From 05f6e4e000c98b94341101a67672a37af90d3d4a Mon Sep 17 00:00:00 2001
From: rofl0r <rofl0r@users.noreply.github.com>
Date: Mon, 15 Jul 2024 05:56:39 +0000
Subject: [PATCH] basic auth: fix error status 401 vs 407

if tinyproxy serves as a HTTP server (i.e. when serving stats),
use error code 401, else error code 407.

fixes #532
---
 src/reqs.c | 32 +++++++++++++++-----------------
 1 file changed, 15 insertions(+), 17 deletions(-)

diff --git a/src/reqs.c b/src/reqs.c
index 998719a..74b173b 100644
--- a/src/reqs.c
+++ b/src/reqs.c
@@ -1559,6 +1559,19 @@ static void handle_connection_failure(struct conn_s *connptr, int got_headers)
         }
 }
 
+static void auth_error(struct conn_s *connptr, int code) {
+        const char *tit = code == 401 ? "Unauthorized" : "Proxy Authentication Required";
+        const char *msg = code == 401 ?
+        "The administrator of this proxy has not configured it to service requests from you." :
+        "This proxy requires authentication.";
+
+        update_stats (STAT_DENIED);
+        log_message (LOG_INFO,
+                     "Failed auth attempt (file descriptor: %d), ip %s",
+                     connptr->client_fd,
+                     connptr->client_ip_addr);
+        indicate_http_error (connptr, code, tit, "detail", msg, NULL);
+}
 
 /*
  * This is the main drive for each connection. As you can tell, for the
@@ -1677,12 +1690,7 @@ void handle_connection (struct conn_s *connptr, union sockaddr_union* addr)
                 }
 
                 if (!authstring) {
-                        if (stathost_connect) goto e401;
-                        update_stats (STAT_DENIED);
-                        indicate_http_error (connptr, 407, "Proxy Authentication Required",
-                                             "detail",
-                                             "This proxy requires authentication.",
-                                             NULL);
+                        auth_error(connptr, stathost_connect ? 401 : 407);
                         HC_FAIL();
                 }
                 if ( /* currently only "basic" auth supported */
@@ -1691,17 +1699,7 @@ void handle_connection (struct conn_s *connptr, union sockaddr_union* addr)
                         basicauth_check (config->basicauth_list, authstring + 6) == 1)
                                 failure = 0;
                 if(failure) {
-e401:
-                        update_stats (STAT_DENIED);
-                        log_message (LOG_INFO,
-                                     "Failed auth attempt (file descriptor: %d), ip %s",
-                                     connptr->client_fd,
-                                     connptr->client_ip_addr);
-                        indicate_http_error (connptr, 401, "Unauthorized",
-                                             "detail",
-                                             "The administrator of this proxy has not configured "
-                                             "it to service requests from you.",
-                                             NULL);
+                        auth_error(connptr, stathost_connect ? 401 : 407);
                         HC_FAIL();
                 }
                 orderedmap_remove (hashofheaders, "proxy-authorization");