extern/KasmVNC
1
0
Fork 0
mirror of https://github.com/kasmtech/KasmVNC.git synced 2025-06-24 11:41:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

Return 401 unauth for non-owner trying /api/

Browse Source
This commit is contained in:
Lauri Kasanen 2021-03-04 13:49:52 +02:00
parent 1269fddadf
commit fed991d697
1 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
common/network/websocket.c
View File

@ -1252,9 +1252,23 @@ ws_ctx_t *do_handshake(int sock) {
if (!parse_handshake(ws_ctx, handshake)) { if (!parse_handshake(ws_ctx, handshake)) {
handler_emsg("Invalid WS request, maybe a HTTP one\n"); handler_emsg("Invalid WS request, maybe a HTTP one\n");
if (strstr(handshake, "/api/") && owner) if (strstr(handshake, "/api/")) {
if (ownerapi(ws_ctx, handshake)) handler_emsg("HTTP request under /api/\n");
if (owner) {
if (ownerapi(ws_ctx, handshake))
goto done;
} else {
sprintf(response, "HTTP/1.1 401 Unauthorized\r\n"
"Server: KasmVNC/4.0\r\n"
"Connection: close\r\n"
"Content-type: text/plain\r\n"
"\r\n"
"401 Unauthorized");
ws_send(ws_ctx, response, strlen(response));
goto done; goto done;
}
}
if (settings.httpdir && settings.httpdir[0]) if (settings.httpdir && settings.httpdir[0])
servefile(ws_ctx, handshake); servefile(ws_ctx, handshake);