diff options
author | Antoni Sawicki <tenox@google.com> | 2018-12-02 23:56:00 -0800 |
---|---|---|
committer | Antoni Sawicki <tenox@google.com> | 2018-12-02 23:56:00 -0800 |
commit | 8ccfbbb36d34a4abb9ac2bcd1b718cc56f0f71e7 (patch) | |
tree | ce9e18ad84a956c0d119d72624ab5558442d4ee2 | |
parent | 5742b81f67db190340f695a5f1a17da96b7c13c2 (diff) | |
download | wfm-8ccfbbb36d34a4abb9ac2bcd1b718cc56f0f71e7.tar.gz |
hack to logoff htauth session
-rw-r--r-- | dialogs.c | 3 | ||||
-rw-r--r-- | dir.c | 7 | ||||
-rw-r--r-- | wfm.c | 19 | ||||
-rw-r--r-- | wfm.h | 3 |
4 files changed, 28 insertions, 4 deletions
@@ -278,6 +278,7 @@ void about(void) { #endif "User Agent: %s<BR>\n" "JavaScript Level: %d<BR>\n" + "Auth: %d<BR>\n" "Change Control: %s (%s)<BR>\n" " <P>\n" " <P>\n" @@ -297,7 +298,7 @@ void about(void) { "</TD></TR></TABLE>\n</BODY></HTML>\n", rt.iconsurl, cfg.tagline, VERSION, __DATE__, __TIME__, __VERSION__, cgiServerSoftware, ut.sysname, ut.nodename, ut.release, ut.version, ut.machine, - NAME_MAX, PATH_MAX, cgiUserAgent, rt.js, + NAME_MAX, PATH_MAX, cgiUserAgent, rt.js, rt.auth_method, #ifdef WFMGIT "Git" #else @@ -203,6 +203,13 @@ void dirlist(void) { "<A HREF=\"%s?action=login&directory=%s\">" " <IMG SRC=\"%s%s.gif\" ALIGN=\"MIDDLE\" BORDER=\"0\" ALT=\"Access\"></A> %s\n", cgiScriptName, wp.virt_dirname_urlencoded, rt.iconsurl, access_string[rt.access_level], access_string[rt.access_level]); + else if(rt.auth_method==3) + fprintf(cgiOut, + "<A HREF=\"%s?ea=logoff\">" + "<IMG SRC=\"%s%s.gif\" BORDER=\"0\" ALIGN=\"MIDDLE\" ALT=\"Access\">" + "</A> %s <IMG SRC=\"%suser.gif\" ALIGN=\"MIDDLE\" ALT=\"User\"> %s \n", + cgiScriptName, rt.iconsurl, access_string[rt.access_level], access_string[rt.access_level], rt.iconsurl, rt.loggedinuser); + else fprintf(cgiOut, "<A HREF=\"%s?directory=%s\"><IMG SRC=\"%s%s.gif\" BORDER=\"0\" ALIGN=\"MIDDLE\" ALT=\"Access\">" @@ -140,8 +140,9 @@ void access_check(char *access_string) { rt.access_level=PERM_RO; else if(strcmp(type, "rw")==0) rt.access_level=PERM_RW; - } - + + rt.auth_method=AUTH_IP; + } } else if(sscanf(access_string, "access-md5pw=%2[^':']:%30[^':']:%63s", type, user, pass)==3) { cfg.users_defined=1; @@ -154,6 +155,7 @@ void access_check(char *access_string) { rt.access_level=PERM_RW; rt.access_as_user=1; + rt.auth_method=AUTH_MD5; strncpy(rt.loggedinuser, user, sizeof(rt.loggedinuser)); } } @@ -167,6 +169,7 @@ void access_check(char *access_string) { rt.access_level=PERM_RW; rt.access_as_user=1; + rt.auth_method=AUTH_HT; strncpy(rt.loggedinuser, getenv("REMOTE_USER"), sizeof(rt.loggedinuser)); } } @@ -478,6 +481,16 @@ void redirect(char *location, ...) { va_end(ap); cgiHeaderLocation(buff); + exit(0); +} + +// +// Log off user from HTAUTH session +// +void logoff() { + cgiHeaderStatus(401, "Unauthorized"); + fprintf(cgiOut, "You have been logged out."); + exit(0); } @@ -564,9 +577,11 @@ int cgiMain(void) { char ea[8]={0}; // early action - simple actions before cfg is read or access check performed (no authentication!) + // note that ea functions must exit() cgiFormStringNoNewlines("ea", ea, sizeof(ea)); if(strcmp(ea, "icon")==0) icon(); // if(strcmp(ea, "upstat")==0) upload_status(); + if(strcmp(ea, "logoff")==0) logoff(); // normal initialization tstart(); @@ -101,6 +101,7 @@ struct runtime_struct { char loggedinuser[64]; int access_level; int access_as_user; + int auth_method; int js; } rt; @@ -110,7 +111,7 @@ struct timeval mt; enum { FALSE, TRUE }; enum { PERM_NO, PERM_RO, PERM_RW }; enum { CHANGE, DELETE, MOVE }; - +enum { AUTH_NONE, AUTH_IP, AUTH_MD5, AUTH_HT }; typedef struct asdir_ { char name[NAME_MAX]; |