From 88c0b4b6d00152c54a0f1367ae839c71547281e1 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Sun, 9 Jul 2017 20:43:36 +0200 Subject: [PATCH] file: fix basic auth regression Previous refactoring of the basic auth handling code broke the logic in such a way that basic auth was only performed if a client sent an Authorization header in its request, but it was never prompted for by the server. Signed-off-by: Jo-Philipp Wich --- file.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/file.c b/file.c index a4d9b1d..a1775f5 100644 --- a/file.c +++ b/file.c @@ -794,7 +794,7 @@ static bool __handle_file_request(struct client *cl, char *url) struct dispatch_handler *d; struct blob_attr *tb[__HDR_MAX]; struct path_info *pi; - char *user, *pass; + char *user, *pass, *auth; pi = uh_path_lookup(cl, url); if (!pi) @@ -804,14 +804,15 @@ static bool __handle_file_request(struct client *cl, char *url) return true; blobmsg_parse(hdr_policy, __HDR_MAX, tb, blob_data(cl->hdr.head), blob_len(cl->hdr.head)); - if (tb[HDR_AUTHORIZATION]) { - if (!uh_auth_check(cl, pi->name, blobmsg_data(tb[HDR_AUTHORIZATION]), &user, &pass)) - return true; - if (user && pass) { - blobmsg_add_string(&cl->hdr, "http-auth-user", user); - blobmsg_add_string(&cl->hdr, "http-auth-pass", pass); - } + auth = tb[HDR_AUTHORIZATION] ? blobmsg_data(tb[HDR_AUTHORIZATION]) : NULL; + + if (!uh_auth_check(cl, pi->name, auth, &user, &pass)) + return true; + + if (user && pass) { + blobmsg_add_string(&cl->hdr, "http-auth-user", user); + blobmsg_add_string(&cl->hdr, "http-auth-pass", pass); } d = dispatch_find(url, pi); -- 2.25.1