Mercurial > hg > nginx
annotate src/http/modules/ngx_http_secure_link_module.c @ 8301:c9fbe9508e1f quic
QUIC packet padding to fulfil header protection sample demands.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 01 Apr 2020 13:27:42 +0300 |
parents | c7d4017c8876 |
children | bdd4d89370a7 |
rev | line source |
---|---|
2260 | 1 |
2 /* | |
3 * Copyright (C) Igor Sysoev | |
4412 | 4 * Copyright (C) Nginx, Inc. |
2260 | 5 */ |
6 | |
7 | |
8 #include <ngx_config.h> | |
9 #include <ngx_core.h> | |
10 #include <ngx_http.h> | |
11 #include <ngx_md5.h> | |
12 | |
13 | |
14 typedef struct { | |
3756
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
15 ngx_http_complex_value_t *variable; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
16 ngx_http_complex_value_t *md5; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
17 ngx_str_t secret; |
2260 | 18 } ngx_http_secure_link_conf_t; |
19 | |
20 | |
3756
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
21 typedef struct { |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
22 ngx_str_t expires; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
23 } ngx_http_secure_link_ctx_t; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
24 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
25 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
26 static ngx_int_t ngx_http_secure_link_old_variable(ngx_http_request_t *r, |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
27 ngx_http_secure_link_conf_t *conf, ngx_http_variable_value_t *v, |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
28 uintptr_t data); |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
29 static ngx_int_t ngx_http_secure_link_expires_variable(ngx_http_request_t *r, |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
30 ngx_http_variable_value_t *v, uintptr_t data); |
2260 | 31 static void *ngx_http_secure_link_create_conf(ngx_conf_t *cf); |
32 static char *ngx_http_secure_link_merge_conf(ngx_conf_t *cf, void *parent, | |
33 void *child); | |
34 static ngx_int_t ngx_http_secure_link_add_variables(ngx_conf_t *cf); | |
35 | |
36 | |
37 static ngx_command_t ngx_http_secure_link_commands[] = { | |
38 | |
3756
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
39 { ngx_string("secure_link"), |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
40 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, |
3761 | 41 ngx_http_set_complex_value_slot, |
3756
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
42 NGX_HTTP_LOC_CONF_OFFSET, |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
43 offsetof(ngx_http_secure_link_conf_t, variable), |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
44 NULL }, |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
45 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
46 { ngx_string("secure_link_md5"), |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
47 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, |
3761 | 48 ngx_http_set_complex_value_slot, |
3756
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
49 NGX_HTTP_LOC_CONF_OFFSET, |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
50 offsetof(ngx_http_secure_link_conf_t, md5), |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
51 NULL }, |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
52 |
2260 | 53 { ngx_string("secure_link_secret"), |
54 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
55 ngx_conf_set_str_slot, | |
56 NGX_HTTP_LOC_CONF_OFFSET, | |
57 offsetof(ngx_http_secure_link_conf_t, secret), | |
58 NULL }, | |
59 | |
60 ngx_null_command | |
61 }; | |
62 | |
63 | |
64 static ngx_http_module_t ngx_http_secure_link_module_ctx = { | |
65 ngx_http_secure_link_add_variables, /* preconfiguration */ | |
66 NULL, /* postconfiguration */ | |
67 | |
68 NULL, /* create main configuration */ | |
69 NULL, /* init main configuration */ | |
70 | |
71 NULL, /* create server configuration */ | |
72 NULL, /* merge server configuration */ | |
73 | |
74 ngx_http_secure_link_create_conf, /* create location configuration */ | |
75 ngx_http_secure_link_merge_conf /* merge location configuration */ | |
76 }; | |
77 | |
78 | |
79 ngx_module_t ngx_http_secure_link_module = { | |
80 NGX_MODULE_V1, | |
81 &ngx_http_secure_link_module_ctx, /* module context */ | |
82 ngx_http_secure_link_commands, /* module directives */ | |
83 NGX_HTTP_MODULE, /* module type */ | |
84 NULL, /* init master */ | |
85 NULL, /* init module */ | |
86 NULL, /* init process */ | |
87 NULL, /* init thread */ | |
88 NULL, /* exit thread */ | |
89 NULL, /* exit process */ | |
90 NULL, /* exit master */ | |
91 NGX_MODULE_V1_PADDING | |
92 }; | |
93 | |
94 | |
3756
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
95 static ngx_str_t ngx_http_secure_link_name = ngx_string("secure_link"); |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
96 static ngx_str_t ngx_http_secure_link_expires_name = |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
97 ngx_string("secure_link_expires"); |
2260 | 98 |
99 | |
100 static ngx_int_t | |
101 ngx_http_secure_link_variable(ngx_http_request_t *r, | |
3756
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
102 ngx_http_variable_value_t *v, uintptr_t data) |
2260 | 103 { |
3756
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
104 u_char *p, *last; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
105 ngx_str_t val, hash; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
106 time_t expires; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
107 ngx_md5_t md5; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
108 ngx_http_secure_link_ctx_t *ctx; |
2260 | 109 ngx_http_secure_link_conf_t *conf; |
7094
c7d4017c8876
Secure link: fixed stack buffer overflow.
Roman Arutyunyan <arut@nginx.com>
parents:
5017
diff
changeset
|
110 u_char hash_buf[18], md5_buf[16]; |
2260 | 111 |
112 conf = ngx_http_get_module_loc_conf(r, ngx_http_secure_link_module); | |
113 | |
5017
d89442dab4d1
Secure_link: fixed configuration inheritance.
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
114 if (conf->secret.data) { |
3756
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
115 return ngx_http_secure_link_old_variable(r, conf, v, data); |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
116 } |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
117 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
118 if (conf->variable == NULL || conf->md5 == NULL) { |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
119 goto not_found; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
120 } |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
121 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
122 if (ngx_http_complex_value(r, conf->variable, &val) != NGX_OK) { |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
123 return NGX_ERROR; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
124 } |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
125 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
126 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
127 "secure link: \"%V\"", &val); |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
128 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
129 last = val.data + val.len; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
130 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
131 p = ngx_strlchr(val.data, last, ','); |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
132 expires = 0; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
133 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
134 if (p) { |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
135 val.len = p++ - val.data; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
136 |
3760
38f74d11e5bd
discard "secure_link_expires on|off"
Igor Sysoev <igor@sysoev.ru>
parents:
3756
diff
changeset
|
137 expires = ngx_atotm(p, last - p); |
38f74d11e5bd
discard "secure_link_expires on|off"
Igor Sysoev <igor@sysoev.ru>
parents:
3756
diff
changeset
|
138 if (expires <= 0) { |
38f74d11e5bd
discard "secure_link_expires on|off"
Igor Sysoev <igor@sysoev.ru>
parents:
3756
diff
changeset
|
139 goto not_found; |
38f74d11e5bd
discard "secure_link_expires on|off"
Igor Sysoev <igor@sysoev.ru>
parents:
3756
diff
changeset
|
140 } |
3756
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
141 |
3760
38f74d11e5bd
discard "secure_link_expires on|off"
Igor Sysoev <igor@sysoev.ru>
parents:
3756
diff
changeset
|
142 ctx = ngx_pcalloc(r->pool, sizeof(ngx_http_secure_link_ctx_t)); |
38f74d11e5bd
discard "secure_link_expires on|off"
Igor Sysoev <igor@sysoev.ru>
parents:
3756
diff
changeset
|
143 if (ctx == NULL) { |
38f74d11e5bd
discard "secure_link_expires on|off"
Igor Sysoev <igor@sysoev.ru>
parents:
3756
diff
changeset
|
144 return NGX_ERROR; |
38f74d11e5bd
discard "secure_link_expires on|off"
Igor Sysoev <igor@sysoev.ru>
parents:
3756
diff
changeset
|
145 } |
3756
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
146 |
3760
38f74d11e5bd
discard "secure_link_expires on|off"
Igor Sysoev <igor@sysoev.ru>
parents:
3756
diff
changeset
|
147 ngx_http_set_ctx(r, ctx, ngx_http_secure_link_module); |
3756
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
148 |
3760
38f74d11e5bd
discard "secure_link_expires on|off"
Igor Sysoev <igor@sysoev.ru>
parents:
3756
diff
changeset
|
149 ctx->expires.len = last - p; |
38f74d11e5bd
discard "secure_link_expires on|off"
Igor Sysoev <igor@sysoev.ru>
parents:
3756
diff
changeset
|
150 ctx->expires.data = p; |
3756
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
151 } |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
152 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
153 if (val.len > 24) { |
2260 | 154 goto not_found; |
155 } | |
156 | |
3756
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
157 hash.data = hash_buf; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
158 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
159 if (ngx_decode_base64url(&hash, &val) != NGX_OK) { |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
160 goto not_found; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
161 } |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
162 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
163 if (hash.len != 16) { |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
164 goto not_found; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
165 } |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
166 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
167 if (ngx_http_complex_value(r, conf->md5, &val) != NGX_OK) { |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
168 return NGX_ERROR; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
169 } |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
170 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
171 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
172 "secure link md5: \"%V\"", &val); |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
173 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
174 ngx_md5_init(&md5); |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
175 ngx_md5_update(&md5, val.data, val.len); |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
176 ngx_md5_final(md5_buf, &md5); |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
177 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
178 if (ngx_memcmp(hash_buf, md5_buf, 16) != 0) { |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
179 goto not_found; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
180 } |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
181 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
182 v->data = (u_char *) ((expires && expires < ngx_time()) ? "0" : "1"); |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
183 v->len = 1; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
184 v->valid = 1; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
185 v->no_cacheable = 0; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
186 v->not_found = 0; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
187 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
188 return NGX_OK; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
189 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
190 not_found: |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
191 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
192 v->not_found = 1; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
193 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
194 return NGX_OK; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
195 } |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
196 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
197 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
198 static ngx_int_t |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
199 ngx_http_secure_link_old_variable(ngx_http_request_t *r, |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
200 ngx_http_secure_link_conf_t *conf, ngx_http_variable_value_t *v, |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
201 uintptr_t data) |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
202 { |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
203 u_char *p, *start, *end, *last; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
204 size_t len; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
205 ngx_int_t n; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
206 ngx_uint_t i; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
207 ngx_md5_t md5; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
208 u_char hash[16]; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
209 |
2260 | 210 p = &r->unparsed_uri.data[1]; |
211 last = r->unparsed_uri.data + r->unparsed_uri.len; | |
212 | |
213 while (p < last) { | |
214 if (*p++ == '/') { | |
215 start = p; | |
216 goto md5_start; | |
217 } | |
218 } | |
219 | |
220 goto not_found; | |
221 | |
222 md5_start: | |
223 | |
224 while (p < last) { | |
225 if (*p++ == '/') { | |
226 end = p - 1; | |
227 goto url_start; | |
228 } | |
229 } | |
230 | |
231 goto not_found; | |
232 | |
233 url_start: | |
234 | |
235 len = last - p; | |
236 | |
2279 | 237 if (end - start != 32 || len == 0) { |
2260 | 238 goto not_found; |
239 } | |
240 | |
241 ngx_md5_init(&md5); | |
242 ngx_md5_update(&md5, p, len); | |
243 ngx_md5_update(&md5, conf->secret.data, conf->secret.len); | |
244 ngx_md5_final(hash, &md5); | |
245 | |
246 for (i = 0; i < 16; i++) { | |
247 n = ngx_hextoi(&start[2 * i], 2); | |
248 if (n == NGX_ERROR || n != hash[i]) { | |
249 goto not_found; | |
250 } | |
251 } | |
252 | |
253 v->len = len; | |
254 v->valid = 1; | |
255 v->no_cacheable = 0; | |
256 v->not_found = 0; | |
257 v->data = p; | |
258 | |
259 return NGX_OK; | |
260 | |
261 not_found: | |
262 | |
263 v->not_found = 1; | |
264 | |
265 return NGX_OK; | |
266 } | |
267 | |
268 | |
3756
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
269 static ngx_int_t |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
270 ngx_http_secure_link_expires_variable(ngx_http_request_t *r, |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
271 ngx_http_variable_value_t *v, uintptr_t data) |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
272 { |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
273 ngx_http_secure_link_ctx_t *ctx; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
274 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
275 ctx = ngx_http_get_module_ctx(r, ngx_http_secure_link_module); |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
276 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
277 if (ctx) { |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
278 v->len = ctx->expires.len; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
279 v->valid = 1; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
280 v->no_cacheable = 0; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
281 v->not_found = 0; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
282 v->data = ctx->expires.data; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
283 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
284 } else { |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
285 v->not_found = 1; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
286 } |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
287 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
288 return NGX_OK; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
289 } |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
290 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
291 |
2260 | 292 static void * |
293 ngx_http_secure_link_create_conf(ngx_conf_t *cf) | |
294 { | |
295 ngx_http_secure_link_conf_t *conf; | |
296 | |
297 conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_secure_link_conf_t)); | |
298 if (conf == NULL) { | |
2912
c7d57b539248
return NULL instead of NGX_CONF_ERROR on a create conf failure
Igor Sysoev <igor@sysoev.ru>
parents:
2279
diff
changeset
|
299 return NULL; |
2260 | 300 } |
301 | |
302 /* | |
303 * set by ngx_pcalloc(): | |
304 * | |
3756
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
305 * conf->variable = NULL; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
306 * conf->md5 = NULL; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
307 * conf->secret = { 0, NULL }; |
2260 | 308 */ |
309 | |
310 return conf; | |
311 } | |
312 | |
313 | |
314 static char * | |
315 ngx_http_secure_link_merge_conf(ngx_conf_t *cf, void *parent, void *child) | |
316 { | |
317 ngx_http_secure_link_conf_t *prev = parent; | |
318 ngx_http_secure_link_conf_t *conf = child; | |
319 | |
5017
d89442dab4d1
Secure_link: fixed configuration inheritance.
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
320 if (conf->secret.data) { |
d89442dab4d1
Secure_link: fixed configuration inheritance.
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
321 if (conf->variable || conf->md5) { |
d89442dab4d1
Secure_link: fixed configuration inheritance.
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
322 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
d89442dab4d1
Secure_link: fixed configuration inheritance.
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
323 "\"secure_link_secret\" cannot be mixed with " |
d89442dab4d1
Secure_link: fixed configuration inheritance.
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
324 "\"secure_link\" and \"secure_link_md5\""); |
d89442dab4d1
Secure_link: fixed configuration inheritance.
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
325 return NGX_CONF_ERROR; |
d89442dab4d1
Secure_link: fixed configuration inheritance.
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
326 } |
d89442dab4d1
Secure_link: fixed configuration inheritance.
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
327 |
d89442dab4d1
Secure_link: fixed configuration inheritance.
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
328 return NGX_CONF_OK; |
d89442dab4d1
Secure_link: fixed configuration inheritance.
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
329 } |
2260 | 330 |
3756
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
331 if (conf->variable == NULL) { |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
332 conf->variable = prev->variable; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
333 } |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
334 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
335 if (conf->md5 == NULL) { |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
336 conf->md5 = prev->md5; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
337 } |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
338 |
5017
d89442dab4d1
Secure_link: fixed configuration inheritance.
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
339 if (conf->variable == NULL && conf->md5 == NULL) { |
d89442dab4d1
Secure_link: fixed configuration inheritance.
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
340 conf->secret = prev->secret; |
d89442dab4d1
Secure_link: fixed configuration inheritance.
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
341 } |
d89442dab4d1
Secure_link: fixed configuration inheritance.
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
342 |
2260 | 343 return NGX_CONF_OK; |
344 } | |
345 | |
346 | |
347 static ngx_int_t | |
348 ngx_http_secure_link_add_variables(ngx_conf_t *cf) | |
349 { | |
350 ngx_http_variable_t *var; | |
351 | |
3756
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
352 var = ngx_http_add_variable(cf, &ngx_http_secure_link_name, 0); |
2260 | 353 if (var == NULL) { |
354 return NGX_ERROR; | |
355 } | |
356 | |
357 var->get_handler = ngx_http_secure_link_variable; | |
358 | |
3756
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
359 var = ngx_http_add_variable(cf, &ngx_http_secure_link_expires_name, 0); |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
360 if (var == NULL) { |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
361 return NGX_ERROR; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
362 } |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
363 |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
364 var->get_handler = ngx_http_secure_link_expires_variable; |
7224d008faaf
new ngx_http_secure_link_module with secure_link, secure_link_md5, and
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
365 |
2260 | 366 return NGX_OK; |
367 } |