[vlc-devel] [PATCH] net/httpd: accept any user if none requested
Vincent Bernat
bernat at luffy.cx
Sat Apr 26 22:12:27 CEST 2014
When no user (resp. password) is required, accept any
user (resp. password). The Lua web interface is not requiring a username
and therefore, the authentication has to be done with an empty
user. Many HTTP clients choke with this. For example, curl doesn't
accept an empty username. This change allows the user to provide any
username to authenticate as long as the password matches.
---
src/network/httpd.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/network/httpd.c b/src/network/httpd.c
index 816d348a3328..3a81350d733a 100644
--- a/src/network/httpd.c
+++ b/src/network/httpd.c
@@ -1109,8 +1109,8 @@ httpd_url_t *httpd_UrlNew(httpd_host_t *host, const char *psz_url,
vlc_mutex_init(&url->lock);
url->psz_url = strdup(psz_url);
- url->psz_user = strdup(psz_user ? psz_user : "");
- url->psz_password = strdup(psz_password ? psz_password : "");
+ url->psz_user = psz_user ? strdup(psz_user) : NULL;
+ url->psz_password = psz_password ? strdup(psz_password) : NULL;
for (int i = 0; i < HTTPD_MSG_MAX; i++) {
url->catch[i].cb = NULL;
url->catch[i].p_sys = NULL;
@@ -1713,7 +1713,7 @@ static void httpd_ClientTlsHandshake(httpd_client_t *cl)
static bool httpdAuthOk(const char *user, const char *pass, const char *b64)
{
- if (!*user && !*pass)
+ if (!user && !pass)
return true;
if (!b64)
@@ -1737,10 +1737,10 @@ static bool httpdAuthOk(const char *user, const char *pass, const char *b64)
*given_pass++ = '\0';
- if (strcmp (given_user, user))
+ if (user && strcmp (given_user, user))
goto auth_failed;
- if (strcmp (given_pass, pass))
+ if (pass && strcmp (given_pass, pass))
goto auth_failed;
free(given_user);
--
2.0.0.rc0
More information about the vlc-devel
mailing list