Project

General

Profile

Actions
Copy link

Bug #889

closed

AUTH_TYPE env variable for *cgi

Added by tkruthoff about 18 years ago. Updated over 12 years ago.

Status:
Fixed
Priority:
Normal
Category:
-
Target version:
1.4.31
ASK QUESTIONS IN Forums:

Description

section 4.1.1 of RFC 3875 (cgi spec) requires the server to set a AUTH_TYPE env declaring the type of authentication used. (see http://tools.ietf.org/html/rfc3875#page-11 and the comments I provided in the attached diff)

I set the ticket priority to high because this bug broke MoinMoin w/ HTTP Authentication and I'm sure there are other apps that depend on AUTH_TYPE being set to function properly.

This is my first contribution to an open source project (this was a find and then copy/paste), but look forward to more so please let me know if I'm using proper procedure and etiquette.

Files

lighttpd-1.4.13-fcgi-auth-type.diff (2.04 KB) lighttpd-1.4.13-fcgi-auth-type.diff tkruthoff, 2006-10-18 07:57
Actions
Copy link
 #1

Updated by nigel about 18 years ago

This variable is also missing from mod_cgi.

Suggest mod_auth stash the method as well as the user, rather than reparsing
the information out again in several different places.
However that requires the connection structure to be modified to make space
for this.

Actions
Copy link
 #2

Updated by oherrala over 17 years ago

I just got MoinMoin's HTTP authentication to work without this patch. This is a workaround while waiting a correct(TM) fix.

With mod_setenv it's possible to set

setenv.add-environment = ( "AUTH_TYPE" => "Digest" ) # Or "Basic"

in the config around where you set up MoinMoin and now it works as expected. But I don't have a clue how this affects security. Be warned.

Actions
Copy link
 #3

Updated by darix over 17 years ago

  • Status changed from New to Assigned

fixed in r1741

but the real fix would be in mod_auth. the auth module should set the environment variable and the mod_*cgi*/mod_*proxy* just copy the environment to the backend.

so for 1.4.15 and 1.5 we should apply the better fix

Actions
Copy link
 #4

Updated by jan over 17 years ago

  • Status changed from Assigned to Fixed
  • Resolution set to fixed
Actions
Copy link
 #5

Updated by stbuehler almost 13 years ago

  • Subject changed from AUTH_TYPE variable for fastcgi to AUTH_TYPE env variable for *cgi
  • Description updated (diff)
  • Status changed from Fixed to Reopened
  • Priority changed from High to Normal
  • Target version changed from 1.4.15 to 1.4.31
  • Missing in 1.5.x set to No
Actions
Copy link
 #6

Updated by stbuehler almost 13 years ago

  • Category deleted (mod_fastcgi)
Actions
Copy link
 #7

Updated by stbuehler over 12 years ago

  • Status changed from Reopened to Fixed
  • % Done changed from 0 to 100

Applied in changeset r2833.

Actions
Copy link

Also available in: Atom