Fix fastcgi authorization in subdirectories with check-local=disabled; don't split pathinfo for authorizer. (#963)

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2324 152afb58-edef-0310-8abb-c4023f1b3aa9
2008-10-01 20:08:23 +00:00 · 2008-10-01 20:08:23 +00:00 · 80a4f7a721
parent 87eea9e4c3
commit 80a4f7a721
4 changed files with 53 additions and 40 deletions
--- a/1
+++ b/1
@ -14,6 +14,7 @@ NEWS
  * Try to convert string options to shorts for numeric options in config file; allows to use env-vars for numeric options. (#1159, thx andrewb)
  * Do not cache default vhost in mod_simple_vhost (#709)
  * Trust pcre-config, do not check for pcre manually (#1769)
+  * Fix fastcgi authorization in subdirectories with check-local=disabled; don't split pathinfo for authorizer. (#963)

 - 1.4.20 - 2008-09-30

--- a/src/mod_fastcgi.c
+++ b/src/mod_fastcgi.c
@ -3608,47 +3608,50 @@ static handler_t fcgi_check_extension(server *srv, connection *con, void *p_d, i
 				"handling it in mod_fastcgi");
 			}

-			/* the prefix is the SCRIPT_NAME,
-			 * everything from start to the next slash
-			 * this is important for check-local = "disable"
-			 *
-			 * if prefix = /admin.fcgi
-			 *
-			 * /admin.fcgi/foo/bar
-			 *
-			 * SCRIPT_NAME = /admin.fcgi
-			 * PATH_INFO   = /foo/bar
-			 *
-			 * if prefix = /fcgi-bin/
-			 *
-			 * /fcgi-bin/foo/bar
-			 *
-			 * SCRIPT_NAME = /fcgi-bin/foo
-			 * PATH_INFO   = /bar
-			 *
-			 * if prefix = /, and fix-root-path-name is enable
-			 *
-			 * /fcgi-bin/foo/bar
-			 *
-			 * SCRIPT_NAME = /fcgi-bin/foo
-			 * PATH_INFO   = /bar
-			 *
-			 */
+			/* do not split path info for authorizer */
+			if (host->mode != FCGI_AUTHORIZER) {
+				/* the prefix is the SCRIPT_NAME,
+				* everything from start to the next slash
+				* this is important for check-local = "disable"
+				*
+				* if prefix = /admin.fcgi
+				*
+				* /admin.fcgi/foo/bar
+				*
+				* SCRIPT_NAME = /admin.fcgi
+				* PATH_INFO   = /foo/bar
+				*
+				* if prefix = /fcgi-bin/
+				*
+				* /fcgi-bin/foo/bar
+				*
+				* SCRIPT_NAME = /fcgi-bin/foo
+				* PATH_INFO   = /bar
+				*
+				* if prefix = /, and fix-root-path-name is enable
+				*
+				* /fcgi-bin/foo/bar
+				*
+				* SCRIPT_NAME = /fcgi-bin/foo
+				* PATH_INFO   = /bar
+				*
+				*/

-			/* the rewrite is only done for /prefix/? matches */
-			if (extension->key->ptr[0] == '/' &&
-			    con->uri.path->used > extension->key->used &&
-			    NULL != (pathinfo = strchr(con->uri.path->ptr + extension->key->used - 1, '/'))) {
-				/* rewrite uri.path and pathinfo */
+				/* the rewrite is only done for /prefix/? matches */
+				if (extension->key->ptr[0] == '/' &&
+					con->uri.path->used > extension->key->used &&
+					NULL != (pathinfo = strchr(con->uri.path->ptr + extension->key->used - 1, '/'))) {
+					/* rewrite uri.path and pathinfo */

-				buffer_copy_string(con->request.pathinfo, pathinfo);
+					buffer_copy_string(con->request.pathinfo, pathinfo);

-				con->uri.path->used -= con->request.pathinfo->used - 1;
-				con->uri.path->ptr[con->uri.path->used - 1] = '\0';
-			} else if (host->fix_root_path_name && extension->key->ptr[0] == '/' && extension->key->ptr[1] == '\0') {
-				buffer_copy_string(con->request.pathinfo, con->uri.path->ptr);
-				con->uri.path->used = 1;
-				con->uri.path->ptr[con->uri.path->used - 1] = '\0';
+					con->uri.path->used -= con->request.pathinfo->used - 1;
+					con->uri.path->ptr[con->uri.path->used - 1] = '\0';
+				} else if (host->fix_root_path_name && extension->key->ptr[0] == '/' && extension->key->ptr[1] == '\0') {
+					buffer_copy_string(con->request.pathinfo, con->uri.path->ptr);
+					con->uri.path->used = 1;
+					con->uri.path->ptr[con->uri.path->used - 1] = '\0';
+				}
 			}
 		}
 	} else {
--- a/tests/fastcgi-auth.conf
+++ b/tests/fastcgi-auth.conf
@ -89,6 +89,7 @@ fastcgi.server              = ( "/" => (
 				    "bin-path" => env.SRCDIR + "/fcgi-auth",
                                    "mode" => "authorizer",
                                    "docroot" => env.SRCDIR + "/tmp/lighttpd/servers/www.example.org/pages/",
+                                    "check-local" => "disable",

 				  )
 				)
--- a/tests/mod-fastcgi.t
+++ b/tests/mod-fastcgi.t
@ -7,7 +7,7 @@ BEGIN {
 }

 use strict;
-use Test::More tests => 49;
+use Test::More tests => 50;
 use LightyTest;

 my $tf = LightyTest->new();
@ -215,7 +215,7 @@ SKIP: {
 }

 SKIP: {
-	skip "no fcgi-auth found", 4 unless -x $tf->{BASEDIR}."/tests/fcgi-auth" || -x $tf->{BASEDIR}."/tests/fcgi-auth.exe"; 
+	skip "no fcgi-auth found", 5 unless -x $tf->{BASEDIR}."/tests/fcgi-auth" || -x $tf->{BASEDIR}."/tests/fcgi-auth.exe"; 

 	$tf->{CONFIGFILE} = 'fastcgi-auth.conf';
 	ok($tf->start_proc == 0, "Starting lighttpd with $tf->{CONFIGFILE}") or die();
@ -235,6 +235,14 @@ EOF
 	$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];
 	ok($tf->handle_http($t) == 0, 'FastCGI - Auth');

+	$t->{REQUEST}  = ( <<EOF
+GET /expire/access.txt?ok HTTP/1.0
+Host: www.example.org
+EOF
+ );
+	$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+	ok($tf->handle_http($t) == 0, 'FastCGI - Auth in subdirectory');
+
 	ok($tf->stop_proc == 0, "Stopping lighttpd");
 }