diff options
| author | Jakob Kaivo <jkk@ung.org> | 2019-07-26 18:11:14 -0400 |
|---|---|---|
| committer | Jakob Kaivo <jkk@ung.org> | 2019-07-26 18:11:14 -0400 |
| commit | b9dfd01a7919df8faf8aa7f86554360444014e9d (patch) | |
| tree | 1a9549573f335a5ccb39f15b63079ca4792cda93 | |
| parent | 9ceef9cf5043916754178370d8caf46a8fc79954 (diff) | |
let httpd do the authentication
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | auth.c | 56 | ||||
| -rw-r--r-- | blog.c | 14 | ||||
| -rw-r--r-- | blog.h | 6 |
4 files changed, 10 insertions, 68 deletions
@@ -1,7 +1,7 @@ .POSIX: CFLAGS=-static -OBJECTS=blog.o post.o auth.o index.o +OBJECTS=blog.o post.o index.o all: blog @@ -1,56 +0,0 @@ -#define _XOPEN_SOURCE 700 -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> -#include "blog.h" - -int authenticate(const char *username, const char *password) -{ - int authenticated = 0; - - char *pwline = NULL; - FILE *pwfile = fopen(PASSWORD_FILE, "r"); - - if (!pwfile) { - goto end; - } - - size_t ulen = strlen(username); - - while (pwline == NULL) { - char *line = NULL; - size_t n = 0; - - if (getline(&line, &n, pwfile) == -1) { - goto end; - } - - if (strncmp(username, line, ulen) == 0 && line[ulen] == ':') { - pwline = line; - break; - } - - free(line); - } - - if (pwline == NULL) { - goto end; - } - - char *stored_password = pwline + ulen + 1; - char *match = crypt(password, stored_password); - if (!strncmp(match, stored_password, strlen(match))) { - authenticated = 1; - } - -end: - if (pwline) { - free(pwline); - } - - if (pwfile) { - fclose(pwfile); - } - return authenticated; -} @@ -51,15 +51,16 @@ char *user_email(const char *user) int handle_post(void) { - read_post_data(); - char *user = find_post_data("username"); - if (!authenticate(user, find_post_data("password"))) { + char *user = getenv("REMOTE_USER"); + if (!user) { printf("Status 403 Forbidden\r\n"); printf("Content-Type: text/plain\r\n\r\n"); puts("Incorrect username or password. Go back and try again."); return 0; } + read_post_data(); + chdir("/"); int blogdir = open(user, O_DIRECTORY); if (blogdir == -1) { @@ -132,6 +133,7 @@ int handle_post(void) int main(void) { + char *user = getenv("REMOTE_USER"); char *method = getenv("REQUEST_METHOD"); if (!strcmp(method, "POST")) { return handle_post(); @@ -142,9 +144,11 @@ int main(void) printf(HTML_HEAD, "new blog entry"); + if (user) { + printf("<p>Posting as %s</p>\n", user); + } + printf("<form method=\"POST\" action=\"%s\">\n", getenv("DOCUMENT_URI")); - puts("<input type=\"text\" name=\"username\" placeholder=\"username\" size=\"80\"><br>"); - puts("<input type=\"password\" name=\"password\" placeholder=\"password\" size=\"80\"><br>"); puts("<input type=\"text\" name=\"title\" placeholder=\"title\" size=\"80\"><br>"); puts("<textarea name=\"body\" cols=\"80\" rows=\"24\"><p></p></textarea><br>"); puts("<input type=\"submit\">"); @@ -1,8 +1,6 @@ #ifndef BLOG_H #define BLOG_H -#define PASSWORD_FILE "/blog/password" - #define DOCTYPE "<!DOCTYPE html>\n" #define HTML "<html lang=\"en\">\n" #define META "<meta charset=\"utf-8\">\n" @@ -23,12 +21,8 @@ char *find_post_data(char *key); char *user_name(const char *user); char *user_email(const char *user); -int authenticate(const char *username, const char *password); - int handle_post(void); -int show_entry(const char *path); - void add_to_index(const char *user, const char *path, const char *title); int current_year(void); |