version 1.1, 2013/10/14 10:32:48
|
version 1.1.1.3, 2016/11/02 10:35:00
|
Line 1
|
Line 1
|
|
#include "first.h" |
|
|
#include "base.h" |
#include "base.h" |
#include "log.h" |
#include "log.h" |
#include "buffer.h" |
#include "buffer.h" |
Line 9
|
Line 11
|
#include <string.h> |
#include <string.h> |
|
|
typedef struct { |
typedef struct { |
|
array *access_allow; |
array *access_deny; |
array *access_deny; |
} plugin_config; |
} plugin_config; |
|
|
Line 40 FREE_FUNC(mod_access_free) {
|
Line 43 FREE_FUNC(mod_access_free) {
|
for (i = 0; i < srv->config_context->used; i++) { |
for (i = 0; i < srv->config_context->used; i++) { |
plugin_config *s = p->config_storage[i]; |
plugin_config *s = p->config_storage[i]; |
|
|
|
if (NULL == s) continue; |
|
|
|
array_free(s->access_allow); |
array_free(s->access_deny); |
array_free(s->access_deny); |
|
|
free(s); |
free(s); |
Line 58 SETDEFAULTS_FUNC(mod_access_set_defaults) {
|
Line 64 SETDEFAULTS_FUNC(mod_access_set_defaults) {
|
|
|
config_values_t cv[] = { |
config_values_t cv[] = { |
{ "url.access-deny", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, |
{ "url.access-deny", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, |
|
{ "url.access-allow", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, |
{ NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET } |
{ NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET } |
}; |
}; |
|
|
p->config_storage = calloc(1, srv->config_context->used * sizeof(specific_config *)); | p->config_storage = calloc(1, srv->config_context->used * sizeof(plugin_config *)); |
|
|
for (i = 0; i < srv->config_context->used; i++) { |
for (i = 0; i < srv->config_context->used; i++) { |
|
data_config const* config = (data_config const*)srv->config_context->data[i]; |
plugin_config *s; |
plugin_config *s; |
|
|
s = calloc(1, sizeof(plugin_config)); |
s = calloc(1, sizeof(plugin_config)); |
s->access_deny = array_init(); |
s->access_deny = array_init(); |
|
s->access_allow = array_init(); |
|
|
cv[0].destination = s->access_deny; |
cv[0].destination = s->access_deny; |
|
cv[1].destination = s->access_allow; |
|
|
p->config_storage[i] = s; |
p->config_storage[i] = s; |
|
|
if (0 != config_insert_values_global(srv, ((data_config *)srv->config_context->data[i])->value, cv)) { | if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) { |
return HANDLER_ERROR; |
return HANDLER_ERROR; |
} |
} |
} |
} |
Line 87 static int mod_access_patch_connection(server *srv, co
|
Line 97 static int mod_access_patch_connection(server *srv, co
|
size_t i, j; |
size_t i, j; |
plugin_config *s = p->config_storage[0]; |
plugin_config *s = p->config_storage[0]; |
|
|
|
PATCH(access_allow); |
PATCH(access_deny); |
PATCH(access_deny); |
|
|
/* skip the first, the global context */ |
/* skip the first, the global context */ |
Line 103 static int mod_access_patch_connection(server *srv, co
|
Line 114 static int mod_access_patch_connection(server *srv, co
|
|
|
if (buffer_is_equal_string(du->key, CONST_STR_LEN("url.access-deny"))) { |
if (buffer_is_equal_string(du->key, CONST_STR_LEN("url.access-deny"))) { |
PATCH(access_deny); |
PATCH(access_deny); |
|
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("url.access-allow"))) { |
|
PATCH(access_allow); |
} |
} |
} |
} |
} |
} |
Line 125 URIHANDLER_FUNC(mod_access_uri_handler) {
|
Line 138 URIHANDLER_FUNC(mod_access_uri_handler) {
|
int s_len; |
int s_len; |
size_t k; |
size_t k; |
|
|
if (con->uri.path->used == 0) return HANDLER_GO_ON; | if (buffer_is_empty(con->uri.path)) return HANDLER_GO_ON; |
|
|
mod_access_patch_connection(srv, con, p); |
mod_access_patch_connection(srv, con, p); |
|
|
s_len = con->uri.path->used - 1; | s_len = buffer_string_length(con->uri.path); |
|
|
if (con->conf.log_request_handling) { |
if (con->conf.log_request_handling) { |
log_error_write(srv, __FILE__, __LINE__, "s", | log_error_write(srv, __FILE__, __LINE__, "s", |
"-- mod_access_uri_handler called"); |
"-- mod_access_uri_handler called"); |
} |
} |
|
|
|
for (k = 0; k < p->conf.access_allow->used; ++k) { |
|
data_string *ds = (data_string *)p->conf.access_allow->data[k]; |
|
int ct_len = buffer_string_length(ds->value); |
|
int allowed = 0; |
|
|
|
if (ct_len > s_len) continue; |
|
if (buffer_is_empty(ds->value)) continue; |
|
|
|
/* if we have a case-insensitive FS we have to lower-case the URI here too */ |
|
|
|
if (con->conf.force_lowercase_filenames) { |
|
if (0 == strncasecmp(con->uri.path->ptr + s_len - ct_len, ds->value->ptr, ct_len)) { |
|
allowed = 1; |
|
} |
|
} else { |
|
if (0 == strncmp(con->uri.path->ptr + s_len - ct_len, ds->value->ptr, ct_len)) { |
|
allowed = 1; |
|
} |
|
} |
|
|
|
if (allowed) { |
|
return HANDLER_GO_ON; |
|
} |
|
} |
|
|
|
if (k > 0) { /* have access_allow but none matched */ |
|
con->http_status = 403; |
|
con->mode = DIRECT; |
|
|
|
if (con->conf.log_request_handling) { |
|
log_error_write(srv, __FILE__, __LINE__, "sb", |
|
"url denied as failed to match any from access_allow", con->uri.path); |
|
} |
|
|
|
return HANDLER_FINISHED; |
|
} |
|
|
for (k = 0; k < p->conf.access_deny->used; k++) { |
for (k = 0; k < p->conf.access_deny->used; k++) { |
data_string *ds = (data_string *)p->conf.access_deny->data[k]; |
data_string *ds = (data_string *)p->conf.access_deny->data[k]; |
int ct_len = ds->value->used - 1; | int ct_len = buffer_string_length(ds->value); |
int denied = 0; |
int denied = 0; |
|
|
|
|
if (ct_len > s_len) continue; |
if (ct_len > s_len) continue; |
if (ds->value->used == 0) continue; | if (buffer_is_empty(ds->value)) continue; |
|
|
/* if we have a case-insensitive FS we have to lower-case the URI here too */ |
/* if we have a case-insensitive FS we have to lower-case the URI here too */ |
|
|