fix usage of stathost in combination with basic auth

http protocol requires different treatment of proxy auth vs server auth. fixes #246
2019-06-14 01:18:17 +01:00 · 2019-06-14 01:18:17 +01:00 · 734ba1d970
commit 734ba1d970
parent e666e4a35b
2 changed files with 19 additions and 3 deletions
--- a/src/html-error.c
+++ b/src/html-error.c
@ -164,13 +164,17 @@ int send_http_headers (struct conn_s *connptr, int code, const char *message)
            "%s"
            "Connection: close\r\n" "\r\n";

-        const char auth_str[] =
+        const char p_auth_str[] =
            "Proxy-Authenticate: Basic realm=\""
            PACKAGE_NAME "\"\r\n";

+        const char w_auth_str[] =
+            "WWW-Authenticate: Basic realm=\""
+            PACKAGE_NAME "\"\r\n";
+
 	/* according to rfc7235, the 407 error must be accompanied by
           a Proxy-Authenticate header field. */
-        const char *add = code == 407 ? auth_str : "";
+        const char *add = code == 407 ? p_auth_str : (code == 401 ? w_auth_str : "");

        return (write_message (connptr->client_fd, headers,
                               code, message, PACKAGE, VERSION,
--- a/src/reqs.c
+++ b/src/reqs.c
@ -1611,11 +1611,22 @@ void handle_connection (int fd)
        if (config.basicauth_list != NULL) {
                ssize_t len;
                char *authstring;
-                int failure = 1;
+                int failure = 1, stathost_connect = 0;
                len = hashmap_entry_by_key (hashofheaders, "proxy-authorization",
                                            (void **) &authstring);

+                if (len == 0 && config.stathost) {
+                        len = hashmap_entry_by_key (hashofheaders, "host",
+                                                    (void **) &authstring);
+                        if (len && !strncmp(authstring, config.stathost, strlen(config.stathost))) {
+                                len = hashmap_entry_by_key (hashofheaders, "authorization",
+                                                            (void **) &authstring);
+                                stathost_connect = 1;
+                        } else len = 0;
+                }
+
                if (len == 0) {
+                        if (stathost_connect) goto e401;
                        update_stats (STAT_DENIED);
                        indicate_http_error (connptr, 407, "Proxy Authentication Required",
                                             "detail",
@ -1629,6 +1640,7 @@ void handle_connection (int fd)
                        basicauth_check (config.basicauth_list, authstring + 6) == 1)
                                failure = 0;
                if(failure) {
+e401:
                        update_stats (STAT_DENIED);
                        indicate_http_error (connptr, 401, "Unauthorized",
                                             "detail",