From a406356255fcbbf4e18881dd98bbb4c2723d45f9 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfaulet@haproxy.com>
Date: Fri, 2 Aug 2019 11:51:37 +0200
Subject: [PATCH] MINOR: http_fetch: Add sample fetches to get auth
 method/user/pass

Now, following sample fetches may be used to get information about
authentication:

 * http_auth_type : returns the auth method as supplied in Authorization header
 * http_auth_user : returns the auth user as supplied in Authorization header
 * http_auth_pass : returns the auth pass as supplied in Authorization header

Only Basic authentication is supported.
---
 doc/configuration.txt | 15 ++++++++
 src/http_fetch.c      | 84 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 99 insertions(+)

diff --git a/doc/configuration.txt b/doc/configuration.txt
index ee9712f9b..34fff1d78 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -15955,6 +15955,21 @@ http_auth_group(<userlist>) : string
     valid according to the specified userlist belongs to at least one of the
     groups.
 
+http_auth_pass : string
+   Returns the user's password found in the authentication data received from
+   the client, as supplied in the Authorization header. Not checks are
+   performed by this sample fetch. Only Basic authentication is supported.
+
+http_auth_type : string
+   Returns the authentication method found in the authentication data received from
+   the client, as supplied in the Authorization header. Not checks are
+   performed by this sample fetch. Only Basic authentication is supported.
+
+http_auth_user : string
+   Returns the user name found in the authentication data received from the
+   client, as supplied in the Authorization header. Not checks are performed by
+   this sample fetch. Only Basic authentication is supported.
+
 http_first_req : boolean
   Returns true when the request being processed is the first one of the
   connection. This can be used to add or remove headers that may be missing
diff --git a/src/http_fetch.c b/src/http_fetch.c
index 126c1a2a8..0989b99cc 100644
--- a/src/http_fetch.c
+++ b/src/http_fetch.c
@@ -1193,6 +1193,87 @@ static int smp_fetch_http_first_req(const struct arg *args, struct sample *smp,
 	return 1;
 }
 
+/* Fetch the authentication method if there is an Authorization header. It
+ * relies on get_http_auth()
+ */
+static int smp_fetch_http_auth_type(const struct arg *args, struct sample *smp, const char *kw, void *private)
+{
+	struct channel *chn = SMP_REQ_CHN(smp);
+	struct htx *htx = smp_prefetch_htx(smp, chn, 1);
+	struct http_txn *txn;
+
+	if (!htx)
+		return 0;
+
+	txn = smp->strm->txn;
+	if (!get_http_auth(smp, htx))
+		return 0;
+
+	switch (txn->auth.method) {
+		case HTTP_AUTH_BASIC:
+			smp->data.u.str.area = "Basic";
+			smp->data.u.str.data = 5;
+			break;
+		case HTTP_AUTH_DIGEST:
+			/* Unexpected because not supported */
+			smp->data.u.str.area = "Digest";
+			smp->data.u.str.data = 6;
+			break;
+		default:
+			return 0;
+	}
+
+	smp->data.type = SMP_T_STR;
+	smp->flags = SMP_F_CONST;
+	return 1;
+}
+
+/* Fetch the user supplied if there is an Authorization header. It relies on
+ * get_http_auth()
+ */
+static int smp_fetch_http_auth_user(const struct arg *args, struct sample *smp, const char *kw, void *private)
+{
+	struct channel *chn = SMP_REQ_CHN(smp);
+	struct htx *htx = smp_prefetch_htx(smp, chn, 1);
+	struct http_txn *txn;
+
+	if (!htx)
+		return 0;
+
+	txn = smp->strm->txn;
+	if (!get_http_auth(smp, htx))
+		return 0;
+
+	smp->data.type = SMP_T_STR;
+	smp->data.u.str.area = txn->auth.user;
+	smp->data.u.str.data = strlen(txn->auth.user);
+	smp->flags = SMP_F_CONST;
+	return 1;
+}
+
+/* Fetch the password supplied if there is an Authorization header. It relies on
+ * get_http_auth()
+ */
+static int smp_fetch_http_auth_pass(const struct arg *args, struct sample *smp, const char *kw, void *private)
+{
+	struct channel *chn = SMP_REQ_CHN(smp);
+	struct htx *htx = smp_prefetch_htx(smp, chn, 1);
+	struct http_txn *txn;
+
+	if (!htx)
+		return 0;
+
+	txn = smp->strm->txn;
+	if (!get_http_auth(smp, htx))
+		return 0;
+
+	smp->data.type = SMP_T_STR;
+	smp->data.u.str.area = txn->auth.pass;
+	smp->data.u.str.data = strlen(txn->auth.pass);
+	smp->flags = SMP_F_CONST;
+	return 1;
+}
+
 /* Accepts exactly 1 argument of type userlist */
 static int smp_fetch_http_auth(const struct arg *args, struct sample *smp, const char *kw, void *private)
 {
@@ -1904,6 +1985,9 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
 	{ "hdr_ip",             smp_fetch_hdr_ip,             ARG2(0,STR,SINT), val_hdr, SMP_T_IPV4, SMP_USE_HRQHV },
 	{ "hdr_val",            smp_fetch_hdr_val,            ARG2(0,STR,SINT), val_hdr, SMP_T_SINT, SMP_USE_HRQHV },
 
+	{ "http_auth_type",     smp_fetch_http_auth_type,     0,                NULL,    SMP_T_STR,  SMP_USE_HRQHV },
+	{ "http_auth_user",     smp_fetch_http_auth_user,     0,                NULL,    SMP_T_STR,  SMP_USE_HRQHV },
+	{ "http_auth_pass",     smp_fetch_http_auth_pass,     0,                NULL,    SMP_T_STR,  SMP_USE_HRQHV },
 	{ "http_auth",          smp_fetch_http_auth,          ARG1(1,USR),      NULL,    SMP_T_BOOL, SMP_USE_HRQHV },
 	{ "http_auth_group",    smp_fetch_http_auth_grp,      ARG1(1,USR),      NULL,    SMP_T_STR,  SMP_USE_HRQHV },
 	{ "http_first_req",     smp_fetch_http_first_req,     0,                NULL,    SMP_T_BOOL, SMP_USE_HRQHP },