From 7787cf19624f7cc8ce353f7295371862bd6f7500 Mon Sep 17 00:00:00 2001
From: Wichert Akkerman <wichert@wiggy.net>
Date: Mon, 28 Apr 2008 12:06:40 +0200
Subject: [PATCH] Protect the status page with authentication

The LibHTTPD API is a bit silly here.
---
 src/http.c |   10 ++++++++++
 1 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/src/http.c b/src/http.c
index b2b8ff9..90e4890 100644
--- a/src/http.c
+++ b/src/http.c
@@ -137,8 +137,18 @@ http_callback_about(httpd *webserver, request *r)
 void 
 http_callback_status(httpd *webserver, request *r)
 {
+	const s_config *config = config_get_config();
 	char * status = NULL;
 	char *buf;
+
+	if (config->httpdusername && 
+			(strcmp(config->httpdusername, r->request.authUser) ||
+			 strcmp(config->httpdpassword, r->request.authPassword))) {
+		debug(LOG_INFO, "Status page requested, forcing authentication");
+		httpdForceAuthenticate(r, config->httpdrealm);
+		return;
+	}
+
 	status = get_status_text();
 	safe_asprintf(&buf, "<pre>%s</pre>", status);
 	send_http_page(r, "WiFiDog Status", buf);
-- 
1.5.5.1