diff --git a/.gitignore b/.gitignore index 57e9988d..eb98075a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,9 @@ +# Contributer ignore .... where all local testing / learning stuff should be located +# in this directory ... to not be included in pushes / merges / pull requests +.local +# to not include vscode configfolder in pushes / merges / pull requests +.vscode +# Ignore from official maintainer of repo INSTALL Makefile Makefile.in diff --git a/VERSION b/VERSION index ca717669..0a5af26d 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.11.2 +1.11.3 diff --git a/docs/man5/tinyproxy.conf.txt.in b/docs/man5/tinyproxy.conf.txt.in index ed137e2b..bbdc2b41 100644 --- a/docs/man5/tinyproxy.conf.txt.in +++ b/docs/man5/tinyproxy.conf.txt.in @@ -239,6 +239,15 @@ access is only granted for authenticated users. BasicAuth user password +=item B + +In case "BasicAuth" is configured .. the "realm" information. +"Proxy Authentication Required" status http 407 "error-response" can be +customized. + +- defaults in code to "Tinyproxy" (PACKAGE_NAME) .. if not configured +- limited to 255 characters. Additional characters will be skipped / ignored. + =item B Configure one or more HTTP request headers to be added to outgoing @@ -420,7 +429,7 @@ This manpage was written by the Tinyproxy project team. =head1 COPYRIGHT -Copyright (c) 1998-2020 the Tinyproxy authors. +Copyright (c) 1998-2024 the Tinyproxy authors. This program is distributed under the terms of the GNU General Public License version 2 or above. See the COPYING file for additional diff --git a/etc/tinyproxy.conf.in b/etc/tinyproxy.conf.in index af91d039..0e9a4a16 100644 --- a/etc/tinyproxy.conf.in +++ b/etc/tinyproxy.conf.in @@ -205,6 +205,14 @@ Allow ::1 # users. #BasicAuth user password +# BasicAuthRealm : In case BasicAuth is configured .. the "realm" information. +# "Proxy Authentication Required" status http 407 "error-response" can be +# customized. +# +# - defaults in code to "Tinyproxy" (PACKAGE_NAME) .. if not configured +# - limited to 255 characters. Additional characters will be skipped / ignored. +#BasicAuthRealm "Tinyproxy" + # # AddHeader: Adds the specified headers to outgoing HTTP requests that # Tinyproxy makes. Note that this option will not work for HTTPS diff --git a/src/conf-tokens.c b/src/conf-tokens.c index 2a1ddbe8..c94135fd 100644 --- a/src/conf-tokens.c +++ b/src/conf-tokens.c @@ -57,6 +57,7 @@ config_directive_find (register const char *str, register size_t len) {"connectport", CD_connectport}, {"logfile", CD_logfile}, {"basicauth", CD_basicauth}, + {"basicauthrealm", CD_basicauthrealm}, {"addheader", CD_addheader}, {"maxrequestsperchild", CD_maxrequestsperchild} }; diff --git a/src/conf-tokens.gperf b/src/conf-tokens.gperf index f027a23b..1013d591 100644 --- a/src/conf-tokens.gperf +++ b/src/conf-tokens.gperf @@ -44,6 +44,7 @@ allow, CD_allow deny, CD_deny bind, CD_bind basicauth, CD_basicauth +basicauthrealm, CD_basicauthrealm errorfile, CD_errorfile addheader, CD_addheader filter, CD_filter diff --git a/src/conf-tokens.h b/src/conf-tokens.h index a6338f8f..01c8ccb2 100644 --- a/src/conf-tokens.h +++ b/src/conf-tokens.h @@ -29,6 +29,7 @@ CD_allow, CD_deny, CD_bind, CD_basicauth, +CD_basicauthrealm, CD_errorfile, CD_addheader, CD_filter, diff --git a/src/conf.c b/src/conf.c index 4b5f33a8..d335e29f 100644 --- a/src/conf.c +++ b/src/conf.c @@ -122,6 +122,7 @@ static HANDLE_FUNC (handle_disabled_feature) static HANDLE_FUNC (handle_allow); static HANDLE_FUNC (handle_basicauth); +static HANDLE_FUNC (handle_basicauthrealm); static HANDLE_FUNC (handle_anonymous); static HANDLE_FUNC (handle_bind); static HANDLE_FUNC (handle_bindsame); @@ -193,6 +194,7 @@ struct { regex_t *cre; } directives[] = { /* string arguments */ + STDCONF (basicauthrealm, STR, handle_basicauthrealm), STDCONF (logfile, STR, handle_logfile), STDCONF (pidfile, STR, handle_pidfile), STDCONF (anonymous, STR, handle_anonymous), @@ -200,11 +202,11 @@ struct { STDCONF (defaulterrorfile, STR, handle_defaulterrorfile), STDCONF (statfile, STR, handle_statfile), STDCONF (stathost, STR, handle_stathost), - STDCONF (xtinyproxy, BOOL, handle_xtinyproxy), /* boolean arguments */ STDCONF (syslog, BOOL, handle_syslog), STDCONF (bindsame, BOOL, handle_bindsame), STDCONF (disableviaheader, BOOL, handle_disableviaheader), + STDCONF (xtinyproxy, BOOL, handle_xtinyproxy), /* integer arguments */ STDCONF (port, INT, handle_port), STDCONF (maxclients, INT, handle_maxclients), @@ -634,6 +636,32 @@ set_int_arg (unsigned int *var, const char *line, regmatch_t * match) * ***********************************************************************/ +static HANDLE_FUNC (handle_basicauth) +{ + char *user, *pass; + user = get_string_arg(line, &match[2]); + if (!user) + return -1; + pass = get_string_arg(line, &match[3]); + if (!pass) { + safefree (user); + return -1; + } + if (!conf->basicauth_list) { + conf->basicauth_list = sblist_new (sizeof(char*), 16); + } + + basicauth_add (conf->basicauth_list, user, pass); + safefree (user); + safefree (pass); + return 0; +} + +static HANDLE_FUNC (handle_basicauthrealm) +{ + return set_string_arg (&conf->basicauthrealm, line, &match[2]); +} + static HANDLE_FUNC (handle_logfile) { return set_string_arg (&conf->logf_name, line, &match[2]); @@ -933,27 +961,6 @@ static HANDLE_FUNC (handle_loglevel) return -1; } -static HANDLE_FUNC (handle_basicauth) -{ - char *user, *pass; - user = get_string_arg(line, &match[2]); - if (!user) - return -1; - pass = get_string_arg(line, &match[3]); - if (!pass) { - safefree (user); - return -1; - } - if (!conf->basicauth_list) { - conf->basicauth_list = sblist_new (sizeof(char*), 16); - } - - basicauth_add (conf->basicauth_list, user, pass); - safefree (user); - safefree (pass); - return 0; -} - #ifdef FILTER_ENABLE static void warn_deprecated(const char *arg, unsigned long lineno) { diff --git a/src/conf.h b/src/conf.h index 0a0f06f7..6b63807a 100644 --- a/src/conf.h +++ b/src/conf.h @@ -39,6 +39,7 @@ typedef struct { */ struct config_s { sblist *basicauth_list; + char *basicauthrealm; char *logf_name; unsigned int syslog; /* boolean */ unsigned int port; diff --git a/src/html-error.c b/src/html-error.c index 5dec9195..f3a976ee 100644 --- a/src/html-error.c +++ b/src/html-error.c @@ -172,13 +172,25 @@ int send_http_error_message (struct conn_s *connptr) "

Generated by %s.

\n" "\n" "\n"; - const char p_auth_str[] = - "Proxy-Authenticate: Basic realm=\"" - PACKAGE_NAME "\"\r\n"; + char config_basicauthrealm[256]; - const char w_auth_str[] = - "WWW-Authenticate: Basic realm=\"" - PACKAGE_NAME "\"\r\n"; + if (config->basicauthrealm != NULL && config->basicauthrealm[0] != '\0') { + strncpy(config_basicauthrealm, config->basicauthrealm, 255); + } else { + /* Default-Value ... if nothing is configured */ + strncpy(config_basicauthrealm, PACKAGE_NAME, 255); + } + config_basicauthrealm[255] = '\0'; + + const char p_auth_str[300]; + snprintf(p_auth_str, sizeof(p_auth_str), + "Proxy-Authenticate: Basic realm=\"%s\"\r\n", + config_basicauthrealm); + + const char w_auth_str[300]; + snprintf(w_auth_str, sizeof(w_auth_str), + "WWW-Authenticate: Basic realm=\"%s\"\r\n", + config_basicauthrealm); /* according to rfc7235, the 407 error must be accompanied by a Proxy-Authenticate header field. */