Mercurial > hg > nginx
annotate src/http/modules/ngx_http_auth_basic_module.c @ 4253:6efec8b1ff52 stable-1.0
Merging r4193, r4194:
Autoindex fixes:
*) Autoindex: escape '?' in file names.
For files with '?' in their names autoindex generated links with '?' not
escaped. This resulted in effectively truncated links as '?' indicates
query string start.
This is an updated version of the patch originally posted at [1]. It
introduces generic NGX_ESCAPE_URI_COMPONENT which escapes everything but
unreserved characters as per RFC 3986. This approach also renders unneeded
special colon processing (as colon is percent-encoded now), it's dropped
accordingly.
[1] http://nginx.org/pipermail/nginx-devel/2010-February/000112.html
*) Autoindex: escape html in file names.
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Tue, 01 Nov 2011 14:09:15 +0000 |
parents | 9c057d5e1c27 |
children | d620f497c50f |
rev | line source |
---|---|
503 | 1 |
2 /* | |
3 * Copyright (C) Igor Sysoev | |
4 */ | |
5 | |
6 | |
7 #include <ngx_config.h> | |
8 #include <ngx_core.h> | |
9 #include <ngx_http.h> | |
3922
9c057d5e1c27
"$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
Igor Sysoev <igor@sysoev.ru>
parents:
3887
diff
changeset
|
10 #include <ngx_crypt.h> |
503 | 11 |
12 | |
13 #define NGX_HTTP_AUTH_BUF_SIZE 2048 | |
14 | |
15 | |
16 typedef struct { | |
2588
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
17 ngx_str_t passwd; |
503 | 18 } ngx_http_auth_basic_ctx_t; |
19 | |
20 | |
21 typedef struct { | |
2588
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
22 ngx_str_t realm; |
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
23 ngx_http_complex_value_t user_file; |
503 | 24 } ngx_http_auth_basic_loc_conf_t; |
25 | |
26 | |
27 static ngx_int_t ngx_http_auth_basic_handler(ngx_http_request_t *r); | |
28 static ngx_int_t ngx_http_auth_basic_crypt_handler(ngx_http_request_t *r, | |
29 ngx_http_auth_basic_ctx_t *ctx, ngx_str_t *passwd, ngx_str_t *realm); | |
30 static ngx_int_t ngx_http_auth_basic_set_realm(ngx_http_request_t *r, | |
31 ngx_str_t *realm); | |
32 static void ngx_http_auth_basic_close(ngx_file_t *file); | |
33 static void *ngx_http_auth_basic_create_loc_conf(ngx_conf_t *cf); | |
34 static char *ngx_http_auth_basic_merge_loc_conf(ngx_conf_t *cf, | |
35 void *parent, void *child); | |
681 | 36 static ngx_int_t ngx_http_auth_basic_init(ngx_conf_t *cf); |
503 | 37 static char *ngx_http_auth_basic(ngx_conf_t *cf, void *post, void *data); |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
38 static char *ngx_http_auth_basic_user_file(ngx_conf_t *cf, ngx_command_t *cmd, |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
39 void *conf); |
503 | 40 |
41 | |
42 static ngx_conf_post_handler_pt ngx_http_auth_basic_p = ngx_http_auth_basic; | |
43 | |
44 static ngx_command_t ngx_http_auth_basic_commands[] = { | |
45 | |
46 { ngx_string("auth_basic"), | |
631 | 47 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LMT_CONF |
48 |NGX_CONF_TAKE1, | |
503 | 49 ngx_conf_set_str_slot, |
50 NGX_HTTP_LOC_CONF_OFFSET, | |
51 offsetof(ngx_http_auth_basic_loc_conf_t, realm), | |
52 &ngx_http_auth_basic_p }, | |
53 | |
54 { ngx_string("auth_basic_user_file"), | |
631 | 55 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LMT_CONF |
56 |NGX_CONF_TAKE1, | |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
57 ngx_http_auth_basic_user_file, |
503 | 58 NGX_HTTP_LOC_CONF_OFFSET, |
59 offsetof(ngx_http_auth_basic_loc_conf_t, user_file), | |
60 NULL }, | |
61 | |
62 ngx_null_command | |
63 }; | |
64 | |
65 | |
667 | 66 static ngx_http_module_t ngx_http_auth_basic_module_ctx = { |
509 | 67 NULL, /* preconfiguration */ |
681 | 68 ngx_http_auth_basic_init, /* postconfiguration */ |
503 | 69 |
70 NULL, /* create main configuration */ | |
71 NULL, /* init main configuration */ | |
72 | |
73 NULL, /* create server configuration */ | |
74 NULL, /* merge server configuration */ | |
75 | |
76 ngx_http_auth_basic_create_loc_conf, /* create location configuration */ | |
77 ngx_http_auth_basic_merge_loc_conf /* merge location configuration */ | |
78 }; | |
79 | |
80 | |
81 ngx_module_t ngx_http_auth_basic_module = { | |
509 | 82 NGX_MODULE_V1, |
503 | 83 &ngx_http_auth_basic_module_ctx, /* module context */ |
84 ngx_http_auth_basic_commands, /* module directives */ | |
85 NGX_HTTP_MODULE, /* module type */ | |
541 | 86 NULL, /* init master */ |
681 | 87 NULL, /* init module */ |
541 | 88 NULL, /* init process */ |
89 NULL, /* init thread */ | |
90 NULL, /* exit thread */ | |
91 NULL, /* exit process */ | |
92 NULL, /* exit master */ | |
93 NGX_MODULE_V1_PADDING | |
503 | 94 }; |
95 | |
96 | |
97 static ngx_int_t | |
98 ngx_http_auth_basic_handler(ngx_http_request_t *r) | |
99 { | |
100 off_t offset; | |
101 ssize_t n; | |
102 ngx_fd_t fd; | |
539 | 103 ngx_int_t rc; |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
104 ngx_err_t err; |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
105 ngx_str_t pwd, user_file; |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
106 ngx_uint_t i, level, login, left, passwd; |
503 | 107 ngx_file_t file; |
108 ngx_http_auth_basic_ctx_t *ctx; | |
109 ngx_http_auth_basic_loc_conf_t *alcf; | |
110 u_char buf[NGX_HTTP_AUTH_BUF_SIZE]; | |
111 enum { | |
112 sw_login, | |
113 sw_passwd, | |
114 sw_skip | |
115 } state; | |
116 | |
117 alcf = ngx_http_get_module_loc_conf(r, ngx_http_auth_basic_module); | |
118 | |
2588
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
119 if (alcf->realm.len == 0 || alcf->user_file.value.len == 0) { |
1786
adca43955f79
return NGX_DECLINED if access directives are not active,
Igor Sysoev <igor@sysoev.ru>
parents:
1352
diff
changeset
|
120 return NGX_DECLINED; |
503 | 121 } |
122 | |
123 ctx = ngx_http_get_module_ctx(r, ngx_http_auth_basic_module); | |
124 | |
125 if (ctx) { | |
126 return ngx_http_auth_basic_crypt_handler(r, ctx, &ctx->passwd, | |
127 &alcf->realm); | |
128 } | |
129 | |
539 | 130 rc = ngx_http_auth_basic_user(r); |
503 | 131 |
539 | 132 if (rc == NGX_DECLINED) { |
2523
7764f0fdd2a4
add auth basic failure logging
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
133 |
7764f0fdd2a4
add auth basic failure logging
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
134 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, |
7764f0fdd2a4
add auth basic failure logging
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
135 "no user/password was provided for basic authentication"); |
7764f0fdd2a4
add auth basic failure logging
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
136 |
503 | 137 return ngx_http_auth_basic_set_realm(r, &alcf->realm); |
138 } | |
139 | |
539 | 140 if (rc == NGX_ERROR) { |
503 | 141 return NGX_HTTP_INTERNAL_SERVER_ERROR; |
142 } | |
143 | |
2588
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
144 if (ngx_http_complex_value(r, &alcf->user_file, &user_file) != NGX_OK) { |
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
145 return NGX_ERROR; |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
146 } |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
147 |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
148 fd = ngx_open_file(user_file.data, NGX_FILE_RDONLY, NGX_FILE_OPEN, 0); |
503 | 149 |
150 if (fd == NGX_INVALID_FILE) { | |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
151 err = ngx_errno; |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
152 |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
153 if (err == NGX_ENOENT) { |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
154 level = NGX_LOG_ERR; |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
155 rc = NGX_HTTP_FORBIDDEN; |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
156 |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
157 } else { |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
158 level = NGX_LOG_CRIT; |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
159 rc = NGX_HTTP_INTERNAL_SERVER_ERROR; |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
160 } |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
161 |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
162 ngx_log_error(level, r->connection->log, err, |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
163 ngx_open_file_n " \"%s\" failed", user_file.data); |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
164 |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
165 return rc; |
503 | 166 } |
167 | |
168 ngx_memzero(&file, sizeof(ngx_file_t)); | |
169 | |
170 file.fd = fd; | |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
171 file.name = user_file; |
503 | 172 file.log = r->connection->log; |
173 | |
174 state = sw_login; | |
175 passwd = 0; | |
176 login = 0; | |
177 left = 0; | |
178 offset = 0; | |
179 | |
180 for ( ;; ) { | |
890
6356b34cf027
fix when last htpasswd line has no CR or LF
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
181 i = left; |
6356b34cf027
fix when last htpasswd line has no CR or LF
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
182 |
503 | 183 n = ngx_read_file(&file, buf + left, NGX_HTTP_AUTH_BUF_SIZE - left, |
184 offset); | |
185 | |
186 if (n == NGX_ERROR) { | |
187 ngx_http_auth_basic_close(&file); | |
188 return NGX_HTTP_INTERNAL_SERVER_ERROR; | |
189 } | |
190 | |
191 if (n == 0) { | |
192 break; | |
193 } | |
194 | |
195 for (i = left; i < left + n; i++) { | |
196 switch (state) { | |
197 | |
198 case sw_login: | |
2524
fd4ee75c6eee
name/password were ignored after odd empty lines
Igor Sysoev <igor@sysoev.ru>
parents:
2523
diff
changeset
|
199 if (login == 0) { |
fd4ee75c6eee
name/password were ignored after odd empty lines
Igor Sysoev <igor@sysoev.ru>
parents:
2523
diff
changeset
|
200 |
fd4ee75c6eee
name/password were ignored after odd empty lines
Igor Sysoev <igor@sysoev.ru>
parents:
2523
diff
changeset
|
201 if (buf[i] == '#' || buf[i] == CR) { |
fd4ee75c6eee
name/password were ignored after odd empty lines
Igor Sysoev <igor@sysoev.ru>
parents:
2523
diff
changeset
|
202 state = sw_skip; |
fd4ee75c6eee
name/password were ignored after odd empty lines
Igor Sysoev <igor@sysoev.ru>
parents:
2523
diff
changeset
|
203 break; |
fd4ee75c6eee
name/password were ignored after odd empty lines
Igor Sysoev <igor@sysoev.ru>
parents:
2523
diff
changeset
|
204 } |
fd4ee75c6eee
name/password were ignored after odd empty lines
Igor Sysoev <igor@sysoev.ru>
parents:
2523
diff
changeset
|
205 |
fd4ee75c6eee
name/password were ignored after odd empty lines
Igor Sysoev <igor@sysoev.ru>
parents:
2523
diff
changeset
|
206 if (buf[i] == LF) { |
fd4ee75c6eee
name/password were ignored after odd empty lines
Igor Sysoev <igor@sysoev.ru>
parents:
2523
diff
changeset
|
207 break; |
fd4ee75c6eee
name/password were ignored after odd empty lines
Igor Sysoev <igor@sysoev.ru>
parents:
2523
diff
changeset
|
208 } |
503 | 209 } |
210 | |
539 | 211 if (buf[i] != r->headers_in.user.data[login]) { |
503 | 212 state = sw_skip; |
213 break; | |
214 } | |
215 | |
539 | 216 if (login == r->headers_in.user.len) { |
503 | 217 state = sw_passwd; |
218 passwd = i + 1; | |
219 } | |
220 | |
221 login++; | |
222 | |
223 break; | |
224 | |
225 case sw_passwd: | |
226 if (buf[i] == LF || buf[i] == CR || buf[i] == ':') { | |
227 buf[i] = '\0'; | |
228 | |
229 ngx_http_auth_basic_close(&file); | |
230 | |
231 pwd.len = i - passwd; | |
232 pwd.data = &buf[passwd]; | |
233 | |
234 return ngx_http_auth_basic_crypt_handler(r, NULL, &pwd, | |
235 &alcf->realm); | |
236 } | |
237 | |
238 break; | |
239 | |
240 case sw_skip: | |
241 if (buf[i] == LF) { | |
242 state = sw_login; | |
243 login = 0; | |
244 } | |
245 | |
246 break; | |
247 } | |
248 } | |
249 | |
250 if (state == sw_passwd) { | |
251 left = left + n - passwd; | |
3887
e7798b5e990a
use memmove() in appropriate places
Igor Sysoev <igor@sysoev.ru>
parents:
3516
diff
changeset
|
252 ngx_memmove(buf, &buf[passwd], left); |
503 | 253 passwd = 0; |
254 | |
255 } else { | |
256 left = 0; | |
257 } | |
258 | |
259 offset += n; | |
260 } | |
261 | |
262 ngx_http_auth_basic_close(&file); | |
263 | |
890
6356b34cf027
fix when last htpasswd line has no CR or LF
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
264 if (state == sw_passwd) { |
6356b34cf027
fix when last htpasswd line has no CR or LF
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
265 pwd.len = i - passwd; |
2049 | 266 pwd.data = ngx_pnalloc(r->pool, pwd.len + 1); |
890
6356b34cf027
fix when last htpasswd line has no CR or LF
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
267 if (pwd.data == NULL) { |
6356b34cf027
fix when last htpasswd line has no CR or LF
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
268 return NGX_HTTP_INTERNAL_SERVER_ERROR; |
6356b34cf027
fix when last htpasswd line has no CR or LF
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
269 } |
6356b34cf027
fix when last htpasswd line has no CR or LF
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
270 |
6356b34cf027
fix when last htpasswd line has no CR or LF
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
271 ngx_cpystrn(pwd.data, &buf[passwd], pwd.len + 1); |
6356b34cf027
fix when last htpasswd line has no CR or LF
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
272 |
6356b34cf027
fix when last htpasswd line has no CR or LF
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
273 return ngx_http_auth_basic_crypt_handler(r, NULL, &pwd, &alcf->realm); |
6356b34cf027
fix when last htpasswd line has no CR or LF
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
274 } |
6356b34cf027
fix when last htpasswd line has no CR or LF
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
275 |
2523
7764f0fdd2a4
add auth basic failure logging
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
276 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, |
7764f0fdd2a4
add auth basic failure logging
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
277 "user \"%V\" was not found in \"%V\"", |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
278 &r->headers_in.user, &user_file); |
2523
7764f0fdd2a4
add auth basic failure logging
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
279 |
503 | 280 return ngx_http_auth_basic_set_realm(r, &alcf->realm); |
281 } | |
282 | |
283 | |
284 static ngx_int_t | |
285 ngx_http_auth_basic_crypt_handler(ngx_http_request_t *r, | |
286 ngx_http_auth_basic_ctx_t *ctx, ngx_str_t *passwd, ngx_str_t *realm) | |
287 { | |
288 ngx_int_t rc; | |
289 u_char *encrypted; | |
290 | |
291 rc = ngx_crypt(r->pool, r->headers_in.passwd.data, passwd->data, | |
292 &encrypted); | |
293 | |
294 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, | |
2523
7764f0fdd2a4
add auth basic failure logging
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
295 "rc: %d user: \"%V\" salt: \"%s\"", |
7764f0fdd2a4
add auth basic failure logging
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
296 rc, &r->headers_in.user, passwd->data); |
503 | 297 |
298 if (rc == NGX_OK) { | |
299 if (ngx_strcmp(encrypted, passwd->data) == 0) { | |
300 return NGX_OK; | |
301 } | |
302 | |
303 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, | |
304 "encrypted: \"%s\"", encrypted); | |
305 | |
2523
7764f0fdd2a4
add auth basic failure logging
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
306 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, |
7764f0fdd2a4
add auth basic failure logging
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
307 "user \"%V\": password mismatch", |
7764f0fdd2a4
add auth basic failure logging
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
308 &r->headers_in.user); |
7764f0fdd2a4
add auth basic failure logging
Igor Sysoev <igor@sysoev.ru>
parents:
2049
diff
changeset
|
309 |
503 | 310 return ngx_http_auth_basic_set_realm(r, realm); |
311 } | |
312 | |
313 if (rc == NGX_ERROR) { | |
314 return NGX_HTTP_INTERNAL_SERVER_ERROR; | |
315 } | |
316 | |
317 /* rc == NGX_AGAIN */ | |
318 | |
319 if (ctx == NULL) { | |
320 ctx = ngx_palloc(r->pool, sizeof(ngx_http_auth_basic_ctx_t)); | |
321 if (ctx == NULL) { | |
322 return NGX_HTTP_INTERNAL_SERVER_ERROR; | |
323 } | |
324 | |
325 ngx_http_set_ctx(r, ctx, ngx_http_auth_basic_module); | |
326 | |
327 ctx->passwd.len = passwd->len; | |
328 passwd->len++; | |
329 | |
330 ctx->passwd.data = ngx_pstrdup(r->pool, passwd); | |
331 if (ctx->passwd.data == NULL) { | |
332 return NGX_HTTP_INTERNAL_SERVER_ERROR; | |
333 } | |
334 | |
335 } | |
336 | |
337 /* TODO: add mutex event */ | |
338 | |
339 return rc; | |
340 } | |
341 | |
342 | |
343 static ngx_int_t | |
344 ngx_http_auth_basic_set_realm(ngx_http_request_t *r, ngx_str_t *realm) | |
345 { | |
346 r->headers_out.www_authenticate = ngx_list_push(&r->headers_out.headers); | |
347 if (r->headers_out.www_authenticate == NULL) { | |
348 return NGX_HTTP_INTERNAL_SERVER_ERROR; | |
349 } | |
350 | |
509 | 351 r->headers_out.www_authenticate->hash = 1; |
3516
dd1570b6f237
ngx_str_set() and ngx_str_null()
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
352 ngx_str_set(&r->headers_out.www_authenticate->key, "WWW-Authenticate"); |
503 | 353 r->headers_out.www_authenticate->value = *realm; |
354 | |
355 return NGX_HTTP_UNAUTHORIZED; | |
356 } | |
357 | |
358 static void | |
359 ngx_http_auth_basic_close(ngx_file_t *file) | |
360 { | |
361 if (ngx_close_file(file->fd) == NGX_FILE_ERROR) { | |
362 ngx_log_error(NGX_LOG_ALERT, file->log, ngx_errno, | |
363 ngx_close_file_n " \"%s\" failed", file->name.data); | |
364 } | |
365 } | |
366 | |
367 | |
368 static void * | |
369 ngx_http_auth_basic_create_loc_conf(ngx_conf_t *cf) | |
370 { | |
371 ngx_http_auth_basic_loc_conf_t *conf; | |
372 | |
373 conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_auth_basic_loc_conf_t)); | |
374 if (conf == NULL) { | |
2912
c7d57b539248
return NULL instead of NGX_CONF_ERROR on a create conf failure
Igor Sysoev <igor@sysoev.ru>
parents:
2588
diff
changeset
|
375 return NULL; |
503 | 376 } |
377 | |
378 return conf; | |
379 } | |
380 | |
381 | |
382 static char * | |
383 ngx_http_auth_basic_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) | |
384 { | |
385 ngx_http_auth_basic_loc_conf_t *prev = parent; | |
386 ngx_http_auth_basic_loc_conf_t *conf = child; | |
387 | |
581 | 388 if (conf->realm.data == NULL) { |
503 | 389 conf->realm = prev->realm; |
390 } | |
391 | |
2588
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
392 if (conf->user_file.value.len == 0) { |
503 | 393 conf->user_file = prev->user_file; |
394 } | |
395 | |
396 return NGX_CONF_OK; | |
397 } | |
398 | |
399 | |
400 static ngx_int_t | |
681 | 401 ngx_http_auth_basic_init(ngx_conf_t *cf) |
503 | 402 { |
403 ngx_http_handler_pt *h; | |
404 ngx_http_core_main_conf_t *cmcf; | |
405 | |
681 | 406 cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module); |
503 | 407 |
408 h = ngx_array_push(&cmcf->phases[NGX_HTTP_ACCESS_PHASE].handlers); | |
409 if (h == NULL) { | |
410 return NGX_ERROR; | |
411 } | |
412 | |
413 *h = ngx_http_auth_basic_handler; | |
414 | |
415 return NGX_OK; | |
416 } | |
417 | |
418 | |
419 static char * | |
420 ngx_http_auth_basic(ngx_conf_t *cf, void *post, void *data) | |
421 { | |
422 ngx_str_t *realm = data; | |
423 | |
581 | 424 size_t len; |
425 u_char *basic, *p; | |
426 | |
503 | 427 if (ngx_strcmp(realm->data, "off") == 0) { |
3516
dd1570b6f237
ngx_str_set() and ngx_str_null()
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
428 ngx_str_set(realm, ""); |
583 | 429 return NGX_CONF_OK; |
503 | 430 } |
431 | |
581 | 432 len = sizeof("Basic realm=\"") - 1 + realm->len + 1; |
433 | |
2049 | 434 basic = ngx_pnalloc(cf->pool, len); |
581 | 435 if (basic == NULL) { |
436 return NGX_CONF_ERROR; | |
437 } | |
438 | |
439 p = ngx_cpymem(basic, "Basic realm=\"", sizeof("Basic realm=\"") - 1); | |
440 p = ngx_cpymem(p, realm->data, realm->len); | |
441 *p = '"'; | |
442 | |
443 realm->len = len; | |
444 realm->data = basic; | |
445 | |
503 | 446 return NGX_CONF_OK; |
447 } | |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
448 |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
449 |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
450 static char * |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
451 ngx_http_auth_basic_user_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
452 { |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
453 ngx_http_auth_basic_loc_conf_t *alcf = conf; |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
454 |
2588
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
455 ngx_str_t *value; |
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
456 ngx_http_compile_complex_value_t ccv; |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
457 |
2588
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
458 if (alcf->user_file.value.len) { |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
459 return "is duplicate"; |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
460 } |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
461 |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
462 value = cf->args->elts; |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
463 |
2588
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
464 ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t)); |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
465 |
2588
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
466 ccv.cf = cf; |
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
467 ccv.value = &value[1]; |
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
468 ccv.complex_value = &alcf->user_file; |
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
469 ccv.zero = 1; |
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
470 ccv.conf_prefix = 1; |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
471 |
2588
a6954ce88b80
use complex values in add_header, auth_basic_user_file,
Igor Sysoev <igor@sysoev.ru>
parents:
2571
diff
changeset
|
472 if (ngx_http_compile_complex_value(&ccv) != NGX_OK) { |
2567
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
473 return NGX_CONF_ERROR; |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
474 } |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
475 |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
476 return NGX_CONF_OK; |
f0f64973ba2f
auth_basic_user_file supports variables
Igor Sysoev <igor@sysoev.ru>
parents:
2524
diff
changeset
|
477 } |