Mercurial > hg > nginx-vendor-current

comparison src/http/modules/ngx_http_auth_basic_module.c @ 88:e916a291e9aa NGINX_0_1_44

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx 0.1.44 *) Feature: the IMAP/POP3 proxy supports SSL. *) Feature: the "proxy_timeout" directive of the ngx_imap_proxy_module. *) Feature: the "userid_mark" directive. *) Feature: the $remote_user variable value is determined independently of authorization use.
author Igor Sysoev <http://sysoev.ru>
date Tue, 06 Sep 2005 00:00:00 +0400
parents b55cbf18157e
children 71c46860eb55
comparison
equal deleted inserted replaced
87:5b7ec80c3c40 88:e916a291e9aa
88 ngx_http_auth_basic_handler(ngx_http_request_t *r) 88 ngx_http_auth_basic_handler(ngx_http_request_t *r)
89 { 89 {
90 off_t offset; 90 off_t offset;
91 ssize_t n; 91 ssize_t n;
92 ngx_fd_t fd; 92 ngx_fd_t fd;
93 ngx_str_t auth, encoded, pwd; 93 ngx_int_t rc;
94 ngx_uint_t i, login, len, left, passwd; 94 ngx_str_t pwd;
95 ngx_uint_t i, login, left, passwd;
95 ngx_file_t file; 96 ngx_file_t file;
96 ngx_http_auth_basic_ctx_t *ctx; 97 ngx_http_auth_basic_ctx_t *ctx;
97 ngx_http_auth_basic_loc_conf_t *alcf; 98 ngx_http_auth_basic_loc_conf_t *alcf;
98 u_char buf[NGX_HTTP_AUTH_BUF_SIZE]; 99 u_char buf[NGX_HTTP_AUTH_BUF_SIZE];
99 enum { 100 enum {
113 if (ctx) { 114 if (ctx) {
114 return ngx_http_auth_basic_crypt_handler(r, ctx, &ctx->passwd, 115 return ngx_http_auth_basic_crypt_handler(r, ctx, &ctx->passwd,
115 &alcf->realm); 116 &alcf->realm);
116 } 117 }
117 118
118 if (r->headers_in.authorization == NULL) { 119 rc = ngx_http_auth_basic_user(r);
120
121 if (rc == NGX_DECLINED) {
119 return ngx_http_auth_basic_set_realm(r, &alcf->realm); 122 return ngx_http_auth_basic_set_realm(r, &alcf->realm);
120 } 123 }
121 124
122 encoded = r->headers_in.authorization->value; 125 if (rc == NGX_ERROR) {
123
124 if (encoded.len < sizeof("Basic ") - 1
125 || ngx_strncasecmp(encoded.data, "Basic ", sizeof("Basic ") - 1) != 0)
126 {
127 return ngx_http_auth_basic_set_realm(r, &alcf->realm);
128 }
129
130 encoded.len -= sizeof("Basic ") - 1;
131 encoded.data += sizeof("Basic ") - 1;
132
133 while (encoded.len && encoded.data[0] == ' ') {
134 encoded.len--;
135 encoded.data++;
136 }
137
138 if (encoded.len == 0) {
139 return ngx_http_auth_basic_set_realm(r, &alcf->realm);
140 }
141
142 auth.len = ngx_base64_decoded_length(encoded.len);
143 auth.data = ngx_palloc(r->pool, auth.len + 1);
144 if (auth.data == NULL) {
145 return NGX_HTTP_INTERNAL_SERVER_ERROR; 126 return NGX_HTTP_INTERNAL_SERVER_ERROR;
146 } 127 }
147
148 if (ngx_decode_base64(&auth, &encoded) != NGX_OK) {
149 return ngx_http_auth_basic_set_realm(r, &alcf->realm);
150 }
151
152 auth.data[auth.len] = '\0';
153
154 for (len = 0; len < auth.len; len++) {
155 if (auth.data[len] == ':') {
156 break;
157 }
158 }
159
160 if (len == auth.len) {
161 return ngx_http_auth_basic_set_realm(r, &alcf->realm);
162 }
163
164 r->headers_in.user.len = len;
165 r->headers_in.user.data = auth.data;
166 r->headers_in.passwd.len = auth.len - len - 1;
167 r->headers_in.passwd.data = &auth.data[len + 1];
168 128
169 fd = ngx_open_file(alcf->user_file.data, NGX_FILE_RDONLY, NGX_FILE_OPEN); 129 fd = ngx_open_file(alcf->user_file.data, NGX_FILE_RDONLY, NGX_FILE_OPEN);
170 130
171 if (fd == NGX_INVALID_FILE) { 131 if (fd == NGX_INVALID_FILE) {
172 ngx_log_error(NGX_LOG_ERR, r->connection->log, ngx_errno, 132 ngx_log_error(NGX_LOG_ERR, r->connection->log, ngx_errno,
206 if (login == 0 && buf[i] == '#') { 166 if (login == 0 && buf[i] == '#') {
207 state = sw_skip; 167 state = sw_skip;
208 break; 168 break;
209 } 169 }
210 170
211 if (buf[i] != auth.data[login]) { 171 if (buf[i] != r->headers_in.user.data[login]) {
212 state = sw_skip; 172 state = sw_skip;
213 break; 173 break;
214 } 174 }
215 175
216 if (login == len) { 176 if (login == r->headers_in.user.len) {
217 state = sw_passwd; 177 state = sw_passwd;
218 passwd = i + 1; 178 passwd = i + 1;
219 } 179 }
220 180
221 login++; 181 login++;