1The basic_auth.c plugin performs basic HTTP proxy authentication.
3-- The plugin checks all client request headers for the Proxy-Authorization
4 MIME field, which should contain the user name and password.
6 TSPluginInit sets up a global HTTP hook that calls the plugin
7 whenever there is a host DNS lookup. The plugin's continuation
8 handler, auth-plugin, calls handle_dns to check the
9 Proxy-Authorization field.
11 handle_dns uses TSHttpTxnClientReqGet and TSMimeHdrFieldFind
12 to obtain the Proxy-Authorization field.
14-- If the request does not have the Proxy-Authorization field,
15 the plugin sends the 407 Proxy authorization required status
16 code back to the client. (The client should then prompt the
17 user for a user name and password, and resend the request
18 with the Proxy-Authorization field filled in.)
20 If handle_dns does not find a Proxy-Authorization field,
21 it adds a SEND_RESPONSE_HDR_HOOK to the transaction being
22 processed; this means that Traffic Server will call the
23 plugin back when sending the client response.
25 handle_dns also reenables the transaction with
26 TS_EVENT_HTTP_ERROR, which means that the plugin wants
27 Traffic Server to terminate the transaction.
29 When Traffic Server terminates the transaction, it
30 sends the client an error message. Because of the
31 SEND_RESPONSE_HDR_HOOK, Traffic Server calls the plugin
32 back. The auth-plugin routine calls handle_response to
33 send the client a 407 status code.
35 When the client resends the request with the Proxy-
36 Authorization field, a new transaction begins.
38-- If the Proxy-Authorization MIME field is present, the plugin
39 checks that the authentication scheme is "Basic".
41 handle_dns uses TSMimeFieldValueStringGet to get the value
42 of the Proxy-Authorization field.
44-- The plugin then obtains the base64-encoded user name and password
45 from the Proxy-Authorization MIME field.
47 handle_dns calls base64_decode to decode the user name
48 and password.
50-- This plugin checks the validity of the user name and password.
51 If the client is authenticated, the transaction proceeds. If
52 the client is not authenticated, the plugin sends the client
53 a 407 status code and terminates the transaction.
55 handle_dns calls authorized to validate the user name and
56 password. You can supply your own validation mechanism.