Project

General

Profile

Bug #1468

LDAP UTF-8 encoding

Added by Anonymous almost 10 years ago. Updated over 1 year ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
mod_auth
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Missing in 1.5.x:

Description

The auth.backend ldap does not encode passwords. If the password contains an "ΓΌ", which LDAP-Server expect as C3BC is sent as FC.
LDAP-filter and -passwords should be utf-8 encoded to work correctly.

-- akruth

Associated revisions

Revision 4b412797 (diff)
Added by gstrauss over 1 year ago

[mod_auth] send charset="UTF-8" in WWW-Authenticate (fixes #1468)

https://tools.ietf.org/html/rfc7616 and
https://tools.ietf.org/html/rfc7617 (September 2015)
update Digest and Basic auth to allow server to recommend charset
which should be used by client.

http://stackoverflow.com/questions/702629/utf-8-characters-mangled-in-http-basic-auth-username

x-ref:
"LDAP UTF-8 encoding"
https://redmine.lighttpd.net/issues/1468

History

#1 Updated by gstrauss over 1 year ago

  • Description updated (diff)
  • Status changed from New to Patch Pending

Is this issue about the password provided in the config file? (auth.backend.ldap.bind-pw) This would suggest that the entire config file should be converted from the current locale into UTF-8 prior to parsing. It is probably better to store your config file in UTF-8, rather than any other native encoding.

More likely: Is this issue about the password provided by the client in HTTP Basic Authentication? Until recently, (https://tools.ietf.org/html/rfc7616 and https://tools.ietf.org/html/rfc7617 September 2015), there was no standard which specified the encoding to use. This is explained well at:
http://stackoverflow.com/questions/702629/utf-8-characters-mangled-in-http-basic-auth-username

This patch updates mod_auth to send Basic and Digest authentication header WWW-Authenticate with the optional charset="UTF-8" param

diff --git a/src/mod_auth.c b/src/mod_auth.c
index 5c6dae3..1111323 100644
--- a/src/mod_auth.c
+++ b/src/mod_auth.c
@@ -298,7 +298,7 @@ static handler_t mod_auth_uri_handler(server *srv, connection *con, void *p_d) {
                if (0 == strcmp(method->value->ptr, "basic")) {
                        buffer_copy_string_len(p->tmp_buf, CONST_STR_LEN("Basic realm=\""));
                        buffer_append_string_buffer(p->tmp_buf, realm->value);
-                       buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("\""));
+                       buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("\", charset=\"UTF-8\""));

                        response_header_insert(srv, con, CONST_STR_LEN("WWW-Authenticate"), CONST_BUF_LEN(p->tmp_buf));
                } else if (0 == strcmp(method->value->ptr, "digest")) {
@@ -307,7 +307,7 @@ static handler_t mod_auth_uri_handler(server *srv, connection *con, void *p_d) {

                        buffer_copy_string_len(p->tmp_buf, CONST_STR_LEN("Digest realm=\""));
                        buffer_append_string_buffer(p->tmp_buf, realm->value);
-                       buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("\", nonce=\""));
+                       buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("\", charset=\"UTF-8\", nonce=\""));
                        buffer_append_string(p->tmp_buf, hh);
                        buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("\", qop=\"auth\""));

#2 Updated by gstrauss over 1 year ago

  • Target version set to 1.4.40

#3 Updated by gstrauss over 1 year ago

  • Status changed from Patch Pending to Fixed
  • Assignee deleted (jan)

committed in 4b412797

Also available in: Atom