nginx: src/http/modules/ngx_http_access

comparison src/http/modules/ngx_http_access_module.c @ 5233:00dbfac67e48

Access: support for UNIX-domain client addresses (ticket #359).

author	Ruslan Ermilov <ru@nginx.com>
date	Thu, 30 May 2013 18:23:05 +0400
parents	ae60a1085c82
children	06c227e9edd0

comparison

equal deleted inserted replaced

-:53eb1e67e432
+:00dbfac67e48
 ngx_uint_t        deny;      /* unsigned  deny:1; */
 } ngx_http_access_rule6_t;
 #endif
+#if (NGX_HAVE_UNIX_DOMAIN)
+typedef struct {
+ngx_uint_t        deny;      /* unsigned  deny:1; */
+} ngx_http_access_rule_un_t;
+#endif
 typedef struct {
 ngx_array_t      *rules;     /* array of ngx_http_access_rule_t */
 #if (NGX_HAVE_INET6)
 ngx_array_t      *rules6;    /* array of ngx_http_access_rule6_t */
+#endif
+#if (NGX_HAVE_UNIX_DOMAIN)
+ngx_array_t      *rules_un;  /* array of ngx_http_access_rule_un_t */
 #endif
 } ngx_http_access_loc_conf_t;
 static ngx_int_t ngx_http_access_handler(ngx_http_request_t *r);
 static ngx_int_t ngx_http_access_inet(ngx_http_request_t *r,
 ngx_http_access_loc_conf_t *alcf, in_addr_t addr);
 #if (NGX_HAVE_INET6)
 static ngx_int_t ngx_http_access_inet6(ngx_http_request_t *r,
 ngx_http_access_loc_conf_t *alcf, u_char *p);
+#endif
+#if (NGX_HAVE_UNIX_DOMAIN)
+static ngx_int_t ngx_http_access_unix(ngx_http_request_t *r,
+ngx_http_access_loc_conf_t *alcf);
 #endif
 static ngx_int_t ngx_http_access_found(ngx_http_request_t *r, ngx_uint_t deny);
 static char *ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd,
 void *conf);
 static void *ngx_http_access_create_loc_conf(ngx_conf_t *cf);
 if (alcf->rules6) {
 return ngx_http_access_inet6(r, alcf, p);
 }
+break;
+#endif
+#if (NGX_HAVE_UNIX_DOMAIN)
+case AF_UNIX:
+if (alcf->rules_un) {
+return ngx_http_access_unix(r, alcf);
+}
+break;
 #endif
 }
 return NGX_DECLINED;
 }
 }
 #endif
+#if (NGX_HAVE_UNIX_DOMAIN)
+static ngx_int_t
+ngx_http_access_unix(ngx_http_request_t *r, ngx_http_access_loc_conf_t *alcf)
+{
+ngx_uint_t                  i;
+ngx_http_access_rule_un_t  *rule_un;
+rule_un = alcf->rules_un->elts;
+for (i = 0; i < alcf->rules_un->nelts; i++) {
+return ngx_http_access_found(r, rule_un[i].deny);
+}
+return NGX_DECLINED;
+}
+#endif
 static ngx_int_t
 ngx_http_access_found(ngx_http_request_t *r, ngx_uint_t deny)
 {
 ngx_http_core_loc_conf_t  *clcf;
 static char *
 ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 {
 ngx_http_access_loc_conf_t *alcf = conf;
-ngx_int_t                 rc;
+ngx_int_t                   rc;
-ngx_uint_t                all;
+ngx_uint_t                  all;
-ngx_str_t                *value;
+ngx_str_t                  *value;
-ngx_cidr_t                cidr;
+ngx_cidr_t                  cidr;
-ngx_http_access_rule_t   *rule;
+ngx_http_access_rule_t     *rule;
 #if (NGX_HAVE_INET6)
-ngx_http_access_rule6_t  *rule6;
+ngx_http_access_rule6_t    *rule6;
+#endif
+#if (NGX_HAVE_UNIX_DOMAIN)
+ngx_http_access_rule_un_t  *rule_un;
 #endif
 ngx_memzero(&cidr, sizeof(ngx_cidr_t));
 value = cf->args->elts;
 all = (value[1].len == 3 && ngx_strcmp(value[1].data, "all") == 0);
 if (!all) {
+#if (NGX_HAVE_UNIX_DOMAIN)
+if (value[1].len == 5 && ngx_strcmp(value[1].data, "unix:") == 0) {
+cidr.family = AF_UNIX;
+rc = NGX_OK;
+} else {
+rc = ngx_ptocidr(&value[1], &cidr);
+}
+#else
 rc = ngx_ptocidr(&value[1], &cidr);
+#endif
 if (rc == NGX_ERROR) {
 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
 "invalid parameter \"%V\"", &value[1]);
 return NGX_CONF_ERROR;
 ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
 "low address bits of %V are meaningless", &value[1]);
 }
 }
-switch (cidr.family) {
+if (cidr.family == AF_INET || all) {
-#if (NGX_HAVE_INET6)
+if (alcf->rules == NULL) {
-case AF_INET6:
+alcf->rules = ngx_array_create(cf->pool, 4,
-case 0: /* all */
+sizeof(ngx_http_access_rule_t));
+if (alcf->rules == NULL) {
+return NGX_CONF_ERROR;
+}
+}
+rule = ngx_array_push(alcf->rules);
+if (rule == NULL) {
+return NGX_CONF_ERROR;
+}
+rule->mask = cidr.u.in.mask;
+rule->addr = cidr.u.in.addr;
+rule->deny = (value[0].data[0] == 'd') ? 1 : 0;
+}
+#if (NGX_HAVE_INET6)
+if (cidr.family == AF_INET6 || all) {
 if (alcf->rules6 == NULL) {
 alcf->rules6 = ngx_array_create(cf->pool, 4,
 sizeof(ngx_http_access_rule6_t));
 if (alcf->rules6 == NULL) {
 }
 rule6->mask = cidr.u.in6.mask;
 rule6->addr = cidr.u.in6.addr;
 rule6->deny = (value[0].data[0] == 'd') ? 1 : 0;
+}
-if (!all) {
+#endif
-break;
-}
+#if (NGX_HAVE_UNIX_DOMAIN)
+if (cidr.family == AF_UNIX || all) {
-/* "all" passes through */
-#endif
+if (alcf->rules_un == NULL) {
+alcf->rules_un = ngx_array_create(cf->pool, 1,
-default: /* AF_INET */
+sizeof(ngx_http_access_rule_un_t));
+if (alcf->rules_un == NULL) {
-if (alcf->rules == NULL) {
-alcf->rules = ngx_array_create(cf->pool, 4,
-sizeof(ngx_http_access_rule_t));
-if (alcf->rules == NULL) {
 return NGX_CONF_ERROR;
 }
 }
-rule = ngx_array_push(alcf->rules);
+rule_un = ngx_array_push(alcf->rules_un);
-if (rule == NULL) {
+if (rule_un == NULL) {
 return NGX_CONF_ERROR;
 }
-rule->mask = cidr.u.in.mask;
+rule_un->deny = (value[0].data[0] == 'd') ? 1 : 0;
-rule->addr = cidr.u.in.addr;
+}
-rule->deny = (value[0].data[0] == 'd') ? 1 : 0;
+#endif
-}
 return NGX_CONF_OK;
 }
 ngx_http_access_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
 {
 ngx_http_access_loc_conf_t  *prev = parent;
 ngx_http_access_loc_conf_t  *conf = child;
-#if (NGX_HAVE_INET6)
+if (conf->rules == NULL
+#if (NGX_HAVE_INET6)
-if (conf->rules == NULL && conf->rules6 == NULL) {
+&& conf->rules6 == NULL
+#endif
+#if (NGX_HAVE_UNIX_DOMAIN)
+&& conf->rules_un == NULL
+#endif
+) {
 conf->rules = prev->rules;
+#if (NGX_HAVE_INET6)
 conf->rules6 = prev->rules6;
-}
+#endif
+#if (NGX_HAVE_UNIX_DOMAIN)
-#else
+conf->rules_un = prev->rules_un;
+#endif
-if (conf->rules == NULL) {
+}
-conf->rules = prev->rules;
-}
-#endif
 return NGX_CONF_OK;
 }

Mercurial > hg > nginx

comparison src/http/modules/ngx_http_access_module.c @ 5233:00dbfac67e48