/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
/*
* soup-auth-domain.c: HTTP Authentication Domain (server-side)
*
* Copyright (C) 2007 Novell, Inc.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <string.h>
#include "soup-auth-domain.h"
#include "soup.h"
#include "soup-path-map.h"
/**
* SECTION:soup-auth-domain
* @short_description: Server-side authentication
* @see_also: #SoupServer
*
* A #SoupAuthDomain manages authentication for all or part of a
* #SoupServer. To make a server require authentication, first create
* an appropriate subclass of #SoupAuthDomain, and then add it to the
* server with soup_server_add_auth_domain().
*
* In order for an auth domain to have any effect, you must add one or
* more paths to it (via soup_auth_domain_add_path() or the
* %SOUP_AUTH_DOMAIN_ADD_PATH property). To require authentication for
* all ordinary requests, add the path "/". (Note that this does not
* include the special "*" URI (eg, "OPTIONS *"), which must be added
* as a separate path if you want to cover it.)
*
* If you need greater control over which requests should and
* shouldn't be authenticated, add paths covering everything you
* <emphasis>might</emphasis> want authenticated, and then use a
* filter (soup_auth_domain_set_filter()) to bypass authentication for
* those requests that don't need it.
**/
enum {
PROP_0,
PROP_REALM,
PROP_PROXY,
PROP_ADD_PATH,
PROP_REMOVE_PATH,
PROP_FILTER,
PROP_FILTER_DATA,
PROP_GENERIC_AUTH_CALLBACK,
PROP_GENERIC_AUTH_DATA,
LAST_PROP
};
typedef struct {
char *realm;
gboolean proxy;
SoupPathMap *paths;
SoupAuthDomainFilter filter;
gpointer filter_data;
GDestroyNotify filter_dnotify;
SoupAuthDomainGenericAuthCallback auth_callback;
gpointer auth_data;
GDestroyNotify auth_dnotify;
} SoupAuthDomainPrivate;
G_DEFINE_ABSTRACT_TYPE_WITH_PRIVATE (SoupAuthDomain, soup_auth_domain, G_TYPE_OBJECT)
static void
soup_auth_domain_init (SoupAuthDomain *domain)
{
SoupAuthDomainPrivate *priv = soup_auth_domain_get_instance_private (domain);
priv->paths = soup_path_map_new (NULL);
}
static void
soup_auth_domain_finalize (GObject *object)
{
SoupAuthDomainPrivate *priv = soup_auth_domain_get_instance_private (SOUP_AUTH_DOMAIN (object));
g_free (priv->realm);
soup_path_map_free (priv->paths);
if (priv->filter_dnotify)
priv->filter_dnotify (priv->filter_data);
if (priv->auth_dnotify)
priv->auth_dnotify (priv->auth_data);
G_OBJECT_CLASS (soup_auth_domain_parent_class)->finalize (object);
}
static void
soup_auth_domain_set_property (GObject *object, guint prop_id,
const GValue *value, GParamSpec *pspec)
{
SoupAuthDomain *auth_domain = SOUP_AUTH_DOMAIN (object);
SoupAuthDomainPrivate *priv = soup_auth_domain_get_instance_private (auth_domain);
switch (prop_id) {
case PROP_REALM:
g_free (priv->realm);
priv->realm = g_value_dup_string (value);
break;
case PROP_PROXY:
priv->proxy = g_value_get_boolean (value);
break;
case PROP_ADD_PATH:
soup_auth_domain_add_path (auth_domain,
g_value_get_string (value));
break;
case PROP_REMOVE_PATH:
soup_auth_domain_remove_path (auth_domain,
g_value_get_string (value));
break;
case PROP_FILTER:
priv->filter = g_value_get_pointer (value);
break;
case PROP_FILTER_DATA:
if (priv->filter_dnotify) {
priv->filter_dnotify (priv->filter_data);
priv->filter_dnotify = NULL;
}
priv->filter_data = g_value_get_pointer (value);
break;
case PROP_GENERIC_AUTH_CALLBACK:
priv->auth_callback = g_value_get_pointer (value);
break;
case PROP_GENERIC_AUTH_DATA:
if (priv->auth_dnotify) {
priv->auth_dnotify (priv->auth_data);
priv->auth_dnotify = NULL;
}
priv->auth_data = g_value_get_pointer (value);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
}
}
static void
soup_auth_domain_get_property (GObject *object, guint prop_id,
GValue *value, GParamSpec *pspec)
{
SoupAuthDomainPrivate *priv = soup_auth_domain_get_instance_private (SOUP_AUTH_DOMAIN (object));
switch (prop_id) {
case PROP_REALM:
g_value_set_string (value, priv->realm);
break;
case PROP_PROXY:
g_value_set_boolean (value, priv->proxy);
break;
case PROP_FILTER:
g_value_set_pointer (value, priv->filter);
break;
case PROP_FILTER_DATA:
g_value_set_pointer (value, priv->filter_data);
break;
case PROP_GENERIC_AUTH_CALLBACK:
g_value_set_pointer (value, priv->auth_callback);
break;
case PROP_GENERIC_AUTH_DATA:
g_value_set_pointer (value, priv->auth_data);
break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
}
}
static void
soup_auth_domain_class_init (SoupAuthDomainClass *auth_domain_class)
{
GObjectClass *object_class = G_OBJECT_CLASS (auth_domain_class);
object_class->finalize = soup_auth_domain_finalize;
object_class->set_property = soup_auth_domain_set_property;
object_class->get_property = soup_auth_domain_get_property;
/**
* SOUP_AUTH_DOMAIN_REALM:
*
* Alias for the #SoupAuthDomain:realm property. (The realm of
* this auth domain.)
**/
g_object_class_install_property (
object_class, PROP_REALM,
g_param_spec_string (SOUP_AUTH_DOMAIN_REALM,
"Realm",
"The realm of this auth domain",
NULL,
G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
/**
* SOUP_AUTH_DOMAIN_PROXY:
*
* Alias for the #SoupAuthDomain:proxy property. (Whether or
* not this is a proxy auth domain.)
**/
g_object_class_install_property (
object_class, PROP_PROXY,
g_param_spec_boolean (SOUP_AUTH_DOMAIN_PROXY,
"Proxy",
"Whether or not this is a proxy auth domain",
FALSE,
G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
/**
* SOUP_AUTH_DOMAIN_ADD_PATH:
*
* Alias for the #SoupAuthDomain:add-path property. (Shortcut
* for calling soup_auth_domain_add_path().)
**/
g_object_class_install_property (
object_class, PROP_ADD_PATH,
g_param_spec_string (SOUP_AUTH_DOMAIN_ADD_PATH,
"Add a path",
"Add a path covered by this auth domain",
NULL,
G_PARAM_WRITABLE));
/**
* SOUP_AUTH_DOMAIN_REMOVE_PATH:
*
* Alias for the #SoupAuthDomain:remove-path property.
* (Shortcut for calling soup_auth_domain_remove_path().)
**/
g_object_class_install_property (
object_class, PROP_REMOVE_PATH,
g_param_spec_string (SOUP_AUTH_DOMAIN_REMOVE_PATH,
"Remove a path",
"Remove a path covered by this auth domain",
NULL,
G_PARAM_WRITABLE));
/**
* SOUP_AUTH_DOMAIN_FILTER:
*
* Alias for the #SoupAuthDomain:filter property. (The
* #SoupAuthDomainFilter for the domain.)
**/
g_object_class_install_property (
object_class, PROP_FILTER,
g_param_spec_pointer (SOUP_AUTH_DOMAIN_FILTER,
"Filter",
"A filter for deciding whether or not to require authentication",
G_PARAM_READWRITE));
/**
* SOUP_AUTH_DOMAIN_FILTER_DATA:
*
* Alias for the #SoupAuthDomain:filter-data property. (Data
* to pass to the #SoupAuthDomainFilter.)
**/
g_object_class_install_property (
object_class, PROP_FILTER_DATA,
g_param_spec_pointer (SOUP_AUTH_DOMAIN_FILTER_DATA,
"Filter data",
"Data to pass to filter",
G_PARAM_READWRITE));
/**
* SOUP_AUTH_DOMAIN_GENERIC_AUTH_CALLBACK:
*
* Alias for the #SoupAuthDomain:generic-auth-callback property.
* (The #SoupAuthDomainGenericAuthCallback.)
**/
g_object_class_install_property (
object_class, PROP_GENERIC_AUTH_CALLBACK,
g_param_spec_pointer (SOUP_AUTH_DOMAIN_GENERIC_AUTH_CALLBACK,
"Generic authentication callback",
"An authentication callback that can be used with any SoupAuthDomain subclass",
G_PARAM_READWRITE));
/**
* SOUP_AUTH_DOMAIN_GENERIC_AUTH_DATA:
*
* Alias for the #SoupAuthDomain:generic-auth-data property.
* (The data to pass to the #SoupAuthDomainGenericAuthCallback.)
**/
g_object_class_install_property (
object_class, PROP_GENERIC_AUTH_DATA,
g_param_spec_pointer (SOUP_AUTH_DOMAIN_GENERIC_AUTH_DATA,
"Authentication callback data",
"Data to pass to auth callback",
G_PARAM_READWRITE));
}
/**
* soup_auth_domain_add_path:
* @domain: a #SoupAuthDomain
* @path: the path to add to @domain
*
* Adds @path to @domain, such that requests under @path on @domain's
* server will require authentication (unless overridden by
* soup_auth_domain_remove_path() or soup_auth_domain_set_filter()).
*
* You can also add paths by setting the %SOUP_AUTH_DOMAIN_ADD_PATH
* property, which can also be used to add one or more paths at
* construct time.
**/
void
soup_auth_domain_add_path (SoupAuthDomain *domain, const char *path)
{
SoupAuthDomainPrivate *priv = soup_auth_domain_get_instance_private (domain);
/* "" should not match "*" */
if (!*path)
path = "/";
soup_path_map_add (priv->paths, path, GINT_TO_POINTER (TRUE));
}
/**
* soup_auth_domain_remove_path:
* @domain: a #SoupAuthDomain
* @path: the path to remove from @domain
*
* Removes @path from @domain, such that requests under @path on
* @domain's server will NOT require authentication.
*
* This is not simply an undo-er for soup_auth_domain_add_path(); it
* can be used to "carve out" a subtree that does not require
* authentication inside a hierarchy that does. Note also that unlike
* with soup_auth_domain_add_path(), this cannot be overridden by
* adding a filter, as filters can only bypass authentication that
* would otherwise be required, not require it where it would
* otherwise be unnecessary.
*
* You can also remove paths by setting the
* %SOUP_AUTH_DOMAIN_REMOVE_PATH property, which can also be used to
* remove one or more paths at construct time.
**/
void
soup_auth_domain_remove_path (SoupAuthDomain *domain, const char *path)
{
SoupAuthDomainPrivate *priv = soup_auth_domain_get_instance_private (domain);
/* "" should not match "*" */
if (!*path)
path = "/";
soup_path_map_add (priv->paths, path, GINT_TO_POINTER (FALSE));
}
/**
* SoupAuthDomainFilter:
* @domain: a #SoupAuthDomain
* @msg: a #SoupMessage
* @user_data: the data passed to soup_auth_domain_set_filter()
*
* The prototype for a #SoupAuthDomain filter; see
* soup_auth_domain_set_filter() for details.
*
* Return value: %TRUE if @msg requires authentication, %FALSE if not.
**/
/**
* soup_auth_domain_set_filter:
* @domain: a #SoupAuthDomain
* @filter: the auth filter for @domain
* @filter_data: data to pass to @filter
* @dnotify: destroy notifier to free @filter_data when @domain
* is destroyed
*
* Adds @filter as an authentication filter to @domain. The filter
* gets a chance to bypass authentication for certain requests that
* would otherwise require it. Eg, it might check the message's path
* in some way that is too complicated to do via the other methods, or
* it might check the message's method, and allow GETs but not PUTs.
*
* The filter function returns %TRUE if the request should still
* require authentication, or %FALSE if authentication is unnecessary
* for this request.
*
* To help prevent security holes, your filter should return %TRUE by
* default, and only return %FALSE under specifically-tested
* circumstances, rather than the other way around. Eg, in the example
* above, where you want to authenticate PUTs but not GETs, you should
* check if the method is GET and return %FALSE in that case, and then
* return %TRUE for all other methods (rather than returning %TRUE for
* PUT and %FALSE for all other methods). This way if it turned out
* (now or later) that some paths supported additional methods besides
* GET and PUT, those methods would default to being NOT allowed for
* unauthenticated users.
*
* You can also set the filter by setting the %SOUP_AUTH_DOMAIN_FILTER
* and %SOUP_AUTH_DOMAIN_FILTER_DATA properties, which can also be
* used to set the filter at construct time.
**/
void
soup_auth_domain_set_filter (SoupAuthDomain *domain,
SoupAuthDomainFilter filter,
gpointer filter_data,
GDestroyNotify dnotify)
{
SoupAuthDomainPrivate *priv = soup_auth_domain_get_instance_private (domain);
if (priv->filter_dnotify)
priv->filter_dnotify (priv->filter_data);
priv->filter = filter;
priv->filter_data = filter_data;
priv->filter_dnotify = dnotify;
g_object_notify (G_OBJECT (domain), SOUP_AUTH_DOMAIN_FILTER);
g_object_notify (G_OBJECT (domain), SOUP_AUTH_DOMAIN_FILTER_DATA);
}
/**
* soup_auth_domain_get_realm:
* @domain: a #SoupAuthDomain
*
* Gets the realm name associated with @domain
*
* Return value: @domain's realm
**/
const char *
soup_auth_domain_get_realm (SoupAuthDomain *domain)
{
SoupAuthDomainPrivate *priv = soup_auth_domain_get_instance_private (domain);
return priv->realm;
}
/**
* SoupAuthDomainGenericAuthCallback:
* @domain: a #SoupAuthDomain
* @msg: the #SoupMessage being authenticated
* @username: the username from @msg
* @user_data: the data passed to
* soup_auth_domain_set_generic_auth_callback()
*
* The prototype for a #SoupAuthDomain generic authentication callback.
*
* The callback should look up the user's password, call
* soup_auth_domain_check_password(), and use the return value from
* that method as its own return value.
*
* In general, for security reasons, it is preferable to use the
* auth-domain-specific auth callbacks (eg,
* #SoupAuthDomainBasicAuthCallback and
* #SoupAuthDomainDigestAuthCallback), because they don't require
* keeping a cleartext password database. Most users will use the same
* password for many different sites, meaning if any site with a
* cleartext password database is compromised, accounts on other
* servers might be compromised as well. For many of the cases where
* #SoupServer is used, this is not really relevant, but it may still
* be worth considering.
*
* Return value: %TRUE if @msg is authenticated, %FALSE if not.
**/
/**
* soup_auth_domain_set_generic_auth_callback:
* @domain: a #SoupAuthDomain
* @auth_callback: the auth callback
* @auth_data: data to pass to @auth_callback
* @dnotify: destroy notifier to free @auth_data when @domain
* is destroyed
*
* Sets @auth_callback as an authentication-handling callback for
* @domain. Whenever a request comes in to @domain which cannot be
* authenticated via a domain-specific auth callback (eg,
* #SoupAuthDomainDigestAuthCallback), the generic auth callback
* will be invoked. See #SoupAuthDomainGenericAuthCallback for information
* on what the callback should do.
**/
void
soup_auth_domain_set_generic_auth_callback (SoupAuthDomain *domain,
SoupAuthDomainGenericAuthCallback auth_callback,
gpointer auth_data,
GDestroyNotify dnotify)
{
SoupAuthDomainPrivate *priv = soup_auth_domain_get_instance_private (domain);
if (priv->auth_dnotify)
priv->auth_dnotify (priv->auth_data);
priv->auth_callback = auth_callback;
priv->auth_data = auth_data;
priv->auth_dnotify = dnotify;
g_object_notify (G_OBJECT (domain), SOUP_AUTH_DOMAIN_GENERIC_AUTH_CALLBACK);
g_object_notify (G_OBJECT (domain), SOUP_AUTH_DOMAIN_GENERIC_AUTH_DATA);
}
gboolean
soup_auth_domain_try_generic_auth_callback (SoupAuthDomain *domain,
SoupMessage *msg,
const char *username)
{
SoupAuthDomainPrivate *priv = soup_auth_domain_get_instance_private (domain);
if (priv->auth_callback)
return priv->auth_callback (domain, msg, username, priv->auth_data);
else
return FALSE;
}
/**
* soup_auth_domain_check_password:
* @domain: a #SoupAuthDomain
* @msg: a #SoupMessage
* @username: a username
* @password: a password
*
* Checks if @msg authenticates to @domain via @username and
* @password. This would normally be called from a
* #SoupAuthDomainGenericAuthCallback.
*
* Return value: whether or not the message is authenticated
**/
gboolean
soup_auth_domain_check_password (SoupAuthDomain *domain,
SoupMessage *msg,
const char *username,
const char *password)
{
return SOUP_AUTH_DOMAIN_GET_CLASS (domain)->check_password (domain, msg,
username,
password);
}
/**
* soup_auth_domain_covers:
* @domain: a #SoupAuthDomain
* @msg: a #SoupMessage
*
* Checks if @domain requires @msg to be authenticated (according to
* its paths and filter function). This does not actually look at
* whether @msg <emphasis>is</emphasis> authenticated, merely whether
* or not it needs to be.
*
* This is used by #SoupServer internally and is probably of no use to
* anyone else.
*
* Return value: %TRUE if @domain requires @msg to be authenticated
**/
gboolean
soup_auth_domain_covers (SoupAuthDomain *domain, SoupMessage *msg)
{
SoupAuthDomainPrivate *priv = soup_auth_domain_get_instance_private (domain);
const char *path;
if (!priv->proxy) {
path = soup_message_get_uri (msg)->path;
if (!soup_path_map_lookup (priv->paths, path))
return FALSE;
}
if (priv->filter && !priv->filter (domain, msg, priv->filter_data))
return FALSE;
else
return TRUE;
}
/**
* soup_auth_domain_accepts:
* @domain: a #SoupAuthDomain
* @msg: a #SoupMessage
*
* Checks if @msg contains appropriate authorization for @domain to
* accept it. Mirroring soup_auth_domain_covers(), this does not check
* whether or not @domain <emphasis>cares</emphasis> if @msg is
* authorized.
*
* This is used by #SoupServer internally and is probably of no use to
* anyone else.
*
* Return value: (nullable): the username that @msg has authenticated
* as, if in fact it has authenticated. %NULL otherwise.
**/
char *
soup_auth_domain_accepts (SoupAuthDomain *domain, SoupMessage *msg)
{
SoupAuthDomainPrivate *priv = soup_auth_domain_get_instance_private (domain);
const char *header;
header = soup_message_headers_get_one (msg->request_headers,
priv->proxy ?
"Proxy-Authorization" :
"Authorization");
if (!header)
return NULL;
return SOUP_AUTH_DOMAIN_GET_CLASS (domain)->accepts (domain, msg, header);
}
/**
* soup_auth_domain_challenge:
* @domain: a #SoupAuthDomain
* @msg: a #SoupMessage
*
* Adds a "WWW-Authenticate" or "Proxy-Authenticate" header to @msg,
* requesting that the client authenticate, and sets @msg's status
* accordingly.
*
* This is used by #SoupServer internally and is probably of no use to
* anyone else.
**/
void
soup_auth_domain_challenge (SoupAuthDomain *domain, SoupMessage *msg)
{
SoupAuthDomainPrivate *priv = soup_auth_domain_get_instance_private (domain);
char *challenge;
challenge = SOUP_AUTH_DOMAIN_GET_CLASS (domain)->challenge (domain, msg);
soup_message_set_status (msg, priv->proxy ?
SOUP_STATUS_PROXY_UNAUTHORIZED :
SOUP_STATUS_UNAUTHORIZED);
soup_message_headers_append (msg->response_headers,
priv->proxy ?
"Proxy-Authenticate" :
"WWW-Authenticate",
challenge);
g_free (challenge);
}