fixes #235 Basic realm string editable in config file

tinyproxy · Jul 9, 2024 · 2255d35 · 2255d35
1 parent d652ed8
commit 2255d35
Show file tree

Hide file tree

Showing 10 changed files with 76 additions and 30 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3  1,9 @@
 # Contributer ignore .... where all local testing / learning stuff should be located
 # in this directory ... to not be included in pushes / merges / pull requests
 .local
 # to not include vscode configfolder in pushes / merges / pull requests
 .vscode
 # Ignore from official maintainer of repo
 INSTALL
 Makefile
 Makefile.in

diff --git a/VERSION b/VERSION
@@ -1  1 @@
-1.11.2
 1.11.3
diff --git a/docs/man5/tinyproxy.conf.txt.in b/docs/man5/tinyproxy.conf.txt.in
@@ -239,6  239,15 @@ access is only granted for authenticated users.
 
     BasicAuth user password
 
 =item B<BasicAuthRealm>
 
 In case "BasicAuth" is configured .. the "realm" information.
 "Proxy Authentication Required" status http 407 "error-response" can be
 customized.
 
 - defaults in code to "Tinyproxy" (PACKAGE_NAME) .. if not configured
 - limited to 255 characters. Additional characters will be skipped / ignored.
 
 =item B<AddHeader>
 
 Configure one or more HTTP request headers to be added to outgoing
@@ -420,7  429,7 @@ This manpage was written by the Tinyproxy project team.
 
 =head1 COPYRIGHT
 
-Copyright (c) 1998-2020 the Tinyproxy authors.
 Copyright (c) 1998-2024 the Tinyproxy authors.
 
 This program is distributed under the terms of the GNU General Public
 License version 2 or above. See the COPYING file for additional

diff --git a/etc/tinyproxy.conf.in b/etc/tinyproxy.conf.in
@@ -205,6  205,14 @@ Allow ::1
 # users.
 #BasicAuth user password
 
 # BasicAuthRealm : In case BasicAuth is configured .. the "realm" information.
 # "Proxy Authentication Required" status http 407 "error-response" can be
 # customized.
 #
 # - defaults in code to "Tinyproxy" (PACKAGE_NAME) .. if not configured
 # - limited to 255 characters. Additional characters will be skipped / ignored.
 #BasicAuthRealm "Tinyproxy"
 
 #
 # AddHeader: Adds the specified headers to outgoing HTTP requests that
 # Tinyproxy makes. Note that this option will not work for HTTPS

diff --git a/src/conf-tokens.c b/src/conf-tokens.c
@@ -57,6  57,7 @@ config_directive_find (register const char *str, register size_t len)
       {"connectport", CD_connectport},
       {"logfile", CD_logfile},
       {"basicauth", CD_basicauth},
       {"basicauthrealm", CD_basicauthrealm},
       {"addheader", CD_addheader},
       {"maxrequestsperchild", CD_maxrequestsperchild}
     };

diff --git a/src/conf-tokens.gperf b/src/conf-tokens.gperf
@@ -44,6  44,7 @@ allow, CD_allow
 deny, CD_deny
 bind, CD_bind
 basicauth, CD_basicauth
 basicauthrealm, CD_basicauthrealm
 errorfile, CD_errorfile
 addheader, CD_addheader
 filter, CD_filter

diff --git a/src/conf-tokens.h b/src/conf-tokens.h
@@ -29,6  29,7 @@ CD_allow,
 CD_deny,
 CD_bind,
 CD_basicauth,
 CD_basicauthrealm,
 CD_errorfile,
 CD_addheader,
 CD_filter,

diff --git a/src/conf.c b/src/conf.c
@@ -122,6  122,7 @@ static HANDLE_FUNC (handle_disabled_feature)
 
 static HANDLE_FUNC (handle_allow);
 static HANDLE_FUNC (handle_basicauth);
 static HANDLE_FUNC (handle_basicauthrealm);
 static HANDLE_FUNC (handle_anonymous);
 static HANDLE_FUNC (handle_bind);
 static HANDLE_FUNC (handle_bindsame);
@@ -193,18  194,19 @@ struct {
         regex_t *cre;
 } directives[] = {
         /* string arguments */
         STDCONF (basicauthrealm, STR, handle_basicauthrealm),
         STDCONF (logfile, STR, handle_logfile),
         STDCONF (pidfile, STR, handle_pidfile),
         STDCONF (anonymous, STR, handle_anonymous),
         STDCONF (viaproxyname, STR, handle_viaproxyname),
         STDCONF (defaulterrorfile, STR, handle_defaulterrorfile),
         STDCONF (statfile, STR, handle_statfile),
         STDCONF (stathost, STR, handle_stathost),
-        STDCONF (xtinyproxy,  BOOL, handle_xtinyproxy),
         /* boolean arguments */
         STDCONF (syslog, BOOL, handle_syslog),
         STDCONF (bindsame, BOOL, handle_bindsame),
         STDCONF (disableviaheader, BOOL, handle_disableviaheader),
         STDCONF (xtinyproxy,  BOOL, handle_xtinyproxy),
         /* integer arguments */
         STDCONF (port, INT, handle_port),
         STDCONF (maxclients, INT, handle_maxclients),
@@ -634,6  636,32 @@ set_int_arg (unsigned int *var, const char *line, regmatch_t * match)
  *
  ***********************************************************************/
 
 static HANDLE_FUNC (handle_basicauth)
 {
         char *user, *pass;
         user = get_string_arg(line, &match[2]);
         if (!user)
                 return -1;
         pass = get_string_arg(line, &match[3]);
         if (!pass) {
                 safefree (user);
                 return -1;
         }
         if (!conf->basicauth_list) {
                 conf->basicauth_list = sblist_new (sizeof(char*), 16);
         }
 
         basicauth_add (conf->basicauth_list, user, pass);
         safefree (user);
         safefree (pass);
         return 0;
 }
 
 static HANDLE_FUNC (handle_basicauthrealm)
 {
         return set_string_arg (&conf->basicauthrealm, line, &match[2]);
 }
 
 static HANDLE_FUNC (handle_logfile)
 {
         return set_string_arg (&conf->logf_name, line, &match[2]);
@@ -933,27  961,6 @@ static HANDLE_FUNC (handle_loglevel)
         return -1;
 }
 
-static HANDLE_FUNC (handle_basicauth)
-{
-        char *user, *pass;
-        user = get_string_arg(line, &match[2]);
-        if (!user)
-                return -1;
-        pass = get_string_arg(line, &match[3]);
-        if (!pass) {
-                safefree (user);
-                return -1;
-        }
-        if (!conf->basicauth_list) {
-                conf->basicauth_list = sblist_new (sizeof(char*), 16);
-        }
-
-        basicauth_add (conf->basicauth_list, user, pass);
-        safefree (user);
-        safefree (pass);
-        return 0;
-}
-
 #ifdef FILTER_ENABLE
 
 static void warn_deprecated(const char *arg, unsigned long lineno) {

diff --git a/src/conf.h b/src/conf.h
@@ -39,6  39,7 @@ typedef struct {
  */
 struct config_s {
         sblist *basicauth_list;
         char *basicauthrealm;
         char *logf_name;
         unsigned int syslog;    /* boolean */
         unsigned int port;

diff --git a/src/html-error.c b/src/html-error.c
@@ -172,13  172,25 @@ int send_http_error_message (struct conn_s *connptr)
             "<p><em>Generated by %s.</em></p>\n" "</body>\n"
             "</html>\n";
 
-        const char p_auth_str[] =
-            "Proxy-Authenticate: Basic realm=\""
-            PACKAGE_NAME "\"\r\n";
         char config_basicauthrealm[256];
 
-        const char w_auth_str[] =
-            "WWW-Authenticate: Basic realm=\""
-            PACKAGE_NAME "\"\r\n";
         if (config->basicauthrealm != NULL && config->basicauthrealm[0] != '\0') {
         strncpy(config_basicauthrealm, config->basicauthrealm, 255);
         } else {
         /* Default-Value ... if nothing is configured */
         strncpy(config_basicauthrealm, PACKAGE_NAME, 255);
         }
         config_basicauthrealm[255] = '\0';
 
         const char p_auth_str[300];
         snprintf(p_auth_str, sizeof(p_auth_str), 
                  "Proxy-Authenticate: Basic realm=\"%s\"\r\n", 
                  config_basicauthrealm);
 
         const char w_auth_str[300];
         snprintf(w_auth_str, sizeof(w_auth_str), 
                  "WWW-Authenticate: Basic realm=\"%s\"\r\n", 
                  config_basicauthrealm);
 
 	/* according to rfc7235, the 407 error must be accompanied by
            a Proxy-Authenticate header field. */