271 lines
5.5 KiB
C
271 lines
5.5 KiB
C
/* Feel free to use this example code in any way
|
|
you see fit (Public Domain) */
|
|
|
|
#include <sys/types.h>
|
|
#ifndef _WIN32
|
|
#include <sys/select.h>
|
|
#include <sys/socket.h>
|
|
#else
|
|
#include <winsock2.h>
|
|
#endif
|
|
#include <microhttpd.h>
|
|
#include <string.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
|
|
#define PORT 8888
|
|
|
|
#define REALM "\"Maintenance\""
|
|
#define USER "a legitimate user"
|
|
#define PASSWORD "and his password"
|
|
|
|
#define SERVERKEYFILE "server.key"
|
|
#define SERVERCERTFILE "server.pem"
|
|
|
|
|
|
static char *
|
|
string_to_base64 (const char *message)
|
|
{
|
|
const char *lookup =
|
|
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
|
|
unsigned long l;
|
|
int i;
|
|
char *tmp;
|
|
size_t length = strlen (message);
|
|
|
|
tmp = malloc (length * 2);
|
|
if (NULL == tmp)
|
|
return tmp;
|
|
|
|
tmp[0] = 0;
|
|
|
|
for (i = 0; i < length; i += 3)
|
|
{
|
|
l = (((unsigned long) message[i]) << 16)
|
|
| (((i + 1) < length) ? (((unsigned long) message[i + 1]) << 8) : 0)
|
|
| (((i + 2) < length) ? ((unsigned long) message[i + 2]) : 0);
|
|
|
|
|
|
strncat (tmp, &lookup[(l >> 18) & 0x3F], 1);
|
|
strncat (tmp, &lookup[(l >> 12) & 0x3F], 1);
|
|
|
|
if (i + 1 < length)
|
|
strncat (tmp, &lookup[(l >> 6) & 0x3F], 1);
|
|
if (i + 2 < length)
|
|
strncat (tmp, &lookup[l & 0x3F], 1);
|
|
}
|
|
|
|
if (length % 3)
|
|
strncat (tmp, "===", 3 - length % 3);
|
|
|
|
return tmp;
|
|
}
|
|
|
|
|
|
static long
|
|
get_file_size (const char *filename)
|
|
{
|
|
FILE *fp;
|
|
|
|
fp = fopen (filename, "rb");
|
|
if (fp)
|
|
{
|
|
long size;
|
|
|
|
if ((0 != fseek (fp, 0, SEEK_END)) || (-1 == (size = ftell (fp))))
|
|
size = 0;
|
|
|
|
fclose (fp);
|
|
|
|
return size;
|
|
}
|
|
else
|
|
return 0;
|
|
}
|
|
|
|
static char *
|
|
load_file (const char *filename)
|
|
{
|
|
FILE *fp;
|
|
char *buffer;
|
|
long size;
|
|
|
|
size = get_file_size (filename);
|
|
if (size == 0)
|
|
return NULL;
|
|
|
|
fp = fopen (filename, "rb");
|
|
if (!fp)
|
|
return NULL;
|
|
|
|
buffer = malloc (size);
|
|
if (!buffer)
|
|
{
|
|
fclose (fp);
|
|
return NULL;
|
|
}
|
|
|
|
if (size != fread (buffer, 1, size, fp))
|
|
{
|
|
free (buffer);
|
|
buffer = NULL;
|
|
}
|
|
|
|
fclose (fp);
|
|
return buffer;
|
|
}
|
|
|
|
static int
|
|
ask_for_authentication (struct MHD_Connection *connection, const char *realm)
|
|
{
|
|
int ret;
|
|
struct MHD_Response *response;
|
|
char *headervalue;
|
|
const char *strbase = "Basic realm=";
|
|
|
|
response = MHD_create_response_from_buffer (0, NULL,
|
|
MHD_RESPMEM_PERSISTENT);
|
|
if (!response)
|
|
return MHD_NO;
|
|
|
|
headervalue = malloc (strlen (strbase) + strlen (realm) + 1);
|
|
if (!headervalue)
|
|
return MHD_NO;
|
|
|
|
strcpy (headervalue, strbase);
|
|
strcat (headervalue, realm);
|
|
|
|
ret = MHD_add_response_header (response, "WWW-Authenticate", headervalue);
|
|
free (headervalue);
|
|
if (!ret)
|
|
{
|
|
MHD_destroy_response (response);
|
|
return MHD_NO;
|
|
}
|
|
|
|
ret = MHD_queue_response (connection, MHD_HTTP_UNAUTHORIZED, response);
|
|
|
|
MHD_destroy_response (response);
|
|
|
|
return ret;
|
|
}
|
|
|
|
static int
|
|
is_authenticated (struct MHD_Connection *connection,
|
|
const char *username, const char *password)
|
|
{
|
|
const char *headervalue;
|
|
char *expected_b64, *expected;
|
|
const char *strbase = "Basic ";
|
|
int authenticated;
|
|
|
|
headervalue =
|
|
MHD_lookup_connection_value (connection, MHD_HEADER_KIND,
|
|
"Authorization");
|
|
if (NULL == headervalue)
|
|
return 0;
|
|
if (0 != strncmp (headervalue, strbase, strlen (strbase)))
|
|
return 0;
|
|
|
|
expected = malloc (strlen (username) + 1 + strlen (password) + 1);
|
|
if (NULL == expected)
|
|
return 0;
|
|
|
|
strcpy (expected, username);
|
|
strcat (expected, ":");
|
|
strcat (expected, password);
|
|
|
|
expected_b64 = string_to_base64 (expected);
|
|
free (expected);
|
|
if (NULL == expected_b64)
|
|
return 0;
|
|
|
|
authenticated =
|
|
(strcmp (headervalue + strlen (strbase), expected_b64) == 0);
|
|
|
|
free (expected_b64);
|
|
|
|
return authenticated;
|
|
}
|
|
|
|
|
|
static int
|
|
secret_page (struct MHD_Connection *connection)
|
|
{
|
|
int ret;
|
|
struct MHD_Response *response;
|
|
const char *page = "<html><body>A secret.</body></html>";
|
|
|
|
response =
|
|
MHD_create_response_from_buffer (strlen (page), (void *) page,
|
|
MHD_RESPMEM_PERSISTENT);
|
|
if (!response)
|
|
return MHD_NO;
|
|
|
|
ret = MHD_queue_response (connection, MHD_HTTP_OK, response);
|
|
MHD_destroy_response (response);
|
|
|
|
return ret;
|
|
}
|
|
|
|
|
|
static int
|
|
answer_to_connection (void *cls, struct MHD_Connection *connection,
|
|
const char *url, const char *method,
|
|
const char *version, const char *upload_data,
|
|
size_t *upload_data_size, void **con_cls)
|
|
{
|
|
if (0 != strcmp (method, "GET"))
|
|
return MHD_NO;
|
|
if (NULL == *con_cls)
|
|
{
|
|
*con_cls = connection;
|
|
return MHD_YES;
|
|
}
|
|
|
|
if (!is_authenticated (connection, USER, PASSWORD))
|
|
return ask_for_authentication (connection, REALM);
|
|
|
|
return secret_page (connection);
|
|
}
|
|
|
|
|
|
int
|
|
main ()
|
|
{
|
|
struct MHD_Daemon *daemon;
|
|
char *key_pem;
|
|
char *cert_pem;
|
|
|
|
key_pem = load_file (SERVERKEYFILE);
|
|
cert_pem = load_file (SERVERCERTFILE);
|
|
|
|
if ((key_pem == NULL) || (cert_pem == NULL))
|
|
{
|
|
printf ("The key/certificate files could not be read.\n");
|
|
return 1;
|
|
}
|
|
|
|
daemon =
|
|
MHD_start_daemon (MHD_USE_SELECT_INTERNALLY | MHD_USE_SSL, PORT, NULL,
|
|
NULL, &answer_to_connection, NULL,
|
|
MHD_OPTION_HTTPS_MEM_KEY, key_pem,
|
|
MHD_OPTION_HTTPS_MEM_CERT, cert_pem, MHD_OPTION_END);
|
|
if (NULL == daemon)
|
|
{
|
|
printf ("%s\n", cert_pem);
|
|
|
|
free (key_pem);
|
|
free (cert_pem);
|
|
|
|
return 1;
|
|
}
|
|
|
|
(void) getchar ();
|
|
|
|
MHD_stop_daemon (daemon);
|
|
free (key_pem);
|
|
free (cert_pem);
|
|
|
|
return 0;
|
|
}
|