Mercurial > hg > nginx

annotate src/http/modules/ngx_http_access_module.c @ 4580:ae60a1085c82

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Access module: fixed inheritance of allow/deny ipv6 rules. Previous (incorrect) behaviour was to inherit ipv6 rules separately from ipv4 ones. Now all rules are either inherited (if there are no rules defined at current level) or not (if there are any rules defined).
author Maxim Dounin <mdounin@mdounin.ru>
date Tue, 10 Apr 2012 13:25:53 +0000
parents d620f497c50f
children 00dbfac67e48
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
441
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents: 408
diff changeset
1
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents: 408
diff changeset
2 /*
444
42d11f017717 nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright
Igor Sysoev <igor@sysoev.ru>
parents: 441
diff changeset
3 * Copyright (C) Igor Sysoev
4412
d620f497c50f Copyright updated.
Maxim Konovalov <maxim@nginx.com>
parents: 3921
diff changeset
4 * Copyright (C) Nginx, Inc.
441
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents: 408
diff changeset
5 */
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents: 408
diff changeset
6
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
7
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
8 #include <ngx_config.h>
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
9 #include <ngx_core.h>
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
10 #include <ngx_http.h>
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
11
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
12
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
13 typedef struct {
3278
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
14 in_addr_t mask;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
15 in_addr_t addr;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
16 ngx_uint_t deny; /* unsigned deny:1; */
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
17 } ngx_http_access_rule_t;
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
18
3278
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
19 #if (NGX_HAVE_INET6)
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
20
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
21 typedef struct {
3278
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
22 struct in6_addr addr;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
23 struct in6_addr mask;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
24 ngx_uint_t deny; /* unsigned deny:1; */
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
25 } ngx_http_access_rule6_t;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
26
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
27 #endif
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
28
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
29 typedef struct {
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
30 ngx_array_t *rules; /* array of ngx_http_access_rule_t */
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
31 #if (NGX_HAVE_INET6)
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
32 ngx_array_t *rules6; /* array of ngx_http_access_rule6_t */
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
33 #endif
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
34 } ngx_http_access_loc_conf_t;
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
35
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
36
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
37 static ngx_int_t ngx_http_access_handler(ngx_http_request_t *r);
3278
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
38 static ngx_int_t ngx_http_access_inet(ngx_http_request_t *r,
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
39 ngx_http_access_loc_conf_t *alcf, in_addr_t addr);
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
40 #if (NGX_HAVE_INET6)
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
41 static ngx_int_t ngx_http_access_inet6(ngx_http_request_t *r,
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
42 ngx_http_access_loc_conf_t *alcf, u_char *p);
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
43 #endif
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
44 static ngx_int_t ngx_http_access_found(ngx_http_request_t *r, ngx_uint_t deny);
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
45 static char *ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd,
501
d4ea69372b94 nginx-0.1.25-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 499
diff changeset
46 void *conf);
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
47 static void *ngx_http_access_create_loc_conf(ngx_conf_t *cf);
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
48 static char *ngx_http_access_merge_loc_conf(ngx_conf_t *cf,
501
d4ea69372b94 nginx-0.1.25-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 499
diff changeset
49 void *parent, void *child);
681
7e24168b0853 nginx-0.4.0-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 667
diff changeset
50 static ngx_int_t ngx_http_access_init(ngx_conf_t *cf);
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
51
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
52
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
53 static ngx_command_t ngx_http_access_commands[] = {
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
54
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
55 { ngx_string("allow"),
631
5d2b8078c1c2 nginx-0.3.37-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 573
diff changeset
56 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LMT_CONF
5d2b8078c1c2 nginx-0.3.37-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 573
diff changeset
57 |NGX_CONF_TAKE1,
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
58 ngx_http_access_rule,
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
59 NGX_HTTP_LOC_CONF_OFFSET,
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
60 0,
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
61 NULL },
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
62
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
63 { ngx_string("deny"),
631
5d2b8078c1c2 nginx-0.3.37-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 573
diff changeset
64 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LMT_CONF
5d2b8078c1c2 nginx-0.3.37-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 573
diff changeset
65 |NGX_CONF_TAKE1,
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
66 ngx_http_access_rule,
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
67 NGX_HTTP_LOC_CONF_OFFSET,
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
68 0,
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
69 NULL },
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
70
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
71 ngx_null_command
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
72 };
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
73
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
74
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
75
667
63a820b0bc6c nginx-0.3.55-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 663
diff changeset
76 static ngx_http_module_t ngx_http_access_module_ctx = {
509
9b8c906f6e63 nginx-0.1.29-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 501
diff changeset
77 NULL, /* preconfiguration */
681
7e24168b0853 nginx-0.4.0-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 667
diff changeset
78 ngx_http_access_init, /* postconfiguration */
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
79
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
80 NULL, /* create main configuration */
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
81 NULL, /* init main configuration */
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
82
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
83 NULL, /* create server configuration */
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
84 NULL, /* merge server configuration */
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
85
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
86 ngx_http_access_create_loc_conf, /* create location configuration */
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
87 ngx_http_access_merge_loc_conf /* merge location configuration */
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
88 };
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
89
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
90
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
91 ngx_module_t ngx_http_access_module = {
509
9b8c906f6e63 nginx-0.1.29-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 501
diff changeset
92 NGX_MODULE_V1,
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
93 &ngx_http_access_module_ctx, /* module context */
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
94 ngx_http_access_commands, /* module directives */
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
95 NGX_HTTP_MODULE, /* module type */
541
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 509
diff changeset
96 NULL, /* init master */
681
7e24168b0853 nginx-0.4.0-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 667
diff changeset
97 NULL, /* init module */
541
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 509
diff changeset
98 NULL, /* init process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 509
diff changeset
99 NULL, /* init thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 509
diff changeset
100 NULL, /* exit thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 509
diff changeset
101 NULL, /* exit process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 509
diff changeset
102 NULL, /* exit master */
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 509
diff changeset
103 NGX_MODULE_V1_PADDING
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
104 };
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
105
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
106
501
d4ea69372b94 nginx-0.1.25-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 499
diff changeset
107 static ngx_int_t
d4ea69372b94 nginx-0.1.25-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 499
diff changeset
108 ngx_http_access_handler(ngx_http_request_t *r)
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
109 {
479
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 461
diff changeset
110 struct sockaddr_in *sin;
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
111 ngx_http_access_loc_conf_t *alcf;
3921
bab3488bd113 fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents: 3685
diff changeset
112 #if (NGX_HAVE_INET6)
bab3488bd113 fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents: 3685
diff changeset
113 u_char *p;
bab3488bd113 fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents: 3685
diff changeset
114 in_addr_t addr;
bab3488bd113 fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents: 3685
diff changeset
115 struct sockaddr_in6 *sin6;
bab3488bd113 fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents: 3685
diff changeset
116 #endif
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
117
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
118 alcf = ngx_http_get_module_loc_conf(r, ngx_http_access_module);
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
119
3921
bab3488bd113 fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents: 3685
diff changeset
120 switch (r->connection->sockaddr->sa_family) {
bab3488bd113 fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents: 3685
diff changeset
121
bab3488bd113 fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents: 3685
diff changeset
122 case AF_INET:
bab3488bd113 fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents: 3685
diff changeset
123 if (alcf->rules) {
bab3488bd113 fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents: 3685
diff changeset
124 sin = (struct sockaddr_in *) r->connection->sockaddr;
bab3488bd113 fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents: 3685
diff changeset
125 return ngx_http_access_inet(r, alcf, sin->sin_addr.s_addr);
bab3488bd113 fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents: 3685
diff changeset
126 }
bab3488bd113 fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents: 3685
diff changeset
127 break;
bab3488bd113 fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents: 3685
diff changeset
128
3278
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
129 #if (NGX_HAVE_INET6)
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
130
3921
bab3488bd113 fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents: 3685
diff changeset
131 case AF_INET6:
3278
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
132 sin6 = (struct sockaddr_in6 *) r->connection->sockaddr;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
133 p = sin6->sin6_addr.s6_addr;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
134
3921
bab3488bd113 fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents: 3685
diff changeset
135 if (alcf->rules && IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
3278
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
136 addr = p[12] << 24;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
137 addr += p[13] << 16;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
138 addr += p[14] << 8;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
139 addr += p[15];
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
140 return ngx_http_access_inet(r, alcf, htonl(addr));
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
141 }
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
142
3921
bab3488bd113 fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents: 3685
diff changeset
143 if (alcf->rules6) {
bab3488bd113 fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents: 3685
diff changeset
144 return ngx_http_access_inet6(r, alcf, p);
bab3488bd113 fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents: 3685
diff changeset
145 }
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
146
3278
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
147 #endif
2512
2e91aecb9e57 a prelimiary IPv6 support, HTTP listen
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
148 }
2e91aecb9e57 a prelimiary IPv6 support, HTTP listen
Igor Sysoev <igor@sysoev.ru>
parents: 2202
diff changeset
149
3278
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
150 return NGX_DECLINED;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
151 }
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
152
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
153
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
154 static ngx_int_t
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
155 ngx_http_access_inet(ngx_http_request_t *r, ngx_http_access_loc_conf_t *alcf,
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
156 in_addr_t addr)
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
157 {
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
158 ngx_uint_t i;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
159 ngx_http_access_rule_t *rule;
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
160
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
161 rule = alcf->rules->elts;
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
162 for (i = 0; i < alcf->rules->nelts; i++) {
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
163
461
a88a3e4e158f nginx-0.1.5-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
164 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 541
diff changeset
165 "access: %08XD %08XD %08XD",
3278
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
166 addr, rule[i].mask, rule[i].addr);
663
6d5c1535bb9d nginx-0.3.53-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 631
diff changeset
167
3278
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
168 if ((addr & rule[i].mask) == rule[i].addr) {
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
169 return ngx_http_access_found(r, rule[i].deny);
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
170 }
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
171 }
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
172
1786
adca43955f79 return NGX_DECLINED if access directives are not active,
Igor Sysoev <igor@sysoev.ru>
parents: 1380
diff changeset
173 return NGX_DECLINED;
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
174 }
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
175
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
176
3278
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
177 #if (NGX_HAVE_INET6)
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
178
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
179 static ngx_int_t
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
180 ngx_http_access_inet6(ngx_http_request_t *r, ngx_http_access_loc_conf_t *alcf,
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
181 u_char *p)
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
182 {
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
183 ngx_uint_t n;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
184 ngx_uint_t i;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
185 ngx_http_access_rule6_t *rule6;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
186
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
187 rule6 = alcf->rules6->elts;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
188 for (i = 0; i < alcf->rules6->nelts; i++) {
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
189
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
190 #if (NGX_DEBUG)
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
191 {
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
192 size_t cl, ml, al;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
193 u_char ct[NGX_INET6_ADDRSTRLEN];
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
194 u_char mt[NGX_INET6_ADDRSTRLEN];
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
195 u_char at[NGX_INET6_ADDRSTRLEN];
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
196
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
197 cl = ngx_inet6_ntop(p, ct, NGX_INET6_ADDRSTRLEN);
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
198 ml = ngx_inet6_ntop(rule6[i].mask.s6_addr, mt, NGX_INET6_ADDRSTRLEN);
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
199 al = ngx_inet6_ntop(rule6[i].addr.s6_addr, at, NGX_INET6_ADDRSTRLEN);
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
200
3685
9ec7238feac6 fix building by msvc7
Igor Sysoev <igor@sysoev.ru>
parents: 3284
diff changeset
201 ngx_log_debug6(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
3278
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
202 "access: %*s %*s %*s", cl, ct, ml, mt, al, at);
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
203 }
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
204 #endif
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
205
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
206 for (n = 0; n < 16; n++) {
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
207 if ((p[n] & rule6[i].mask.s6_addr[n]) != rule6[i].addr.s6_addr[n]) {
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
208 goto next;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
209 }
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
210 }
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
211
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
212 return ngx_http_access_found(r, rule6[i].deny);
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
213
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
214 next:
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
215 continue;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
216 }
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
217
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
218 return NGX_DECLINED;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
219 }
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
220
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
221 #endif
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
222
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
223
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
224 static ngx_int_t
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
225 ngx_http_access_found(ngx_http_request_t *r, ngx_uint_t deny)
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
226 {
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
227 ngx_http_core_loc_conf_t *clcf;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
228
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
229 if (deny) {
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
230 clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
231
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
232 if (clcf->satisfy == NGX_HTTP_SATISFY_ALL) {
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
233 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
234 "access forbidden by rule");
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
235 }
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
236
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
237 return NGX_HTTP_FORBIDDEN;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
238 }
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
239
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
240 return NGX_OK;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
241 }
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
242
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
243
501
d4ea69372b94 nginx-0.1.25-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 499
diff changeset
244 static char *
d4ea69372b94 nginx-0.1.25-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 499
diff changeset
245 ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
246 {
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
247 ngx_http_access_loc_conf_t *alcf = conf;
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
248
3278
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
249 ngx_int_t rc;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
250 ngx_uint_t all;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
251 ngx_str_t *value;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
252 ngx_cidr_t cidr;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
253 ngx_http_access_rule_t *rule;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
254 #if (NGX_HAVE_INET6)
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
255 ngx_http_access_rule6_t *rule6;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
256 #endif
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
257
3278
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
258 ngx_memzero(&cidr, sizeof(ngx_cidr_t));
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
259
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
260 value = cf->args->elts;
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
261
3278
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
262 all = (value[1].len == 3 && ngx_strcmp(value[1].data, "all") == 0);
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
263
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
264 if (!all) {
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
265
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
266 rc = ngx_ptocidr(&value[1], &cidr);
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
267
3278
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
268 if (rc == NGX_ERROR) {
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
269 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
270 "invalid parameter \"%V\"", &value[1]);
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
271 return NGX_CONF_ERROR;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
272 }
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
273
3278
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
274 if (rc == NGX_DONE) {
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
275 ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
276 "low address bits of %V are meaningless", &value[1]);
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
277 }
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
278 }
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
279
3278
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
280 switch (cidr.family) {
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
281
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
282 #if (NGX_HAVE_INET6)
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
283 case AF_INET6:
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
284 case 0: /* all */
1380
b590a528fd41 ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents: 681
diff changeset
285
3278
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
286 if (alcf->rules6 == NULL) {
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
287 alcf->rules6 = ngx_array_create(cf->pool, 4,
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
288 sizeof(ngx_http_access_rule6_t));
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
289 if (alcf->rules6 == NULL) {
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
290 return NGX_CONF_ERROR;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
291 }
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
292 }
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
293
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
294 rule6 = ngx_array_push(alcf->rules6);
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
295 if (rule6 == NULL) {
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
296 return NGX_CONF_ERROR;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
297 }
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
298
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
299 rule6->mask = cidr.u.in6.mask;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
300 rule6->addr = cidr.u.in6.addr;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
301 rule6->deny = (value[0].data[0] == 'd') ? 1 : 0;
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
302
3278
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
303 if (!all) {
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
304 break;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
305 }
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
306
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
307 /* "all" passes through */
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
308 #endif
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
309
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
310 default: /* AF_INET */
2537
a472d954c534 prepare ngx_ptocidr() for IPv6
Igor Sysoev <igor@sysoev.ru>
parents: 2512
diff changeset
311
3278
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
312 if (alcf->rules == NULL) {
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
313 alcf->rules = ngx_array_create(cf->pool, 4,
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
314 sizeof(ngx_http_access_rule_t));
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
315 if (alcf->rules == NULL) {
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
316 return NGX_CONF_ERROR;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
317 }
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
318 }
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
319
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
320 rule = ngx_array_push(alcf->rules);
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
321 if (rule == NULL) {
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
322 return NGX_CONF_ERROR;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
323 }
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
324
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
325 rule->mask = cidr.u.in.mask;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
326 rule->addr = cidr.u.in.addr;
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
327 rule->deny = (value[0].data[0] == 'd') ? 1 : 0;
1380
b590a528fd41 ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents: 681
diff changeset
328 }
b590a528fd41 ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents: 681
diff changeset
329
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
330 return NGX_CONF_OK;
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
331 }
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
332
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
333
501
d4ea69372b94 nginx-0.1.25-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 499
diff changeset
334 static void *
d4ea69372b94 nginx-0.1.25-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 499
diff changeset
335 ngx_http_access_create_loc_conf(ngx_conf_t *cf)
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
336 {
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
337 ngx_http_access_loc_conf_t *conf;
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
338
501
d4ea69372b94 nginx-0.1.25-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 499
diff changeset
339 conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_access_loc_conf_t));
d4ea69372b94 nginx-0.1.25-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 499
diff changeset
340 if (conf == NULL) {
2912
c7d57b539248 return NULL instead of NGX_CONF_ERROR on a create conf failure
Igor Sysoev <igor@sysoev.ru>
parents: 2537
diff changeset
341 return NULL;
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
342 }
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
343
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
344 return conf;
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
345 }
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
346
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
347
501
d4ea69372b94 nginx-0.1.25-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 499
diff changeset
348 static char *
d4ea69372b94 nginx-0.1.25-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 499
diff changeset
349 ngx_http_access_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
350 {
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
351 ngx_http_access_loc_conf_t *prev = parent;
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
352 ngx_http_access_loc_conf_t *conf = child;
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
353
4580
ae60a1085c82 Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
354 #if (NGX_HAVE_INET6)
ae60a1085c82 Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
355
ae60a1085c82 Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
356 if (conf->rules == NULL && conf->rules6 == NULL) {
ae60a1085c82 Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
357 conf->rules = prev->rules;
ae60a1085c82 Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
358 conf->rules6 = prev->rules6;
ae60a1085c82 Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
359 }
ae60a1085c82 Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
360
ae60a1085c82 Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
361 #else
ae60a1085c82 Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
362
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
363 if (conf->rules == NULL) {
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
364 conf->rules = prev->rules;
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
365 }
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
366
3278
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
367 #endif
ab9f5a715805 IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
368
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
369 return NGX_CONF_OK;
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
370 }
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
371
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
372
501
d4ea69372b94 nginx-0.1.25-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 499
diff changeset
373 static ngx_int_t
681
7e24168b0853 nginx-0.4.0-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 667
diff changeset
374 ngx_http_access_init(ngx_conf_t *cf)
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
375 {
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
376 ngx_http_handler_pt *h;
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
377 ngx_http_core_main_conf_t *cmcf;
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
378
681
7e24168b0853 nginx-0.4.0-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 667
diff changeset
379 cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
380
501
d4ea69372b94 nginx-0.1.25-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 499
diff changeset
381 h = ngx_array_push(&cmcf->phases[NGX_HTTP_ACCESS_PHASE].handlers);
368
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
382 if (h == NULL) {
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
383 return NGX_ERROR;
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
384 }
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
385
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
386 *h = ngx_http_access_handler;
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
387
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
388 return NGX_OK;
15c84a40e87d nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
389 }