Proxy authentication

[James G Smith <JG...@TAMU.Edu>]

I've written a module to do authentication for proxy requests.  I wrote
it as an access handler since I couldn't see how to require authentication
only for proxy requests.  Is there a better way to do it, or is this
way fairly decent?  Basically, has someone else done this already and
better?

Potential application is protecting a search engine which does not
support authentication, yet requires its own http server to be used.
Since authentication would depend on the URL, I don't think squid
can be used.

package My::Auth;

use strict;
use vars qw($VERSION @ISA %cache);
use Apache::Constants qw(OK DECLINED AUTH_REQUIRED);
use MIME::Base64 qw(decode_base64);
use Net::PH;

$VERSION = '0.01';

@ISA = ( );

sub handler ($$) {
  my $class = shift;
  my $r = shift;

  return DECLINED unless $r->proxyreq;

  Apache->request($r);  # set it to make sure it is set...

  my $realm = $r->dir_config('ProxyAuthName');

  $r->err_header_out('Proxy-Authenticate',qq{Basic realm="$realm"});
  my $authinfo = $r->header_in('proxy-authorization');
  return AUTH_REQUIRED if $authinfo !~ /^\s*Basic\s/i;

  my($b64) = ($authinfo =~ m{Basic\s*([A-Za-z0-9+/=]*)});

  $b64 = decode_base64($b64);
  my($user,$pass) = split(/:/,$b64,2);

  if($user && $pass) {
    my $ph = Net::PH->new("ns.tamu.edu");
    if($ph && $ph->login($user,$pass,1)) {
      $ph->logout();
      $r->connection->user($user);
      return OK;
    }
    return AUTH_REQUIRED;
  }

  return AUTH_REQUIRED;
}

1;


--
James Smith <JG...@TAMU.Edu>, 409-862-3725
Texas A&M CIS Operating Systems Group, Unix