1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
3 * soup-auth.c: HTTP Authentication framework
5 * Copyright (C) 2001-2003, Ximian, Inc.
14 #include "soup-auth.h"
16 #include "soup-connection-auth.h"
20 * @short_description: HTTP client-side authentication support
21 * @see_also: #SoupSession
23 * #SoupAuth objects store the authentication data associated with a
24 * given bit of web space. They are created automatically by
31 * The abstract base class for handling authentication. Specific HTTP
32 * Authentication mechanisms are implemented by its subclasses, but
33 * applications never need to be aware of the specific subclasses
42 G_DEFINE_ABSTRACT_TYPE_WITH_PRIVATE (SoupAuth, soup_auth, G_TYPE_OBJECT)
51 PROP_IS_AUTHENTICATED,
57 soup_auth_init (SoupAuth *auth)
62 soup_auth_finalize (GObject *object)
64 SoupAuth *auth = SOUP_AUTH (object);
65 SoupAuthPrivate *priv = soup_auth_get_instance_private (auth);
70 G_OBJECT_CLASS (soup_auth_parent_class)->finalize (object);
74 soup_auth_set_property (GObject *object, guint prop_id,
75 const GValue *value, GParamSpec *pspec)
77 SoupAuth *auth = SOUP_AUTH (object);
78 SoupAuthPrivate *priv = soup_auth_get_instance_private (auth);
83 auth->realm = g_value_dup_string (value);
87 priv->host = g_value_dup_string (value);
89 case PROP_IS_FOR_PROXY:
90 priv->proxy = g_value_get_boolean (value);
93 G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
99 soup_auth_get_property (GObject *object, guint prop_id,
100 GValue *value, GParamSpec *pspec)
102 SoupAuth *auth = SOUP_AUTH (object);
103 SoupAuthPrivate *priv = soup_auth_get_instance_private (auth);
106 case PROP_SCHEME_NAME:
107 g_value_set_string (value, soup_auth_get_scheme_name (auth));
110 g_value_set_string (value, soup_auth_get_realm (auth));
113 g_value_set_string (value, soup_auth_get_host (auth));
115 case PROP_IS_FOR_PROXY:
116 g_value_set_boolean (value, priv->proxy);
118 case PROP_IS_AUTHENTICATED:
119 g_value_set_boolean (value, soup_auth_is_authenticated (auth));
122 G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
128 auth_can_authenticate (SoupAuth *auth)
134 soup_auth_class_init (SoupAuthClass *auth_class)
136 GObjectClass *object_class = G_OBJECT_CLASS (auth_class);
138 auth_class->can_authenticate = auth_can_authenticate;
140 object_class->finalize = soup_auth_finalize;
141 object_class->set_property = soup_auth_set_property;
142 object_class->get_property = soup_auth_get_property;
146 * SOUP_AUTH_SCHEME_NAME:
148 * An alias for the #SoupAuth:scheme-name property. (The
149 * authentication scheme name.)
151 g_object_class_install_property (
152 object_class, PROP_SCHEME_NAME,
153 g_param_spec_string (SOUP_AUTH_SCHEME_NAME,
155 "Authentication scheme name",
158 G_PARAM_STATIC_STRINGS));
162 * An alias for the #SoupAuth:realm property. (The
163 * authentication realm.)
165 g_object_class_install_property (
166 object_class, PROP_REALM,
167 g_param_spec_string (SOUP_AUTH_REALM,
169 "Authentication realm",
172 G_PARAM_STATIC_STRINGS));
176 * An alias for the #SoupAuth:host property. (The
177 * host being authenticated to.)
179 g_object_class_install_property (
180 object_class, PROP_HOST,
181 g_param_spec_string (SOUP_AUTH_HOST,
183 "Authentication host",
186 G_PARAM_STATIC_STRINGS));
188 * SOUP_AUTH_IS_FOR_PROXY:
190 * An alias for the #SoupAuth:is-for-proxy property. (Whether
191 * or not the auth is for a proxy server.)
193 g_object_class_install_property (
194 object_class, PROP_IS_FOR_PROXY,
195 g_param_spec_boolean (SOUP_AUTH_IS_FOR_PROXY,
197 "Whether or not the auth is for a proxy server",
200 G_PARAM_STATIC_STRINGS));
202 * SOUP_AUTH_IS_AUTHENTICATED:
204 * An alias for the #SoupAuth:is-authenticated property.
205 * (Whether or not the auth has been authenticated.)
207 g_object_class_install_property (
208 object_class, PROP_IS_AUTHENTICATED,
209 g_param_spec_boolean (SOUP_AUTH_IS_AUTHENTICATED,
211 "Whether or not the auth is authenticated",
214 G_PARAM_STATIC_STRINGS));
219 * @type: the type of auth to create (a subtype of #SoupAuth)
220 * @msg: the #SoupMessage the auth is being created for
221 * @auth_header: the WWW-Authenticate/Proxy-Authenticate header
223 * Creates a new #SoupAuth of type @type with the information from
224 * @msg and @auth_header.
226 * This is called by #SoupSession; you will normally not create auths
229 * Return value: (nullable): the new #SoupAuth, or %NULL if it could
233 soup_auth_new (GType type, SoupMessage *msg, const char *auth_header)
237 const char *scheme, *realm;
239 g_return_val_if_fail (g_type_is_a (type, SOUP_TYPE_AUTH), NULL);
240 g_return_val_if_fail (SOUP_IS_MESSAGE (msg), NULL);
241 g_return_val_if_fail (auth_header != NULL, NULL);
243 auth = g_object_new (type,
244 SOUP_AUTH_IS_FOR_PROXY, (msg->status_code == SOUP_STATUS_PROXY_UNAUTHORIZED),
245 SOUP_AUTH_HOST, soup_message_get_uri (msg)->host,
248 scheme = soup_auth_get_scheme_name (auth);
249 if (g_ascii_strncasecmp (auth_header, scheme, strlen (scheme)) != 0) {
250 g_object_unref (auth);
254 params = soup_header_parse_param_list (auth_header + strlen (scheme));
256 params = g_hash_table_new (NULL, NULL);
258 realm = g_hash_table_lookup (params, "realm");
260 auth->realm = g_strdup (realm);
262 if (!SOUP_AUTH_GET_CLASS (auth)->update (auth, msg, params)) {
263 g_object_unref (auth);
266 soup_header_free_param_list (params);
273 * @msg: the #SoupMessage @auth is being updated for
274 * @auth_header: the WWW-Authenticate/Proxy-Authenticate header
276 * Updates @auth with the information from @msg and @auth_header,
277 * possibly un-authenticating it. As with soup_auth_new(), this is
278 * normally only used by #SoupSession.
280 * Return value: %TRUE if @auth is still a valid (but potentially
281 * unauthenticated) #SoupAuth. %FALSE if something about @auth_params
282 * could not be parsed or incorporated into @auth at all.
285 soup_auth_update (SoupAuth *auth, SoupMessage *msg, const char *auth_header)
288 const char *scheme, *realm;
289 gboolean was_authenticated, success;
291 g_return_val_if_fail (SOUP_IS_AUTH (auth), FALSE);
292 g_return_val_if_fail (SOUP_IS_MESSAGE (msg), FALSE);
293 g_return_val_if_fail (auth_header != NULL, FALSE);
295 scheme = soup_auth_get_scheme_name (auth);
296 if (g_ascii_strncasecmp (auth_header, scheme, strlen (scheme)) != 0)
299 params = soup_header_parse_param_list (auth_header + strlen (scheme));
301 params = g_hash_table_new (NULL, NULL);
303 realm = g_hash_table_lookup (params, "realm");
304 if (realm && auth->realm && strcmp (realm, auth->realm) != 0) {
305 soup_header_free_param_list (params);
309 was_authenticated = soup_auth_is_authenticated (auth);
310 success = SOUP_AUTH_GET_CLASS (auth)->update (auth, msg, params);
311 if (was_authenticated != soup_auth_is_authenticated (auth))
312 g_object_notify (G_OBJECT (auth), SOUP_AUTH_IS_AUTHENTICATED);
313 soup_header_free_param_list (params);
318 * soup_auth_authenticate:
320 * @username: the username provided by the user or client
321 * @password: the password provided by the user or client
323 * Call this on an auth to authenticate it; normally this will cause
324 * the auth's message to be requeued with the new authentication info.
327 soup_auth_authenticate (SoupAuth *auth, const char *username, const char *password)
329 gboolean was_authenticated;
331 g_return_if_fail (SOUP_IS_AUTH (auth));
332 g_return_if_fail (username != NULL);
333 g_return_if_fail (password != NULL);
335 was_authenticated = soup_auth_is_authenticated (auth);
336 SOUP_AUTH_GET_CLASS (auth)->authenticate (auth, username, password);
337 if (was_authenticated != soup_auth_is_authenticated (auth))
338 g_object_notify (G_OBJECT (auth), SOUP_AUTH_IS_AUTHENTICATED);
342 * soup_auth_is_for_proxy:
345 * Tests whether or not @auth is associated with a proxy server rather
346 * than an "origin" server.
348 * Return value: %TRUE or %FALSE
351 soup_auth_is_for_proxy (SoupAuth *auth)
353 SoupAuthPrivate *priv = soup_auth_get_instance_private (auth);
355 g_return_val_if_fail (SOUP_IS_AUTH (auth), FALSE);
361 * soup_auth_get_scheme_name:
364 * Returns @auth's scheme name. (Eg, "Basic", "Digest", or "NTLM")
366 * Return value: the scheme name
369 soup_auth_get_scheme_name (SoupAuth *auth)
371 g_return_val_if_fail (SOUP_IS_AUTH (auth), NULL);
373 return SOUP_AUTH_GET_CLASS (auth)->scheme_name;
377 * soup_auth_get_host:
380 * Returns the host that @auth is associated with.
382 * Return value: the hostname
385 soup_auth_get_host (SoupAuth *auth)
387 SoupAuthPrivate *priv = soup_auth_get_instance_private (auth);
389 g_return_val_if_fail (SOUP_IS_AUTH (auth), NULL);
395 * soup_auth_get_realm:
398 * Returns @auth's realm. This is an identifier that distinguishes
399 * separate authentication spaces on a given server, and may be some
400 * string that is meaningful to the user. (Although it is probably not
403 * Return value: the realm name
406 soup_auth_get_realm (SoupAuth *auth)
408 g_return_val_if_fail (SOUP_IS_AUTH (auth), NULL);
414 * soup_auth_get_info:
417 * Gets an opaque identifier for @auth, for use as a hash key or the
418 * like. #SoupAuth objects from the same server with the same
419 * identifier refer to the same authentication domain (eg, the URLs
420 * associated with them take the same usernames and passwords).
422 * Return value: the identifier
425 soup_auth_get_info (SoupAuth *auth)
427 g_return_val_if_fail (SOUP_IS_AUTH (auth), NULL);
429 if (SOUP_IS_CONNECTION_AUTH (auth))
430 return g_strdup (SOUP_AUTH_GET_CLASS (auth)->scheme_name);
432 return g_strdup_printf ("%s:%s",
433 SOUP_AUTH_GET_CLASS (auth)->scheme_name,
439 * soup_auth_is_authenticated:
442 * Tests if @auth has been given a username and password
444 * Return value: %TRUE if @auth has been given a username and password
447 soup_auth_is_authenticated (SoupAuth *auth)
449 g_return_val_if_fail (SOUP_IS_AUTH (auth), TRUE);
451 return SOUP_AUTH_GET_CLASS (auth)->is_authenticated (auth);
455 * soup_auth_get_authorization:
457 * @msg: the #SoupMessage to be authorized
459 * Generates an appropriate "Authorization" header for @msg. (The
460 * session will only call this if soup_auth_is_authenticated()
463 * Return value: the "Authorization" header, which must be freed.
466 soup_auth_get_authorization (SoupAuth *auth, SoupMessage *msg)
468 g_return_val_if_fail (SOUP_IS_AUTH (auth), NULL);
469 g_return_val_if_fail (msg != NULL, NULL);
471 return SOUP_AUTH_GET_CLASS (auth)->get_authorization (auth, msg);
475 * soup_auth_is_ready:
477 * @msg: a #SoupMessage
479 * Tests if @auth is ready to make a request for @msg with. For most
480 * auths, this is equivalent to soup_auth_is_authenticated(), but for
481 * some auth types (eg, NTLM), the auth may be sendable (eg, as an
482 * authentication request) even before it is authenticated.
484 * Return value: %TRUE if @auth is ready to make a request with.
489 soup_auth_is_ready (SoupAuth *auth,
492 g_return_val_if_fail (SOUP_IS_AUTH (auth), TRUE);
493 g_return_val_if_fail (SOUP_IS_MESSAGE (msg), TRUE);
495 if (SOUP_AUTH_GET_CLASS (auth)->is_ready)
496 return SOUP_AUTH_GET_CLASS (auth)->is_ready (auth, msg);
498 return SOUP_AUTH_GET_CLASS (auth)->is_authenticated (auth);
502 * soup_auth_can_authenticate:
505 * Tests if @auth is able to authenticate by providing credentials to the
506 * soup_auth_authenticate().
508 * Return value: %TRUE if @auth is able to accept credentials.
513 soup_auth_can_authenticate (SoupAuth *auth)
515 g_return_val_if_fail (SOUP_IS_AUTH (auth), FALSE);
517 return SOUP_AUTH_GET_CLASS (auth)->can_authenticate (auth);
521 * soup_auth_get_protection_space:
523 * @source_uri: the URI of the request that @auth was generated in
526 * Returns a list of paths on the server which @auth extends over.
527 * (All subdirectories of these paths are also assumed to be part
528 * of @auth's protection space, unless otherwise discovered not to
531 * Return value: (element-type utf8) (transfer full): the list of
532 * paths, which can be freed with soup_auth_free_protection_space().
535 soup_auth_get_protection_space (SoupAuth *auth, SoupURI *source_uri)
537 g_return_val_if_fail (SOUP_IS_AUTH (auth), NULL);
538 g_return_val_if_fail (source_uri != NULL, NULL);
540 return SOUP_AUTH_GET_CLASS (auth)->get_protection_space (auth, source_uri);
544 * soup_auth_free_protection_space: (skip)
546 * @space: the return value from soup_auth_get_protection_space()
551 soup_auth_free_protection_space (SoupAuth *auth, GSList *space)
553 g_slist_free_full (space, g_free);
557 * soup_auth_get_saved_users:
559 * Return value: (transfer full) (element-type utf8):
562 soup_auth_get_saved_users (SoupAuth *auth)
568 soup_auth_get_saved_password (SoupAuth *auth, const char *user)
574 soup_auth_has_saved_password (SoupAuth *auth, const char *username,
575 const char *password)
580 soup_auth_save_password (SoupAuth *auth, const char *username,
581 const char *password)