From: Jérôme Magnin <jmagnin@haproxy.com>
Date: Fri, 28 Dec 2018 13:49:08 +0000 (+0100)
Subject: BUG/MINOR: htx: send the proper authenticate header when using http-request auth
X-Git-Tag: v2.0-dev1~316
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=86cef23266cff1d51fa23357b666dffc6a82ce73;p=thirdparty%2Fhaproxy.git

BUG/MINOR: htx: send the proper authenticate header when using http-request auth

When we use htx and http-request auth rules, we need to send WWW-Authenticate
with a 401 and Proxy-Authenticate with a 407. We only sent Proxy-Authenticate
regardless of status, with htx enabled.

To be backported to 1.9.
---

diff --git a/src/proto_htx.c b/src/proto_htx.c
index 4573c6891a..2a021938e4 100644
--- a/src/proto_htx.c
+++ b/src/proto_htx.c
@@ -5435,10 +5435,12 @@ static int htx_reply_40x_unauthorized(struct stream *s, const char *auth_realm)
 
         if (!htx_add_header(htx, ist("Cache-Control"), ist("no-cache")) ||
 	    !htx_add_header(htx, ist("Connection"), ist("close")) ||
-	    !htx_add_header(htx, ist("Content-Type"), ist("text/html")) ||
-	    !htx_add_header(htx, ist("Proxy-Authenticate"), ist2(trash.area, trash.data)))
+	    !htx_add_header(htx, ist("Content-Type"), ist("text/html")))
+		goto fail;
+	if (status == 401 && !htx_add_header(htx, ist("WWW-Authenticate"), ist2(trash.area, trash.data)))
+		goto fail;
+	if (status == 407 && !htx_add_header(htx, ist("Proxy-Authenticate"), ist2(trash.area, trash.data)))
 		goto fail;
-
 	if (!htx_add_endof(htx, HTX_BLK_EOH) || !htx_add_data(htx, body) || !htx_add_endof(htx, HTX_BLK_EOM))
 		goto fail;