From 8ccfbbb36d34a4abb9ac2bcd1b718cc56f0f71e7 Mon Sep 17 00:00:00 2001 From: Antoni Sawicki Date: Sun, 2 Dec 2018 23:56:00 -0800 Subject: hack to logoff htauth session --- dialogs.c | 3 ++- dir.c | 7 +++++++ wfm.c | 19 +++++++++++++++++-- wfm.h | 3 ++- 4 files changed, 28 insertions(+), 4 deletions(-) diff --git a/dialogs.c b/dialogs.c index dfae4a4..60d0374 100644 --- a/dialogs.c +++ b/dialogs.c @@ -278,6 +278,7 @@ void about(void) { #endif "User Agent: %s
\n" "JavaScript Level: %d
\n" + "Auth: %d
\n" "Change Control: %s (%s)
\n" " 

\n" " 

\n" @@ -297,7 +298,7 @@ void about(void) { "\n\n", rt.iconsurl, cfg.tagline, VERSION, __DATE__, __TIME__, __VERSION__, cgiServerSoftware, ut.sysname, ut.nodename, ut.release, ut.version, ut.machine, - NAME_MAX, PATH_MAX, cgiUserAgent, rt.js, + NAME_MAX, PATH_MAX, cgiUserAgent, rt.js, rt.auth_method, #ifdef WFMGIT "Git" #else diff --git a/dir.c b/dir.c index fed0ae9..7616fa7 100644 --- a/dir.c +++ b/dir.c @@ -203,6 +203,13 @@ void dirlist(void) { "" " \"Access\" %s\n", cgiScriptName, wp.virt_dirname_urlencoded, rt.iconsurl, access_string[rt.access_level], access_string[rt.access_level]); + else if(rt.auth_method==3) + fprintf(cgiOut, + "" + "\"Access\"" + " %s \"User\" %s \n", + cgiScriptName, rt.iconsurl, access_string[rt.access_level], access_string[rt.access_level], rt.iconsurl, rt.loggedinuser); + else fprintf(cgiOut, "\"Access\"" diff --git a/wfm.c b/wfm.c index 8064797..a2da6d9 100644 --- a/wfm.c +++ b/wfm.c @@ -140,8 +140,9 @@ void access_check(char *access_string) { rt.access_level=PERM_RO; else if(strcmp(type, "rw")==0) rt.access_level=PERM_RW; - } - + + rt.auth_method=AUTH_IP; + } } else if(sscanf(access_string, "access-md5pw=%2[^':']:%30[^':']:%63s", type, user, pass)==3) { cfg.users_defined=1; @@ -154,6 +155,7 @@ void access_check(char *access_string) { rt.access_level=PERM_RW; rt.access_as_user=1; + rt.auth_method=AUTH_MD5; strncpy(rt.loggedinuser, user, sizeof(rt.loggedinuser)); } } @@ -167,6 +169,7 @@ void access_check(char *access_string) { rt.access_level=PERM_RW; rt.access_as_user=1; + rt.auth_method=AUTH_HT; strncpy(rt.loggedinuser, getenv("REMOTE_USER"), sizeof(rt.loggedinuser)); } } @@ -478,6 +481,16 @@ void redirect(char *location, ...) { va_end(ap); cgiHeaderLocation(buff); + exit(0); +} + +// +// Log off user from HTAUTH session +// +void logoff() { + cgiHeaderStatus(401, "Unauthorized"); + fprintf(cgiOut, "You have been logged out."); + exit(0); } @@ -564,9 +577,11 @@ int cgiMain(void) { char ea[8]={0}; // early action - simple actions before cfg is read or access check performed (no authentication!) + // note that ea functions must exit() cgiFormStringNoNewlines("ea", ea, sizeof(ea)); if(strcmp(ea, "icon")==0) icon(); // if(strcmp(ea, "upstat")==0) upload_status(); + if(strcmp(ea, "logoff")==0) logoff(); // normal initialization tstart(); diff --git a/wfm.h b/wfm.h index 8af36d6..5c4f0de 100644 --- a/wfm.h +++ b/wfm.h @@ -101,6 +101,7 @@ struct runtime_struct { char loggedinuser[64]; int access_level; int access_as_user; + int auth_method; int js; } rt; @@ -110,7 +111,7 @@ struct timeval mt; enum { FALSE, TRUE }; enum { PERM_NO, PERM_RO, PERM_RW }; enum { CHANGE, DELETE, MOVE }; - +enum { AUTH_NONE, AUTH_IP, AUTH_MD5, AUTH_HT }; typedef struct asdir_ { char name[NAME_MAX]; -- cgit v1.2.3