Ticket #430: auth-fixed.patch
| File auth-fixed.patch, 7.0 kB (added by anonymous, 3 years ago) |
|---|
-
src/mod_auth.c
diff -urNp lighttpd-1.4.8/src/mod_auth.c lighttpd-1.4.8-new/src/mod_auth.c
old new 168 168 } 169 169 #undef PATCH 170 170 171 static handler_t mod_auth_ uri_handler(server *srv, connection *con, void *p_d) {171 static handler_t mod_auth_subrequest_handler(server *srv, connection *con, void *p_d) { 172 172 size_t k; 173 173 int auth_required = 0, auth_satisfied = 0; 174 174 char *http_authorization = NULL; 175 175 data_string *ds; 176 176 mod_auth_plugin_data *p = p_d; 177 177 array *req; 178 buffer *url; 178 179 179 180 /* select the right config */ 180 181 mod_auth_patch_connection(srv, con, p); … … 193 194 194 195 /* search auth-directives for path */ 195 196 for (k = 0; k < p->conf.auth_require->used; k++) { 197 data_string *use_physical; 196 198 if (p->conf.auth_require->data[k]->key->used == 0) continue; 197 198 if (0 == strncmp(con->uri.path->ptr, p->conf.auth_require->data[k]->key->ptr, p->conf.auth_require->data[k]->key->used - 1)) { 199 auth_required = 1; 200 break; 199 200 req = ((data_array *)(p->conf.auth_require->data[k]))->value; 201 use_physical = (data_string *)array_get_element(req, "use_physical"); 202 if (con->physical.path != NULL && con->physical.path->ptr != NULL && use_physical != NULL && 203 use_physical->value->ptr != NULL && strcmp(use_physical->value->ptr, "yes") == 0) 204 { 205 char resolved_path[PATH_MAX]; 206 207 if (realpath(con->physical.path->ptr, resolved_path) == NULL) continue; 208 if (strncmp(resolved_path, p->conf.auth_require->data[k]->key->ptr, 209 p->conf.auth_require->data[k]->key->used - 1) == 0) 210 { 211 auth_required = 1; 212 url = buffer_init(); 213 buffer_copy_string(url, p->conf.auth_require->data[k]->key->ptr); 214 break; 215 } 216 } 217 else if (0 == strncmp(con->uri.path->ptr, p->conf.auth_require->data[k]->key->ptr, p->conf.auth_require->data[k]->key->used - 1)) 218 { 219 data_string *authority; 220 authority = (data_string *)array_get_element(req, "authority"); 221 if (authority == NULL || authority->value->ptr == NULL || 222 strcmp(authority->value->ptr, con->uri.authority->ptr) == 0) 223 { 224 auth_required = 1; 225 url = buffer_init(); 226 buffer_copy_string(url, con->uri.path->ptr); 227 break; 228 } 201 229 } 202 230 } 203 231 … … 226 254 (0 == strncmp(http_authorization, "Basic", auth_type_len))) { 227 255 228 256 if (0 == strcmp(method->value->ptr, "basic")) { 229 auth_satisfied = http_auth_basic_check(srv, con, p, req, con->uri.path, auth_realm+1);257 auth_satisfied = http_auth_basic_check(srv, con, p, req, url, auth_realm+1); 230 258 } 231 259 } else if ((auth_type_len == 6) && 232 260 (0 == strncmp(http_authorization, "Digest", auth_type_len))) { 233 261 if (0 == strcmp(method->value->ptr, "digest")) { 234 if (-1 == (auth_satisfied = http_auth_digest_check(srv, con, p, req, con->uri.path, auth_realm+1))) {262 if (-1 == (auth_satisfied = http_auth_digest_check(srv, con, p, req, url, auth_realm+1))) { 235 263 con->http_status = 400; 236 264 237 265 /* a field was missing */ 238 266 267 buffer_free(url); 239 268 return HANDLER_FINISHED; 240 269 } 241 270 } … … 274 303 } else { 275 304 /* evil */ 276 305 } 306 buffer_free(url); 277 307 return HANDLER_FINISHED; 278 308 } else { 279 309 /* the REMOTE_USER header */ … … 281 311 buffer_copy_string_buffer(con->authed_user, p->auth_user); 282 312 } 283 313 314 buffer_free(url); 284 315 return HANDLER_GO_ON; 285 316 } 286 317 … … 384 415 for (n = 0; n < da->value->used; n++) { 385 416 size_t m; 386 417 data_array *da_file = (data_array *)da->value->data[n]; 387 const char *method, *realm, *require ;418 const char *method, *realm, *require, *authority, *use_physical; 388 419 389 420 if (da->value->data[n]->type != TYPE_ARRAY) { 390 421 log_error_write(srv, __FILE__, __LINE__, "sssbs", … … 393 424 return HANDLER_ERROR; 394 425 } 395 426 396 method = realm = require = NULL;427 method = realm = require = authority = use_physical = NULL; 397 428 398 429 for (m = 0; m < da_file->value->used; m++) { 399 430 if (da_file->value->data[m]->type == TYPE_STRING) { … … 403 434 realm = ((data_string *)(da_file->value->data[m]))->value->ptr; 404 435 } else if (0 == strcmp(da_file->value->data[m]->key->ptr, "require")) { 405 436 require = ((data_string *)(da_file->value->data[m]))->value->ptr; 437 } else if (0 == strcmp(da_file->value->data[m]->key->ptr, "authority")) { 438 authority = ((data_string *)(da_file->value->data[m]))->value->ptr; 439 } else if (0 == strcmp(da_file->value->data[m]->key->ptr, "use_physical")) { 440 use_physical = ((data_string *)(da_file->value->data[m]))->value->ptr; 406 441 } else { 407 442 log_error_write(srv, __FILE__, __LINE__, "sssbs", "unexpected type for key: ", "auth.require", "[", da_file->value->data[m]->key, "](string)"); 408 443 return HANDLER_ERROR; … … 462 497 buffer_copy_string(ds->value, require); 463 498 464 499 array_insert_unique(a->value, (data_unset *)ds); 500 501 if (authority) 502 { 503 ds = data_string_init(); 504 505 buffer_copy_string(ds->key, "authority"); 506 buffer_copy_string(ds->value, authority); 507 508 array_insert_unique(a->value, (data_unset *)ds); 509 } 510 511 if (use_physical) 512 { 513 ds = data_string_init(); 514 515 buffer_copy_string(ds->key, "use_physical"); 516 buffer_copy_string(ds->value, use_physical); 517 518 array_insert_unique(a->value, (data_unset *)ds); 519 } 465 520 466 521 array_insert_unique(s->auth_require, (data_unset *)a); 467 522 } … … 609 664 p->name = buffer_init_string("auth"); 610 665 p->init = mod_auth_init; 611 666 p->set_defaults = mod_auth_set_defaults; 612 p->handle_ uri_clean = mod_auth_uri_handler;667 p->handle_subrequest_start = mod_auth_subrequest_handler; 613 668 p->cleanup = mod_auth_free; 614 669 615 670 p->data = NULL;
