Mercurial > hg > nginx
annotate src/http/modules/ngx_http_access_module.c @ 6982:ac9b1df5b246
SSL: disabled renegotiation detection in client mode.
CVE-2009-3555 is no longer relevant and mitigated by the renegotiation
info extension (secure renegotiation). On the other hand, unexpected
renegotiation still introduces potential security risks, and hence we do
not allow renegotiation on the server side, as we never request renegotiation.
On the client side the situation is different though. There are backends
which explicitly request renegotiation, and disabled renegotiation
introduces interoperability problems. This change allows renegotiation
on the client side, and fixes interoperability problems as observed with
such backends (ticket #872).
Additionally, with TLSv1.3 the SSL_CB_HANDSHAKE_START flag is currently set
by OpenSSL when receiving a NewSessionTicket message, and was detected by
nginx as a renegotiation attempt. This looks like a bug in OpenSSL, though
this change also allows better interoperability till the problem is fixed.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 18 Apr 2017 16:08:44 +0300 |
parents | 06c227e9edd0 |
children | 72188d1bcab5 |
rev | line source |
---|---|
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
408
diff
changeset
|
1 |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
408
diff
changeset
|
2 /* |
444
42d11f017717
nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright
Igor Sysoev <igor@sysoev.ru>
parents:
441
diff
changeset
|
3 * Copyright (C) Igor Sysoev |
4412 | 4 * Copyright (C) Nginx, Inc. |
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
408
diff
changeset
|
5 */ |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
408
diff
changeset
|
6 |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
7 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
8 #include <ngx_config.h> |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
9 #include <ngx_core.h> |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
10 #include <ngx_http.h> |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
11 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
12 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
13 typedef struct { |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
14 in_addr_t mask; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
15 in_addr_t addr; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
16 ngx_uint_t deny; /* unsigned deny:1; */ |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
17 } ngx_http_access_rule_t; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
18 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
19 #if (NGX_HAVE_INET6) |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
20 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
21 typedef struct { |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
22 struct in6_addr addr; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
23 struct in6_addr mask; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
24 ngx_uint_t deny; /* unsigned deny:1; */ |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
25 } ngx_http_access_rule6_t; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
26 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
27 #endif |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
28 |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
29 #if (NGX_HAVE_UNIX_DOMAIN) |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
30 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
31 typedef struct { |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
32 ngx_uint_t deny; /* unsigned deny:1; */ |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
33 } ngx_http_access_rule_un_t; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
34 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
35 #endif |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
36 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
37 typedef struct { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
38 ngx_array_t *rules; /* array of ngx_http_access_rule_t */ |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
39 #if (NGX_HAVE_INET6) |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
40 ngx_array_t *rules6; /* array of ngx_http_access_rule6_t */ |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
41 #endif |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
42 #if (NGX_HAVE_UNIX_DOMAIN) |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
43 ngx_array_t *rules_un; /* array of ngx_http_access_rule_un_t */ |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
44 #endif |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
45 } ngx_http_access_loc_conf_t; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
46 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
47 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
48 static ngx_int_t ngx_http_access_handler(ngx_http_request_t *r); |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
49 static ngx_int_t ngx_http_access_inet(ngx_http_request_t *r, |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
50 ngx_http_access_loc_conf_t *alcf, in_addr_t addr); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
51 #if (NGX_HAVE_INET6) |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
52 static ngx_int_t ngx_http_access_inet6(ngx_http_request_t *r, |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
53 ngx_http_access_loc_conf_t *alcf, u_char *p); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
54 #endif |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
55 #if (NGX_HAVE_UNIX_DOMAIN) |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
56 static ngx_int_t ngx_http_access_unix(ngx_http_request_t *r, |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
57 ngx_http_access_loc_conf_t *alcf); |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
58 #endif |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
59 static ngx_int_t ngx_http_access_found(ngx_http_request_t *r, ngx_uint_t deny); |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
60 static char *ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, |
501 | 61 void *conf); |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
62 static void *ngx_http_access_create_loc_conf(ngx_conf_t *cf); |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
63 static char *ngx_http_access_merge_loc_conf(ngx_conf_t *cf, |
501 | 64 void *parent, void *child); |
681 | 65 static ngx_int_t ngx_http_access_init(ngx_conf_t *cf); |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
66 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
67 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
68 static ngx_command_t ngx_http_access_commands[] = { |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
69 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
70 { ngx_string("allow"), |
631 | 71 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LMT_CONF |
72 |NGX_CONF_TAKE1, | |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
73 ngx_http_access_rule, |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
74 NGX_HTTP_LOC_CONF_OFFSET, |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
75 0, |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
76 NULL }, |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
77 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
78 { ngx_string("deny"), |
631 | 79 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LMT_CONF |
80 |NGX_CONF_TAKE1, | |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
81 ngx_http_access_rule, |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
82 NGX_HTTP_LOC_CONF_OFFSET, |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
83 0, |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
84 NULL }, |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
85 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
86 ngx_null_command |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
87 }; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
88 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
89 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
90 |
667 | 91 static ngx_http_module_t ngx_http_access_module_ctx = { |
509 | 92 NULL, /* preconfiguration */ |
681 | 93 ngx_http_access_init, /* postconfiguration */ |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
94 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
95 NULL, /* create main configuration */ |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
96 NULL, /* init main configuration */ |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
97 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
98 NULL, /* create server configuration */ |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
99 NULL, /* merge server configuration */ |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
100 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
101 ngx_http_access_create_loc_conf, /* create location configuration */ |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
102 ngx_http_access_merge_loc_conf /* merge location configuration */ |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
103 }; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
104 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
105 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
106 ngx_module_t ngx_http_access_module = { |
509 | 107 NGX_MODULE_V1, |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
108 &ngx_http_access_module_ctx, /* module context */ |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
109 ngx_http_access_commands, /* module directives */ |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
110 NGX_HTTP_MODULE, /* module type */ |
541 | 111 NULL, /* init master */ |
681 | 112 NULL, /* init module */ |
541 | 113 NULL, /* init process */ |
114 NULL, /* init thread */ | |
115 NULL, /* exit thread */ | |
116 NULL, /* exit process */ | |
117 NULL, /* exit master */ | |
118 NGX_MODULE_V1_PADDING | |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
119 }; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
120 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
121 |
501 | 122 static ngx_int_t |
123 ngx_http_access_handler(ngx_http_request_t *r) | |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
124 { |
479 | 125 struct sockaddr_in *sin; |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
126 ngx_http_access_loc_conf_t *alcf; |
3921
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
127 #if (NGX_HAVE_INET6) |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
128 u_char *p; |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
129 in_addr_t addr; |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
130 struct sockaddr_in6 *sin6; |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
131 #endif |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
132 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
133 alcf = ngx_http_get_module_loc_conf(r, ngx_http_access_module); |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
134 |
3921
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
135 switch (r->connection->sockaddr->sa_family) { |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
136 |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
137 case AF_INET: |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
138 if (alcf->rules) { |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
139 sin = (struct sockaddr_in *) r->connection->sockaddr; |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
140 return ngx_http_access_inet(r, alcf, sin->sin_addr.s_addr); |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
141 } |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
142 break; |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
143 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
144 #if (NGX_HAVE_INET6) |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
145 |
3921
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
146 case AF_INET6: |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
147 sin6 = (struct sockaddr_in6 *) r->connection->sockaddr; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
148 p = sin6->sin6_addr.s6_addr; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
149 |
3921
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
150 if (alcf->rules && IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
151 addr = p[12] << 24; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
152 addr += p[13] << 16; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
153 addr += p[14] << 8; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
154 addr += p[15]; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
155 return ngx_http_access_inet(r, alcf, htonl(addr)); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
156 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
157 |
3921
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
158 if (alcf->rules6) { |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
159 return ngx_http_access_inet6(r, alcf, p); |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
160 } |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
161 |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
162 break; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
163 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
164 #endif |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
165 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
166 #if (NGX_HAVE_UNIX_DOMAIN) |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
167 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
168 case AF_UNIX: |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
169 if (alcf->rules_un) { |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
170 return ngx_http_access_unix(r, alcf); |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
171 } |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
172 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
173 break; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
174 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
175 #endif |
2512
2e91aecb9e57
a prelimiary IPv6 support, HTTP listen
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
176 } |
2e91aecb9e57
a prelimiary IPv6 support, HTTP listen
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
177 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
178 return NGX_DECLINED; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
179 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
180 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
181 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
182 static ngx_int_t |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
183 ngx_http_access_inet(ngx_http_request_t *r, ngx_http_access_loc_conf_t *alcf, |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
184 in_addr_t addr) |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
185 { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
186 ngx_uint_t i; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
187 ngx_http_access_rule_t *rule; |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
188 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
189 rule = alcf->rules->elts; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
190 for (i = 0; i < alcf->rules->nelts; i++) { |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
191 |
461 | 192 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
573 | 193 "access: %08XD %08XD %08XD", |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
194 addr, rule[i].mask, rule[i].addr); |
663 | 195 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
196 if ((addr & rule[i].mask) == rule[i].addr) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
197 return ngx_http_access_found(r, rule[i].deny); |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
198 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
199 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
200 |
1786
adca43955f79
return NGX_DECLINED if access directives are not active,
Igor Sysoev <igor@sysoev.ru>
parents:
1380
diff
changeset
|
201 return NGX_DECLINED; |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
202 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
203 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
204 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
205 #if (NGX_HAVE_INET6) |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
206 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
207 static ngx_int_t |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
208 ngx_http_access_inet6(ngx_http_request_t *r, ngx_http_access_loc_conf_t *alcf, |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
209 u_char *p) |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
210 { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
211 ngx_uint_t n; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
212 ngx_uint_t i; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
213 ngx_http_access_rule6_t *rule6; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
214 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
215 rule6 = alcf->rules6->elts; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
216 for (i = 0; i < alcf->rules6->nelts; i++) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
217 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
218 #if (NGX_DEBUG) |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
219 { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
220 size_t cl, ml, al; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
221 u_char ct[NGX_INET6_ADDRSTRLEN]; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
222 u_char mt[NGX_INET6_ADDRSTRLEN]; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
223 u_char at[NGX_INET6_ADDRSTRLEN]; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
224 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
225 cl = ngx_inet6_ntop(p, ct, NGX_INET6_ADDRSTRLEN); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
226 ml = ngx_inet6_ntop(rule6[i].mask.s6_addr, mt, NGX_INET6_ADDRSTRLEN); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
227 al = ngx_inet6_ntop(rule6[i].addr.s6_addr, at, NGX_INET6_ADDRSTRLEN); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
228 |
3685 | 229 ngx_log_debug6(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
230 "access: %*s %*s %*s", cl, ct, ml, mt, al, at); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
231 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
232 #endif |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
233 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
234 for (n = 0; n < 16; n++) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
235 if ((p[n] & rule6[i].mask.s6_addr[n]) != rule6[i].addr.s6_addr[n]) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
236 goto next; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
237 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
238 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
239 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
240 return ngx_http_access_found(r, rule6[i].deny); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
241 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
242 next: |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
243 continue; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
244 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
245 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
246 return NGX_DECLINED; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
247 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
248 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
249 #endif |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
250 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
251 |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
252 #if (NGX_HAVE_UNIX_DOMAIN) |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
253 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
254 static ngx_int_t |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
255 ngx_http_access_unix(ngx_http_request_t *r, ngx_http_access_loc_conf_t *alcf) |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
256 { |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
257 ngx_uint_t i; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
258 ngx_http_access_rule_un_t *rule_un; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
259 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
260 rule_un = alcf->rules_un->elts; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
261 for (i = 0; i < alcf->rules_un->nelts; i++) { |
5580
06c227e9edd0
Access: supplemented the obfuscated code with a comment.
Ruslan Ermilov <ru@nginx.com>
parents:
5233
diff
changeset
|
262 |
06c227e9edd0
Access: supplemented the obfuscated code with a comment.
Ruslan Ermilov <ru@nginx.com>
parents:
5233
diff
changeset
|
263 /* TODO: check path */ |
06c227e9edd0
Access: supplemented the obfuscated code with a comment.
Ruslan Ermilov <ru@nginx.com>
parents:
5233
diff
changeset
|
264 if (1) { |
06c227e9edd0
Access: supplemented the obfuscated code with a comment.
Ruslan Ermilov <ru@nginx.com>
parents:
5233
diff
changeset
|
265 return ngx_http_access_found(r, rule_un[i].deny); |
06c227e9edd0
Access: supplemented the obfuscated code with a comment.
Ruslan Ermilov <ru@nginx.com>
parents:
5233
diff
changeset
|
266 } |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
267 } |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
268 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
269 return NGX_DECLINED; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
270 } |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
271 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
272 #endif |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
273 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
274 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
275 static ngx_int_t |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
276 ngx_http_access_found(ngx_http_request_t *r, ngx_uint_t deny) |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
277 { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
278 ngx_http_core_loc_conf_t *clcf; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
279 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
280 if (deny) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
281 clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
282 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
283 if (clcf->satisfy == NGX_HTTP_SATISFY_ALL) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
284 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
285 "access forbidden by rule"); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
286 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
287 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
288 return NGX_HTTP_FORBIDDEN; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
289 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
290 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
291 return NGX_OK; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
292 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
293 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
294 |
501 | 295 static char * |
296 ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
297 { |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
298 ngx_http_access_loc_conf_t *alcf = conf; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
299 |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
300 ngx_int_t rc; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
301 ngx_uint_t all; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
302 ngx_str_t *value; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
303 ngx_cidr_t cidr; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
304 ngx_http_access_rule_t *rule; |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
305 #if (NGX_HAVE_INET6) |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
306 ngx_http_access_rule6_t *rule6; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
307 #endif |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
308 #if (NGX_HAVE_UNIX_DOMAIN) |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
309 ngx_http_access_rule_un_t *rule_un; |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
310 #endif |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
311 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
312 ngx_memzero(&cidr, sizeof(ngx_cidr_t)); |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
313 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
314 value = cf->args->elts; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
315 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
316 all = (value[1].len == 3 && ngx_strcmp(value[1].data, "all") == 0); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
317 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
318 if (!all) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
319 |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
320 #if (NGX_HAVE_UNIX_DOMAIN) |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
321 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
322 if (value[1].len == 5 && ngx_strcmp(value[1].data, "unix:") == 0) { |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
323 cidr.family = AF_UNIX; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
324 rc = NGX_OK; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
325 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
326 } else { |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
327 rc = ngx_ptocidr(&value[1], &cidr); |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
328 } |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
329 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
330 #else |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
331 rc = ngx_ptocidr(&value[1], &cidr); |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
332 #endif |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
333 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
334 if (rc == NGX_ERROR) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
335 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
336 "invalid parameter \"%V\"", &value[1]); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
337 return NGX_CONF_ERROR; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
338 } |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
339 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
340 if (rc == NGX_DONE) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
341 ngx_conf_log_error(NGX_LOG_WARN, cf, 0, |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
342 "low address bits of %V are meaningless", &value[1]); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
343 } |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
344 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
345 |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
346 if (cidr.family == AF_INET || all) { |
2537
a472d954c534
prepare ngx_ptocidr() for IPv6
Igor Sysoev <igor@sysoev.ru>
parents:
2512
diff
changeset
|
347 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
348 if (alcf->rules == NULL) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
349 alcf->rules = ngx_array_create(cf->pool, 4, |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
350 sizeof(ngx_http_access_rule_t)); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
351 if (alcf->rules == NULL) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
352 return NGX_CONF_ERROR; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
353 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
354 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
355 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
356 rule = ngx_array_push(alcf->rules); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
357 if (rule == NULL) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
358 return NGX_CONF_ERROR; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
359 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
360 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
361 rule->mask = cidr.u.in.mask; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
362 rule->addr = cidr.u.in.addr; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
363 rule->deny = (value[0].data[0] == 'd') ? 1 : 0; |
1380
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
364 } |
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
365 |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
366 #if (NGX_HAVE_INET6) |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
367 if (cidr.family == AF_INET6 || all) { |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
368 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
369 if (alcf->rules6 == NULL) { |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
370 alcf->rules6 = ngx_array_create(cf->pool, 4, |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
371 sizeof(ngx_http_access_rule6_t)); |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
372 if (alcf->rules6 == NULL) { |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
373 return NGX_CONF_ERROR; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
374 } |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
375 } |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
376 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
377 rule6 = ngx_array_push(alcf->rules6); |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
378 if (rule6 == NULL) { |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
379 return NGX_CONF_ERROR; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
380 } |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
381 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
382 rule6->mask = cidr.u.in6.mask; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
383 rule6->addr = cidr.u.in6.addr; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
384 rule6->deny = (value[0].data[0] == 'd') ? 1 : 0; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
385 } |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
386 #endif |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
387 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
388 #if (NGX_HAVE_UNIX_DOMAIN) |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
389 if (cidr.family == AF_UNIX || all) { |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
390 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
391 if (alcf->rules_un == NULL) { |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
392 alcf->rules_un = ngx_array_create(cf->pool, 1, |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
393 sizeof(ngx_http_access_rule_un_t)); |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
394 if (alcf->rules_un == NULL) { |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
395 return NGX_CONF_ERROR; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
396 } |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
397 } |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
398 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
399 rule_un = ngx_array_push(alcf->rules_un); |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
400 if (rule_un == NULL) { |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
401 return NGX_CONF_ERROR; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
402 } |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
403 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
404 rule_un->deny = (value[0].data[0] == 'd') ? 1 : 0; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
405 } |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
406 #endif |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
407 |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
408 return NGX_CONF_OK; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
409 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
410 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
411 |
501 | 412 static void * |
413 ngx_http_access_create_loc_conf(ngx_conf_t *cf) | |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
414 { |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
415 ngx_http_access_loc_conf_t *conf; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
416 |
501 | 417 conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_access_loc_conf_t)); |
418 if (conf == NULL) { | |
2912
c7d57b539248
return NULL instead of NGX_CONF_ERROR on a create conf failure
Igor Sysoev <igor@sysoev.ru>
parents:
2537
diff
changeset
|
419 return NULL; |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
420 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
421 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
422 return conf; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
423 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
424 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
425 |
501 | 426 static char * |
427 ngx_http_access_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) | |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
428 { |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
429 ngx_http_access_loc_conf_t *prev = parent; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
430 ngx_http_access_loc_conf_t *conf = child; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
431 |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
432 if (conf->rules == NULL |
4580
ae60a1085c82
Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
433 #if (NGX_HAVE_INET6) |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
434 && conf->rules6 == NULL |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
435 #endif |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
436 #if (NGX_HAVE_UNIX_DOMAIN) |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
437 && conf->rules_un == NULL |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
438 #endif |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
439 ) { |
4580
ae60a1085c82
Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
440 conf->rules = prev->rules; |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
441 #if (NGX_HAVE_INET6) |
4580
ae60a1085c82
Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
442 conf->rules6 = prev->rules6; |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
443 #endif |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
444 #if (NGX_HAVE_UNIX_DOMAIN) |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
445 conf->rules_un = prev->rules_un; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
446 #endif |
4580
ae60a1085c82
Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
447 } |
ae60a1085c82
Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
448 |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
449 return NGX_CONF_OK; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
450 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
451 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
452 |
501 | 453 static ngx_int_t |
681 | 454 ngx_http_access_init(ngx_conf_t *cf) |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
455 { |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
456 ngx_http_handler_pt *h; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
457 ngx_http_core_main_conf_t *cmcf; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
458 |
681 | 459 cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module); |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
460 |
501 | 461 h = ngx_array_push(&cmcf->phases[NGX_HTTP_ACCESS_PHASE].handlers); |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
462 if (h == NULL) { |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
463 return NGX_ERROR; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
464 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
465 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
466 *h = ngx_http_access_handler; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
467 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
468 return NGX_OK; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
469 } |