From d99d7e64f1c8adc778b9e6839b609e83c5b89782 Mon Sep 17 00:00:00 2001
From: Wichert Akkerman <wichert@wiggy.net>
Date: Tue, 29 Apr 2008 10:09:20 +0200
Subject: [PATCH] Secure the callback request

---
 src/http.c |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/src/http.c b/src/http.c
index 9851dd9..f5391ed 100644
--- a/src/http.c
+++ b/src/http.c
@@ -289,10 +289,19 @@ http_callback_auth(httpd *webserver, request *r)
 void 
 http_callback_disconnect(httpd *webserver, request *r)
 {
+	const s_config	*config = config_get_config();
 	/* XXX How do you change the status code for the response?? */
 	httpVar	*token	= httpdGetVariableByName(r, "token");
 	httpVar	*mac	= httpdGetVariableByName(r, "mac");
 
+	if (config->httpdusername && 
+			(strcmp(config->httpdusername, r->request.authUser) ||
+			 strcmp(config->httpdpassword, r->request.authPassword))) {
+		debug(LOG_INFO, "Disconnect requested, forcing authentication");
+		httpdForceAuthenticate(r, config->httpdrealm);
+		return;
+	}
+
 	if (token && mac) {
 		t_client *client;
 		
-- 
1.5.5.1