From 85e73be46151123a764251f7be160bb57f0dc667 Mon Sep 17 00:00:00 2001 From: Grzegorz Wozniak Date: Thu, 21 Jan 2016 08:21:08 +0100 Subject: Case insensivity in digest authentication scheme --- src/auth.cpp | 2 +- src/parser/challenge.cpp | 2 +- src/parser/credentials.cpp | 2 +- src/parser/scanner.lxx | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/auth.cpp b/src/auth.cpp index ff5c4bc..35d6d23 100644 --- a/src/auth.cpp +++ b/src/auth.cpp @@ -134,7 +134,7 @@ bool t_auth::authorize(t_user *user_config, t_request *r, t_response *resp) { } // Only DIGEST is supported - if (c.auth_scheme != AUTH_DIGEST) { + if (cmp_nocase(c.auth_scheme, AUTH_DIGEST) != 0) { log_file->write_header("t_auth::authorize"); log_file->write_raw("Unsupported authentication scheme: "); log_file->write_raw(c.auth_scheme); diff --git a/src/parser/challenge.cpp b/src/parser/challenge.cpp index 9c365a5..d5f6e16 100644 --- a/src/parser/challenge.cpp +++ b/src/parser/challenge.cpp @@ -163,7 +163,7 @@ string t_challenge::encode(void) const { string s = auth_scheme; s += ' '; - if (auth_scheme == AUTH_DIGEST) { + if (cmp_nocase(auth_scheme,AUTH_DIGEST) == 0) { s += digest_challenge.encode(); } else { for (list::const_iterator i = auth_params.begin(); diff --git a/src/parser/credentials.cpp b/src/parser/credentials.cpp index 067744c..cb3cf8e 100644 --- a/src/parser/credentials.cpp +++ b/src/parser/credentials.cpp @@ -143,7 +143,7 @@ string t_credentials::encode(void) const { string s = auth_scheme; s += ' '; - if (auth_scheme == AUTH_DIGEST) { + if (cmp_nocase(auth_scheme,AUTH_DIGEST) == 0) { s += digest_response.encode(); } else { for (list::const_iterator i = auth_params.begin(); diff --git a/src/parser/scanner.lxx b/src/parser/scanner.lxx index 19d9f11..b86ba83 100644 --- a/src/parser/scanner.lxx +++ b/src/parser/scanner.lxx @@ -302,7 +302,7 @@ WORD_SYM [[:alnum:]\-\.!%\*_\+\`\'~\(\)<>:\\\"\/\[\]\?\{\}] \n { return T_CRLF; } /* Authorization scheme */ -Digest { return T_AUTH_DIGEST; } +[Dd][Ii][Gg][Ee][Ss][Tt] { return T_AUTH_DIGEST; } {TOKEN_SYM}+ { yylval.yyt_str = new string(yytext); MEMMAN_NEW(yylval.yyt_str); return T_AUTH_OTHER; } -- cgit v1.2.3