Mercurial > hg > nginx-quic
annotate src/http/modules/ngx_http_auth_basic_module.c @ 6469:7cdf612fd58c
Win32: replaced NGX_EXDEV with more appropriate error code.
Correct error code for NGX_EXDEV on Windows is ERROR_NOT_SAME_DEVICE,
"The system cannot move the file to a different disk drive".
Previously used ERROR_WRONG_DISK is about wrong diskette in the drive and
is not appropriate.
There is no real difference though, as MoveFile() is able to copy files
between disk drives, and will fail with ERROR_ACCESS_DENIED when asked
to copy directories. The ERROR_NOT_SAME_DEVICE error is only used
by MoveFileEx() when called without the MOVEFILE_COPY_ALLOWED flag.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 29 Mar 2016 09:52:15 +0300 |
parents | c37f34bda5ea |
children | f01ab2dbcfdc |
rev | line source |
---|---|
503 | 1 |
2 /* | |
3 * Copyright (C) Igor Sysoev | |
4412 | 4 * Copyright (C) Nginx, Inc. |
503 | 5 */ |
6 | |
7 | |
8 #include <ngx_config.h> | |
9 #include <ngx_core.h> | |
10 #include <ngx_http.h> | |
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
3887
diff
changeset
|
11 #include <ngx_crypt.h> |
503 | 12 |
13 | |
14 #define NGX_HTTP_AUTH_BUF_SIZE 2048 | |
15 | |
16 | |
17 typedef struct { | |
2588
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
18 ngx_str_t passwd; |
503 | 19 } ngx_http_auth_basic_ctx_t; |
20 | |
21 | |
22 typedef struct { | |
4948
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
23 ngx_http_complex_value_t *realm; |
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
24 ngx_http_complex_value_t user_file; |
503 | 25 } ngx_http_auth_basic_loc_conf_t; |
26 | |
27 | |
28 static ngx_int_t ngx_http_auth_basic_handler(ngx_http_request_t *r); | |
29 static ngx_int_t ngx_http_auth_basic_crypt_handler(ngx_http_request_t *r, | |
30 ngx_http_auth_basic_ctx_t *ctx, ngx_str_t *passwd, ngx_str_t *realm); | |
31 static ngx_int_t ngx_http_auth_basic_set_realm(ngx_http_request_t *r, | |
32 ngx_str_t *realm); | |
33 static void ngx_http_auth_basic_close(ngx_file_t *file); | |
34 static void *ngx_http_auth_basic_create_loc_conf(ngx_conf_t *cf); | |
35 static char *ngx_http_auth_basic_merge_loc_conf(ngx_conf_t *cf, | |
36 void *parent, void *child); | |
681 | 37 static ngx_int_t ngx_http_auth_basic_init(ngx_conf_t *cf); |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
38 static char *ngx_http_auth_basic_user_file(ngx_conf_t *cf, ngx_command_t *cmd, |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
39 void *conf); |
503 | 40 |
41 | |
42 static ngx_command_t ngx_http_auth_basic_commands[] = { | |
43 | |
44 { ngx_string("auth_basic"), | |
631 | 45 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LMT_CONF |
46 |NGX_CONF_TAKE1, | |
4948
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
47 ngx_http_set_complex_value_slot, |
503 | 48 NGX_HTTP_LOC_CONF_OFFSET, |
49 offsetof(ngx_http_auth_basic_loc_conf_t, realm), | |
4948
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
50 NULL }, |
503 | 51 |
52 { ngx_string("auth_basic_user_file"), | |
631 | 53 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LMT_CONF |
54 |NGX_CONF_TAKE1, | |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
55 ngx_http_auth_basic_user_file, |
503 | 56 NGX_HTTP_LOC_CONF_OFFSET, |
57 offsetof(ngx_http_auth_basic_loc_conf_t, user_file), | |
58 NULL }, | |
59 | |
60 ngx_null_command | |
61 }; | |
62 | |
63 | |
667 | 64 static ngx_http_module_t ngx_http_auth_basic_module_ctx = { |
509 | 65 NULL, /* preconfiguration */ |
681 | 66 ngx_http_auth_basic_init, /* postconfiguration */ |
503 | 67 |
68 NULL, /* create main configuration */ | |
69 NULL, /* init main configuration */ | |
70 | |
71 NULL, /* create server configuration */ | |
72 NULL, /* merge server configuration */ | |
73 | |
74 ngx_http_auth_basic_create_loc_conf, /* create location configuration */ | |
75 ngx_http_auth_basic_merge_loc_conf /* merge location configuration */ | |
76 }; | |
77 | |
78 | |
79 ngx_module_t ngx_http_auth_basic_module = { | |
509 | 80 NGX_MODULE_V1, |
503 | 81 &ngx_http_auth_basic_module_ctx, /* module context */ |
82 ngx_http_auth_basic_commands, /* module directives */ | |
83 NGX_HTTP_MODULE, /* module type */ | |
541 | 84 NULL, /* init master */ |
681 | 85 NULL, /* init module */ |
541 | 86 NULL, /* init process */ |
87 NULL, /* init thread */ | |
88 NULL, /* exit thread */ | |
89 NULL, /* exit process */ | |
90 NULL, /* exit master */ | |
91 NGX_MODULE_V1_PADDING | |
503 | 92 }; |
93 | |
94 | |
95 static ngx_int_t | |
96 ngx_http_auth_basic_handler(ngx_http_request_t *r) | |
97 { | |
98 off_t offset; | |
99 ssize_t n; | |
100 ngx_fd_t fd; | |
539 | 101 ngx_int_t rc; |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
102 ngx_err_t err; |
4948
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
103 ngx_str_t pwd, realm, user_file; |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
104 ngx_uint_t i, level, login, left, passwd; |
503 | 105 ngx_file_t file; |
106 ngx_http_auth_basic_ctx_t *ctx; | |
107 ngx_http_auth_basic_loc_conf_t *alcf; | |
108 u_char buf[NGX_HTTP_AUTH_BUF_SIZE]; | |
109 enum { | |
110 sw_login, | |
111 sw_passwd, | |
112 sw_skip | |
113 } state; | |
114 | |
115 alcf = ngx_http_get_module_loc_conf(r, ngx_http_auth_basic_module); | |
116 | |
4948
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
117 if (alcf->realm == NULL || alcf->user_file.value.data == NULL) { |
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
118 return NGX_DECLINED; |
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
119 } |
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
120 |
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
121 if (ngx_http_complex_value(r, alcf->realm, &realm) != NGX_OK) { |
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
122 return NGX_ERROR; |
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
123 } |
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
124 |
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
125 if (realm.len == 3 && ngx_strncmp(realm.data, "off", 3) == 0) { |
1786
adca43955f79
return NGX_DECLINED if access directives are not active,
Igor Sysoev <igor@sysoev.ru>
parents:
1352
diff
changeset
|
126 return NGX_DECLINED; |
503 | 127 } |
128 | |
129 ctx = ngx_http_get_module_ctx(r, ngx_http_auth_basic_module); | |
130 | |
131 if (ctx) { | |
132 return ngx_http_auth_basic_crypt_handler(r, ctx, &ctx->passwd, | |
4948
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
133 &realm); |
503 | 134 } |
135 | |
539 | 136 rc = ngx_http_auth_basic_user(r); |
503 | 137 |
539 | 138 if (rc == NGX_DECLINED) { |
2523
7764f0fdd2a4
add auth basic failure logging
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
139 |
5433
c37f34bda5ea
Auth basic: "info" logging level on no user/password.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4948
diff
changeset
|
140 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, |
2523
7764f0fdd2a4
add auth basic failure logging
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
141 "no user/password was provided for basic authentication"); |
7764f0fdd2a4
add auth basic failure logging
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
142 |
4948
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
143 return ngx_http_auth_basic_set_realm(r, &realm); |
503 | 144 } |
145 | |
539 | 146 if (rc == NGX_ERROR) { |
503 | 147 return NGX_HTTP_INTERNAL_SERVER_ERROR; |
148 } | |
149 | |
2588
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
150 if (ngx_http_complex_value(r, &alcf->user_file, &user_file) != NGX_OK) { |
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
151 return NGX_ERROR; |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
152 } |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
153 |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
154 fd = ngx_open_file(user_file.data, NGX_FILE_RDONLY, NGX_FILE_OPEN, 0); |
503 | 155 |
156 if (fd == NGX_INVALID_FILE) { | |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
157 err = ngx_errno; |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
158 |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
159 if (err == NGX_ENOENT) { |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
160 level = NGX_LOG_ERR; |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
161 rc = NGX_HTTP_FORBIDDEN; |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
162 |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
163 } else { |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
164 level = NGX_LOG_CRIT; |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
165 rc = NGX_HTTP_INTERNAL_SERVER_ERROR; |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
166 } |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
167 |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
168 ngx_log_error(level, r->connection->log, err, |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
169 ngx_open_file_n " \"%s\" failed", user_file.data); |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
170 |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
171 return rc; |
503 | 172 } |
173 | |
174 ngx_memzero(&file, sizeof(ngx_file_t)); | |
175 | |
176 file.fd = fd; | |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
177 file.name = user_file; |
503 | 178 file.log = r->connection->log; |
179 | |
180 state = sw_login; | |
181 passwd = 0; | |
182 login = 0; | |
183 left = 0; | |
184 offset = 0; | |
185 | |
186 for ( ;; ) { | |
890
6356b34cf027
fix when last htpasswd line has no CR or LF
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
187 i = left; |
6356b34cf027
fix when last htpasswd line has no CR or LF
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
188 |
503 | 189 n = ngx_read_file(&file, buf + left, NGX_HTTP_AUTH_BUF_SIZE - left, |
190 offset); | |
191 | |
192 if (n == NGX_ERROR) { | |
193 ngx_http_auth_basic_close(&file); | |
194 return NGX_HTTP_INTERNAL_SERVER_ERROR; | |
195 } | |
196 | |
197 if (n == 0) { | |
198 break; | |
199 } | |
200 | |
201 for (i = left; i < left + n; i++) { | |
202 switch (state) { | |
203 | |
204 case sw_login: | |
2524
fd4ee75c6eee
name/password were ignored after odd empty lines
Igor Sysoev <igor@sysoev.ru>
parents:
2523
diff
changeset
|
205 if (login == 0) { |
fd4ee75c6eee
name/password were ignored after odd empty lines
Igor Sysoev <igor@sysoev.ru>
parents:
2523
diff
changeset
|
206 |
fd4ee75c6eee
name/password were ignored after odd empty lines
Igor Sysoev <igor@sysoev.ru>
parents:
2523
diff
changeset
|
207 if (buf[i] == '#' || buf[i] == CR) { |
fd4ee75c6eee
name/password were ignored after odd empty lines
Igor Sysoev <igor@sysoev.ru>
parents:
2523
diff
changeset
|
208 state = sw_skip; |
fd4ee75c6eee
name/password were ignored after odd empty lines
Igor Sysoev <igor@sysoev.ru>
parents:
2523
diff
changeset
|
209 break; |
fd4ee75c6eee
name/password were ignored after odd empty lines
Igor Sysoev <igor@sysoev.ru>
parents:
2523
diff
changeset
|
210 } |
fd4ee75c6eee
name/password were ignored after odd empty lines
Igor Sysoev <igor@sysoev.ru>
parents:
2523
diff
changeset
|
211 |
fd4ee75c6eee
name/password were ignored after odd empty lines
Igor Sysoev <igor@sysoev.ru>
parents:
2523
diff
changeset
|
212 if (buf[i] == LF) { |
fd4ee75c6eee
name/password were ignored after odd empty lines
Igor Sysoev <igor@sysoev.ru>
parents:
2523
diff
changeset
|
213 break; |
fd4ee75c6eee
name/password were ignored after odd empty lines
Igor Sysoev <igor@sysoev.ru>
parents:
2523
diff
changeset
|
214 } |
503 | 215 } |
216 | |
539 | 217 if (buf[i] != r->headers_in.user.data[login]) { |
503 | 218 state = sw_skip; |
219 break; | |
220 } | |
221 | |
539 | 222 if (login == r->headers_in.user.len) { |
503 | 223 state = sw_passwd; |
224 passwd = i + 1; | |
225 } | |
226 | |
227 login++; | |
228 | |
229 break; | |
230 | |
231 case sw_passwd: | |
232 if (buf[i] == LF || buf[i] == CR || buf[i] == ':') { | |
233 buf[i] = '\0'; | |
234 | |
235 ngx_http_auth_basic_close(&file); | |
236 | |
237 pwd.len = i - passwd; | |
238 pwd.data = &buf[passwd]; | |
239 | |
240 return ngx_http_auth_basic_crypt_handler(r, NULL, &pwd, | |
4948
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
241 &realm); |
503 | 242 } |
243 | |
244 break; | |
245 | |
246 case sw_skip: | |
247 if (buf[i] == LF) { | |
248 state = sw_login; | |
249 login = 0; | |
250 } | |
251 | |
252 break; | |
253 } | |
254 } | |
255 | |
256 if (state == sw_passwd) { | |
257 left = left + n - passwd; | |
3887
e7798b5e990a
use memmove() in appropriate places
Igor Sysoev <igor@sysoev.ru>
parents:
3516
diff
changeset
|
258 ngx_memmove(buf, &buf[passwd], left); |
503 | 259 passwd = 0; |
260 | |
261 } else { | |
262 left = 0; | |
263 } | |
264 | |
265 offset += n; | |
266 } | |
267 | |
268 ngx_http_auth_basic_close(&file); | |
269 | |
890
6356b34cf027
fix when last htpasswd line has no CR or LF
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
270 if (state == sw_passwd) { |
6356b34cf027
fix when last htpasswd line has no CR or LF
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
271 pwd.len = i - passwd; |
2049 | 272 pwd.data = ngx_pnalloc(r->pool, pwd.len + 1); |
890
6356b34cf027
fix when last htpasswd line has no CR or LF
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
273 if (pwd.data == NULL) { |
6356b34cf027
fix when last htpasswd line has no CR or LF
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
274 return NGX_HTTP_INTERNAL_SERVER_ERROR; |
6356b34cf027
fix when last htpasswd line has no CR or LF
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
275 } |
6356b34cf027
fix when last htpasswd line has no CR or LF
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
276 |
6356b34cf027
fix when last htpasswd line has no CR or LF
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
277 ngx_cpystrn(pwd.data, &buf[passwd], pwd.len + 1); |
6356b34cf027
fix when last htpasswd line has no CR or LF
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
278 |
4948
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
279 return ngx_http_auth_basic_crypt_handler(r, NULL, &pwd, &realm); |
890
6356b34cf027
fix when last htpasswd line has no CR or LF
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
280 } |
6356b34cf027
fix when last htpasswd line has no CR or LF
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
281 |
2523
7764f0fdd2a4
add auth basic failure logging
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
282 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, |
7764f0fdd2a4
add auth basic failure logging
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
283 "user \"%V\" was not found in \"%V\"", |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
284 &r->headers_in.user, &user_file); |
2523
7764f0fdd2a4
add auth basic failure logging
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
285 |
4948
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
286 return ngx_http_auth_basic_set_realm(r, &realm); |
503 | 287 } |
288 | |
289 | |
290 static ngx_int_t | |
291 ngx_http_auth_basic_crypt_handler(ngx_http_request_t *r, | |
292 ngx_http_auth_basic_ctx_t *ctx, ngx_str_t *passwd, ngx_str_t *realm) | |
293 { | |
294 ngx_int_t rc; | |
295 u_char *encrypted; | |
296 | |
297 rc = ngx_crypt(r->pool, r->headers_in.passwd.data, passwd->data, | |
298 &encrypted); | |
299 | |
300 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, | |
2523
7764f0fdd2a4
add auth basic failure logging
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
301 "rc: %d user: \"%V\" salt: \"%s\"", |
7764f0fdd2a4
add auth basic failure logging
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
302 rc, &r->headers_in.user, passwd->data); |
503 | 303 |
304 if (rc == NGX_OK) { | |
305 if (ngx_strcmp(encrypted, passwd->data) == 0) { | |
306 return NGX_OK; | |
307 } | |
308 | |
309 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, | |
310 "encrypted: \"%s\"", encrypted); | |
311 | |
2523
7764f0fdd2a4
add auth basic failure logging
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
312 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, |
7764f0fdd2a4
add auth basic failure logging
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
313 "user \"%V\": password mismatch", |
7764f0fdd2a4
add auth basic failure logging
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
314 &r->headers_in.user); |
7764f0fdd2a4
add auth basic failure logging
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
315 |
503 | 316 return ngx_http_auth_basic_set_realm(r, realm); |
317 } | |
318 | |
319 if (rc == NGX_ERROR) { | |
320 return NGX_HTTP_INTERNAL_SERVER_ERROR; | |
321 } | |
322 | |
323 /* rc == NGX_AGAIN */ | |
324 | |
325 if (ctx == NULL) { | |
326 ctx = ngx_palloc(r->pool, sizeof(ngx_http_auth_basic_ctx_t)); | |
327 if (ctx == NULL) { | |
328 return NGX_HTTP_INTERNAL_SERVER_ERROR; | |
329 } | |
330 | |
331 ngx_http_set_ctx(r, ctx, ngx_http_auth_basic_module); | |
332 | |
333 ctx->passwd.len = passwd->len; | |
334 passwd->len++; | |
335 | |
336 ctx->passwd.data = ngx_pstrdup(r->pool, passwd); | |
337 if (ctx->passwd.data == NULL) { | |
338 return NGX_HTTP_INTERNAL_SERVER_ERROR; | |
339 } | |
340 | |
341 } | |
342 | |
343 /* TODO: add mutex event */ | |
344 | |
345 return rc; | |
346 } | |
347 | |
348 | |
349 static ngx_int_t | |
350 ngx_http_auth_basic_set_realm(ngx_http_request_t *r, ngx_str_t *realm) | |
351 { | |
4948
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
352 size_t len; |
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
353 u_char *basic, *p; |
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
354 |
503 | 355 r->headers_out.www_authenticate = ngx_list_push(&r->headers_out.headers); |
356 if (r->headers_out.www_authenticate == NULL) { | |
357 return NGX_HTTP_INTERNAL_SERVER_ERROR; | |
358 } | |
359 | |
4948
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
360 len = sizeof("Basic realm=\"\"") - 1 + realm->len; |
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
361 |
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
362 basic = ngx_pnalloc(r->pool, len); |
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
363 if (basic == NULL) { |
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
364 return NGX_HTTP_INTERNAL_SERVER_ERROR; |
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
365 } |
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
366 |
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
367 p = ngx_cpymem(basic, "Basic realm=\"", sizeof("Basic realm=\"") - 1); |
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
368 p = ngx_cpymem(p, realm->data, realm->len); |
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
369 *p = '"'; |
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
370 |
509 | 371 r->headers_out.www_authenticate->hash = 1; |
3516
dd1570b6f237
ngx_str_set() and ngx_str_null()
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
372 ngx_str_set(&r->headers_out.www_authenticate->key, "WWW-Authenticate"); |
4948
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
373 r->headers_out.www_authenticate->value.data = basic; |
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
374 r->headers_out.www_authenticate->value.len = len; |
503 | 375 |
376 return NGX_HTTP_UNAUTHORIZED; | |
377 } | |
378 | |
379 static void | |
380 ngx_http_auth_basic_close(ngx_file_t *file) | |
381 { | |
382 if (ngx_close_file(file->fd) == NGX_FILE_ERROR) { | |
383 ngx_log_error(NGX_LOG_ALERT, file->log, ngx_errno, | |
384 ngx_close_file_n " \"%s\" failed", file->name.data); | |
385 } | |
386 } | |
387 | |
388 | |
389 static void * | |
390 ngx_http_auth_basic_create_loc_conf(ngx_conf_t *cf) | |
391 { | |
392 ngx_http_auth_basic_loc_conf_t *conf; | |
393 | |
394 conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_auth_basic_loc_conf_t)); | |
395 if (conf == NULL) { | |
2912
c7d57b539248
return NULL instead of NGX_CONF_ERROR on a create conf failure
Igor Sysoev <igor@sysoev.ru>
parents:
2588
diff
changeset
|
396 return NULL; |
503 | 397 } |
398 | |
399 return conf; | |
400 } | |
401 | |
402 | |
403 static char * | |
404 ngx_http_auth_basic_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) | |
405 { | |
406 ngx_http_auth_basic_loc_conf_t *prev = parent; | |
407 ngx_http_auth_basic_loc_conf_t *conf = child; | |
408 | |
4948
d03712b6914b
The "auth_basic" directive gained support of variables.
Ruslan Ermilov <ru@nginx.com>
parents:
4947
diff
changeset
|
409 if (conf->realm == NULL) { |
503 | 410 conf->realm = prev->realm; |
411 } | |
412 | |
4947
4251e72b8bb4
Allow the complex value to be defined as an empty string.
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
413 if (conf->user_file.value.data == NULL) { |
503 | 414 conf->user_file = prev->user_file; |
415 } | |
416 | |
417 return NGX_CONF_OK; | |
418 } | |
419 | |
420 | |
421 static ngx_int_t | |
681 | 422 ngx_http_auth_basic_init(ngx_conf_t *cf) |
503 | 423 { |
424 ngx_http_handler_pt *h; | |
425 ngx_http_core_main_conf_t *cmcf; | |
426 | |
681 | 427 cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module); |
503 | 428 |
429 h = ngx_array_push(&cmcf->phases[NGX_HTTP_ACCESS_PHASE].handlers); | |
430 if (h == NULL) { | |
431 return NGX_ERROR; | |
432 } | |
433 | |
434 *h = ngx_http_auth_basic_handler; | |
435 | |
436 return NGX_OK; | |
437 } | |
438 | |
439 | |
440 static char * | |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
441 ngx_http_auth_basic_user_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
442 { |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
443 ngx_http_auth_basic_loc_conf_t *alcf = conf; |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
444 |
2588
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
445 ngx_str_t *value; |
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
446 ngx_http_compile_complex_value_t ccv; |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
447 |
4947
4251e72b8bb4
Allow the complex value to be defined as an empty string.
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
448 if (alcf->user_file.value.data) { |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
449 return "is duplicate"; |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
450 } |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
451 |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
452 value = cf->args->elts; |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
453 |
2588
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
454 ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t)); |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
455 |
2588
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
456 ccv.cf = cf; |
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
457 ccv.value = &value[1]; |
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
458 ccv.complex_value = &alcf->user_file; |
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
459 ccv.zero = 1; |
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
460 ccv.conf_prefix = 1; |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
461 |
2588
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
462 if (ngx_http_compile_complex_value(&ccv) != NGX_OK) { |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
463 return NGX_CONF_ERROR; |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
464 } |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
465 |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
466 return NGX_CONF_OK; |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
467 } |