conf: add BasicAuthRealm feature (#547)

makes BasicAuth realm string editable in config file.

closes #235

docs/man5/tinyproxy.conf.txt.in

@@ -239,6 +239,14 @@ access is only granted for authenticated users.
 
     BasicAuth user password
 
+=item B<BasicAuthRealm>
+
+In case "BasicAuth" is configured, the "realm" information.
+"Proxy Authentication Required" status http 407 "error-response" can be
+customized.
+
+- defaults in code to "Tinyproxy" (PACKAGE_NAME), if not configured.
+
 =item B<AddHeader>
 
 Configure one or more HTTP request headers to be added to outgoing
@@ -420,7 +428,7 @@ This manpage was written by the Tinyproxy project team.
 
 =head1 COPYRIGHT
 
-Copyright (c) 1998-2020 the Tinyproxy authors.
+Copyright (c) 1998-2024 the Tinyproxy authors.
 
 This program is distributed under the terms of the GNU General Public
 License version 2 or above. See the COPYING file for additional

etc/tinyproxy.conf.in

@@ -205,6 +205,13 @@ Allow ::1
 # users.
 #BasicAuth user password
 
+# BasicAuthRealm : In case BasicAuth is configured, the "realm" information.
+# "Proxy Authentication Required" status http 407 "error-response" can be
+# customized.
+#
+# - defaults in code to "Tinyproxy" (PACKAGE_NAME), if not configured.
+#BasicAuthRealm "Tinyproxy"
+
 #
 # AddHeader: Adds the specified headers to outgoing HTTP requests that
 # Tinyproxy makes. Note that this option will not work for HTTPS

src/conf-tokens.c

@@ -57,6 +57,7 @@ config_directive_find (register const char *str, register size_t len)
       {"connectport", CD_connectport},
       {"logfile", CD_logfile},
       {"basicauth", CD_basicauth},
+      {"basicauthrealm", CD_basicauthrealm},
       {"addheader", CD_addheader},
       {"maxrequestsperchild", CD_maxrequestsperchild}
     };

src/conf-tokens.gperf

@@ -44,6 +44,7 @@ allow, CD_allow
 deny, CD_deny
 bind, CD_bind
 basicauth, CD_basicauth
+basicauthrealm, CD_basicauthrealm
 errorfile, CD_errorfile
 addheader, CD_addheader
 filter, CD_filter

src/conf-tokens.h

@@ -29,6 +29,7 @@ CD_allow,
 CD_deny,
 CD_bind,
 CD_basicauth,
+CD_basicauthrealm,
 CD_errorfile,
 CD_addheader,
 CD_filter,

src/conf.c

@@ -122,6 +122,7 @@ static HANDLE_FUNC (handle_disabled_feature)
 
 static HANDLE_FUNC (handle_allow);
 static HANDLE_FUNC (handle_basicauth);
+static HANDLE_FUNC (handle_basicauthrealm);
 static HANDLE_FUNC (handle_anonymous);
 static HANDLE_FUNC (handle_bind);
 static HANDLE_FUNC (handle_bindsame);
@@ -193,6 +194,7 @@ struct {
         regex_t *cre;
 } directives[] = {
         /* string arguments */
+        STDCONF (basicauthrealm, STR, handle_basicauthrealm),
         STDCONF (logfile, STR, handle_logfile),
         STDCONF (pidfile, STR, handle_pidfile),
         STDCONF (anonymous, STR, handle_anonymous),
@@ -294,6 +296,7 @@ void free_config (struct config_s *conf)
         char *k;
         htab_value *v;
         size_t it;
+        safefree (conf->basicauth_realm);
         safefree (conf->logf_name);
         safefree (conf->stathost);
         safefree (conf->user);
@@ -481,6 +484,7 @@ static void initialize_config_defaults (struct config_s *conf)
          * (FIXME: Should have a better API for all this)
          */
         conf->errorpages = NULL;
+        conf->basicauth_realm = safestrdup (PACKAGE_NAME);
         conf->stathost = safestrdup (TINYPROXY_STATHOST);
         conf->idletimeout = MAX_IDLE_TIME;
         conf->logf_name = NULL;
@@ -634,6 +638,11 @@ set_int_arg (unsigned int *var, const char *line, regmatch_t * match)
  *
  ***********************************************************************/
 
+static HANDLE_FUNC (handle_basicauthrealm)
+{
+        return set_string_arg (&conf->basicauth_realm, line, &match[2]);
+}
+
 static HANDLE_FUNC (handle_logfile)
 {
         return set_string_arg (&conf->logf_name, line, &match[2]);

src/conf.h

@@ -39,6 +39,7 @@ typedef struct {
  */
 struct config_s {
         sblist *basicauth_list;
+        char *basicauth_realm;
         char *logf_name;
         unsigned int syslog;    /* boolean */
         unsigned int port;

src/html-error.c

@@ -172,21 +172,31 @@ int send_http_error_message (struct conn_s *connptr)
             "<p><em>Generated by %s.</em></p>\n" "</body>\n"
             "</html>\n";
 
-        const char p_auth_str[] =
-            "Proxy-Authenticate: Basic realm=\""
-            PACKAGE_NAME "\"\r\n";
-
-        const char w_auth_str[] =
-            "WWW-Authenticate: Basic realm=\""
-            PACKAGE_NAME "\"\r\n";
-
 	/* according to rfc7235, the 407 error must be accompanied by
            a Proxy-Authenticate header field. */
-        const char *add = connptr->error_number == 407 ? p_auth_str :
-                          (connptr->error_number == 401 ? w_auth_str : "");
+        const char *auth_str_type = 
+                connptr->error_number == 407 ? "Proxy-Authenticate" :
+                (connptr->error_number == 401 ? "WWW-Authenticate" : "");
+
+        const char auth_str_tpl[] = "%s: Basic realm=\"%s\"\r\n";
+        char* auth_str_add = NULL;
+
+        if (auth_str_type[0] != 0) {
+                int auth_str_size = snprintf (NULL, 0, auth_str_tpl, 
+                                        auth_str_type, config->basicauth_realm) + 1;
+                if (auth_str_size > 0) {
+                        auth_str_add = safemalloc (auth_str_size);
+                        if (auth_str_add != NULL) {
+                                snprintf (auth_str_add, auth_str_size, auth_str_tpl,
+                                        auth_str_type, config->basicauth_realm);
+                        }
+                }
+        }
 
         send_http_headers (connptr, connptr->error_number,
-                           connptr->error_string, add);
+                           connptr->error_string, auth_str_add ? auth_str_add : "");
+
+        if (auth_str_add) safefree (auth_str_add);
 
         error_file = get_html_file (connptr->error_number);
         if (!error_file || !(infile = fopen (error_file, "r"))) {