httpd: pass authorization header to CGI if not Basic

Pass the Authorization header to CGI if not of type Basic. This will
make it possible for CGI to verify authorization headers of type
Bearer <token>.

function                                             old     new   delta
handle_incoming_and_exit                            2370    2379      +9

Signed-off-by: Alexander Vickberg <wickbergster@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Alexander Vickberg 2019-04-18 10:05:53 +02:00 committed by Denys Vlasenko
parent 210b52476c
commit 049670fbbe

View File

@ -2384,7 +2384,7 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
bb_error_msg("header: '%s'", iobuf);
#if ENABLE_FEATURE_HTTPD_CGI || ENABLE_FEATURE_HTTPD_PROXY
/* Try and do our best to parse more lines */
if ((STRNCASECMP(iobuf, "Content-Length:") == 0)) {
if (STRNCASECMP(iobuf, "Content-Length:") == 0) {
/* extra read only for POST */
if (prequest != request_GET
# if ENABLE_FEATURE_HTTPD_CGI
@ -2410,14 +2410,14 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
* "<user>:<passwd>" is base64 encoded.
*/
tptr = skip_whitespace(iobuf + sizeof("Authorization:")-1);
if (STRNCASECMP(tptr, "Basic") != 0)
continue;
if (STRNCASECMP(tptr, "Basic") == 0) {
tptr += sizeof("Basic")-1;
/* decodeBase64() skips whitespace itself */
decodeBase64(tptr);
authorized = check_user_passwd(urlcopy, tptr);
continue;
}
}
#endif
#if ENABLE_FEATURE_HTTPD_RANGES
if (STRNCASECMP(iobuf, "Range:") == 0) {