Mercurial > hg > ngx_http_auth_request_module
annotate ngx_http_auth_request_module.c @ 9:4385a10a836f
Auth request: add note that proxy_cache and friends do not work.
With r->header_only set upstream module will shutdown client connection
in case it needs to do cache/store. Probably it's good idea to avoid setting
r->header_only on auth subrequest to make cache work. On the other hand,
auth subrequest then will be required to return responses with empty body in
all cases, even on errors.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Wed, 24 Mar 2010 07:09:18 +0300 |
| parents | fb05a061532c |
| children | 2b95417a1715 |
| rev | line source |
|---|---|
| 0 | 1 |
| 2 /* | |
| 3 * Copyright (C) Maxim Dounin | |
| 4 */ | |
| 5 | |
| 6 | |
| 7 #include <ngx_config.h> | |
| 8 #include <ngx_core.h> | |
| 9 #include <ngx_http.h> | |
| 10 | |
| 11 | |
| 12 typedef struct { | |
| 13 ngx_str_t uri; | |
|
7
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
14 ngx_array_t *vars; |
| 0 | 15 } ngx_http_auth_request_conf_t; |
| 16 | |
| 17 typedef struct { | |
| 18 ngx_uint_t done; | |
| 19 ngx_uint_t status; | |
| 20 ngx_http_request_t *subrequest; | |
| 21 } ngx_http_auth_request_ctx_t; | |
| 22 | |
|
7
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
23 typedef struct { |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
24 ngx_int_t index; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
25 ngx_http_complex_value_t value; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
26 ngx_http_set_variable_pt set_handler; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
27 } ngx_http_auth_request_variable_t; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
28 |
| 0 | 29 |
| 30 static ngx_int_t ngx_http_auth_request_handler(ngx_http_request_t *r); | |
| 31 static ngx_int_t ngx_http_auth_request_done(ngx_http_request_t *r, | |
| 32 void *data, ngx_int_t rc); | |
|
7
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
33 static ngx_int_t ngx_http_auth_request_set_variables(ngx_http_request_t *r, |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
34 ngx_http_auth_request_conf_t *arcf, ngx_http_auth_request_ctx_t *ctx); |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
35 static ngx_int_t ngx_http_auth_request_variable(ngx_http_request_t *r, |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
36 ngx_http_variable_value_t *v, uintptr_t data); |
| 0 | 37 static void *ngx_http_auth_request_create_conf(ngx_conf_t *cf); |
| 38 static char *ngx_http_auth_request_merge_conf(ngx_conf_t *cf, | |
| 39 void *parent, void *child); | |
| 40 static ngx_int_t ngx_http_auth_request_init(ngx_conf_t *cf); | |
|
1
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
41 static char *ngx_http_auth_request(ngx_conf_t *cf, ngx_command_t *cmd, |
|
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
42 void *conf); |
|
7
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
43 static char *ngx_http_auth_request_set(ngx_conf_t *cf, ngx_command_t *cmd, |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
44 void *conf); |
| 0 | 45 |
| 46 | |
| 47 static ngx_command_t ngx_http_auth_request_commands[] = { | |
| 48 | |
| 49 { ngx_string("auth_request"), | |
| 50 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
|
1
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
51 ngx_http_auth_request, |
| 0 | 52 NGX_HTTP_LOC_CONF_OFFSET, |
|
1
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
53 0, |
| 0 | 54 NULL }, |
| 55 | |
|
7
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
56 { ngx_string("auth_request_set"), |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
57 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE2, |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
58 ngx_http_auth_request_set, |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
59 NGX_HTTP_LOC_CONF_OFFSET, |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
60 0, |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
61 NULL }, |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
62 |
| 0 | 63 ngx_null_command |
| 64 }; | |
| 65 | |
| 66 | |
| 67 static ngx_http_module_t ngx_http_auth_request_module_ctx = { | |
| 68 NULL, /* preconfiguration */ | |
| 69 ngx_http_auth_request_init, /* postconfiguration */ | |
| 70 | |
| 71 NULL, /* create main configuration */ | |
| 72 NULL, /* init main configuration */ | |
| 73 | |
| 74 NULL, /* create server configuration */ | |
| 75 NULL, /* merge server configuration */ | |
| 76 | |
| 77 ngx_http_auth_request_create_conf, /* create location configuration */ | |
| 78 ngx_http_auth_request_merge_conf /* merge location configuration */ | |
| 79 }; | |
| 80 | |
| 81 | |
| 82 ngx_module_t ngx_http_auth_request_module = { | |
| 83 NGX_MODULE_V1, | |
| 84 &ngx_http_auth_request_module_ctx, /* module context */ | |
| 85 ngx_http_auth_request_commands, /* module directives */ | |
| 86 NGX_HTTP_MODULE, /* module type */ | |
| 87 NULL, /* init master */ | |
| 88 NULL, /* init module */ | |
| 89 NULL, /* init process */ | |
| 90 NULL, /* init thread */ | |
| 91 NULL, /* exit thread */ | |
| 92 NULL, /* exit process */ | |
| 93 NULL, /* exit master */ | |
| 94 NGX_MODULE_V1_PADDING | |
| 95 }; | |
| 96 | |
| 97 | |
| 98 static ngx_int_t | |
| 99 ngx_http_auth_request_handler(ngx_http_request_t *r) | |
| 100 { | |
| 101 ngx_table_elt_t *h, *ho; | |
| 102 ngx_http_request_t *sr; | |
| 103 ngx_http_post_subrequest_t *ps; | |
| 104 ngx_http_auth_request_ctx_t *ctx; | |
| 105 ngx_http_auth_request_conf_t *arcf; | |
| 106 | |
| 107 arcf = ngx_http_get_module_loc_conf(r, ngx_http_auth_request_module); | |
| 108 | |
| 109 if (arcf->uri.len == 0) { | |
| 110 return NGX_DECLINED; | |
| 111 } | |
| 112 | |
| 113 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, | |
| 114 "auth request handler"); | |
| 115 | |
| 116 ctx = ngx_http_get_module_ctx(r, ngx_http_auth_request_module); | |
| 117 | |
| 118 if (ctx != NULL) { | |
| 119 if (!ctx->done) { | |
| 120 return NGX_AGAIN; | |
| 121 } | |
| 122 | |
|
7
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
123 /* |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
124 * as soon as we are done - explicitly set variables to make |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
125 * sure they will be available after internal redirects |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
126 */ |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
127 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
128 if (ngx_http_auth_request_set_variables(r, arcf, ctx) != NGX_OK) { |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
129 return NGX_ERROR; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
130 } |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
131 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
132 /* return appropriate status */ |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
133 |
| 0 | 134 if (ctx->status == NGX_HTTP_FORBIDDEN) { |
| 135 return ctx->status; | |
| 136 } | |
| 137 | |
| 138 if (ctx->status == NGX_HTTP_UNAUTHORIZED) { | |
| 139 sr = ctx->subrequest; | |
| 140 | |
| 141 h = sr->headers_out.www_authenticate; | |
| 142 | |
| 143 if (!h && sr->upstream) { | |
| 144 h = sr->upstream->headers_in.www_authenticate; | |
| 145 } | |
| 146 | |
| 147 if (h) { | |
| 148 ho = ngx_list_push(&r->headers_out.headers); | |
| 149 if (ho == NULL) { | |
| 150 return NGX_ERROR; | |
| 151 } | |
| 152 | |
| 153 *ho = *h; | |
| 154 | |
| 155 r->headers_out.www_authenticate = ho; | |
| 156 } | |
| 157 | |
| 158 return ctx->status; | |
| 159 } | |
| 160 | |
| 161 if (ctx->status >= NGX_HTTP_OK | |
| 162 && ctx->status < NGX_HTTP_SPECIAL_RESPONSE) | |
| 163 { | |
| 164 return NGX_OK; | |
| 165 } | |
| 166 | |
| 167 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, | |
| 168 "auth request unexpected status: %d", ctx->status); | |
| 169 | |
| 170 return NGX_HTTP_INTERNAL_SERVER_ERROR; | |
| 171 } | |
| 172 | |
| 173 ctx = ngx_pcalloc(r->pool, sizeof(ngx_http_auth_request_ctx_t)); | |
| 174 if (ctx == NULL) { | |
| 175 return NGX_ERROR; | |
| 176 } | |
| 177 | |
| 178 ps = ngx_palloc(r->pool, sizeof(ngx_http_post_subrequest_t)); | |
| 179 if (ps == NULL) { | |
| 180 return NGX_ERROR; | |
| 181 } | |
| 182 | |
| 183 ps->handler = ngx_http_auth_request_done; | |
| 184 ps->data = ctx; | |
| 185 | |
| 186 if (ngx_http_subrequest(r, &arcf->uri, NULL, &sr, ps, | |
| 187 NGX_HTTP_SUBREQUEST_WAITED) | |
| 188 != NGX_OK) | |
| 189 { | |
| 190 return NGX_ERROR; | |
| 191 } | |
| 192 | |
|
4
35f0ee7a3c28
Auth request: fix SIGSEGV on POST.
Maxim Dounin <mdounin@mdounin.ru>
parents:
1
diff
changeset
|
193 sr->discard_body = 1; |
| 0 | 194 sr->header_only = 1; |
| 195 | |
| 196 ctx->subrequest = sr; | |
| 197 | |
| 198 ngx_http_set_ctx(r, ctx, ngx_http_auth_request_module); | |
| 199 | |
| 200 return NGX_AGAIN; | |
| 201 } | |
| 202 | |
| 203 | |
| 204 static ngx_int_t | |
| 205 ngx_http_auth_request_done(ngx_http_request_t *r, void *data, ngx_int_t rc) | |
| 206 { | |
| 207 ngx_http_auth_request_ctx_t *ctx = data; | |
| 208 | |
| 209 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, | |
| 210 "auth request done s:%d", r->headers_out.status); | |
| 211 | |
| 212 ctx->done = 1; | |
| 213 ctx->status = r->headers_out.status; | |
| 214 | |
| 215 return rc; | |
| 216 } | |
| 217 | |
| 218 | |
|
7
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
219 static ngx_int_t |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
220 ngx_http_auth_request_set_variables(ngx_http_request_t *r, |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
221 ngx_http_auth_request_conf_t *arcf, ngx_http_auth_request_ctx_t *ctx) |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
222 { |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
223 ngx_str_t val; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
224 ngx_http_variable_t *v; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
225 ngx_http_variable_value_t *vv; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
226 ngx_http_auth_request_variable_t *av, *last; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
227 ngx_http_core_main_conf_t *cmcf; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
228 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
229 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
230 "auth request set variables"); |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
231 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
232 if (arcf->vars == NULL) { |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
233 return NGX_OK; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
234 } |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
235 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
236 cmcf = ngx_http_get_module_main_conf(r, ngx_http_core_module); |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
237 v = cmcf->variables.elts; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
238 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
239 av = arcf->vars->elts; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
240 last = av + arcf->vars->nelts; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
241 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
242 while (av < last) { |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
243 /* |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
244 * explicitly set new value to make sure it will be available after |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
245 * internal redirects |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
246 */ |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
247 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
248 vv = &r->variables[av->index]; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
249 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
250 if (ngx_http_complex_value(ctx->subrequest, &av->value, &val) |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
251 != NGX_OK) |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
252 { |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
253 return NGX_ERROR; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
254 } |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
255 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
256 vv->valid = 1; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
257 vv->not_found = 0; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
258 vv->data = val.data; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
259 vv->len = val.len; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
260 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
261 if (av->set_handler) { |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
262 /* |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
263 * set_handler only available in cmcf->variables_keys, so we store |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
264 * it explicitly |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
265 */ |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
266 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
267 av->set_handler(r, vv, v[av->index].data); |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
268 } |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
269 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
270 av++; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
271 } |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
272 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
273 return NGX_OK; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
274 } |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
275 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
276 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
277 static ngx_int_t |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
278 ngx_http_auth_request_variable(ngx_http_request_t *r, |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
279 ngx_http_variable_value_t *v, uintptr_t data) |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
280 { |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
281 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
282 "auth request variable"); |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
283 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
284 v->not_found = 1; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
285 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
286 return NGX_OK; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
287 } |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
288 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
289 |
| 0 | 290 static void * |
| 291 ngx_http_auth_request_create_conf(ngx_conf_t *cf) | |
| 292 { | |
| 293 ngx_http_auth_request_conf_t *conf; | |
| 294 | |
| 295 conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_auth_request_conf_t)); | |
| 296 if (conf == NULL) { | |
| 297 return NULL; | |
| 298 } | |
| 299 | |
| 300 /* | |
| 301 * set by ngx_pcalloc(): | |
| 302 * | |
| 303 * conf->uri.len = { 0, NULL }; | |
| 304 */ | |
| 305 | |
|
7
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
306 conf->vars = NGX_CONF_UNSET_PTR; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
307 |
| 0 | 308 return conf; |
| 309 } | |
| 310 | |
| 311 | |
| 312 static char * | |
| 313 ngx_http_auth_request_merge_conf(ngx_conf_t *cf, void *parent, void *child) | |
| 314 { | |
| 315 ngx_http_auth_request_conf_t *prev = parent; | |
| 316 ngx_http_auth_request_conf_t *conf = child; | |
| 317 | |
| 318 ngx_conf_merge_str_value(conf->uri, prev->uri, ""); | |
|
7
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
319 ngx_conf_merge_ptr_value(conf->vars, prev->vars, NULL); |
| 0 | 320 |
| 321 return NGX_CONF_OK; | |
| 322 } | |
| 323 | |
| 324 | |
| 325 static ngx_int_t | |
| 326 ngx_http_auth_request_init(ngx_conf_t *cf) | |
| 327 { | |
| 328 ngx_http_handler_pt *h; | |
| 329 ngx_http_core_main_conf_t *cmcf; | |
| 330 | |
| 331 cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module); | |
| 332 | |
| 333 h = ngx_array_push(&cmcf->phases[NGX_HTTP_ACCESS_PHASE].handlers); | |
| 334 if (h == NULL) { | |
| 335 return NGX_ERROR; | |
| 336 } | |
| 337 | |
| 338 *h = ngx_http_auth_request_handler; | |
| 339 | |
| 340 return NGX_OK; | |
| 341 } | |
|
1
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
342 |
|
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
343 |
|
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
344 static char * |
|
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
345 ngx_http_auth_request(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
|
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
346 { |
|
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
347 ngx_http_auth_request_conf_t *arcf = conf; |
|
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
348 |
|
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
349 ngx_str_t *value; |
|
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
350 |
|
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
351 if (arcf->uri.data != NULL) { |
|
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
352 return "is duplicate"; |
|
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
353 } |
|
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
354 |
|
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
355 value = cf->args->elts; |
|
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
356 |
|
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
357 if (ngx_strcmp(value[1].data, "off") == 0) { |
|
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
358 arcf->uri.len = 0; |
|
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
359 arcf->uri.data = (u_char *) ""; |
|
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
360 |
|
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
361 return NGX_CONF_OK; |
|
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
362 } |
|
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
363 |
|
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
364 arcf->uri = value[1]; |
|
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
365 |
|
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
366 return NGX_CONF_OK; |
|
dfc5ae42367a
Auth request: support switching off.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
367 } |
|
7
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
368 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
369 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
370 static char * |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
371 ngx_http_auth_request_set(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
372 { |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
373 ngx_http_auth_request_conf_t *arcf = conf; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
374 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
375 ngx_str_t *value; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
376 ngx_http_variable_t *v; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
377 ngx_http_auth_request_variable_t *av; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
378 ngx_http_compile_complex_value_t ccv; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
379 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
380 value = cf->args->elts; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
381 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
382 if (value[1].data[0] != '$') { |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
383 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
384 "invalid variable name \"%V\"", &value[1]); |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
385 return NGX_CONF_ERROR; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
386 } |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
387 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
388 value[1].len--; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
389 value[1].data++; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
390 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
391 if (arcf->vars == NGX_CONF_UNSET_PTR) { |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
392 arcf->vars = ngx_array_create(cf->pool, 1, |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
393 sizeof(ngx_http_auth_request_variable_t)); |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
394 if (arcf->vars == NULL) { |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
395 return NGX_CONF_ERROR; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
396 } |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
397 } |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
398 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
399 av = ngx_array_push(arcf->vars); |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
400 if (av == NULL) { |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
401 return NGX_CONF_ERROR; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
402 } |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
403 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
404 v = ngx_http_add_variable(cf, &value[1], NGX_HTTP_VAR_CHANGEABLE); |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
405 if (v == NULL) { |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
406 return NGX_CONF_ERROR; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
407 } |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
408 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
409 av->index = ngx_http_get_variable_index(cf, &value[1]); |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
410 if (av->index == NGX_ERROR) { |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
411 return NGX_CONF_ERROR; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
412 } |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
413 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
414 if (v->get_handler == NULL) { |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
415 v->get_handler = ngx_http_auth_request_variable; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
416 v->data = (uintptr_t) av; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
417 } |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
418 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
419 av->set_handler = v->set_handler; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
420 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
421 ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t)); |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
422 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
423 ccv.cf = cf; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
424 ccv.value = &value[2]; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
425 ccv.complex_value = &av->value; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
426 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
427 if (ngx_http_compile_complex_value(&ccv) != NGX_OK) { |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
428 return NGX_CONF_ERROR; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
429 } |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
430 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
431 return NGX_CONF_OK; |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4
diff
changeset
|
432 } |