diff options
author | Jo-Philipp Wich <jo@mein.io> | 2017-07-09 20:43:36 +0200 |
---|---|---|
committer | Jo-Philipp Wich <jo@mein.io> | 2017-07-09 20:43:36 +0200 |
commit | 88c0b4b6d00152c54a0f1367ae839c71547281e1 (patch) | |
tree | 642daa53f82229c460d8b23d4d8788056b78c1b3 | |
parent | 99957f6c6ff429f17d6d6002fef4d4ef7de8844a (diff) |
file: fix basic auth regression
Previous refactoring of the basic auth handling code broke the logic in
such a way that basic auth was only performed if a client sent an
Authorization header in its request, but it was never prompted for by
the server.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
-rw-r--r-- | file.c | 17 |
1 files changed, 9 insertions, 8 deletions
@@ -794,7 +794,7 @@ static bool __handle_file_request(struct client *cl, char *url) struct dispatch_handler *d; struct blob_attr *tb[__HDR_MAX]; struct path_info *pi; - char *user, *pass; + char *user, *pass, *auth; pi = uh_path_lookup(cl, url); if (!pi) @@ -804,14 +804,15 @@ static bool __handle_file_request(struct client *cl, char *url) return true; blobmsg_parse(hdr_policy, __HDR_MAX, tb, blob_data(cl->hdr.head), blob_len(cl->hdr.head)); - if (tb[HDR_AUTHORIZATION]) { - if (!uh_auth_check(cl, pi->name, blobmsg_data(tb[HDR_AUTHORIZATION]), &user, &pass)) - return true; - if (user && pass) { - blobmsg_add_string(&cl->hdr, "http-auth-user", user); - blobmsg_add_string(&cl->hdr, "http-auth-pass", pass); - } + auth = tb[HDR_AUTHORIZATION] ? blobmsg_data(tb[HDR_AUTHORIZATION]) : NULL; + + if (!uh_auth_check(cl, pi->name, auth, &user, &pass)) + return true; + + if (user && pass) { + blobmsg_add_string(&cl->hdr, "http-auth-user", user); + blobmsg_add_string(&cl->hdr, "http-auth-pass", pass); } d = dispatch_find(url, pi); |