Project

General

Profile

Actions
Copy link

Feature #2327

closed

Ignore comments, trailing blanks and empty lines in ht{digest,passwd} files

Added by jmuchemb over 13 years ago. Updated over 8 years ago.

Status:
Fixed
Priority:
Normal
Category:
mod_auth
Target version:
1.4.40
ASK QUESTIONS IN Forums:

Description

I am migrating a server from Apache to Lighttpd, and I have a htpasswd file with comments and empty lines.
I'd like to keep them, so here is a patch for lighttpd 1.4.x

The patch implements this for both htpasswd & htdigest.
Unit test is updated but only check htpasswd.
Although I don't use htdigest, I tested the changes manually.

Files

Download all files
0001-mod_auth-ignore-comments-trailing-blanks-and-empty-l.patch (5.73 KB) 0001-mod_auth-ignore-comments-trailing-blanks-and-empty-l.patch jmuchemb, 2011-07-24 20:51
0001-mod_auth-ignore-comments-and-empty-lines-in-ht-diges.patch (5.28 KB) 0001-mod_auth-ignore-comments-and-empty-lines-in-ht-diges.patch jmuchemb, 2011-07-26 13:35
Actions
Copy link
 #1

Updated by jmuchemb over 13 years ago

I just realised that '#' may be a legitimate char in the realm or password fields (at least plain passwords).

So here is a new patch that only ignores empty lines and lines starting with a # (the same way as Apache).
Tested like the previous one.

Title of this feature request should be changed also.

Actions
Copy link
 #2

Updated by gstrauss over 8 years ago

  • Target version changed from 1.4.x to 1.4.40

building on https://github.com/lighttpd/lighttpd1.4/pull/57

diff --git a/src/http_auth.c b/src/http_auth.c
index 91299ad..1b62183 100644
--- a/src/http_auth.c
+++ b/src/http_auth.c
@@ -86,6 +86,9 @@ static int http_auth_get_password(server *srv, mod_auth_plugin_data *p, buffer *
                        char *f_pwd, *f_realm;
                        size_t u_len, r_len;

+                       /* skip blank lines and comment lines (beginning '#') */
+                       if (f_user[0] == '#' || f_user[0] == '\n' || f_user[0] == '\0') continue;
+
                        /*
                         * htdigest format
                         *
@@ -153,6 +156,9 @@ static int http_auth_get_password(server *srv, mod_auth_plugin_data *p, buffer *
                        char *f_pwd;
                        size_t u_len;

+                       /* skip blank lines and comment lines (beginning '#') */
+                       if (f_user[0] == '#' || f_user[0] == '\n' || f_user[0] == '\0') continue;
+
                        /*
                         * htpasswd format
                         *
diff --git a/tests/lighttpd.htpasswd b/tests/lighttpd.htpasswd
index edd7509..87338c1 100644
--- a/tests/lighttpd.htpasswd
+++ b/tests/lighttpd.htpasswd
@@ -1,4 +1,6 @@
+# some comment
 des:12tMnfw882VDQ
+
 md5:$1$md5$kIa7Juuiv8zja0ILQPR36/
 sha:{SHA}2PRZAyDhNDqRW2OUFwZQqPNdaSY=
 apr-md5:$apr1$w2kLqmDN$uMe8ZCfMRT81wf43Y1hny0

Actions
Copy link
 #3

Updated by gstrauss over 8 years ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100
Actions
Copy link

Also available in: Atom