From 8b29653131b49e2ba6dd45d3bf25ed7f85d90d10 Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Sat, 19 Feb 2022 16:48:55 -0500
Subject: [PATCH] [mod_auth] save letter-case diff in require config

(thx dirk4000)

Storing the config list into a data structure with case-insensitive keys
meant that if the config list contained multiple entries which differed
in case-only, then only one entry would survive.  Case-sensitivity of
username matters for HTTP Digest auth.  Store config list in value list.

x-ref:
  "mod_auth (configuration): Change of behavior in user name handling"
  https://redmine.lighttpd.net/boards/2/topics/10275
---
 src/mod_auth.c     | 6 +++---
 src/mod_auth_api.c | 3 +--
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/mod_auth.c b/src/mod_auth.c
index 58c6f3d7..83248967 100644
--- a/src/mod_auth.c
+++ b/src/mod_auth.c
@@ -392,12 +392,12 @@ static int mod_auth_require_parse (http_auth_require_t * const require, const bu
           case 4:
             if (0 == memcmp(str, CONST_STR_LEN("user"))) {
                 /*("user=" is 5)*/
-                array_set_key_value(&require->user, str+5, len-5, CONST_STR_LEN(""));
+                array_insert_value(&require->user, str+5, len-5);
                 continue;
             }
             else if (0 == memcmp(str, CONST_STR_LEN("host"))) {
                 /*("host=" is 5)*/
-                array_set_key_value(&require->host, str+5, len-5, CONST_STR_LEN(""));
+                array_insert_value(&require->host, str+5, len-5);
                 log_error(errh, __FILE__, __LINE__,
                   "warning parsing auth.require 'require' field: "
                   "'host' not implemented; field value: %s", b->ptr);
@@ -407,7 +407,7 @@ static int mod_auth_require_parse (http_auth_require_t * const require, const bu
           case 5:
             if (0 == memcmp(str, CONST_STR_LEN("group"))) {
                 /*("group=" is 6)*/
-                array_set_key_value(&require->group, str+6, len-6, CONST_STR_LEN(""));
+                array_insert_value(&require->group, str+6, len-6);
               #if 0/*(supported by mod_authn_ldap, but not all other backends)*/
                 log_error(errh, __FILE__, __LINE__,
                   "warning parsing auth.require 'require' field: "
diff --git a/src/mod_auth_api.c b/src/mod_auth_api.c
index b3d0064d..99607953 100644
--- a/src/mod_auth_api.c
+++ b/src/mod_auth_api.c
@@ -87,9 +87,8 @@ __attribute_pure__
 static int http_auth_array_contains (const array * const a, const char * const k, const size_t klen)
 {
     for (size_t i = 0, used = a->used; i < used; ++i) {
-        if (buffer_is_equal_string(&a->data[i]->key, k, klen)) {
+        if (buffer_eq_slen(&((data_string *)a->data[i])->value, k, klen))
             return 1;
-        }
     }
     return 0;
 }