lighttpd
/
lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity
2,580 Commits 9 Branches 87 Tags 16 MiB
Commit Graph

21 Commits

Author SHA1 Message Date
Glenn Strauss 7ba06c71a6 [mod_auth] structured data, register auth schemes 
- parse auth.* directives into structured data during config processing
- register auth schemes (basic, digest, extern, ...) for extensibility
- remove auth.debug directive
 2016-09-22 19:54:57 -04:00
Glenn Strauss 00cc4d7c0e [mod_auth] fix Digest auth to be better than Basic (fixes #1844) 
Make Digest authentication more compliant with RFC.

Excerpt from https://www.rfc-editor.org/rfc/rfc7616.txt Section 5.13:
    The bottom line is that any compliant implementation will be
    relatively weak by cryptographic standards, but any compliant
    implementation will be far superior to Basic Authentication.

x-ref:
  "Serious security problem in Digest Authentication"
  https://redmine.lighttpd.net/issues/1844
 2016-07-16 23:25:53 -04:00
Stefan Bühler 1566748b1a [tests] test apr-md5 in mod-auth.t 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3057 152afb58-edef-0310-8abb-c4023f1b3aa9
 2015-12-04 20:11:35 +00:00
Kyle J. McKay 2bcb73cdb8 mod-auth.t: no crypt md5 for darwin 
Darwin's crypt does not support the '$...' extensions.

Signed-off-by: Kyle J. McKay

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3056 152afb58-edef-0310-8abb-c4023f1b3aa9
 2015-12-04 20:11:33 +00:00
Stefan Bühler c26b50d9ad [mod_auth] add htpasswd -s (SHA1) support if openssl is used (needs openssl for SHA1). This doesn't use any salt, md5 with salt is probably better. 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2870 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-04-29 13:08:25 +00:00
Stefan Bühler 6c9dff7cda [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362) 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2806 152afb58-edef-0310-8abb-c4023f1b3aa9
 2011-11-29 22:27:11 +00:00
Elan Ruusamäe c65ad47a55 - change s/// separator that it doesn't confuse vim 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2027 152afb58-edef-0310-8abb-c4023f1b3aa9
 2008-01-15 22:03:59 +00:00
Jan Kneschke 708f499d75 fixed case-sensitive match of auth-method (fixes #1456) 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2026 152afb58-edef-0310-8abb-c4023f1b3aa9
 2007-11-23 15:23:35 +00:00
Jan Kneschke 15e260c28b * fixed mem-leak in mod_auth (reported by Stefan Esser) 
* fixed crash with md5-sess and cnonce not set in mod_auth (reported
  by Stefan Esser)
* fixed missing check for base64 encoded string in mod_auth and Basic
  auth (reported by Stefan Esser)
* fixed possible crash in Auth-Digest header parser on trailing WS in
  mod_auth (reported by Stefan Esser)


git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1875 152afb58-edef-0310-8abb-c4023f1b3aa9
 2007-06-15 16:22:30 +00:00
Marcus Rückert b8df99f3db - a few more whitespace cleanups 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1374 152afb58-edef-0310-8abb-c4023f1b3aa9
 2006-10-05 00:09:51 +00:00
Jan Kneschke bd8e6919d2 added tests for possible crashes 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@974 152afb58-edef-0310-8abb-c4023f1b3aa9
 2006-02-01 11:35:08 +00:00
Xuefer ef8f508a5f kill warning for string compare introduced by last changeset 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@772 152afb58-edef-0310-8abb-c4023f1b3aa9
 2005-10-01 12:47:52 +00:00
Xuefer 809199f98f scons fixes, and built/test on cygwin 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@771 152afb58-edef-0310-8abb-c4023f1b3aa9
 2005-10-01 12:35:55 +00:00
Jan Kneschke e2cf5d3094 tests for htpasswd + md5 and referer matching in conditionals 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@711 152afb58-edef-0310-8abb-c4023f1b3aa9
 2005-09-16 12:44:29 +00:00
Jan Kneschke 3ebc17571a find perl at runtime 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@670 152afb58-edef-0310-8abb-c4023f1b3aa9
 2005-09-01 11:44:57 +00:00
Jan Kneschke 7988661090 added tests for keep-alive and setenv and passed a ARRAY ref instead of a HASH ref 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@654 152afb58-edef-0310-8abb-c4023f1b3aa9
 2005-08-31 12:55:44 +00:00
Jan Kneschke 877161c067 switch to LigtyTest module 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.3.x@394 152afb58-edef-0310-8abb-c4023f1b3aa9
 2005-06-26 10:27:41 +00:00
Jan Kneschke 7a25f1b5f5 Unified all tests to use the LighyTest framework 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.3.x@388 152afb58-edef-0310-8abb-c4023f1b3aa9
 2005-06-15 09:37:18 +00:00
Jan Kneschke d185991460 fixed checks for the digest-crash 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.3.x@375 152afb58-edef-0310-8abb-c4023f1b3aa9
 2005-06-11 09:02:34 +00:00
Jan Kneschke 4d33902639 merged [373] 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.3.x@374 152afb58-edef-0310-8abb-c4023f1b3aa9
 2005-06-06 21:21:37 +00:00
Jan Kneschke 40e8c6714a seperated the tests for each section and let run-tests.pl use Test::Harness 
git-svn-id: svn://svn.lighttpd.net/lighttpd/trunk@72 152afb58-edef-0310-8abb-c4023f1b3aa9
 2005-03-02 11:27:02 +00:00