Browse Source

Fix fastcgi authorization in subdirectories with check-local=disabled; don't split pathinfo for authorizer. (#963)

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2324 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.21
Stefan Bühler 13 years ago
parent
commit
80a4f7a721
  1. 1
      NEWS
  2. 85
      src/mod_fastcgi.c
  3. 1
      tests/fastcgi-auth.conf
  4. 12
      tests/mod-fastcgi.t

1
NEWS

@ -14,6 +14,7 @@ NEWS
* Try to convert string options to shorts for numeric options in config file; allows to use env-vars for numeric options. (#1159, thx andrewb)
* Do not cache default vhost in mod_simple_vhost (#709)
* Trust pcre-config, do not check for pcre manually (#1769)
* Fix fastcgi authorization in subdirectories with check-local=disabled; don't split pathinfo for authorizer. (#963)
- 1.4.20 - 2008-09-30

85
src/mod_fastcgi.c

@ -3608,47 +3608,50 @@ static handler_t fcgi_check_extension(server *srv, connection *con, void *p_d, i
"handling it in mod_fastcgi");
}
/* the prefix is the SCRIPT_NAME,
* everything from start to the next slash
* this is important for check-local = "disable"
*
* if prefix = /admin.fcgi
*
* /admin.fcgi/foo/bar
*
* SCRIPT_NAME = /admin.fcgi
* PATH_INFO = /foo/bar
*
* if prefix = /fcgi-bin/
*
* /fcgi-bin/foo/bar
*
* SCRIPT_NAME = /fcgi-bin/foo
* PATH_INFO = /bar
*
* if prefix = /, and fix-root-path-name is enable
*
* /fcgi-bin/foo/bar
*
* SCRIPT_NAME = /fcgi-bin/foo
* PATH_INFO = /bar
*
*/
/* the rewrite is only done for /prefix/? matches */
if (extension->key->ptr[0] == '/' &&
con->uri.path->used > extension->key->used &&
NULL != (pathinfo = strchr(con->uri.path->ptr + extension->key->used - 1, '/'))) {
/* rewrite uri.path and pathinfo */
buffer_copy_string(con->request.pathinfo, pathinfo);
con->uri.path->used -= con->request.pathinfo->used - 1;
con->uri.path->ptr[con->uri.path->used - 1] = '\0';
} else if (host->fix_root_path_name && extension->key->ptr[0] == '/' && extension->key->ptr[1] == '\0') {
buffer_copy_string(con->request.pathinfo, con->uri.path->ptr);
con->uri.path->used = 1;
con->uri.path->ptr[con->uri.path->used - 1] = '\0';
/* do not split path info for authorizer */
if (host->mode != FCGI_AUTHORIZER) {
/* the prefix is the SCRIPT_NAME,
* everything from start to the next slash
* this is important for check-local = "disable"
*
* if prefix = /admin.fcgi
*
* /admin.fcgi/foo/bar
*
* SCRIPT_NAME = /admin.fcgi
* PATH_INFO = /foo/bar
*
* if prefix = /fcgi-bin/
*
* /fcgi-bin/foo/bar
*
* SCRIPT_NAME = /fcgi-bin/foo
* PATH_INFO = /bar
*
* if prefix = /, and fix-root-path-name is enable
*
* /fcgi-bin/foo/bar
*
* SCRIPT_NAME = /fcgi-bin/foo
* PATH_INFO = /bar
*
*/
/* the rewrite is only done for /prefix/? matches */
if (extension->key->ptr[0] == '/' &&
con->uri.path->used > extension->key->used &&
NULL != (pathinfo = strchr(con->uri.path->ptr + extension->key->used - 1, '/'))) {
/* rewrite uri.path and pathinfo */
buffer_copy_string(con->request.pathinfo, pathinfo);
con->uri.path->used -= con->request.pathinfo->used - 1;
con->uri.path->ptr[con->uri.path->used - 1] = '\0';
} else if (host->fix_root_path_name && extension->key->ptr[0] == '/' && extension->key->ptr[1] == '\0') {
buffer_copy_string(con->request.pathinfo, con->uri.path->ptr);
con->uri.path->used = 1;
con->uri.path->ptr[con->uri.path->used - 1] = '\0';
}
}
}
} else {

1
tests/fastcgi-auth.conf

@ -89,6 +89,7 @@ fastcgi.server = ( "/" => (
"bin-path" => env.SRCDIR + "/fcgi-auth",
"mode" => "authorizer",
"docroot" => env.SRCDIR + "/tmp/lighttpd/servers/www.example.org/pages/",
"check-local" => "disable",
)
)

12
tests/mod-fastcgi.t

@ -7,7 +7,7 @@ BEGIN {
}
use strict;
use Test::More tests => 49;
use Test::More tests => 50;
use LightyTest;
my $tf = LightyTest->new();
@ -215,7 +215,7 @@ SKIP: {
}
SKIP: {
skip "no fcgi-auth found", 4 unless -x $tf->{BASEDIR}."/tests/fcgi-auth" || -x $tf->{BASEDIR}."/tests/fcgi-auth.exe";
skip "no fcgi-auth found", 5 unless -x $tf->{BASEDIR}."/tests/fcgi-auth" || -x $tf->{BASEDIR}."/tests/fcgi-auth.exe";
$tf->{CONFIGFILE} = 'fastcgi-auth.conf';
ok($tf->start_proc == 0, "Starting lighttpd with $tf->{CONFIGFILE}") or die();
@ -235,6 +235,14 @@ EOF
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];
ok($tf->handle_http($t) == 0, 'FastCGI - Auth');
$t->{REQUEST} = ( <<EOF
GET /expire/access.txt?ok HTTP/1.0
Host: www.example.org
EOF
);
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
ok($tf->handle_http($t) == 0, 'FastCGI - Auth in subdirectory');
ok($tf->stop_proc == 0, "Stopping lighttpd");
}

Loading…
Cancel
Save