Mercurial > hg > nginx
comparison src/http/modules/ngx_http_auth_basic_module.c @ 7109:4a670c18e5e6
Removed more remnants of the old pthread implementation.
After e284f3ff6831, ngx_crypt() can no longer return NGX_AGAIN.
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Mon, 18 Sep 2017 11:09:41 +0300 |
parents | 0cdee26605f3 |
children | e48ac0136ee3 |
comparison
equal
deleted
inserted
replaced
7108:2bf605c6edf7 | 7109:4a670c18e5e6 |
---|---|
13 | 13 |
14 #define NGX_HTTP_AUTH_BUF_SIZE 2048 | 14 #define NGX_HTTP_AUTH_BUF_SIZE 2048 |
15 | 15 |
16 | 16 |
17 typedef struct { | 17 typedef struct { |
18 ngx_str_t passwd; | |
19 } ngx_http_auth_basic_ctx_t; | |
20 | |
21 | |
22 typedef struct { | |
23 ngx_http_complex_value_t *realm; | 18 ngx_http_complex_value_t *realm; |
24 ngx_http_complex_value_t user_file; | 19 ngx_http_complex_value_t user_file; |
25 } ngx_http_auth_basic_loc_conf_t; | 20 } ngx_http_auth_basic_loc_conf_t; |
26 | 21 |
27 | 22 |
28 static ngx_int_t ngx_http_auth_basic_handler(ngx_http_request_t *r); | 23 static ngx_int_t ngx_http_auth_basic_handler(ngx_http_request_t *r); |
29 static ngx_int_t ngx_http_auth_basic_crypt_handler(ngx_http_request_t *r, | 24 static ngx_int_t ngx_http_auth_basic_crypt_handler(ngx_http_request_t *r, |
30 ngx_http_auth_basic_ctx_t *ctx, ngx_str_t *passwd, ngx_str_t *realm); | 25 ngx_str_t *passwd, ngx_str_t *realm); |
31 static ngx_int_t ngx_http_auth_basic_set_realm(ngx_http_request_t *r, | 26 static ngx_int_t ngx_http_auth_basic_set_realm(ngx_http_request_t *r, |
32 ngx_str_t *realm); | 27 ngx_str_t *realm); |
33 static void ngx_http_auth_basic_close(ngx_file_t *file); | 28 static void ngx_http_auth_basic_close(ngx_file_t *file); |
34 static void *ngx_http_auth_basic_create_loc_conf(ngx_conf_t *cf); | 29 static void *ngx_http_auth_basic_create_loc_conf(ngx_conf_t *cf); |
35 static char *ngx_http_auth_basic_merge_loc_conf(ngx_conf_t *cf, | 30 static char *ngx_http_auth_basic_merge_loc_conf(ngx_conf_t *cf, |
101 ngx_int_t rc; | 96 ngx_int_t rc; |
102 ngx_err_t err; | 97 ngx_err_t err; |
103 ngx_str_t pwd, realm, user_file; | 98 ngx_str_t pwd, realm, user_file; |
104 ngx_uint_t i, level, login, left, passwd; | 99 ngx_uint_t i, level, login, left, passwd; |
105 ngx_file_t file; | 100 ngx_file_t file; |
106 ngx_http_auth_basic_ctx_t *ctx; | |
107 ngx_http_auth_basic_loc_conf_t *alcf; | 101 ngx_http_auth_basic_loc_conf_t *alcf; |
108 u_char buf[NGX_HTTP_AUTH_BUF_SIZE]; | 102 u_char buf[NGX_HTTP_AUTH_BUF_SIZE]; |
109 enum { | 103 enum { |
110 sw_login, | 104 sw_login, |
111 sw_passwd, | 105 sw_passwd, |
124 | 118 |
125 if (realm.len == 3 && ngx_strncmp(realm.data, "off", 3) == 0) { | 119 if (realm.len == 3 && ngx_strncmp(realm.data, "off", 3) == 0) { |
126 return NGX_DECLINED; | 120 return NGX_DECLINED; |
127 } | 121 } |
128 | 122 |
129 ctx = ngx_http_get_module_ctx(r, ngx_http_auth_basic_module); | |
130 | |
131 if (ctx) { | |
132 return ngx_http_auth_basic_crypt_handler(r, ctx, &ctx->passwd, | |
133 &realm); | |
134 } | |
135 | |
136 rc = ngx_http_auth_basic_user(r); | 123 rc = ngx_http_auth_basic_user(r); |
137 | 124 |
138 if (rc == NGX_DECLINED) { | 125 if (rc == NGX_DECLINED) { |
139 | 126 |
140 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, | 127 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, |
235 ngx_http_auth_basic_close(&file); | 222 ngx_http_auth_basic_close(&file); |
236 | 223 |
237 pwd.len = i - passwd; | 224 pwd.len = i - passwd; |
238 pwd.data = &buf[passwd]; | 225 pwd.data = &buf[passwd]; |
239 | 226 |
240 return ngx_http_auth_basic_crypt_handler(r, NULL, &pwd, | 227 return ngx_http_auth_basic_crypt_handler(r, &pwd, &realm); |
241 &realm); | |
242 } | 228 } |
243 | 229 |
244 break; | 230 break; |
245 | 231 |
246 case sw_skip: | 232 case sw_skip: |
274 return NGX_HTTP_INTERNAL_SERVER_ERROR; | 260 return NGX_HTTP_INTERNAL_SERVER_ERROR; |
275 } | 261 } |
276 | 262 |
277 ngx_cpystrn(pwd.data, &buf[passwd], pwd.len + 1); | 263 ngx_cpystrn(pwd.data, &buf[passwd], pwd.len + 1); |
278 | 264 |
279 return ngx_http_auth_basic_crypt_handler(r, NULL, &pwd, &realm); | 265 return ngx_http_auth_basic_crypt_handler(r, &pwd, &realm); |
280 } | 266 } |
281 | 267 |
282 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, | 268 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, |
283 "user \"%V\" was not found in \"%V\"", | 269 "user \"%V\" was not found in \"%V\"", |
284 &r->headers_in.user, &user_file); | 270 &r->headers_in.user, &user_file); |
286 return ngx_http_auth_basic_set_realm(r, &realm); | 272 return ngx_http_auth_basic_set_realm(r, &realm); |
287 } | 273 } |
288 | 274 |
289 | 275 |
290 static ngx_int_t | 276 static ngx_int_t |
291 ngx_http_auth_basic_crypt_handler(ngx_http_request_t *r, | 277 ngx_http_auth_basic_crypt_handler(ngx_http_request_t *r, ngx_str_t *passwd, |
292 ngx_http_auth_basic_ctx_t *ctx, ngx_str_t *passwd, ngx_str_t *realm) | 278 ngx_str_t *realm) |
293 { | 279 { |
294 ngx_int_t rc; | 280 ngx_int_t rc; |
295 u_char *encrypted; | 281 u_char *encrypted; |
296 | 282 |
297 rc = ngx_crypt(r->pool, r->headers_in.passwd.data, passwd->data, | 283 rc = ngx_crypt(r->pool, r->headers_in.passwd.data, passwd->data, |
299 | 285 |
300 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, | 286 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
301 "rc: %i user: \"%V\" salt: \"%s\"", | 287 "rc: %i user: \"%V\" salt: \"%s\"", |
302 rc, &r->headers_in.user, passwd->data); | 288 rc, &r->headers_in.user, passwd->data); |
303 | 289 |
304 if (rc == NGX_OK) { | 290 if (rc != NGX_OK) { |
305 if (ngx_strcmp(encrypted, passwd->data) == 0) { | |
306 return NGX_OK; | |
307 } | |
308 | |
309 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, | |
310 "encrypted: \"%s\"", encrypted); | |
311 | |
312 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, | |
313 "user \"%V\": password mismatch", | |
314 &r->headers_in.user); | |
315 | |
316 return ngx_http_auth_basic_set_realm(r, realm); | |
317 } | |
318 | |
319 if (rc == NGX_ERROR) { | |
320 return NGX_HTTP_INTERNAL_SERVER_ERROR; | 291 return NGX_HTTP_INTERNAL_SERVER_ERROR; |
321 } | 292 } |
322 | 293 |
323 /* rc == NGX_AGAIN */ | 294 if (ngx_strcmp(encrypted, passwd->data) == 0) { |
324 | 295 return NGX_OK; |
325 if (ctx == NULL) { | 296 } |
326 ctx = ngx_palloc(r->pool, sizeof(ngx_http_auth_basic_ctx_t)); | 297 |
327 if (ctx == NULL) { | 298 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
328 return NGX_HTTP_INTERNAL_SERVER_ERROR; | 299 "encrypted: \"%s\"", encrypted); |
329 } | 300 |
330 | 301 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, |
331 ngx_http_set_ctx(r, ctx, ngx_http_auth_basic_module); | 302 "user \"%V\": password mismatch", |
332 | 303 &r->headers_in.user); |
333 ctx->passwd.len = passwd->len; | 304 |
334 passwd->len++; | 305 return ngx_http_auth_basic_set_realm(r, realm); |
335 | |
336 ctx->passwd.data = ngx_pstrdup(r->pool, passwd); | |
337 if (ctx->passwd.data == NULL) { | |
338 return NGX_HTTP_INTERNAL_SERVER_ERROR; | |
339 } | |
340 | |
341 } | |
342 | |
343 /* TODO: add mutex event */ | |
344 | |
345 return rc; | |
346 } | 306 } |
347 | 307 |
348 | 308 |
349 static ngx_int_t | 309 static ngx_int_t |
350 ngx_http_auth_basic_set_realm(ngx_http_request_t *r, ngx_str_t *realm) | 310 ngx_http_auth_basic_set_realm(ngx_http_request_t *r, ngx_str_t *realm) |