merged [373]

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.3.x@374 152afb58-edef-0310-8abb-c4023f1b3aa9
17 years ago · 4d33902639
6 changed files with 53 additions and 27 deletions
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@ -2,7 +2,7 @@ dist_man1_MANS=lighttpd.1 spawn-fcgi.1


 DOCS=accesslog.txt \
-authentification.txt \
+authentication.txt \
 cgi.txt \
 compress.txt \
 configuration.txt \
@ -31,7 +31,7 @@ setenv.txt \
 status.txt

 HTMLDOCS=accesslog.html \
-	 authentification.html \
+	 authentication.html \
 	 cgi.html \
 	 compress.html \
 	 configuration.html \
@ -61,8 +61,8 @@ HTMLDOCS=accesslog.html \

 EXTRA_DIST=lighttpd.conf lighttpd.user \
 	rc.lighttpd rc.lighttpd.redhat sysconfig.lighttpd \
-	state.ps.gz rrdtool-graph.sh \
-	state.dot fastcgi-state.dot fastcgi-state.ps.gz \
+	rrdtool-graph.sh \
+	state.dot fastcgi-state.dot \
 	spawn-php.sh \
 	newstyle.css \
 	oldstyle.css \
@ -74,11 +74,11 @@ EXTRA_DIST=lighttpd.conf lighttpd.user \

 html: $(HTMLDOCS)

-%.ps.gz: %.ps
-	gzip $^
+#%.ps.gz: %.ps
+#	gzip $^
 	
-%.ps: %.dot
-	dot -Tps -o $@ $^   
+#%.ps: %.dot
+#	dot -Tps -o $@ $^   

 clean-local:
 	rm -f *.html
--- a/doc/authentification.txt
+++ b/doc/authentification.txt
@ -7,14 +7,14 @@ Module: mod_auth
 ----------------

 :Author: Jan Kneschke
-:Date: $Date: 2004/11/03 22:26:05 $
-:Revision: $Revision: 1.3 $
+:Date: $Date$
+:Revision: $Revision$

 :abstract:
  The auth module provides ...
  
 .. meta::
-  :keywords: lighttpd, authentification
+  :keywords: lighttpd, authentication
  
 .. contents:: Table of Contents

@ -24,7 +24,7 @@ Description
 Supported Methods
 -----------------

-lighttpd supportes both authentification method described by 
+lighttpd supportes both authentication method described by 
 RFC 2617: 

 basic
@ -39,14 +39,14 @@ digest
 ``````

 The Digest method only transfers a hashed value over the 
-network which is performes a lot of work to harden the 
-authentification process in insecure networks.
+network which performs a lot of work to harden the 
+authentication process in insecure networks.

 Backends
 --------

 Depending on the method lighttpd provides various way to store 
-the credentials used for the authentification.
+the credentials used for the authentication.

 for basic auth:

@ -112,7 +112,7 @@ Using md5sum can also generate the password-hash: ::
 ldap
 ````

-the ldap backend is basicly performing the following steps 
+the ldap backend is basically performing the following steps 
 to authenticate a user
  
 1. connect anonymously  (at plugin init)
@ -120,7 +120,7 @@ to authenticate a user
 3. auth against ldap server
 4. disconnect
   
-if step 4 is performs without any error the user is 
+if all 4 steps are performed without any error the user is 
 authenticated

 Configuration
@ -152,6 +152,10 @@ Configuration
  auth.backend.ldap.hostname = "localhost"
  auth.backend.ldap.base-dn  = "dc=my-domain,dc=com"
  auth.backend.ldap.filter   = "(uid=$)"
+  # if enabled, startTLS needs a valid (base64-encoded) CA 
+  # certificate
+  auth.backend.ldap.starttls   = "enable"
+  auth.backend.ldap.cafile   = "/etc/CAcertificate.pem"

  ## restrictions
  # set restrictions:
@ -162,7 +166,7 @@ Configuration
  #     "require" => "user=<username>" )
  # )
  #
-  # <realm> is a string that is should be display in the dialog 
+  # <realm> is a string to display in the dialog 
  #         presented to the user and is also used for the 
  #         digest-algorithm and has to match the realm in the 
  #         htdigest file (if used)
@ -182,10 +186,10 @@ Configuration
 		   )
                 )

-Limitiations
+Limitations
 ============

 - The implementation of digest method is currently not 
-  completely conforming to the standard as it is still allowing 
+  completely compliant with the standard as it still allows
  a replay attack.

--- a/doc/lighttpd.conf
+++ b/doc/lighttpd.conf
@ -213,7 +213,7 @@ url.access-deny             = ( "~", ".inc" )
 #status.config-url          = "/server-config"

 #### auth module
-## read authentification.txt for more info
+## read authentication.txt for more info
 #auth.backend               = "plain"
 #auth.backend.plain.userfile = "lighttpd.user"
 #auth.backend.plain.groupfile = "lighttpd.group"
--- a/doc/secdownload.txt
+++ b/doc/secdownload.txt
@ -34,7 +34,7 @@ Description

 there are multiple way to handle secured download mechanisms:

-1. use the webserver and the internal HTTP-authentification 
+1. use the webserver and the internal HTTP-authentication 
 2. use the application to authenticate and send the file 
   through the application
     
@ -44,7 +44,7 @@ webserver:

 - ``+`` fast download 
 - ``+`` no additional system load 
- ``-`` unflexible authentification handling
+- ``-`` unflexible authentication handling
  
 application:

--- a/tests/mod-auth.t
+++ b/tests/mod-auth.t
@ -2,7 +2,7 @@

 use strict;
 use IO::Socket;
-use Test::More tests => 5;
+use Test::More tests => 7;

 my $basedir = (defined $ENV{'top_builddir'} ? $ENV{'top_builddir'} : '..');
 my $srcdir = (defined $ENV{'srcdir'} ? $ENV{'srcdir'} : '.');
@ -211,5 +211,27 @@ EOF
@response = ( { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } );
 ok(handle_http == 0, 'Basic-Auth: Valid Auth-token');

+@request  = ( <<EOF
+GET /server-config HTTP/1.0
+User-Agent: Wget/1.9.1
+Authorization: Digest username="beta", realm="Beta", nonce="9a5428ccc05b086a08d918e73b01fc6f",
+                uri="/server-config", response="ea5f7d9a30b8b762f9610ccb87dea74f"
+EOF
+ );
+@response = ( { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } );
+ok(handle_http == 0, 'Digest-Auth: missing qop');
+
+@request  = ( <<EOF
+GET /server-config HTTP/1.0
+User-Agent: Wget/1.9.1
+Authorization: Digest username="beta", realm="Beta", nonce="9a5428ccc05b086a08d918e73b01fc6f",
+                uri="/server-config", response="ea5f7d9a30b8b762f9610ccb87dea74e"
+EOF
+ );
+@response = ( { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } );
+ok(handle_http == 0, 'Digest-Auth: broken password');
+
+
+
 ok(stop_proc == 0, "Stopping lighttpd");

--- a/tests/mod-fastcgi.t
+++ b/tests/mod-fastcgi.t
@ -349,7 +349,7 @@ EOF
 }

 SKIP: {
-	skip "no fcgi-auth found", 4 unless -x $basedir."/tests/fcgi-auth"; 
+	skip "no fcgi-auth found", 4 unless -x $basedir."/tests/fcgi-auth.exe"; 

 	$configfile = 'fastcgi-auth.conf';
 	ok(start_proc == 0, "Starting lighttpd with $configfile") or die();
@ -373,7 +373,7 @@ EOF
 }

 SKIP: {
-	skip "no fcgi-auth found", 3 unless -x "/home/weigon/Documents/php-4.3.10/sapi/cgi/php"; 
+	skip "no php found", 3 unless -x "/home/weigon/Documents/php-4.3.10/sapi/cgi/php"; 
 	$configfile = 'fastcgi-13.conf';
 	ok(start_proc == 0, "Starting lighttpd with $configfile") or die();
 	@request  = ( <<EOF
@ -389,7 +389,7 @@ EOF


 SKIP: {
-	skip "no fcgi-auth found", 9 unless -x $basedir."/tests/fcgi-responder"; 
+	skip "no fcgi-responder found", 9 unless -x $basedir."/tests/fcgi-responder.exe"; 
 	
 	$configfile = 'fastcgi-responder.conf';
 	ok(start_proc == 0, "Starting lighttpd with $configfile") or die();