From 4b412797b80676d41dd08cc83d530d4b4710581d Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Tue, 12 Apr 2016 23:56:55 -0400 Subject: [PATCH] [mod_auth] send charset="UTF-8" in WWW-Authenticate (fixes #1468) https://tools.ietf.org/html/rfc7616 and https://tools.ietf.org/html/rfc7617 (September 2015) update Digest and Basic auth to allow server to recommend charset which should be used by client. http://stackoverflow.com/questions/702629/utf-8-characters-mangled-in-http-basic-auth-username x-ref: "LDAP UTF-8 encoding" https://redmine.lighttpd.net/issues/1468 --- NEWS | 1 + src/mod_auth.c | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index f4cf4080..807e54ca 100644 --- a/NEWS +++ b/NEWS @@ -64,6 +64,7 @@ NEWS * [core] clean up srv before exiting for lighttpd -[vVh] * [mod_fastcgi,mod_scgi] check for spawning on same unix socket (fixes #319) * [mod_cgi] always set QUERY_STRING (fixes #1339) + * [mod_auth] send charset="UTF-8" in WWW-Authenticate (fixes #1468) - 1.4.39 - 2016-01-02 * [core] fix memset_s call (fixes #2698) diff --git a/src/mod_auth.c b/src/mod_auth.c index e79f13b1..9ec76dda 100644 --- a/src/mod_auth.c +++ b/src/mod_auth.c @@ -298,7 +298,7 @@ static handler_t mod_auth_uri_handler(server *srv, connection *con, void *p_d) { if (0 == strcmp(method->value->ptr, "basic")) { buffer_copy_string_len(p->tmp_buf, CONST_STR_LEN("Basic realm=\"")); buffer_append_string_buffer(p->tmp_buf, realm->value); - buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("\"")); + buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("\", charset=\"UTF-8\"")); response_header_insert(srv, con, CONST_STR_LEN("WWW-Authenticate"), CONST_BUF_LEN(p->tmp_buf)); } else if (0 == strcmp(method->value->ptr, "digest")) { @@ -307,7 +307,7 @@ static handler_t mod_auth_uri_handler(server *srv, connection *con, void *p_d) { buffer_copy_string_len(p->tmp_buf, CONST_STR_LEN("Digest realm=\"")); buffer_append_string_buffer(p->tmp_buf, realm->value); - buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("\", nonce=\"")); + buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("\", charset=\"UTF-8\", nonce=\"")); buffer_append_string(p->tmp_buf, hh); buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("\", qop=\"auth\""));