fix usage of stathost in combination with basic auth
http protocol requires different treatment of proxy auth vs server auth. fixes #246
This commit is contained in:
parent
e666e4a35b
commit
734ba1d970
@ -164,13 +164,17 @@ int send_http_headers (struct conn_s *connptr, int code, const char *message)
|
||||
"%s"
|
||||
"Connection: close\r\n" "\r\n";
|
||||
|
||||
const char auth_str[] =
|
||||
const char p_auth_str[] =
|
||||
"Proxy-Authenticate: Basic realm=\""
|
||||
PACKAGE_NAME "\"\r\n";
|
||||
|
||||
const char w_auth_str[] =
|
||||
"WWW-Authenticate: Basic realm=\""
|
||||
PACKAGE_NAME "\"\r\n";
|
||||
|
||||
/* according to rfc7235, the 407 error must be accompanied by
|
||||
a Proxy-Authenticate header field. */
|
||||
const char *add = code == 407 ? auth_str : "";
|
||||
const char *add = code == 407 ? p_auth_str : (code == 401 ? w_auth_str : "");
|
||||
|
||||
return (write_message (connptr->client_fd, headers,
|
||||
code, message, PACKAGE, VERSION,
|
||||
|
14
src/reqs.c
14
src/reqs.c
@ -1611,11 +1611,22 @@ void handle_connection (int fd)
|
||||
if (config.basicauth_list != NULL) {
|
||||
ssize_t len;
|
||||
char *authstring;
|
||||
int failure = 1;
|
||||
int failure = 1, stathost_connect = 0;
|
||||
len = hashmap_entry_by_key (hashofheaders, "proxy-authorization",
|
||||
(void **) &authstring);
|
||||
|
||||
if (len == 0 && config.stathost) {
|
||||
len = hashmap_entry_by_key (hashofheaders, "host",
|
||||
(void **) &authstring);
|
||||
if (len && !strncmp(authstring, config.stathost, strlen(config.stathost))) {
|
||||
len = hashmap_entry_by_key (hashofheaders, "authorization",
|
||||
(void **) &authstring);
|
||||
stathost_connect = 1;
|
||||
} else len = 0;
|
||||
}
|
||||
|
||||
if (len == 0) {
|
||||
if (stathost_connect) goto e401;
|
||||
update_stats (STAT_DENIED);
|
||||
indicate_http_error (connptr, 407, "Proxy Authentication Required",
|
||||
"detail",
|
||||
@ -1629,6 +1640,7 @@ void handle_connection (int fd)
|
||||
basicauth_check (config.basicauth_list, authstring + 6) == 1)
|
||||
failure = 0;
|
||||
if(failure) {
|
||||
e401:
|
||||
update_stats (STAT_DENIED);
|
||||
indicate_http_error (connptr, 401, "Unauthorized",
|
||||
"detail",
|
||||
|
Loading…
Reference in New Issue
Block a user