Mercurial > hg > ngx_http_auth_request_module
annotate ngx_http_auth_request_module.c @ 9:4385a10a836f
Auth request: add note that proxy_cache and friends do not work.
With r->header_only set upstream module will shutdown client connection
in case it needs to do cache/store. Probably it's good idea to avoid setting
r->header_only on auth subrequest to make cache work. On the other hand,
auth subrequest then will be required to return responses with empty body in
all cases, even on errors.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 24 Mar 2010 07:09:18 +0300 |
parents | fb05a061532c |
children | 2b95417a1715 |
rev | line source |
---|---|
0 | 1 |
2 /* | |
3 * Copyright (C) Maxim Dounin | |
4 */ | |
5 | |
6 | |
7 #include <ngx_config.h> | |
8 #include <ngx_core.h> | |
9 #include <ngx_http.h> | |
10 | |
11 | |
12 typedef struct { | |
13 ngx_str_t uri; | |
7
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
14 ngx_array_t *vars; |
0 | 15 } ngx_http_auth_request_conf_t; |
16 | |
17 typedef struct { | |
18 ngx_uint_t done; | |
19 ngx_uint_t status; | |
20 ngx_http_request_t *subrequest; | |
21 } ngx_http_auth_request_ctx_t; | |
22 | |
7
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
23 typedef struct { |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
24 ngx_int_t index; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
25 ngx_http_complex_value_t value; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
26 ngx_http_set_variable_pt set_handler; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
27 } ngx_http_auth_request_variable_t; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
28 |
0 | 29 |
30 static ngx_int_t ngx_http_auth_request_handler(ngx_http_request_t *r); | |
31 static ngx_int_t ngx_http_auth_request_done(ngx_http_request_t *r, | |
32 void *data, ngx_int_t rc); | |
7
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
33 static ngx_int_t ngx_http_auth_request_set_variables(ngx_http_request_t *r, |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
34 ngx_http_auth_request_conf_t *arcf, ngx_http_auth_request_ctx_t *ctx); |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
35 static ngx_int_t ngx_http_auth_request_variable(ngx_http_request_t *r, |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
36 ngx_http_variable_value_t *v, uintptr_t data); |
0 | 37 static void *ngx_http_auth_request_create_conf(ngx_conf_t *cf); |
38 static char *ngx_http_auth_request_merge_conf(ngx_conf_t *cf, | |
39 void *parent, void *child); | |
40 static ngx_int_t ngx_http_auth_request_init(ngx_conf_t *cf); | |
1
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
41 static char *ngx_http_auth_request(ngx_conf_t *cf, ngx_command_t *cmd, |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
42 void *conf); |
7
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
43 static char *ngx_http_auth_request_set(ngx_conf_t *cf, ngx_command_t *cmd, |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
44 void *conf); |
0 | 45 |
46 | |
47 static ngx_command_t ngx_http_auth_request_commands[] = { | |
48 | |
49 { ngx_string("auth_request"), | |
50 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
1
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
51 ngx_http_auth_request, |
0 | 52 NGX_HTTP_LOC_CONF_OFFSET, |
1
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
53 0, |
0 | 54 NULL }, |
55 | |
7
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
56 { ngx_string("auth_request_set"), |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
57 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE2, |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
58 ngx_http_auth_request_set, |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
59 NGX_HTTP_LOC_CONF_OFFSET, |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
60 0, |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
61 NULL }, |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
62 |
0 | 63 ngx_null_command |
64 }; | |
65 | |
66 | |
67 static ngx_http_module_t ngx_http_auth_request_module_ctx = { | |
68 NULL, /* preconfiguration */ | |
69 ngx_http_auth_request_init, /* postconfiguration */ | |
70 | |
71 NULL, /* create main configuration */ | |
72 NULL, /* init main configuration */ | |
73 | |
74 NULL, /* create server configuration */ | |
75 NULL, /* merge server configuration */ | |
76 | |
77 ngx_http_auth_request_create_conf, /* create location configuration */ | |
78 ngx_http_auth_request_merge_conf /* merge location configuration */ | |
79 }; | |
80 | |
81 | |
82 ngx_module_t ngx_http_auth_request_module = { | |
83 NGX_MODULE_V1, | |
84 &ngx_http_auth_request_module_ctx, /* module context */ | |
85 ngx_http_auth_request_commands, /* module directives */ | |
86 NGX_HTTP_MODULE, /* module type */ | |
87 NULL, /* init master */ | |
88 NULL, /* init module */ | |
89 NULL, /* init process */ | |
90 NULL, /* init thread */ | |
91 NULL, /* exit thread */ | |
92 NULL, /* exit process */ | |
93 NULL, /* exit master */ | |
94 NGX_MODULE_V1_PADDING | |
95 }; | |
96 | |
97 | |
98 static ngx_int_t | |
99 ngx_http_auth_request_handler(ngx_http_request_t *r) | |
100 { | |
101 ngx_table_elt_t *h, *ho; | |
102 ngx_http_request_t *sr; | |
103 ngx_http_post_subrequest_t *ps; | |
104 ngx_http_auth_request_ctx_t *ctx; | |
105 ngx_http_auth_request_conf_t *arcf; | |
106 | |
107 arcf = ngx_http_get_module_loc_conf(r, ngx_http_auth_request_module); | |
108 | |
109 if (arcf->uri.len == 0) { | |
110 return NGX_DECLINED; | |
111 } | |
112 | |
113 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, | |
114 "auth request handler"); | |
115 | |
116 ctx = ngx_http_get_module_ctx(r, ngx_http_auth_request_module); | |
117 | |
118 if (ctx != NULL) { | |
119 if (!ctx->done) { | |
120 return NGX_AGAIN; | |
121 } | |
122 | |
7
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
123 /* |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
124 * as soon as we are done - explicitly set variables to make |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
125 * sure they will be available after internal redirects |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
126 */ |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
127 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
128 if (ngx_http_auth_request_set_variables(r, arcf, ctx) != NGX_OK) { |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
129 return NGX_ERROR; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
130 } |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
131 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
132 /* return appropriate status */ |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
133 |
0 | 134 if (ctx->status == NGX_HTTP_FORBIDDEN) { |
135 return ctx->status; | |
136 } | |
137 | |
138 if (ctx->status == NGX_HTTP_UNAUTHORIZED) { | |
139 sr = ctx->subrequest; | |
140 | |
141 h = sr->headers_out.www_authenticate; | |
142 | |
143 if (!h && sr->upstream) { | |
144 h = sr->upstream->headers_in.www_authenticate; | |
145 } | |
146 | |
147 if (h) { | |
148 ho = ngx_list_push(&r->headers_out.headers); | |
149 if (ho == NULL) { | |
150 return NGX_ERROR; | |
151 } | |
152 | |
153 *ho = *h; | |
154 | |
155 r->headers_out.www_authenticate = ho; | |
156 } | |
157 | |
158 return ctx->status; | |
159 } | |
160 | |
161 if (ctx->status >= NGX_HTTP_OK | |
162 && ctx->status < NGX_HTTP_SPECIAL_RESPONSE) | |
163 { | |
164 return NGX_OK; | |
165 } | |
166 | |
167 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, | |
168 "auth request unexpected status: %d", ctx->status); | |
169 | |
170 return NGX_HTTP_INTERNAL_SERVER_ERROR; | |
171 } | |
172 | |
173 ctx = ngx_pcalloc(r->pool, sizeof(ngx_http_auth_request_ctx_t)); | |
174 if (ctx == NULL) { | |
175 return NGX_ERROR; | |
176 } | |
177 | |
178 ps = ngx_palloc(r->pool, sizeof(ngx_http_post_subrequest_t)); | |
179 if (ps == NULL) { | |
180 return NGX_ERROR; | |
181 } | |
182 | |
183 ps->handler = ngx_http_auth_request_done; | |
184 ps->data = ctx; | |
185 | |
186 if (ngx_http_subrequest(r, &arcf->uri, NULL, &sr, ps, | |
187 NGX_HTTP_SUBREQUEST_WAITED) | |
188 != NGX_OK) | |
189 { | |
190 return NGX_ERROR; | |
191 } | |
192 | |
4
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
193 sr->discard_body = 1; |
0 | 194 sr->header_only = 1; |
195 | |
196 ctx->subrequest = sr; | |
197 | |
198 ngx_http_set_ctx(r, ctx, ngx_http_auth_request_module); | |
199 | |
200 return NGX_AGAIN; | |
201 } | |
202 | |
203 | |
204 static ngx_int_t | |
205 ngx_http_auth_request_done(ngx_http_request_t *r, void *data, ngx_int_t rc) | |
206 { | |
207 ngx_http_auth_request_ctx_t *ctx = data; | |
208 | |
209 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, | |
210 "auth request done s:%d", r->headers_out.status); | |
211 | |
212 ctx->done = 1; | |
213 ctx->status = r->headers_out.status; | |
214 | |
215 return rc; | |
216 } | |
217 | |
218 | |
7
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
219 static ngx_int_t |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
220 ngx_http_auth_request_set_variables(ngx_http_request_t *r, |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
221 ngx_http_auth_request_conf_t *arcf, ngx_http_auth_request_ctx_t *ctx) |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
222 { |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
223 ngx_str_t val; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
224 ngx_http_variable_t *v; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
225 ngx_http_variable_value_t *vv; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
226 ngx_http_auth_request_variable_t *av, *last; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
227 ngx_http_core_main_conf_t *cmcf; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
228 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
229 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
230 "auth request set variables"); |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
231 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
232 if (arcf->vars == NULL) { |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
233 return NGX_OK; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
234 } |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
235 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
236 cmcf = ngx_http_get_module_main_conf(r, ngx_http_core_module); |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
237 v = cmcf->variables.elts; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
238 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
239 av = arcf->vars->elts; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
240 last = av + arcf->vars->nelts; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
241 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
242 while (av < last) { |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
243 /* |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
244 * explicitly set new value to make sure it will be available after |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
245 * internal redirects |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
246 */ |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
247 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
248 vv = &r->variables[av->index]; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
249 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
250 if (ngx_http_complex_value(ctx->subrequest, &av->value, &val) |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
251 != NGX_OK) |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
252 { |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
253 return NGX_ERROR; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
254 } |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
255 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
256 vv->valid = 1; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
257 vv->not_found = 0; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
258 vv->data = val.data; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
259 vv->len = val.len; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
260 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
261 if (av->set_handler) { |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
262 /* |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
263 * set_handler only available in cmcf->variables_keys, so we store |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
264 * it explicitly |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
265 */ |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
266 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
267 av->set_handler(r, vv, v[av->index].data); |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
268 } |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
269 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
270 av++; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
271 } |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
272 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
273 return NGX_OK; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
274 } |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
275 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
276 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
277 static ngx_int_t |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
278 ngx_http_auth_request_variable(ngx_http_request_t *r, |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
279 ngx_http_variable_value_t *v, uintptr_t data) |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
280 { |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
281 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
282 "auth request variable"); |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
283 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
284 v->not_found = 1; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
285 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
286 return NGX_OK; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
287 } |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
288 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
289 |
0 | 290 static void * |
291 ngx_http_auth_request_create_conf(ngx_conf_t *cf) | |
292 { | |
293 ngx_http_auth_request_conf_t *conf; | |
294 | |
295 conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_auth_request_conf_t)); | |
296 if (conf == NULL) { | |
297 return NULL; | |
298 } | |
299 | |
300 /* | |
301 * set by ngx_pcalloc(): | |
302 * | |
303 * conf->uri.len = { 0, NULL }; | |
304 */ | |
305 | |
7
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
306 conf->vars = NGX_CONF_UNSET_PTR; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
307 |
0 | 308 return conf; |
309 } | |
310 | |
311 | |
312 static char * | |
313 ngx_http_auth_request_merge_conf(ngx_conf_t *cf, void *parent, void *child) | |
314 { | |
315 ngx_http_auth_request_conf_t *prev = parent; | |
316 ngx_http_auth_request_conf_t *conf = child; | |
317 | |
318 ngx_conf_merge_str_value(conf->uri, prev->uri, ""); | |
7
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
319 ngx_conf_merge_ptr_value(conf->vars, prev->vars, NULL); |
0 | 320 |
321 return NGX_CONF_OK; | |
322 } | |
323 | |
324 | |
325 static ngx_int_t | |
326 ngx_http_auth_request_init(ngx_conf_t *cf) | |
327 { | |
328 ngx_http_handler_pt *h; | |
329 ngx_http_core_main_conf_t *cmcf; | |
330 | |
331 cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module); | |
332 | |
333 h = ngx_array_push(&cmcf->phases[NGX_HTTP_ACCESS_PHASE].handlers); | |
334 if (h == NULL) { | |
335 return NGX_ERROR; | |
336 } | |
337 | |
338 *h = ngx_http_auth_request_handler; | |
339 | |
340 return NGX_OK; | |
341 } | |
1
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
342 |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
343 |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
344 static char * |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
345 ngx_http_auth_request(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
346 { |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
347 ngx_http_auth_request_conf_t *arcf = conf; |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
348 |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
349 ngx_str_t *value; |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
350 |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
351 if (arcf->uri.data != NULL) { |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
352 return "is duplicate"; |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
353 } |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
354 |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
355 value = cf->args->elts; |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
356 |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
357 if (ngx_strcmp(value[1].data, "off") == 0) { |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
358 arcf->uri.len = 0; |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
359 arcf->uri.data = (u_char *) ""; |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
360 |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
361 return NGX_CONF_OK; |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
362 } |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
363 |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
364 arcf->uri = value[1]; |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
365 |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
366 return NGX_CONF_OK; |
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
367 } |
7
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
368 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
369 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
370 static char * |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
371 ngx_http_auth_request_set(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
372 { |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
373 ngx_http_auth_request_conf_t *arcf = conf; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
374 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
375 ngx_str_t *value; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
376 ngx_http_variable_t *v; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
377 ngx_http_auth_request_variable_t *av; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
378 ngx_http_compile_complex_value_t ccv; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
379 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
380 value = cf->args->elts; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
381 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
382 if (value[1].data[0] != '$') { |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
383 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
384 "invalid variable name \"%V\"", &value[1]); |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
385 return NGX_CONF_ERROR; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
386 } |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
387 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
388 value[1].len--; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
389 value[1].data++; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
390 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
391 if (arcf->vars == NGX_CONF_UNSET_PTR) { |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
392 arcf->vars = ngx_array_create(cf->pool, 1, |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
393 sizeof(ngx_http_auth_request_variable_t)); |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
394 if (arcf->vars == NULL) { |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
395 return NGX_CONF_ERROR; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
396 } |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
397 } |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
398 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
399 av = ngx_array_push(arcf->vars); |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
400 if (av == NULL) { |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
401 return NGX_CONF_ERROR; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
402 } |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
403 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
404 v = ngx_http_add_variable(cf, &value[1], NGX_HTTP_VAR_CHANGEABLE); |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
405 if (v == NULL) { |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
406 return NGX_CONF_ERROR; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
407 } |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
408 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
409 av->index = ngx_http_get_variable_index(cf, &value[1]); |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
410 if (av->index == NGX_ERROR) { |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
411 return NGX_CONF_ERROR; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
412 } |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
413 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
414 if (v->get_handler == NULL) { |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
415 v->get_handler = ngx_http_auth_request_variable; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
416 v->data = (uintptr_t) av; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
417 } |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
418 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
419 av->set_handler = v->set_handler; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
420 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
421 ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t)); |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
422 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
423 ccv.cf = cf; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
424 ccv.value = &value[2]; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
425 ccv.complex_value = &av->value; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
426 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
427 if (ngx_http_compile_complex_value(&ccv) != NGX_OK) { |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
428 return NGX_CONF_ERROR; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
429 } |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
430 |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
431 return NGX_CONF_OK; |
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
432 } |