From b9dfd01a7919df8faf8aa7f86554360444014e9d Mon Sep 17 00:00:00 2001
From: Jakob Kaivo <jkk@ung.org>
Date: Fri, 26 Jul 2019 18:11:14 -0400
Subject: let httpd do the authentication

---
 Makefile |  2 +-
 auth.c   | 56 --------------------------------------------------------
 blog.c   | 14 +++++++++-----
 blog.h   |  6 ------
 4 files changed, 10 insertions(+), 68 deletions(-)
 delete mode 100644 auth.c

diff --git a/Makefile b/Makefile
index ed2bc04..13e4de8 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,7 @@
 .POSIX:
 
 CFLAGS=-static
-OBJECTS=blog.o post.o auth.o index.o
+OBJECTS=blog.o post.o index.o
 
 all: blog
 
diff --git a/auth.c b/auth.c
deleted file mode 100644
index 7c20f9d..0000000
--- a/auth.c
+++ /dev/null
@@ -1,56 +0,0 @@
-#define _XOPEN_SOURCE 700
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include "blog.h"
-
-int authenticate(const char *username, const char *password)
-{
-	int authenticated = 0;
-
-	char *pwline = NULL;
-	FILE *pwfile = fopen(PASSWORD_FILE, "r");
-
-	if (!pwfile) {
-		goto end;
-	}
-
-	size_t ulen = strlen(username);
-
-	while (pwline == NULL) {
-		char *line = NULL;
-		size_t n = 0;
-
-		if (getline(&line, &n, pwfile) == -1) {
-			goto end;
-		}
-
-		if (strncmp(username, line, ulen) == 0 && line[ulen] == ':') {
-			pwline = line;
-			break;
-		}
-
-		free(line);
-	}
-
-	if (pwline == NULL) {
-		goto end;
-	}
-
-	char *stored_password = pwline + ulen + 1;
-	char *match = crypt(password, stored_password);
-	if (!strncmp(match, stored_password, strlen(match))) {
-		authenticated = 1;
-	}
-
-end:
-	if (pwline) {
-		free(pwline);
-	}
-
-	if (pwfile) {
-		fclose(pwfile);
-	}
-	return authenticated;
-}
diff --git a/blog.c b/blog.c
index 9772361..3c69802 100644
--- a/blog.c
+++ b/blog.c
@@ -51,15 +51,16 @@ char *user_email(const char *user)
 
 int handle_post(void)
 {
-	read_post_data();
-	char *user = find_post_data("username");
-	if (!authenticate(user, find_post_data("password"))) {
+	char *user = getenv("REMOTE_USER");
+	if (!user) {
 		printf("Status 403 Forbidden\r\n");
 		printf("Content-Type: text/plain\r\n\r\n");
 		puts("Incorrect username or password. Go back and try again.");
 		return 0;
 	}
 
+	read_post_data();
+
 	chdir("/");
 	int blogdir = open(user, O_DIRECTORY);
 	if (blogdir == -1) {
@@ -132,6 +133,7 @@ int handle_post(void)
 
 int main(void)
 {
+	char *user = getenv("REMOTE_USER");
 	char *method = getenv("REQUEST_METHOD");
 	if (!strcmp(method, "POST")) {
 		return handle_post();
@@ -142,9 +144,11 @@ int main(void)
 
 	printf(HTML_HEAD, "new blog entry");
 
+	if (user) {
+		printf("<p>Posting as %s</p>\n", user);
+	}
+
 	printf("<form method=\"POST\" action=\"%s\">\n", getenv("DOCUMENT_URI"));
-	puts("<input type=\"text\" name=\"username\" placeholder=\"username\" size=\"80\"><br>");
-	puts("<input type=\"password\" name=\"password\" placeholder=\"password\" size=\"80\"><br>");
 	puts("<input type=\"text\" name=\"title\" placeholder=\"title\" size=\"80\"><br>");
 	puts("<textarea name=\"body\" cols=\"80\" rows=\"24\"><p></p></textarea><br>");
 	puts("<input type=\"submit\">");
diff --git a/blog.h b/blog.h
index 85bf490..1aad4e7 100644
--- a/blog.h
+++ b/blog.h
@@ -1,8 +1,6 @@
 #ifndef BLOG_H
 #define BLOG_H
 
-#define PASSWORD_FILE	"/blog/password"
-
 #define DOCTYPE "<!DOCTYPE html>\n"
 #define HTML    "<html lang=\"en\">\n"
 #define META    "<meta charset=\"utf-8\">\n"
@@ -23,12 +21,8 @@ char *find_post_data(char *key);
 char *user_name(const char *user);
 char *user_email(const char *user);
 
-int authenticate(const char *username, const char *password);
-
 int handle_post(void);
 
-int show_entry(const char *path);
-
 void add_to_index(const char *user, const char *path, const char *title);
 
 int current_year(void);
-- 
cgit v1.2.1