# HG changeset patch # User Igor Sysoev # Date 1235336400 -10800 # Node ID fc5ebf0e5f98c4a7c1c370234e3f9be09b94a2a1 # Parent 56fe58e6476034d2f4b64abeeec5575d13368172 nginx 0.7.38 *) Feature: authentication failures logging. *) Bugfix: name/password in auth_basic_user_file were ignored after odd number of empty lines. Thanks to Alexander Zagrebin. *) Bugfix: a segmentation fault occurred in a master process, if long path was used in unix domain socket; the bug had appeared in 0.7.36. diff --git a/CHANGES b/CHANGES --- a/CHANGES +++ b/CHANGES @@ -1,8 +1,20 @@ +Changes with nginx 0.7.38 23 Feb 2009 + + *) Feature: authentication failures logging. + + *) Bugfix: name/password in auth_basic_user_file were ignored after odd + number of empty lines. + Thanks to Alexander Zagrebin. + + *) Bugfix: a segmentation fault occurred in a master process, if long + path was used in unix domain socket; the bug had appeared in 0.7.36. + + Changes with nginx 0.7.37 21 Feb 2009 - *) Bugfix: directive using upstreams did not work; the bug had appeared - in 0.7.36. + *) Bugfix: directives using upstreams did not work; the bug had + appeared in 0.7.36. Changes with nginx 0.7.36 21 Feb 2009 diff --git a/CHANGES.ru b/CHANGES.ru --- a/CHANGES.ru +++ b/CHANGES.ru @@ -1,4 +1,17 @@ +Изменения в nginx 0.7.38 23.02.2009 + + *) Добавление: логгирование ошибок аутентификации. + + *) Исправление: имя/пароль, заданные в auth_basic_user_file, + игнорировались после нечётного числа пустых строк. + Спасибо Александру Загребину. + + *) Исправление: при использовании длинного пути в unix domain сокете в + главном процессе происходил segmentation fault; ошибка появилась в + 0.7.36. + + Изменения в nginx 0.7.37 21.02.2009 *) Исправление: директивы, использующие upstream'ы, не работали; ошибка diff --git a/src/core/nginx.h b/src/core/nginx.h --- a/src/core/nginx.h +++ b/src/core/nginx.h @@ -8,7 +8,7 @@ #define _NGINX_H_INCLUDED_ -#define NGINX_VERSION "0.7.37" +#define NGINX_VERSION "0.7.38" #define NGINX_VER "nginx/" NGINX_VERSION #define NGINX_VAR "NGINX" diff --git a/src/core/ngx_inet.h b/src/core/ngx_inet.h --- a/src/core/ngx_inet.h +++ b/src/core/ngx_inet.h @@ -22,14 +22,15 @@ /* * TODO: autoconfigure NGX_SOCKADDRLEN as * sizeof(struct sockaddr_storage) + * sizeof(struct sockaddr_un) * sizeof(struct sockaddr_in6) * sizeof(struct sockaddr_in) */ -#if (NGX_HAVE_INET6) -#define NGX_SOCKADDRLEN sizeof(struct sockaddr_in6) +#if (NGX_HAVE_UNIX_DOMAIN) +#define NGX_SOCKADDRLEN sizeof(struct sockaddr_un) #else -#define NGX_SOCKADDRLEN sizeof(struct sockaddr_in) +#define NGX_SOCKADDRLEN 512 #endif diff --git a/src/http/modules/ngx_http_auth_basic_module.c b/src/http/modules/ngx_http_auth_basic_module.c --- a/src/http/modules/ngx_http_auth_basic_module.c +++ b/src/http/modules/ngx_http_auth_basic_module.c @@ -126,6 +126,10 @@ ngx_http_auth_basic_handler(ngx_http_req rc = ngx_http_auth_basic_user(r); if (rc == NGX_DECLINED) { + + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "no user/password was provided for basic authentication"); + return ngx_http_auth_basic_set_realm(r, &alcf->realm); } @@ -172,9 +176,16 @@ ngx_http_auth_basic_handler(ngx_http_req switch (state) { case sw_login: - if (login == 0 && buf[i] == '#') { - state = sw_skip; - break; + if (login == 0) { + + if (buf[i] == '#' || buf[i] == CR) { + state = sw_skip; + break; + } + + if (buf[i] == LF) { + break; + } } if (buf[i] != r->headers_in.user.data[login]) { @@ -242,6 +253,10 @@ ngx_http_auth_basic_handler(ngx_http_req return ngx_http_auth_basic_crypt_handler(r, NULL, &pwd, &alcf->realm); } + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "user \"%V\" was not found in \"%V\"", + &r->headers_in.user, &alcf->user_file); + return ngx_http_auth_basic_set_realm(r, &alcf->realm); } @@ -257,8 +272,8 @@ ngx_http_auth_basic_crypt_handler(ngx_ht &encrypted); ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "rc: %d user: \"%V\" salt: \"%s\"", - rc, &r->headers_in.user, passwd->data); + "rc: %d user: \"%V\" salt: \"%s\"", + rc, &r->headers_in.user, passwd->data); if (rc == NGX_OK) { if (ngx_strcmp(encrypted, passwd->data) == 0) { @@ -268,6 +283,10 @@ ngx_http_auth_basic_crypt_handler(ngx_ht ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "encrypted: \"%s\"", encrypted); + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "user \"%V\": password mismatch", + &r->headers_in.user); + return ngx_http_auth_basic_set_realm(r, realm); } diff --git a/src/http/modules/perl/nginx.pm b/src/http/modules/perl/nginx.pm --- a/src/http/modules/perl/nginx.pm +++ b/src/http/modules/perl/nginx.pm @@ -47,7 +47,7 @@ our @EXPORT = qw( HTTP_INSUFFICIENT_STORAGE ); -our $VERSION = '0.7.37'; +our $VERSION = '0.7.38'; require XSLoader; XSLoader::load('nginx', $VERSION); diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c --- a/src/os/unix/ngx_process_cycle.c +++ b/src/os/unix/ngx_process_cycle.c @@ -1004,7 +1004,7 @@ ngx_worker_process_exit(ngx_cycle_t *cyc && !c[i].read->resolver) { ngx_log_error(NGX_LOG_ALERT, cycle->log, 0, - "open socket #%d left in %ui connection %s", + "open socket #%d left in connection %ui%s", c[i].fd, i, ngx_debug_quit ? ", aborting" : ""); ngx_debug_point(); }