Mercurial > hg > nginx-ranges
comparison src/http/modules/ngx_http_auth_basic_module.c @ 88:e916a291e9aa NGINX_0_1_44
nginx 0.1.44
*) Feature: the IMAP/POP3 proxy supports SSL.
*) Feature: the "proxy_timeout" directive of the ngx_imap_proxy_module.
*) Feature: the "userid_mark" directive.
*) Feature: the $remote_user variable value is determined independently
of authorization use.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Tue, 06 Sep 2005 00:00:00 +0400 |
parents | b55cbf18157e |
children | 71c46860eb55 |
comparison
equal
deleted
inserted
replaced
87:5b7ec80c3c40 | 88:e916a291e9aa |
---|---|
88 ngx_http_auth_basic_handler(ngx_http_request_t *r) | 88 ngx_http_auth_basic_handler(ngx_http_request_t *r) |
89 { | 89 { |
90 off_t offset; | 90 off_t offset; |
91 ssize_t n; | 91 ssize_t n; |
92 ngx_fd_t fd; | 92 ngx_fd_t fd; |
93 ngx_str_t auth, encoded, pwd; | 93 ngx_int_t rc; |
94 ngx_uint_t i, login, len, left, passwd; | 94 ngx_str_t pwd; |
95 ngx_uint_t i, login, left, passwd; | |
95 ngx_file_t file; | 96 ngx_file_t file; |
96 ngx_http_auth_basic_ctx_t *ctx; | 97 ngx_http_auth_basic_ctx_t *ctx; |
97 ngx_http_auth_basic_loc_conf_t *alcf; | 98 ngx_http_auth_basic_loc_conf_t *alcf; |
98 u_char buf[NGX_HTTP_AUTH_BUF_SIZE]; | 99 u_char buf[NGX_HTTP_AUTH_BUF_SIZE]; |
99 enum { | 100 enum { |
113 if (ctx) { | 114 if (ctx) { |
114 return ngx_http_auth_basic_crypt_handler(r, ctx, &ctx->passwd, | 115 return ngx_http_auth_basic_crypt_handler(r, ctx, &ctx->passwd, |
115 &alcf->realm); | 116 &alcf->realm); |
116 } | 117 } |
117 | 118 |
118 if (r->headers_in.authorization == NULL) { | 119 rc = ngx_http_auth_basic_user(r); |
120 | |
121 if (rc == NGX_DECLINED) { | |
119 return ngx_http_auth_basic_set_realm(r, &alcf->realm); | 122 return ngx_http_auth_basic_set_realm(r, &alcf->realm); |
120 } | 123 } |
121 | 124 |
122 encoded = r->headers_in.authorization->value; | 125 if (rc == NGX_ERROR) { |
123 | |
124 if (encoded.len < sizeof("Basic ") - 1 | |
125 || ngx_strncasecmp(encoded.data, "Basic ", sizeof("Basic ") - 1) != 0) | |
126 { | |
127 return ngx_http_auth_basic_set_realm(r, &alcf->realm); | |
128 } | |
129 | |
130 encoded.len -= sizeof("Basic ") - 1; | |
131 encoded.data += sizeof("Basic ") - 1; | |
132 | |
133 while (encoded.len && encoded.data[0] == ' ') { | |
134 encoded.len--; | |
135 encoded.data++; | |
136 } | |
137 | |
138 if (encoded.len == 0) { | |
139 return ngx_http_auth_basic_set_realm(r, &alcf->realm); | |
140 } | |
141 | |
142 auth.len = ngx_base64_decoded_length(encoded.len); | |
143 auth.data = ngx_palloc(r->pool, auth.len + 1); | |
144 if (auth.data == NULL) { | |
145 return NGX_HTTP_INTERNAL_SERVER_ERROR; | 126 return NGX_HTTP_INTERNAL_SERVER_ERROR; |
146 } | 127 } |
147 | |
148 if (ngx_decode_base64(&auth, &encoded) != NGX_OK) { | |
149 return ngx_http_auth_basic_set_realm(r, &alcf->realm); | |
150 } | |
151 | |
152 auth.data[auth.len] = '\0'; | |
153 | |
154 for (len = 0; len < auth.len; len++) { | |
155 if (auth.data[len] == ':') { | |
156 break; | |
157 } | |
158 } | |
159 | |
160 if (len == auth.len) { | |
161 return ngx_http_auth_basic_set_realm(r, &alcf->realm); | |
162 } | |
163 | |
164 r->headers_in.user.len = len; | |
165 r->headers_in.user.data = auth.data; | |
166 r->headers_in.passwd.len = auth.len - len - 1; | |
167 r->headers_in.passwd.data = &auth.data[len + 1]; | |
168 | 128 |
169 fd = ngx_open_file(alcf->user_file.data, NGX_FILE_RDONLY, NGX_FILE_OPEN); | 129 fd = ngx_open_file(alcf->user_file.data, NGX_FILE_RDONLY, NGX_FILE_OPEN); |
170 | 130 |
171 if (fd == NGX_INVALID_FILE) { | 131 if (fd == NGX_INVALID_FILE) { |
172 ngx_log_error(NGX_LOG_ERR, r->connection->log, ngx_errno, | 132 ngx_log_error(NGX_LOG_ERR, r->connection->log, ngx_errno, |
206 if (login == 0 && buf[i] == '#') { | 166 if (login == 0 && buf[i] == '#') { |
207 state = sw_skip; | 167 state = sw_skip; |
208 break; | 168 break; |
209 } | 169 } |
210 | 170 |
211 if (buf[i] != auth.data[login]) { | 171 if (buf[i] != r->headers_in.user.data[login]) { |
212 state = sw_skip; | 172 state = sw_skip; |
213 break; | 173 break; |
214 } | 174 } |
215 | 175 |
216 if (login == len) { | 176 if (login == r->headers_in.user.len) { |
217 state = sw_passwd; | 177 state = sw_passwd; |
218 passwd = i + 1; | 178 passwd = i + 1; |
219 } | 179 } |
220 | 180 |
221 login++; | 181 login++; |