ref: 74e47cdeb4f9b8d81766c24391bac05f87922115
dir: /libauth/httpauth.c/
#include <u.h> #include <libc.h> #include <auth.h> #include <authsrv.h> /* deprecated. This is the mechanism that put entries in /sys/lib/httpd.rewrite and passwords on the authserver in /sys/lib/httppasswords, which was awkward to administer. Instead, use local .httplogin files, which are implemented in sys/src/cmd/ip/httpd/authorize.c */ int httpauth(char *name, char *password) { int afd; Ticketreq tr; Ticket t; char key[DESKEYLEN]; char buf[512]; afd = authdial(nil, nil); if(afd < 0) return -1; /* send ticket request to AS */ memset(&tr, 0, sizeof(tr)); strcpy(tr.uid, name); tr.type = AuthHttp; convTR2M(&tr, buf); if(write(afd, buf, TICKREQLEN) != TICKREQLEN){ close(afd); return -1; } if(_asrdresp(afd, buf, TICKETLEN) < 0){ close(afd); return -1; } close(afd); /* * use password and try to decrypt the * ticket. If it doesn't work we've got a bad password, * give up. */ passtokey(key, password); convM2T(buf, &t, key); if(t.num != AuthHr || strcmp(t.cuid, tr.uid)) return -1; return 0; }