Basic realm string editable in config file

tinyproxy · Jul 11, 2024 · f2074a3 · f2074a3
1 parent d652ed8
commit f2074a3
Show file tree

Hide file tree

Showing 9 changed files with 52 additions and 12 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3  1,9 @@
 # Contributer ignore ... where all local testing / learning stuff should be located
 # in this directory ... to not be included in pushes / merges / pull requests
 .local
 # to not include vscode configfolder in pushes / merges / pull requests
 .vscode
 # Ignore from official maintainer of repo
 INSTALL
 Makefile
 Makefile.in

diff --git a/docs/man5/tinyproxy.conf.txt.in b/docs/man5/tinyproxy.conf.txt.in
@@ -239,6  239,14 @@ access is only granted for authenticated users.
 
     BasicAuth user password
 
 =item B<BasicAuthRealm>
 
 In case "BasicAuth" is configured, the "realm" information.
 "Proxy Authentication Required" status http 407 "error-response" can be
 customized.
 
 - defaults in code to "Tinyproxy" (PACKAGE_NAME), if not configured.
 
 =item B<AddHeader>
 
 Configure one or more HTTP request headers to be added to outgoing
@@ -420,7  428,7 @@ This manpage was written by the Tinyproxy project team.
 
 =head1 COPYRIGHT
 
-Copyright (c) 1998-2020 the Tinyproxy authors.
 Copyright (c) 1998-2024 the Tinyproxy authors.
 
 This program is distributed under the terms of the GNU General Public
 License version 2 or above. See the COPYING file for additional

diff --git a/etc/tinyproxy.conf.in b/etc/tinyproxy.conf.in
@@ -205,6  205,13 @@ Allow ::1
 # users.
 #BasicAuth user password
 
 # BasicAuthRealm : In case BasicAuth is configured, the "realm" information.
 # "Proxy Authentication Required" status http 407 "error-response" can be
 # customized.
 #
 # - defaults in code to "Tinyproxy" (PACKAGE_NAME), if not configured.
 #BasicAuthRealm "Tinyproxy"
 
 #
 # AddHeader: Adds the specified headers to outgoing HTTP requests that
 # Tinyproxy makes. Note that this option will not work for HTTPS

diff --git a/src/conf-tokens.c b/src/conf-tokens.c
@@ -57,6  57,7 @@ config_directive_find (register const char *str, register size_t len)
       {"connectport", CD_connectport},
       {"logfile", CD_logfile},
       {"basicauth", CD_basicauth},
       {"basicauthrealm", CD_basicauthrealm},
       {"addheader", CD_addheader},
       {"maxrequestsperchild", CD_maxrequestsperchild}
     };

diff --git a/src/conf-tokens.gperf b/src/conf-tokens.gperf
@@ -44,6  44,7 @@ allow, CD_allow
 deny, CD_deny
 bind, CD_bind
 basicauth, CD_basicauth
 basicauthrealm, CD_basicauthrealm
 errorfile, CD_errorfile
 addheader, CD_addheader
 filter, CD_filter

diff --git a/src/conf-tokens.h b/src/conf-tokens.h
@@ -29,6  29,7 @@ CD_allow,
 CD_deny,
 CD_bind,
 CD_basicauth,
 CD_basicauthrealm,
 CD_errorfile,
 CD_addheader,
 CD_filter,

diff --git a/src/conf.c b/src/conf.c
@@ -122,6  122,7 @@ static HANDLE_FUNC (handle_disabled_feature)
 
 static HANDLE_FUNC (handle_allow);
 static HANDLE_FUNC (handle_basicauth);
 static HANDLE_FUNC (handle_basicauthrealm);
 static HANDLE_FUNC (handle_anonymous);
 static HANDLE_FUNC (handle_bind);
 static HANDLE_FUNC (handle_bindsame);
@@ -193,6  194,7 @@ struct {
         regex_t *cre;
 } directives[] = {
         /* string arguments */
         STDCONF (basicauthrealm, STR, handle_basicauthrealm),
         STDCONF (logfile, STR, handle_logfile),
         STDCONF (pidfile, STR, handle_pidfile),
         STDCONF (anonymous, STR, handle_anonymous),
@@ -294,6  296,7 @@ void free_config (struct config_s *conf)
         char *k;
         htab_value *v;
         size_t it;
         safefree (conf->basicauth_realm);
         safefree (conf->logf_name);
         safefree (conf->stathost);
         safefree (conf->user);
@@ -480,6  483,7 @@ static void initialize_config_defaults (struct config_s *conf)
          * Make sure the HTML error pages array is NULL to begin with.
          * (FIXME: Should have a better API for all this)
          */
         conf->basicauth_realm = safestrdup (PACKAGE_NAME);
         conf->errorpages = NULL;
         conf->stathost = safestrdup (TINYPROXY_STATHOST);
         conf->idletimeout = MAX_IDLE_TIME;
@@ -634,6  638,11 @@ set_int_arg (unsigned int *var, const char *line, regmatch_t * match)
  *
  ***********************************************************************/
 
 static HANDLE_FUNC (handle_basicauthrealm)
 {
         return set_string_arg (&conf->basicauth_realm, line, &match[2]);
 }
 
 static HANDLE_FUNC (handle_logfile)
 {
         return set_string_arg (&conf->logf_name, line, &match[2]);

diff --git a/src/conf.h b/src/conf.h
@@ -39,6  39,7 @@ typedef struct {
  */
 struct config_s {
         sblist *basicauth_list;
         char *basicauth_realm;
         char *logf_name;
         unsigned int syslog;    /* boolean */
         unsigned int port;

diff --git a/src/html-error.c b/src/html-error.c
@@ -172,21  172,27 @@ int send_http_error_message (struct conn_s *connptr)
             "<p><em>Generated by %s.</em></p>\n" "</body>\n"
             "</html>\n";
 
-        const char p_auth_str[] =
-            "Proxy-Authenticate: Basic realm=\""
-            PACKAGE_NAME "\"\r\n";
-
-        const char w_auth_str[] =
-            "WWW-Authenticate: Basic realm=\""
-            PACKAGE_NAME "\"\r\n";
-
 	/* according to rfc7235, the 407 error must be accompanied by
            a Proxy-Authenticate header field. */
-        const char *add = connptr->error_number == 407 ? p_auth_str :
-                          (connptr->error_number == 401 ? w_auth_str : "");
         const char *auth_str_type = connptr->error_number == 407 ? "Proxy-Authenticate" :
                                    (connptr->error_number == 401 ? "WWW-Authenticate" : "");
 
         const char auth_str_tpl[] = "%s: Basic realm=\"%s\"\r\n";
         int auth_str_size = snprintf(NULL, 0, auth_str_tpl, 
                                         auth_str_type, config->basicauth_realm)   1;
         char* auth_str_add = safemalloc(auth_str_size);
         snprintf(auth_str_add, auth_str_size, auth_str_tpl,
                                         auth_str_type, config->basicauth_realm);
 
         /* Reset to empty string if auth_str_type is no error_number 401 or 407 case */
         if (auth_str_type[0] == '\0') {
                 auth_str_add[0] = '\0';
         }
 
         send_http_headers (connptr, connptr->error_number,
-                           connptr->error_string, add);
                            connptr->error_string, auth_str_add);
 
         safefree (auth_str_add);
 
         error_file = get_html_file (connptr->error_number);
         if (!error_file || !(infile = fopen (error_file, "r"))) {