fixed case-sensitive match of auth-method (fixes #1456)

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2026 152afb58-edef-0310-8abb-c4023f1b3aa9
16 years ago · 708f499d75
parent 12bf15dd4e
commit 708f499d75
3 changed files with 14 additions and 3 deletions
--- a/1
+++ b/1
@ -8,6 +8,7 @@ NEWS
  * added support for If-Range: <date> (#1346)
  * added support for matching $HTTP["scheme"] in configs
  * fixed initgroups() called after chroot (#1384)
+  * fixed case-sensitive check for Auth-Method (#1456)
  * execute fcgi app without /bin/sh if used as argument to spawn-fcgi (#1428)

 - 1.4.18 - 2007-09-09
--- a/src/mod_auth.c
+++ b/src/mod_auth.c
@ -238,13 +238,13 @@ static handler_t mod_auth_uri_handler(server *srv, connection *con, void *p_d) {
 			int auth_type_len = auth_realm - http_authorization;

 			if ((auth_type_len == 5) &&
-			    (0 == strncmp(http_authorization, "Basic", auth_type_len))) {
+			    (0 == strncasecmp(http_authorization, "Basic", auth_type_len))) {

 				if (0 == strcmp(method->value->ptr, "basic")) {
 					auth_satisfied = http_auth_basic_check(srv, con, p, req, con->uri.path, auth_realm+1);
 				}
 			} else if ((auth_type_len == 6) &&
-				   (0 == strncmp(http_authorization, "Digest", auth_type_len))) {
+				   (0 == strncasecmp(http_authorization, "Digest", auth_type_len))) {
 				if (0 == strcmp(method->value->ptr, "digest")) {
 					if (-1 == (auth_satisfied = http_auth_digest_check(srv, con, p, req, con->uri.path, auth_realm+1))) {
 						con->http_status = 400;
--- a/tests/mod-auth.t
+++ b/tests/mod-auth.t
@ -8,7 +8,7 @@ BEGIN {

 use strict;
 use IO::Socket;
-use Test::More tests => 13;
+use Test::More tests => 14;
 use LightyTest;

 my $tf = LightyTest->new();
@ -48,6 +48,16 @@ EOF
 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
 ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (des)');

+$t->{REQUEST}  = ( <<EOF
+GET /server-config HTTP/1.0
+Host: auth-htpasswd.example.org
+Authorization: basic ZGVzOmRlcw==
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (des) (lowercase)');
+
+
 SKIP: {
 	skip "no md5 for crypt under cygwin", 1 if $^O eq 'cygwin';
 $t->{REQUEST}  = ( <<EOF