Browse Source

fixed case-sensitive match of auth-method (fixes #1456)

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2026 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.19
Jan Kneschke 14 years ago
parent
commit
708f499d75
  1. 1
      NEWS
  2. 4
      src/mod_auth.c
  3. 12
      tests/mod-auth.t

1
NEWS

@ -8,6 +8,7 @@ NEWS
* added support for If-Range: <date> (#1346)
* added support for matching $HTTP["scheme"] in configs
* fixed initgroups() called after chroot (#1384)
* fixed case-sensitive check for Auth-Method (#1456)
* execute fcgi app without /bin/sh if used as argument to spawn-fcgi (#1428)
- 1.4.18 - 2007-09-09

4
src/mod_auth.c

@ -238,13 +238,13 @@ static handler_t mod_auth_uri_handler(server *srv, connection *con, void *p_d) {
int auth_type_len = auth_realm - http_authorization;
if ((auth_type_len == 5) &&
(0 == strncmp(http_authorization, "Basic", auth_type_len))) {
(0 == strncasecmp(http_authorization, "Basic", auth_type_len))) {
if (0 == strcmp(method->value->ptr, "basic")) {
auth_satisfied = http_auth_basic_check(srv, con, p, req, con->uri.path, auth_realm+1);
}
} else if ((auth_type_len == 6) &&
(0 == strncmp(http_authorization, "Digest", auth_type_len))) {
(0 == strncasecmp(http_authorization, "Digest", auth_type_len))) {
if (0 == strcmp(method->value->ptr, "digest")) {
if (-1 == (auth_satisfied = http_auth_digest_check(srv, con, p, req, con->uri.path, auth_realm+1))) {
con->http_status = 400;

12
tests/mod-auth.t

@ -8,7 +8,7 @@ BEGIN {
use strict;
use IO::Socket;
use Test::More tests => 13;
use Test::More tests => 14;
use LightyTest;
my $tf = LightyTest->new();
@ -48,6 +48,16 @@ EOF
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (des)');
$t->{REQUEST} = ( <<EOF
GET /server-config HTTP/1.0
Host: auth-htpasswd.example.org
Authorization: basic ZGVzOmRlcw==
EOF
);
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (des) (lowercase)');
SKIP: {
skip "no md5 for crypt under cygwin", 1 if $^O eq 'cygwin';
$t->{REQUEST} = ( <<EOF

Loading…
Cancel
Save