archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/inetcore/wininet/auth/basic.cxx

231 lines
5.9 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. #include <wininetp.h>
  2. #include <urlmon.h>
  3. #include <splugin.hxx>
  4. #include "htuu.h"
  6. /*---------------------------------------------------------------------------
  7. BASIC_CTX
  8. ---------------------------------------------------------------------------*/
  11. /*---------------------------------------------------------------------------
  12. Constructor
  13. ---------------------------------------------------------------------------*/
  14. BASIC_CTX::BASIC_CTX(HTTP_REQUEST_HANDLE_OBJECT *pRequest, BOOL fIsProxy,
  15. SPMData* pSPM, PWC* pPWC)
  16. : AUTHCTX(pSPM, pPWC)
  17. {
  18. _fIsProxy = fIsProxy;
  19. _pRequest = pRequest;
  20. }
  23. /*---------------------------------------------------------------------------
  24. Destructor
  25. ---------------------------------------------------------------------------*/
  26. BASIC_CTX::~BASIC_CTX()
  27. {}
  30. /*---------------------------------------------------------------------------
  31. PreAuthUser
  32. ---------------------------------------------------------------------------*/
  33. DWORD BASIC_CTX::PreAuthUser(IN LPSTR pBuf, IN OUT LPDWORD pcbBuf)
  34. {
  35. DEBUG_ENTER ((
  36. DBG_HTTPAUTH,
  37. Dword,
  38. "BASIC_CTX::PreAuthUser",
  39. "this=%#x pBuf=%#x pcbBuf=%#x {%d}",
  40. this,
  41. pBuf,
  42. pcbBuf,
  43. *pcbBuf
  44. ));
  46. LPSTR pszUserPass = NULL;
  47. LPSTR pszPass = NULL;
  49. AuthLock();
  51. DWORD dwError = ERROR_SUCCESS;
  53. if (!_pPWC->lpszUser || !_pPWC->lpszPass)
  54. {
  55. dwError = ERROR_INVALID_PARAMETER;
  56. goto exit;
  57. }
  59. pszPass = _pPWC->GetPass();
  61. if (!pszPass)
  62. {
  63. dwError = ERROR_NOT_ENOUGH_MEMORY;
  64. goto exit;
  65. }
  67. // Prefix the header value with the auth type.
  68. const static BYTE szBasic[] = "Basic ";
  70. #define BASIC_LEN sizeof(szBasic)-1
  72. memcpy (pBuf, szBasic, BASIC_LEN);
  73. pBuf += BASIC_LEN;
  75. DWORD cbMaxUserPathLen = strlen(_pPWC->lpszUser) + 1
  76. + strlen(pszPass) + 1
  77. + 10;
  78. // HTUU_encode() parse the buffer 3 bytes at a time;
  79. // In the worst case we will be two bytes short, so add at least 2 here.
  80. // longer buffer doesn't matter, HTUU_encode will adjust appropreiately.
  81. DWORD cbUserPass;
  83. pszUserPass = new CHAR[cbMaxUserPathLen];
  85. if (pszUserPass == NULL)
  86. {
  87. dwError = ERROR_NOT_ENOUGH_MEMORY;
  88. goto exit;
  89. }
  91. cbUserPass = wsprintf(pszUserPass, "%s:%s", _pPWC->lpszUser, pszPass);
  93. INET_ASSERT (cbUserPass < sizeof(cbMaxUserPathLen));
  95. HTUU_encode ((PBYTE) pszUserPass, cbUserPass,
  96. pBuf, *pcbBuf - BASIC_LEN);
  98. *pcbBuf = BASIC_LEN + lstrlen (pBuf);
  100. _pvContext = (LPVOID) 1;
  103. exit:
  104. if (pszUserPass != NULL)
  105. delete [] pszUserPass;
  107. if (pszPass != NULL)
  108. {
  109. SecureZeroMemory(pszPass, strlen(pszPass));
  110. FREE_MEMORY(pszPass);
  111. }
  113. AuthUnlock();
  114. DEBUG_LEAVE(dwError);
  115. return dwError;
  116. }
  118. /*---------------------------------------------------------------------------
  119. UpdateFromHeaders
  120. ---------------------------------------------------------------------------*/
  121. DWORD BASIC_CTX::UpdateFromHeaders(HTTP_REQUEST_HANDLE_OBJECT *pRequest, BOOL fIsProxy)
  122. {
  123. DEBUG_ENTER ((
  124. DBG_HTTPAUTH,
  125. Dword,
  126. "BASIC_CTX::UpdateFromHeaders",
  127. "this=%#x request=%#x isproxy=%B",
  128. this,
  129. pRequest,
  130. fIsProxy
  131. ));
  133. AuthLock();
  135. DWORD dwAuthIdx, cbRealm, dwError;
  136. LPSTR szRealm = NULL;
  138. // Get the associated header.
  139. if ((dwError = FindHdrIdxFromScheme(&dwAuthIdx)) != ERROR_SUCCESS)
  140. goto exit;
  142. // Get any realm.
  143. dwError = GetAuthHeaderData(pRequest, fIsProxy, "Realm",
  144. &szRealm, &cbRealm, ALLOCATE_BUFFER, dwAuthIdx);
  146. // No realm is OK.
  147. if (dwError != ERROR_SUCCESS)
  148. szRealm = NULL;
  150. // If we already have a pwc, ensure that the realm matches. If not,
  151. // find or create a new one and set it in the auth context.
  152. if (_pPWC)
  153. {
  154. if (_pPWC->lpszRealm && szRealm && lstrcmp(_pPWC->lpszRealm, szRealm))
  155. {
  156. // Realms don't match - create a new pwc entry, release the old.
  157. _pPWC->nLockCount--;
  158. _pPWC = FindOrCreatePWC(pRequest, fIsProxy, _pSPMData, szRealm);
  159. INET_ASSERT(_pPWC->pSPM == _pSPMData);
  160. _pPWC->nLockCount++;
  161. }
  162. }
  163. // If no password cache is set in the auth context,
  164. // find or create one and set it in the auth context.
  165. else
  166. {
  167. // Find or create a password cache entry.
  168. _pPWC = FindOrCreatePWC(pRequest, fIsProxy, _pSPMData, szRealm);
  169. if (!_pPWC)
  170. {
  171. dwError = ERROR_INTERNET_INTERNAL_ERROR;
  172. goto exit;
  173. }
  174. INET_ASSERT(_pPWC->pSPM == _pSPMData);
  175. _pPWC->nLockCount++;
  176. }
  178. if (!_pPWC)
  179. {
  180. INET_ASSERT(FALSE);
  181. dwError = ERROR_INTERNET_INTERNAL_ERROR;
  182. goto exit;
  183. }
  185. dwError = ERROR_SUCCESS;
  187. exit:
  189. if (szRealm)
  190. delete []szRealm;
  192. AuthUnlock();
  193. DEBUG_LEAVE(dwError);
  194. return dwError;
  195. }
  198. /*---------------------------------------------------------------------------
  199. PostAuthUser
  200. ---------------------------------------------------------------------------*/
  201. DWORD BASIC_CTX::PostAuthUser()
  202. {
  203. DEBUG_ENTER ((
  204. DBG_HTTPAUTH,
  205. Dword,
  206. "BASIC_CTX::PostAuthUser",
  207. "this=%#x",
  208. this
  209. ));
  211. DWORD dwRet;
  212. AuthLock();
  214. if (! _pvContext && !_pRequest->GetPWC()
  215. && _pPWC->lpszUser && _pPWC->lpszPass)
  216. dwRet = ERROR_INTERNET_FORCE_RETRY;
  217. else
  218. dwRet = ERROR_INTERNET_INCORRECT_PASSWORD;
  220. _pRequest->SetPWC(NULL);
  221. _pvContext = (LPVOID) 1;
  223. AuthUnlock();
  225. DEBUG_LEAVE(dwRet);
  226. return dwRet;
  227. }