Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

231 lines
5.9 KiB

#include <wininetp.h>
#include <urlmon.h>
#include <splugin.hxx>
#include "htuu.h"
/*---------------------------------------------------------------------------
BASIC_CTX
---------------------------------------------------------------------------*/
/*---------------------------------------------------------------------------
Constructor
---------------------------------------------------------------------------*/
BASIC_CTX::BASIC_CTX(HTTP_REQUEST_HANDLE_OBJECT *pRequest, BOOL fIsProxy,
SPMData* pSPM, PWC* pPWC)
: AUTHCTX(pSPM, pPWC)
{
_fIsProxy = fIsProxy;
_pRequest = pRequest;
}
/*---------------------------------------------------------------------------
Destructor
---------------------------------------------------------------------------*/
BASIC_CTX::~BASIC_CTX()
{}
/*---------------------------------------------------------------------------
PreAuthUser
---------------------------------------------------------------------------*/
DWORD BASIC_CTX::PreAuthUser(IN LPSTR pBuf, IN OUT LPDWORD pcbBuf)
{
DEBUG_ENTER ((
DBG_HTTPAUTH,
Dword,
"BASIC_CTX::PreAuthUser",
"this=%#x pBuf=%#x pcbBuf=%#x {%d}",
this,
pBuf,
pcbBuf,
*pcbBuf
));
LPSTR pszUserPass = NULL;
LPSTR pszPass = NULL;
AuthLock();
DWORD dwError = ERROR_SUCCESS;
if (!_pPWC->lpszUser || !_pPWC->lpszPass)
{
dwError = ERROR_INVALID_PARAMETER;
goto exit;
}
pszPass = _pPWC->GetPass();
if (!pszPass)
{
dwError = ERROR_NOT_ENOUGH_MEMORY;
goto exit;
}
// Prefix the header value with the auth type.
const static BYTE szBasic[] = "Basic ";
#define BASIC_LEN sizeof(szBasic)-1
memcpy (pBuf, szBasic, BASIC_LEN);
pBuf += BASIC_LEN;
DWORD cbMaxUserPathLen = strlen(_pPWC->lpszUser) + 1
+ strlen(pszPass) + 1
+ 10;
// HTUU_encode() parse the buffer 3 bytes at a time;
// In the worst case we will be two bytes short, so add at least 2 here.
// longer buffer doesn't matter, HTUU_encode will adjust appropreiately.
DWORD cbUserPass;
pszUserPass = new CHAR[cbMaxUserPathLen];
if (pszUserPass == NULL)
{
dwError = ERROR_NOT_ENOUGH_MEMORY;
goto exit;
}
cbUserPass = wsprintf(pszUserPass, "%s:%s", _pPWC->lpszUser, pszPass);
INET_ASSERT (cbUserPass < sizeof(cbMaxUserPathLen));
HTUU_encode ((PBYTE) pszUserPass, cbUserPass,
pBuf, *pcbBuf - BASIC_LEN);
*pcbBuf = BASIC_LEN + lstrlen (pBuf);
_pvContext = (LPVOID) 1;
exit:
if (pszUserPass != NULL)
delete [] pszUserPass;
if (pszPass != NULL)
{
SecureZeroMemory(pszPass, strlen(pszPass));
FREE_MEMORY(pszPass);
}
AuthUnlock();
DEBUG_LEAVE(dwError);
return dwError;
}
/*---------------------------------------------------------------------------
UpdateFromHeaders
---------------------------------------------------------------------------*/
DWORD BASIC_CTX::UpdateFromHeaders(HTTP_REQUEST_HANDLE_OBJECT *pRequest, BOOL fIsProxy)
{
DEBUG_ENTER ((
DBG_HTTPAUTH,
Dword,
"BASIC_CTX::UpdateFromHeaders",
"this=%#x request=%#x isproxy=%B",
this,
pRequest,
fIsProxy
));
AuthLock();
DWORD dwAuthIdx, cbRealm, dwError;
LPSTR szRealm = NULL;
// Get the associated header.
if ((dwError = FindHdrIdxFromScheme(&dwAuthIdx)) != ERROR_SUCCESS)
goto exit;
// Get any realm.
dwError = GetAuthHeaderData(pRequest, fIsProxy, "Realm",
&szRealm, &cbRealm, ALLOCATE_BUFFER, dwAuthIdx);
// No realm is OK.
if (dwError != ERROR_SUCCESS)
szRealm = NULL;
// If we already have a pwc, ensure that the realm matches. If not,
// find or create a new one and set it in the auth context.
if (_pPWC)
{
if (_pPWC->lpszRealm && szRealm && lstrcmp(_pPWC->lpszRealm, szRealm))
{
// Realms don't match - create a new pwc entry, release the old.
_pPWC->nLockCount--;
_pPWC = FindOrCreatePWC(pRequest, fIsProxy, _pSPMData, szRealm);
INET_ASSERT(_pPWC->pSPM == _pSPMData);
_pPWC->nLockCount++;
}
}
// If no password cache is set in the auth context,
// find or create one and set it in the auth context.
else
{
// Find or create a password cache entry.
_pPWC = FindOrCreatePWC(pRequest, fIsProxy, _pSPMData, szRealm);
if (!_pPWC)
{
dwError = ERROR_INTERNET_INTERNAL_ERROR;
goto exit;
}
INET_ASSERT(_pPWC->pSPM == _pSPMData);
_pPWC->nLockCount++;
}
if (!_pPWC)
{
INET_ASSERT(FALSE);
dwError = ERROR_INTERNET_INTERNAL_ERROR;
goto exit;
}
dwError = ERROR_SUCCESS;
exit:
if (szRealm)
delete []szRealm;
AuthUnlock();
DEBUG_LEAVE(dwError);
return dwError;
}
/*---------------------------------------------------------------------------
PostAuthUser
---------------------------------------------------------------------------*/
DWORD BASIC_CTX::PostAuthUser()
{
DEBUG_ENTER ((
DBG_HTTPAUTH,
Dword,
"BASIC_CTX::PostAuthUser",
"this=%#x",
this
));
DWORD dwRet;
AuthLock();
if (! _pvContext && !_pRequest->GetPWC()
&& _pPWC->lpszUser && _pPWC->lpszPass)
dwRet = ERROR_INTERNET_FORCE_RETRY;
else
dwRet = ERROR_INTERNET_INCORRECT_PASSWORD;
_pRequest->SetPWC(NULL);
_pvContext = (LPVOID) 1;
AuthUnlock();
DEBUG_LEAVE(dwRet);
return dwRet;
}