diff --git a/docs/man5/tinyproxy.conf.txt.in b/docs/man5/tinyproxy.conf.txt.in index ed137e2..4471cbd 100644 --- a/docs/man5/tinyproxy.conf.txt.in +++ b/docs/man5/tinyproxy.conf.txt.in @@ -239,6 +239,14 @@ access is only granted for authenticated users. BasicAuth user password +=item B + +In case "BasicAuth" is configured, the "realm" information. +"Proxy Authentication Required" status http 407 "error-response" can be +customized. + +- defaults in code to "Tinyproxy" (PACKAGE_NAME), if not configured. + =item B Configure one or more HTTP request headers to be added to outgoing @@ -420,7 +428,7 @@ This manpage was written by the Tinyproxy project team. =head1 COPYRIGHT -Copyright (c) 1998-2020 the Tinyproxy authors. +Copyright (c) 1998-2024 the Tinyproxy authors. This program is distributed under the terms of the GNU General Public License version 2 or above. See the COPYING file for additional diff --git a/etc/tinyproxy.conf.in b/etc/tinyproxy.conf.in index af91d03..b7d46a7 100644 --- a/etc/tinyproxy.conf.in +++ b/etc/tinyproxy.conf.in @@ -205,6 +205,13 @@ Allow ::1 # users. #BasicAuth user password +# BasicAuthRealm : In case BasicAuth is configured, the "realm" information. +# "Proxy Authentication Required" status http 407 "error-response" can be +# customized. +# +# - defaults in code to "Tinyproxy" (PACKAGE_NAME), if not configured. +#BasicAuthRealm "Tinyproxy" + # # AddHeader: Adds the specified headers to outgoing HTTP requests that # Tinyproxy makes. Note that this option will not work for HTTPS diff --git a/src/conf-tokens.c b/src/conf-tokens.c index 2a1ddbe..c94135f 100644 --- a/src/conf-tokens.c +++ b/src/conf-tokens.c @@ -57,6 +57,7 @@ config_directive_find (register const char *str, register size_t len) {"connectport", CD_connectport}, {"logfile", CD_logfile}, {"basicauth", CD_basicauth}, + {"basicauthrealm", CD_basicauthrealm}, {"addheader", CD_addheader}, {"maxrequestsperchild", CD_maxrequestsperchild} }; diff --git a/src/conf-tokens.gperf b/src/conf-tokens.gperf index f027a23..1013d59 100644 --- a/src/conf-tokens.gperf +++ b/src/conf-tokens.gperf @@ -44,6 +44,7 @@ allow, CD_allow deny, CD_deny bind, CD_bind basicauth, CD_basicauth +basicauthrealm, CD_basicauthrealm errorfile, CD_errorfile addheader, CD_addheader filter, CD_filter diff --git a/src/conf-tokens.h b/src/conf-tokens.h index a6338f8..01c8ccb 100644 --- a/src/conf-tokens.h +++ b/src/conf-tokens.h @@ -29,6 +29,7 @@ CD_allow, CD_deny, CD_bind, CD_basicauth, +CD_basicauthrealm, CD_errorfile, CD_addheader, CD_filter, diff --git a/src/conf.c b/src/conf.c index 4b5f33a..372c73f 100644 --- a/src/conf.c +++ b/src/conf.c @@ -122,6 +122,7 @@ static HANDLE_FUNC (handle_disabled_feature) static HANDLE_FUNC (handle_allow); static HANDLE_FUNC (handle_basicauth); +static HANDLE_FUNC (handle_basicauthrealm); static HANDLE_FUNC (handle_anonymous); static HANDLE_FUNC (handle_bind); static HANDLE_FUNC (handle_bindsame); @@ -193,6 +194,7 @@ struct { regex_t *cre; } directives[] = { /* string arguments */ + STDCONF (basicauthrealm, STR, handle_basicauthrealm), STDCONF (logfile, STR, handle_logfile), STDCONF (pidfile, STR, handle_pidfile), STDCONF (anonymous, STR, handle_anonymous), @@ -294,6 +296,7 @@ void free_config (struct config_s *conf) char *k; htab_value *v; size_t it; + safefree (conf->basicauth_realm); safefree (conf->logf_name); safefree (conf->stathost); safefree (conf->user); @@ -481,6 +484,7 @@ static void initialize_config_defaults (struct config_s *conf) * (FIXME: Should have a better API for all this) */ conf->errorpages = NULL; + conf->basicauth_realm = safestrdup (PACKAGE_NAME); conf->stathost = safestrdup (TINYPROXY_STATHOST); conf->idletimeout = MAX_IDLE_TIME; conf->logf_name = NULL; @@ -634,6 +638,11 @@ set_int_arg (unsigned int *var, const char *line, regmatch_t * match) * ***********************************************************************/ +static HANDLE_FUNC (handle_basicauthrealm) +{ + return set_string_arg (&conf->basicauth_realm, line, &match[2]); +} + static HANDLE_FUNC (handle_logfile) { return set_string_arg (&conf->logf_name, line, &match[2]); diff --git a/src/conf.h b/src/conf.h index 0a0f06f..0b25afa 100644 --- a/src/conf.h +++ b/src/conf.h @@ -39,6 +39,7 @@ typedef struct { */ struct config_s { sblist *basicauth_list; + char *basicauth_realm; char *logf_name; unsigned int syslog; /* boolean */ unsigned int port; diff --git a/src/html-error.c b/src/html-error.c index 5dec919..2b87040 100644 --- a/src/html-error.c +++ b/src/html-error.c @@ -172,21 +172,31 @@ int send_http_error_message (struct conn_s *connptr) "

Generated by %s.

\n" "\n" "\n"; - const char p_auth_str[] = - "Proxy-Authenticate: Basic realm=\"" - PACKAGE_NAME "\"\r\n"; - - const char w_auth_str[] = - "WWW-Authenticate: Basic realm=\"" - PACKAGE_NAME "\"\r\n"; - /* according to rfc7235, the 407 error must be accompanied by a Proxy-Authenticate header field. */ - const char *add = connptr->error_number == 407 ? p_auth_str : - (connptr->error_number == 401 ? w_auth_str : ""); + const char *auth_str_type = + connptr->error_number == 407 ? "Proxy-Authenticate" : + (connptr->error_number == 401 ? "WWW-Authenticate" : ""); + + const char auth_str_tpl[] = "%s: Basic realm=\"%s\"\r\n"; + char* auth_str_add = NULL; + + if (auth_str_type[0] != 0) { + int auth_str_size = snprintf (NULL, 0, auth_str_tpl, + auth_str_type, config->basicauth_realm) + 1; + if (auth_str_size > 0) { + auth_str_add = safemalloc (auth_str_size); + if (auth_str_add != NULL) { + snprintf (auth_str_add, auth_str_size, auth_str_tpl, + auth_str_type, config->basicauth_realm); + } + } + } send_http_headers (connptr, connptr->error_number, - connptr->error_string, add); + connptr->error_string, auth_str_add ? auth_str_add : ""); + + if (auth_str_add) safefree (auth_str_add); error_file = get_html_file (connptr->error_number); if (!error_file || !(infile = fopen (error_file, "r"))) {