We now give an HTTP 401 status for authentication failures from admin,

admindb, private and options logins.

4 files changed, 11 insertions, 2 deletions

diff --git a/Mailman/Cgi/Auth.py b/Mailman/Cgi/Auth.py
index 8c66c4d3..986a9235 100644
--- a/Mailman/Cgi/Auth.py
+++ b/Mailman/Cgi/Auth.py
@@ -1,4 +1,4 @@
-# Copyright (C) 1998,1999,2000,2001,2002 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2010 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -42,6 +42,8 @@ def loginpage(mlist, scriptname, msg='', frontpage=None):
         actionurl = Utils.GetRequestURI(url)
     if msg:
         msg = FontAttr(msg, color='#ff0000', size='+1').Format()
+        # give an HTTP 401 for authentication failure
+        print 'Status: 401 Unauthorized'
     if scriptname == 'admindb':
         who = _('Moderator')
     else:
diff --git a/Mailman/Cgi/options.py b/Mailman/Cgi/options.py
index 3c736483..cb6c2fa2 100644
--- a/Mailman/Cgi/options.py
+++ b/Mailman/Cgi/options.py
@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2008 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2010 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -252,6 +252,8 @@ def main():
                        'Login failure with private rosters: %s',
                        user)
                 user = None
+            # give an HTTP 401 for authentication failure
+            print 'Status: 401 Unauthorized'
         loginpage(mlist, doc, user, language)
         print doc.Format()
         return
diff --git a/Mailman/Cgi/private.py b/Mailman/Cgi/private.py
index c647653b..a92265e1 100644
--- a/Mailman/Cgi/private.py
+++ b/Mailman/Cgi/private.py
@@ -131,6 +131,8 @@ def main():
         if cgidata.has_key('submit'):
             # This is a re-authorization attempt
             message = Bold(FontSize('+1', _('Authorization failed.'))).Format()
+            # give an HTTP 401 for authentication failure
+            print 'Status: 401 Unauthorized'
         # Output the password form
         charset = Utils.GetCharSet(mlist.preferred_language)
         print 'Content-type: text/html; charset=' + charset + '\n\n'
diff --git a/NEWS b/NEWS
index b875c28f..f14de415 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,9 @@ Here is a history of user visible changes to Mailman.
 
   Bug Fixes and other patches
 
+    - We now give an HTTP 401 status for authentication failures from admin,
+      admindb, private and options logins.
+
     - Backported the listinfo template change from the 2.2 branch to fix
       Bug #514050.