If the request does not have the
Proxy-Authorization
field set to Basic authorization or
a valid username/password, then the plugin sends the 407 Proxy
authorization
required
status code back to the client. The client
will then prompt the user for a username and password, and then resend
the request.
In the handle_dns
routine, the following lines
handle the authorization error case:
done: INKHttpTxnHookAdd (txnp, INK_HTTP_SEND_RESPONSE_HDR_HOOK, contp); INKHttpTxnReenable (txnp, INK_EVENT_HTTP_ERROR);
If handle_dns
does not find the
Proxy-Authorization
field set to Basic authorization or
a valid username/password, then it adds a
SEND_RESPONSE_HDR_HOOK
to the transaction being
processed. This means that Traffic Server will call the plugin back
when sending the client response. handle_dns
reenables the transaction with
INK_EVENT_HTTP_ERROR
, which means that the plugin wants
Traffic Server to terminate the transaction.
When Traffic Server terminates the transaction, it sends the
client an error message. Because of the
SEND_RESPONSE_HDR_HOOK
, Traffic Server calls the plugin
back. The auth-plugin
routine calls
handle_response
to send the client a 407
status
code. When the client resends the request with the Proxy-
Authorization
field, a new transaction begins.
handle_dns
calls base64_decode
to
decode the username and password; handle_dns
also calls authorized
to
validate the username and password. In this plugin, sample NT code is
provided for password validation. UNIX programmers can supply their
own validation mechanism.