Mercurial > hg > nginx-vendor-current
comparison src/http/modules/ngx_http_auth_basic_module.c @ 460:bb941a2996a6 NGINX_0_7_42
nginx 0.7.42
*) Change: now the "Invalid argument" error returned by
setsockopt(TCP_NODELAY) on Solaris, is ignored.
*) Change: now if a file specified in a "auth_basic_user_file"
directive is absent, then the 405 error is returned instead of the
500 one.
*) Feature: the "auth_basic_user_file" directive supports variables.
Thanks to Kirill A. Korinskiy.
*) Feature: the "listen" directive supports the "ipv6only" parameter.
Thanks to Zhang Hua.
*) Bugfix: in an "alias" directive with references to captures of
regular expressions; the bug had appeared in 0.7.40.
*) Bugfix: compatibility with Tru64 UNIX.
Thanks to Dustin Marquess.
*) Bugfix: nginx could not be built without PCRE library; the bug had
appeared in 0.7.41.
| author | Igor Sysoev <http://sysoev.ru> |
|---|---|
| date | Mon, 16 Mar 2009 00:00:00 +0300 |
| parents | fc5ebf0e5f98 |
| children | dcb6b5f9d526 |
comparison
equal
deleted
inserted
replaced
| 459:6ef558ffc0eb | 460:bb941a2996a6 |
|---|---|
| 11 | 11 |
| 12 #define NGX_HTTP_AUTH_BUF_SIZE 2048 | 12 #define NGX_HTTP_AUTH_BUF_SIZE 2048 |
| 13 | 13 |
| 14 | 14 |
| 15 typedef struct { | 15 typedef struct { |
| 16 ngx_str_t passwd; | 16 ngx_str_t passwd; |
| 17 } ngx_http_auth_basic_ctx_t; | 17 } ngx_http_auth_basic_ctx_t; |
| 18 | 18 |
| 19 | 19 |
| 20 typedef struct { | 20 typedef struct { |
| 21 ngx_str_t realm; | 21 ngx_str_t realm; |
| 22 ngx_str_t user_file; | 22 ngx_str_t user_file; |
| 23 ngx_array_t *user_file_lengths; | |
| 24 ngx_array_t *user_file_values; | |
| 23 } ngx_http_auth_basic_loc_conf_t; | 25 } ngx_http_auth_basic_loc_conf_t; |
| 24 | 26 |
| 25 | 27 |
| 26 static ngx_int_t ngx_http_auth_basic_handler(ngx_http_request_t *r); | 28 static ngx_int_t ngx_http_auth_basic_handler(ngx_http_request_t *r); |
| 27 static ngx_int_t ngx_http_auth_basic_crypt_handler(ngx_http_request_t *r, | 29 static ngx_int_t ngx_http_auth_basic_crypt_handler(ngx_http_request_t *r, |
| 32 static void *ngx_http_auth_basic_create_loc_conf(ngx_conf_t *cf); | 34 static void *ngx_http_auth_basic_create_loc_conf(ngx_conf_t *cf); |
| 33 static char *ngx_http_auth_basic_merge_loc_conf(ngx_conf_t *cf, | 35 static char *ngx_http_auth_basic_merge_loc_conf(ngx_conf_t *cf, |
| 34 void *parent, void *child); | 36 void *parent, void *child); |
| 35 static ngx_int_t ngx_http_auth_basic_init(ngx_conf_t *cf); | 37 static ngx_int_t ngx_http_auth_basic_init(ngx_conf_t *cf); |
| 36 static char *ngx_http_auth_basic(ngx_conf_t *cf, void *post, void *data); | 38 static char *ngx_http_auth_basic(ngx_conf_t *cf, void *post, void *data); |
| 39 static char *ngx_http_auth_basic_user_file(ngx_conf_t *cf, ngx_command_t *cmd, | |
| 40 void *conf); | |
| 37 | 41 |
| 38 | 42 |
| 39 static ngx_conf_post_handler_pt ngx_http_auth_basic_p = ngx_http_auth_basic; | 43 static ngx_conf_post_handler_pt ngx_http_auth_basic_p = ngx_http_auth_basic; |
| 40 | 44 |
| 41 static ngx_command_t ngx_http_auth_basic_commands[] = { | 45 static ngx_command_t ngx_http_auth_basic_commands[] = { |
| 49 &ngx_http_auth_basic_p }, | 53 &ngx_http_auth_basic_p }, |
| 50 | 54 |
| 51 { ngx_string("auth_basic_user_file"), | 55 { ngx_string("auth_basic_user_file"), |
| 52 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LMT_CONF | 56 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LMT_CONF |
| 53 |NGX_CONF_TAKE1, | 57 |NGX_CONF_TAKE1, |
| 54 ngx_conf_set_str_slot, | 58 ngx_http_auth_basic_user_file, |
| 55 NGX_HTTP_LOC_CONF_OFFSET, | 59 NGX_HTTP_LOC_CONF_OFFSET, |
| 56 offsetof(ngx_http_auth_basic_loc_conf_t, user_file), | 60 offsetof(ngx_http_auth_basic_loc_conf_t, user_file), |
| 57 NULL }, | 61 NULL }, |
| 58 | 62 |
| 59 ngx_null_command | 63 ngx_null_command |
| 96 { | 100 { |
| 97 off_t offset; | 101 off_t offset; |
| 98 ssize_t n; | 102 ssize_t n; |
| 99 ngx_fd_t fd; | 103 ngx_fd_t fd; |
| 100 ngx_int_t rc; | 104 ngx_int_t rc; |
| 101 ngx_str_t pwd; | 105 ngx_err_t err; |
| 102 ngx_uint_t i, login, left, passwd; | 106 ngx_str_t pwd, user_file; |
| 107 ngx_uint_t i, level, login, left, passwd; | |
| 103 ngx_file_t file; | 108 ngx_file_t file; |
| 104 ngx_http_auth_basic_ctx_t *ctx; | 109 ngx_http_auth_basic_ctx_t *ctx; |
| 105 ngx_http_auth_basic_loc_conf_t *alcf; | 110 ngx_http_auth_basic_loc_conf_t *alcf; |
| 106 u_char buf[NGX_HTTP_AUTH_BUF_SIZE]; | 111 u_char buf[NGX_HTTP_AUTH_BUF_SIZE]; |
| 107 enum { | 112 enum { |
| 135 | 140 |
| 136 if (rc == NGX_ERROR) { | 141 if (rc == NGX_ERROR) { |
| 137 return NGX_HTTP_INTERNAL_SERVER_ERROR; | 142 return NGX_HTTP_INTERNAL_SERVER_ERROR; |
| 138 } | 143 } |
| 139 | 144 |
| 140 fd = ngx_open_file(alcf->user_file.data, NGX_FILE_RDONLY, NGX_FILE_OPEN, 0); | 145 if (alcf->user_file_lengths) { |
| 146 if (ngx_http_script_run(r, &user_file, alcf->user_file_lengths->elts, 1, | |
| 147 alcf->user_file_values->elts) | |
| 148 == NULL) | |
| 149 { | |
| 150 return NGX_ERROR; | |
| 151 } | |
| 152 | |
| 153 user_file.data[--user_file.len] = '\0'; | |
| 154 | |
| 155 } else { | |
| 156 user_file = alcf->user_file; | |
| 157 } | |
| 158 | |
| 159 fd = ngx_open_file(user_file.data, NGX_FILE_RDONLY, NGX_FILE_OPEN, 0); | |
| 141 | 160 |
| 142 if (fd == NGX_INVALID_FILE) { | 161 if (fd == NGX_INVALID_FILE) { |
| 143 ngx_log_error(NGX_LOG_CRIT, r->connection->log, ngx_errno, | 162 err = ngx_errno; |
| 144 ngx_open_file_n " \"%s\" failed", alcf->user_file.data); | 163 |
| 145 return NGX_HTTP_INTERNAL_SERVER_ERROR; | 164 if (err == NGX_ENOENT) { |
| 165 level = NGX_LOG_ERR; | |
| 166 rc = NGX_HTTP_FORBIDDEN; | |
| 167 | |
| 168 } else { | |
| 169 level = NGX_LOG_CRIT; | |
| 170 rc = NGX_HTTP_INTERNAL_SERVER_ERROR; | |
| 171 } | |
| 172 | |
| 173 ngx_log_error(level, r->connection->log, err, | |
| 174 ngx_open_file_n " \"%s\" failed", user_file.data); | |
| 175 | |
| 176 return rc; | |
| 146 } | 177 } |
| 147 | 178 |
| 148 ngx_memzero(&file, sizeof(ngx_file_t)); | 179 ngx_memzero(&file, sizeof(ngx_file_t)); |
| 149 | 180 |
| 150 file.fd = fd; | 181 file.fd = fd; |
| 151 file.name = alcf->user_file; | 182 file.name = user_file; |
| 152 file.log = r->connection->log; | 183 file.log = r->connection->log; |
| 153 | 184 |
| 154 state = sw_login; | 185 state = sw_login; |
| 155 passwd = 0; | 186 passwd = 0; |
| 156 login = 0; | 187 login = 0; |
| 253 return ngx_http_auth_basic_crypt_handler(r, NULL, &pwd, &alcf->realm); | 284 return ngx_http_auth_basic_crypt_handler(r, NULL, &pwd, &alcf->realm); |
| 254 } | 285 } |
| 255 | 286 |
| 256 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, | 287 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, |
| 257 "user \"%V\" was not found in \"%V\"", | 288 "user \"%V\" was not found in \"%V\"", |
| 258 &r->headers_in.user, &alcf->user_file); | 289 &r->headers_in.user, &user_file); |
| 259 | 290 |
| 260 return ngx_http_auth_basic_set_realm(r, &alcf->realm); | 291 return ngx_http_auth_basic_set_realm(r, &alcf->realm); |
| 261 } | 292 } |
| 262 | 293 |
| 263 | 294 |
| 368 | 399 |
| 369 if (conf->realm.data == NULL) { | 400 if (conf->realm.data == NULL) { |
| 370 conf->realm = prev->realm; | 401 conf->realm = prev->realm; |
| 371 } | 402 } |
| 372 | 403 |
| 373 if (conf->user_file.data) { | 404 if (conf->user_file.data == NULL) { |
| 374 if (ngx_conf_full_name(cf->cycle, &conf->user_file, 1) != NGX_OK) { | |
| 375 return NGX_CONF_ERROR; | |
| 376 } | |
| 377 | |
| 378 } else { | |
| 379 conf->user_file = prev->user_file; | 405 conf->user_file = prev->user_file; |
| 406 conf->user_file_lengths = prev->user_file_lengths; | |
| 407 conf->user_file_values = prev->user_file_values; | |
| 380 } | 408 } |
| 381 | 409 |
| 382 return NGX_CONF_OK; | 410 return NGX_CONF_OK; |
| 383 } | 411 } |
| 384 | 412 |
| 431 realm->len = len; | 459 realm->len = len; |
| 432 realm->data = basic; | 460 realm->data = basic; |
| 433 | 461 |
| 434 return NGX_CONF_OK; | 462 return NGX_CONF_OK; |
| 435 } | 463 } |
| 464 | |
| 465 | |
| 466 static char * | |
| 467 ngx_http_auth_basic_user_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
| 468 { | |
| 469 ngx_http_auth_basic_loc_conf_t *alcf = conf; | |
| 470 | |
| 471 ngx_str_t *value; | |
| 472 ngx_uint_t n; | |
| 473 ngx_http_core_loc_conf_t *clcf; | |
| 474 ngx_http_script_compile_t sc; | |
| 475 | |
| 476 clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module); | |
| 477 | |
| 478 if (alcf->user_file.data) { | |
| 479 return "is duplicate"; | |
| 480 } | |
| 481 | |
| 482 value = cf->args->elts; | |
| 483 | |
| 484 alcf->user_file = value[1]; | |
| 485 | |
| 486 if (alcf->user_file.len == 0) { | |
| 487 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
| 488 "invalid parameter \"%V\"", &alcf->user_file); | |
| 489 return NGX_CONF_ERROR; | |
| 490 } | |
| 491 | |
| 492 if (alcf->user_file.data[0] != '$') { | |
| 493 if (ngx_conf_full_name(cf->cycle, &alcf->user_file, 1) != NGX_OK) { | |
| 494 return NGX_CONF_ERROR; | |
| 495 } | |
| 496 } | |
| 497 | |
| 498 n = ngx_http_script_variables_count(&alcf->user_file); | |
| 499 | |
| 500 if (n == 0) { | |
| 501 return NGX_CONF_OK; | |
| 502 } | |
| 503 | |
| 504 ngx_memzero(&sc, sizeof(ngx_http_script_compile_t)); | |
| 505 | |
| 506 sc.cf = cf; | |
| 507 sc.source = &alcf->user_file; | |
| 508 sc.lengths = &alcf->user_file_lengths; | |
| 509 sc.values = &alcf->user_file_values; | |
| 510 sc.variables = n; | |
| 511 sc.complete_lengths = 1; | |
| 512 sc.complete_values = 1; | |
| 513 | |
| 514 if (ngx_http_script_compile(&sc) != NGX_OK) { | |
| 515 return NGX_CONF_ERROR; | |
| 516 } | |
| 517 | |
| 518 return NGX_CONF_OK; | |
| 519 } |