khttpbasic_validatevalidate an HTTP basic authorisation request

library “libkcgi”

#include <sys/types.h>
#include <stdarg.h>
#include <stdint.h>
#include <kcgi.h>

khttpbasic_validate(struct kreq *req, const char *user, const char *password);

The () function validates the given user and password with the HTTP “basic” or “bearer” authorised request req as returned by khttp_parse(3) or khttp_fcgi_parse(3).

In both cases, the request is validated by base64-encoding user:password and comparing it to the given token.

khttpbasic_validate() will return zero if validation failed, less than zero if the request was not properly set up for HTTP basic or bearer validation (no HTTP method, not a basic or bearer request, not already authenticated by the web server), or greater than zero if the validation succeeded.

In the following fragment, assume r a pointer to a struct kreq successfully initialised by khttp_parse(3). If validation is not provided, it returns an HTTP 401. The expected principle is "james", password "bond". Otherwise, it returns an HTTP 200.

if (khttpbasic_validate(r, "james", "bond") <= 0) {
  khttp_head(r, kresps[KRESP_STATUS],
    "%s", khttps[KHTTP_401]);
  khttp_head(r, kresps[KRESP_WWW_AUTHENTICATE],
    "basic realm=\"%s\"", "some realm");
} else
  khttp_head(r, kresps[KRESP_STATUS],
    "%s", khttps[KHTTP_200]);

kcgi(3), khttp_fcgi_parse(3), khttp_parse(3), khttpdigest_validate(3)

Written by Kristaps Dzonsons <>.

December 2, 2023 OpenBSD 7.4