nginx-0.1.43

Igor Sysoev is at rambler-co.ru
Tue Aug 30 15:51:12 MSD 2005


On Tue, 30 Aug 2005, Igor Sysoev wrote:

>> Игорь, а как на счет записи в лог имени пользователя, который авторизуется 
>> на апаче?
>
> Это я забыл сделать :) К следующей версии будет.

Вот патч, который выставляет переменную $remote_user независимо от того,
используется аутентификация в nginx или нет.


Игорь Сысоев
http://sysoev.ru
-------------- next part --------------
--- src/http/modules/ngx_http_auth_basic_module.c	Sat Apr 30 13:50:11 2005
+++ src/http/modules/ngx_http_auth_basic_module.c	Tue Aug 30 15:47:09 2005
@@ -90,8 +90,9 @@
     off_t                            offset;
     ssize_t                          n;
     ngx_fd_t                         fd;
-    ngx_str_t                        auth, encoded, pwd;
-    ngx_uint_t                       i, login, len, left, passwd;
+    ngx_int_t                        rc;
+    ngx_str_t                        pwd;
+    ngx_uint_t                       i, login, left, passwd;
     ngx_file_t                       file;
     ngx_http_auth_basic_ctx_t       *ctx;
     ngx_http_auth_basic_loc_conf_t  *alcf;
@@ -115,57 +116,16 @@
                                                  &alcf->realm);
     }
 
-    if (r->headers_in.authorization == NULL) {
-        return ngx_http_auth_basic_set_realm(r, &alcf->realm);
-    }
-
-    encoded = r->headers_in.authorization->value;
+    rc = ngx_http_auth_basic_user(r);
 
-    if (encoded.len < sizeof("Basic ") - 1
-        || ngx_strncasecmp(encoded.data, "Basic ", sizeof("Basic ") - 1) != 0)
-    {
+    if (rc == NGX_DECLINED) {
         return ngx_http_auth_basic_set_realm(r, &alcf->realm);
     }
 
-    encoded.len -= sizeof("Basic ") - 1;
-    encoded.data += sizeof("Basic ") - 1;
-
-    while (encoded.len && encoded.data[0] == ' ') {
-        encoded.len--;
-        encoded.data++;
-    }
-
-    if (encoded.len == 0) {
-        return ngx_http_auth_basic_set_realm(r, &alcf->realm);
-    }
-
-    auth.len = ngx_base64_decoded_length(encoded.len);
-    auth.data = ngx_palloc(r->pool, auth.len + 1);
-    if (auth.data == NULL) {
+    if (rc == NGX_ERROR) {
         return NGX_HTTP_INTERNAL_SERVER_ERROR;
     }
 
-    if (ngx_decode_base64(&auth, &encoded) != NGX_OK) {
-        return ngx_http_auth_basic_set_realm(r, &alcf->realm);
-    }
-
-    auth.data[auth.len] = '\0';
-
-    for (len = 0; len < auth.len; len++) {
-        if (auth.data[len] == ':') {
-            break;
-        }
-    }
-
-    if (len == auth.len) {
-        return ngx_http_auth_basic_set_realm(r, &alcf->realm);
-    }
-
-    r->headers_in.user.len = len;
-    r->headers_in.user.data = auth.data;
-    r->headers_in.passwd.len = auth.len - len - 1;
-    r->headers_in.passwd.data = &auth.data[len + 1];
-
     fd = ngx_open_file(alcf->user_file.data, NGX_FILE_RDONLY, NGX_FILE_OPEN);
 
     if (fd == NGX_INVALID_FILE) {
@@ -208,12 +168,12 @@
                     break;
                 }
 
-                if (buf[i] != auth.data[login]) {
+                if (buf[i] != r->headers_in.user.data[login]) {
                     state = sw_skip;
                     break;
                 }
 
-                if (login == len) {
+                if (login == r->headers_in.user.len) {
                     state = sw_passwd;
                     passwd = i + 1;
                 }
--- src/http/ngx_http_core_module.c	Tue Aug 23 18:51:33 2005
+++ src/http/ngx_http_core_module.c	Tue Aug 30 15:40:20 2005
@@ -931,6 +931,76 @@
 
 
 ngx_int_t
+ngx_http_auth_basic_user(ngx_http_request_t *r)
+{
+    ngx_str_t   auth, encoded;
+    ngx_uint_t  len;
+
+    if (r->headers_in.user.len == 0 && r->headers_in.user.data != NULL) {
+        return NGX_DECLINED;
+    }
+
+    if (r->headers_in.authorization == NULL) {
+        r->headers_in.user.data = (u_char *) "";
+        return NGX_DECLINED;
+    }
+
+    encoded = r->headers_in.authorization->value;
+
+    if (encoded.len < sizeof("Basic ") - 1
+        || ngx_strncasecmp(encoded.data, "Basic ", sizeof("Basic ") - 1) != 0)
+    {
+        r->headers_in.user.data = (u_char *) "";
+        return NGX_DECLINED;
+    }
+
+    encoded.len -= sizeof("Basic ") - 1;
+    encoded.data += sizeof("Basic ") - 1;
+
+    while (encoded.len && encoded.data[0] == ' ') {
+        encoded.len--;
+        encoded.data++;
+    }
+
+    if (encoded.len == 0) {
+        r->headers_in.user.data = (u_char *) "";
+        return NGX_DECLINED;
+    }
+    
+    auth.len = ngx_base64_decoded_length(encoded.len);
+    auth.data = ngx_palloc(r->pool, auth.len + 1); 
+    if (auth.data == NULL) {
+        return NGX_ERROR;
+    }
+
+    if (ngx_decode_base64(&auth, &encoded) != NGX_OK) {
+        r->headers_in.user.data = (u_char *) "";
+        return NGX_DECLINED;
+    }
+    
+    auth.data[auth.len] = '\0';
+    
+    for (len = 0; len < auth.len; len++) { 
+        if (auth.data[len] == ':') {
+            break;
+        }
+    }
+    
+    if (len == auth.len) {
+        r->headers_in.user.data = (u_char *) "";
+        return NGX_DECLINED;
+    }
+
+    r->headers_in.user.len = len;
+    r->headers_in.user.data = auth.data;
+    r->headers_in.passwd.len = auth.len - len - 1;
+    r->headers_in.passwd.data = &auth.data[len + 1];
+
+    return NGX_OK;
+}
+
+
+ngx_int_t
 ngx_http_subrequest(ngx_http_request_t *r,
     ngx_str_t *uri, ngx_str_t *args)
 {
--- src/http/ngx_http_core_module.h	Fri Jul  8 13:49:04 2005
+++ src/http/ngx_http_core_module.h	Tue Aug 30 15:30:10 2005
@@ -252,6 +252,7 @@
 
 ngx_int_t ngx_http_set_content_type(ngx_http_request_t *r);
 ngx_int_t ngx_http_set_exten(ngx_http_request_t *r);
+ngx_int_t ngx_http_auth_basic_user(ngx_http_request_t *r);
 
 ngx_int_t ngx_http_subrequest(ngx_http_request_t *r,
     ngx_str_t *uri, ngx_str_t *args);
--- src/http/ngx_http_variables.c	Tue Aug 30 15:18:56 2005
+++ src/http/ngx_http_variables.c	Tue Aug 30 15:46:53 2005
@@ -32,6 +32,8 @@
     ngx_http_variable_document_root(ngx_http_request_t *r, uintptr_t data);
 static ngx_http_variable_value_t *
     ngx_http_variable_request_filename(ngx_http_request_t *r, uintptr_t data);
+static ngx_http_variable_value_t *
+    ngx_http_variable_remote_user(ngx_http_request_t *r, uintptr_t data);
 
 
 /*
@@ -108,8 +110,7 @@
     { ngx_string("request_method"), ngx_http_variable_request,
       offsetof(ngx_http_request_t, method_name), 0, 0 },
 
-    { ngx_string("remote_user"), ngx_http_variable_request,
-      offsetof(ngx_http_request_t, headers_in.user), 0, 0 },
+    { ngx_string("remote_user"), ngx_http_variable_remote_user, 0, 0, 0 },
 
     { ngx_null_string, NULL, 0, 0, 0 }
 };
@@ -652,6 +653,34 @@
         ngx_memcpy(p, r->uri.data + clcf->name.len,
                    r->uri.len + 1 - clcf->name.len);
     }
+
+    return vv;
+}
+
+
+static ngx_http_variable_value_t *
+ngx_http_variable_remote_user(ngx_http_request_t *r, uintptr_t data)
+{
+    ngx_int_t                   rc;
+    ngx_http_variable_value_t  *vv;
+
+    rc = ngx_http_auth_basic_user(r);
+
+    if (rc == NGX_DECLINED) {
+        return NGX_HTTP_VAR_NOT_FOUND;
+    }
+
+    if (rc == NGX_ERROR) {
+        return NULL;
+    }
+
+    vv = ngx_palloc(r->pool, sizeof(ngx_http_variable_value_t));
+    if (vv == NULL) {
+        return NULL;
+    }
+
+    vv->value = 0;
+    vv->text = r->headers_in.user;
 
     return vv;
 }


More information about the nginx-ru mailing list