fix usage of stathost in combination with basic auth

http protocol requires different treatment of proxy auth vs server auth. fixes #246
author: rofl0r <rofl0r@users.noreply.github.com> 2019-06-14 01:18:17 +0100
committer: rofl0r <rofl0r@users.noreply.github.com> 2019-06-14 01:18:19 +0100
commit: 734ba1d9702cd7d420c624c3574bec1470ebf590 (patch)
tree: 1a025bd5c2865dd7eacdd4a4947ea4da228d7a4e
parent: e666e4a35b07a406437e4c58a15d81adf7cb5fd7 (diff)
2 files changed, 19 insertions, 3 deletions
diff --git a/src/html-error.c b/src/html-error.c
index 625a586..ee3c987 100644
--- a/src/html-error.c
+++ b/src/html-error.c
@@ -164,13 +164,17 @@ int send_http_headers (struct conn_s *connptr, int code, const char *message)
             "%s"
             "Connection: close\r\n" "\r\n";
 
-        const char auth_str[] =
+        const char p_auth_str[] =
             "Proxy-Authenticate: Basic realm=\""
             PACKAGE_NAME "\"\r\n";
 
+        const char w_auth_str[] =
+            "WWW-Authenticate: Basic realm=\""
+            PACKAGE_NAME "\"\r\n";
+
 	/* according to rfc7235, the 407 error must be accompanied by
            a Proxy-Authenticate header field. */
-        const char *add = code == 407 ? auth_str : "";
+        const char *add = code == 407 ? p_auth_str : (code == 401 ? w_auth_str : "");
 
         return (write_message (connptr->client_fd, headers,
                                code, message, PACKAGE, VERSION,
diff --git a/src/reqs.c b/src/reqs.c
index bbdcc74..8450cff 100644
--- a/src/reqs.c
+++ b/src/reqs.c
@@ -1611,11 +1611,22 @@ void handle_connection (int fd)
         if (config.basicauth_list != NULL) {
                 ssize_t len;
                 char *authstring;
-                int failure = 1;
+                int failure = 1, stathost_connect = 0;
                 len = hashmap_entry_by_key (hashofheaders, "proxy-authorization",
                                             (void **) &authstring);
 
+                if (len == 0 && config.stathost) {
+                        len = hashmap_entry_by_key (hashofheaders, "host",
+                                                    (void **) &authstring);
+                        if (len && !strncmp(authstring, config.stathost, strlen(config.stathost))) {
+                                len = hashmap_entry_by_key (hashofheaders, "authorization",
+                                                            (void **) &authstring);
+                                stathost_connect = 1;
+                        } else len = 0;
+                }
+
                 if (len == 0) {
+                        if (stathost_connect) goto e401;
                         update_stats (STAT_DENIED);
                         indicate_http_error (connptr, 407, "Proxy Authentication Required",
                                              "detail",
@@ -1629,6 +1640,7 @@ void handle_connection (int fd)
                         basicauth_check (config.basicauth_list, authstring + 6) == 1)
                                 failure = 0;
                 if(failure) {
+e401:
                         update_stats (STAT_DENIED);
                         indicate_http_error (connptr, 401, "Unauthorized",
                                              "detail",
author	rofl0r <rofl0r@users.noreply.github.com>	2019-06-14 01:18:17 +0100
committer	rofl0r <rofl0r@users.noreply.github.com>	2019-06-14 01:18:19 +0100
commit	734ba1d9702cd7d420c624c3574bec1470ebf590 (patch)
tree	1a025bd5c2865dd7eacdd4a4947ea4da228d7a4e
parent	e666e4a35b07a406437e4c58a15d81adf7cb5fd7 (diff)