Home

Traffic Server Software Developers Kit

Prev — Implementing the Handler and Getting a Handle to the Transaction
Setting a Transaction Hook — Next

Working With HTTP Headers

The plugin checks all client request headers for the Proxy-Authorization MIME field, which should contain the user name and password. The plugin’s continuation handler, auth-plugin, calls handle_dns to check the Proxy-Authorization field. The handle_dns routine uses INKHttpTxnClientReqGet and INKMimeHdrFieldFind to obtain the Proxy-Authorization field:

{
     INKMBuffer bufp;
     INKMLoc hdr_loc;
     INKMLoc field_loc;
     const char *val;
     char *user, *password;

     if (!INKHttpTxnClientReqGet (txnp, &bufp, &hdr_loc)) {
          INKError ("couldn't retrieve client request header\n");
          goto done;
     }

     field_loc = INKMimeHdrFieldFind (bufp, hdr_loc,
          INK_MIME_FIELD_PROXY_AUTHORIZATION);

If the Proxy-Authorization field is present, then the plugin checks that the authentication type is “Basic”, and the user name and password are present and valid:

val = INKMimeHdrFieldValueStringGet (bufp, hdr_loc, field_loc, 0, &authval_length);
if (!val) {
     INKError ("no value in Proxy-Authorization field\n");
     INKHandleMLocRelease (bufp, hdr_loc, field_loc);
     INKHandleMLocRelease (bufp, INK_NULL_MLOC, hdr_loc);
     goto done;
     }

     if (strncmp (val, "Basic", 5) != 0) {
          INKError ("no Basic auth type in Proxy-Authorization\n");
          INKHandleStringRelease (bufp, field_loc, val);
          INKHandleMLocRelease (bufp, hdr_loc, field_loc);
          INKHandleMLocRelease (bufp, INK_NULL_MLOC, hdr_loc);
          goto done;
     }

     val += 5;
     while ((*val == ' ') || (*val == '\t')) {
          val += 1;
     }

     user = base64_decode (val);
     password = strchr (user, ':');
     if (!password) {
          INKError ("no password in authorization information\n");
          INKfree (user);
          INKHandleStringRelease (bufp, field_loc, val);
          INKHandleMLocRelease (bufp, hdr_loc, field_loc);
          INKHandleMLocRelease (bufp, INK_NULL_MLOC, hdr_loc);
          goto done;
     }
     *password = '\0';
     password += 1;

     if (!authorized (user, password)) {
          INKError ("%s:%s not authorized\n", user, password);
          INKfree (user);
          INKHandleStringRelease (bufp, field_loc, val);
          INKHandleMLocRelease (bufp, hdr_loc, field_loc);
          INKHandleMLocRelease (bufp, INK_NULL_MLOC, hdr_loc);
          goto done;
     }

     INKfree (user);
     INKHandleStringRelease (bufp, field_loc, val);
     INKHandleMLocRelease (bufp, hdr_loc, field_loc);
     INKHandleMLocRelease (bufp, INK_NULL_MLOC, hdr_loc);
     INKHttpTxnReenable (txnp, INK_EVENT_HTTP_CONTINUE);
     return;