1.. Licensed to the Apache Software Foundation (ASF) under one
2   or more contributor license agreements.  See the NOTICE file
3   distributed with this work for additional information
4   regarding copyright ownership.  The ASF licenses this file
5   to you under the Apache License, Version 2.0 (the
6   "License"); you may not use this file except in compliance
7   with the License.  You may obtain a copy of the License at
8
9   http://www.apache.org/licenses/LICENSE-2.0
10
11   Unless required by applicable law or agreed to in writing,
12   software distributed under the License is distributed on an
13   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
14   KIND, either express or implied.  See the License for the
15   specific language governing permissions and limitations
16   under the License.
17
18.. include:: ../../../../common.defs
19
20Working With HTTP Headers
21*************************
22
23The plugin checks all client request headers for the Proxy-Authorization
24MIME field, which should contain the user name and password. The
25plugin's continuation handler, ``auth-plugin``, calls ``handle_dns`` to
26check the ``Proxy-Authorization`` field. The ``handle_dns`` routine uses
27``TSHttpTxnClientReqGet`` and ``TSMimeHdrFieldFind`` to obtain the
28``Proxy-Authorization`` field:
29
30.. code-block:: c
31
32    {
33        TSMBuffer bufp;
34        TSMLoc hdr_loc;
35        TSMLoc field_loc;
36        const char *val;
37        char *user, *password;
38
39        if (!TSHttpTxnClientReqGet (txnp, &bufp, &hdr_loc)) {
40            TSError ("[basic_authorization] Couldn't retrieve client request header");
41            goto done;
42        }
43
44        field_loc = TSMimeHdrFieldFind (bufp, hdr_loc,
45                TS_MIME_FIELD_PROXY_AUTHORIZATION);
46
47If the ``Proxy-Authorization`` field is present, then the plugin checks
48that the authentication type is "Basic", and the user name and password
49are present and valid:
50
51.. code-block:: c
52
53    val = TSMimeHdrFieldValueStringGet (bufp, hdr_loc, field_loc, -1, &authval_length);
54    if (!val) {
55        TSError ("[basic_authorization] No value in Proxy-Authorization field");
56        TSHandleMLocRelease (bufp, hdr_loc, field_loc);
57        TSHandleMLocRelease (bufp, TS_NULL_MLOC, hdr_loc);
58        goto done;
59    }
60
61    if (strncmp (val, "Basic", 5) != 0) {
62        TSError ("[basic_authorization] No Basic auth type in Proxy-Authorization");
63        TSHandleMLocRelease (bufp, hdr_loc, field_loc);
64        TSHandleMLocRelease (bufp, TS_NULL_MLOC, hdr_loc);
65        goto done;
66    }
67
68    val += 5;
69    while ((*val == ' ') || (*val == '\t')) {
70        val += 1;
71    }
72
73    user = base64_decode (val);
74    password = strchr (user, ':');
75    if (!password) {
76        TSError ("[basic_authorization] No password in authorization information");
77        TSfree (user);
78        TSHandleMLocRelease (bufp, hdr_loc, field_loc);
79        TSHandleMLocRelease (bufp, TS_NULL_MLOC, hdr_loc);
80        goto done;
81    }
82    *password = '\0';
83    password += 1;
84
85    if (!authorized (user, password)) {
86        TSError ("[basic_authorization] %s:%s not authorized", user, password);
87        TSfree (user);
88        TSHandleMLocRelease (bufp, hdr_loc, field_loc);
89        TSHandleMLocRelease (bufp, TS_NULL_MLOC, hdr_loc);
90        goto done;
91    }
92
93    TSfree (user);
94    TSHandleMLocRelease (bufp, hdr_loc, field_loc);
95    TSHandleMLocRelease (bufp, TS_NULL_MLOC, hdr_loc);
96    TSHttpTxnReenable (txnp, TS_EVENT_HTTP_CONTINUE);
97    return;
98
99