fix usage of stathost in combination with basic auth
http protocol requires different treatment of proxy auth vs server auth. fixes #246
This commit is contained in:
parent
e666e4a35b
commit
734ba1d970
@ -164,13 +164,17 @@ int send_http_headers (struct conn_s *connptr, int code, const char *message)
|
|||||||
"%s"
|
"%s"
|
||||||
"Connection: close\r\n" "\r\n";
|
"Connection: close\r\n" "\r\n";
|
||||||
|
|
||||||
const char auth_str[] =
|
const char p_auth_str[] =
|
||||||
"Proxy-Authenticate: Basic realm=\""
|
"Proxy-Authenticate: Basic realm=\""
|
||||||
PACKAGE_NAME "\"\r\n";
|
PACKAGE_NAME "\"\r\n";
|
||||||
|
|
||||||
|
const char w_auth_str[] =
|
||||||
|
"WWW-Authenticate: Basic realm=\""
|
||||||
|
PACKAGE_NAME "\"\r\n";
|
||||||
|
|
||||||
/* according to rfc7235, the 407 error must be accompanied by
|
/* according to rfc7235, the 407 error must be accompanied by
|
||||||
a Proxy-Authenticate header field. */
|
a Proxy-Authenticate header field. */
|
||||||
const char *add = code == 407 ? auth_str : "";
|
const char *add = code == 407 ? p_auth_str : (code == 401 ? w_auth_str : "");
|
||||||
|
|
||||||
return (write_message (connptr->client_fd, headers,
|
return (write_message (connptr->client_fd, headers,
|
||||||
code, message, PACKAGE, VERSION,
|
code, message, PACKAGE, VERSION,
|
||||||
|
14
src/reqs.c
14
src/reqs.c
@ -1611,11 +1611,22 @@ void handle_connection (int fd)
|
|||||||
if (config.basicauth_list != NULL) {
|
if (config.basicauth_list != NULL) {
|
||||||
ssize_t len;
|
ssize_t len;
|
||||||
char *authstring;
|
char *authstring;
|
||||||
int failure = 1;
|
int failure = 1, stathost_connect = 0;
|
||||||
len = hashmap_entry_by_key (hashofheaders, "proxy-authorization",
|
len = hashmap_entry_by_key (hashofheaders, "proxy-authorization",
|
||||||
(void **) &authstring);
|
(void **) &authstring);
|
||||||
|
|
||||||
|
if (len == 0 && config.stathost) {
|
||||||
|
len = hashmap_entry_by_key (hashofheaders, "host",
|
||||||
|
(void **) &authstring);
|
||||||
|
if (len && !strncmp(authstring, config.stathost, strlen(config.stathost))) {
|
||||||
|
len = hashmap_entry_by_key (hashofheaders, "authorization",
|
||||||
|
(void **) &authstring);
|
||||||
|
stathost_connect = 1;
|
||||||
|
} else len = 0;
|
||||||
|
}
|
||||||
|
|
||||||
if (len == 0) {
|
if (len == 0) {
|
||||||
|
if (stathost_connect) goto e401;
|
||||||
update_stats (STAT_DENIED);
|
update_stats (STAT_DENIED);
|
||||||
indicate_http_error (connptr, 407, "Proxy Authentication Required",
|
indicate_http_error (connptr, 407, "Proxy Authentication Required",
|
||||||
"detail",
|
"detail",
|
||||||
@ -1629,6 +1640,7 @@ void handle_connection (int fd)
|
|||||||
basicauth_check (config.basicauth_list, authstring + 6) == 1)
|
basicauth_check (config.basicauth_list, authstring + 6) == 1)
|
||||||
failure = 0;
|
failure = 0;
|
||||||
if(failure) {
|
if(failure) {
|
||||||
|
e401:
|
||||||
update_stats (STAT_DENIED);
|
update_stats (STAT_DENIED);
|
||||||
indicate_http_error (connptr, 401, "Unauthorized",
|
indicate_http_error (connptr, 401, "Unauthorized",
|
||||||
"detail",
|
"detail",
|
||||||
|
Loading…
Reference in New Issue
Block a user