On Tue, 30 Aug 2005, Igor Sysoev wrote:
Игорь, а как на счет записи в лог имени пользователя, который
авторизуется на апаче?
Это я забыл сделать :) К следующей версии будет.
Вот патч, который выставляет переменную $remote_user независимо от того,
используется аутентификация в nginx или нет.
Игорь Сысоев
------------------------------------------------------------------------
--- src/http/modules/ngx_http_auth_basic_module.c Sat Apr 30 13:50:11 2005
+++ src/http/modules/ngx_http_auth_basic_module.c Tue Aug 30 15:47:09 2005
@@ -90,8 +90,9 @@
off_t offset;
ssize_t n;
ngx_fd_t fd;
- ngx_str_t auth, encoded, pwd;
- ngx_uint_t i, login, len, left, passwd;
+ ngx_int_t rc;
+ ngx_str_t pwd;
+ ngx_uint_t i, login, left, passwd;
ngx_file_t file;
ngx_http_auth_basic_ctx_t *ctx;
ngx_http_auth_basic_loc_conf_t *alcf;
@@ -115,57 +116,16 @@
&alcf->realm);
}
- if (r->headers_in.authorization == NULL) {
- return ngx_http_auth_basic_set_realm(r, &alcf->realm);
- }
-
- encoded = r->headers_in.authorization->value;
+ rc = ngx_http_auth_basic_user(r);
- if (encoded.len < sizeof("Basic ") - 1
- || ngx_strncasecmp(encoded.data, "Basic ", sizeof("Basic ") - 1) != 0)
- {
+ if (rc == NGX_DECLINED) {
return ngx_http_auth_basic_set_realm(r, &alcf->realm);
}
- encoded.len -= sizeof("Basic ") - 1;
- encoded.data += sizeof("Basic ") - 1;
-
- while (encoded.len && encoded.data[0] == ' ') {
- encoded.len--;
- encoded.data++;
- }
-
- if (encoded.len == 0) {
- return ngx_http_auth_basic_set_realm(r, &alcf->realm);
- }
-
- auth.len = ngx_base64_decoded_length(encoded.len);
- auth.data = ngx_palloc(r->pool, auth.len + 1);
- if (auth.data == NULL) {
+ if (rc == NGX_ERROR) {
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
- if (ngx_decode_base64(&auth, &encoded) != NGX_OK) {
- return ngx_http_auth_basic_set_realm(r, &alcf->realm);
- }
-
- auth.data[auth.len] = '\0';
-
- for (len = 0; len < auth.len; len++) {
- if (auth.data[len] == ':') {
- break;
- }
- }
-
- if (len == auth.len) {
- return ngx_http_auth_basic_set_realm(r, &alcf->realm);
- }
-
- r->headers_in.user.len = len;
- r->headers_in.user.data = auth.data;
- r->headers_in.passwd.len = auth.len - len - 1;
- r->headers_in.passwd.data = &auth.data[len + 1];
-
fd = ngx_open_file(alcf->user_file.data, NGX_FILE_RDONLY, NGX_FILE_OPEN);
if (fd == NGX_INVALID_FILE) {
@@ -208,12 +168,12 @@
break;
}
- if (buf[i] != auth.data[login]) {
+ if (buf[i] != r->headers_in.user.data[login]) {
state = sw_skip;
break;
}
- if (login == len) {
+ if (login == r->headers_in.user.len) {
state = sw_passwd;
passwd = i + 1;
}
--- src/http/ngx_http_core_module.c Tue Aug 23 18:51:33 2005
+++ src/http/ngx_http_core_module.c Tue Aug 30 15:40:20 2005
@@ -931,6 +931,76 @@
ngx_int_t
+ngx_http_auth_basic_user(ngx_http_request_t *r)
+{
+ ngx_str_t auth, encoded;
+ ngx_uint_t len;
+
+ if (r->headers_in.user.len == 0 && r->headers_in.user.data != NULL) {
+ return NGX_DECLINED;
+ }
+
+ if (r->headers_in.authorization == NULL) {
+ r->headers_in.user.data = (u_char *) "";
+ return NGX_DECLINED;
+ }
+
+ encoded = r->headers_in.authorization->value;
+
+ if (encoded.len < sizeof("Basic ") - 1
+ || ngx_strncasecmp(encoded.data, "Basic ", sizeof("Basic ") - 1) != 0)
+ {
+ r->headers_in.user.data = (u_char *) "";
+ return NGX_DECLINED;
+ }
+
+ encoded.len -= sizeof("Basic ") - 1;
+ encoded.data += sizeof("Basic ") - 1;
+
+ while (encoded.len && encoded.data[0] == ' ') {
+ encoded.len--;
+ encoded.data++;
+ }
+
+ if (encoded.len == 0) {
+ r->headers_in.user.data = (u_char *) "";
+ return NGX_DECLINED;
+ }
+
+ auth.len = ngx_base64_decoded_length(encoded.len);
+ auth.data = ngx_palloc(r->pool, auth.len + 1);
+ if (auth.data == NULL) {
+ return NGX_ERROR;
+ }
+
+ if (ngx_decode_base64(&auth, &encoded) != NGX_OK) {
+ r->headers_in.user.data = (u_char *) "";
+ return NGX_DECLINED;
+ }
+
+ auth.data[auth.len] = '\0';
+
+ for (len = 0; len < auth.len; len++) {
+ if (auth.data[len] == ':') {
+ break;
+ }
+ }
+
+ if (len == auth.len) {
+ r->headers_in.user.data = (u_char *) "";
+ return NGX_DECLINED;
+ }
+
+ r->headers_in.user.len = len;
+ r->headers_in.user.data = auth.data;
+ r->headers_in.passwd.len = auth.len - len - 1;
+ r->headers_in.passwd.data = &auth.data[len + 1];
+
+ return NGX_OK;
+}
+
+
+ngx_int_t
ngx_http_subrequest(ngx_http_request_t *r,
ngx_str_t *uri, ngx_str_t *args)
{
--- src/http/ngx_http_core_module.h Fri Jul 8 13:49:04 2005
+++ src/http/ngx_http_core_module.h Tue Aug 30 15:30:10 2005
@@ -252,6 +252,7 @@
ngx_int_t ngx_http_set_content_type(ngx_http_request_t *r);
ngx_int_t ngx_http_set_exten(ngx_http_request_t *r);
+ngx_int_t ngx_http_auth_basic_user(ngx_http_request_t *r);
ngx_int_t ngx_http_subrequest(ngx_http_request_t *r,
ngx_str_t *uri, ngx_str_t *args);
--- src/http/ngx_http_variables.c Tue Aug 30 15:18:56 2005
+++ src/http/ngx_http_variables.c Tue Aug 30 15:46:53 2005
@@ -32,6 +32,8 @@
ngx_http_variable_document_root(ngx_http_request_t *r, uintptr_t data);
static ngx_http_variable_value_t *
ngx_http_variable_request_filename(ngx_http_request_t *r, uintptr_t data);
+static ngx_http_variable_value_t *
+ ngx_http_variable_remote_user(ngx_http_request_t *r, uintptr_t data);
/*
@@ -108,8 +110,7 @@
{ ngx_string("request_method"), ngx_http_variable_request,
offsetof(ngx_http_request_t, method_name), 0, 0 },
- { ngx_string("remote_user"), ngx_http_variable_request,
- offsetof(ngx_http_request_t, headers_in.user), 0, 0 },
+ { ngx_string("remote_user"), ngx_http_variable_remote_user, 0, 0, 0 },
{ ngx_null_string, NULL, 0, 0, 0 }
};
@@ -652,6 +653,34 @@
ngx_memcpy(p, r->uri.data + clcf->name.len,
r->uri.len + 1 - clcf->name.len);
}
+
+ return vv;
+}
+
+
+static ngx_http_variable_value_t *
+ngx_http_variable_remote_user(ngx_http_request_t *r, uintptr_t data)
+{
+ ngx_int_t rc;
+ ngx_http_variable_value_t *vv;
+
+ rc = ngx_http_auth_basic_user(r);
+
+ if (rc == NGX_DECLINED) {
+ return NGX_HTTP_VAR_NOT_FOUND;
+ }
+
+ if (rc == NGX_ERROR) {
+ return NULL;
+ }
+
+ vv = ngx_palloc(r->pool, sizeof(ngx_http_variable_value_t));
+ if (vv == NULL) {
+ return NULL;
+ }
+
+ vv->value = 0;
+ vv->text = r->headers_in.user;
return vv;
}
