Mercurial > hg > nginx
comparison src/http/modules/ngx_http_auth_basic_module.c @ 7109:4a670c18e5e6
Removed more remnants of the old pthread implementation.
After e284f3ff6831, ngx_crypt() can no longer return NGX_AGAIN.
| author | Ruslan Ermilov <ru@nginx.com> |
|---|---|
| date | Mon, 18 Sep 2017 11:09:41 +0300 |
| parents | 0cdee26605f3 |
| children | e48ac0136ee3 |
comparison
equal
deleted
inserted
replaced
| 7108:2bf605c6edf7 | 7109:4a670c18e5e6 |
|---|---|
| 13 | 13 |
| 14 #define NGX_HTTP_AUTH_BUF_SIZE 2048 | 14 #define NGX_HTTP_AUTH_BUF_SIZE 2048 |
| 15 | 15 |
| 16 | 16 |
| 17 typedef struct { | 17 typedef struct { |
| 18 ngx_str_t passwd; | |
| 19 } ngx_http_auth_basic_ctx_t; | |
| 20 | |
| 21 | |
| 22 typedef struct { | |
| 23 ngx_http_complex_value_t *realm; | 18 ngx_http_complex_value_t *realm; |
| 24 ngx_http_complex_value_t user_file; | 19 ngx_http_complex_value_t user_file; |
| 25 } ngx_http_auth_basic_loc_conf_t; | 20 } ngx_http_auth_basic_loc_conf_t; |
| 26 | 21 |
| 27 | 22 |
| 28 static ngx_int_t ngx_http_auth_basic_handler(ngx_http_request_t *r); | 23 static ngx_int_t ngx_http_auth_basic_handler(ngx_http_request_t *r); |
| 29 static ngx_int_t ngx_http_auth_basic_crypt_handler(ngx_http_request_t *r, | 24 static ngx_int_t ngx_http_auth_basic_crypt_handler(ngx_http_request_t *r, |
| 30 ngx_http_auth_basic_ctx_t *ctx, ngx_str_t *passwd, ngx_str_t *realm); | 25 ngx_str_t *passwd, ngx_str_t *realm); |
| 31 static ngx_int_t ngx_http_auth_basic_set_realm(ngx_http_request_t *r, | 26 static ngx_int_t ngx_http_auth_basic_set_realm(ngx_http_request_t *r, |
| 32 ngx_str_t *realm); | 27 ngx_str_t *realm); |
| 33 static void ngx_http_auth_basic_close(ngx_file_t *file); | 28 static void ngx_http_auth_basic_close(ngx_file_t *file); |
| 34 static void *ngx_http_auth_basic_create_loc_conf(ngx_conf_t *cf); | 29 static void *ngx_http_auth_basic_create_loc_conf(ngx_conf_t *cf); |
| 35 static char *ngx_http_auth_basic_merge_loc_conf(ngx_conf_t *cf, | 30 static char *ngx_http_auth_basic_merge_loc_conf(ngx_conf_t *cf, |
| 101 ngx_int_t rc; | 96 ngx_int_t rc; |
| 102 ngx_err_t err; | 97 ngx_err_t err; |
| 103 ngx_str_t pwd, realm, user_file; | 98 ngx_str_t pwd, realm, user_file; |
| 104 ngx_uint_t i, level, login, left, passwd; | 99 ngx_uint_t i, level, login, left, passwd; |
| 105 ngx_file_t file; | 100 ngx_file_t file; |
| 106 ngx_http_auth_basic_ctx_t *ctx; | |
| 107 ngx_http_auth_basic_loc_conf_t *alcf; | 101 ngx_http_auth_basic_loc_conf_t *alcf; |
| 108 u_char buf[NGX_HTTP_AUTH_BUF_SIZE]; | 102 u_char buf[NGX_HTTP_AUTH_BUF_SIZE]; |
| 109 enum { | 103 enum { |
| 110 sw_login, | 104 sw_login, |
| 111 sw_passwd, | 105 sw_passwd, |
| 124 | 118 |
| 125 if (realm.len == 3 && ngx_strncmp(realm.data, "off", 3) == 0) { | 119 if (realm.len == 3 && ngx_strncmp(realm.data, "off", 3) == 0) { |
| 126 return NGX_DECLINED; | 120 return NGX_DECLINED; |
| 127 } | 121 } |
| 128 | 122 |
| 129 ctx = ngx_http_get_module_ctx(r, ngx_http_auth_basic_module); | |
| 130 | |
| 131 if (ctx) { | |
| 132 return ngx_http_auth_basic_crypt_handler(r, ctx, &ctx->passwd, | |
| 133 &realm); | |
| 134 } | |
| 135 | |
| 136 rc = ngx_http_auth_basic_user(r); | 123 rc = ngx_http_auth_basic_user(r); |
| 137 | 124 |
| 138 if (rc == NGX_DECLINED) { | 125 if (rc == NGX_DECLINED) { |
| 139 | 126 |
| 140 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, | 127 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, |
| 235 ngx_http_auth_basic_close(&file); | 222 ngx_http_auth_basic_close(&file); |
| 236 | 223 |
| 237 pwd.len = i - passwd; | 224 pwd.len = i - passwd; |
| 238 pwd.data = &buf[passwd]; | 225 pwd.data = &buf[passwd]; |
| 239 | 226 |
| 240 return ngx_http_auth_basic_crypt_handler(r, NULL, &pwd, | 227 return ngx_http_auth_basic_crypt_handler(r, &pwd, &realm); |
| 241 &realm); | |
| 242 } | 228 } |
| 243 | 229 |
| 244 break; | 230 break; |
| 245 | 231 |
| 246 case sw_skip: | 232 case sw_skip: |
| 274 return NGX_HTTP_INTERNAL_SERVER_ERROR; | 260 return NGX_HTTP_INTERNAL_SERVER_ERROR; |
| 275 } | 261 } |
| 276 | 262 |
| 277 ngx_cpystrn(pwd.data, &buf[passwd], pwd.len + 1); | 263 ngx_cpystrn(pwd.data, &buf[passwd], pwd.len + 1); |
| 278 | 264 |
| 279 return ngx_http_auth_basic_crypt_handler(r, NULL, &pwd, &realm); | 265 return ngx_http_auth_basic_crypt_handler(r, &pwd, &realm); |
| 280 } | 266 } |
| 281 | 267 |
| 282 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, | 268 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, |
| 283 "user \"%V\" was not found in \"%V\"", | 269 "user \"%V\" was not found in \"%V\"", |
| 284 &r->headers_in.user, &user_file); | 270 &r->headers_in.user, &user_file); |
| 286 return ngx_http_auth_basic_set_realm(r, &realm); | 272 return ngx_http_auth_basic_set_realm(r, &realm); |
| 287 } | 273 } |
| 288 | 274 |
| 289 | 275 |
| 290 static ngx_int_t | 276 static ngx_int_t |
| 291 ngx_http_auth_basic_crypt_handler(ngx_http_request_t *r, | 277 ngx_http_auth_basic_crypt_handler(ngx_http_request_t *r, ngx_str_t *passwd, |
| 292 ngx_http_auth_basic_ctx_t *ctx, ngx_str_t *passwd, ngx_str_t *realm) | 278 ngx_str_t *realm) |
| 293 { | 279 { |
| 294 ngx_int_t rc; | 280 ngx_int_t rc; |
| 295 u_char *encrypted; | 281 u_char *encrypted; |
| 296 | 282 |
| 297 rc = ngx_crypt(r->pool, r->headers_in.passwd.data, passwd->data, | 283 rc = ngx_crypt(r->pool, r->headers_in.passwd.data, passwd->data, |
| 299 | 285 |
| 300 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, | 286 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
| 301 "rc: %i user: \"%V\" salt: \"%s\"", | 287 "rc: %i user: \"%V\" salt: \"%s\"", |
| 302 rc, &r->headers_in.user, passwd->data); | 288 rc, &r->headers_in.user, passwd->data); |
| 303 | 289 |
| 304 if (rc == NGX_OK) { | 290 if (rc != NGX_OK) { |
| 305 if (ngx_strcmp(encrypted, passwd->data) == 0) { | |
| 306 return NGX_OK; | |
| 307 } | |
| 308 | |
| 309 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, | |
| 310 "encrypted: \"%s\"", encrypted); | |
| 311 | |
| 312 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, | |
| 313 "user \"%V\": password mismatch", | |
| 314 &r->headers_in.user); | |
| 315 | |
| 316 return ngx_http_auth_basic_set_realm(r, realm); | |
| 317 } | |
| 318 | |
| 319 if (rc == NGX_ERROR) { | |
| 320 return NGX_HTTP_INTERNAL_SERVER_ERROR; | 291 return NGX_HTTP_INTERNAL_SERVER_ERROR; |
| 321 } | 292 } |
| 322 | 293 |
| 323 /* rc == NGX_AGAIN */ | 294 if (ngx_strcmp(encrypted, passwd->data) == 0) { |
| 324 | 295 return NGX_OK; |
| 325 if (ctx == NULL) { | 296 } |
| 326 ctx = ngx_palloc(r->pool, sizeof(ngx_http_auth_basic_ctx_t)); | 297 |
| 327 if (ctx == NULL) { | 298 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
| 328 return NGX_HTTP_INTERNAL_SERVER_ERROR; | 299 "encrypted: \"%s\"", encrypted); |
| 329 } | 300 |
| 330 | 301 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, |
| 331 ngx_http_set_ctx(r, ctx, ngx_http_auth_basic_module); | 302 "user \"%V\": password mismatch", |
| 332 | 303 &r->headers_in.user); |
| 333 ctx->passwd.len = passwd->len; | 304 |
| 334 passwd->len++; | 305 return ngx_http_auth_basic_set_realm(r, realm); |
| 335 | |
| 336 ctx->passwd.data = ngx_pstrdup(r->pool, passwd); | |
| 337 if (ctx->passwd.data == NULL) { | |
| 338 return NGX_HTTP_INTERNAL_SERVER_ERROR; | |
| 339 } | |
| 340 | |
| 341 } | |
| 342 | |
| 343 /* TODO: add mutex event */ | |
| 344 | |
| 345 return rc; | |
| 346 } | 306 } |
| 347 | 307 |
| 348 | 308 |
| 349 static ngx_int_t | 309 static ngx_int_t |
| 350 ngx_http_auth_basic_set_realm(ngx_http_request_t *r, ngx_str_t *realm) | 310 ngx_http_auth_basic_set_realm(ngx_http_request_t *r, ngx_str_t *realm) |