diff options
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | doc/tipidee.conf.html | 23 | ||||
| -rw-r--r-- | src/config/lexparse.c | 1 | ||||
| -rw-r--r-- | src/tipideed/cgi.c | 1 | ||||
| -rw-r--r-- | src/tipideed/tipideed-internal.h | 4 | ||||
| -rw-r--r-- | src/tipideed/tipideed.c | 1 |
6 files changed, 31 insertions, 1 deletions
@@ -4,6 +4,8 @@ In 0.0.8.0 ---------- - Bugfixes. + - New configuration option: cgi_pass_authorization + - New configuration option: fastcgi In 0.0.7.2 diff --git a/doc/tipidee.conf.html b/doc/tipidee.conf.html index da3126a..6ed780f 100644 --- a/doc/tipidee.conf.html +++ b/doc/tipidee.conf.html @@ -303,6 +303,29 @@ a directive can protect dynamically managed content that is restricted to a given hierarchy. </li> </ul> +<div id="cgi_pass_authorization"> +<h4> <tt>cgi_pass_authorization</tt> </h4> +</div> + +<p> + <code> global cgi_pass_authorization <em>value</em> </code> +</p> + +<ul> + <li> <em>value</em> is a non-negative integer. </li> + <li> For security reasons, if there is an <tt>Authorization:</tt> +header, the CGI specification says it should not be fully passed +to the CGI script. Instead, only the first word, determining what +authorization type has been used, is passed in the <tt>AUTH_TYPE</tt> +environment variable. </li> + <li> By default, or when <em>value</em> is zero, tipideed does just +that. </li> + <li> If <em>value</em> is nonzero, then additionally to the +regular <tt>AUTH_TYPE</tt>, tipideed passes the full value of the +<tt>Authorization:</tt> header to CGI scripts via the +<tt>HTTP_AUTHORIZATION</tt> variable. </li> +</ul> + <div id="XXX_no_translate"> <h4> <tt>XXX_no_translate</tt> </h4> </div> diff --git a/src/config/lexparse.c b/src/config/lexparse.c index dd74e65..9bceb8e 100644 --- a/src/config/lexparse.c +++ b/src/config/lexparse.c @@ -116,6 +116,7 @@ static inline void parse_global (char const *s, size_t const *word, size_t n, md static char const *const globalkeys[] = { "XXX_no_translate", + "cgi_pass_authorization", "cgi_timeout", "executable_means_cgi", "max_cgi_body_length", diff --git a/src/tipideed/cgi.c b/src/tipideed/cgi.c index 3e15b69..ca66ec5 100644 --- a/src/tipideed/cgi.c +++ b/src/tipideed/cgi.c @@ -97,6 +97,7 @@ static inline void modify_env (tipidee_rql const *rql, char const *docroot, tipi addenvb(rql, docroot, "AUTH_TYPE", val, n) ; got |= 1 ; } + if (g.flagcgipassauth) addenvb(rql, docroot, "HTTP_AUTHORIZATION", val, len) ; } else if (!strcasecmp(key, "Content-Type")) { addenv(rql, docroot, "CONTENT_TYPE", val) ; got |= 2 ; } else if (!strcasecmp(key, "Content-Length") || !strcasecmp(key, "Connection")) ; diff --git a/src/tipideed/tipideed-internal.h b/src/tipideed/tipideed-internal.h index 2cc8186..5d72cd6 100644 --- a/src/tipideed/tipideed-internal.h +++ b/src/tipideed/tipideed-internal.h @@ -43,6 +43,7 @@ struct global_s uint16_t ssl : 1 ; uint16_t xiscgi : 1 ; uint8_t flagnoxlate : 1 ; + uint8_t flagcgipassauth : 1 ; } ; #define GLOBAL_ZERO \ { \ @@ -68,7 +69,8 @@ struct global_s .cont = 1, \ .ssl = 0, \ .xiscgi = 0, \ - .flagnoxlate = 0 \ + .flagnoxlate = 0, \ + .flagcgipassauth = 0 \ } extern struct global_s g ; diff --git a/src/tipideed/tipideed.c b/src/tipideed/tipideed.c index 402c59c..4bd3242 100644 --- a/src/tipideed/tipideed.c +++ b/src/tipideed/tipideed.c @@ -386,6 +386,7 @@ int main (int argc, char const *const *argv, char const *const *envp) g.logv = get_uint32("G:logv") ; g.xiscgi = !!get_uint32("G:executable_means_cgi") ; g.flagnoxlate = !!get_uint32("G:XXX_no_translate") ; + g.flagcgipassauth = !!get_uint32("G:cgi_pass_authorization") ; n = tipidee_conf_get_argv(&g.conf, "G:index-file", g.indexnames, 16, &g.indexlen) ; if (!n) strerr_dief3x(102, "bad", " config value for ", "G:index_file") ; g.indexn = n-1 ; |