diff options
| author | rofl0r <retnyg@gmx.net> | 2018-01-28 04:32:59 +0000 |
|---|---|---|
| committer | rofl0r <rofl0r@users.noreply.github.com> | 2018-02-06 16:57:02 +0000 |
| commit | bd04ed00d8b9bac68eaf6f3e7c739ceef043e679 (patch) | |
| tree | e74b7dfe1eca6865d4475f5858e4e7b7e7c362e8 | |
| parent | 8db511b9bff5dfa61a9448659e28ce54d9aa8869 (diff) | |
Basic Auth: send correct response codes and headers acc. to rfc7235
as reported by @natedogith1
| -rw-r--r-- | src/html-error.c | 17 | ||||
| -rw-r--r-- | src/reqs.c | 54 |
2 files changed, 45 insertions, 26 deletions
diff --git a/src/html-error.c b/src/html-error.c index 38adf85..0c011a7 100644 --- a/src/html-error.c +++ b/src/html-error.c @@ -156,13 +156,24 @@ send_html_file (FILE *infile, struct conn_s *connptr) int send_http_headers (struct conn_s *connptr, int code, const char *message) { - const char *headers = + const char headers[] = "HTTP/1.0 %d %s\r\n" "Server: %s/%s\r\n" - "Content-Type: text/html\r\n" "Connection: close\r\n" "\r\n"; + "Content-Type: text/html\r\n" + "%s" + "Connection: close\r\n" "\r\n"; + + const char auth_str[] = + "Proxy-Authenticate: Basic realm=\"" + PACKAGE_NAME "\"\r\n"; + + /* according to rfc7235, the 407 error must be accompanied by + a Proxy-Authenticate header field. */ + const char *add = code == 407 ? auth_str : ""; return (write_message (connptr->client_fd, headers, - code, message, PACKAGE, VERSION)); + code, message, PACKAGE, VERSION, + add)); } /* @@ -1563,29 +1563,37 @@ void handle_connection (int fd) goto fail; } - if (config.basicauth_list != NULL) { - ssize_t len; - char *authstring; - int failure = 1; - len = hashmap_entry_by_key (hashofheaders, "proxy-authorization", - (void **) &authstring); - if (len > 0 && - /* currently only "basic" auth supported */ - (strncmp(authstring, "Basic ", 6) == 0 || - strncmp(authstring, "basic ", 6) == 0) && - basicauth_check (config.basicauth_list, authstring + 6) == 1) - failure = 0; - if(failure) { - update_stats (STAT_DENIED); - indicate_http_error (connptr, 403, "Access denied", - "detail", - "The administrator of this proxy has not configured " - "it to service requests from you.", - NULL); - goto fail; - } - hashmap_remove (hashofheaders, "proxy-authorization"); - } + if (config.basicauth_list != NULL) { + ssize_t len; + char *authstring; + int failure = 1; + len = hashmap_entry_by_key (hashofheaders, "proxy-authorization", + (void **) &authstring); + + if (len == 0) { + update_stats (STAT_DENIED); + indicate_http_error (connptr, 407, "Proxy Authentication Required", + "detail", + "This proxy requires authentication.", + NULL); + goto fail; + } + if ( /* currently only "basic" auth supported */ + (strncmp(authstring, "Basic ", 6) == 0 || + strncmp(authstring, "basic ", 6) == 0) && + basicauth_check (config.basicauth_list, authstring + 6) == 1) + failure = 0; + if(failure) { + update_stats (STAT_DENIED); + indicate_http_error (connptr, 401, "Unauthorized", + "detail", + "The administrator of this proxy has not configured " + "it to service requests from you.", + NULL); + goto fail; + } + hashmap_remove (hashofheaders, "proxy-authorization"); + } /* * Add any user-specified headers (AddHeader directive) to the |