+ if ((authmask & HTTPD_AUTH_MAGIC) &&
+ (check_owning_uid(fd, 1) == getuid())) {
+ authtype = HTTPD_AUTH_MAGIC;
+ if (authmask != HTTPD_AUTH_MAGIC)
+ printf("Using Linux /proc/net magic authentication\n");
+ } else if ((authmask & HTTPD_AUTH_BASIC)) {
+ char username[128], password[128], userpassbuf[259];
+ const char *userpass;
+ const char *rname;
+ unsigned char passbuf[10];
+ int i, j, k, fd;
+
+ authtype = HTTPD_AUTH_BASIC;
+
+ if (authmask != HTTPD_AUTH_BASIC)
+ printf("Using HTTP Basic authentication\n");
+
+ if (dcfg->basicauthdata) {
+ userpass = dcfg->basicauthdata;
+ } else {
+ strcpy(username, PNAME);
+ rname = "/dev/urandom";
+ fd = open(rname, O_RDONLY);
+ if (fd < 0) {
+ int err = errno;
+ rname = "/dev/random";
+ fd = open(rname, O_RDONLY);
+ if (fd < 0) {
+ int err2 = errno;
+ fprintf(stderr, "/dev/urandom: open: %s\n", strerror(err));
+ fprintf(stderr, "/dev/random: open: %s\n", strerror(err2));
+ exit(1);
+ }
+ }
+ for (i = 0; i < 10 ;) {
+ j = read(fd, passbuf + i, 10 - i);
+ if (j <= 0) {
+ fprintf(stderr, "%s: read: %s\n", rname,
+ j < 0 ? strerror(errno) : "unexpected EOF");
+ exit(1);
+ }
+ i += j;
+ }
+ close(fd);
+ for (i = 0; i < 16; i++) {
+ /*
+ * 32 characters out of the 36 alphanumerics gives
+ * me the latitude to discard i,l,o for being too
+ * numeric-looking, and w because it has two too
+ * many syllables and one too many presidential
+ * associations.
+ */
+ static const char chars[32] =
+ "0123456789abcdefghjkmnpqrstuvxyz";
+ int v = 0;