Working With HTTP Headers

The plugin checks all client request headers for the Proxy-Authorization MIME field, which should contain the user name and password. The plugin's continuation handler, auth-plugin, calls handle_dns to check the Proxy-Authorization field. The handle_dns routine uses TSHttpTxnClientReqGet and TSMimeHdrFieldFind to obtain the Proxy-Authorization field:

{
    TSMBuffer bufp;
    TSMLoc hdr_loc;
    TSMLoc field_loc;
    const char *val;
    char *user, *password;

    if (!TSHttpTxnClientReqGet (txnp, &bufp, &hdr_loc)) {
        TSError ("[basic_authorization] Couldn't retrieve client request header");
        goto done;
    }

    field_loc = TSMimeHdrFieldFind (bufp, hdr_loc,
            TS_MIME_FIELD_PROXY_AUTHORIZATION);

If the Proxy-Authorization field is present, then the plugin checks that the authentication type is "Basic", and the user name and password are present and valid:

val = TSMimeHdrFieldValueStringGet (bufp, hdr_loc, field_loc, -1, &authval_length);
if (!val) {
    TSError ("[basic_authorization] No value in Proxy-Authorization field");
    TSHandleMLocRelease (bufp, hdr_loc, field_loc);
    TSHandleMLocRelease (bufp, TS_NULL_MLOC, hdr_loc);
    goto done;
}

if (strncmp (val, "Basic", 5) != 0) {
    TSError ("[basic_authorization] No Basic auth type in Proxy-Authorization");
    TSHandleMLocRelease (bufp, hdr_loc, field_loc);
    TSHandleMLocRelease (bufp, TS_NULL_MLOC, hdr_loc);
    goto done;
}

val += 5;
while ((*val == ' ') || (*val == '\t')) {
    val += 1;
}

user = base64_decode (val);
password = strchr (user, ':');
if (!password) {
    TSError ("[basic_authorization] No password in authorization information");
    TSfree (user);
    TSHandleMLocRelease (bufp, hdr_loc, field_loc);
    TSHandleMLocRelease (bufp, TS_NULL_MLOC, hdr_loc);
    goto done;
}
*password = '\0';
password += 1;

if (!authorized (user, password)) {
    TSError ("[basic_authorization] %s:%s not authorized", user, password);
    TSfree (user);
    TSHandleMLocRelease (bufp, hdr_loc, field_loc);
    TSHandleMLocRelease (bufp, TS_NULL_MLOC, hdr_loc);
    goto done;
}

TSfree (user);
TSHandleMLocRelease (bufp, hdr_loc, field_loc);
TSHandleMLocRelease (bufp, TS_NULL_MLOC, hdr_loc);
TSHttpTxnReenable (txnp, TS_EVENT_HTTP_CONTINUE);
return;