Project

General

Profile

Actions
Copy link

Bug #1468

closed

LDAP UTF-8 encoding

Added by Anonymous almost 17 years ago. Updated over 8 years ago.

Status:
Fixed
Priority:
Normal
Category:
mod_auth
Target version:
1.4.40
ASK QUESTIONS IN Forums:

Description

The auth.backend ldap does not encode passwords. If the password contains an "ΓΌ", which LDAP-Server expect as C3BC is sent as FC.
LDAP-filter and -passwords should be utf-8 encoded to work correctly.

-- akruth

Actions
Copy link
 #1

Updated by gstrauss over 8 years ago

  • Description updated (diff)
  • Status changed from New to Patch Pending

Is this issue about the password provided in the config file? (auth.backend.ldap.bind-pw) This would suggest that the entire config file should be converted from the current locale into UTF-8 prior to parsing. It is probably better to store your config file in UTF-8, rather than any other native encoding.

More likely: Is this issue about the password provided by the client in HTTP Basic Authentication? Until recently, (https://tools.ietf.org/html/rfc7616 and https://tools.ietf.org/html/rfc7617 September 2015), there was no standard which specified the encoding to use. This is explained well at:
http://stackoverflow.com/questions/702629/utf-8-characters-mangled-in-http-basic-auth-username

This patch updates mod_auth to send Basic and Digest authentication header WWW-Authenticate with the optional charset="UTF-8" param

diff --git a/src/mod_auth.c b/src/mod_auth.c
index 5c6dae3..1111323 100644
--- a/src/mod_auth.c
+++ b/src/mod_auth.c
@@ -298,7 +298,7 @@ static handler_t mod_auth_uri_handler(server *srv, connection *con, void *p_d) {
                if (0 == strcmp(method->value->ptr, "basic")) {
                        buffer_copy_string_len(p->tmp_buf, CONST_STR_LEN("Basic realm=\""));
                        buffer_append_string_buffer(p->tmp_buf, realm->value);
-                       buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("\""));
+                       buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("\", charset=\"UTF-8\""));

                        response_header_insert(srv, con, CONST_STR_LEN("WWW-Authenticate"), CONST_BUF_LEN(p->tmp_buf));
                } else if (0 == strcmp(method->value->ptr, "digest")) {
@@ -307,7 +307,7 @@ static handler_t mod_auth_uri_handler(server *srv, connection *con, void *p_d) {

                        buffer_copy_string_len(p->tmp_buf, CONST_STR_LEN("Digest realm=\""));
                        buffer_append_string_buffer(p->tmp_buf, realm->value);
-                       buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("\", nonce=\""));
+                       buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("\", charset=\"UTF-8\", nonce=\""));
                        buffer_append_string(p->tmp_buf, hh);
                        buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("\", qop=\"auth\""));
Actions
Copy link
 #2

Updated by gstrauss over 8 years ago

  • Target version set to 1.4.40
Actions
Copy link
 #3

Updated by gstrauss over 8 years ago

  • Status changed from Patch Pending to Fixed
  • Assignee deleted (jan)

committed in 4b412797

Actions
Copy link

Also available in: Atom