ngx_int_t
ngx_mail_auth_login_username(ngx_mail_session_t *s, ngx_connection_t *c,
ngx_uint_t n)
{
ngx_str_t *arg;
arg = s->args.elts;
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"mail auth login username: \"%V\"", &arg[n]);
s->login.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[n].len));
if (s->login.data == NULL){
return NGX_ERROR;
}
if (ngx_decode_base64(&s->login, &arg[n]) != NGX_OK) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent invalid base64 encoding in AUTH LOGIN command");
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"mail auth login username: \"%V\"", &s->login);
return NGX_OK;
}
ngx_int_t
ngx_mail_auth_login_password(ngx_mail_session_t *s, ngx_connection_t *c)
{
ngx_str_t *arg;
arg = s->args.elts;
#if (NGX_DEBUG_MAIL_PASSWD)
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"mail auth login password: \"%V\"", &arg[0]);
#endif
s->passwd.data = ngx_palloc(c->pool, ngx_base64_decoded_length(arg[0].len));
if (s->passwd.data == NULL){
return NGX_ERROR;
}
if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent invalid base64 encoding in AUTH LOGIN command");
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
#if (NGX_DEBUG_MAIL_PASSWD)
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"mail auth login password: \"%V\"", &s->passwd);
#endif
return NGX_DONE;
}
int main(int argc, char* argv[]) {
/* str to lower */
ngx_str_t str = ngx_string("Hello World!");
u_char* strlow = (u_char*)malloc(str.len);
ngx_strlow(strlow, str.data, str.len);
fprintf(stdout, "strlow %.*s\n", str.len, strlow);
free(strlow);
/* base64 encode and decode */
ngx_str_t raw_str = ngx_string("123abc");
ngx_str_t base64_encoded_str = ngx_null_string;
ngx_str_t base64_decoded_str = ngx_null_string;
base64_encoded_str.len = ngx_base64_encoded_length(raw_str.len);
base64_encoded_str.data = (u_char*)malloc(base64_encoded_str.len);
ngx_encode_base64(&base64_encoded_str, &raw_str);
fprintf(stdout, "%.*s\n", base64_encoded_str.len, base64_encoded_str.data);
base64_decoded_str.len = ngx_base64_decoded_length(base64_encoded_str.len);
base64_decoded_str.data = (u_char*)malloc(base64_decoded_str.len);
ngx_decode_base64(&base64_decoded_str, &base64_encoded_str);
fprintf(stdout, "%.*s\n", base64_decoded_str.len, base64_decoded_str.data);
free(base64_encoded_str.data);
free(base64_decoded_str.data);
return 0;
}
static int
ngx_http_lua_ngx_decode_base64(lua_State *L)
{
ngx_str_t p, src;
if (lua_gettop(L) != 1) {
return luaL_error(L, "expecting one argument");
}
if (lua_isnil(L, 1)) {
src.data = (u_char *) "";
src.len = 0;
} else {
src.data = (u_char *) luaL_checklstring(L, 1, &src.len);
}
p.len = ngx_base64_decoded_length(src.len);
p.data = lua_newuserdata(L, p.len);
if (ngx_decode_base64(&p, &src) == NGX_OK) {
lua_pushlstring(L, (char *) p.data, p.len);
} else {
lua_pushnil(L);
}
return 1;
}
static char *
ngx_http_aws_auth_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
{
ngx_http_aws_auth_conf_t *prev = parent;
ngx_http_aws_auth_conf_t *conf = child;
ngx_conf_merge_str_value(conf->access_key, prev->access_key, "");
ngx_conf_merge_str_value(conf->key_scope, prev->key_scope, "");
ngx_conf_merge_str_value(conf->signing_key, prev->signing_key, "");
ngx_conf_merge_str_value(conf->endpoint, prev->endpoint, "s3.amazonaws.com");
ngx_conf_merge_str_value(conf->bucket_name, prev->bucket_name, "");
if(conf->signing_key_decoded.data == NULL)
{
conf->signing_key_decoded.data = ngx_pcalloc(cf->pool, 100);
if(conf->signing_key_decoded.data == NULL)
{
return NGX_CONF_ERROR;
}
}
if(conf->signing_key.len > 64) {
return NGX_CONF_ERROR;
} else {
ngx_decode_base64(&conf->signing_key_decoded, &conf->signing_key);
}
return NGX_CONF_OK;
}
ngx_int_t
oc_smtp_cmd_auth_plain(oc_smtp_session_t *s, ngx_connection_t *c, ngx_uint_t n)
{
u_char *p, *last;
ngx_str_t *arg, plain;
arg = s->args.elts;
#if (NGX_DEBUG_MAIL_PASSWD)
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"mail auth plain: \"%V\"", &arg[n]);
#endif
plain.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[n].len));
if (plain.data == NULL) {
return NGX_ERROR;
}
if (ngx_decode_base64(&plain, &arg[n]) != NGX_OK) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent invalid base64 encoding in AUTH PLAIN command");
return OC_SMTP_PARSE_INVALID_COMMAND;
}
p = plain.data;
last = p + plain.len;
while (p < last && *p++) { /* void */ }
if (p == last) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent invalid login in AUTH PLAIN command");
return OC_SMTP_PARSE_INVALID_COMMAND;
}
s->login.data = p;
while (p < last && *p) { p++; }
if (p == last) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent invalid password in AUTH PLAIN command");
return OC_SMTP_PARSE_INVALID_COMMAND;
}
s->login.len = p++ - s->login.data;
s->passwd.len = last - p;
s->passwd.data = p;
#if (NGX_DEBUG_MAIL_PASSWD)
ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
"mail auth plain: \"%V\" \"%V\"", &s->login, &s->passwd);
#endif
return NGX_DONE;
}
ngx_int_t
ngx_http_auth_spnego_token(
ngx_http_request_t *r,
ngx_http_auth_spnego_ctx_t *ctx)
{
ngx_str_t token;
ngx_str_t decoded;
size_t nego_sz = sizeof("Negotiate");
if (NULL == r->headers_in.authorization) {
return NGX_DECLINED;
}
/* but don't decode second time? */
if (ctx->token.len)
return NGX_OK;
token = r->headers_in.authorization->value;
if (token.len < nego_sz ||
ngx_strncasecmp(token.data, (u_char *) "Negotiate ", nego_sz) != 0) {
if (ngx_strncasecmp(
token.data, (u_char *) "NTLM", sizeof("NTLM")) == 0) {
spnego_log_error("Detected unsupported mechanism: NTLM");
}
return NGX_DECLINED;
}
token.len -= nego_sz;
token.data += nego_sz;
while (token.len && token.data[0] == ' ') {
token.len--;
token.data++;
}
if (token.len == 0) {
return NGX_DECLINED;
}
decoded.len = ngx_base64_decoded_length(token.len);
decoded.data = ngx_pnalloc(r->pool, decoded.len);
if (NULL == decoded.data) {
return NGX_ERROR;
}
if (ngx_decode_base64(&decoded, &token) != NGX_OK) {
return NGX_DECLINED;
}
ctx->token.len = decoded.len;
ctx->token.data = decoded.data;
spnego_debug2("Token decoded: %*s", token.len, token.data);
return NGX_OK;
}
ngx_int_t
oc_smtp_cmd_auth_cram_md5(oc_smtp_session_t *s, ngx_connection_t *c)
{
u_char *p, *last;
ngx_str_t *arg;
arg = s->args.elts;
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
"mail auth cram-md5: \"%V\"", &arg[0]);
s->login.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[0].len));
if (s->login.data == NULL) {
return NGX_ERROR;
}
if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent invalid base64 encoding in AUTH CRAM-MD5 command");
return OC_SMTP_PARSE_INVALID_COMMAND;
}
p = s->login.data;
last = p + s->login.len;
while (p < last) {
if (*p++ == ' ') {
s->login.len = p - s->login.data - 1;
s->passwd.len = last - p;
s->passwd.data = p;
break;
}
}
if (s->passwd.len != 32) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent invalid CRAM-MD5 hash in AUTH CRAM-MD5 command");
return OC_SMTP_PARSE_INVALID_COMMAND;
}
ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
"mail auth cram-md5: \"%V\" \"%V\"", &s->login, &s->passwd);
s->auth_method = OC_SMTP_AUTH_CRAM_MD5;
return NGX_DONE;
}
static int
ngx_http_lua_ngx_decode_base64(lua_State *L)
{
ngx_http_request_t *r;
ngx_str_t p, src;
lua_pushlightuserdata(L, &ngx_http_lua_request_key);
lua_rawget(L, LUA_GLOBALSINDEX);
r = lua_touserdata(L, -1);
lua_pop(L, 1);
if (r == NULL) {
return luaL_error(L, "no request object found");
}
if (lua_gettop(L) != 1) {
return luaL_error(L, "expecting one argument");
}
if (strcmp(luaL_typename(L, 1), (char *) "nil") == 0) {
src.data = (u_char *) "";
src.len = 0;
} else {
src.data = (u_char *) luaL_checklstring(L, 1, &src.len);
}
p.len = ngx_base64_decoded_length(src.len);
p.data = ngx_palloc(r->pool, p.len);
if (p.data == NULL) {
return NGX_ERROR;
}
if (ngx_decode_base64(&p, &src) == NGX_OK) {
lua_pushlstring(L, (char *) p.data, p.len);
} else {
lua_pushnil(L);
}
ngx_pfree(r->pool, p.data);
return 1;
}
int
ngx_http_lua_ffi_decode_base64(const u_char *src, size_t slen, u_char *dst,
size_t *dlen)
{
ngx_int_t rc;
ngx_str_t in, out;
in.data = (u_char *) src;
in.len = slen;
out.data = dst;
rc = ngx_decode_base64(&out, &in);
*dlen = out.len;
return rc == NGX_OK;
}
static mrb_value ngx_http_mruby_base64_decode(mrb_state *mrb, mrb_value self)
{
mrb_value mrb_src;
ngx_str_t src, dst;
mrb_get_args(mrb, "o", &mrb_src);
mrb_src = mrb_obj_as_string(mrb, mrb_src);
src.data = (u_char *)RSTRING_PTR(mrb_src);
src.len = RSTRING_LEN(mrb_src);
dst.len = ngx_base64_decoded_length(src.len);
dst.data = mrb_malloc(mrb, dst.len + 1);
if (ngx_decode_base64(&dst, &src) == NGX_ERROR) {
return mrb_nil_value();
}
return mrb_str_new(mrb, (char *)dst.data, dst.len);
}
ngx_int_t
ngx_http_set_misc_set_decode_base64url(ngx_http_request_t *r, ngx_str_t *res,
ngx_http_variable_value_t *v)
{
ngx_str_t src;
src.len = v->len;
src.data = v->data;
res->len = ngx_base64url_decoded_length(v->len);
res->data = ngx_palloc(r->pool, res->len);
if (res->data == NULL) {
return NGX_ERROR;
}
#if defined(nginx_version) && nginx_version >= 1005010
if (ngx_decode_base64url(res, &src) != NGX_OK) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
"set_decode_base64url: invalid value");
return NGX_ERROR;
}
#else
u_int i;
for (i=0;i<src.len;i++) {
switch (src.data[i]) {
case '-': src.data[i]='+'; break;
case '_': src.data[i]='/'; break;
}
}
if (ngx_decode_base64(res, &src) != NGX_OK) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
"set_decode_base64url: invalid value");
return NGX_ERROR;
}
#endif
return NGX_OK;
}
static ngx_int_t
ngx_http_secure_cookie_variable(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data)
{
u_char hash_buf[16], md5_buf[16], time_buf[64];
u_char *p, *last;
ngx_str_t val, hash, time_dst, time_src;
time_t expires;
ngx_md5_t md5;
ngx_http_secure_cookie_conf_t *conf;
conf = ngx_http_get_module_loc_conf(r, ngx_http_secure_cookie_module);
if (conf->variable == NULL || conf->md5 == NULL) {
goto not_found;
}
if (ngx_http_complex_value(r, conf->variable, &val) != NGX_OK) {
return NGX_ERROR;
}
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"secure cookie: \"%V\"", &val);
last = val.data + val.len;
p = ngx_strlchr(val.data, last, ',');
expires = 0;
if (p) {
val.len = p++ - val.data;
time_src.data = p;
time_src.len = last - p;
if (time_src.len > 64) {
goto not_found;
}
time_dst.data = time_buf;
time_dst.len = 64;
if (ngx_decode_base64(&time_dst, &time_src) != NGX_OK) {
goto not_found;
}
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"secure time: \"%V\"", &time_dst);
expires = ngx_http_parse_time(time_dst.data, time_dst.len);
if (expires <= 0) {
goto not_found;
}
}
if (val.len > 24) {
goto not_found;
}
hash.len = 16;
hash.data = hash_buf;
if (ngx_decode_base64(&hash, &val) != NGX_OK) {
goto not_found;
}
if (hash.len != 16) {
goto not_found;
}
if (ngx_http_complex_value(r, conf->md5, &val) != NGX_OK) {
return NGX_ERROR;
}
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"secure cookie md5: \"%V\"", &val);
ngx_md5_init(&md5);
ngx_md5_update(&md5, val.data, val.len);
ngx_md5_final(md5_buf, &md5);
if (ngx_memcmp(hash_buf, md5_buf, 16) != 0) {
goto not_found;
}
v->data = (u_char *) ((expires && expires < ngx_time()) ? "0" : "1");
v->len = 1;
v->valid = 1;
v->no_cacheable = 0;
v->not_found = 0;
return NGX_OK;
not_found:
v->not_found = 1;
return NGX_OK;
}
static ngx_int_t
ngx_rtmp_authen_http_response_decode(ngx_rtmp_session_t *s,
ngx_rtmp_authen_ctx_t *ctx)
{
ngx_http_request_t r;
ngx_str_t val;
u_char val_buf[NGX_RTMP_AUTHEN_MAX_RESPONSE];
u_char status;
ngx_log_debug1(NGX_LOG_DEBUG_RTMP, s->connection->log, 0,
"connect (authen): response: %s", ctx->resp.data);
val.len = 0;
val.data = val_buf;
r.args.len = ctx->resp.len;
r.args.data = ctx->resp.data;
ctx->conn_desc.len = 0;
if (ngx_http_arg(&r, (u_char *)"desc", sizeof("desc") - 1, &val) == NGX_OK
&& val.len > 0) {
ctx->conn_desc.len = ngx_base64_decoded_length(val.len);
ctx->conn_desc.data = ngx_pcalloc(s->connection->pool,
ctx->conn_desc.len + 1);
if (ctx->conn_desc.data != NULL &&
ngx_decode_base64(&ctx->conn_desc, &val) == NGX_OK) {
ngx_log_debug1(NGX_LOG_DEBUG_RTMP, s->connection->log, 0,
"connect (authen): description: %s", ctx->conn_desc.data);
} else {
ctx->conn_desc.len = 0;
}
}
val.len = 0;
if (ngx_http_arg(&r, (u_char *)"status", sizeof ("status") - 1,
&val) != NGX_OK || val.len == 0) {
return NGX_ERROR;
} else {
status = val.data[0];
ctx->user.len = 0;
val.len = 0;
if (ngx_http_arg(&r, (u_char *)"user", sizeof("user") - 1,
&val) == NGX_OK && val.len > 0) {
ctx->user.data = ngx_pcalloc(s->connection->pool, val.len + 1);
if (ctx->user.data != NULL) {
u_char *dst = ctx->user.data;
ngx_unescape_uri(&dst, &val.data, val.len, 0);
*dst = '\0';
ctx->user.len = ngx_strlen(ctx->user.data);
}
}
ctx->authmod.len = 0;
val.len = 0;
if (ngx_http_arg(&r, (u_char *)"authmod", sizeof("authmod") - 1,
&val) == NGX_OK && val.len > 0) {
ctx->authmod.data = ngx_pcalloc(s->connection->pool, val.len + 1);
if (ctx->authmod.data != NULL) {
u_char *dst = ctx->authmod.data;
ngx_unescape_uri(&dst, &val.data, val.len, 0);
*dst = '\0';
ctx->authmod.len = ngx_strlen(ctx->authmod.data);
}
}
}
switch (status) {
/* Allow */
case (u_char)'a':
case (u_char)'A':
if (ctx->user.len > 0) {
ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
"connect (authen): Allow, user: %s", ctx->user.data);
} else {
ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
"connect (authen): Allow");
}
ctx->conn_status = NGX_RTMP_CONN_ALLOW;
return NGX_OK;
/* Reject */
case (u_char)'r':
case (u_char)'R':
if (ctx->user.len > 0) {
ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
"connect (authen): Reject, user: %s", ctx->user.data);
} else {
ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
"connect (authen): Reject");
}
if (ctx->conn_desc.len > 0) {
ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
"connect (authen): Reject, reason: %s",
ctx->conn_desc.data);
}
ctx->conn_status = NGX_RTMP_CONN_REJECT;
return NGX_OK;
/* Deny */
case (u_char)'d':
case (u_char)'D':
default:
if (ctx->user.len > 0) {
ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
"connect (authen): Deny, user: %s", ctx->user.data);
} else {
ngx_log_error(NGX_LOG_INFO, s->connection->log, 0,
"connect (authen): Deny");
}
ctx->conn_status = NGX_RTMP_CONN_DENY;
return NGX_ERROR;
}
}
