summaryrefslogtreecommitdiffhomepage
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/html-error.c17
-rw-r--r--src/reqs.c54
2 files changed, 45 insertions, 26 deletions
diff --git a/src/html-error.c b/src/html-error.c
index 38adf85..0c011a7 100644
--- a/src/html-error.c
+++ b/src/html-error.c
@@ -156,13 +156,24 @@ send_html_file (FILE *infile, struct conn_s *connptr)
int send_http_headers (struct conn_s *connptr, int code, const char *message)
{
- const char *headers =
+ const char headers[] =
"HTTP/1.0 %d %s\r\n"
"Server: %s/%s\r\n"
- "Content-Type: text/html\r\n" "Connection: close\r\n" "\r\n";
+ "Content-Type: text/html\r\n"
+ "%s"
+ "Connection: close\r\n" "\r\n";
+
+ const char auth_str[] =
+ "Proxy-Authenticate: Basic realm=\""
+ PACKAGE_NAME "\"\r\n";
+
+ /* according to rfc7235, the 407 error must be accompanied by
+ a Proxy-Authenticate header field. */
+ const char *add = code == 407 ? auth_str : "";
return (write_message (connptr->client_fd, headers,
- code, message, PACKAGE, VERSION));
+ code, message, PACKAGE, VERSION,
+ add));
}
/*
diff --git a/src/reqs.c b/src/reqs.c
index 83fecf3..0e4e5f7 100644
--- a/src/reqs.c
+++ b/src/reqs.c
@@ -1563,29 +1563,37 @@ void handle_connection (int fd)
goto fail;
}
- if (config.basicauth_list != NULL) {
- ssize_t len;
- char *authstring;
- int failure = 1;
- len = hashmap_entry_by_key (hashofheaders, "proxy-authorization",
- (void **) &authstring);
- if (len > 0 &&
- /* currently only "basic" auth supported */
- (strncmp(authstring, "Basic ", 6) == 0 ||
- strncmp(authstring, "basic ", 6) == 0) &&
- basicauth_check (config.basicauth_list, authstring + 6) == 1)
- failure = 0;
- if(failure) {
- update_stats (STAT_DENIED);
- indicate_http_error (connptr, 403, "Access denied",
- "detail",
- "The administrator of this proxy has not configured "
- "it to service requests from you.",
- NULL);
- goto fail;
- }
- hashmap_remove (hashofheaders, "proxy-authorization");
- }
+ if (config.basicauth_list != NULL) {
+ ssize_t len;
+ char *authstring;
+ int failure = 1;
+ len = hashmap_entry_by_key (hashofheaders, "proxy-authorization",
+ (void **) &authstring);
+
+ if (len == 0) {
+ update_stats (STAT_DENIED);
+ indicate_http_error (connptr, 407, "Proxy Authentication Required",
+ "detail",
+ "This proxy requires authentication.",
+ NULL);
+ goto fail;
+ }
+ if ( /* currently only "basic" auth supported */
+ (strncmp(authstring, "Basic ", 6) == 0 ||
+ strncmp(authstring, "basic ", 6) == 0) &&
+ basicauth_check (config.basicauth_list, authstring + 6) == 1)
+ failure = 0;
+ if(failure) {
+ update_stats (STAT_DENIED);
+ indicate_http_error (connptr, 401, "Unauthorized",
+ "detail",
+ "The administrator of this proxy has not configured "
+ "it to service requests from you.",
+ NULL);
+ goto fail;
+ }
+ hashmap_remove (hashofheaders, "proxy-authorization");
+ }
/*
* Add any user-specified headers (AddHeader directive) to the