|
rpm-build |
4f3c61 |
/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
|
|
rpm-build |
4f3c61 |
/*
|
|
rpm-build |
4f3c61 |
* soup-auth-domain.c: HTTP Authentication Domain (server-side)
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* Copyright (C) 2007 Novell, Inc.
|
|
rpm-build |
4f3c61 |
*/
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
#ifdef HAVE_CONFIG_H
|
|
rpm-build |
4f3c61 |
#include <config.h>
|
|
rpm-build |
4f3c61 |
#endif
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
#include <string.h>
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
#include "soup-auth-domain.h"
|
|
rpm-build |
4f3c61 |
#include "soup.h"
|
|
rpm-build |
4f3c61 |
#include "soup-path-map.h"
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/**
|
|
rpm-build |
4f3c61 |
* SECTION:soup-auth-domain
|
|
rpm-build |
4f3c61 |
* @short_description: Server-side authentication
|
|
rpm-build |
4f3c61 |
* @see_also: #SoupServer
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* A #SoupAuthDomain manages authentication for all or part of a
|
|
rpm-build |
4f3c61 |
* #SoupServer. To make a server require authentication, first create
|
|
rpm-build |
4f3c61 |
* an appropriate subclass of #SoupAuthDomain, and then add it to the
|
|
rpm-build |
4f3c61 |
* server with soup_server_add_auth_domain().
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* In order for an auth domain to have any effect, you must add one or
|
|
rpm-build |
4f3c61 |
* more paths to it (via soup_auth_domain_add_path() or the
|
|
rpm-build |
4f3c61 |
* %SOUP_AUTH_DOMAIN_ADD_PATH property). To require authentication for
|
|
rpm-build |
4f3c61 |
* all ordinary requests, add the path "/". (Note that this does not
|
|
rpm-build |
4f3c61 |
* include the special "*" URI (eg, "OPTIONS *"), which must be added
|
|
rpm-build |
4f3c61 |
* as a separate path if you want to cover it.)
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* If you need greater control over which requests should and
|
|
rpm-build |
4f3c61 |
* shouldn't be authenticated, add paths covering everything you
|
|
rpm-build |
4f3c61 |
* <emphasis>might</emphasis> want authenticated, and then use a
|
|
rpm-build |
4f3c61 |
* filter (soup_auth_domain_set_filter()) to bypass authentication for
|
|
rpm-build |
4f3c61 |
* those requests that don't need it.
|
|
rpm-build |
4f3c61 |
**/
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
enum {
|
|
rpm-build |
4f3c61 |
PROP_0,
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
PROP_REALM,
|
|
rpm-build |
4f3c61 |
PROP_PROXY,
|
|
rpm-build |
4f3c61 |
PROP_ADD_PATH,
|
|
rpm-build |
4f3c61 |
PROP_REMOVE_PATH,
|
|
rpm-build |
4f3c61 |
PROP_FILTER,
|
|
rpm-build |
4f3c61 |
PROP_FILTER_DATA,
|
|
rpm-build |
4f3c61 |
PROP_GENERIC_AUTH_CALLBACK,
|
|
rpm-build |
4f3c61 |
PROP_GENERIC_AUTH_DATA,
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
LAST_PROP
|
|
rpm-build |
4f3c61 |
};
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
typedef struct {
|
|
rpm-build |
4f3c61 |
char *realm;
|
|
rpm-build |
4f3c61 |
gboolean proxy;
|
|
rpm-build |
4f3c61 |
SoupPathMap *paths;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
SoupAuthDomainFilter filter;
|
|
rpm-build |
4f3c61 |
gpointer filter_data;
|
|
rpm-build |
4f3c61 |
GDestroyNotify filter_dnotify;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
SoupAuthDomainGenericAuthCallback auth_callback;
|
|
rpm-build |
4f3c61 |
gpointer auth_data;
|
|
rpm-build |
4f3c61 |
GDestroyNotify auth_dnotify;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
} SoupAuthDomainPrivate;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
G_DEFINE_ABSTRACT_TYPE_WITH_PRIVATE (SoupAuthDomain, soup_auth_domain, G_TYPE_OBJECT)
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static void
|
|
rpm-build |
4f3c61 |
soup_auth_domain_init (SoupAuthDomain *domain)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
SoupAuthDomainPrivate *priv = soup_auth_domain_get_instance_private (domain);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
priv->paths = soup_path_map_new (NULL);
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static void
|
|
rpm-build |
4f3c61 |
soup_auth_domain_finalize (GObject *object)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
SoupAuthDomainPrivate *priv = soup_auth_domain_get_instance_private (SOUP_AUTH_DOMAIN (object));
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
g_free (priv->realm);
|
|
rpm-build |
4f3c61 |
soup_path_map_free (priv->paths);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (priv->filter_dnotify)
|
|
rpm-build |
4f3c61 |
priv->filter_dnotify (priv->filter_data);
|
|
rpm-build |
4f3c61 |
if (priv->auth_dnotify)
|
|
rpm-build |
4f3c61 |
priv->auth_dnotify (priv->auth_data);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
G_OBJECT_CLASS (soup_auth_domain_parent_class)->finalize (object);
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static void
|
|
rpm-build |
4f3c61 |
soup_auth_domain_set_property (GObject *object, guint prop_id,
|
|
rpm-build |
4f3c61 |
const GValue *value, GParamSpec *pspec)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
SoupAuthDomain *auth_domain = SOUP_AUTH_DOMAIN (object);
|
|
rpm-build |
4f3c61 |
SoupAuthDomainPrivate *priv = soup_auth_domain_get_instance_private (auth_domain);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
switch (prop_id) {
|
|
rpm-build |
4f3c61 |
case PROP_REALM:
|
|
rpm-build |
4f3c61 |
g_free (priv->realm);
|
|
rpm-build |
4f3c61 |
priv->realm = g_value_dup_string (value);
|
|
rpm-build |
4f3c61 |
break;
|
|
rpm-build |
4f3c61 |
case PROP_PROXY:
|
|
rpm-build |
4f3c61 |
priv->proxy = g_value_get_boolean (value);
|
|
rpm-build |
4f3c61 |
break;
|
|
rpm-build |
4f3c61 |
case PROP_ADD_PATH:
|
|
rpm-build |
4f3c61 |
soup_auth_domain_add_path (auth_domain,
|
|
rpm-build |
4f3c61 |
g_value_get_string (value));
|
|
rpm-build |
4f3c61 |
break;
|
|
rpm-build |
4f3c61 |
case PROP_REMOVE_PATH:
|
|
rpm-build |
4f3c61 |
soup_auth_domain_remove_path (auth_domain,
|
|
rpm-build |
4f3c61 |
g_value_get_string (value));
|
|
rpm-build |
4f3c61 |
break;
|
|
rpm-build |
4f3c61 |
case PROP_FILTER:
|
|
rpm-build |
4f3c61 |
priv->filter = g_value_get_pointer (value);
|
|
rpm-build |
4f3c61 |
break;
|
|
rpm-build |
4f3c61 |
case PROP_FILTER_DATA:
|
|
rpm-build |
4f3c61 |
if (priv->filter_dnotify) {
|
|
rpm-build |
4f3c61 |
priv->filter_dnotify (priv->filter_data);
|
|
rpm-build |
4f3c61 |
priv->filter_dnotify = NULL;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
priv->filter_data = g_value_get_pointer (value);
|
|
rpm-build |
4f3c61 |
break;
|
|
rpm-build |
4f3c61 |
case PROP_GENERIC_AUTH_CALLBACK:
|
|
rpm-build |
4f3c61 |
priv->auth_callback = g_value_get_pointer (value);
|
|
rpm-build |
4f3c61 |
break;
|
|
rpm-build |
4f3c61 |
case PROP_GENERIC_AUTH_DATA:
|
|
rpm-build |
4f3c61 |
if (priv->auth_dnotify) {
|
|
rpm-build |
4f3c61 |
priv->auth_dnotify (priv->auth_data);
|
|
rpm-build |
4f3c61 |
priv->auth_dnotify = NULL;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
priv->auth_data = g_value_get_pointer (value);
|
|
rpm-build |
4f3c61 |
break;
|
|
rpm-build |
4f3c61 |
default:
|
|
rpm-build |
4f3c61 |
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
|
|
rpm-build |
4f3c61 |
break;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static void
|
|
rpm-build |
4f3c61 |
soup_auth_domain_get_property (GObject *object, guint prop_id,
|
|
rpm-build |
4f3c61 |
GValue *value, GParamSpec *pspec)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
SoupAuthDomainPrivate *priv = soup_auth_domain_get_instance_private (SOUP_AUTH_DOMAIN (object));
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
switch (prop_id) {
|
|
rpm-build |
4f3c61 |
case PROP_REALM:
|
|
rpm-build |
4f3c61 |
g_value_set_string (value, priv->realm);
|
|
rpm-build |
4f3c61 |
break;
|
|
rpm-build |
4f3c61 |
case PROP_PROXY:
|
|
rpm-build |
4f3c61 |
g_value_set_boolean (value, priv->proxy);
|
|
rpm-build |
4f3c61 |
break;
|
|
rpm-build |
4f3c61 |
case PROP_FILTER:
|
|
rpm-build |
4f3c61 |
g_value_set_pointer (value, priv->filter);
|
|
rpm-build |
4f3c61 |
break;
|
|
rpm-build |
4f3c61 |
case PROP_FILTER_DATA:
|
|
rpm-build |
4f3c61 |
g_value_set_pointer (value, priv->filter_data);
|
|
rpm-build |
4f3c61 |
break;
|
|
rpm-build |
4f3c61 |
case PROP_GENERIC_AUTH_CALLBACK:
|
|
rpm-build |
4f3c61 |
g_value_set_pointer (value, priv->auth_callback);
|
|
rpm-build |
4f3c61 |
break;
|
|
rpm-build |
4f3c61 |
case PROP_GENERIC_AUTH_DATA:
|
|
rpm-build |
4f3c61 |
g_value_set_pointer (value, priv->auth_data);
|
|
rpm-build |
4f3c61 |
break;
|
|
rpm-build |
4f3c61 |
default:
|
|
rpm-build |
4f3c61 |
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
|
|
rpm-build |
4f3c61 |
break;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
static void
|
|
rpm-build |
4f3c61 |
soup_auth_domain_class_init (SoupAuthDomainClass *auth_domain_class)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
GObjectClass *object_class = G_OBJECT_CLASS (auth_domain_class);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
object_class->finalize = soup_auth_domain_finalize;
|
|
rpm-build |
4f3c61 |
object_class->set_property = soup_auth_domain_set_property;
|
|
rpm-build |
4f3c61 |
object_class->get_property = soup_auth_domain_get_property;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/**
|
|
rpm-build |
4f3c61 |
* SOUP_AUTH_DOMAIN_REALM:
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* Alias for the #SoupAuthDomain:realm property. (The realm of
|
|
rpm-build |
4f3c61 |
* this auth domain.)
|
|
rpm-build |
4f3c61 |
**/
|
|
rpm-build |
4f3c61 |
g_object_class_install_property (
|
|
rpm-build |
4f3c61 |
object_class, PROP_REALM,
|
|
rpm-build |
4f3c61 |
g_param_spec_string (SOUP_AUTH_DOMAIN_REALM,
|
|
rpm-build |
4f3c61 |
"Realm",
|
|
rpm-build |
4f3c61 |
"The realm of this auth domain",
|
|
rpm-build |
4f3c61 |
NULL,
|
|
rpm-build |
4f3c61 |
G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
|
|
rpm-build |
4f3c61 |
/**
|
|
rpm-build |
4f3c61 |
* SOUP_AUTH_DOMAIN_PROXY:
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* Alias for the #SoupAuthDomain:proxy property. (Whether or
|
|
rpm-build |
4f3c61 |
* not this is a proxy auth domain.)
|
|
rpm-build |
4f3c61 |
**/
|
|
rpm-build |
4f3c61 |
g_object_class_install_property (
|
|
rpm-build |
4f3c61 |
object_class, PROP_PROXY,
|
|
rpm-build |
4f3c61 |
g_param_spec_boolean (SOUP_AUTH_DOMAIN_PROXY,
|
|
rpm-build |
4f3c61 |
"Proxy",
|
|
rpm-build |
4f3c61 |
"Whether or not this is a proxy auth domain",
|
|
rpm-build |
4f3c61 |
FALSE,
|
|
rpm-build |
4f3c61 |
G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
|
|
rpm-build |
4f3c61 |
/**
|
|
rpm-build |
4f3c61 |
* SOUP_AUTH_DOMAIN_ADD_PATH:
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* Alias for the #SoupAuthDomain:add-path property. (Shortcut
|
|
rpm-build |
4f3c61 |
* for calling soup_auth_domain_add_path().)
|
|
rpm-build |
4f3c61 |
**/
|
|
rpm-build |
4f3c61 |
g_object_class_install_property (
|
|
rpm-build |
4f3c61 |
object_class, PROP_ADD_PATH,
|
|
rpm-build |
4f3c61 |
g_param_spec_string (SOUP_AUTH_DOMAIN_ADD_PATH,
|
|
rpm-build |
4f3c61 |
"Add a path",
|
|
rpm-build |
4f3c61 |
"Add a path covered by this auth domain",
|
|
rpm-build |
4f3c61 |
NULL,
|
|
rpm-build |
4f3c61 |
G_PARAM_WRITABLE));
|
|
rpm-build |
4f3c61 |
/**
|
|
rpm-build |
4f3c61 |
* SOUP_AUTH_DOMAIN_REMOVE_PATH:
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* Alias for the #SoupAuthDomain:remove-path property.
|
|
rpm-build |
4f3c61 |
* (Shortcut for calling soup_auth_domain_remove_path().)
|
|
rpm-build |
4f3c61 |
**/
|
|
rpm-build |
4f3c61 |
g_object_class_install_property (
|
|
rpm-build |
4f3c61 |
object_class, PROP_REMOVE_PATH,
|
|
rpm-build |
4f3c61 |
g_param_spec_string (SOUP_AUTH_DOMAIN_REMOVE_PATH,
|
|
rpm-build |
4f3c61 |
"Remove a path",
|
|
rpm-build |
4f3c61 |
"Remove a path covered by this auth domain",
|
|
rpm-build |
4f3c61 |
NULL,
|
|
rpm-build |
4f3c61 |
G_PARAM_WRITABLE));
|
|
rpm-build |
4f3c61 |
/**
|
|
rpm-build |
4f3c61 |
* SOUP_AUTH_DOMAIN_FILTER:
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* Alias for the #SoupAuthDomain:filter property. (The
|
|
rpm-build |
4f3c61 |
* #SoupAuthDomainFilter for the domain.)
|
|
rpm-build |
4f3c61 |
**/
|
|
rpm-build |
4f3c61 |
g_object_class_install_property (
|
|
rpm-build |
4f3c61 |
object_class, PROP_FILTER,
|
|
rpm-build |
4f3c61 |
g_param_spec_pointer (SOUP_AUTH_DOMAIN_FILTER,
|
|
rpm-build |
4f3c61 |
"Filter",
|
|
rpm-build |
4f3c61 |
"A filter for deciding whether or not to require authentication",
|
|
rpm-build |
4f3c61 |
G_PARAM_READWRITE));
|
|
rpm-build |
4f3c61 |
/**
|
|
rpm-build |
4f3c61 |
* SOUP_AUTH_DOMAIN_FILTER_DATA:
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* Alias for the #SoupAuthDomain:filter-data property. (Data
|
|
rpm-build |
4f3c61 |
* to pass to the #SoupAuthDomainFilter.)
|
|
rpm-build |
4f3c61 |
**/
|
|
rpm-build |
4f3c61 |
g_object_class_install_property (
|
|
rpm-build |
4f3c61 |
object_class, PROP_FILTER_DATA,
|
|
rpm-build |
4f3c61 |
g_param_spec_pointer (SOUP_AUTH_DOMAIN_FILTER_DATA,
|
|
rpm-build |
4f3c61 |
"Filter data",
|
|
rpm-build |
4f3c61 |
"Data to pass to filter",
|
|
rpm-build |
4f3c61 |
G_PARAM_READWRITE));
|
|
rpm-build |
4f3c61 |
/**
|
|
rpm-build |
4f3c61 |
* SOUP_AUTH_DOMAIN_GENERIC_AUTH_CALLBACK:
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* Alias for the #SoupAuthDomain:generic-auth-callback property.
|
|
rpm-build |
4f3c61 |
* (The #SoupAuthDomainGenericAuthCallback.)
|
|
rpm-build |
4f3c61 |
**/
|
|
rpm-build |
4f3c61 |
g_object_class_install_property (
|
|
rpm-build |
4f3c61 |
object_class, PROP_GENERIC_AUTH_CALLBACK,
|
|
rpm-build |
4f3c61 |
g_param_spec_pointer (SOUP_AUTH_DOMAIN_GENERIC_AUTH_CALLBACK,
|
|
rpm-build |
4f3c61 |
"Generic authentication callback",
|
|
rpm-build |
4f3c61 |
"An authentication callback that can be used with any SoupAuthDomain subclass",
|
|
rpm-build |
4f3c61 |
G_PARAM_READWRITE));
|
|
rpm-build |
4f3c61 |
/**
|
|
rpm-build |
4f3c61 |
* SOUP_AUTH_DOMAIN_GENERIC_AUTH_DATA:
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* Alias for the #SoupAuthDomain:generic-auth-data property.
|
|
rpm-build |
4f3c61 |
* (The data to pass to the #SoupAuthDomainGenericAuthCallback.)
|
|
rpm-build |
4f3c61 |
**/
|
|
rpm-build |
4f3c61 |
g_object_class_install_property (
|
|
rpm-build |
4f3c61 |
object_class, PROP_GENERIC_AUTH_DATA,
|
|
rpm-build |
4f3c61 |
g_param_spec_pointer (SOUP_AUTH_DOMAIN_GENERIC_AUTH_DATA,
|
|
rpm-build |
4f3c61 |
"Authentication callback data",
|
|
rpm-build |
4f3c61 |
"Data to pass to auth callback",
|
|
rpm-build |
4f3c61 |
G_PARAM_READWRITE));
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/**
|
|
rpm-build |
4f3c61 |
* soup_auth_domain_add_path:
|
|
rpm-build |
4f3c61 |
* @domain: a #SoupAuthDomain
|
|
rpm-build |
4f3c61 |
* @path: the path to add to @domain
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* Adds @path to @domain, such that requests under @path on @domain's
|
|
rpm-build |
4f3c61 |
* server will require authentication (unless overridden by
|
|
rpm-build |
4f3c61 |
* soup_auth_domain_remove_path() or soup_auth_domain_set_filter()).
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* You can also add paths by setting the %SOUP_AUTH_DOMAIN_ADD_PATH
|
|
rpm-build |
4f3c61 |
* property, which can also be used to add one or more paths at
|
|
rpm-build |
4f3c61 |
* construct time.
|
|
rpm-build |
4f3c61 |
**/
|
|
rpm-build |
4f3c61 |
void
|
|
rpm-build |
4f3c61 |
soup_auth_domain_add_path (SoupAuthDomain *domain, const char *path)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
SoupAuthDomainPrivate *priv = soup_auth_domain_get_instance_private (domain);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/* "" should not match "*" */
|
|
rpm-build |
4f3c61 |
if (!*path)
|
|
rpm-build |
4f3c61 |
path = "/";
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
soup_path_map_add (priv->paths, path, GINT_TO_POINTER (TRUE));
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/**
|
|
rpm-build |
4f3c61 |
* soup_auth_domain_remove_path:
|
|
rpm-build |
4f3c61 |
* @domain: a #SoupAuthDomain
|
|
rpm-build |
4f3c61 |
* @path: the path to remove from @domain
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* Removes @path from @domain, such that requests under @path on
|
|
rpm-build |
4f3c61 |
* @domain's server will NOT require authentication.
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* This is not simply an undo-er for soup_auth_domain_add_path(); it
|
|
rpm-build |
4f3c61 |
* can be used to "carve out" a subtree that does not require
|
|
rpm-build |
4f3c61 |
* authentication inside a hierarchy that does. Note also that unlike
|
|
rpm-build |
4f3c61 |
* with soup_auth_domain_add_path(), this cannot be overridden by
|
|
rpm-build |
4f3c61 |
* adding a filter, as filters can only bypass authentication that
|
|
rpm-build |
4f3c61 |
* would otherwise be required, not require it where it would
|
|
rpm-build |
4f3c61 |
* otherwise be unnecessary.
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* You can also remove paths by setting the
|
|
rpm-build |
4f3c61 |
* %SOUP_AUTH_DOMAIN_REMOVE_PATH property, which can also be used to
|
|
rpm-build |
4f3c61 |
* remove one or more paths at construct time.
|
|
rpm-build |
4f3c61 |
**/
|
|
rpm-build |
4f3c61 |
void
|
|
rpm-build |
4f3c61 |
soup_auth_domain_remove_path (SoupAuthDomain *domain, const char *path)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
SoupAuthDomainPrivate *priv = soup_auth_domain_get_instance_private (domain);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/* "" should not match "*" */
|
|
rpm-build |
4f3c61 |
if (!*path)
|
|
rpm-build |
4f3c61 |
path = "/";
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
soup_path_map_add (priv->paths, path, GINT_TO_POINTER (FALSE));
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/**
|
|
rpm-build |
4f3c61 |
* SoupAuthDomainFilter:
|
|
rpm-build |
4f3c61 |
* @domain: a #SoupAuthDomain
|
|
rpm-build |
4f3c61 |
* @msg: a #SoupMessage
|
|
rpm-build |
4f3c61 |
* @user_data: the data passed to soup_auth_domain_set_filter()
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* The prototype for a #SoupAuthDomain filter; see
|
|
rpm-build |
4f3c61 |
* soup_auth_domain_set_filter() for details.
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* Return value: %TRUE if @msg requires authentication, %FALSE if not.
|
|
rpm-build |
4f3c61 |
**/
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/**
|
|
rpm-build |
4f3c61 |
* soup_auth_domain_set_filter:
|
|
rpm-build |
4f3c61 |
* @domain: a #SoupAuthDomain
|
|
rpm-build |
4f3c61 |
* @filter: the auth filter for @domain
|
|
rpm-build |
4f3c61 |
* @filter_data: data to pass to @filter
|
|
rpm-build |
4f3c61 |
* @dnotify: destroy notifier to free @filter_data when @domain
|
|
rpm-build |
4f3c61 |
* is destroyed
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* Adds @filter as an authentication filter to @domain. The filter
|
|
rpm-build |
4f3c61 |
* gets a chance to bypass authentication for certain requests that
|
|
rpm-build |
4f3c61 |
* would otherwise require it. Eg, it might check the message's path
|
|
rpm-build |
4f3c61 |
* in some way that is too complicated to do via the other methods, or
|
|
rpm-build |
4f3c61 |
* it might check the message's method, and allow GETs but not PUTs.
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* The filter function returns %TRUE if the request should still
|
|
rpm-build |
4f3c61 |
* require authentication, or %FALSE if authentication is unnecessary
|
|
rpm-build |
4f3c61 |
* for this request.
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* To help prevent security holes, your filter should return %TRUE by
|
|
rpm-build |
4f3c61 |
* default, and only return %FALSE under specifically-tested
|
|
rpm-build |
4f3c61 |
* circumstances, rather than the other way around. Eg, in the example
|
|
rpm-build |
4f3c61 |
* above, where you want to authenticate PUTs but not GETs, you should
|
|
rpm-build |
4f3c61 |
* check if the method is GET and return %FALSE in that case, and then
|
|
rpm-build |
4f3c61 |
* return %TRUE for all other methods (rather than returning %TRUE for
|
|
rpm-build |
4f3c61 |
* PUT and %FALSE for all other methods). This way if it turned out
|
|
rpm-build |
4f3c61 |
* (now or later) that some paths supported additional methods besides
|
|
rpm-build |
4f3c61 |
* GET and PUT, those methods would default to being NOT allowed for
|
|
rpm-build |
4f3c61 |
* unauthenticated users.
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* You can also set the filter by setting the %SOUP_AUTH_DOMAIN_FILTER
|
|
rpm-build |
4f3c61 |
* and %SOUP_AUTH_DOMAIN_FILTER_DATA properties, which can also be
|
|
rpm-build |
4f3c61 |
* used to set the filter at construct time.
|
|
rpm-build |
4f3c61 |
**/
|
|
rpm-build |
4f3c61 |
void
|
|
rpm-build |
4f3c61 |
soup_auth_domain_set_filter (SoupAuthDomain *domain,
|
|
rpm-build |
4f3c61 |
SoupAuthDomainFilter filter,
|
|
rpm-build |
4f3c61 |
gpointer filter_data,
|
|
rpm-build |
4f3c61 |
GDestroyNotify dnotify)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
SoupAuthDomainPrivate *priv = soup_auth_domain_get_instance_private (domain);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (priv->filter_dnotify)
|
|
rpm-build |
4f3c61 |
priv->filter_dnotify (priv->filter_data);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
priv->filter = filter;
|
|
rpm-build |
4f3c61 |
priv->filter_data = filter_data;
|
|
rpm-build |
4f3c61 |
priv->filter_dnotify = dnotify;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
g_object_notify (G_OBJECT (domain), SOUP_AUTH_DOMAIN_FILTER);
|
|
rpm-build |
4f3c61 |
g_object_notify (G_OBJECT (domain), SOUP_AUTH_DOMAIN_FILTER_DATA);
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/**
|
|
rpm-build |
4f3c61 |
* soup_auth_domain_get_realm:
|
|
rpm-build |
4f3c61 |
* @domain: a #SoupAuthDomain
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* Gets the realm name associated with @domain
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* Return value: @domain's realm
|
|
rpm-build |
4f3c61 |
**/
|
|
rpm-build |
4f3c61 |
const char *
|
|
rpm-build |
4f3c61 |
soup_auth_domain_get_realm (SoupAuthDomain *domain)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
SoupAuthDomainPrivate *priv = soup_auth_domain_get_instance_private (domain);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
return priv->realm;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/**
|
|
rpm-build |
4f3c61 |
* SoupAuthDomainGenericAuthCallback:
|
|
rpm-build |
4f3c61 |
* @domain: a #SoupAuthDomain
|
|
rpm-build |
4f3c61 |
* @msg: the #SoupMessage being authenticated
|
|
rpm-build |
4f3c61 |
* @username: the username from @msg
|
|
rpm-build |
4f3c61 |
* @user_data: the data passed to
|
|
rpm-build |
4f3c61 |
* soup_auth_domain_set_generic_auth_callback()
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* The prototype for a #SoupAuthDomain generic authentication callback.
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* The callback should look up the user's password, call
|
|
rpm-build |
4f3c61 |
* soup_auth_domain_check_password(), and use the return value from
|
|
rpm-build |
4f3c61 |
* that method as its own return value.
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* In general, for security reasons, it is preferable to use the
|
|
rpm-build |
4f3c61 |
* auth-domain-specific auth callbacks (eg,
|
|
rpm-build |
4f3c61 |
* #SoupAuthDomainBasicAuthCallback and
|
|
rpm-build |
4f3c61 |
* #SoupAuthDomainDigestAuthCallback), because they don't require
|
|
rpm-build |
4f3c61 |
* keeping a cleartext password database. Most users will use the same
|
|
rpm-build |
4f3c61 |
* password for many different sites, meaning if any site with a
|
|
rpm-build |
4f3c61 |
* cleartext password database is compromised, accounts on other
|
|
rpm-build |
4f3c61 |
* servers might be compromised as well. For many of the cases where
|
|
rpm-build |
4f3c61 |
* #SoupServer is used, this is not really relevant, but it may still
|
|
rpm-build |
4f3c61 |
* be worth considering.
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* Return value: %TRUE if @msg is authenticated, %FALSE if not.
|
|
rpm-build |
4f3c61 |
**/
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/**
|
|
rpm-build |
4f3c61 |
* soup_auth_domain_set_generic_auth_callback:
|
|
rpm-build |
4f3c61 |
* @domain: a #SoupAuthDomain
|
|
rpm-build |
4f3c61 |
* @auth_callback: the auth callback
|
|
rpm-build |
4f3c61 |
* @auth_data: data to pass to @auth_callback
|
|
rpm-build |
4f3c61 |
* @dnotify: destroy notifier to free @auth_data when @domain
|
|
rpm-build |
4f3c61 |
* is destroyed
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* Sets @auth_callback as an authentication-handling callback for
|
|
rpm-build |
4f3c61 |
* @domain. Whenever a request comes in to @domain which cannot be
|
|
rpm-build |
4f3c61 |
* authenticated via a domain-specific auth callback (eg,
|
|
rpm-build |
4f3c61 |
* #SoupAuthDomainDigestAuthCallback), the generic auth callback
|
|
rpm-build |
4f3c61 |
* will be invoked. See #SoupAuthDomainGenericAuthCallback for information
|
|
rpm-build |
4f3c61 |
* on what the callback should do.
|
|
rpm-build |
4f3c61 |
**/
|
|
rpm-build |
4f3c61 |
void
|
|
rpm-build |
4f3c61 |
soup_auth_domain_set_generic_auth_callback (SoupAuthDomain *domain,
|
|
rpm-build |
4f3c61 |
SoupAuthDomainGenericAuthCallback auth_callback,
|
|
rpm-build |
4f3c61 |
gpointer auth_data,
|
|
rpm-build |
4f3c61 |
GDestroyNotify dnotify)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
SoupAuthDomainPrivate *priv = soup_auth_domain_get_instance_private (domain);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (priv->auth_dnotify)
|
|
rpm-build |
4f3c61 |
priv->auth_dnotify (priv->auth_data);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
priv->auth_callback = auth_callback;
|
|
rpm-build |
4f3c61 |
priv->auth_data = auth_data;
|
|
rpm-build |
4f3c61 |
priv->auth_dnotify = dnotify;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
g_object_notify (G_OBJECT (domain), SOUP_AUTH_DOMAIN_GENERIC_AUTH_CALLBACK);
|
|
rpm-build |
4f3c61 |
g_object_notify (G_OBJECT (domain), SOUP_AUTH_DOMAIN_GENERIC_AUTH_DATA);
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
gboolean
|
|
rpm-build |
4f3c61 |
soup_auth_domain_try_generic_auth_callback (SoupAuthDomain *domain,
|
|
rpm-build |
4f3c61 |
SoupMessage *msg,
|
|
rpm-build |
4f3c61 |
const char *username)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
SoupAuthDomainPrivate *priv = soup_auth_domain_get_instance_private (domain);
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (priv->auth_callback)
|
|
rpm-build |
4f3c61 |
return priv->auth_callback (domain, msg, username, priv->auth_data);
|
|
rpm-build |
4f3c61 |
else
|
|
rpm-build |
4f3c61 |
return FALSE;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/**
|
|
rpm-build |
4f3c61 |
* soup_auth_domain_check_password:
|
|
rpm-build |
4f3c61 |
* @domain: a #SoupAuthDomain
|
|
rpm-build |
4f3c61 |
* @msg: a #SoupMessage
|
|
rpm-build |
4f3c61 |
* @username: a username
|
|
rpm-build |
4f3c61 |
* @password: a password
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* Checks if @msg authenticates to @domain via @username and
|
|
rpm-build |
4f3c61 |
* @password. This would normally be called from a
|
|
rpm-build |
4f3c61 |
* #SoupAuthDomainGenericAuthCallback.
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* Return value: whether or not the message is authenticated
|
|
rpm-build |
4f3c61 |
**/
|
|
rpm-build |
4f3c61 |
gboolean
|
|
rpm-build |
4f3c61 |
soup_auth_domain_check_password (SoupAuthDomain *domain,
|
|
rpm-build |
4f3c61 |
SoupMessage *msg,
|
|
rpm-build |
4f3c61 |
const char *username,
|
|
rpm-build |
4f3c61 |
const char *password)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
return SOUP_AUTH_DOMAIN_GET_CLASS (domain)->check_password (domain, msg,
|
|
rpm-build |
4f3c61 |
username,
|
|
rpm-build |
4f3c61 |
password);
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/**
|
|
rpm-build |
4f3c61 |
* soup_auth_domain_covers:
|
|
rpm-build |
4f3c61 |
* @domain: a #SoupAuthDomain
|
|
rpm-build |
4f3c61 |
* @msg: a #SoupMessage
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* Checks if @domain requires @msg to be authenticated (according to
|
|
rpm-build |
4f3c61 |
* its paths and filter function). This does not actually look at
|
|
rpm-build |
4f3c61 |
* whether @msg <emphasis>is</emphasis> authenticated, merely whether
|
|
rpm-build |
4f3c61 |
* or not it needs to be.
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* This is used by #SoupServer internally and is probably of no use to
|
|
rpm-build |
4f3c61 |
* anyone else.
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* Return value: %TRUE if @domain requires @msg to be authenticated
|
|
rpm-build |
4f3c61 |
**/
|
|
rpm-build |
4f3c61 |
gboolean
|
|
rpm-build |
4f3c61 |
soup_auth_domain_covers (SoupAuthDomain *domain, SoupMessage *msg)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
SoupAuthDomainPrivate *priv = soup_auth_domain_get_instance_private (domain);
|
|
rpm-build |
4f3c61 |
const char *path;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (!priv->proxy) {
|
|
rpm-build |
4f3c61 |
path = soup_message_get_uri (msg)->path;
|
|
rpm-build |
4f3c61 |
if (!soup_path_map_lookup (priv->paths, path))
|
|
rpm-build |
4f3c61 |
return FALSE;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
if (priv->filter && !priv->filter (domain, msg, priv->filter_data))
|
|
rpm-build |
4f3c61 |
return FALSE;
|
|
rpm-build |
4f3c61 |
else
|
|
rpm-build |
4f3c61 |
return TRUE;
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/**
|
|
rpm-build |
4f3c61 |
* soup_auth_domain_accepts:
|
|
rpm-build |
4f3c61 |
* @domain: a #SoupAuthDomain
|
|
rpm-build |
4f3c61 |
* @msg: a #SoupMessage
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* Checks if @msg contains appropriate authorization for @domain to
|
|
rpm-build |
4f3c61 |
* accept it. Mirroring soup_auth_domain_covers(), this does not check
|
|
rpm-build |
4f3c61 |
* whether or not @domain <emphasis>cares</emphasis> if @msg is
|
|
rpm-build |
4f3c61 |
* authorized.
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* This is used by #SoupServer internally and is probably of no use to
|
|
rpm-build |
4f3c61 |
* anyone else.
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* Return value: (nullable): the username that @msg has authenticated
|
|
rpm-build |
4f3c61 |
* as, if in fact it has authenticated. %NULL otherwise.
|
|
rpm-build |
4f3c61 |
**/
|
|
rpm-build |
4f3c61 |
char *
|
|
rpm-build |
4f3c61 |
soup_auth_domain_accepts (SoupAuthDomain *domain, SoupMessage *msg)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
SoupAuthDomainPrivate *priv = soup_auth_domain_get_instance_private (domain);
|
|
rpm-build |
4f3c61 |
const char *header;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
header = soup_message_headers_get_one (msg->request_headers,
|
|
rpm-build |
4f3c61 |
priv->proxy ?
|
|
rpm-build |
4f3c61 |
"Proxy-Authorization" :
|
|
rpm-build |
4f3c61 |
"Authorization");
|
|
rpm-build |
4f3c61 |
if (!header)
|
|
rpm-build |
4f3c61 |
return NULL;
|
|
rpm-build |
4f3c61 |
return SOUP_AUTH_DOMAIN_GET_CLASS (domain)->accepts (domain, msg, header);
|
|
rpm-build |
4f3c61 |
}
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
/**
|
|
rpm-build |
4f3c61 |
* soup_auth_domain_challenge:
|
|
rpm-build |
4f3c61 |
* @domain: a #SoupAuthDomain
|
|
rpm-build |
4f3c61 |
* @msg: a #SoupMessage
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* Adds a "WWW-Authenticate" or "Proxy-Authenticate" header to @msg,
|
|
rpm-build |
4f3c61 |
* requesting that the client authenticate, and sets @msg's status
|
|
rpm-build |
4f3c61 |
* accordingly.
|
|
rpm-build |
4f3c61 |
*
|
|
rpm-build |
4f3c61 |
* This is used by #SoupServer internally and is probably of no use to
|
|
rpm-build |
4f3c61 |
* anyone else.
|
|
rpm-build |
4f3c61 |
**/
|
|
rpm-build |
4f3c61 |
void
|
|
rpm-build |
4f3c61 |
soup_auth_domain_challenge (SoupAuthDomain *domain, SoupMessage *msg)
|
|
rpm-build |
4f3c61 |
{
|
|
rpm-build |
4f3c61 |
SoupAuthDomainPrivate *priv = soup_auth_domain_get_instance_private (domain);
|
|
rpm-build |
4f3c61 |
char *challenge;
|
|
rpm-build |
4f3c61 |
|
|
rpm-build |
4f3c61 |
challenge = SOUP_AUTH_DOMAIN_GET_CLASS (domain)->challenge (domain, msg);
|
|
rpm-build |
4f3c61 |
soup_message_set_status (msg, priv->proxy ?
|
|
rpm-build |
4f3c61 |
SOUP_STATUS_PROXY_UNAUTHORIZED :
|
|
rpm-build |
4f3c61 |
SOUP_STATUS_UNAUTHORIZED);
|
|
rpm-build |
4f3c61 |
soup_message_headers_append (msg->response_headers,
|
|
rpm-build |
4f3c61 |
priv->proxy ?
|
|
rpm-build |
4f3c61 |
"Proxy-Authenticate" :
|
|
rpm-build |
4f3c61 |
"WWW-Authenticate",
|
|
rpm-build |
4f3c61 |
challenge);
|
|
rpm-build |
4f3c61 |
g_free (challenge);
|
|
rpm-build |
4f3c61 |
}
|