+static int yaz_base64decode(const char *in, char *out)
+{
+ const char *map = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz0123456789+/";
+ int olen = 0;
+ int len = strlen(in);
+
+ while (len >= 4)
+ {
+ char i0, i1, i2, i3;
+ char *p;
+
+ if (!(p = index(map, in[0])))
+ return 0;
+ i0 = p - map;
+ len--;
+ if (!(p = index(map, in[1])))
+ return 0;
+ i1 = p - map;
+ len--;
+ *(out++) = i0 << 2 | i1 >> 4;
+ olen++;
+ if (in[2] == '=')
+ break;
+ if (!(p = index(map, in[2])))
+ return 0;
+ i2 = p - map;
+ len--;
+ *(out++) = i1 << 4 | i2 >> 2;
+ olen++;
+ if (in[3] == '=')
+ break;
+ if (!(p = index(map, in[3])))
+ return 0;
+ i3 = p - map;
+ len--;
+ *(out++) = i2 << 6 | i3;
+ olen++;
+
+ in += 4;
+ }
+
+ *out = '\0';
+ return olen;
+}
+
+/**
+ * Look for authentication tokens in HTTP Basic parameters or in x-username/x-password
+ * parameters. Added by SH.
+ */
+static void yaz_srw_decodeauth(Z_SRW_PDU *sr, Z_HTTP_Request *hreq, char *username,
+ char *password, ODR decode)
+{
+ const char *basic = z_HTTP_header_lookup(hreq->headers, "Authorization");
+
+ if (username)
+ sr->username = username;
+ if (password)
+ sr->password = password;
+
+ if (basic) {
+ int len, olen;
+ char out[256];
+ char ubuf[256] = "", pbuf[256] = "", *p;
+ if (strncmp(basic, "Basic ", 6))
+ return;
+ basic += 6;
+ len = strlen(basic);
+ if (!len || len > 256)
+ return;
+ olen = yaz_base64decode(basic, out);
+ /* Format of out should be username:password at this point */
+ strcpy(ubuf, out);
+ if ((p = index(ubuf, ':'))) {
+ *(p++) = '\0';
+ if (*p)
+ strcpy(pbuf, p);
+ }
+ if (*ubuf)
+ sr->username = odr_strdup(decode, ubuf);
+ if (*pbuf)
+ sr->password = odr_strdup(decode, pbuf);
+ }
+}
+