This file is indexed.

/usr/include/pion/net/HTTPBasicAuth.hpp is in libpion-net-dev 4.0.7+dfsg-3.1ubuntu4.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
// ------------------------------------------------------------------
// pion-net: a C++ framework for building lightweight HTTP interfaces
// ------------------------------------------------------------------
// Copyright (C) 2007-2008 Atomic Labs, Inc.  (http://www.atomiclabs.com)
//
// Distributed under the Boost Software License, Version 1.0.
// See http://www.boost.org/LICENSE_1_0.txt
//

#ifndef __PION_HTTPBASICAUTH_HEADER__
#define __PION_HTTPBASICAUTH_HEADER__

#include <map>
#include <string>
#include <pion/PionConfig.hpp>
#include <pion/net/HTTPAuth.hpp>
#include <pion/PionDateTime.hpp>  // order important , otherwise compiling error under win32


namespace pion {	// begin namespace pion
namespace net {		// begin namespace net (Pion Network Library)

///
/// HTTPBasicAuth: a base class for handling HTTP Authentication and session management
/// in accordance with RFC 2617 http://tools.ietf.org/html/rfc2617 
///
class PION_NET_API HTTPBasicAuth :
	public HTTPAuth
{
public:
	
	/// default constructor
	HTTPBasicAuth(PionUserManagerPtr userManager, const std::string& realm="PION:NET");
	
	/// virtual destructor
	virtual ~HTTPBasicAuth() {}
	
	/**
	 * attempts to validate authentication of a new HTTP request. 
	 * If request valid, pointer to user identity object (if any) will be preserved in 
	 * the request and return "true". 
	 * If request not authenticated, appropriate response is sent over tcp_conn
	 * and return "false";
	 *
	 * @param request the new HTTP request to handle
	 * @param tcp_conn the TCP connection that has the new request
	 *
	 * @return true if request valid and user identity inserted into request 
	 */
	virtual bool handleRequest(HTTPRequestPtr& request, TCPConnectionPtr& tcp_conn);
	
	/**
	 * sets a configuration option
	 * Valid options:
	 *    - "domain" - name of authentication domain
	 *
	 * @param name the name of the option to change
	 * @param value the value of the option
	 */
	virtual void setOption(const std::string& name, const std::string& value);

	
protected:

	/**
	 * used to send responses when access to resource is not authorized
	 *
	 * @param http_request the new HTTP request to handle
	 * @param tcp_conn the TCP connection that has the new request
	 */
	void handleUnauthorized(HTTPRequestPtr& http_request, TCPConnectionPtr& tcp_conn);
	
	/**
	 * extracts base64 user credentials from authorization string
	 *
	 * @param authorization value of the HEADER_AUTHORIZATION
	 */
	static bool parseAuthorization(std::string const &authorization, std::string &credentials);
	
	/**
	 * parse base64 credentials and extract username/password
	 */
	static bool parseCredentials(std::string const &credentials, std::string &username, std::string &password);

	
private:
	
	/// data type used to map authentication credentials to PionUser objects
	typedef std::map<std::string,std::pair<PionDateTime,PionUserPtr> >  PionUserCache;
	
	/// number of seconds after which entires in the user cache will be expired
	static const unsigned int	CACHE_EXPIRATION;


	/// authentication realm ( "PION:NET" by default)
	std::string					m_realm; 

	/// time of the last cache clean up
	PionDateTime				m_cache_cleanup_time;
		
	/// cache of users that are currently active
	PionUserCache				m_user_cache;
	
	/// mutex used to protect access to the user cache
	mutable boost::mutex		m_cache_mutex;
};

	
}	// end namespace net
}	// end namespace pion

#endif