bughz/tinyproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Basic Auth: send correct response codes and headers acc. to rfc7235

Browse Source 
as reported by @natedogith1
This commit is contained in:
rofl0r 2018-01-28 04:32:59 +00:00 committed by rofl0r
parent 8db511b9bf
commit bd04ed00d8
2 changed files with 45 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/html-error.c
View File

@ -156,13 +156,24 @@ send_html_file (FILE *infile, struct conn_s *connptr)
int send_http_headers (struct conn_s *connptr, int code, const char *message) int send_http_headers (struct conn_s *connptr, int code, const char *message)
{ {
const char *headers = const char headers[] =
"HTTP/1.0 %d %s\r\n" "HTTP/1.0 %d %s\r\n"
"Server: %s/%s\r\n" "Server: %s/%s\r\n"
"Content-Type: text/html\r\n" "Connection: close\r\n" "\r\n"; "Content-Type: text/html\r\n"
"%s"
"Connection: close\r\n" "\r\n";
const char auth_str[] =
"Proxy-Authenticate: Basic realm=\""
PACKAGE_NAME "\"\r\n";
/* according to rfc7235, the 407 error must be accompanied by
a Proxy-Authenticate header field. */
const char *add = code == 407 ? auth_str : "";
return (write_message (connptr->client_fd, headers, return (write_message (connptr->client_fd, headers,
code, message, PACKAGE, VERSION)); code, message, PACKAGE, VERSION,
add));
} }
/* /*

54
src/reqs.c
View File

@ -1563,29 +1563,37 @@ void handle_connection (int fd)
goto fail; goto fail;
} }
if (config.basicauth_list != NULL) { if (config.basicauth_list != NULL) {
ssize_t len; ssize_t len;
char *authstring; char *authstring;
int failure = 1; int failure = 1;
len = hashmap_entry_by_key (hashofheaders, "proxy-authorization", len = hashmap_entry_by_key (hashofheaders, "proxy-authorization",
(void **) &authstring); (void **) &authstring);
if (len > 0 &&
/* currently only "basic" auth supported */ if (len == 0) {
(strncmp(authstring, "Basic ", 6) == 0 || update_stats (STAT_DENIED);
strncmp(authstring, "basic ", 6) == 0) && indicate_http_error (connptr, 407, "Proxy Authentication Required",
basicauth_check (config.basicauth_list, authstring + 6) == 1) "detail",
failure = 0; "This proxy requires authentication.",
if(failure) { NULL);
update_stats (STAT_DENIED); goto fail;
indicate_http_error (connptr, 403, "Access denied", }
"detail", if ( /* currently only "basic" auth supported */
"The administrator of this proxy has not configured " (strncmp(authstring, "Basic ", 6) == 0 ||
"it to service requests from you.", strncmp(authstring, "basic ", 6) == 0) &&
NULL); basicauth_check (config.basicauth_list, authstring + 6) == 1)
goto fail; failure = 0;
} if(failure) {
hashmap_remove (hashofheaders, "proxy-authorization"); update_stats (STAT_DENIED);
} indicate_http_error (connptr, 401, "Unauthorized",
"detail",
"The administrator of this proxy has not configured "
"it to service requests from you.",
NULL);
goto fail;
}
hashmap_remove (hashofheaders, "proxy-authorization");
}
/* /*
* Add any user-specified headers (AddHeader directive) to the * Add any user-specified headers (AddHeader directive) to the