From: Jo-Philipp Wich <jo@mein.io>
Date: Sun, 9 Jul 2017 18:43:36 +0000 (+0200)
Subject: file: fix basic auth regression
X-Git-Url: http://git.archive.openwrt.org/?p=project%2Fuhttpd.git;a=commitdiff_plain;h=88c0b4b6d00152c54a0f1367ae839c71547281e1

file: fix basic auth regression

Previous refactoring of the basic auth handling code broke the logic in
such a way that basic auth was only performed if a client sent an
Authorization header in its request, but it was never prompted for by
the server.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
---

diff --git a/file.c b/file.c
index a4d9b1d..a1775f5 100644
--- a/file.c
+++ b/file.c
@@ -794,7 +794,7 @@ static bool __handle_file_request(struct client *cl, char *url)
 	struct dispatch_handler *d;
 	struct blob_attr *tb[__HDR_MAX];
 	struct path_info *pi;
-	char *user, *pass;
+	char *user, *pass, *auth;
 
 	pi = uh_path_lookup(cl, url);
 	if (!pi)
@@ -804,14 +804,15 @@ static bool __handle_file_request(struct client *cl, char *url)
 		return true;
 
 	blobmsg_parse(hdr_policy, __HDR_MAX, tb, blob_data(cl->hdr.head), blob_len(cl->hdr.head));
-	if (tb[HDR_AUTHORIZATION]) {
-		if (!uh_auth_check(cl, pi->name, blobmsg_data(tb[HDR_AUTHORIZATION]), &user, &pass))
-			return true;
 
-		if (user && pass) {
-			blobmsg_add_string(&cl->hdr, "http-auth-user", user);
-			blobmsg_add_string(&cl->hdr, "http-auth-pass", pass);
-		}
+	auth = tb[HDR_AUTHORIZATION] ? blobmsg_data(tb[HDR_AUTHORIZATION]) : NULL;
+
+	if (!uh_auth_check(cl, pi->name, auth, &user, &pass))
+		return true;
+
+	if (user && pass) {
+		blobmsg_add_string(&cl->hdr, "http-auth-user", user);
+		blobmsg_add_string(&cl->hdr, "http-auth-pass", pass);
 	}
 
 	d = dispatch_find(url, pi);