Set $remote_user

Depends on: http://mailman.nginx.org/pipermail/nginx-devel/2015-August/007209.html Fixes: #1 and samizdatco#22
atomx · Aug 16, 2015 · 095175a · 095175a
1 parent 0df6534
commit 095175a
Show file tree

Hide file tree

Showing 5 changed files with 71 additions and 0 deletions.
diff --git a/ngx_http_auth_digest_module.c b/ngx_http_auth_digest_module.c
@@ -769,6 +769,14 @@ ngx_http_auth_digest_verify_hash(ngx_http_request_t *r, ngx_http_auth_digest_cre
     info_header->key = hkey;
     info_header->value = hval;
     info_header->hash = 1;
+
+    /* This should be quite safe as long as r->headers_in.authorization
+     * doesn't get modified. See:
+     * https://github.com/atomx/nginx-http-auth-digest/blob/9a402045082291c1f2f0a432ac24475277e2d176/ngx_http_auth_digest_module.c#L338
+     * Otherwise we should make a copy here.
+     */
+    r->headers_in.user = fields->username;
+
     return NGX_OK;
   }else{
   invalid:

diff --git a/readme.rst b/readme.rst
@@ -173,3 +173,15 @@ auth_digest_shm_size
 .. _Digest Authentication: http://en.wikipedia.org/wiki/Digest_access_authentication
 .. _Issue Tracker: https://github.com/samizdatco/nginx-http-auth-digest/issues
 .. _MitM: http://en.wikipedia.org/wiki/Man-in-the-middle_attack
+
+Testing
+==========
+Make sure to compile nginx with the ngx_echo module: https://github.com/openresty/echo-nginx-module::
+
+    $ ./configure --add-module=../samizdatco-nginx-http-auth-digest-xxxxxxx --add-module=../echo-nginx-module  [other configure options]
+
+After that you can run the test against the nginx binary::
+
+    $ cd test
+    $ NGINX=/home/erik/nginx-1.9.1/objs/nginx ./test.sh
+
diff --git a/test/.htdigest b/test/.htdigest
@@ -0,0 +1 @@
+test:test:aeeebbfd75d1499d24388f5b9b10e0ef
diff --git a/test/server.conf b/test/server.conf
@@ -0,0 +1,39 @@
+#
+
+worker_processes      8;
+worker_rlimit_nofile  512;
+
+pid     test.pid;
+daemon  off;
+
+error_log  /dev/stdout crit;
+
+events {
+  worker_connections  512;
+  multi_accept        on;
+  use                 epoll;
+}
+
+http {
+  include       /etc/nginx/mime.types;
+  default_type  application/octet-stream;
+
+  access_log  /dev/stdout;
+  access_log  off;
+
+  server {
+    listen       127.0.0.1:9090;
+    server_name  example.com;
+
+    auth_digest_user_file .htdigest;
+
+    location /remote_user_set {
+      auth_digest 'test';
+      echo "remote_user: $remote_user";
+    }
+    location /remote_user_unset {
+      echo "remote_user: $remote_user";
+    }
+  }
+}
+
diff --git a/test/test.sh b/test/test.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+$NGINX -p $PWD -c server.conf &
+sleep 1
+
+curl -s -S -H "Host: example.com" --digest -u "test:test" "http://127.0.0.1:9090/remote_user_set"
+curl -s -S -H "Host: example.com" --digest -u "test:test" "http://127.0.0.1:9090/remote_user_unset"
+curl -s -S -H "Host: example.com" "http://127.0.0.1:9090/remote_user_unset"
+
+kill `cat test.pid`
+sleep 1