Add cgi_pass_authorizationHEADmain

6 files changed, 31 insertions, 1 deletions

diff --git a/NEWS b/NEWS
index efa662e..7eaf6dc 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,8 @@ In 0.0.8.0
 ----------
 
  - Bugfixes.
+ - New configuration option: cgi_pass_authorization
+ - New configuration option: fastcgi
 
 
 In 0.0.7.2
diff --git a/doc/tipidee.conf.html b/doc/tipidee.conf.html
index da3126a..6ed780f 100644
--- a/doc/tipidee.conf.html
+++ b/doc/tipidee.conf.html
@@ -303,6 +303,29 @@ a directive can protect dynamically managed content that is restricted
 to a given hierarchy. </li>
 </ul>
 
+<div id="cgi_pass_authorization">
+<h4> <tt>cgi_pass_authorization</tt> </h4>
+</div>
+
+<p>
+ <code> global cgi_pass_authorization <em>value</em> </code>
+</p>
+
+<ul>
+ <li> <em>value</em> is a non-negative integer. </li>
+ <li> For security reasons, if there is an <tt>Authorization:</tt>
+header, the CGI specification says it should not be fully passed
+to the CGI script. Instead, only the first word, determining what
+authorization type has been used, is passed in the <tt>AUTH_TYPE</tt>
+environment variable. </li>
+ <li> By default, or when <em>value</em> is zero, tipideed does just
+that. </li>
+ <li> If <em>value</em> is nonzero, then additionally to the
+regular <tt>AUTH_TYPE</tt>, tipideed passes the full value of the
+<tt>Authorization:</tt> header to CGI scripts via the
+<tt>HTTP_AUTHORIZATION</tt> variable. </li>
+</ul>
+
 <div id="XXX_no_translate">
 <h4> <tt>XXX_no_translate</tt> </h4>
 </div>
diff --git a/src/config/lexparse.c b/src/config/lexparse.c
index dd74e65..9bceb8e 100644
--- a/src/config/lexparse.c
+++ b/src/config/lexparse.c
@@ -116,6 +116,7 @@ static inline void parse_global (char const *s, size_t const *word, size_t n, md
   static char const *const globalkeys[] =
   {
     "XXX_no_translate",
+    "cgi_pass_authorization",
     "cgi_timeout",
     "executable_means_cgi",
     "max_cgi_body_length",
diff --git a/src/tipideed/cgi.c b/src/tipideed/cgi.c
index 3e15b69..ca66ec5 100644
--- a/src/tipideed/cgi.c
+++ b/src/tipideed/cgi.c
@@ -97,6 +97,7 @@ static inline void modify_env (tipidee_rql const *rql, char const *docroot, tipi
         addenvb(rql, docroot, "AUTH_TYPE", val, n) ;
         got |= 1 ;
       }
+      if (g.flagcgipassauth) addenvb(rql, docroot, "HTTP_AUTHORIZATION", val, len) ;
     }
     else if (!strcasecmp(key, "Content-Type")) { addenv(rql, docroot, "CONTENT_TYPE", val) ; got |= 2 ; }
     else if (!strcasecmp(key, "Content-Length") || !strcasecmp(key, "Connection")) ;
diff --git a/src/tipideed/tipideed-internal.h b/src/tipideed/tipideed-internal.h
index 2cc8186..5d72cd6 100644
--- a/src/tipideed/tipideed-internal.h
+++ b/src/tipideed/tipideed-internal.h
@@ -43,6 +43,7 @@ struct global_s
   uint16_t ssl : 1 ;
   uint16_t xiscgi : 1 ;
   uint8_t flagnoxlate : 1 ;
+  uint8_t flagcgipassauth : 1 ;
 } ;
 #define GLOBAL_ZERO \
 { \
@@ -68,7 +69,8 @@ struct global_s
   .cont = 1, \
   .ssl = 0, \
   .xiscgi = 0, \
-  .flagnoxlate = 0 \
+  .flagnoxlate = 0, \
+  .flagcgipassauth = 0 \
 }
 
 extern struct global_s g ;
diff --git a/src/tipideed/tipideed.c b/src/tipideed/tipideed.c
index 402c59c..4bd3242 100644
--- a/src/tipideed/tipideed.c
+++ b/src/tipideed/tipideed.c
@@ -386,6 +386,7 @@ int main (int argc, char const *const *argv, char const *const *envp)
   g.logv = get_uint32("G:logv") ;
   g.xiscgi = !!get_uint32("G:executable_means_cgi") ;
   g.flagnoxlate = !!get_uint32("G:XXX_no_translate") ;
+  g.flagcgipassauth = !!get_uint32("G:cgi_pass_authorization") ;
   n = tipidee_conf_get_argv(&g.conf, "G:index-file", g.indexnames, 16, &g.indexlen) ;
   if (!n) strerr_dief3x(102, "bad", " config value for ", "G:index_file") ;
   g.indexn = n-1 ;