| 1800 | } |
| 1801 | |
| 1802 | AP_DECLARE(apr_status_t) ap_get_basic_auth_components(const request_rec *r, |
| 1803 | const char **username, |
| 1804 | const char **password) |
| 1805 | { |
| 1806 | const char *auth_header; |
| 1807 | const char *credentials; |
| 1808 | const char *decoded; |
| 1809 | const char *user; |
| 1810 | |
| 1811 | auth_header = (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization" |
| 1812 | : "Authorization"; |
| 1813 | credentials = apr_table_get(r->headers_in, auth_header); |
| 1814 | |
| 1815 | if (!credentials) { |
| 1816 | /* No auth header. */ |
| 1817 | return APR_EINVAL; |
| 1818 | } |
| 1819 | |
| 1820 | if (ap_cstr_casecmp(ap_getword(r->pool, &credentials, ' '), "Basic")) { |
| 1821 | /* These aren't Basic credentials. */ |
| 1822 | return APR_EINVAL; |
| 1823 | } |
| 1824 | |
| 1825 | while (*credentials == ' ' || *credentials == '\t') { |
| 1826 | credentials++; |
| 1827 | } |
| 1828 | |
| 1829 | /* XXX Our base64 decoding functions don't actually error out if the string |
| 1830 | * we give it isn't base64; they'll just silently stop and hand us whatever |
| 1831 | * they've parsed up to that point. |
| 1832 | * |
| 1833 | * Since this function is supposed to be a drop-in replacement for the |
| 1834 | * deprecated ap_get_basic_auth_pw(), don't fix this for 2.4.x. |
| 1835 | */ |
| 1836 | decoded = ap_pbase64decode(r->pool, credentials); |
| 1837 | user = ap_getword_nulls(r->pool, &decoded, ':'); |
| 1838 | |
| 1839 | if (username) { |
| 1840 | *username = user; |
| 1841 | } |
| 1842 | if (password) { |
| 1843 | *password = decoded; |
| 1844 | } |
| 1845 | |
| 1846 | return APR_SUCCESS; |
| 1847 | } |
| 1848 | |
| 1849 | struct content_length_ctx { |
| 1850 | int data_sent; /* true if the C-L filter has already sent at |
nothing calls this directly
no test coverage detected