Add 'api.restful.authorization' config option

2025-02-20 09:26:37 +00:00 · 2016-10-31 22:47:20 +10:30 · 2016-10-31 22:47:20 +10:30 · 24266b5f3b
commit 24266b5f3b
parent 5b75221c91
3 changed files with 52 additions and 11 deletions
--- a/conf_schema.c
+++ b/conf_schema.c
@ -741,8 +741,6 @@ int cf_cmp_radio_type(const short *a, const short *b)
  return *a < *b ? -1 : *a > *b ? 1 : 0;
 }

-
-
 int cf_cmp_interface_type(const short *a, const short *b)
 {
  return *a < *b ? -1 : *a > *b ? 1 : 0;
@ -1141,3 +1139,39 @@ int cf_cmp_log_level(const int *a, const int *b)
 {
  return cf_cmp_int(a, b);
 }
+
+/* Config type: http_authorization_schema
+ *
+ * @author Andrew Bettison <andrew@servalproject.com>
+ */
+
+int cf_opt_http_authorization_scheme(enum http_authorization_scheme *schemap, const char *text)
+{
+  if (strcasecmp(text, "noauth") == 0) {
+    *schemap = NOAUTH;
+    return CFOK;
+  }
+  if (strcasecmp(text, "basic") == 0) {
+    *schemap = BASIC;
+    return CFOK;
+  }
+  return CFINVALID;
+}
+
+int cf_fmt_http_authorization_scheme(const char **textp, const enum http_authorization_scheme *schemap)
+{
+  const char *t = NULL;
+  switch (*schemap) {
+    case NOAUTH: t = "noauth"; break;
+    case BASIC:	 t = "basic"; break;
+  }
+  if (!t)
+    return CFINVALID;
+  *textp = str_edup(t);
+  return CFOK;
+}
+
+int cf_cmp_http_authorization_scheme(const enum http_authorization_scheme *a, const enum http_authorization_scheme *b)
+{
+  return *a < *b ? -1 : *a > *b ? 1 : 0;
+}
--- a/conf_schema.h
+++ b/conf_schema.h
@ -489,8 +489,9 @@ VALUE_SUB_STRUCT(user)
 END_ARRAY(10)

 STRUCT(api_restful)
-SUB_STRUCT(userlist,        users,)
-ATOM(uint32_t,              newsince_timeout,       60, uint32_time_interval,, "Time to block while reporting new bundles")
+ATOM(enum http_authorization_scheme, authorization, BASIC, http_authorization_scheme,, "The kind of authorization that REST clients must supply")
+SUB_STRUCT(userlist,                 users,)
+ATOM(uint32_t,                       newsince_timeout, 60, uint32_time_interval,, "Time to block while reporting new bundles")
 END_STRUCT

 STRUCT(api)
--- a/httpd.c
+++ b/httpd.c
@ -324,14 +324,20 @@ int is_http_header_complete(const char *buf, size_t len, size_t read_since_last_
 */
 static int is_authorized_restful(const struct http_client_authorization *auth)
 {
-  if (auth->scheme != BASIC)
-    return 0;
-  unsigned i;
-  for (i = 0; i != config.api.restful.users.ac; ++i) {
-    if (   strcmp(config.api.restful.users.av[i].key, auth->credentials.basic.user) == 0
-	&& strcmp(config.api.restful.users.av[i].value.password, auth->credentials.basic.password) == 0
-    )
+  switch (config.api.restful.authorization) {
+    case NOAUTH:
      return 1;
+    case BASIC:
+      if (auth->scheme == BASIC) {
+	unsigned i;
+	for (i = 0; i != config.api.restful.users.ac; ++i) {
+	  if (   strcmp(config.api.restful.users.av[i].key, auth->credentials.basic.user) == 0
+	      && strcmp(config.api.restful.users.av[i].value.password, auth->credentials.basic.password) == 0
+	  )
+	    return 1;
+	}
+      }
+      break;
  }
  return 0;
 }