ngx_int_t
ngx_mail_auth_login_username(ngx_mail_session_t *s, ngx_connection_t *c,
    ngx_uint_t n)
{
    ngx_str_t  *arg;

    arg = s->args.elts;

    ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
                   "mail auth login username: \"%V\"", &arg[n]);

    s->login.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[n].len));
    if (s->login.data == NULL){
        return NGX_ERROR;
    }

    if (ngx_decode_base64(&s->login, &arg[n]) != NGX_OK) {
        ngx_log_error(NGX_LOG_INFO, c->log, 0,
            "client sent invalid base64 encoding in AUTH LOGIN command");
        return NGX_MAIL_PARSE_INVALID_COMMAND;
    }

    ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
                   "mail auth login username: \"%V\"", &s->login);

    return NGX_OK;
}
ngx_int_t
ngx_mail_auth_login_password(ngx_mail_session_t *s, ngx_connection_t *c)
{
    ngx_str_t  *arg;

    arg = s->args.elts;

#if (NGX_DEBUG_MAIL_PASSWD)
    ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
                   "mail auth login password: \"%V\"", &arg[0]);
#endif

    s->passwd.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[0].len));
    if (s->passwd.data == NULL){
        return NGX_ERROR;
    }

    if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) {
        ngx_log_error(NGX_LOG_INFO, c->log, 0,
            "client sent invalid base64 encoding in AUTH LOGIN command");
        return NGX_MAIL_PARSE_INVALID_COMMAND;
    }

#if (NGX_DEBUG_MAIL_PASSWD)
    ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
                   "mail auth login password: \"%V\"", &s->passwd);
#endif

    return NGX_DONE;
}
Esempio n. 3
0
int main(int argc, char* argv[]) {
    /* str to lower */
    ngx_str_t str = ngx_string("Hello World!");
    u_char* strlow = (u_char*)malloc(str.len);
    ngx_strlow(strlow, str.data, str.len);
    fprintf(stdout, "strlow %.*s\n", str.len, strlow);
    free(strlow);

    /* base64 encode and decode */
    ngx_str_t raw_str = ngx_string("123abc"); 
    ngx_str_t base64_encoded_str = ngx_null_string; 
    ngx_str_t base64_decoded_str = ngx_null_string;

    base64_encoded_str.len = ngx_base64_encoded_length(raw_str.len);
    base64_encoded_str.data = (u_char*)malloc(base64_encoded_str.len);
    ngx_encode_base64(&base64_encoded_str, &raw_str);
    fprintf(stdout, "%.*s\n", base64_encoded_str.len, base64_encoded_str.data);

    base64_decoded_str.len = ngx_base64_decoded_length(base64_encoded_str.len);
    base64_decoded_str.data = (u_char*)malloc(base64_decoded_str.len);
    ngx_decode_base64(&base64_decoded_str, &base64_encoded_str);
    fprintf(stdout, "%.*s\n", base64_decoded_str.len, base64_decoded_str.data);
    free(base64_encoded_str.data);
    free(base64_decoded_str.data);

    return 0;
}
static int
ngx_http_lua_ngx_decode_base64(lua_State *L)
{
    ngx_str_t                p, src;

    if (lua_gettop(L) != 1) {
        return luaL_error(L, "expecting one argument");
    }

    if (lua_isnil(L, 1)) {
        src.data = (u_char *) "";
        src.len = 0;

    } else {
        src.data = (u_char *) luaL_checklstring(L, 1, &src.len);
    }

    p.len = ngx_base64_decoded_length(src.len);

    p.data = lua_newuserdata(L, p.len);

    if (ngx_decode_base64(&p, &src) == NGX_OK) {
        lua_pushlstring(L, (char *) p.data, p.len);

    } else {
        lua_pushnil(L);
    }

    return 1;
}
static char *
ngx_http_aws_auth_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
{
    ngx_http_aws_auth_conf_t *prev = parent;
    ngx_http_aws_auth_conf_t *conf = child;

    ngx_conf_merge_str_value(conf->access_key, prev->access_key, "");
    ngx_conf_merge_str_value(conf->key_scope, prev->key_scope, "");
    ngx_conf_merge_str_value(conf->signing_key, prev->signing_key, "");
    ngx_conf_merge_str_value(conf->endpoint, prev->endpoint, "s3.amazonaws.com");
    ngx_conf_merge_str_value(conf->bucket_name, prev->bucket_name, "");

    if(conf->signing_key_decoded.data == NULL)
    {
        conf->signing_key_decoded.data = ngx_pcalloc(cf->pool, 100);
        if(conf->signing_key_decoded.data == NULL)
        {
            return NGX_CONF_ERROR;
        }
    }

    if(conf->signing_key.len > 64) {
        return NGX_CONF_ERROR;
    } else {
        ngx_decode_base64(&conf->signing_key_decoded, &conf->signing_key);
    }

    return NGX_CONF_OK;
}
Esempio n. 6
0
ngx_int_t
oc_smtp_cmd_auth_plain(oc_smtp_session_t *s, ngx_connection_t *c, ngx_uint_t n)
{
	u_char	   *p, *last;
	ngx_str_t  *arg, plain;

	arg = s->args.elts;

#if (NGX_DEBUG_MAIL_PASSWD)
	ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
				"mail auth plain: \"%V\"", &arg[n]);
#endif

	plain.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[n].len));
	if (plain.data == NULL) {
		return NGX_ERROR;
	}

	if (ngx_decode_base64(&plain, &arg[n]) != NGX_OK) {
		ngx_log_error(NGX_LOG_INFO, c->log, 0,
					"client sent invalid base64 encoding in AUTH PLAIN command");
		return OC_SMTP_PARSE_INVALID_COMMAND;
	}

	p = plain.data;
	last = p + plain.len;

	while (p < last && *p++) { /* void */ }

	if (p == last) {
		ngx_log_error(NGX_LOG_INFO, c->log, 0,
					"client sent invalid login in AUTH PLAIN command");
		return OC_SMTP_PARSE_INVALID_COMMAND;
	}

	s->login.data = p;

	while (p < last && *p) { p++; }

	if (p == last) {
		ngx_log_error(NGX_LOG_INFO, c->log, 0,
					"client sent invalid password in AUTH PLAIN command");
		return OC_SMTP_PARSE_INVALID_COMMAND;
	}

	s->login.len = p++ - s->login.data;

	s->passwd.len = last - p;
	s->passwd.data = p;

#if (NGX_DEBUG_MAIL_PASSWD)
	ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
				"mail auth plain: \"%V\" \"%V\"", &s->login, &s->passwd);
#endif

	return NGX_DONE;

}
Esempio n. 7
0
    ngx_int_t
ngx_http_auth_spnego_token(
        ngx_http_request_t *r,
        ngx_http_auth_spnego_ctx_t *ctx)
{
    ngx_str_t token;
    ngx_str_t decoded;
    size_t nego_sz = sizeof("Negotiate");

    if (NULL == r->headers_in.authorization) {
        return NGX_DECLINED;
    }

    /* but don't decode second time? */
    if (ctx->token.len)
        return NGX_OK;

    token = r->headers_in.authorization->value;

    if (token.len < nego_sz ||
            ngx_strncasecmp(token.data, (u_char *) "Negotiate ", nego_sz) != 0) {
        if (ngx_strncasecmp(
                    token.data, (u_char *) "NTLM", sizeof("NTLM")) == 0) {
            spnego_log_error("Detected unsupported mechanism: NTLM");
        }
        return NGX_DECLINED;
    }

    token.len -= nego_sz;
    token.data += nego_sz;

    while (token.len && token.data[0] == ' ') {
        token.len--;
        token.data++;
    }

    if (token.len == 0) {
        return NGX_DECLINED;
    }

    decoded.len = ngx_base64_decoded_length(token.len);
    decoded.data = ngx_pnalloc(r->pool, decoded.len);
    if (NULL == decoded.data) {
        return NGX_ERROR;
    }

    if (ngx_decode_base64(&decoded, &token) != NGX_OK) {
        return NGX_DECLINED;
    }

    ctx->token.len = decoded.len;
    ctx->token.data = decoded.data;
    spnego_debug2("Token decoded: %*s", token.len, token.data);

    return NGX_OK;
}
Esempio n. 8
0
ngx_int_t
oc_smtp_cmd_auth_cram_md5(oc_smtp_session_t *s, ngx_connection_t *c)
{
	u_char	   *p, *last;
	ngx_str_t  *arg;

	arg = s->args.elts;

	ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
				"mail auth cram-md5: \"%V\"", &arg[0]);

	s->login.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[0].len));
	if (s->login.data == NULL) {
		return NGX_ERROR;
	}

	if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
		ngx_log_error(NGX_LOG_INFO, c->log, 0,
					"client sent invalid base64 encoding in AUTH CRAM-MD5 command");
		return OC_SMTP_PARSE_INVALID_COMMAND;
	}

	p = s->login.data;
	last = p + s->login.len;

	while (p < last) {
		if (*p++ == ' ') {
			s->login.len = p - s->login.data - 1;
			s->passwd.len = last - p;
			s->passwd.data = p;
			break;
		}
	}

	if (s->passwd.len != 32) {
		ngx_log_error(NGX_LOG_INFO, c->log, 0,
					"client sent invalid CRAM-MD5 hash in AUTH CRAM-MD5 command");
		return OC_SMTP_PARSE_INVALID_COMMAND;
	}

	ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
				"mail auth cram-md5: \"%V\" \"%V\"", &s->login, &s->passwd);

	s->auth_method = OC_SMTP_AUTH_CRAM_MD5;

	return NGX_DONE;

}
Esempio n. 9
0
static int
ngx_http_lua_ngx_decode_base64(lua_State *L)
{
    ngx_http_request_t      *r;
    ngx_str_t                p, src;

    lua_pushlightuserdata(L, &ngx_http_lua_request_key);
    lua_rawget(L, LUA_GLOBALSINDEX);
    r = lua_touserdata(L, -1);
    lua_pop(L, 1);

    if (r == NULL) {
        return luaL_error(L, "no request object found");
    }

    if (lua_gettop(L) != 1) {
        return luaL_error(L, "expecting one argument");
    }

    if (strcmp(luaL_typename(L, 1), (char *) "nil") == 0) {
        src.data     = (u_char *) "";
        src.len      = 0;

    } else {
        src.data = (u_char *) luaL_checklstring(L, 1, &src.len);
    }

    p.len = ngx_base64_decoded_length(src.len);

    p.data = ngx_palloc(r->pool, p.len);
    if (p.data == NULL) {
        return NGX_ERROR;
    }

    if (ngx_decode_base64(&p, &src) == NGX_OK) {
        lua_pushlstring(L, (char *) p.data, p.len);

    } else {
        lua_pushnil(L);
    }

    ngx_pfree(r->pool, p.data);

    return 1;
}
int
ngx_http_lua_ffi_decode_base64(const u_char *src, size_t slen, u_char *dst,
    size_t *dlen)
{
    ngx_int_t      rc;
    ngx_str_t      in, out;

    in.data = (u_char *) src;
    in.len = slen;

    out.data = dst;

    rc = ngx_decode_base64(&out, &in);

    *dlen = out.len;

    return rc == NGX_OK;
}
static mrb_value ngx_http_mruby_base64_decode(mrb_state *mrb, mrb_value self)
{
    mrb_value mrb_src;
    ngx_str_t src, dst;

    mrb_get_args(mrb, "o", &mrb_src);
    mrb_src = mrb_obj_as_string(mrb, mrb_src);

    src.data = (u_char *)RSTRING_PTR(mrb_src);
    src.len  = RSTRING_LEN(mrb_src);

    dst.len  = ngx_base64_decoded_length(src.len);
    dst.data = mrb_malloc(mrb, dst.len + 1);

    if (ngx_decode_base64(&dst, &src) == NGX_ERROR) {
        return mrb_nil_value();
    }

    return mrb_str_new(mrb, (char *)dst.data, dst.len);
}
ngx_int_t
ngx_http_set_misc_set_decode_base64url(ngx_http_request_t *r, ngx_str_t *res,
    ngx_http_variable_value_t *v)
{
    ngx_str_t src;

    src.len = v->len;
    src.data = v->data;

    res->len = ngx_base64url_decoded_length(v->len);
    res->data = ngx_palloc(r->pool, res->len);
    if (res->data == NULL) {
        return NGX_ERROR;
    }

#if defined(nginx_version) && nginx_version >= 1005010
    if (ngx_decode_base64url(res, &src) != NGX_OK) {
        ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
                      "set_decode_base64url: invalid value");
        return NGX_ERROR;
    }
#else
    u_int i;
    for (i=0;i<src.len;i++) {
        switch (src.data[i]) {
            case '-': src.data[i]='+'; break;
            case '_': src.data[i]='/'; break;
        }
    }
    if (ngx_decode_base64(res, &src) != NGX_OK) {
        ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
                      "set_decode_base64url: invalid value");
        return NGX_ERROR;
    }
#endif

    return NGX_OK;
}
static ngx_int_t
ngx_http_secure_cookie_variable(ngx_http_request_t *r,
    ngx_http_variable_value_t *v, uintptr_t data)
{
    u_char                          hash_buf[16], md5_buf[16], time_buf[64];
    u_char                         *p, *last;
    ngx_str_t                       val, hash, time_dst, time_src;
    time_t                          expires;
    ngx_md5_t                       md5;
    ngx_http_secure_cookie_conf_t  *conf;

    conf = ngx_http_get_module_loc_conf(r, ngx_http_secure_cookie_module);

    if (conf->variable == NULL || conf->md5 == NULL) {
        goto not_found;
    }

    if (ngx_http_complex_value(r, conf->variable, &val) != NGX_OK) {
        return NGX_ERROR;
    }

    ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
                   "secure cookie: \"%V\"", &val);

    last = val.data + val.len;

    p = ngx_strlchr(val.data, last, ',');
    expires = 0;

    if (p) {
        val.len = p++ - val.data;

        time_src.data = p;
        time_src.len = last - p;

        if (time_src.len > 64) {
            goto not_found;
        }

        time_dst.data = time_buf;
        time_dst.len = 64;

        if (ngx_decode_base64(&time_dst, &time_src) != NGX_OK) {
            goto not_found;
        }

        ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
                "secure time: \"%V\"", &time_dst);

        expires = ngx_http_parse_time(time_dst.data, time_dst.len);
        if (expires <= 0) {
            goto not_found;
        }
    }

    if (val.len > 24) {
        goto not_found;
    }

    hash.len = 16;
    hash.data = hash_buf;

    if (ngx_decode_base64(&hash, &val) != NGX_OK) {
        goto not_found;
    }

    if (hash.len != 16) {
        goto not_found;
    }

    if (ngx_http_complex_value(r, conf->md5, &val) != NGX_OK) {
        return NGX_ERROR;
    }

    ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
                   "secure cookie md5: \"%V\"", &val);

    ngx_md5_init(&md5);
    ngx_md5_update(&md5, val.data, val.len);
    ngx_md5_final(md5_buf, &md5);

    if (ngx_memcmp(hash_buf, md5_buf, 16) != 0) {
        goto not_found;
    }

    v->data = (u_char *) ((expires && expires < ngx_time()) ? "0" : "1");
    v->len = 1;
    v->valid = 1;
    v->no_cacheable = 0;
    v->not_found = 0;

    return NGX_OK;

not_found:

    v->not_found = 1;

    return NGX_OK;
}
static ngx_int_t
ngx_rtmp_authen_http_response_decode(ngx_rtmp_session_t *s,
        ngx_rtmp_authen_ctx_t *ctx)
{
    ngx_http_request_t    r;
    ngx_str_t             val;
    u_char                val_buf[NGX_RTMP_AUTHEN_MAX_RESPONSE];
    u_char                status;

    ngx_log_debug1(NGX_LOG_DEBUG_RTMP, s->connection->log, 0,
            "connect (authen): response: %s", ctx->resp.data);

    val.len  = 0;
    val.data = val_buf;

    r.args.len  = ctx->resp.len;
    r.args.data = ctx->resp.data;

    ctx->conn_desc.len = 0;

    if (ngx_http_arg(&r, (u_char *)"desc", sizeof("desc") - 1, &val) == NGX_OK
            && val.len > 0) {

        ctx->conn_desc.len  = ngx_base64_decoded_length(val.len);
        ctx->conn_desc.data = ngx_pcalloc(s->connection->pool,
                ctx->conn_desc.len + 1);

        if (ctx->conn_desc.data != NULL &&
                ngx_decode_base64(&ctx->conn_desc, &val) == NGX_OK) {
            ngx_log_debug1(NGX_LOG_DEBUG_RTMP, s->connection->log, 0,
                    "connect (authen): description: %s", ctx->conn_desc.data);
        } else {
          ctx->conn_desc.len = 0;
        }
    }

    val.len = 0;
    if (ngx_http_arg(&r, (u_char *)"status", sizeof ("status") - 1,
            &val) != NGX_OK || val.len == 0) {
        return NGX_ERROR;
    } else {
        status = val.data[0];

        ctx->user.len = 0;
        val.len       = 0;

        if (ngx_http_arg(&r, (u_char *)"user", sizeof("user") - 1,
                &val) == NGX_OK && val.len > 0) {
            ctx->user.data = ngx_pcalloc(s->connection->pool, val.len + 1);

            if (ctx->user.data != NULL) {
                u_char *dst = ctx->user.data;

                ngx_unescape_uri(&dst, &val.data, val.len, 0);
                *dst = '\0';

                ctx->user.len = ngx_strlen(ctx->user.data);
            }
        }

        ctx->authmod.len = 0;
        val.len       = 0;

        if (ngx_http_arg(&r, (u_char *)"authmod", sizeof("authmod") - 1,
                &val) == NGX_OK && val.len > 0) {
            ctx->authmod.data = ngx_pcalloc(s->connection->pool, val.len + 1);

            if (ctx->authmod.data != NULL) {
                u_char *dst = ctx->authmod.data;

                ngx_unescape_uri(&dst, &val.data, val.len, 0);
                *dst = '\0';

                ctx->authmod.len = ngx_strlen(ctx->authmod.data);
            }
        }
    }

    switch (status) {
    /* Allow */
    case (u_char)'a':
    case (u_char)'A':
        if (ctx->user.len > 0) {
            ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
                    "connect (authen): Allow, user: %s", ctx->user.data);
        } else {
            ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
                    "connect (authen): Allow");
        }

        ctx->conn_status = NGX_RTMP_CONN_ALLOW;
        return NGX_OK;

    /* Reject */
    case (u_char)'r':
    case (u_char)'R':
        if (ctx->user.len > 0) {
            ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
                    "connect (authen): Reject, user: %s", ctx->user.data);
        } else {
            ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
                    "connect (authen): Reject");
        }

        if (ctx->conn_desc.len > 0) {
            ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
                    "connect (authen): Reject, reason: %s",
                    ctx->conn_desc.data);
        }

        ctx->conn_status = NGX_RTMP_CONN_REJECT;
        return NGX_OK;

    /* Deny */
    case (u_char)'d':
    case (u_char)'D':
    default:
        if (ctx->user.len > 0) {
            ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
                    "connect (authen): Deny, user: %s", ctx->user.data);
        } else {
            ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
                    "connect (authen): Deny");
        }

        ctx->conn_status = NGX_RTMP_CONN_DENY;
        return NGX_ERROR;
    }
}