The plugin checks all client request headers for the
Proxy-Authorization MIME field, which should contain the user name and
password. The plugin’s continuation handler, auth-plugin
,
calls handle_dns
to check the
Proxy-Authorization
field. The handle_dns
routine uses INKHttpTxnClientReqGet
and INKMimeHdrFieldFind
to obtain the
Proxy-Authorization
field:
{ INKMBuffer bufp; INKMLoc hdr_loc; INKMLoc field_loc; const char *val; char *user, *password; if (!INKHttpTxnClientReqGet (txnp, &bufp, &hdr_loc)) { INKError ("couldn't retrieve client request header\n"); goto done; } field_loc = INKMimeHdrFieldFind (bufp, hdr_loc, INK_MIME_FIELD_PROXY_AUTHORIZATION);
If the Proxy-Authorization
field is present, then the
plugin checks that the authentication type is “Basic”, and the user
name and password are present and valid:
val = INKMimeHdrFieldValueStringGet (bufp, hdr_loc, field_loc, 0, &authval_length); if (!val) { INKError ("no value in Proxy-Authorization field\n"); INKHandleMLocRelease (bufp, hdr_loc, field_loc); INKHandleMLocRelease (bufp, INK_NULL_MLOC, hdr_loc); goto done; } if (strncmp (val, "Basic", 5) != 0) { INKError ("no Basic auth type in Proxy-Authorization\n"); INKHandleStringRelease (bufp, field_loc, val); INKHandleMLocRelease (bufp, hdr_loc, field_loc); INKHandleMLocRelease (bufp, INK_NULL_MLOC, hdr_loc); goto done; } val += 5; while ((*val == ' ') || (*val == '\t')) { val += 1; } user = base64_decode (val); password = strchr (user, ':'); if (!password) { INKError ("no password in authorization information\n"); INKfree (user); INKHandleStringRelease (bufp, field_loc, val); INKHandleMLocRelease (bufp, hdr_loc, field_loc); INKHandleMLocRelease (bufp, INK_NULL_MLOC, hdr_loc); goto done; } *password = '\0'; password += 1; if (!authorized (user, password)) { INKError ("%s:%s not authorized\n", user, password); INKfree (user); INKHandleStringRelease (bufp, field_loc, val); INKHandleMLocRelease (bufp, hdr_loc, field_loc); INKHandleMLocRelease (bufp, INK_NULL_MLOC, hdr_loc); goto done; } INKfree (user); INKHandleStringRelease (bufp, field_loc, val); INKHandleMLocRelease (bufp, hdr_loc, field_loc); INKHandleMLocRelease (bufp, INK_NULL_MLOC, hdr_loc); INKHttpTxnReenable (txnp, INK_EVENT_HTTP_CONTINUE); return;