Imported Upstream version 1.4.33upstream/1.4.33 upstream

author: Arno Töll <arno@debian.org> 2013-10-15 20:19:04 +0200
committer: Arno Töll <arno@debian.org> 2013-10-15 20:19:04 +0200
commit: 1380410981681f011377225708e9c530330fd5a0 (patch)
tree: 7dd371bc4cac8910130e4ee0f4508bc519f1778d /src/mod_auth.c
parent: 5b23e76990e58208a01c2a5362362575bc12b397 (diff)
download: lighttpd-1380410981681f011377225708e9c530330fd5a0.tar.gz
1 files changed, 41 insertions, 20 deletions
diff --git a/src/mod_auth.c b/src/mod_auth.c
index d981892..99ddbbd 100644
--- a/src/mod_auth.c
+++ b/src/mod_auth.c
@@ -185,6 +185,7 @@ static handler_t mod_auth_uri_handler(server *srv, connection *con, void *p_d) {
 	data_string *ds;
 	mod_auth_plugin_data *p = p_d;
 	array *req;
+	data_string *req_method;
 
 	/* select the right config */
 	mod_auth_patch_connection(srv, con, p);
@@ -227,18 +228,30 @@ static handler_t mod_auth_uri_handler(server *srv, connection *con, void *p_d) {
 	if (auth_required == 0) return HANDLER_GO_ON;
 
 	req = ((data_array *)(p->conf.auth_require->data[k]))->value;
+	req_method = (data_string *)array_get_element(req, "method");
+
+	if (0 == strcmp(req_method->value->ptr, "extern")) {
+		/* require REMOTE_USER to be already set */
+		if (NULL == (ds = (data_string *)array_get_element(con->environment, "REMOTE_USER"))) {
+			con->http_status = 401;
+			con->mode = DIRECT;
+			return HANDLER_FINISHED;
+		} else if (http_auth_match_rules(srv, req, ds->value->ptr, NULL, NULL)) {
+			log_error_write(srv, __FILE__, __LINE__, "s", "rules didn't match");
+			con->http_status = 401;
+			con->mode = DIRECT;
+			return HANDLER_FINISHED;
+		} else {
+			return HANDLER_GO_ON;
+		}
+	}
 
 	/* try to get Authorization-header */
 
-	if (NULL != (ds = (data_string *)array_get_element(con->request.headers, "Authorization"))) {
-		http_authorization = ds->value->ptr;
-	}
-
-	if (ds && ds->value && ds->value->used) {
+	if (NULL != (ds = (data_string *)array_get_element(con->request.headers, "Authorization")) && ds->value->used) {
 		char *auth_realm;
-		data_string *method;
 
-		method = (data_string *)array_get_element(req, "method");
+		http_authorization = ds->value->ptr;
 
 		/* parse auth-header */
 		if (NULL != (auth_realm = strchr(http_authorization, ' '))) {
@@ -248,14 +261,14 @@ static handler_t mod_auth_uri_handler(server *srv, connection *con, void *p_d) {
 			    (0 == strncasecmp(http_authorization, "Basic", auth_type_len))) {
 				auth_type = "Basic";
 
-				if (0 == strcmp(method->value->ptr, "basic")) {
-					auth_satisfied = http_auth_basic_check(srv, con, p, req, con->uri.path, auth_realm+1);
+				if (0 == strcmp(req_method->value->ptr, "basic")) {
+					auth_satisfied = http_auth_basic_check(srv, con, p, req, auth_realm+1);
 				}
 			} else if ((auth_type_len == 6) &&
 				   (0 == strncasecmp(http_authorization, "Digest", auth_type_len))) {
 				auth_type = "Digest";
-				if (0 == strcmp(method->value->ptr, "digest")) {
-					if (-1 == (auth_satisfied = http_auth_digest_check(srv, con, p, req, con->uri.path, auth_realm+1))) {
+				if (0 == strcmp(req_method->value->ptr, "digest")) {
+					if (-1 == (auth_satisfied = http_auth_digest_check(srv, con, p, req, auth_realm+1))) {
 						con->http_status = 400;
 						con->mode = DIRECT;
 
@@ -304,18 +317,25 @@ static handler_t mod_auth_uri_handler(server *srv, connection *con, void *p_d) {
 	} else {
 		/* the REMOTE_USER header */
 
-		buffer_copy_string_buffer(con->authed_user, p->auth_user);
+		if (NULL == (ds = (data_string *)array_get_element(con->environment, "REMOTE_USER"))) {
+			if (NULL == (ds = (data_string *)array_get_unused_element(con->environment, TYPE_STRING))) {
+				ds = data_string_init();
+			}
+			buffer_copy_string(ds->key, "REMOTE_USER");
+			array_insert_unique(con->environment, (data_unset *)ds);
+		}
+		buffer_copy_string_buffer(ds->value, p->auth_user);
 
 		/* AUTH_TYPE environment */
 
-		if (NULL == (ds = (data_string *)array_get_unused_element(con->environment, TYPE_STRING))) {
-			ds = data_string_init();
+		if (NULL == (ds = (data_string *)array_get_element(con->environment, "AUTH_TYPE"))) {
+			if (NULL == (ds = (data_string *)array_get_unused_element(con->environment, TYPE_STRING))) {
+				ds = data_string_init();
+			}
+			buffer_copy_string(ds->key, "AUTH_TYPE");
+			array_insert_unique(con->environment, (data_unset *)ds);
 		}
-
-		buffer_copy_string(ds->key, "AUTH_TYPE");
 		buffer_copy_string(ds->value, auth_type);
-
-		array_insert_unique(con->environment, (data_unset *)ds);
 	}
 
 	return HANDLER_GO_ON;
@@ -487,9 +507,10 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) {
 				return HANDLER_ERROR;
 			} else {
 				if (0 != strcmp(method, "basic") &&
-				    0 != strcmp(method, "digest")) {
+				    0 != strcmp(method, "digest") &&
+				    0 != strcmp(method, "extern")) {
 					log_error_write(srv, __FILE__, __LINE__, "ss",
-							"method has to be either \"basic\" or \"digest\" in",
+							"method has to be either \"basic\", \"digest\" or \"extern\" in",
 							"auth.require = ( \"...\" => ( ..., \"method\" => \"...\") )");
 					return HANDLER_ERROR;
 				}
author	Arno Töll <arno@debian.org>	2013-10-15 20:19:04 +0200
committer	Arno Töll <arno@debian.org>	2013-10-15 20:19:04 +0200
commit	1380410981681f011377225708e9c530330fd5a0 (patch)
tree	7dd371bc4cac8910130e4ee0f4508bc519f1778d /src/mod_auth.c
parent	5b23e76990e58208a01c2a5362362575bc12b397 (diff)
download	lighttpd-1380410981681f011377225708e9c530330fd5a0.tar.gz