diff --git a/src/html-error.c b/src/html-error.c index 38adf85..0c011a7 100644 --- a/src/html-error.c +++ b/src/html-error.c @@ -156,13 +156,24 @@ send_html_file (FILE *infile, struct conn_s *connptr) int send_http_headers (struct conn_s *connptr, int code, const char *message) { - const char *headers = + const char headers[] = "HTTP/1.0 %d %s\r\n" "Server: %s/%s\r\n" - "Content-Type: text/html\r\n" "Connection: close\r\n" "\r\n"; + "Content-Type: text/html\r\n" + "%s" + "Connection: close\r\n" "\r\n"; + + const char auth_str[] = + "Proxy-Authenticate: Basic realm=\"" + PACKAGE_NAME "\"\r\n"; + + /* according to rfc7235, the 407 error must be accompanied by + a Proxy-Authenticate header field. */ + const char *add = code == 407 ? auth_str : ""; return (write_message (connptr->client_fd, headers, - code, message, PACKAGE, VERSION)); + code, message, PACKAGE, VERSION, + add)); } /* diff --git a/src/reqs.c b/src/reqs.c index 83fecf3..0e4e5f7 100644 --- a/src/reqs.c +++ b/src/reqs.c @@ -1563,29 +1563,37 @@ void handle_connection (int fd) goto fail; } - if (config.basicauth_list != NULL) { - ssize_t len; - char *authstring; - int failure = 1; - len = hashmap_entry_by_key (hashofheaders, "proxy-authorization", - (void **) &authstring); - if (len > 0 && - /* currently only "basic" auth supported */ - (strncmp(authstring, "Basic ", 6) == 0 || - strncmp(authstring, "basic ", 6) == 0) && - basicauth_check (config.basicauth_list, authstring + 6) == 1) - failure = 0; - if(failure) { - update_stats (STAT_DENIED); - indicate_http_error (connptr, 403, "Access denied", - "detail", - "The administrator of this proxy has not configured " - "it to service requests from you.", - NULL); - goto fail; - } - hashmap_remove (hashofheaders, "proxy-authorization"); - } + if (config.basicauth_list != NULL) { + ssize_t len; + char *authstring; + int failure = 1; + len = hashmap_entry_by_key (hashofheaders, "proxy-authorization", + (void **) &authstring); + + if (len == 0) { + update_stats (STAT_DENIED); + indicate_http_error (connptr, 407, "Proxy Authentication Required", + "detail", + "This proxy requires authentication.", + NULL); + goto fail; + } + if ( /* currently only "basic" auth supported */ + (strncmp(authstring, "Basic ", 6) == 0 || + strncmp(authstring, "basic ", 6) == 0) && + basicauth_check (config.basicauth_list, authstring + 6) == 1) + failure = 0; + if(failure) { + update_stats (STAT_DENIED); + indicate_http_error (connptr, 401, "Unauthorized", + "detail", + "The administrator of this proxy has not configured " + "it to service requests from you.", + NULL); + goto fail; + } + hashmap_remove (hashofheaders, "proxy-authorization"); + } /* * Add any user-specified headers (AddHeader directive) to the