Working With HTTP Headers

The plugin checks all client request headers for the Proxy-Authorization MIME field, which should contain the user name and password. The plugin’s continuation handler, auth-plugin, calls handle_dns to check the Proxy-Authorization field. The handle_dns routine uses TSHttpTxnClientReqGet and TSMimeHdrFieldFind to obtain the Proxy-Authorization field:

  1. {
  2. TSMBuffer bufp;
  3. TSMLoc hdr_loc;
  4. TSMLoc field_loc;
  5. const char *val;
  6. char *user, *password;
  7. if (!TSHttpTxnClientReqGet (txnp, &bufp, &hdr_loc)) {
  8. TSError ("[basic_authorization] Couldn't retrieve client request header");
  9. goto done;
  10. }
  11. field_loc = TSMimeHdrFieldFind (bufp, hdr_loc,
  12. TS_MIME_FIELD_PROXY_AUTHORIZATION);

If the Proxy-Authorization field is present, then the plugin checks that the authentication type is “Basic”, and the user name and password are present and valid:

  1. val = TSMimeHdrFieldValueStringGet (bufp, hdr_loc, field_loc, -1, &authval_length);
  2. if (!val) {
  3. TSError ("[basic_authorization] No value in Proxy-Authorization field");
  4. TSHandleMLocRelease (bufp, hdr_loc, field_loc);
  5. TSHandleMLocRelease (bufp, TS_NULL_MLOC, hdr_loc);
  6. goto done;
  7. }
  8. if (strncmp (val, "Basic", 5) != 0) {
  9. TSError ("[basic_authorization] No Basic auth type in Proxy-Authorization");
  10. TSHandleMLocRelease (bufp, hdr_loc, field_loc);
  11. TSHandleMLocRelease (bufp, TS_NULL_MLOC, hdr_loc);
  12. goto done;
  13. }
  14. val += 5;
  15. while ((*val == ' ') || (*val == '\t')) {
  16. val += 1;
  17. }
  18. user = base64_decode (val);
  19. password = strchr (user, ':');
  20. if (!password) {
  21. TSError ("[basic_authorization] No password in authorization information");
  22. TSfree (user);
  23. TSHandleMLocRelease (bufp, hdr_loc, field_loc);
  24. TSHandleMLocRelease (bufp, TS_NULL_MLOC, hdr_loc);
  25. goto done;
  26. }
  27. *password = '\0';
  28. password += 1;
  29. if (!authorized (user, password)) {
  30. TSError ("[basic_authorization] %s:%s not authorized", user, password);
  31. TSfree (user);
  32. TSHandleMLocRelease (bufp, hdr_loc, field_loc);
  33. TSHandleMLocRelease (bufp, TS_NULL_MLOC, hdr_loc);
  34. goto done;
  35. }
  36. TSfree (user);
  37. TSHandleMLocRelease (bufp, hdr_loc, field_loc);
  38. TSHandleMLocRelease (bufp, TS_NULL_MLOC, hdr_loc);
  39. TSHttpTxnReenable (txnp, TS_EVENT_HTTP_CONTINUE);
  40. return;