Mercurial > hg > nginx
annotate src/http/modules/ngx_http_access_module.c @ 9288:f83cb031a4a4
Mail: fixed EXTERNAL auth to clear s->passwd.
The s->passwd field might be set after previous (failed) authentication
in the same session, and since EXTERNAL authentication did not touch it,
it was sent to the auth server.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 03 Jun 2024 18:03:07 +0300 |
parents | 72188d1bcab5 |
children |
rev | line source |
---|---|
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
408
diff
changeset
|
1 |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
408
diff
changeset
|
2 /* |
444
42d11f017717
nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright
Igor Sysoev <igor@sysoev.ru>
parents:
441
diff
changeset
|
3 * Copyright (C) Igor Sysoev |
4412 | 4 * Copyright (C) Nginx, Inc. |
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
408
diff
changeset
|
5 */ |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
408
diff
changeset
|
6 |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
7 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
8 #include <ngx_config.h> |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
9 #include <ngx_core.h> |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
10 #include <ngx_http.h> |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
11 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
12 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
13 typedef struct { |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
14 in_addr_t mask; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
15 in_addr_t addr; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
16 ngx_uint_t deny; /* unsigned deny:1; */ |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
17 } ngx_http_access_rule_t; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
18 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
19 #if (NGX_HAVE_INET6) |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
20 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
21 typedef struct { |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
22 struct in6_addr addr; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
23 struct in6_addr mask; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
24 ngx_uint_t deny; /* unsigned deny:1; */ |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
25 } ngx_http_access_rule6_t; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
26 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
27 #endif |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
28 |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
29 #if (NGX_HAVE_UNIX_DOMAIN) |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
30 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
31 typedef struct { |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
32 ngx_uint_t deny; /* unsigned deny:1; */ |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
33 } ngx_http_access_rule_un_t; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
34 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
35 #endif |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
36 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
37 typedef struct { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
38 ngx_array_t *rules; /* array of ngx_http_access_rule_t */ |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
39 #if (NGX_HAVE_INET6) |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
40 ngx_array_t *rules6; /* array of ngx_http_access_rule6_t */ |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
41 #endif |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
42 #if (NGX_HAVE_UNIX_DOMAIN) |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
43 ngx_array_t *rules_un; /* array of ngx_http_access_rule_un_t */ |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
44 #endif |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
45 } ngx_http_access_loc_conf_t; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
46 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
47 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
48 static ngx_int_t ngx_http_access_handler(ngx_http_request_t *r); |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
49 static ngx_int_t ngx_http_access_inet(ngx_http_request_t *r, |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
50 ngx_http_access_loc_conf_t *alcf, in_addr_t addr); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
51 #if (NGX_HAVE_INET6) |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
52 static ngx_int_t ngx_http_access_inet6(ngx_http_request_t *r, |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
53 ngx_http_access_loc_conf_t *alcf, u_char *p); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
54 #endif |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
55 #if (NGX_HAVE_UNIX_DOMAIN) |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
56 static ngx_int_t ngx_http_access_unix(ngx_http_request_t *r, |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
57 ngx_http_access_loc_conf_t *alcf); |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
58 #endif |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
59 static ngx_int_t ngx_http_access_found(ngx_http_request_t *r, ngx_uint_t deny); |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
60 static char *ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, |
501 | 61 void *conf); |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
62 static void *ngx_http_access_create_loc_conf(ngx_conf_t *cf); |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
63 static char *ngx_http_access_merge_loc_conf(ngx_conf_t *cf, |
501 | 64 void *parent, void *child); |
681 | 65 static ngx_int_t ngx_http_access_init(ngx_conf_t *cf); |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
66 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
67 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
68 static ngx_command_t ngx_http_access_commands[] = { |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
69 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
70 { ngx_string("allow"), |
631 | 71 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LMT_CONF |
72 |NGX_CONF_TAKE1, | |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
73 ngx_http_access_rule, |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
74 NGX_HTTP_LOC_CONF_OFFSET, |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
75 0, |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
76 NULL }, |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
77 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
78 { ngx_string("deny"), |
631 | 79 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LMT_CONF |
80 |NGX_CONF_TAKE1, | |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
81 ngx_http_access_rule, |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
82 NGX_HTTP_LOC_CONF_OFFSET, |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
83 0, |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
84 NULL }, |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
85 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
86 ngx_null_command |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
87 }; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
88 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
89 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
90 |
667 | 91 static ngx_http_module_t ngx_http_access_module_ctx = { |
509 | 92 NULL, /* preconfiguration */ |
681 | 93 ngx_http_access_init, /* postconfiguration */ |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
94 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
95 NULL, /* create main configuration */ |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
96 NULL, /* init main configuration */ |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
97 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
98 NULL, /* create server configuration */ |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
99 NULL, /* merge server configuration */ |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
100 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
101 ngx_http_access_create_loc_conf, /* create location configuration */ |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
102 ngx_http_access_merge_loc_conf /* merge location configuration */ |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
103 }; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
104 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
105 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
106 ngx_module_t ngx_http_access_module = { |
509 | 107 NGX_MODULE_V1, |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
108 &ngx_http_access_module_ctx, /* module context */ |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
109 ngx_http_access_commands, /* module directives */ |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
110 NGX_HTTP_MODULE, /* module type */ |
541 | 111 NULL, /* init master */ |
681 | 112 NULL, /* init module */ |
541 | 113 NULL, /* init process */ |
114 NULL, /* init thread */ | |
115 NULL, /* exit thread */ | |
116 NULL, /* exit process */ | |
117 NULL, /* exit master */ | |
118 NGX_MODULE_V1_PADDING | |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
119 }; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
120 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
121 |
501 | 122 static ngx_int_t |
123 ngx_http_access_handler(ngx_http_request_t *r) | |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
124 { |
479 | 125 struct sockaddr_in *sin; |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
126 ngx_http_access_loc_conf_t *alcf; |
3921
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
127 #if (NGX_HAVE_INET6) |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
128 u_char *p; |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
129 in_addr_t addr; |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
130 struct sockaddr_in6 *sin6; |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
131 #endif |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
132 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
133 alcf = ngx_http_get_module_loc_conf(r, ngx_http_access_module); |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
134 |
3921
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
135 switch (r->connection->sockaddr->sa_family) { |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
136 |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
137 case AF_INET: |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
138 if (alcf->rules) { |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
139 sin = (struct sockaddr_in *) r->connection->sockaddr; |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
140 return ngx_http_access_inet(r, alcf, sin->sin_addr.s_addr); |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
141 } |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
142 break; |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
143 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
144 #if (NGX_HAVE_INET6) |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
145 |
3921
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
146 case AF_INET6: |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
147 sin6 = (struct sockaddr_in6 *) r->connection->sockaddr; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
148 p = sin6->sin6_addr.s6_addr; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
149 |
3921
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
150 if (alcf->rules && IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
151 addr = p[12] << 24; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
152 addr += p[13] << 16; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
153 addr += p[14] << 8; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
154 addr += p[15]; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
155 return ngx_http_access_inet(r, alcf, htonl(addr)); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
156 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
157 |
3921
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
158 if (alcf->rules6) { |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
159 return ngx_http_access_inet6(r, alcf, p); |
bab3488bd113
fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined
Igor Sysoev <igor@sysoev.ru>
parents:
3685
diff
changeset
|
160 } |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
161 |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
162 break; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
163 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
164 #endif |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
165 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
166 #if (NGX_HAVE_UNIX_DOMAIN) |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
167 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
168 case AF_UNIX: |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
169 if (alcf->rules_un) { |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
170 return ngx_http_access_unix(r, alcf); |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
171 } |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
172 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
173 break; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
174 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
175 #endif |
2512
2e91aecb9e57
a prelimiary IPv6 support, HTTP listen
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
176 } |
2e91aecb9e57
a prelimiary IPv6 support, HTTP listen
Igor Sysoev <igor@sysoev.ru>
parents:
2202
diff
changeset
|
177 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
178 return NGX_DECLINED; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
179 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
180 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
181 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
182 static ngx_int_t |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
183 ngx_http_access_inet(ngx_http_request_t *r, ngx_http_access_loc_conf_t *alcf, |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
184 in_addr_t addr) |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
185 { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
186 ngx_uint_t i; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
187 ngx_http_access_rule_t *rule; |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
188 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
189 rule = alcf->rules->elts; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
190 for (i = 0; i < alcf->rules->nelts; i++) { |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
191 |
461 | 192 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
573 | 193 "access: %08XD %08XD %08XD", |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
194 addr, rule[i].mask, rule[i].addr); |
663 | 195 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
196 if ((addr & rule[i].mask) == rule[i].addr) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
197 return ngx_http_access_found(r, rule[i].deny); |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
198 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
199 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
200 |
1786
adca43955f79
return NGX_DECLINED if access directives are not active,
Igor Sysoev <igor@sysoev.ru>
parents:
1380
diff
changeset
|
201 return NGX_DECLINED; |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
202 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
203 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
204 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
205 #if (NGX_HAVE_INET6) |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
206 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
207 static ngx_int_t |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
208 ngx_http_access_inet6(ngx_http_request_t *r, ngx_http_access_loc_conf_t *alcf, |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
209 u_char *p) |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
210 { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
211 ngx_uint_t n; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
212 ngx_uint_t i; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
213 ngx_http_access_rule6_t *rule6; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
214 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
215 rule6 = alcf->rules6->elts; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
216 for (i = 0; i < alcf->rules6->nelts; i++) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
217 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
218 #if (NGX_DEBUG) |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
219 { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
220 size_t cl, ml, al; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
221 u_char ct[NGX_INET6_ADDRSTRLEN]; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
222 u_char mt[NGX_INET6_ADDRSTRLEN]; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
223 u_char at[NGX_INET6_ADDRSTRLEN]; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
224 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
225 cl = ngx_inet6_ntop(p, ct, NGX_INET6_ADDRSTRLEN); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
226 ml = ngx_inet6_ntop(rule6[i].mask.s6_addr, mt, NGX_INET6_ADDRSTRLEN); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
227 al = ngx_inet6_ntop(rule6[i].addr.s6_addr, at, NGX_INET6_ADDRSTRLEN); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
228 |
3685 | 229 ngx_log_debug6(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
230 "access: %*s %*s %*s", cl, ct, ml, mt, al, at); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
231 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
232 #endif |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
233 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
234 for (n = 0; n < 16; n++) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
235 if ((p[n] & rule6[i].mask.s6_addr[n]) != rule6[i].addr.s6_addr[n]) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
236 goto next; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
237 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
238 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
239 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
240 return ngx_http_access_found(r, rule6[i].deny); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
241 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
242 next: |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
243 continue; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
244 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
245 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
246 return NGX_DECLINED; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
247 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
248 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
249 #endif |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
250 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
251 |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
252 #if (NGX_HAVE_UNIX_DOMAIN) |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
253 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
254 static ngx_int_t |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
255 ngx_http_access_unix(ngx_http_request_t *r, ngx_http_access_loc_conf_t *alcf) |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
256 { |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
257 ngx_uint_t i; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
258 ngx_http_access_rule_un_t *rule_un; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
259 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
260 rule_un = alcf->rules_un->elts; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
261 for (i = 0; i < alcf->rules_un->nelts; i++) { |
5580
06c227e9edd0
Access: supplemented the obfuscated code with a comment.
Ruslan Ermilov <ru@nginx.com>
parents:
5233
diff
changeset
|
262 |
06c227e9edd0
Access: supplemented the obfuscated code with a comment.
Ruslan Ermilov <ru@nginx.com>
parents:
5233
diff
changeset
|
263 /* TODO: check path */ |
06c227e9edd0
Access: supplemented the obfuscated code with a comment.
Ruslan Ermilov <ru@nginx.com>
parents:
5233
diff
changeset
|
264 if (1) { |
06c227e9edd0
Access: supplemented the obfuscated code with a comment.
Ruslan Ermilov <ru@nginx.com>
parents:
5233
diff
changeset
|
265 return ngx_http_access_found(r, rule_un[i].deny); |
06c227e9edd0
Access: supplemented the obfuscated code with a comment.
Ruslan Ermilov <ru@nginx.com>
parents:
5233
diff
changeset
|
266 } |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
267 } |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
268 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
269 return NGX_DECLINED; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
270 } |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
271 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
272 #endif |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
273 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
274 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
275 static ngx_int_t |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
276 ngx_http_access_found(ngx_http_request_t *r, ngx_uint_t deny) |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
277 { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
278 ngx_http_core_loc_conf_t *clcf; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
279 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
280 if (deny) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
281 clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
282 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
283 if (clcf->satisfy == NGX_HTTP_SATISFY_ALL) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
284 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
285 "access forbidden by rule"); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
286 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
287 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
288 return NGX_HTTP_FORBIDDEN; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
289 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
290 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
291 return NGX_OK; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
292 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
293 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
294 |
501 | 295 static char * |
296 ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
297 { |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
298 ngx_http_access_loc_conf_t *alcf = conf; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
299 |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
300 ngx_int_t rc; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
301 ngx_uint_t all; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
302 ngx_str_t *value; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
303 ngx_cidr_t cidr; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
304 ngx_http_access_rule_t *rule; |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
305 #if (NGX_HAVE_INET6) |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
306 ngx_http_access_rule6_t *rule6; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
307 #endif |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
308 #if (NGX_HAVE_UNIX_DOMAIN) |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
309 ngx_http_access_rule_un_t *rule_un; |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
310 #endif |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
311 |
6996
72188d1bcab5
Access: simplified rule parser code.
Ruslan Ermilov <ru@nginx.com>
parents:
5580
diff
changeset
|
312 all = 0; |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
313 ngx_memzero(&cidr, sizeof(ngx_cidr_t)); |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
314 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
315 value = cf->args->elts; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
316 |
6996
72188d1bcab5
Access: simplified rule parser code.
Ruslan Ermilov <ru@nginx.com>
parents:
5580
diff
changeset
|
317 if (value[1].len == 3 && ngx_strcmp(value[1].data, "all") == 0) { |
72188d1bcab5
Access: simplified rule parser code.
Ruslan Ermilov <ru@nginx.com>
parents:
5580
diff
changeset
|
318 all = 1; |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
319 |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
320 #if (NGX_HAVE_UNIX_DOMAIN) |
6996
72188d1bcab5
Access: simplified rule parser code.
Ruslan Ermilov <ru@nginx.com>
parents:
5580
diff
changeset
|
321 } else if (value[1].len == 5 && ngx_strcmp(value[1].data, "unix:") == 0) { |
72188d1bcab5
Access: simplified rule parser code.
Ruslan Ermilov <ru@nginx.com>
parents:
5580
diff
changeset
|
322 cidr.family = AF_UNIX; |
72188d1bcab5
Access: simplified rule parser code.
Ruslan Ermilov <ru@nginx.com>
parents:
5580
diff
changeset
|
323 #endif |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
324 |
6996
72188d1bcab5
Access: simplified rule parser code.
Ruslan Ermilov <ru@nginx.com>
parents:
5580
diff
changeset
|
325 } else { |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
326 rc = ngx_ptocidr(&value[1], &cidr); |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
327 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
328 if (rc == NGX_ERROR) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
329 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
330 "invalid parameter \"%V\"", &value[1]); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
331 return NGX_CONF_ERROR; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
332 } |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
333 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
334 if (rc == NGX_DONE) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
335 ngx_conf_log_error(NGX_LOG_WARN, cf, 0, |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
336 "low address bits of %V are meaningless", &value[1]); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
337 } |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
338 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
339 |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
340 if (cidr.family == AF_INET || all) { |
2537
a472d954c534
prepare ngx_ptocidr() for IPv6
Igor Sysoev <igor@sysoev.ru>
parents:
2512
diff
changeset
|
341 |
3278
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
342 if (alcf->rules == NULL) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
343 alcf->rules = ngx_array_create(cf->pool, 4, |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
344 sizeof(ngx_http_access_rule_t)); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
345 if (alcf->rules == NULL) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
346 return NGX_CONF_ERROR; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
347 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
348 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
349 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
350 rule = ngx_array_push(alcf->rules); |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
351 if (rule == NULL) { |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
352 return NGX_CONF_ERROR; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
353 } |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
354 |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
355 rule->mask = cidr.u.in.mask; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
356 rule->addr = cidr.u.in.addr; |
ab9f5a715805
IPv6 support in ngx_http_access_module
Igor Sysoev <igor@sysoev.ru>
parents:
2912
diff
changeset
|
357 rule->deny = (value[0].data[0] == 'd') ? 1 : 0; |
1380
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
358 } |
b590a528fd41
ignore meaningless bits in CIDR and warn about them
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
359 |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
360 #if (NGX_HAVE_INET6) |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
361 if (cidr.family == AF_INET6 || all) { |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
362 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
363 if (alcf->rules6 == NULL) { |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
364 alcf->rules6 = ngx_array_create(cf->pool, 4, |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
365 sizeof(ngx_http_access_rule6_t)); |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
366 if (alcf->rules6 == NULL) { |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
367 return NGX_CONF_ERROR; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
368 } |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
369 } |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
370 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
371 rule6 = ngx_array_push(alcf->rules6); |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
372 if (rule6 == NULL) { |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
373 return NGX_CONF_ERROR; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
374 } |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
375 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
376 rule6->mask = cidr.u.in6.mask; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
377 rule6->addr = cidr.u.in6.addr; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
378 rule6->deny = (value[0].data[0] == 'd') ? 1 : 0; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
379 } |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
380 #endif |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
381 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
382 #if (NGX_HAVE_UNIX_DOMAIN) |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
383 if (cidr.family == AF_UNIX || all) { |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
384 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
385 if (alcf->rules_un == NULL) { |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
386 alcf->rules_un = ngx_array_create(cf->pool, 1, |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
387 sizeof(ngx_http_access_rule_un_t)); |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
388 if (alcf->rules_un == NULL) { |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
389 return NGX_CONF_ERROR; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
390 } |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
391 } |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
392 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
393 rule_un = ngx_array_push(alcf->rules_un); |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
394 if (rule_un == NULL) { |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
395 return NGX_CONF_ERROR; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
396 } |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
397 |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
398 rule_un->deny = (value[0].data[0] == 'd') ? 1 : 0; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
399 } |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
400 #endif |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
401 |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
402 return NGX_CONF_OK; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
403 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
404 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
405 |
501 | 406 static void * |
407 ngx_http_access_create_loc_conf(ngx_conf_t *cf) | |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
408 { |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
409 ngx_http_access_loc_conf_t *conf; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
410 |
501 | 411 conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_access_loc_conf_t)); |
412 if (conf == NULL) { | |
2912
c7d57b539248
return NULL instead of NGX_CONF_ERROR on a create conf failure
Igor Sysoev <igor@sysoev.ru>
parents:
2537
diff
changeset
|
413 return NULL; |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
414 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
415 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
416 return conf; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
417 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
418 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
419 |
501 | 420 static char * |
421 ngx_http_access_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) | |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
422 { |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
423 ngx_http_access_loc_conf_t *prev = parent; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
424 ngx_http_access_loc_conf_t *conf = child; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
425 |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
426 if (conf->rules == NULL |
4580
ae60a1085c82
Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
427 #if (NGX_HAVE_INET6) |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
428 && conf->rules6 == NULL |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
429 #endif |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
430 #if (NGX_HAVE_UNIX_DOMAIN) |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
431 && conf->rules_un == NULL |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
432 #endif |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
433 ) { |
4580
ae60a1085c82
Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
434 conf->rules = prev->rules; |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
435 #if (NGX_HAVE_INET6) |
4580
ae60a1085c82
Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
436 conf->rules6 = prev->rules6; |
5233
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
437 #endif |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
438 #if (NGX_HAVE_UNIX_DOMAIN) |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
439 conf->rules_un = prev->rules_un; |
00dbfac67e48
Access: support for UNIX-domain client addresses (ticket #359).
Ruslan Ermilov <ru@nginx.com>
parents:
4580
diff
changeset
|
440 #endif |
4580
ae60a1085c82
Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
441 } |
ae60a1085c82
Access module: fixed inheritance of allow/deny ipv6 rules.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
442 |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
443 return NGX_CONF_OK; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
444 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
445 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
446 |
501 | 447 static ngx_int_t |
681 | 448 ngx_http_access_init(ngx_conf_t *cf) |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
449 { |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
450 ngx_http_handler_pt *h; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
451 ngx_http_core_main_conf_t *cmcf; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
452 |
681 | 453 cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module); |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
454 |
501 | 455 h = ngx_array_push(&cmcf->phases[NGX_HTTP_ACCESS_PHASE].handlers); |
368
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
456 if (h == NULL) { |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
457 return NGX_ERROR; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
458 } |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
459 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
460 *h = ngx_http_access_handler; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
461 |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
462 return NGX_OK; |
15c84a40e87d
nginx-0.0.7-2004-06-24-20:07:04 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
463 } |