Working With HTTP Headers
The plugin checks all client request headers for the Proxy-Authorization MIME field, which should contain the user name and password. The plugin’s continuation handler, auth-plugin
, calls handle_dns
to check the Proxy-Authorization
field. The handle_dns
routine uses TSHttpTxnClientReqGet
and TSMimeHdrFieldFind
to obtain the Proxy-Authorization
field:
{
TSMBuffer bufp;
TSMLoc hdr_loc;
TSMLoc field_loc;
const char *val;
char *user, *password;
if (!TSHttpTxnClientReqGet (txnp, &bufp, &hdr_loc)) {
TSError ("[basic_authorization] Couldn't retrieve client request header");
goto done;
}
field_loc = TSMimeHdrFieldFind (bufp, hdr_loc,
TS_MIME_FIELD_PROXY_AUTHORIZATION);
If the Proxy-Authorization
field is present, then the plugin checks that the authentication type is “Basic”, and the user name and password are present and valid:
val = TSMimeHdrFieldValueStringGet (bufp, hdr_loc, field_loc, -1, &authval_length);
if (!val) {
TSError ("[basic_authorization] No value in Proxy-Authorization field");
TSHandleMLocRelease (bufp, hdr_loc, field_loc);
TSHandleMLocRelease (bufp, TS_NULL_MLOC, hdr_loc);
goto done;
}
if (strncmp (val, "Basic", 5) != 0) {
TSError ("[basic_authorization] No Basic auth type in Proxy-Authorization");
TSHandleMLocRelease (bufp, hdr_loc, field_loc);
TSHandleMLocRelease (bufp, TS_NULL_MLOC, hdr_loc);
goto done;
}
val += 5;
while ((*val == ' ') || (*val == '\t')) {
val += 1;
}
user = base64_decode (val);
password = strchr (user, ':');
if (!password) {
TSError ("[basic_authorization] No password in authorization information");
TSfree (user);
TSHandleMLocRelease (bufp, hdr_loc, field_loc);
TSHandleMLocRelease (bufp, TS_NULL_MLOC, hdr_loc);
goto done;
}
*password = '\0';
password += 1;
if (!authorized (user, password)) {
TSError ("[basic_authorization] %s:%s not authorized", user, password);
TSfree (user);
TSHandleMLocRelease (bufp, hdr_loc, field_loc);
TSHandleMLocRelease (bufp, TS_NULL_MLOC, hdr_loc);
goto done;
}
TSfree (user);
TSHandleMLocRelease (bufp, hdr_loc, field_loc);
TSHandleMLocRelease (bufp, TS_NULL_MLOC, hdr_loc);
TSHttpTxnReenable (txnp, TS_EVENT_HTTP_CONTINUE);
return;