shithub: riscv

ref: 145624eec22577ec6a61cb3c469da48061d6f447
dir: /sys/src/libauth/httpauth.c/

View raw version
#include <u.h>
#include <libc.h>
#include <auth.h>
#include <authsrv.h>

/* deprecated.
	This is the mechanism that put entries in /sys/lib/httpd.rewrite
	and passwords on the authserver in /sys/lib/httppasswords, which
	was awkward to administer.  Instead, use local .httplogin files,
	which are implemented in sys/src/cmd/ip/httpd/authorize.c */

int
httpauth(char *name, char *password)
{
	int afd;
	Ticketreq tr;
	Ticket	t;
	char key[DESKEYLEN];
	char buf[512];

	afd = authdial(nil, nil);
	if(afd < 0)
		return -1;

	/* send ticket request to AS */
	memset(&tr, 0, sizeof(tr));
	strcpy(tr.uid, name);
	tr.type = AuthHttp;
	convTR2M(&tr, buf);
	if(write(afd, buf, TICKREQLEN) != TICKREQLEN){
		close(afd);
		return -1;
	}
	if(_asrdresp(afd, buf, TICKETLEN) < 0){
		close(afd);
		return -1;
	}
	close(afd);

	/*
	 *  use password and try to decrypt the
	 *  ticket.  If it doesn't work we've got a bad password,
	 *  give up.
	 */
	passtokey(key, password);
	convM2T(buf, &t, key);
	if(t.num != AuthHr || strcmp(t.cuid, tr.uid))
		return -1;

	return 0;
}