Add some basicauth logging (most debug/verbose only)

2025-01-23 14:29:06 +01:00 · 2020-10-02 14:43:19 +03:00 · 2020-10-02 14:43:19 +03:00 · 1db77ee6bd
commit 1db77ee6bd
parent 279c41fc32
1 changed files with 9 additions and 0 deletions
--- a/common/network/websocket.c
+++ b/common/network/websocket.c
@ -882,6 +882,7 @@ ws_ctx_t *do_handshake(int sock) {
    if ((colon = strchr(settings.basicauth, ':'))) {
        const char *hdr = strstr(handshake, "Authorization: Basic ");
        if (!hdr) {
+            handler_emsg("BasicAuth required, but client didn't send any. 401 Unauth\n");
            sprintf(response, "HTTP/1.1 401 Unauthorized\r\n"
                              "WWW-Authenticate: Basic realm=\"Websockify\"\r\n"
                              "\r\n");
@ -893,6 +894,7 @@ ws_ctx_t *do_handshake(int sock) {
        hdr += sizeof("Authorization: Basic ") - 1;
        const char *end = strchr(hdr, '\r');
        if (!end || end - hdr > 256) {
+            handler_emsg("Client sent invalid BasicAuth, dropping connection\n");
            free_ws_ctx(ws_ctx);
            return NULL;
        }
@ -915,6 +917,7 @@ ws_ctx_t *do_handshake(int sock) {
                char pwbuf[4096];
                FILE *f = fopen(settings.passwdfile, "r");
                if (f) {
+                    handler_emsg("BasicAuth reading password from %s\n", settings.passwdfile);
                    const unsigned len = fread(pwbuf, 1, 4096, f);
                    fclose(f);
                    pwbuf[4095] = '\0';
@ -930,6 +933,10 @@ ws_ctx_t *do_handshake(int sock) {
                    snprintf(pwbuf, 4096, "%s%s", response, encrypted);
                    pwbuf[4095] = '\0';
                    strcpy(response, pwbuf);
+                } else {
+                    fprintf(stderr, " websocket %d: Error: BasicAuth configured to read password from file %s, but the file doesn't exist\n",
+                            wsthread_handler_id,
+                            settings.passwdfile);
                }
            } else {
                // Client tried an empty password, just fail them
@ -938,12 +945,14 @@ ws_ctx_t *do_handshake(int sock) {
        }

        if (len <= 0 || strcmp(authbuf, response)) {
+            handler_emsg("BasicAuth user/pw did not match\n");
            sprintf(response, "HTTP/1.1 401 Forbidden\r\n"
                              "\r\n");
            ws_send(ws_ctx, response, strlen(response));
            free_ws_ctx(ws_ctx);
            return NULL;
        }
+        handler_emsg("BasicAuth matched\n");
    }

    //handler_msg("handshake: %s\n", handshake);