X-Git-Url: http://www.dolda2000.com/gitweb/?a=blobdiff_plain;f=src%2Fhtextauth.c;h=c12e1a47398e3f509d64469f3003186d8f4ed899;hb=595adb9922885c2a05bc6917ee8f8f02f496e618;hp=f20c77609d6ca03e68fa0ae94d8e4e462fe73403;hpb=b4fda020a4507a33abc22f7678288e2f92db3a4e;p=ashd.git

diff --git a/src/htextauth.c b/src/htextauth.c
index f20c776..c12e1a4 100644
--- a/src/htextauth.c
+++ b/src/htextauth.c
@@ -82,6 +82,38 @@ static void reqauth(struct hthead *req, int fd)
     buffree(buf);
 }
 
+static void authinval(struct hthead *req, int fd, char *msg)
+{
+    struct charbuf buf;
+    FILE *out;
+    char *rn;
+    
+    rn = realm;
+    if(rn == NULL)
+	rn = "auth";
+    bufinit(buf);
+    bufcatstr(buf, "<?xml version=\"1.0\" encoding=\"US-ASCII\"?>\r\n");
+    bufcatstr(buf, "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n");
+    bufcatstr(buf, "<html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"en-US\" xml:lang=\"en-US\">\r\n");
+    bufcatstr(buf, "<head>\r\n");
+    bprintf(&buf, "<title>Invalid authentication</title>\r\n");
+    bufcatstr(buf, "</head>\r\n");
+    bufcatstr(buf, "<body>\r\n");
+    bprintf(&buf, "<h1>Invalid authentication</h1>\r\n");
+    bprintf(&buf, "<p>%s</p>\r\n", htmlquote(msg));
+    bufcatstr(buf, "</body>\r\n");
+    bufcatstr(buf, "</html>\r\n");
+    out = fdopen(dup(fd), "w");
+    fprintf(out, "HTTP/1.1 401 Invalid authentication\n");
+    fprintf(out, "WWW-Authenticate: Basic realm=\"%s\"\n", rn);
+    fprintf(out, "Content-Type: text/html\n");
+    fprintf(out, "Content-Length: %zi\n", buf.d);
+    fprintf(out, "\n");
+    fwrite(buf.b, 1, buf.d, out);
+    fclose(out);
+    buffree(buf);
+}
+
 static void cleancache(int complete)
 {
     struct cache *c, *n;
@@ -162,6 +194,12 @@ static void serve(struct hthead *req, int fd)
     }
     memset(raw, 0, strlen(raw));
     headrmheader(req, "Authorization");
+    for(p = dec; *p; p++) {
+	if(*p < 32) {
+	    simpleerror(fd, 400, "Invalid request", "The authentication data is invalid.");
+	    goto out;
+	}
+    }
     if((p = strchr(dec, ':')) == NULL) {
 	simpleerror(fd, 400, "Invalid request", "The authentication data is invalid.");
 	goto out;
@@ -198,10 +236,6 @@ static int auth(struct hthead *req, int fd, char *user, char *pass)
     FILE *out;
     
     rv = 0;
-    if(strchr(user, '\n') || strchr(pass, '\n')) {
-	simpleerror(fd, 401, "Invalid authentication", "The supplied credentials are invalid.");
-	return(0);
-    }
     msg = "The supplied credentials are invalid.";
     pipe(pfd);
     pipe(efd);
@@ -251,10 +285,12 @@ static int auth(struct hthead *req, int fd, char *user, char *pass)
 	buffree(ebuf);
 	return(0);
     }
+    if(WCOREDUMP(status))
+	flog(LOG_WARNING, "htextauth: authenticator process dumped core");
     if(WIFEXITED(status) && (WEXITSTATUS(status) == 0))
 	rv = 1;
     else
-	simpleerror(fd, 401, "Invalid authentication", msg);
+	authinval(req, fd, msg);
     buffree(ebuf);
     return(rv);
 }