changeset 452:fc5ebf0e5f98 NGINX_0_7_38

nginx 0.7.38 *) Feature: authentication failures logging. *) Bugfix: name/password in auth_basic_user_file were ignored after odd number of empty lines. Thanks to Alexander Zagrebin. *) Bugfix: a segmentation fault occurred in a master process, if long path was used in unix domain socket; the bug had appeared in 0.7.36.
author Igor Sysoev <http://sysoev.ru>
date Mon, 23 Feb 2009 00:00:00 +0300
parents 56fe58e64760
children 9ef0e36f3cd5
files CHANGES CHANGES.ru src/core/nginx.h src/core/ngx_inet.h src/http/modules/ngx_http_auth_basic_module.c src/http/modules/perl/nginx.pm src/os/unix/ngx_process_cycle.c
diffstat 7 files changed, 58 insertions(+), 13 deletions(-) [+]
line wrap: on
line diff
--- a/CHANGES	Sat Feb 21 00:00:00 2009 +0300
+++ b/CHANGES	Mon Feb 23 00:00:00 2009 +0300
@@ -1,8 +1,20 @@
 
+Changes with nginx 0.7.38                                        23 Feb 2009
+
+    *) Feature: authentication failures logging.
+
+    *) Bugfix: name/password in auth_basic_user_file were ignored after odd 
+       number of empty lines.
+       Thanks to Alexander Zagrebin.
+
+    *) Bugfix: a segmentation fault occurred in a master process, if long 
+       path was used in unix domain socket; the bug had appeared in 0.7.36.
+
+
 Changes with nginx 0.7.37                                        21 Feb 2009
 
-    *) Bugfix: directive using upstreams did not work; the bug had appeared 
-       in 0.7.36.
+    *) Bugfix: directives using upstreams did not work; the bug had 
+       appeared in 0.7.36.
 
 
 Changes with nginx 0.7.36                                        21 Feb 2009
--- a/CHANGES.ru	Sat Feb 21 00:00:00 2009 +0300
+++ b/CHANGES.ru	Mon Feb 23 00:00:00 2009 +0300
@@ -1,4 +1,17 @@
 
+Изменения в nginx 0.7.38                                          23.02.2009
+
+    *) Добавление: логгирование ошибок аутентификации.
+
+    *) Исправление: имя/пароль, заданные в auth_basic_user_file, 
+       игнорировались после нечётного числа пустых строк.
+       Спасибо Александру Загребину.
+
+    *) Исправление: при использовании длинного пути в unix domain сокете в 
+       главном процессе происходил segmentation fault; ошибка появилась в 
+       0.7.36.
+
+
 Изменения в nginx 0.7.37                                          21.02.2009
 
     *) Исправление: директивы, использующие upstream'ы, не работали; ошибка 
--- a/src/core/nginx.h	Sat Feb 21 00:00:00 2009 +0300
+++ b/src/core/nginx.h	Mon Feb 23 00:00:00 2009 +0300
@@ -8,7 +8,7 @@
 #define _NGINX_H_INCLUDED_
 
 
-#define NGINX_VERSION      "0.7.37"
+#define NGINX_VERSION      "0.7.38"
 #define NGINX_VER          "nginx/" NGINX_VERSION
 
 #define NGINX_VAR          "NGINX"
--- a/src/core/ngx_inet.h	Sat Feb 21 00:00:00 2009 +0300
+++ b/src/core/ngx_inet.h	Mon Feb 23 00:00:00 2009 +0300
@@ -22,14 +22,15 @@
 /*
  * TODO: autoconfigure NGX_SOCKADDRLEN as
  *       sizeof(struct sockaddr_storage)
+ *       sizeof(struct sockaddr_un)
  *       sizeof(struct sockaddr_in6)
  *       sizeof(struct sockaddr_in)
  */
 
-#if (NGX_HAVE_INET6)
-#define NGX_SOCKADDRLEN       sizeof(struct sockaddr_in6)
+#if (NGX_HAVE_UNIX_DOMAIN)
+#define NGX_SOCKADDRLEN       sizeof(struct sockaddr_un)
 #else
-#define NGX_SOCKADDRLEN       sizeof(struct sockaddr_in)
+#define NGX_SOCKADDRLEN       512
 #endif
 
 
--- a/src/http/modules/ngx_http_auth_basic_module.c	Sat Feb 21 00:00:00 2009 +0300
+++ b/src/http/modules/ngx_http_auth_basic_module.c	Mon Feb 23 00:00:00 2009 +0300
@@ -126,6 +126,10 @@
     rc = ngx_http_auth_basic_user(r);
 
     if (rc == NGX_DECLINED) {
+
+        ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+                      "no user/password was provided for basic authentication");
+
         return ngx_http_auth_basic_set_realm(r, &alcf->realm);
     }
 
@@ -172,9 +176,16 @@
             switch (state) {
 
             case sw_login:
-                if (login == 0 && buf[i] == '#') {
-                    state = sw_skip;
-                    break;
+                if (login == 0) {
+
+                    if (buf[i] == '#' || buf[i] == CR) {
+                        state = sw_skip;
+                        break;
+                    }
+
+                    if (buf[i] == LF) {
+                        break;
+                    }
                 }
 
                 if (buf[i] != r->headers_in.user.data[login]) {
@@ -242,6 +253,10 @@
         return ngx_http_auth_basic_crypt_handler(r, NULL, &pwd, &alcf->realm);
     }
 
+    ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+                  "user \"%V\" was not found in \"%V\"",
+                  &r->headers_in.user, &alcf->user_file);
+
     return ngx_http_auth_basic_set_realm(r, &alcf->realm);
 }
 
@@ -257,8 +272,8 @@
                    &encrypted);
 
     ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
-                  "rc: %d user: \"%V\" salt: \"%s\"",
-                  rc, &r->headers_in.user, passwd->data);
+                   "rc: %d user: \"%V\" salt: \"%s\"",
+                   rc, &r->headers_in.user, passwd->data);
 
     if (rc == NGX_OK) {
         if (ngx_strcmp(encrypted, passwd->data) == 0) {
@@ -268,6 +283,10 @@
         ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
                        "encrypted: \"%s\"", encrypted);
 
+        ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+                      "user \"%V\": password mismatch",
+                      &r->headers_in.user);
+
         return ngx_http_auth_basic_set_realm(r, realm);
     }
 
--- a/src/http/modules/perl/nginx.pm	Sat Feb 21 00:00:00 2009 +0300
+++ b/src/http/modules/perl/nginx.pm	Mon Feb 23 00:00:00 2009 +0300
@@ -47,7 +47,7 @@
     HTTP_INSUFFICIENT_STORAGE
 );
 
-our $VERSION = '0.7.37';
+our $VERSION = '0.7.38';
 
 require XSLoader;
 XSLoader::load('nginx', $VERSION);
--- a/src/os/unix/ngx_process_cycle.c	Sat Feb 21 00:00:00 2009 +0300
+++ b/src/os/unix/ngx_process_cycle.c	Mon Feb 23 00:00:00 2009 +0300
@@ -1004,7 +1004,7 @@
                 && !c[i].read->resolver)
             {
                 ngx_log_error(NGX_LOG_ALERT, cycle->log, 0,
-                              "open socket #%d left in %ui connection %s",
+                              "open socket #%d left in connection %ui%s",
                               c[i].fd, i, ngx_debug_quit ? ", aborting" : "");
                 ngx_debug_point();
             }