+/*****************************************************************************
+ * "RFC 2617: Basic and Digest Access Authentication" header parsing
+ *****************************************************************************/
+static char *AuthGetParam( const char *psz_header, const char *psz_param )
+{
+ char psz_what[strlen(psz_param)+3];
+ sprintf( psz_what, "%s=\"", psz_param );
+ psz_header = strstr( psz_header, psz_what );
+ if( psz_header )
+ {
+ const char *psz_end;
+ psz_header += strlen( psz_what );
+ psz_end = strchr( psz_header, '"' );
+ if( !psz_end ) /* Invalid since we should have a closing quote */
+ return strdup( psz_header );
+ return strndup( psz_header, psz_end - psz_header );
+ }
+ else
+ {
+ return NULL;
+ }
+}
+
+static char *AuthGetParamNoQuotes( const char *psz_header, const char *psz_param )
+{
+ char psz_what[strlen(psz_param)+2];
+ sprintf( psz_what, "%s=", psz_param );
+ psz_header = strstr( psz_header, psz_what );
+ if( psz_header )
+ {
+ const char *psz_end;
+ psz_header += strlen( psz_what );
+ psz_end = strchr( psz_header, ',' );
+ /* XXX: Do we need to filter out trailing space between the value and
+ * the comma/end of line? */
+ if( !psz_end ) /* Can be valid if this is the last parameter */
+ return strdup( psz_header );
+ return strndup( psz_header, psz_end - psz_header );
+ }
+ else
+ {
+ return NULL;
+ }
+}
+
+static void AuthParseHeader( access_t *p_access, const char *psz_header,
+ http_auth_t *p_auth )
+{
+ /* FIXME: multiple auth methods can be listed (comma seperated) */
+
+ /* 2 Basic Authentication Scheme */
+ if( !strncasecmp( psz_header, "Basic ", strlen( "Basic " ) ) )
+ {
+ msg_Dbg( p_access, "Using Basic Authentication" );
+ psz_header += strlen( "Basic " );
+ p_auth->psz_realm = AuthGetParam( psz_header, "realm" );
+ if( !p_auth->psz_realm )
+ msg_Warn( p_access, "Basic Authentication: "
+ "Mandatory 'realm' parameter is missing" );
+ }
+ /* 3 Digest Access Authentication Scheme */
+ else if( !strncasecmp( psz_header, "Digest ", strlen( "Digest " ) ) )
+ {
+ msg_Dbg( p_access, "Using Digest Access Authentication" );
+ if( p_auth->psz_nonce ) return; /* FIXME */
+ psz_header += strlen( "Digest " );
+ p_auth->psz_realm = AuthGetParam( psz_header, "realm" );
+ p_auth->psz_domain = AuthGetParam( psz_header, "domain" );
+ p_auth->psz_nonce = AuthGetParam( psz_header, "nonce" );
+ p_auth->psz_opaque = AuthGetParam( psz_header, "opaque" );
+ p_auth->psz_stale = AuthGetParamNoQuotes( psz_header, "stale" );
+ p_auth->psz_algorithm = AuthGetParamNoQuotes( psz_header, "algorithm" );
+ p_auth->psz_qop = AuthGetParam( psz_header, "qop" );
+ p_auth->i_nonce = 0;
+ /* printf("realm: |%s|\ndomain: |%s|\nnonce: |%s|\nopaque: |%s|\n"
+ "stale: |%s|\nalgorithm: |%s|\nqop: |%s|\n",
+ p_auth->psz_realm,p_auth->psz_domain,p_auth->psz_nonce,
+ p_auth->psz_opaque,p_auth->psz_stale,p_auth->psz_algorithm,
+ p_auth->psz_qop); */
+ if( !p_auth->psz_realm )
+ msg_Warn( p_access, "Digest Access Authentication: "
+ "Mandatory 'realm' parameter is missing" );
+ if( !p_auth->psz_nonce )
+ msg_Warn( p_access, "Digest Access Authentication: "
+ "Mandatory 'nonce' parameter is missing" );
+ if( p_auth->psz_qop ) /* FIXME: parse the qop list */