Mercurial > hg > nginx-quic
comparison src/http/modules/ngx_http_auth_basic_module.c @ 2567:f0f64973ba2f
auth_basic_user_file supports variables
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Mon, 16 Mar 2009 07:13:22 +0000 |
parents | fd4ee75c6eee |
children | 5c8d9e3cbd8a |
comparison
equal
deleted
inserted
replaced
2566:5e7d590cd704 | 2567:f0f64973ba2f |
---|---|
11 | 11 |
12 #define NGX_HTTP_AUTH_BUF_SIZE 2048 | 12 #define NGX_HTTP_AUTH_BUF_SIZE 2048 |
13 | 13 |
14 | 14 |
15 typedef struct { | 15 typedef struct { |
16 ngx_str_t passwd; | 16 ngx_str_t passwd; |
17 } ngx_http_auth_basic_ctx_t; | 17 } ngx_http_auth_basic_ctx_t; |
18 | 18 |
19 | 19 |
20 typedef struct { | 20 typedef struct { |
21 ngx_str_t realm; | 21 ngx_str_t realm; |
22 ngx_str_t user_file; | 22 ngx_str_t user_file; |
23 ngx_array_t *user_file_lengths; | |
24 ngx_array_t *user_file_values; | |
23 } ngx_http_auth_basic_loc_conf_t; | 25 } ngx_http_auth_basic_loc_conf_t; |
24 | 26 |
25 | 27 |
26 static ngx_int_t ngx_http_auth_basic_handler(ngx_http_request_t *r); | 28 static ngx_int_t ngx_http_auth_basic_handler(ngx_http_request_t *r); |
27 static ngx_int_t ngx_http_auth_basic_crypt_handler(ngx_http_request_t *r, | 29 static ngx_int_t ngx_http_auth_basic_crypt_handler(ngx_http_request_t *r, |
32 static void *ngx_http_auth_basic_create_loc_conf(ngx_conf_t *cf); | 34 static void *ngx_http_auth_basic_create_loc_conf(ngx_conf_t *cf); |
33 static char *ngx_http_auth_basic_merge_loc_conf(ngx_conf_t *cf, | 35 static char *ngx_http_auth_basic_merge_loc_conf(ngx_conf_t *cf, |
34 void *parent, void *child); | 36 void *parent, void *child); |
35 static ngx_int_t ngx_http_auth_basic_init(ngx_conf_t *cf); | 37 static ngx_int_t ngx_http_auth_basic_init(ngx_conf_t *cf); |
36 static char *ngx_http_auth_basic(ngx_conf_t *cf, void *post, void *data); | 38 static char *ngx_http_auth_basic(ngx_conf_t *cf, void *post, void *data); |
39 static char *ngx_http_auth_basic_user_file(ngx_conf_t *cf, ngx_command_t *cmd, | |
40 void *conf); | |
37 | 41 |
38 | 42 |
39 static ngx_conf_post_handler_pt ngx_http_auth_basic_p = ngx_http_auth_basic; | 43 static ngx_conf_post_handler_pt ngx_http_auth_basic_p = ngx_http_auth_basic; |
40 | 44 |
41 static ngx_command_t ngx_http_auth_basic_commands[] = { | 45 static ngx_command_t ngx_http_auth_basic_commands[] = { |
49 &ngx_http_auth_basic_p }, | 53 &ngx_http_auth_basic_p }, |
50 | 54 |
51 { ngx_string("auth_basic_user_file"), | 55 { ngx_string("auth_basic_user_file"), |
52 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LMT_CONF | 56 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LMT_CONF |
53 |NGX_CONF_TAKE1, | 57 |NGX_CONF_TAKE1, |
54 ngx_conf_set_str_slot, | 58 ngx_http_auth_basic_user_file, |
55 NGX_HTTP_LOC_CONF_OFFSET, | 59 NGX_HTTP_LOC_CONF_OFFSET, |
56 offsetof(ngx_http_auth_basic_loc_conf_t, user_file), | 60 offsetof(ngx_http_auth_basic_loc_conf_t, user_file), |
57 NULL }, | 61 NULL }, |
58 | 62 |
59 ngx_null_command | 63 ngx_null_command |
96 { | 100 { |
97 off_t offset; | 101 off_t offset; |
98 ssize_t n; | 102 ssize_t n; |
99 ngx_fd_t fd; | 103 ngx_fd_t fd; |
100 ngx_int_t rc; | 104 ngx_int_t rc; |
101 ngx_str_t pwd; | 105 ngx_err_t err; |
102 ngx_uint_t i, login, left, passwd; | 106 ngx_str_t pwd, user_file; |
107 ngx_uint_t i, level, login, left, passwd; | |
103 ngx_file_t file; | 108 ngx_file_t file; |
104 ngx_http_auth_basic_ctx_t *ctx; | 109 ngx_http_auth_basic_ctx_t *ctx; |
105 ngx_http_auth_basic_loc_conf_t *alcf; | 110 ngx_http_auth_basic_loc_conf_t *alcf; |
106 u_char buf[NGX_HTTP_AUTH_BUF_SIZE]; | 111 u_char buf[NGX_HTTP_AUTH_BUF_SIZE]; |
107 enum { | 112 enum { |
135 | 140 |
136 if (rc == NGX_ERROR) { | 141 if (rc == NGX_ERROR) { |
137 return NGX_HTTP_INTERNAL_SERVER_ERROR; | 142 return NGX_HTTP_INTERNAL_SERVER_ERROR; |
138 } | 143 } |
139 | 144 |
140 fd = ngx_open_file(alcf->user_file.data, NGX_FILE_RDONLY, NGX_FILE_OPEN, 0); | 145 if (alcf->user_file_lengths) { |
146 if (ngx_http_script_run(r, &user_file, alcf->user_file_lengths->elts, 1, | |
147 alcf->user_file_values->elts) | |
148 == NULL) | |
149 { | |
150 return NGX_ERROR; | |
151 } | |
152 | |
153 user_file.data[--user_file.len] = '\0'; | |
154 | |
155 } else { | |
156 user_file = alcf->user_file; | |
157 } | |
158 | |
159 fd = ngx_open_file(user_file.data, NGX_FILE_RDONLY, NGX_FILE_OPEN, 0); | |
141 | 160 |
142 if (fd == NGX_INVALID_FILE) { | 161 if (fd == NGX_INVALID_FILE) { |
143 ngx_log_error(NGX_LOG_CRIT, r->connection->log, ngx_errno, | 162 err = ngx_errno; |
144 ngx_open_file_n " \"%s\" failed", alcf->user_file.data); | 163 |
145 return NGX_HTTP_INTERNAL_SERVER_ERROR; | 164 if (err == NGX_ENOENT) { |
165 level = NGX_LOG_ERR; | |
166 rc = NGX_HTTP_FORBIDDEN; | |
167 | |
168 } else { | |
169 level = NGX_LOG_CRIT; | |
170 rc = NGX_HTTP_INTERNAL_SERVER_ERROR; | |
171 } | |
172 | |
173 ngx_log_error(level, r->connection->log, err, | |
174 ngx_open_file_n " \"%s\" failed", user_file.data); | |
175 | |
176 return rc; | |
146 } | 177 } |
147 | 178 |
148 ngx_memzero(&file, sizeof(ngx_file_t)); | 179 ngx_memzero(&file, sizeof(ngx_file_t)); |
149 | 180 |
150 file.fd = fd; | 181 file.fd = fd; |
151 file.name = alcf->user_file; | 182 file.name = user_file; |
152 file.log = r->connection->log; | 183 file.log = r->connection->log; |
153 | 184 |
154 state = sw_login; | 185 state = sw_login; |
155 passwd = 0; | 186 passwd = 0; |
156 login = 0; | 187 login = 0; |
253 return ngx_http_auth_basic_crypt_handler(r, NULL, &pwd, &alcf->realm); | 284 return ngx_http_auth_basic_crypt_handler(r, NULL, &pwd, &alcf->realm); |
254 } | 285 } |
255 | 286 |
256 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, | 287 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, |
257 "user \"%V\" was not found in \"%V\"", | 288 "user \"%V\" was not found in \"%V\"", |
258 &r->headers_in.user, &alcf->user_file); | 289 &r->headers_in.user, &user_file); |
259 | 290 |
260 return ngx_http_auth_basic_set_realm(r, &alcf->realm); | 291 return ngx_http_auth_basic_set_realm(r, &alcf->realm); |
261 } | 292 } |
262 | 293 |
263 | 294 |
368 | 399 |
369 if (conf->realm.data == NULL) { | 400 if (conf->realm.data == NULL) { |
370 conf->realm = prev->realm; | 401 conf->realm = prev->realm; |
371 } | 402 } |
372 | 403 |
373 if (conf->user_file.data) { | 404 if (conf->user_file.data == NULL) { |
374 if (ngx_conf_full_name(cf->cycle, &conf->user_file, 1) != NGX_OK) { | |
375 return NGX_CONF_ERROR; | |
376 } | |
377 | |
378 } else { | |
379 conf->user_file = prev->user_file; | 405 conf->user_file = prev->user_file; |
406 conf->user_file_lengths = prev->user_file_lengths; | |
407 conf->user_file_values = prev->user_file_values; | |
380 } | 408 } |
381 | 409 |
382 return NGX_CONF_OK; | 410 return NGX_CONF_OK; |
383 } | 411 } |
384 | 412 |
431 realm->len = len; | 459 realm->len = len; |
432 realm->data = basic; | 460 realm->data = basic; |
433 | 461 |
434 return NGX_CONF_OK; | 462 return NGX_CONF_OK; |
435 } | 463 } |
464 | |
465 | |
466 static char * | |
467 ngx_http_auth_basic_user_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
468 { | |
469 ngx_http_auth_basic_loc_conf_t *alcf = conf; | |
470 | |
471 ngx_str_t *value; | |
472 ngx_uint_t n; | |
473 ngx_http_core_loc_conf_t *clcf; | |
474 ngx_http_script_compile_t sc; | |
475 | |
476 clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module); | |
477 | |
478 if (alcf->user_file.data) { | |
479 return "is duplicate"; | |
480 } | |
481 | |
482 value = cf->args->elts; | |
483 | |
484 alcf->user_file = value[1]; | |
485 | |
486 if (alcf->user_file.len == 0) { | |
487 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
488 "invalid parameter \"%V\"", &alcf->user_file); | |
489 return NGX_CONF_ERROR; | |
490 } | |
491 | |
492 if (alcf->user_file.data[0] != '$') { | |
493 if (ngx_conf_full_name(cf->cycle, &alcf->user_file, 1) != NGX_OK) { | |
494 return NGX_CONF_ERROR; | |
495 } | |
496 } | |
497 | |
498 n = ngx_http_script_variables_count(&alcf->user_file); | |
499 | |
500 if (n == 0) { | |
501 return NGX_CONF_OK; | |
502 } | |
503 | |
504 ngx_memzero(&sc, sizeof(ngx_http_script_compile_t)); | |
505 | |
506 sc.cf = cf; | |
507 sc.source = &alcf->user_file; | |
508 sc.lengths = &alcf->user_file_lengths; | |
509 sc.values = &alcf->user_file_values; | |
510 sc.variables = n; | |
511 sc.complete_lengths = 1; | |
512 sc.complete_values = 1; | |
513 | |
514 if (ngx_http_script_compile(&sc) != NGX_OK) { | |
515 return NGX_CONF_ERROR; | |
516 } | |
517 | |
518 return NGX_CONF_OK; | |
519 } |