From 3a0ec493b369268f7bb2dc02a78d6a2ffb41f633 Mon Sep 17 00:00:00 2001 From: Fredrik Tolf Date: Wed, 13 Apr 2011 14:34:56 +0200 Subject: [PATCH] htextauth: Ensure that the same challenge is provided in the failure response. --- src/htextauth.c | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/src/htextauth.c b/src/htextauth.c index 1fbea07..4a7e29d 100644 --- a/src/htextauth.c +++ b/src/htextauth.c @@ -82,6 +82,38 @@ static void reqauth(struct hthead *req, int fd) buffree(buf); } +static void authinval(struct hthead *req, int fd, char *msg) +{ + struct charbuf buf; + FILE *out; + char *rn; + + rn = realm; + if(rn == NULL) + rn = "auth"; + bufinit(buf); + bufcatstr(buf, "\r\n"); + bufcatstr(buf, "\r\n"); + bufcatstr(buf, "\r\n"); + bufcatstr(buf, "\r\n"); + bprintf(&buf, "Invalid authentication\r\n"); + bufcatstr(buf, "\r\n"); + bufcatstr(buf, "\r\n"); + bprintf(&buf, "

Invalid authentication

\r\n"); + bprintf(&buf, "

%s

\r\n", htmlquote(msg)); + bufcatstr(buf, "\r\n"); + bufcatstr(buf, "\r\n"); + out = fdopen(dup(fd), "w"); + fprintf(out, "HTTP/1.1 401 Invalid authentication\n"); + fprintf(out, "WWW-Authenticate: Basic realm=\"%s\"\n", rn); + fprintf(out, "Content-Type: text/html\n"); + fprintf(out, "Content-Length: %zi\n", buf.d); + fprintf(out, "\n"); + fwrite(buf.b, 1, buf.d, out); + fclose(out); + buffree(buf); +} + static void cleancache(int complete) { struct cache *c, *n; @@ -256,7 +288,7 @@ static int auth(struct hthead *req, int fd, char *user, char *pass) if(WIFEXITED(status) && (WEXITSTATUS(status) == 0)) rv = 1; else - simpleerror(fd, 401, "Invalid authentication", msg); + authinval(req, fd, msg); buffree(ebuf); return(rv); } -- 2.11.0