nginxtra 1.2.6.8 → 1.2.7.8
Sign up to get free protection for your applications and to get access to all the features.
- data/bin/nginxtra +1 -1
- data/bin/nginxtra_rails +1 -1
- data/lib/nginxtra/version.rb +1 -1
- data/vendor/nginx/CHANGES +72 -0
- data/vendor/nginx/CHANGES.ru +76 -0
- data/vendor/nginx/LICENSE +2 -2
- data/vendor/nginx/auto/cc/msvc +0 -3
- data/vendor/nginx/auto/lib/geoip/conf +17 -2
- data/vendor/nginx/auto/lib/libgd/conf +1 -1
- data/vendor/nginx/auto/lib/pcre/conf +1 -0
- data/vendor/nginx/auto/lib/perl/make +1 -3
- data/vendor/nginx/auto/lib/zlib/conf +4 -1
- data/vendor/nginx/man/nginx.8 +2 -2
- data/vendor/nginx/src/core/nginx.h +2 -2
- data/vendor/nginx/src/core/ngx_conf_file.c +4 -19
- data/vendor/nginx/src/core/ngx_conf_file.h +1 -10
- data/vendor/nginx/src/core/ngx_cycle.c +2 -19
- data/vendor/nginx/src/core/ngx_file.c +4 -4
- data/vendor/nginx/src/core/ngx_inet.c +1 -1
- data/vendor/nginx/src/core/ngx_inet.h +1 -1
- data/vendor/nginx/src/core/ngx_radix_tree.c +202 -5
- data/vendor/nginx/src/core/ngx_radix_tree.h +9 -0
- data/vendor/nginx/src/event/modules/ngx_poll_module.c +2 -2
- data/vendor/nginx/src/event/ngx_event.c +4 -0
- data/vendor/nginx/src/event/ngx_event_openssl.c +27 -13
- data/vendor/nginx/src/http/modules/ngx_http_auth_basic_module.c +38 -49
- data/vendor/nginx/src/http/modules/ngx_http_fastcgi_module.c +44 -59
- data/vendor/nginx/src/http/modules/ngx_http_geo_module.c +310 -103
- data/vendor/nginx/src/http/modules/ngx_http_geoip_module.c +145 -15
- data/vendor/nginx/src/http/modules/ngx_http_gzip_filter_module.c +5 -1
- data/vendor/nginx/src/http/modules/ngx_http_headers_filter_module.c +1 -0
- data/vendor/nginx/src/http/modules/ngx_http_image_filter_module.c +27 -13
- data/vendor/nginx/src/http/modules/ngx_http_log_module.c +378 -40
- data/vendor/nginx/src/http/modules/ngx_http_map_module.c +7 -0
- data/vendor/nginx/src/http/modules/ngx_http_proxy_module.c +9 -7
- data/vendor/nginx/src/http/modules/ngx_http_scgi_module.c +1 -1
- data/vendor/nginx/src/http/modules/ngx_http_secure_link_module.c +15 -2
- data/vendor/nginx/src/http/modules/ngx_http_split_clients_module.c +1 -1
- data/vendor/nginx/src/http/modules/ngx_http_sub_filter_module.c +2 -2
- data/vendor/nginx/src/http/modules/ngx_http_upstream_keepalive_module.c +4 -0
- data/vendor/nginx/src/http/modules/ngx_http_upstream_least_conn_module.c +3 -1
- data/vendor/nginx/src/http/modules/ngx_http_uwsgi_module.c +1 -1
- data/vendor/nginx/src/http/modules/ngx_http_xslt_filter_module.c +2 -2
- data/vendor/nginx/src/http/modules/perl/Makefile.PL +3 -14
- data/vendor/nginx/src/http/modules/perl/nginx.pm +2 -2
- data/vendor/nginx/src/http/ngx_http_core_module.c +2 -1
- data/vendor/nginx/src/http/ngx_http_script.c +3 -7
- data/vendor/nginx/src/http/ngx_http_upstream.c +9 -0
- data/vendor/nginx/src/http/ngx_http_upstream_round_robin.c +3 -1
- data/vendor/nginx/src/http/ngx_http_variables.c +114 -0
- data/vendor/nginx/src/http/ngx_http_write_filter_module.c +1 -1
- data/vendor/nginx/src/os/unix/ngx_files.c +1 -1
- data/vendor/nginx/src/os/unix/ngx_user.c +13 -14
- metadata +2 -2
@@ -465,7 +465,7 @@ ngx_parse_addr(ngx_pool_t *pool, ngx_addr_t *addr, u_char *text, size_t len)
|
|
465
465
|
* prevent MSVC8 warning:
|
466
466
|
* potentially uninitialized local variable 'inaddr6' used
|
467
467
|
*/
|
468
|
-
ngx_memzero(inaddr6
|
468
|
+
ngx_memzero(&inaddr6, sizeof(struct in6_addr));
|
469
469
|
#endif
|
470
470
|
|
471
471
|
inaddr = ngx_inet_addr(text, len);
|
@@ -30,7 +30,7 @@
|
|
30
30
|
#if (NGX_HAVE_UNIX_DOMAIN)
|
31
31
|
#define NGX_SOCKADDR_STRLEN (sizeof("unix:") - 1 + NGX_UNIX_ADDRSTRLEN)
|
32
32
|
#else
|
33
|
-
#define NGX_SOCKADDR_STRLEN (NGX_INET6_ADDRSTRLEN + sizeof(":65535") - 1)
|
33
|
+
#define NGX_SOCKADDR_STRLEN (NGX_INET6_ADDRSTRLEN + sizeof("[]:65535") - 1)
|
34
34
|
#endif
|
35
35
|
|
36
36
|
#if (NGX_HAVE_UNIX_DOMAIN)
|
@@ -9,7 +9,7 @@
|
|
9
9
|
#include <ngx_core.h>
|
10
10
|
|
11
11
|
|
12
|
-
static
|
12
|
+
static ngx_radix_node_t *ngx_radix_alloc(ngx_radix_tree_t *tree);
|
13
13
|
|
14
14
|
|
15
15
|
ngx_radix_tree_t *
|
@@ -263,13 +263,210 @@ ngx_radix32tree_find(ngx_radix_tree_t *tree, uint32_t key)
|
|
263
263
|
}
|
264
264
|
|
265
265
|
|
266
|
-
|
266
|
+
#if (NGX_HAVE_INET6)
|
267
|
+
|
268
|
+
ngx_int_t
|
269
|
+
ngx_radix128tree_insert(ngx_radix_tree_t *tree, u_char *key, u_char *mask,
|
270
|
+
uintptr_t value)
|
271
|
+
{
|
272
|
+
u_char bit;
|
273
|
+
ngx_uint_t i;
|
274
|
+
ngx_radix_node_t *node, *next;
|
275
|
+
|
276
|
+
i = 0;
|
277
|
+
bit = 0x80;
|
278
|
+
|
279
|
+
node = tree->root;
|
280
|
+
next = tree->root;
|
281
|
+
|
282
|
+
while (bit & mask[i]) {
|
283
|
+
if (key[i] & bit) {
|
284
|
+
next = node->right;
|
285
|
+
|
286
|
+
} else {
|
287
|
+
next = node->left;
|
288
|
+
}
|
289
|
+
|
290
|
+
if (next == NULL) {
|
291
|
+
break;
|
292
|
+
}
|
293
|
+
|
294
|
+
bit >>= 1;
|
295
|
+
node = next;
|
296
|
+
|
297
|
+
if (bit == 0) {
|
298
|
+
if (++i == 16) {
|
299
|
+
break;
|
300
|
+
}
|
301
|
+
|
302
|
+
bit = 0x80;
|
303
|
+
}
|
304
|
+
}
|
305
|
+
|
306
|
+
if (next) {
|
307
|
+
if (node->value != NGX_RADIX_NO_VALUE) {
|
308
|
+
return NGX_BUSY;
|
309
|
+
}
|
310
|
+
|
311
|
+
node->value = value;
|
312
|
+
return NGX_OK;
|
313
|
+
}
|
314
|
+
|
315
|
+
while (bit & mask[i]) {
|
316
|
+
next = ngx_radix_alloc(tree);
|
317
|
+
if (next == NULL) {
|
318
|
+
return NGX_ERROR;
|
319
|
+
}
|
320
|
+
|
321
|
+
next->right = NULL;
|
322
|
+
next->left = NULL;
|
323
|
+
next->parent = node;
|
324
|
+
next->value = NGX_RADIX_NO_VALUE;
|
325
|
+
|
326
|
+
if (key[i] & bit) {
|
327
|
+
node->right = next;
|
328
|
+
|
329
|
+
} else {
|
330
|
+
node->left = next;
|
331
|
+
}
|
332
|
+
|
333
|
+
bit >>= 1;
|
334
|
+
node = next;
|
335
|
+
|
336
|
+
if (bit == 0) {
|
337
|
+
if (++i == 16) {
|
338
|
+
break;
|
339
|
+
}
|
340
|
+
|
341
|
+
bit = 0x80;
|
342
|
+
}
|
343
|
+
}
|
344
|
+
|
345
|
+
node->value = value;
|
346
|
+
|
347
|
+
return NGX_OK;
|
348
|
+
}
|
349
|
+
|
350
|
+
|
351
|
+
ngx_int_t
|
352
|
+
ngx_radix128tree_delete(ngx_radix_tree_t *tree, u_char *key, u_char *mask)
|
353
|
+
{
|
354
|
+
u_char bit;
|
355
|
+
ngx_uint_t i;
|
356
|
+
ngx_radix_node_t *node;
|
357
|
+
|
358
|
+
i = 0;
|
359
|
+
bit = 0x80;
|
360
|
+
node = tree->root;
|
361
|
+
|
362
|
+
while (node && (bit & mask[i])) {
|
363
|
+
if (key[i] & bit) {
|
364
|
+
node = node->right;
|
365
|
+
|
366
|
+
} else {
|
367
|
+
node = node->left;
|
368
|
+
}
|
369
|
+
|
370
|
+
bit >>= 1;
|
371
|
+
|
372
|
+
if (bit == 0) {
|
373
|
+
if (++i == 16) {
|
374
|
+
break;
|
375
|
+
}
|
376
|
+
|
377
|
+
bit = 0x80;
|
378
|
+
}
|
379
|
+
}
|
380
|
+
|
381
|
+
if (node == NULL) {
|
382
|
+
return NGX_ERROR;
|
383
|
+
}
|
384
|
+
|
385
|
+
if (node->right || node->left) {
|
386
|
+
if (node->value != NGX_RADIX_NO_VALUE) {
|
387
|
+
node->value = NGX_RADIX_NO_VALUE;
|
388
|
+
return NGX_OK;
|
389
|
+
}
|
390
|
+
|
391
|
+
return NGX_ERROR;
|
392
|
+
}
|
393
|
+
|
394
|
+
for ( ;; ) {
|
395
|
+
if (node->parent->right == node) {
|
396
|
+
node->parent->right = NULL;
|
397
|
+
|
398
|
+
} else {
|
399
|
+
node->parent->left = NULL;
|
400
|
+
}
|
401
|
+
|
402
|
+
node->right = tree->free;
|
403
|
+
tree->free = node;
|
404
|
+
|
405
|
+
node = node->parent;
|
406
|
+
|
407
|
+
if (node->right || node->left) {
|
408
|
+
break;
|
409
|
+
}
|
410
|
+
|
411
|
+
if (node->value != NGX_RADIX_NO_VALUE) {
|
412
|
+
break;
|
413
|
+
}
|
414
|
+
|
415
|
+
if (node->parent == NULL) {
|
416
|
+
break;
|
417
|
+
}
|
418
|
+
}
|
419
|
+
|
420
|
+
return NGX_OK;
|
421
|
+
}
|
422
|
+
|
423
|
+
|
424
|
+
uintptr_t
|
425
|
+
ngx_radix128tree_find(ngx_radix_tree_t *tree, u_char *key)
|
426
|
+
{
|
427
|
+
u_char bit;
|
428
|
+
uintptr_t value;
|
429
|
+
ngx_uint_t i;
|
430
|
+
ngx_radix_node_t *node;
|
431
|
+
|
432
|
+
i = 0;
|
433
|
+
bit = 0x80;
|
434
|
+
value = NGX_RADIX_NO_VALUE;
|
435
|
+
node = tree->root;
|
436
|
+
|
437
|
+
while (node) {
|
438
|
+
if (node->value != NGX_RADIX_NO_VALUE) {
|
439
|
+
value = node->value;
|
440
|
+
}
|
441
|
+
|
442
|
+
if (key[i] & bit) {
|
443
|
+
node = node->right;
|
444
|
+
|
445
|
+
} else {
|
446
|
+
node = node->left;
|
447
|
+
}
|
448
|
+
|
449
|
+
bit >>= 1;
|
450
|
+
|
451
|
+
if (bit == 0) {
|
452
|
+
i++;
|
453
|
+
bit = 0x80;
|
454
|
+
}
|
455
|
+
}
|
456
|
+
|
457
|
+
return value;
|
458
|
+
}
|
459
|
+
|
460
|
+
#endif
|
461
|
+
|
462
|
+
|
463
|
+
static ngx_radix_node_t *
|
267
464
|
ngx_radix_alloc(ngx_radix_tree_t *tree)
|
268
465
|
{
|
269
|
-
|
466
|
+
ngx_radix_node_t *p;
|
270
467
|
|
271
468
|
if (tree->free) {
|
272
|
-
p =
|
469
|
+
p = tree->free;
|
273
470
|
tree->free = tree->free->right;
|
274
471
|
return p;
|
275
472
|
}
|
@@ -283,7 +480,7 @@ ngx_radix_alloc(ngx_radix_tree_t *tree)
|
|
283
480
|
tree->size = ngx_pagesize;
|
284
481
|
}
|
285
482
|
|
286
|
-
p = tree->start;
|
483
|
+
p = (ngx_radix_node_t *) tree->start;
|
287
484
|
tree->start += sizeof(ngx_radix_node_t);
|
288
485
|
tree->size -= sizeof(ngx_radix_node_t);
|
289
486
|
|
@@ -36,11 +36,20 @@ typedef struct {
|
|
36
36
|
|
37
37
|
ngx_radix_tree_t *ngx_radix_tree_create(ngx_pool_t *pool,
|
38
38
|
ngx_int_t preallocate);
|
39
|
+
|
39
40
|
ngx_int_t ngx_radix32tree_insert(ngx_radix_tree_t *tree,
|
40
41
|
uint32_t key, uint32_t mask, uintptr_t value);
|
41
42
|
ngx_int_t ngx_radix32tree_delete(ngx_radix_tree_t *tree,
|
42
43
|
uint32_t key, uint32_t mask);
|
43
44
|
uintptr_t ngx_radix32tree_find(ngx_radix_tree_t *tree, uint32_t key);
|
44
45
|
|
46
|
+
#if (NGX_HAVE_INET6)
|
47
|
+
ngx_int_t ngx_radix128tree_insert(ngx_radix_tree_t *tree,
|
48
|
+
u_char *key, u_char *mask, uintptr_t value);
|
49
|
+
ngx_int_t ngx_radix128tree_delete(ngx_radix_tree_t *tree,
|
50
|
+
u_char *key, u_char *mask);
|
51
|
+
uintptr_t ngx_radix128tree_find(ngx_radix_tree_t *tree, u_char *key);
|
52
|
+
#endif
|
53
|
+
|
45
54
|
|
46
55
|
#endif /* _NGX_RADIX_TREE_H_INCLUDED_ */
|
@@ -371,7 +371,7 @@ ngx_poll_process_events(ngx_cycle_t *cycle, ngx_msec_t timer, ngx_uint_t flags)
|
|
371
371
|
|
372
372
|
found = 0;
|
373
373
|
|
374
|
-
if (revents & POLLIN) {
|
374
|
+
if ((revents & POLLIN) && c->read->active) {
|
375
375
|
found = 1;
|
376
376
|
|
377
377
|
ev = c->read;
|
@@ -388,7 +388,7 @@ ngx_poll_process_events(ngx_cycle_t *cycle, ngx_msec_t timer, ngx_uint_t flags)
|
|
388
388
|
ngx_locked_post_event(ev, queue);
|
389
389
|
}
|
390
390
|
|
391
|
-
if (revents & POLLOUT) {
|
391
|
+
if ((revents & POLLOUT) && c->write->active) {
|
392
392
|
found = 1;
|
393
393
|
ev = c->write;
|
394
394
|
|
@@ -892,6 +892,10 @@ ngx_events_block(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|
892
892
|
ngx_conf_t pcf;
|
893
893
|
ngx_event_module_t *m;
|
894
894
|
|
895
|
+
if (*(void **) conf) {
|
896
|
+
return "is duplicate";
|
897
|
+
}
|
898
|
+
|
895
899
|
/* count the number of the event modules and set up their indices */
|
896
900
|
|
897
901
|
ngx_event_max_module = 0;
|
@@ -528,10 +528,10 @@ ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name)
|
|
528
528
|
return NGX_ERROR;
|
529
529
|
}
|
530
530
|
|
531
|
-
SSL_CTX_set_tmp_ecdh(ssl->ctx, ecdh);
|
532
|
-
|
533
531
|
SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_ECDH_USE);
|
534
532
|
|
533
|
+
SSL_CTX_set_tmp_ecdh(ssl->ctx, ecdh);
|
534
|
+
|
535
535
|
EC_KEY_free(ecdh);
|
536
536
|
#endif
|
537
537
|
#endif
|
@@ -693,6 +693,10 @@ ngx_ssl_handshake(ngx_connection_t *c)
|
|
693
693
|
return NGX_ERROR;
|
694
694
|
}
|
695
695
|
|
696
|
+
if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
|
697
|
+
return NGX_ERROR;
|
698
|
+
}
|
699
|
+
|
696
700
|
return NGX_AGAIN;
|
697
701
|
}
|
698
702
|
|
@@ -701,6 +705,10 @@ ngx_ssl_handshake(ngx_connection_t *c)
|
|
701
705
|
c->read->handler = ngx_ssl_handshake_handler;
|
702
706
|
c->write->handler = ngx_ssl_handshake_handler;
|
703
707
|
|
708
|
+
if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
|
709
|
+
return NGX_ERROR;
|
710
|
+
}
|
711
|
+
|
704
712
|
if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
|
705
713
|
return NGX_ERROR;
|
706
714
|
}
|
@@ -1053,8 +1061,8 @@ ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
|
|
1053
1061
|
buf->end = buf->start + NGX_SSL_BUFSIZE;
|
1054
1062
|
}
|
1055
1063
|
|
1056
|
-
send =
|
1057
|
-
flush = (in == NULL) ? 1 :
|
1064
|
+
send = buf->last - buf->pos;
|
1065
|
+
flush = (in == NULL) ? 1 : buf->flush;
|
1058
1066
|
|
1059
1067
|
for ( ;; ) {
|
1060
1068
|
|
@@ -1076,7 +1084,6 @@ ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
|
|
1076
1084
|
|
1077
1085
|
if (send + size > limit) {
|
1078
1086
|
size = (ssize_t) (limit - send);
|
1079
|
-
flush = 1;
|
1080
1087
|
}
|
1081
1088
|
|
1082
1089
|
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
@@ -1093,10 +1100,16 @@ ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
|
|
1093
1100
|
}
|
1094
1101
|
}
|
1095
1102
|
|
1103
|
+
if (!flush && send < limit && buf->last < buf->end) {
|
1104
|
+
break;
|
1105
|
+
}
|
1106
|
+
|
1096
1107
|
size = buf->last - buf->pos;
|
1097
1108
|
|
1098
|
-
if (
|
1099
|
-
|
1109
|
+
if (size == 0) {
|
1110
|
+
buf->flush = 0;
|
1111
|
+
c->buffered &= ~NGX_SSL_BUFFERED;
|
1112
|
+
return in;
|
1100
1113
|
}
|
1101
1114
|
|
1102
1115
|
n = ngx_ssl_write(c, buf->pos, size);
|
@@ -1106,8 +1119,7 @@ ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
|
|
1106
1119
|
}
|
1107
1120
|
|
1108
1121
|
if (n == NGX_AGAIN) {
|
1109
|
-
|
1110
|
-
return in;
|
1122
|
+
break;
|
1111
1123
|
}
|
1112
1124
|
|
1113
1125
|
buf->pos += n;
|
@@ -1117,16 +1129,18 @@ ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
|
|
1117
1129
|
break;
|
1118
1130
|
}
|
1119
1131
|
|
1120
|
-
|
1121
|
-
|
1122
|
-
|
1123
|
-
|
1132
|
+
flush = 0;
|
1133
|
+
|
1134
|
+
buf->pos = buf->start;
|
1135
|
+
buf->last = buf->start;
|
1124
1136
|
|
1125
1137
|
if (in == NULL || send == limit) {
|
1126
1138
|
break;
|
1127
1139
|
}
|
1128
1140
|
}
|
1129
1141
|
|
1142
|
+
buf->flush = flush;
|
1143
|
+
|
1130
1144
|
if (buf->pos < buf->last) {
|
1131
1145
|
c->buffered |= NGX_SSL_BUFFERED;
|
1132
1146
|
|
@@ -20,8 +20,8 @@ typedef struct {
|
|
20
20
|
|
21
21
|
|
22
22
|
typedef struct {
|
23
|
-
|
24
|
-
ngx_http_complex_value_t
|
23
|
+
ngx_http_complex_value_t *realm;
|
24
|
+
ngx_http_complex_value_t user_file;
|
25
25
|
} ngx_http_auth_basic_loc_conf_t;
|
26
26
|
|
27
27
|
|
@@ -35,22 +35,19 @@ static void *ngx_http_auth_basic_create_loc_conf(ngx_conf_t *cf);
|
|
35
35
|
static char *ngx_http_auth_basic_merge_loc_conf(ngx_conf_t *cf,
|
36
36
|
void *parent, void *child);
|
37
37
|
static ngx_int_t ngx_http_auth_basic_init(ngx_conf_t *cf);
|
38
|
-
static char *ngx_http_auth_basic(ngx_conf_t *cf, void *post, void *data);
|
39
38
|
static char *ngx_http_auth_basic_user_file(ngx_conf_t *cf, ngx_command_t *cmd,
|
40
39
|
void *conf);
|
41
40
|
|
42
41
|
|
43
|
-
static ngx_conf_post_handler_pt ngx_http_auth_basic_p = ngx_http_auth_basic;
|
44
|
-
|
45
42
|
static ngx_command_t ngx_http_auth_basic_commands[] = {
|
46
43
|
|
47
44
|
{ ngx_string("auth_basic"),
|
48
45
|
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LMT_CONF
|
49
46
|
|NGX_CONF_TAKE1,
|
50
|
-
|
47
|
+
ngx_http_set_complex_value_slot,
|
51
48
|
NGX_HTTP_LOC_CONF_OFFSET,
|
52
49
|
offsetof(ngx_http_auth_basic_loc_conf_t, realm),
|
53
|
-
|
50
|
+
NULL },
|
54
51
|
|
55
52
|
{ ngx_string("auth_basic_user_file"),
|
56
53
|
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LMT_CONF
|
@@ -103,7 +100,7 @@ ngx_http_auth_basic_handler(ngx_http_request_t *r)
|
|
103
100
|
ngx_fd_t fd;
|
104
101
|
ngx_int_t rc;
|
105
102
|
ngx_err_t err;
|
106
|
-
ngx_str_t pwd, user_file;
|
103
|
+
ngx_str_t pwd, realm, user_file;
|
107
104
|
ngx_uint_t i, level, login, left, passwd;
|
108
105
|
ngx_file_t file;
|
109
106
|
ngx_http_auth_basic_ctx_t *ctx;
|
@@ -117,7 +114,15 @@ ngx_http_auth_basic_handler(ngx_http_request_t *r)
|
|
117
114
|
|
118
115
|
alcf = ngx_http_get_module_loc_conf(r, ngx_http_auth_basic_module);
|
119
116
|
|
120
|
-
if (alcf->realm
|
117
|
+
if (alcf->realm == NULL || alcf->user_file.value.data == NULL) {
|
118
|
+
return NGX_DECLINED;
|
119
|
+
}
|
120
|
+
|
121
|
+
if (ngx_http_complex_value(r, alcf->realm, &realm) != NGX_OK) {
|
122
|
+
return NGX_ERROR;
|
123
|
+
}
|
124
|
+
|
125
|
+
if (realm.len == 3 && ngx_strncmp(realm.data, "off", 3) == 0) {
|
121
126
|
return NGX_DECLINED;
|
122
127
|
}
|
123
128
|
|
@@ -125,7 +130,7 @@ ngx_http_auth_basic_handler(ngx_http_request_t *r)
|
|
125
130
|
|
126
131
|
if (ctx) {
|
127
132
|
return ngx_http_auth_basic_crypt_handler(r, ctx, &ctx->passwd,
|
128
|
-
&
|
133
|
+
&realm);
|
129
134
|
}
|
130
135
|
|
131
136
|
rc = ngx_http_auth_basic_user(r);
|
@@ -135,7 +140,7 @@ ngx_http_auth_basic_handler(ngx_http_request_t *r)
|
|
135
140
|
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
|
136
141
|
"no user/password was provided for basic authentication");
|
137
142
|
|
138
|
-
return ngx_http_auth_basic_set_realm(r, &
|
143
|
+
return ngx_http_auth_basic_set_realm(r, &realm);
|
139
144
|
}
|
140
145
|
|
141
146
|
if (rc == NGX_ERROR) {
|
@@ -233,7 +238,7 @@ ngx_http_auth_basic_handler(ngx_http_request_t *r)
|
|
233
238
|
pwd.data = &buf[passwd];
|
234
239
|
|
235
240
|
return ngx_http_auth_basic_crypt_handler(r, NULL, &pwd,
|
236
|
-
&
|
241
|
+
&realm);
|
237
242
|
}
|
238
243
|
|
239
244
|
break;
|
@@ -271,14 +276,14 @@ ngx_http_auth_basic_handler(ngx_http_request_t *r)
|
|
271
276
|
|
272
277
|
ngx_cpystrn(pwd.data, &buf[passwd], pwd.len + 1);
|
273
278
|
|
274
|
-
return ngx_http_auth_basic_crypt_handler(r, NULL, &pwd, &
|
279
|
+
return ngx_http_auth_basic_crypt_handler(r, NULL, &pwd, &realm);
|
275
280
|
}
|
276
281
|
|
277
282
|
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
|
278
283
|
"user \"%V\" was not found in \"%V\"",
|
279
284
|
&r->headers_in.user, &user_file);
|
280
285
|
|
281
|
-
return ngx_http_auth_basic_set_realm(r, &
|
286
|
+
return ngx_http_auth_basic_set_realm(r, &realm);
|
282
287
|
}
|
283
288
|
|
284
289
|
|
@@ -344,14 +349,29 @@ ngx_http_auth_basic_crypt_handler(ngx_http_request_t *r,
|
|
344
349
|
static ngx_int_t
|
345
350
|
ngx_http_auth_basic_set_realm(ngx_http_request_t *r, ngx_str_t *realm)
|
346
351
|
{
|
352
|
+
size_t len;
|
353
|
+
u_char *basic, *p;
|
354
|
+
|
347
355
|
r->headers_out.www_authenticate = ngx_list_push(&r->headers_out.headers);
|
348
356
|
if (r->headers_out.www_authenticate == NULL) {
|
349
357
|
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
350
358
|
}
|
351
359
|
|
360
|
+
len = sizeof("Basic realm=\"\"") - 1 + realm->len;
|
361
|
+
|
362
|
+
basic = ngx_pnalloc(r->pool, len);
|
363
|
+
if (basic == NULL) {
|
364
|
+
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
365
|
+
}
|
366
|
+
|
367
|
+
p = ngx_cpymem(basic, "Basic realm=\"", sizeof("Basic realm=\"") - 1);
|
368
|
+
p = ngx_cpymem(p, realm->data, realm->len);
|
369
|
+
*p = '"';
|
370
|
+
|
352
371
|
r->headers_out.www_authenticate->hash = 1;
|
353
372
|
ngx_str_set(&r->headers_out.www_authenticate->key, "WWW-Authenticate");
|
354
|
-
r->headers_out.www_authenticate->value =
|
373
|
+
r->headers_out.www_authenticate->value.data = basic;
|
374
|
+
r->headers_out.www_authenticate->value.len = len;
|
355
375
|
|
356
376
|
return NGX_HTTP_UNAUTHORIZED;
|
357
377
|
}
|
@@ -386,11 +406,11 @@ ngx_http_auth_basic_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
|
|
386
406
|
ngx_http_auth_basic_loc_conf_t *prev = parent;
|
387
407
|
ngx_http_auth_basic_loc_conf_t *conf = child;
|
388
408
|
|
389
|
-
if (conf->realm
|
409
|
+
if (conf->realm == NULL) {
|
390
410
|
conf->realm = prev->realm;
|
391
411
|
}
|
392
412
|
|
393
|
-
if (conf->user_file.value.
|
413
|
+
if (conf->user_file.value.data == NULL) {
|
394
414
|
conf->user_file = prev->user_file;
|
395
415
|
}
|
396
416
|
|
@@ -417,37 +437,6 @@ ngx_http_auth_basic_init(ngx_conf_t *cf)
|
|
417
437
|
}
|
418
438
|
|
419
439
|
|
420
|
-
static char *
|
421
|
-
ngx_http_auth_basic(ngx_conf_t *cf, void *post, void *data)
|
422
|
-
{
|
423
|
-
ngx_str_t *realm = data;
|
424
|
-
|
425
|
-
size_t len;
|
426
|
-
u_char *basic, *p;
|
427
|
-
|
428
|
-
if (ngx_strcmp(realm->data, "off") == 0) {
|
429
|
-
ngx_str_set(realm, "");
|
430
|
-
return NGX_CONF_OK;
|
431
|
-
}
|
432
|
-
|
433
|
-
len = sizeof("Basic realm=\"") - 1 + realm->len + 1;
|
434
|
-
|
435
|
-
basic = ngx_pnalloc(cf->pool, len);
|
436
|
-
if (basic == NULL) {
|
437
|
-
return NGX_CONF_ERROR;
|
438
|
-
}
|
439
|
-
|
440
|
-
p = ngx_cpymem(basic, "Basic realm=\"", sizeof("Basic realm=\"") - 1);
|
441
|
-
p = ngx_cpymem(p, realm->data, realm->len);
|
442
|
-
*p = '"';
|
443
|
-
|
444
|
-
realm->len = len;
|
445
|
-
realm->data = basic;
|
446
|
-
|
447
|
-
return NGX_CONF_OK;
|
448
|
-
}
|
449
|
-
|
450
|
-
|
451
440
|
static char *
|
452
441
|
ngx_http_auth_basic_user_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
453
442
|
{
|
@@ -456,7 +445,7 @@ ngx_http_auth_basic_user_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|
456
445
|
ngx_str_t *value;
|
457
446
|
ngx_http_compile_complex_value_t ccv;
|
458
447
|
|
459
|
-
if (alcf->user_file.value.
|
448
|
+
if (alcf->user_file.value.data) {
|
460
449
|
return "is duplicate";
|
461
450
|
}
|
462
451
|
|