the C-L filter has already sent at

Callers

nothing calls this directly

Calls 4

ap_cstr_casecmpFunction · 0.85
ap_getwordFunction · 0.85
ap_pbase64decodeFunction · 0.85
ap_getword_nullsFunction · 0.85

Tested by

no test coverage detected