Name Date Size #Lines LOC


basic_auth.cH A D22-Jun-20196.4 KiB244170

readme.txtH A D22-Jun-20192.4 KiB5742


1The basic_auth.c plugin performs basic HTTP proxy authentication.
3-- The plugin checks all client request headers for the Proxy-Authorization
4   MIME field, which should contain the user name and password.
6     TSPluginInit sets up a global HTTP hook that calls the plugin
7     whenever there is a host DNS lookup. The plugin's continuation
8     handler, auth-plugin, calls handle_dns to check the
9     Proxy-Authorization field.
11     handle_dns uses TSHttpTxnClientReqGet and TSMimeHdrFieldFind
12     to obtain the Proxy-Authorization field.
14-- If the request does not have the Proxy-Authorization field,
15   the plugin sends the 407 Proxy authorization required status
16   code back to the client. (The client should then prompt the
17   user for a user name and password, and resend the request
18   with the Proxy-Authorization field filled in.)
20     If handle_dns does not find a Proxy-Authorization field,
21     it adds a SEND_RESPONSE_HDR_HOOK to the transaction being
22     processed; this means that Traffic Server will call the
23     plugin back when sending the client response.
25     handle_dns also reenables the transaction with
26     TS_EVENT_HTTP_ERROR, which means that the plugin wants
27     Traffic Server to terminate the transaction.
29     When Traffic Server terminates the transaction, it
30     sends the client an error message. Because of the
31     SEND_RESPONSE_HDR_HOOK, Traffic Server calls the plugin
32     back. The auth-plugin routine calls handle_response to
33     send the client a 407 status code.
35     When the client resends the request with the Proxy-
36     Authorization field, a new transaction begins.
38-- If the Proxy-Authorization MIME field is present, the plugin
39   checks that the authentication scheme is "Basic".
41     handle_dns uses TSMimeFieldValueStringGet to get the value
42     of the Proxy-Authorization field.
44-- The plugin then obtains the base64-encoded user name and password
45   from the Proxy-Authorization MIME field.
47     handle_dns calls base64_decode to decode the user name
48     and password.
50-- This plugin checks the validity of the user name and password.
51   If the client is authenticated, the transaction proceeds. If
52   the client is not authenticated, the plugin sends the client
53   a 407 status code and terminates the transaction.
55     handle_dns calls authorized to validate the user name and
56     password. You can supply your own validation mechanism.