Bug #889

AUTH_TYPE env variable for *cgi

Added by tkruthoff about 8 years ago. Updated over 2 years ago.

Status:FixedStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:-
Target version:1.4.31
Missing in 1.5.x:No

Description

section 4.1.1 of RFC 3875 (cgi spec) requires the server to set a AUTH_TYPE env declaring the type of authentication used. (see http://tools.ietf.org/html/rfc3875#page-11 and the comments I provided in the attached diff)

I set the ticket priority to high because this bug broke MoinMoin w/ HTTP Authentication and I'm sure there are other apps that depend on AUTH_TYPE being set to function properly.

This is my first contribution to an open source project (this was a find and then copy/paste), but look forward to more so please let me know if I'm using proper procedure and etiquette.

lighttpd-1.4.13-fcgi-auth-type.diff Magnifier (2.04 KB) tkruthoff, 2006-10-18 07:57

Associated revisions

Revision 2833
Added by stbuehler over 2 years ago

[auth] Add "AUTH_TYPE" environment (for *cgi), remove fastcgi specific workaround, add fastcgi test case (fixes #889)

History

#1 Updated by nigel almost 8 years ago

This variable is also missing from mod_cgi.

Suggest mod_auth stash the method as well as the user, rather than reparsing
the information out again in several different places.
However that requires the connection structure to be modified to make space
for this.

#2 Updated by oherrala over 7 years ago

I just got MoinMoin's HTTP authentication to work without this patch. This is a workaround while waiting a correct(TM) fix.

With mod_setenv it's possible to set

setenv.add-environment = ( "AUTH_TYPE" => "Digest" ) # Or "Basic"

in the config around where you set up MoinMoin and now it works as expected. But I don't have a clue how this affects security. Be warned.

#3 Updated by darix over 7 years ago

  • Status changed from New to Assigned

fixed in r1741

but the real fix would be in mod_auth. the auth module should set the environment variable and the mod_*cgi*/mod_*proxy* just copy the environment to the backend.

so for 1.4.15 and 1.5 we should apply the better fix

#4 Updated by jan about 7 years ago

  • Status changed from Assigned to Fixed
  • Resolution set to fixed

#5 Updated by stbuehler over 2 years ago

  • Subject changed from AUTH_TYPE variable for fastcgi to AUTH_TYPE env variable for *cgi
  • Description updated (diff)
  • Status changed from Fixed to Reopened
  • Priority changed from High to Normal
  • Target version changed from 1.4.15 to 1.4.31
  • Missing in 1.5.x set to No

#6 Updated by stbuehler over 2 years ago

  • Category deleted (mod_fastcgi)

#7 Updated by stbuehler over 2 years ago

  • Status changed from Reopened to Fixed
  • % Done changed from 0 to 100

Applied in changeset r2833.

Also available in: Atom