mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-22 06:11:32 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: http_fetch: Add sample fetches to get auth method/user/pass

Browse Source 
Now, following sample fetches may be used to get information about
authentication:

 * http_auth_type : returns the auth method as supplied in Authorization header
 * http_auth_user : returns the auth user as supplied in Authorization header
 * http_auth_pass : returns the auth pass as supplied in Authorization header

Only Basic authentication is supported.
This commit is contained in:
Christopher Faulet 2019-08-02 11:51:37 +02:00
parent c16929658f
commit a406356255
2 changed files with 99 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
doc/configuration.txt
View File

@ -15955,6 +15955,21 @@ http_auth_group(<userlist>) : string
valid according to the specified userlist belongs to at least one of the valid according to the specified userlist belongs to at least one of the
groups. groups.
http_auth_pass : string
Returns the user's password found in the authentication data received from
the client, as supplied in the Authorization header. Not checks are
performed by this sample fetch. Only Basic authentication is supported.
http_auth_type : string
Returns the authentication method found in the authentication data received from
the client, as supplied in the Authorization header. Not checks are
performed by this sample fetch. Only Basic authentication is supported.
http_auth_user : string
Returns the user name found in the authentication data received from the
client, as supplied in the Authorization header. Not checks are performed by
this sample fetch. Only Basic authentication is supported.
http_first_req : boolean http_first_req : boolean
Returns true when the request being processed is the first one of the Returns true when the request being processed is the first one of the
connection. This can be used to add or remove headers that may be missing connection. This can be used to add or remove headers that may be missing

84
src/http_fetch.c
View File

@ -1193,6 +1193,87 @@ static int smp_fetch_http_first_req(const struct arg *args, struct sample *smp,
return 1; return 1;
} }
/* Fetch the authentication method if there is an Authorization header. It
* relies on get_http_auth()
*/
static int smp_fetch_http_auth_type(const struct arg *args, struct sample *smp, const char *kw, void *private)
{
struct channel *chn = SMP_REQ_CHN(smp);
struct htx *htx = smp_prefetch_htx(smp, chn, 1);
struct http_txn *txn;
if (!htx)
return 0;
txn = smp->strm->txn;
if (!get_http_auth(smp, htx))
return 0;
switch (txn->auth.method) {
case HTTP_AUTH_BASIC:
smp->data.u.str.area = "Basic";
smp->data.u.str.data = 5;
break;
case HTTP_AUTH_DIGEST:
/* Unexpected because not supported */
smp->data.u.str.area = "Digest";
smp->data.u.str.data = 6;
break;
default:
return 0;
}
smp->data.type = SMP_T_STR;
smp->flags = SMP_F_CONST;
return 1;
}
/* Fetch the user supplied if there is an Authorization header. It relies on
* get_http_auth()
*/
static int smp_fetch_http_auth_user(const struct arg *args, struct sample *smp, const char *kw, void *private)
{
struct channel *chn = SMP_REQ_CHN(smp);
struct htx *htx = smp_prefetch_htx(smp, chn, 1);
struct http_txn *txn;
if (!htx)
return 0;
txn = smp->strm->txn;
if (!get_http_auth(smp, htx))
return 0;
smp->data.type = SMP_T_STR;
smp->data.u.str.area = txn->auth.user;
smp->data.u.str.data = strlen(txn->auth.user);
smp->flags = SMP_F_CONST;
return 1;
}
/* Fetch the password supplied if there is an Authorization header. It relies on
* get_http_auth()
*/
static int smp_fetch_http_auth_pass(const struct arg *args, struct sample *smp, const char *kw, void *private)
{
struct channel *chn = SMP_REQ_CHN(smp);
struct htx *htx = smp_prefetch_htx(smp, chn, 1);
struct http_txn *txn;
if (!htx)
return 0;
txn = smp->strm->txn;
if (!get_http_auth(smp, htx))
return 0;
smp->data.type = SMP_T_STR;
smp->data.u.str.area = txn->auth.pass;
smp->data.u.str.data = strlen(txn->auth.pass);
smp->flags = SMP_F_CONST;
return 1;
}
/* Accepts exactly 1 argument of type userlist */ /* Accepts exactly 1 argument of type userlist */
static int smp_fetch_http_auth(const struct arg *args, struct sample *smp, const char *kw, void *private) static int smp_fetch_http_auth(const struct arg *args, struct sample *smp, const char *kw, void *private)
{ {
@ -1904,6 +1985,9 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
{ "hdr_ip", smp_fetch_hdr_ip, ARG2(0,STR,SINT), val_hdr, SMP_T_IPV4, SMP_USE_HRQHV }, { "hdr_ip", smp_fetch_hdr_ip, ARG2(0,STR,SINT), val_hdr, SMP_T_IPV4, SMP_USE_HRQHV },
{ "hdr_val", smp_fetch_hdr_val, ARG2(0,STR,SINT), val_hdr, SMP_T_SINT, SMP_USE_HRQHV }, { "hdr_val", smp_fetch_hdr_val, ARG2(0,STR,SINT), val_hdr, SMP_T_SINT, SMP_USE_HRQHV },
{ "http_auth_type", smp_fetch_http_auth_type, 0, NULL, SMP_T_STR, SMP_USE_HRQHV },
{ "http_auth_user", smp_fetch_http_auth_user, 0, NULL, SMP_T_STR, SMP_USE_HRQHV },
{ "http_auth_pass", smp_fetch_http_auth_pass, 0, NULL, SMP_T_STR, SMP_USE_HRQHV },
{ "http_auth", smp_fetch_http_auth, ARG1(1,USR), NULL, SMP_T_BOOL, SMP_USE_HRQHV }, { "http_auth", smp_fetch_http_auth, ARG1(1,USR), NULL, SMP_T_BOOL, SMP_USE_HRQHV },
{ "http_auth_group", smp_fetch_http_auth_grp, ARG1(1,USR), NULL, SMP_T_STR, SMP_USE_HRQHV }, { "http_auth_group", smp_fetch_http_auth_grp, ARG1(1,USR), NULL, SMP_T_STR, SMP_USE_HRQHV },
{ "http_first_req", smp_fetch_http_first_req, 0, NULL, SMP_T_BOOL, SMP_USE_HRQHP }, { "http_first_req", smp_fetch_http_first_req, 0, NULL, SMP_T_BOOL, SMP_USE_HRQHP },