Mercurial > hg > nginx-vendor-current

comparison src/http/modules/ngx_http_auth_basic_module.c @ 452:fc5ebf0e5f98 NGINX_0_7_38

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx 0.7.38 *) Feature: authentication failures logging. *) Bugfix: name/password in auth_basic_user_file were ignored after odd number of empty lines. Thanks to Alexander Zagrebin. *) Bugfix: a segmentation fault occurred in a master process, if long path was used in unix domain socket; the bug had appeared in 0.7.36.
author Igor Sysoev <http://sysoev.ru>
date Mon, 23 Feb 2009 00:00:00 +0300
parents 984bb0b1399b
children bb941a2996a6
comparison
equal deleted inserted replaced
451:56fe58e64760 452:fc5ebf0e5f98
124 } 124 }
125 125
126 rc = ngx_http_auth_basic_user(r); 126 rc = ngx_http_auth_basic_user(r);
127 127
128 if (rc == NGX_DECLINED) { 128 if (rc == NGX_DECLINED) {
129
130 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
131 "no user/password was provided for basic authentication");
132
129 return ngx_http_auth_basic_set_realm(r, &alcf->realm); 133 return ngx_http_auth_basic_set_realm(r, &alcf->realm);
130 } 134 }
131 135
132 if (rc == NGX_ERROR) { 136 if (rc == NGX_ERROR) {
133 return NGX_HTTP_INTERNAL_SERVER_ERROR; 137 return NGX_HTTP_INTERNAL_SERVER_ERROR;
170 174
171 for (i = left; i < left + n; i++) { 175 for (i = left; i < left + n; i++) {
172 switch (state) { 176 switch (state) {
173 177
174 case sw_login: 178 case sw_login:
175 if (login == 0 && buf[i] == '#') { 179 if (login == 0) {
176 state = sw_skip; 180
177 break; 181 if (buf[i] == '#' || buf[i] == CR) {
182 state = sw_skip;
183 break;
184 }
185
186 if (buf[i] == LF) {
187 break;
188 }
178 } 189 }
179 190
180 if (buf[i] != r->headers_in.user.data[login]) { 191 if (buf[i] != r->headers_in.user.data[login]) {
181 state = sw_skip; 192 state = sw_skip;
182 break; 193 break;
240 ngx_cpystrn(pwd.data, &buf[passwd], pwd.len + 1); 251 ngx_cpystrn(pwd.data, &buf[passwd], pwd.len + 1);
241 252
242 return ngx_http_auth_basic_crypt_handler(r, NULL, &pwd, &alcf->realm); 253 return ngx_http_auth_basic_crypt_handler(r, NULL, &pwd, &alcf->realm);
243 } 254 }
244 255
256 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
257 "user \"%V\" was not found in \"%V\"",
258 &r->headers_in.user, &alcf->user_file);
259
245 return ngx_http_auth_basic_set_realm(r, &alcf->realm); 260 return ngx_http_auth_basic_set_realm(r, &alcf->realm);
246 } 261 }
247 262
248 263
249 static ngx_int_t 264 static ngx_int_t
255 270
256 rc = ngx_crypt(r->pool, r->headers_in.passwd.data, passwd->data, 271 rc = ngx_crypt(r->pool, r->headers_in.passwd.data, passwd->data,
257 &encrypted); 272 &encrypted);
258 273
259 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, 274 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
260 "rc: %d user: \"%V\" salt: \"%s\"", 275 "rc: %d user: \"%V\" salt: \"%s\"",
261 rc, &r->headers_in.user, passwd->data); 276 rc, &r->headers_in.user, passwd->data);
262 277
263 if (rc == NGX_OK) { 278 if (rc == NGX_OK) {
264 if (ngx_strcmp(encrypted, passwd->data) == 0) { 279 if (ngx_strcmp(encrypted, passwd->data) == 0) {
265 return NGX_OK; 280 return NGX_OK;
266 } 281 }
267 282
268 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, 283 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
269 "encrypted: \"%s\"", encrypted); 284 "encrypted: \"%s\"", encrypted);
285
286 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
287 "user \"%V\": password mismatch",
288 &r->headers_in.user);
270 289
271 return ngx_http_auth_basic_set_realm(r, realm); 290 return ngx_http_auth_basic_set_realm(r, realm);
272 } 291 }
273 292
274 if (rc == NGX_ERROR) { 293 if (rc == NGX_ERROR) {