- update to @2026: fixed case-sensitive check for Auth-Method (#1456)

[packages/lighttpd.git] / lighttpd-branch.diff

Index: src/configfile-glue.c
===================================================================
--- src/configfile-glue.c       (.../tags/lighttpd-1.4.18)      (revision 2026)
+++ src/configfile-glue.c       (.../branches/lighttpd-1.4.x)   (revision 2026)
@@ -341,6 +341,10 @@
                }
                break;
        }
+       case COMP_HTTP_SCHEME:
+               l = con->uri.scheme;
+               break;
+
        case COMP_HTTP_URL:
                l = con->uri.path;
                break;
Index: src/array.h
===================================================================
--- src/array.h (.../tags/lighttpd-1.4.18)      (revision 2026)
+++ src/array.h (.../branches/lighttpd-1.4.x)   (revision 2026)
@@ -90,6 +90,7 @@
        COMP_HTTP_COOKIE,
        COMP_HTTP_REMOTEIP,
        COMP_HTTP_QUERYSTRING,
+       COMP_HTTP_SCHEME,
 
        COMP_LAST_ELEMENT
 } comp_key_t;
Index: src/mod_staticfile.c
===================================================================
--- src/mod_staticfile.c        (.../tags/lighttpd-1.4.18)      (revision 2026)
+++ src/mod_staticfile.c        (.../branches/lighttpd-1.4.x)   (revision 2026)
@@ -483,8 +483,24 @@
                        /* if the value is the same as our ETag, we do a Range-request,
                         * otherwise a full 200 */
 
-                       if (!buffer_is_equal(ds->value, con->physical.etag)) {
+                       if (ds->value->ptr[0] == '"') {
+                               /**
+                                * client wants a ETag
+                                */
+                               if (!con->physical.etag) {
+                                       do_range_request = 0;
+                               } else if (!buffer_is_equal(ds->value, con->physical.etag)) {
+                                       do_range_request = 0;
+                               }
+                       } else if (!mtime) {
+                               /**
+                                * we don't have a Last-Modified and can match the If-Range: 
+                                *
+                                * sending all
+                                */
                                do_range_request = 0;
+                       } else if (!buffer_is_equal(ds->value, mtime)) {
+                               do_range_request = 0;
                        }
                }
 
Index: src/response.c
===================================================================
--- src/response.c      (.../tags/lighttpd-1.4.18)      (revision 2026)
+++ src/response.c      (.../branches/lighttpd-1.4.x)   (revision 2026)
@@ -180,6 +180,7 @@
                buffer_copy_string_buffer(con->uri.authority, con->request.http_host);
                buffer_to_lower(con->uri.authority);
 
+               config_patch_connection(srv, con, COMP_HTTP_SCHEME);    /* Scheme:      */
                config_patch_connection(srv, con, COMP_HTTP_HOST);      /* Host:        */
                config_patch_connection(srv, con, COMP_HTTP_REMOTEIP);  /* Client-IP */
                config_patch_connection(srv, con, COMP_HTTP_REFERER);   /* Referer:     */
Index: src/configparser.y
===================================================================
--- src/configparser.y  (.../tags/lighttpd-1.4.18)      (revision 2026)
+++ src/configparser.y  (.../branches/lighttpd-1.4.x)   (revision 2026)
@@ -422,6 +422,7 @@
       { COMP_HTTP_COOKIE,        CONST_STR_LEN("HTTP[\"cookie\"]"     ) },
       { COMP_HTTP_REMOTEIP,      CONST_STR_LEN("HTTP[\"remoteip\"]"   ) },
       { COMP_HTTP_QUERYSTRING,   CONST_STR_LEN("HTTP[\"querystring\"]") },
+      { COMP_HTTP_SCHEME,        CONST_STR_LEN("HTTP[\"scheme\"]"     ) },
       { COMP_UNSET, NULL, 0 },
     };
     size_t i;
Index: src/spawn-fcgi.c
===================================================================
--- src/spawn-fcgi.c    (.../tags/lighttpd-1.4.18)      (revision 2026)
+++ src/spawn-fcgi.c    (.../branches/lighttpd-1.4.x)   (revision 2026)
@@ -37,7 +37,7 @@
 #endif
 
 #ifdef HAVE_SYS_UN_H
-int fcgi_spawn_connection(char *appPath, char *addr, unsigned short port, const char *unixsocket, int child_count, int pid_fd, int nofork) {
+int fcgi_spawn_connection(char *appPath, char **appArgv, char *addr, unsigned short port, const char *unixsocket, int child_count, int pid_fd, int nofork) {
        int fcgi_fd;
        int socket_type, status;
        struct timeval tv = { 0, 100 * 1000 };
@@ -137,11 +137,10 @@
                switch (child) {
                case 0: {
                        char cgi_childs[64];
-                       char *b;
 
                        int i = 0;
 
-                       /* is save as we limit to 256 childs */
+                       /* is safe as we limit to 256 childs */
                        sprintf(cgi_childs, "PHP_FCGI_CHILDREN=%d", child_count);
 
                        if(fcgi_fd != FCGI_LISTENSOCK_FILENO) {
@@ -160,13 +159,18 @@
                        putenv(cgi_childs);
 
                        /* fork and replace shell */
-                       b = malloc(strlen("exec ") + strlen(appPath) + 1);
-                       strcpy(b, "exec ");
-                       strcat(b, appPath);
+                       if (appArgv) {
+                               execv(appArgv[0], appArgv);
 
-                       /* exec the cgi */
-                       execl("/bin/sh", "sh", "-c", b, (char *)NULL);
+                       } else {
+                               char *b = malloc(strlen("exec ") + strlen(appPath) + 1);
+                               strcpy(b, "exec ");
+                               strcat(b, appPath);
 
+                               /* exec the cgi */
+                               execl("/bin/sh", "sh", "-c", b, (char *)NULL);
+                       }
+
                        exit(errno);
 
                        break;
@@ -239,9 +243,12 @@
 }
 
 void show_help () {
-       char *b = "spawn-fcgi" "-" PACKAGE_VERSION \
-" - spawns fastcgi processes\n" \
-"usage:\n" \
+       char *b = \
+"Usage: spawn-fcgi [options] -- <fcgiapp> [fcgi app arguments]\n" \
+"\n" \
+"spawn-fcgi v" PACKAGE_VERSION " - spawns fastcgi processes\n" \
+"\n" \
+"Options:\n" \
 " -f <fcgiapp> filename of the fcgi-application\n" \
 " -a <addr>    bind to ip address\n" \
 " -p <port>    bind to tcp-port\n" \
@@ -264,6 +271,7 @@
        char *fcgi_app = NULL, *changeroot = NULL, *username = NULL,
                *groupname = NULL, *unixsocket = NULL, *pid_file = NULL,
                 *addr = NULL;
+       char **fcgi_app_argv = { NULL };
        unsigned short port = 0;
        int child_count = 5;
        int i_am_root, o;
@@ -274,7 +282,7 @@
 
        i_am_root = (getuid() == 0);
 
-       while(-1 != (o = getopt(argc, argv, "c:f:g:hna:p:u:vC:s:P:"))) {
+       while(-1 != (o = getopt(argc, argv, "c:f:g:hna:p:u:vC:s:P:"))) {
                switch(o) {
                case 'f': fcgi_app = optarg; break;
                case 'a': addr = optarg;/* ip addr */ break;
@@ -294,7 +302,11 @@
                }
        }
 
-       if (fcgi_app == NULL || (port == 0 && unixsocket == NULL)) {
+       if (optind < argc) {
+               fcgi_app_argv = &argv[optind];
+       }
+
+       if ((fcgi_app == NULL && fcgi_app_argv == NULL) || (port == 0 && unixsocket == NULL)) {
                show_help();
                return -1;
        }
@@ -404,6 +416,18 @@
                        }
                }
 
+               /*
+                * Change group before chroot, when we have access
+                * to /etc/group
+                */
+               if (groupname) {
+                       setgid(grp->gr_gid);
+                       setgroups(0, NULL);
+                       if (username) {
+                               initgroups(username, grp->gr_gid);
+                       }
+               }
+
                if (changeroot) {
                        if (-1 == chroot(changeroot)) {
                                fprintf(stderr, "%s.%d: %s %s\n",
@@ -420,18 +444,12 @@
                }
 
                /* drop root privs */
-               if (groupname) {
-                       setgid(grp->gr_gid);
-               }
                if (username) {
-                       if (groupname) {
-                               initgroups(username, grp->gr_gid);
-                       }
                        setuid(pwd->pw_uid);
                }
        }
 
-       return fcgi_spawn_connection(fcgi_app, addr, port, unixsocket, child_count, pid_fd, nofork);
+       return fcgi_spawn_connection(fcgi_app, fcgi_app_argv, addr, port, unixsocket, child_count, pid_fd, nofork);
 }
 #else
 int main() {
Index: src/mod_auth.c
===================================================================
--- src/mod_auth.c      (.../tags/lighttpd-1.4.18)      (revision 2026)
+++ src/mod_auth.c      (.../branches/lighttpd-1.4.x)   (revision 2026)
@@ -238,13 +238,13 @@
                        int auth_type_len = auth_realm - http_authorization;
 
                        if ((auth_type_len == 5) &&
-                           (0 == strncmp(http_authorization, "Basic", auth_type_len))) {
+                           (0 == strncasecmp(http_authorization, "Basic", auth_type_len))) {
 
                                if (0 == strcmp(method->value->ptr, "basic")) {
                                        auth_satisfied = http_auth_basic_check(srv, con, p, req, con->uri.path, auth_realm+1);
                                }
                        } else if ((auth_type_len == 6) &&
-                                  (0 == strncmp(http_authorization, "Digest", auth_type_len))) {
+                                  (0 == strncasecmp(http_authorization, "Digest", auth_type_len))) {
                                if (0 == strcmp(method->value->ptr, "digest")) {
                                        if (-1 == (auth_satisfied = http_auth_digest_check(srv, con, p, req, con->uri.path, auth_realm+1))) {
                                                con->http_status = 400;
Index: src/server.c
===================================================================
--- src/server.c        (.../tags/lighttpd-1.4.18)      (revision 2026)
+++ src/server.c        (.../branches/lighttpd-1.4.x)   (revision 2026)
@@ -759,6 +759,19 @@
 
                        return -1;
                }
+#ifdef HAVE_PWD_H
+               /* 
+                * Change group before chroot, when we have access
+                * to /etc/group
+                * */
+               if (srv->srvconf.groupname->used) {
+                       setgid(grp->gr_gid);
+                       setgroups(0, NULL);
+                       if (srv->srvconf.username->used) {
+                               initgroups(srv->srvconf.username->ptr, grp->gr_gid);
+                       }
+               }
+#endif
 #ifdef HAVE_CHROOT
                if (srv->srvconf.changeroot->used) {
                        tzset();
@@ -775,15 +788,7 @@
 #endif
 #ifdef HAVE_PWD_H
                /* drop root privs */
-               if (srv->srvconf.groupname->used) {
-                       setgid(grp->gr_gid);
-                       setgroups(0, NULL);
-               }
-
                if (srv->srvconf.username->used) {
-                       if (srv->srvconf.groupname->used) {
-                               initgroups(srv->srvconf.username->ptr, grp->gr_gid);
-                       }
                        setuid(pwd->pw_uid);
                }
 #endif
Index: tests/mod-auth.t
===================================================================
--- tests/mod-auth.t    (.../tags/lighttpd-1.4.18)      (revision 2026)
+++ tests/mod-auth.t    (.../branches/lighttpd-1.4.x)   (revision 2026)
@@ -8,7 +8,7 @@
 
 use strict;
 use IO::Socket;
-use Test::More tests => 13;
+use Test::More tests => 14;
 use LightyTest;
 
 my $tf = LightyTest->new();
@@ -48,6 +48,16 @@
 $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
 ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (des)');
 
+$t->{REQUEST}  = ( <<EOF
+GET /server-config HTTP/1.0
+Host: auth-htpasswd.example.org
+Authorization: basic ZGVzOmRlcw==
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (des) (lowercase)');
+
+
 SKIP: {
        skip "no md5 for crypt under cygwin", 1 if $^O eq 'cygwin';
 $t->{REQUEST}  = ( <<EOF
Index: doc/configuration.txt
===================================================================
--- doc/configuration.txt       (.../tags/lighttpd-1.4.18)      (revision 2026)
+++ doc/configuration.txt       (.../branches/lighttpd-1.4.x)   (revision 2026)
@@ -85,6 +85,8 @@
 
 $HTTP["cookie"]
   match on cookie
+$HTTP["scheme"]
+  match on scheme
 $HTTP["host"]
   match on host
 $HTTP["useragent"]
Index: Makefile.am
===================================================================
--- Makefile.am (.../tags/lighttpd-1.4.18)      (revision 2026)
+++ Makefile.am (.../branches/lighttpd-1.4.x)   (revision 2026)
@@ -1,3 +1,3 @@
 SUBDIRS=src doc tests cygwin openwrt
 
-EXTRA_DIST=lighttpd.spec
+EXTRA_DIST=lighttpd.spec SConstruct
Index: NEWS
===================================================================
--- NEWS        (.../tags/lighttpd-1.4.18)      (revision 2026)
+++ NEWS        (.../branches/lighttpd-1.4.x)   (revision 2026)
@@ -3,6 +3,14 @@
 NEWS
 ====
 
+- 1.4.19 -
+
+  * added support for If-Range: <date> (#1346)
+  * added support for matching $HTTP["scheme"] in configs
+  * fixed initgroups() called after chroot (#1384)
+  * fixed case-sensitive check for Auth-Method (#1456)
+  * execute fcgi app without /bin/sh if used as argument to spawn-fcgi (#1428)
+
 - 1.4.18 - 2007-09-09
 
   * fixed compile error on IRIX 6.5.x on prctl() (#1333)
Index: lighttpd.spec.in
===================================================================
--- lighttpd.spec.in    (.../tags/lighttpd-1.4.18)      (revision 2026)
+++ lighttpd.spec.in    (.../branches/lighttpd-1.4.x)   (revision 2026)
@@ -6,21 +6,19 @@
 Packager: Jan Kneschke <jan@kneschke.de>
 License: BSD
 Group: Networking/Daemons
-URL: http://jan.kneschke.de/projects/lighttpd/
+URL: http://www.lighttpd.net/
 Requires: pcre >= 3.1 zlib
-BuildPrereq: libtool zlib-devel
+BuildRequires: libtool zlib-devel
 BuildRoot: %{_tmppath}/%{name}-root
 
-
 %description
 lighttpd is intented to be a frontend for ad-servers which have to deliver
 small files concurrently to many connections.
 
-Available rpmbuild rebuild options :
---with : ssl mysql lua memcache
+Available rpmbuild rebuild options:
+--with: ssl mysql lua memcache
 
 %prep
-
 %setup -q
 
 %build
@@ -33,14 +31,13 @@
 make
 
 %install
-
 %makeinstall
 
 mkdir -p %{buildroot}%{_sysconfdir}/{init.d,sysconfig}
-if test -f /etc/redhat-release -o -f /etc/fedora-release; then
-  install -m 755 doc/rc.lighttpd.redhat %{buildroot}%{_sysconfdir}/init.d/lighttpd
+if [ -f /etc/redhat-release -o -f /etc/fedora-release ]; then
+       install -m 755 doc/rc.lighttpd.redhat %{buildroot}%{_sysconfdir}/init.d/lighttpd
 else
-  install -m 755 doc/rc.lighttpd %{buildroot}%{_sysconfdir}/init.d/lighttpd
+       install -m 755 doc/rc.lighttpd %{buildroot}%{_sysconfdir}/init.d/lighttpd
 fi
 install -m 644 doc/sysconfig.lighttpd %{buildroot}%{_sysconfdir}/sysconfig/lighttpd
 
@@ -49,16 +46,16 @@
 
 %post
 ## read http://www.fedora.us/docs/spec.html next time :)
-if test "$1" = "1"; then
-  # real install, not upgrade
-  /sbin/chkconfig --add lighttpd
+if [ "$1" = "1" ]; then
+       # real install, not upgrade
+       /sbin/chkconfig --add lighttpd
 fi
 
 %preun
-if test "$1" = "0"; then
-  # real uninstall, not upgrade
-  %{_sysconfdir}/init.d/lighttpd stop
-  /sbin/chkconfig --del lighttpd
+if [ "$1" = "0"]; then
+       # real uninstall, not upgrade
+       %{_sysconfdir}/init.d/lighttpd stop
+       /sbin/chkconfig --del lighttpd
 fi
 
 %files