nginxtra 1.4.7.9 → 1.6.0.9

data/vendor/nginx/src/http/modules/ngx_http_auth_basic_module.c

@@ -137,7 +137,7 @@ ngx_http_auth_basic_handler(ngx_http_request_t *r)
 
     if (rc == NGX_DECLINED) {
 
-        ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+        ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
                       "no user/password was provided for basic authentication");
 
         return ngx_http_auth_basic_set_realm(r, &realm);

data/vendor/nginx/src/http/modules/ngx_http_auth_request_module.c

@@ -0,0 +1,444 @@
+
+/*
+ * Copyright (C) Maxim Dounin
+ * Copyright (C) Nginx, Inc.
+ */
+
+
+#include <ngx_config.h>
+#include <ngx_core.h>
+#include <ngx_http.h>
+
+
+typedef struct {
+    ngx_str_t                 uri;
+    ngx_array_t              *vars;
+} ngx_http_auth_request_conf_t;
+
+
+typedef struct {
+    ngx_uint_t                done;
+    ngx_uint_t                status;
+    ngx_http_request_t       *subrequest;
+} ngx_http_auth_request_ctx_t;
+
+
+typedef struct {
+    ngx_int_t                 index;
+    ngx_http_complex_value_t  value;
+    ngx_http_set_variable_pt  set_handler;
+} ngx_http_auth_request_variable_t;
+
+
+static ngx_int_t ngx_http_auth_request_handler(ngx_http_request_t *r);
+static ngx_int_t ngx_http_auth_request_done(ngx_http_request_t *r,
+    void *data, ngx_int_t rc);
+static ngx_int_t ngx_http_auth_request_set_variables(ngx_http_request_t *r,
+    ngx_http_auth_request_conf_t *arcf, ngx_http_auth_request_ctx_t *ctx);
+static ngx_int_t ngx_http_auth_request_variable(ngx_http_request_t *r,
+    ngx_http_variable_value_t *v, uintptr_t data);
+static void *ngx_http_auth_request_create_conf(ngx_conf_t *cf);
+static char *ngx_http_auth_request_merge_conf(ngx_conf_t *cf,
+    void *parent, void *child);
+static ngx_int_t ngx_http_auth_request_init(ngx_conf_t *cf);
+static char *ngx_http_auth_request(ngx_conf_t *cf, ngx_command_t *cmd,
+    void *conf);
+static char *ngx_http_auth_request_set(ngx_conf_t *cf, ngx_command_t *cmd,
+    void *conf);
+
+
+static ngx_command_t  ngx_http_auth_request_commands[] = {
+
+    { ngx_string("auth_request"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+      ngx_http_auth_request,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      0,
+      NULL },
+
+    { ngx_string("auth_request_set"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE2,
+      ngx_http_auth_request_set,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      0,
+      NULL },
+
+      ngx_null_command
+};
+
+
+static ngx_http_module_t  ngx_http_auth_request_module_ctx = {
+    NULL,                                  /* preconfiguration */
+    ngx_http_auth_request_init,            /* postconfiguration */
+
+    NULL,                                  /* create main configuration */
+    NULL,                                  /* init main configuration */
+
+    NULL,                                  /* create server configuration */
+    NULL,                                  /* merge server configuration */
+
+    ngx_http_auth_request_create_conf,     /* create location configuration */
+    ngx_http_auth_request_merge_conf       /* merge location configuration */
+};
+
+
+ngx_module_t  ngx_http_auth_request_module = {
+    NGX_MODULE_V1,
+    &ngx_http_auth_request_module_ctx,     /* module context */
+    ngx_http_auth_request_commands,        /* module directives */
+    NGX_HTTP_MODULE,                       /* module type */
+    NULL,                                  /* init master */
+    NULL,                                  /* init module */
+    NULL,                                  /* init process */
+    NULL,                                  /* init thread */
+    NULL,                                  /* exit thread */
+    NULL,                                  /* exit process */
+    NULL,                                  /* exit master */
+    NGX_MODULE_V1_PADDING
+};
+
+
+static ngx_int_t
+ngx_http_auth_request_handler(ngx_http_request_t *r)
+{
+    ngx_table_elt_t               *h, *ho;
+    ngx_http_request_t            *sr;
+    ngx_http_post_subrequest_t    *ps;
+    ngx_http_auth_request_ctx_t   *ctx;
+    ngx_http_auth_request_conf_t  *arcf;
+
+    arcf = ngx_http_get_module_loc_conf(r, ngx_http_auth_request_module);
+
+    if (arcf->uri.len == 0) {
+        return NGX_DECLINED;
+    }
+
+    ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                   "auth request handler");
+
+    ctx = ngx_http_get_module_ctx(r, ngx_http_auth_request_module);
+
+    if (ctx != NULL) {
+        if (!ctx->done) {
+            return NGX_AGAIN;
+        }
+
+        /*
+         * as soon as we are done - explicitly set variables to make
+         * sure they will be available after internal redirects
+         */
+
+        if (ngx_http_auth_request_set_variables(r, arcf, ctx) != NGX_OK) {
+            return NGX_ERROR;
+        }
+
+        /* return appropriate status */
+
+        if (ctx->status == NGX_HTTP_FORBIDDEN) {
+            return ctx->status;
+        }
+
+        if (ctx->status == NGX_HTTP_UNAUTHORIZED) {
+            sr = ctx->subrequest;
+
+            h = sr->headers_out.www_authenticate;
+
+            if (!h && sr->upstream) {
+                h = sr->upstream->headers_in.www_authenticate;
+            }
+
+            if (h) {
+                ho = ngx_list_push(&r->headers_out.headers);
+                if (ho == NULL) {
+                    return NGX_ERROR;
+                }
+
+                *ho = *h;
+
+                r->headers_out.www_authenticate = ho;
+            }
+
+            return ctx->status;
+        }
+
+        if (ctx->status >= NGX_HTTP_OK
+            && ctx->status < NGX_HTTP_SPECIAL_RESPONSE)
+        {
+            return NGX_OK;
+        }
+
+        ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+                      "auth request unexpected status: %d", ctx->status);
+
+        return NGX_HTTP_INTERNAL_SERVER_ERROR;
+    }
+
+    ctx = ngx_pcalloc(r->pool, sizeof(ngx_http_auth_request_ctx_t));
+    if (ctx == NULL) {
+        return NGX_ERROR;
+    }
+
+    ps = ngx_palloc(r->pool, sizeof(ngx_http_post_subrequest_t));
+    if (ps == NULL) {
+        return NGX_ERROR;
+    }
+
+    ps->handler = ngx_http_auth_request_done;
+    ps->data = ctx;
+
+    if (ngx_http_subrequest(r, &arcf->uri, NULL, &sr, ps,
+                            NGX_HTTP_SUBREQUEST_WAITED)
+        != NGX_OK)
+    {
+        return NGX_ERROR;
+    }
+
+    /*
+     * allocate fake request body to avoid attempts to read it and to make
+     * sure real body file (if already read) won't be closed by upstream
+     */
+
+    sr->request_body = ngx_pcalloc(r->pool, sizeof(ngx_http_request_body_t));
+    if (sr->request_body == NULL) {
+        return NGX_ERROR;
+    }
+
+    sr->header_only = 1;
+
+    ctx->subrequest = sr;
+
+    ngx_http_set_ctx(r, ctx, ngx_http_auth_request_module);
+
+    return NGX_AGAIN;
+}
+
+
+static ngx_int_t
+ngx_http_auth_request_done(ngx_http_request_t *r, void *data, ngx_int_t rc)
+{
+    ngx_http_auth_request_ctx_t   *ctx = data;
+
+    ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                   "auth request done s:%d", r->headers_out.status);
+
+    ctx->done = 1;
+    ctx->status = r->headers_out.status;
+
+    return rc;
+}
+
+
+static ngx_int_t
+ngx_http_auth_request_set_variables(ngx_http_request_t *r,
+    ngx_http_auth_request_conf_t *arcf, ngx_http_auth_request_ctx_t *ctx)
+{
+    ngx_str_t                          val;
+    ngx_http_variable_t               *v;
+    ngx_http_variable_value_t         *vv;
+    ngx_http_auth_request_variable_t  *av, *last;
+    ngx_http_core_main_conf_t         *cmcf;
+
+    ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                   "auth request set variables");
+
+    if (arcf->vars == NULL) {
+        return NGX_OK;
+    }
+
+    cmcf = ngx_http_get_module_main_conf(r, ngx_http_core_module);
+    v = cmcf->variables.elts;
+
+    av = arcf->vars->elts;
+    last = av + arcf->vars->nelts;
+
+    while (av < last) {
+        /*
+         * explicitly set new value to make sure it will be available after
+         * internal redirects
+         */
+
+        vv = &r->variables[av->index];
+
+        if (ngx_http_complex_value(ctx->subrequest, &av->value, &val)
+            != NGX_OK)
+        {
+            return NGX_ERROR;
+        }
+
+        vv->valid = 1;
+        vv->not_found = 0;
+        vv->data = val.data;
+        vv->len = val.len;
+
+        if (av->set_handler) {
+            /*
+             * set_handler only available in cmcf->variables_keys, so we store
+             * it explicitly
+             */
+
+            av->set_handler(r, vv, v[av->index].data);
+        }
+
+        av++;
+    }
+
+    return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_http_auth_request_variable(ngx_http_request_t *r,
+    ngx_http_variable_value_t *v, uintptr_t data)
+{
+    ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                   "auth request variable");
+
+    v->not_found = 1;
+
+    return NGX_OK;
+}
+
+
+static void *
+ngx_http_auth_request_create_conf(ngx_conf_t *cf)
+{
+    ngx_http_auth_request_conf_t  *conf;
+
+    conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_auth_request_conf_t));
+    if (conf == NULL) {
+        return NULL;
+    }
+
+    /*
+     * set by ngx_pcalloc():
+     *
+     *     conf->uri = { 0, NULL };
+     */
+
+    conf->vars = NGX_CONF_UNSET_PTR;
+
+    return conf;
+}
+
+
+static char *
+ngx_http_auth_request_merge_conf(ngx_conf_t *cf, void *parent, void *child)
+{
+    ngx_http_auth_request_conf_t *prev = parent;
+    ngx_http_auth_request_conf_t *conf = child;
+
+    ngx_conf_merge_str_value(conf->uri, prev->uri, "");
+    ngx_conf_merge_ptr_value(conf->vars, prev->vars, NULL);
+
+    return NGX_CONF_OK;
+}
+
+
+static ngx_int_t
+ngx_http_auth_request_init(ngx_conf_t *cf)
+{
+    ngx_http_handler_pt        *h;
+    ngx_http_core_main_conf_t  *cmcf;
+
+    cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
+
+    h = ngx_array_push(&cmcf->phases[NGX_HTTP_ACCESS_PHASE].handlers);
+    if (h == NULL) {
+        return NGX_ERROR;
+    }
+
+    *h = ngx_http_auth_request_handler;
+
+    return NGX_OK;
+}
+
+
+static char *
+ngx_http_auth_request(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+    ngx_http_auth_request_conf_t *arcf = conf;
+
+    ngx_str_t        *value;
+
+    if (arcf->uri.data != NULL) {
+        return "is duplicate";
+    }
+
+    value = cf->args->elts;
+
+    if (ngx_strcmp(value[1].data, "off") == 0) {
+        arcf->uri.len = 0;
+        arcf->uri.data = (u_char *) "";
+
+        return NGX_CONF_OK;
+    }
+
+    arcf->uri = value[1];
+
+    return NGX_CONF_OK;
+}
+
+
+static char *
+ngx_http_auth_request_set(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+    ngx_http_auth_request_conf_t *arcf = conf;
+
+    ngx_str_t                         *value;
+    ngx_http_variable_t               *v;
+    ngx_http_auth_request_variable_t  *av;
+    ngx_http_compile_complex_value_t   ccv;
+
+    value = cf->args->elts;
+
+    if (value[1].data[0] != '$') {
+        ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                           "invalid variable name \"%V\"", &value[1]);
+        return NGX_CONF_ERROR;
+    }
+
+    value[1].len--;
+    value[1].data++;
+
+    if (arcf->vars == NGX_CONF_UNSET_PTR) {
+        arcf->vars = ngx_array_create(cf->pool, 1,
+                                      sizeof(ngx_http_auth_request_variable_t));
+        if (arcf->vars == NULL) {
+            return NGX_CONF_ERROR;
+        }
+    }
+
+    av = ngx_array_push(arcf->vars);
+    if (av == NULL) {
+        return NGX_CONF_ERROR;
+    }
+
+    v = ngx_http_add_variable(cf, &value[1], NGX_HTTP_VAR_CHANGEABLE);
+    if (v == NULL) {
+        return NGX_CONF_ERROR;
+    }
+
+    av->index = ngx_http_get_variable_index(cf, &value[1]);
+    if (av->index == NGX_ERROR) {
+        return NGX_CONF_ERROR;
+    }
+
+    if (v->get_handler == NULL) {
+        v->get_handler = ngx_http_auth_request_variable;
+        v->data = (uintptr_t) av;
+    }
+
+    av->set_handler = v->set_handler;
+
+    ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t));
+
+    ccv.cf = cf;
+    ccv.value = &value[2];
+    ccv.complex_value = &av->value;
+
+    if (ngx_http_compile_complex_value(&ccv) != NGX_OK) {
+        return NGX_CONF_ERROR;
+    }
+
+    return NGX_CONF_OK;
+}