Chapter 3

[ 55 ]

set up the request and response objects

@req = Rack::Request.new(env)
@res = Rack::Response.new

pass control to the method named after the HTTP verb

with which we're called

self.send(@req.request_method.downcase)

come back here to finish the response when done

@res.finish
end

def get

the authentication mechanism

meth = @env['HTTP_AUTH_METHOD']

the username (login)

user = @env['HTTP_AUTH_USER']

the password, either in the clear or encrypted, depending on

the authentication mechanism used

pass = @env['HTTP_AUTH_PASS']

need the salt to encrypt the cleartext password, used for some

authentication mechanisms, not in our example

salt = @env['HTTP_AUTH_SALT']

this is the protocol being proxied

proto = @env['HTTP_AUTH_PROTOCOL']

the number of attempts needs to be an integer

attempt = @env['HTTP_AUTH_LOGIN_ATTEMPT'].to_i

not used in our implementation, but these are here for

reference
client = @env['HTTP_CLIENT_IP']
host = @env['HTTP_CLIENT_HOST']

fail if more than the maximum login attempts are tried

if attempt > @max_attempts
@res["Auth-Status"] = "Maximum login attempts exceeded"
return

end

for the special case where no authentication is done

on smtp transactions, the following is in nginx.conf:

smtp_auth none;

may want to setup a lookup table to steer certain senders

to particular SMTP servers

if meth == 'none' && proto == 'smtp'

helo = @env['HTTP_AUTH_SMTP_HELO']