IntenseWebs/nginx
3
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2024-11-29 20:24:21 -06:00
Code Issues Packages Projects Releases Wiki Activity

Access: support for UNIX-domain client addresses (ticket #359).

Browse Source
This commit is contained in:
Ruslan Ermilov 2013-05-30 18:23:05 +04:00
parent 641662e340
commit de381f7266
1 changed files with 125 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

174
src/http/modules/ngx_http_access_module.c
View File

@ -26,11 +26,22 @@ typedef struct {
#endif
#if (NGX_HAVE_UNIX_DOMAIN)
typedef struct {
ngx_uint_t deny; /* unsigned deny:1; */
} ngx_http_access_rule_un_t;
#endif
typedef struct {
ngx_array_t *rules; /* array of ngx_http_access_rule_t */
#if (NGX_HAVE_INET6)
ngx_array_t *rules6; /* array of ngx_http_access_rule6_t */
#endif
#if (NGX_HAVE_UNIX_DOMAIN)
ngx_array_t *rules_un; /* array of ngx_http_access_rule_un_t */
#endif
} ngx_http_access_loc_conf_t;
@ -41,6 +52,10 @@ static ngx_int_t ngx_http_access_inet(ngx_http_request_t *r,
static ngx_int_t ngx_http_access_inet6(ngx_http_request_t *r,
ngx_http_access_loc_conf_t *alcf, u_char *p);
#endif
#if (NGX_HAVE_UNIX_DOMAIN)
static ngx_int_t ngx_http_access_unix(ngx_http_request_t *r,
ngx_http_access_loc_conf_t *alcf);
#endif
static ngx_int_t ngx_http_access_found(ngx_http_request_t *r, ngx_uint_t deny);
static char *ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
@ -144,6 +159,19 @@ ngx_http_access_handler(ngx_http_request_t *r)
return ngx_http_access_inet6(r, alcf, p);
}
break;
#endif
#if (NGX_HAVE_UNIX_DOMAIN)
case AF_UNIX:
if (alcf->rules_un) {
return ngx_http_access_unix(r, alcf);
}
break;
#endif
}
@ -221,6 +249,25 @@ ngx_http_access_inet6(ngx_http_request_t *r, ngx_http_access_loc_conf_t *alcf,
#endif
#if (NGX_HAVE_UNIX_DOMAIN)
static ngx_int_t
ngx_http_access_unix(ngx_http_request_t *r, ngx_http_access_loc_conf_t *alcf)
{
ngx_uint_t i;
ngx_http_access_rule_un_t *rule_un;
rule_un = alcf->rules_un->elts;
for (i = 0; i < alcf->rules_un->nelts; i++) {
return ngx_http_access_found(r, rule_un[i].deny);
}
return NGX_DECLINED;
}
#endif
static ngx_int_t
ngx_http_access_found(ngx_http_request_t *r, ngx_uint_t deny)
{
@ -246,13 +293,16 @@ ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_http_access_loc_conf_t *alcf = conf;
ngx_int_t rc;
ngx_uint_t all;
ngx_str_t *value;
ngx_cidr_t cidr;
ngx_http_access_rule_t *rule;
ngx_int_t rc;
ngx_uint_t all;
ngx_str_t *value;
ngx_cidr_t cidr;
ngx_http_access_rule_t *rule;
#if (NGX_HAVE_INET6)
ngx_http_access_rule6_t *rule6;
ngx_http_access_rule6_t *rule6;
#endif
#if (NGX_HAVE_UNIX_DOMAIN)
ngx_http_access_rule_un_t *rule_un;
#endif
ngx_memzero(&cidr, sizeof(ngx_cidr_t));
@ -263,7 +313,19 @@ ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
if (!all) {
#if (NGX_HAVE_UNIX_DOMAIN)
if (value[1].len == 5 && ngx_strcmp(value[1].data, "unix:") == 0) {
cidr.family = AF_UNIX;
rc = NGX_OK;
} else {
rc = ngx_ptocidr(&value[1], &cidr);
}
#else
rc = ngx_ptocidr(&value[1], &cidr);
#endif
if (rc == NGX_ERROR) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
@ -277,37 +339,7 @@ ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
}
}
switch (cidr.family) {
#if (NGX_HAVE_INET6)
case AF_INET6:
case 0: /* all */
if (alcf->rules6 == NULL) {
alcf->rules6 = ngx_array_create(cf->pool, 4,
sizeof(ngx_http_access_rule6_t));
if (alcf->rules6 == NULL) {
return NGX_CONF_ERROR;
}
}
rule6 = ngx_array_push(alcf->rules6);
if (rule6 == NULL) {
return NGX_CONF_ERROR;
}
rule6->mask = cidr.u.in6.mask;
rule6->addr = cidr.u.in6.addr;
rule6->deny = (value[0].data[0] == 'd') ? 1 : 0;
if (!all) {
break;
}
/* "all" passes through */
#endif
default: /* AF_INET */
if (cidr.family == AF_INET || all) {
if (alcf->rules == NULL) {
alcf->rules = ngx_array_create(cf->pool, 4,
@ -327,6 +359,48 @@ ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
rule->deny = (value[0].data[0] == 'd') ? 1 : 0;
}
#if (NGX_HAVE_INET6)
if (cidr.family == AF_INET6 || all) {
if (alcf->rules6 == NULL) {
alcf->rules6 = ngx_array_create(cf->pool, 4,
sizeof(ngx_http_access_rule6_t));
if (alcf->rules6 == NULL) {
return NGX_CONF_ERROR;
}
}
rule6 = ngx_array_push(alcf->rules6);
if (rule6 == NULL) {
return NGX_CONF_ERROR;
}
rule6->mask = cidr.u.in6.mask;
rule6->addr = cidr.u.in6.addr;
rule6->deny = (value[0].data[0] == 'd') ? 1 : 0;
}
#endif
#if (NGX_HAVE_UNIX_DOMAIN)
if (cidr.family == AF_UNIX || all) {
if (alcf->rules_un == NULL) {
alcf->rules_un = ngx_array_create(cf->pool, 1,
sizeof(ngx_http_access_rule_un_t));
if (alcf->rules_un == NULL) {
return NGX_CONF_ERROR;
}
}
rule_un = ngx_array_push(alcf->rules_un);
if (rule_un == NULL) {
return NGX_CONF_ERROR;
}
rule_un->deny = (value[0].data[0] == 'd') ? 1 : 0;
}
#endif
return NGX_CONF_OK;
}
@ -351,20 +425,22 @@ ngx_http_access_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_http_access_loc_conf_t *prev = parent;
ngx_http_access_loc_conf_t *conf = child;
if (conf->rules == NULL
#if (NGX_HAVE_INET6)
if (conf->rules == NULL && conf->rules6 == NULL) {
conf->rules = prev->rules;
conf->rules6 = prev->rules6;
}
#else
if (conf->rules == NULL) {
conf->rules = prev->rules;
}
&& conf->rules6 == NULL
#endif
#if (NGX_HAVE_UNIX_DOMAIN)
&& conf->rules_un == NULL
#endif
) {
conf->rules = prev->rules;
#if (NGX_HAVE_INET6)
conf->rules6 = prev->rules6;
#endif
#if (NGX_HAVE_UNIX_DOMAIN)
conf->rules_un = prev->rules_un;
#endif
}
return NGX_CONF_OK;
}