} else {
$correctPw = ''; # Set $correctPw back to blank if we can't open the file - so auth will fail
print STDERR sortableDate() . " Can't open password file $user.user or $user.password in
$path\n Error: $!\n";
}
}
# check the credentials
say ("User: $user, ExpiresEpoch is: $expiresEpoch and time is " . time . "\n",5);
if (($expiresEpoch) and ($expiresEpoch < time)) {
# account is expired - send 401 "unauthorized"
if ($user) {
logevent ($user,$$headers{'x-forwarded-for'},"Password is expired as of $expires");
print STDERR sortableDate() . " $user Password is expired as of $expires\n";
}
if ($HoTTProxyConfig{'StealthExpiredAccount'}) {
my $response = HTTP::Response->new(407);
$response->header(
Proxy_Authenticate => "Basic realm=\"$HoTTProxyConfig{'RealmString'}\"" );
$self->proxy->response($response);
} else {
my $response = HTTP::Response->new(401);
$self->proxy->response($response);
}
} elsif (( md5_hex($pw) ne $correctPw ) or ( not $correctPw )) {
# bad credentials - Don't send the real response - send a header requesting the browser to
authenticate itself
if ($user) {
logevent ($user,$$headers{'x-forwarded-for'},"Failed auth trying password $pw");
say("User $user failed auth trying password $pw\n",1);
}
if (($HoTTProxyConfig{'StealthInvalidSignon'}) or (not $user)) { # Can't do this if no $user
because the browser never auth's on the first try and we need to tell them to
my $response = HTTP::Response->new(407);
$response->header(
Proxy_Authenticate => "Basic realm=\"$HoTTProxyConfig{'RealmString'}\"" );
$self->proxy->response($response);
} else {
my $response = HTTP::Response->new(401);
$self->proxy->response($response);
}
} elsif (($host =~ m/\.local$/) and (not
$HoTTProxyConfig{'ValidLocalHosts'}{$$request{'_headers'}{'host'}}) and not
($HoTTProxyConfig{'DisableLocalHostRedirection'})) { # if homepage is a .local domain
# credentials are good but we need to redirect
say("User, IP: $user, $$headers{'x-forwarded-for'}\n",2);
say("Redirect: Redirecting $host to $homePage\n\n",2);
my $response = HTTP::Response->new(307);
$response->header( Location => $homePage );
$self->proxy->response($response);
} else {
# good credentials
say(" User, IP: $user, $$headers{'x-forwarded-for'}\n",2);
say("Host, URL: $host, $url",2); # The \n's for this come later
logevent($user,$$headers{'x-forwarded-for'},"Host:
$$self{'_hphf_proxy'}{'request'}{'_headers'}{'host'}\t$$request{'_method'}\t" .
scalar($$request{'_uri'}));
# These shouldn't exist unless someone is trying something crafty, but we'll delete them to be
safe
delete $$headers{'HoTTProxyUser'} if defined $$headers{'HoTTProxyUser'};
delete $$headers{'HoTTProxyToken'} if defined $$headers{'HoTTProxyToken'};
if ($host =~ m/.local$/) { # it is a local domain
$$headers{'HoTTProxyUser'} = $user;
$$headers{'HoTTProxyToken'} = $HoTTProxyConfig{'HoTTProxyToken'};
say (" (Local domain)",3);
} else {
foreach my $i (keys(%{$HoTTProxyConfig{'TrustedDomains'}})) {
if ($host =~ m/$i$/) { # If host tail matches a trusted domain, it is trusted
$$headers{'HoTTProxyUser'} = $user;
$$headers{'HoTTProxyToken'} = $HoTTProxyConfig{'HoTTProxyToken'};
say (" (Trusted domain)",3);
last;
}
}
}
if (not defined $$headers{'HoTTProxyUser'}) {
say(" (Non-local, non-trusted domain)",3);
}
say ("\n\n",2);
# We're going to store the authenticated user name somewhere in the proxy object
# that is easy to get at so we can retrieve it on the response side so we know
# who the cookies are for.
$$self{'_hphf_proxy'}{'HoTTProxy-Request-User'} = $user;
# Cookie processing goes here
if ($HoTTProxyConfig{'ProxyCookiesEnabled'}) {
# print STDERR "\nLooking here for cookie bags:
$HoTTProxyConfig{'CookieDirectory'}/$user@*.cookies\n\n";
foreach $i (bsd_glob("$HoTTProxyConfig{'CookieDirectory'}/$user@*.cookies")) {
=4= |
