MINOR: http_fetch: Add sample fetches to get auth method/user/pass Now, following sample fetches may be used to get information about authentication: * http_auth_type : returns the auth method as supplied in Authorization header * http_auth_user : returns the auth user as supplied in Authorization header * http_auth_pass : returns the auth pass as supplied in Authorization header Only Basic authentication is supported.

commit: a406356255fcbbf4e18881dd98bbb4c2723d45f9 [log] [tgz]
author: Christopher Faulet <cfaulet@haproxy.com> Fri Aug 02 11:51:37 2019 +0200
committer: Christopher Faulet <cfaulet@haproxy.com> Tue Sep 17 10:18:54 2019 +0200
tree: 55979609dad7aafc2001891407e061dbc5d66649
parent: c16929658f3b36394d76072764ee018034db592a [diff]
diff --git a/doc/configuration.txt b/doc/configuration.txt
index ee9712f..34fff1d 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt

@@ -15955,6 +15955,21 @@
     valid according to the specified userlist belongs to at least one of the
     groups.
 
+http_auth_pass : string
+   Returns the user's password found in the authentication data received from
+   the client, as supplied in the Authorization header. Not checks are
+   performed by this sample fetch. Only Basic authentication is supported.
+
+http_auth_type : string
+   Returns the authentication method found in the authentication data received from
+   the client, as supplied in the Authorization header. Not checks are
+   performed by this sample fetch. Only Basic authentication is supported.
+
+http_auth_user : string
+   Returns the user name found in the authentication data received from the
+   client, as supplied in the Authorization header. Not checks are performed by
+   this sample fetch. Only Basic authentication is supported.
+
 http_first_req : boolean
   Returns true when the request being processed is the first one of the
   connection. This can be used to add or remove headers that may be missing

diff --git a/src/http_fetch.c b/src/http_fetch.c
index 126c1a2..0989b99 100644
--- a/src/http_fetch.c
+++ b/src/http_fetch.c

@@ -1193,6 +1193,87 @@
 	return 1;
 }
 
+/* Fetch the authentication method if there is an Authorization header. It
+ * relies on get_http_auth()
+ */
+static int smp_fetch_http_auth_type(const struct arg *args, struct sample *smp, const char *kw, void *private)
+{
+	struct channel *chn = SMP_REQ_CHN(smp);
+	struct htx *htx = smp_prefetch_htx(smp, chn, 1);
+	struct http_txn *txn;
+
+	if (!htx)
+		return 0;
+
+	txn = smp->strm->txn;
+	if (!get_http_auth(smp, htx))
+		return 0;
+
+	switch (txn->auth.method) {
+		case HTTP_AUTH_BASIC:
+			smp->data.u.str.area = "Basic";
+			smp->data.u.str.data = 5;
+			break;
+		case HTTP_AUTH_DIGEST:
+			/* Unexpected because not supported */
+			smp->data.u.str.area = "Digest";
+			smp->data.u.str.data = 6;
+			break;
+		default:
+			return 0;
+	}
+
+	smp->data.type = SMP_T_STR;
+	smp->flags = SMP_F_CONST;
+	return 1;
+}
+
+/* Fetch the user supplied if there is an Authorization header. It relies on
+ * get_http_auth()
+ */
+static int smp_fetch_http_auth_user(const struct arg *args, struct sample *smp, const char *kw, void *private)
+{
+	struct channel *chn = SMP_REQ_CHN(smp);
+	struct htx *htx = smp_prefetch_htx(smp, chn, 1);
+	struct http_txn *txn;
+
+	if (!htx)
+		return 0;
+
+	txn = smp->strm->txn;
+	if (!get_http_auth(smp, htx))
+		return 0;
+
+	smp->data.type = SMP_T_STR;
+	smp->data.u.str.area = txn->auth.user;
+	smp->data.u.str.data = strlen(txn->auth.user);
+	smp->flags = SMP_F_CONST;
+	return 1;
+}
+
+/* Fetch the password supplied if there is an Authorization header. It relies on
+ * get_http_auth()
+ */
+static int smp_fetch_http_auth_pass(const struct arg *args, struct sample *smp, const char *kw, void *private)
+{
+	struct channel *chn = SMP_REQ_CHN(smp);
+	struct htx *htx = smp_prefetch_htx(smp, chn, 1);
+	struct http_txn *txn;
+
+	if (!htx)
+		return 0;
+
+	txn = smp->strm->txn;
+	if (!get_http_auth(smp, htx))
+		return 0;
+
+	smp->data.type = SMP_T_STR;
+	smp->data.u.str.area = txn->auth.pass;
+	smp->data.u.str.data = strlen(txn->auth.pass);
+	smp->flags = SMP_F_CONST;
+	return 1;
+}
+
 /* Accepts exactly 1 argument of type userlist */
 static int smp_fetch_http_auth(const struct arg *args, struct sample *smp, const char *kw, void *private)
 {
@@ -1904,6 +1985,9 @@
 	{ "hdr_ip",             smp_fetch_hdr_ip,             ARG2(0,STR,SINT), val_hdr, SMP_T_IPV4, SMP_USE_HRQHV },
 	{ "hdr_val",            smp_fetch_hdr_val,            ARG2(0,STR,SINT), val_hdr, SMP_T_SINT, SMP_USE_HRQHV },
 
+	{ "http_auth_type",     smp_fetch_http_auth_type,     0,                NULL,    SMP_T_STR,  SMP_USE_HRQHV },
+	{ "http_auth_user",     smp_fetch_http_auth_user,     0,                NULL,    SMP_T_STR,  SMP_USE_HRQHV },
+	{ "http_auth_pass",     smp_fetch_http_auth_pass,     0,                NULL,    SMP_T_STR,  SMP_USE_HRQHV },
 	{ "http_auth",          smp_fetch_http_auth,          ARG1(1,USR),      NULL,    SMP_T_BOOL, SMP_USE_HRQHV },
 	{ "http_auth_group",    smp_fetch_http_auth_grp,      ARG1(1,USR),      NULL,    SMP_T_STR,  SMP_USE_HRQHV },
 	{ "http_first_req",     smp_fetch_http_first_req,     0,                NULL,    SMP_T_BOOL, SMP_USE_HRQHP },
commit	a406356255fcbbf4e18881dd98bbb4c2723d45f9	[log] [tgz]
author	Christopher Faulet <cfaulet@haproxy.com>	Fri Aug 02 11:51:37 2019 +0200
committer	Christopher Faulet <cfaulet@haproxy.com>	Tue Sep 17 10:18:54 2019 +0200
tree	55979609dad7aafc2001891407e061dbc5d66649
parent	c16929658f3b36394d76072764ee018034db592a [diff]