« Previous Next »

• 12-07-2007, 5:04 AM

  imd Joined on 12-07-2007, 9:45 AM Posts 7

  ISAPI authentication filter problem Reply Contact I have written an authentication filter which performs non form based Basic authentication. The problem is once the authentication is done the page does not get displayed. //Code #include <stdio.h> #include <httpext.h> #include <httpfilt.h> #include <string.h> #define USERNAME "user" #define PASSWORD "pass" #define DOMAIN   "domain.com" #define BASIC_HDR   "Basic" #define FOURK_STR_SIZE    4*1024 #define ONEK_STR_SIZE    1024 DWORD WINAPI HttpFilterProc( PHTTP_FILTER_CONTEXT pfc,         DWORD notificationType,         VOID *pvNotification ) {     struct     {         char userpass[ONEK_STR_SIZE];         char url[ONEK_STR_SIZE];         char cookie[256];     }*head;     unsigned int cookielen;     char domain[ONEK_STR_SIZE];     DWORD urllen = sizeof(head->url);     char str[ONEK_STR_SIZE];     char *user = NULL;     char *pass = NULL;     char szBuffer [ FOURK_STR_SIZE + 1 ] = { 0 };     char *userpass64;     char userpassde[ONEK_STR_SIZE];     char *up1;     unsigned int userpassdelen;     DWORD userpasslen;         HTTP_FILTER_PREPROC_HEADERS *headers = (HTTP_FILTER_PREPROC_HEADERS *) pvNotification;     HTTP_FILTER_SEND_RESPONSE *response = (HTTP_FILTER_SEND_RESPONSE *) pvNotification;       switch(notificationType)   {    case SF_NOTIFY_PREPROC_HEADERS :             OutputDebugString("SF_NOTIFY_PREPROC_HEADERS");             if ( !pfc->pFilterContext )         {             pfc->pFilterContext = pfc->AllocMem( pfc, sizeof ( head ), 0 );             if ( !pfc->pFilterContext )             {                 SetLastError( ERROR_NOT_ENOUGH_MEMORY );                 return SF_STATUS_REQ_ERROR;             }         }         head = pfc->pFilterContext;         headers->GetHeader( pfc, "url", head->url,&urllen);         headers->GetHeader( pfc, "Authorization:", head->userpass, &userpasslen );         headers->GetHeader( pfc, "Cookie:", head->cookie, &cookielen );                sprintf(str,"url is %s userpass is %s cookie is %s",head->url,head->userpass,head->cookie);         OutputDebugString(str);        sprintf(str,"url length is %d userpass length is %d  cookie length is %d",strlen(head->url),strlen(head->userpass), strlen(head->cookie));         OutputDebugString(str);     //break;   case SF_NOTIFY_AUTHENTICATION:       OutputDebugString("SF_NOTIFY_AUTHENTICATION");             if ( !strcmp(head->cookie,"auth=Authenticated") )          {             OutputDebugString("Authentication completed");             OutputDebugString("returning SF_STATUS_REQ_NEXT_NOTIFICATION");             return SF_STATUS_REQ_NEXT_NOTIFICATION;         }     else //No cookie or cookie has auth=NotAuthenticated     {       OutputDebugString("cookie not equals auth=Authenticated");             if(!strlen(head->userpass)==0) //Check whether username and password are being sent       {       OutputDebugString(str);       OutputDebugString(head->userpass);       userpass64 = (char*) malloc (strlen(head->userpass));             userpass64=strchr(head->userpass,' '); //separating the base64 part from the rest of the string       userpass64++;       OutputDebugString(userpass64);      // decoding the base64 username password       b64_decode(userpass64,strlen(userpass64),userpassde,&userpassdelen); // Decoded string is stored in userpassde             OutputDebugString(userpassde);//Output will be user:pass       up1 = (char*) malloc (strlen(userpassde));       strcpy(up1,userpassde);             OutputDebugString(up1);       user=strtok(userpassde,":");//Copy user into a string             OutputDebugString(user);       pass=strchr(up1,':');//Copy pass into a string       pass++;//Remove : from the string       OutputDebugString(pass);                     if( !strcmp( user, USERNAME ) && !strcmp( pass, PASSWORD ) )         {             //Every thing is perfect             OutputDebugString("All conditions satisfied");             pfc->AddResponseHeaders(pfc,"Set-Cookie: auth=Authenticated; path=/;\r\n", 0);             OutputDebugString("returning SF_STATUS_REQ_NEXT_NOTIFICATION");             return SF_STATUS_REQ_NEXT_NOTIFICATION;         }       }         //All conditions have failed             OutputDebugString("Wrong Username or password");             sprintf(domain, "WWW-Authenticate: Basic realm=\"%s\"\r\n", DOMAIN);             pfc->AddResponseHeaders(pfc,"Set-Cookie: auth=NotAuthenticated; path=/;\r\n", 0);             pfc->ServerSupportFunction( pfc, SF_REQ_SEND_RESPONSE_HEADER,                       (PVOID)   "401 Unauthorized",                       (DWORD) domain,                       (DWORD) NULL );             OutputDebugString("returning SF_STATUS_REQ_FINISHED_KEEP_CONN");             return SF_STATUS_REQ_FINISHED_KEEP_CONN;             }         break;   default:       break;     }         return SF_STATUS_REQ_NEXT_NOTIFICATION;   } Debug Output : 00000000    1:06:18 PM    [5924] SF_NOTIFY_PREPROC_HEADERS    00000001    1:06:18 PM    [5924] url is /index.htm userpass is  cookie is     00000002    1:06:18 PM    [5924] url length is 10 userpass length is 0  cookie length is 0    00000003    1:06:18 PM    [5924] SF_NOTIFY_AUTHENTICATION    00000004    1:06:18 PM    [5924] cookie not equals auth=Authenticated    00000005    1:06:18 PM    [5924] Wrong Username or password    00000006    1:06:18 PM    [5924] returning SF_STATUS_REQ_FINISHED_KEEP_CONN    00000007    1:06:23 PM    [5924] SF_NOTIFY_PREPROC_HEADERS    00000008    1:06:23 PM    [5924] url is /index.htm userpass is Basic dXNlcjpwYXNz cookie is auth=NotAuthenticated    00000009    1:06:23 PM    [5924] url length is 10 userpass length is 18  cookie length is 21    00000010    1:06:23 PM    [5924] SF_NOTIFY_AUTHENTICATION    00000011    1:06:23 PM    [5924] cookie not equals auth=Authenticated    00000012    1:06:23 PM    [5924] url length is 10 userpass length is 18  cookie length is 21    00000013    1:06:23 PM    [5924] Basic dXNlcjpwYXNz    00000014    1:06:23 PM    [5924] dXNlcjpwYXNz    00000015    1:06:23 PM    [5924] user:pass    00000016    1:06:23 PM    [5924] user:pass    00000017    1:06:23 PM    [5924] user    00000018    1:06:23 PM    [5924] pass    00000019    1:06:23 PM    [5924] All conditions satisfied    00000020    1:06:23 PM    [5924] returning SF_STATUS_REQ_NEXT_NOTIFICATION

• 12-07-2007, 5:16 PM

  In reply to

  anilr Joined on 05-23-2006, 6:13 PM Redmond, WA Posts 2,343	Re: ISAPI authentication filter problem Reply Contact Without reading the rest of your code, the below seems to be a bad bug pfc->pFilterContext = pfc->AllocMem( pfc, sizeof ( head ), 0 ); ... head = pfc->pFilterContext; Anil Ruia Senior Software Design Engineer IIS Core Server

• 12-10-2007, 1:31 AM

  In reply to

  imd Joined on 12-07-2007, 9:45 AM Posts 7	Re: ISAPI authentication filter problem Reply Contact Guess thats not the problem. Since i'm able to store and retrieve data using the head pointer as you might see in the debug statements

• 12-10-2007, 12:55 PM

  In reply to

  anilr Joined on 05-23-2006, 6:13 PM Redmond, WA Posts 2,343	Re: ISAPI authentication filter problem Reply Contact Sorry for shouting but YOU ARE OVERRUNNING THE BUFFER ALLOCATED BY YOU - almost anything bad that you can think of can happen at this point. Anil Ruia Senior Software Design Engineer IIS Core Server