Ticket #889 (closed defect: fixed)

Opened 2 years ago

Last modified 2 months ago

AUTH_TYPE variable for fastcgi

Reported by: tkruthoff Assigned to: darix
Priority: high Milestone: 1.4.15
Component: mod_fastcgi Version: 1.4.13
Severity: normal Keywords: patch bug
Cc: Blocking:
Need Feedback: 0

Description

section 4.1.1 of RFC 3875 (cgi spec) requires the server to set a AUTH_TYPE env declaring the type of authentication used. (see http://tools.ietf.org/html/rfc3875#page-11 and the comments I provided in the attached diff)

I set the ticket priority to high because this bug broke MoinMoin? w/ HTTP Authentication and I'm sure there are other apps that depend on AUTH_TYPE being set to function properly.

This is my first contribution to an open source project (this was a find and then copy/paste), but look forward to more so please let me know if I'm using proper procedure and etiquette.

Attachments

lighttpd-1.4.13-fcgi-auth-type.diff (2.0 kB) - added by tkruthoff on 10/18/2006 07:57:57 AM.

Change History

10/18/2006 07:57:57 AM changed by tkruthoff

  • attachment lighttpd-1.4.13-fcgi-auth-type.diff added.

11/21/2006 12:36:55 PM changed by nigel

This variable is also missing from mod_cgi.

Suggest mod_auth stash the method as well as the user, rather than reparsing the information out again in several different places. However that requires the connection structure to be modified to make space for this.

04/08/2007 09:54:28 PM changed by oherrala

I just got MoinMoin?'s HTTP authentication to work without this patch. This is a workaround while waiting a correct(TM) fix.

With mod_setenv it's possible to set

setenv.add-environment = ( "AUTH_TYPE" => "Digest" ) # Or "Basic"

in the config around where you set up MoinMoin? and now it works as expected. But I don't have a clue how this affects security. Be warned.

04/10/2007 01:51:13 PM changed by darix

  • owner changed from jan to darix.
  • status changed from new to assigned.
  • blocking changed.

fixed in [1741]

but the real fix would be in mod_auth. the auth module should set the environment variable and the mod_*cgi*/mod_*proxy* just copy the environment to the backend.

so for 1.4.15 and 1.5 we should apply the better fix

08/17/2007 11:10:17 PM changed by jan

  • status changed from assigned to closed.
  • resolution set to fixed.
  • pending changed.
  • milestone set to 1.4.15.

Add/Change #889 (AUTH_TYPE variable for fastcgi)




Change Properties
Action