/***	COMMON PARTS OF ACCESS AUTHORIZATION MODULE**	FOR BOTH SERVER AND BROWSER****	(c) COPYRIGHT MIT 1995.**	Please first read the full copyright statement in the file COPYRIGH.**	@(#) $Id: HTAAUtil.c,v 2.35 1999/02/22 22:10:10 frystyk Exp $****	The authentication information is stored in a list of authentication**	data bases, each uniquely identified by a hostname and a port number.**	Each data base contains a set of templates which can be used to predict**	what information to use in a hierarchical tree. All authentication**	dependent information is stored as opaque data in a anode. Normally**	a server application would only keep one auth base but if it wants**	different protection setup as a function of different interfaces then**	it can have one auth base representing each interface. For example a**	server with interfaces "www.foo.com" and "internal.foo.com" can have**	different protection setups for each interface.**** AUTHORS:**	AL	Ari Luotonen	luotonen@dxcern.cern.ch**	MD 	Mark Donszelmann    duns@vxdeop.cern.ch**	HFN	Henrik Frystyk**      JK      Jose Kahan 	jose@w3.org**      ** HISTORY:**	 8 Nov 93  MD	(VMS only) Added case insensitive comparison**			in HTAA_templateCaseMatch**      26 Jan 98  JK   Augmented the HTAA module interface with a function**                      for processing the auth-info headers (update)*//* Library include files */#include "wwwsys.h"#include "WWWUtil.h"#include "WWWCore.h"#include "HTAAUtil.h"					 /* Implemented here */#define AA_TREE			"w3c-AA"	      /* Name of the AA tree */#define AA_PROXY_TREE		"w3c-proxy-AA"  /* Name of the proxy AA tree */#define DEFAULT_PORT            80                    /* Concentrate on HTTP */struct _HTAAModule {    char *		scheme;    HTNetBefore *	before;    HTNetAfter *	after;    HTNetAfter *	update;    HTUTree_gc *	gc;};typedef struct _HTAAElement {    char *		scheme;    void * 		context;} HTAAElement;PRIVATE HTList * HTSchemes;	/* List of registered authentication schemes *//* ------------------------------------------------------------------------- *//*			 AUTHENTICATION MODULE MANAGEMENT		     *//* ------------------------------------------------------------------------- */PRIVATE BOOL delete_module (HTAAModule * module){    if (module) {	HT_FREE(module->scheme);	HT_FREE(module);	return YES;    }    return NO;}PRIVATE HTAAModule * find_module (const char * scheme){    if (!HTSchemes) HTSchemes = HTList_new();    if (scheme) {	HTList * cur = HTSchemes;	HTAAModule * pres = NULL;	while ((pres = (HTAAModule *) HTList_nextObject(cur)))	    if (!strcasecomp(pres->scheme, scheme)) return pres;    } else	HTTRACE(AUTH_TRACE, "Auth Engine. Bad argument\n");    return NULL;}PUBLIC HTAAModule * HTAA_newModule (const char *	scheme,				    HTNetBefore *	before,				    HTNetAfter *	after,				    HTNetAfter *	update,				    HTUTree_gc *	gc){    if (scheme) {	HTAAModule * pres = find_module(scheme);	/* If found then update entry - else create a new one */	if (!pres) {	    if (!(pres = (HTAAModule *) HT_CALLOC(1, sizeof(HTAAModule))))		HT_OUTOFMEM("HTAA_newModule");	    StrAllocCopy(pres->scheme, scheme);	    pres->before = before;	    pres->after = after;	    pres->update = update;	    pres->gc = gc;	    /* Add the new AA Module to the list */	    HTList_addObject(HTSchemes, (void *) pres);	    HTTRACE(AUTH_TRACE, "Auth Engine. Created module %p\n" _ pres);	} else {	    HTTRACE(AUTH_TRACE, "Auth Engine. Found module %p\n" _ pres);	}	return pres;    } else {	HTTRACE(AUTH_TRACE, "Auth Engine. Bad argument\n");	return NULL;    }}PUBLIC HTAAModule * HTAA_findModule (const char * scheme){    if (scheme) {	HTAAModule * pres = find_module(scheme);	HTTRACE(AUTH_TRACE, "Auth Engine. did %sfind %s\n" _ pres ? "" : "NOT " _ scheme);	return pres;    } else {	HTTRACE(AUTH_TRACE, "Auth Engine. Bad augument\n");    }    return NULL;}PUBLIC BOOL HTAA_deleteModule (const char * scheme){    if (scheme) {	HTAAModule * pres = find_module(scheme);	if (pres) {	    HTList_removeObject(HTSchemes, pres);	    HTTRACE(AUTH_TRACE, "Auth Engine. deleted %p\n" _ pres);	    delete_module(pres);	    return YES;	}    }    return NO;}PUBLIC BOOL HTAA_deleteAllModules (void){    if (HTSchemes) {	HTList * cur = HTSchemes;	HTAAModule * pres;	while ((pres = (HTAAModule *) HTList_nextObject(cur)))	    delete_module(pres);	HTList_delete(HTSchemes);	HTSchemes = NULL;	return YES;    }    return NO;}/* ------------------------------------------------------------------------- *//*			    HANDLE THE AA URL TREE			     *//* ------------------------------------------------------------------------- *//***	A AA element is a particular AA procotol associated with a**	particular point in the URL tree. The scheme is the name of the**	AA protocol known to be able to handle this context. This protocol**	must have been registered as a AA module.*/PRIVATE HTAAElement * HTAA_newElement (const char * scheme, void * context){    if (scheme) {	HTAAElement * me;	if ((me = (HTAAElement *) HT_CALLOC(1, sizeof(HTAAElement))) == NULL)	    HT_OUTOFMEM("HTAAElement_new");	StrAllocCopy(me->scheme, scheme);	me->context = context;	HTTRACE(AUTH_TRACE, "Auth Engine. Created element %p\n" _ me);	return me;    }    return NULL;}/***	If the new context differs from the existing one then use the**	new one, otherwise only override the old context if new**	one differs from NULL*/PRIVATE BOOL HTAA_updateElement (HTAAElement * element,				 const char * scheme, void * context){    if (element && scheme) {	/*	** If the old context differs from the new one then 	** call the gc provided by the caller	*/	if (context && context != element->context) {	    HTAAModule * module = HTAA_findModule(element->scheme);	    if (module && module->gc && element->context)		(*module->gc)(element->context);	    /*	    **  Insert the new scheme	    */	    StrAllocCopy(element->scheme, scheme);	    element->context = context;	}	return YES;    }    return NO;}PRIVATE int HTAA_deleteElement (void * context){    HTAAElement * me = (HTAAElement *) context;    if (me) {	HTAAModule * module = HTAA_findModule(me->scheme);	/* If module then call the gc of the Authentication Module */	if (module && module->gc && me->context)	    (*module->gc)(me->context);	HTTRACE(AUTH_TRACE, "Auth Engine. Deleted element %p\n" _ me);	HT_FREE(me->scheme);	HT_FREE(me);	return YES;    }    return NO;}/***	Find AA Element**	---------------**	Seaches the set of authentication information bases for a match**	In order to find an anode we do the following:****		1) Find the right auth base**		2) See if there is a realm match**		3) See if there is a template match for URL****	Return the node found else NULL which means that we don't have any**	authentication information to hook on to this request or response*/PRIVATE HTAAElement * HTAA_findElement (BOOL proxy_access,					const char * realm, const char * url){    HTUTree * tree;    if (!url) {	HTTRACE(AUTH_TRACE, "Auth Engine. Bad argument\n");	return NULL;    }    HTTRACE(AUTH_TRACE, "Auth Engine. Looking up `%s'\n" _ url);    /* Find an existing URL Tree for this URL (if any) */    {	char * host = HTParse(url, "", PARSE_HOST);	char * colon = strchr(host, ':');	int port = DEFAULT_PORT;	if (colon ) {