ngx_tcpwrappers

Merge lp:~sjinks/ngx-tcpwrappers/lp625299 into lp:ngx-tcpwrappers

  1. lp625299
  2. Merge into trunk
Proposed by Volodymyr Kolesnykov
Status: Merged
Approved by: Volodymyr Kolesnykov
Approved revision: 5
Merged at revision: 5
Proposed branch: lp:~sjinks/ngx-tcpwrappers/lp625299
Merge into: lp:ngx-tcpwrappers
Diff against target: 389 lines (+241/-65)
1 file modified
ngx_tcpwrappers.c (+241/-65)
To merge this branch: bzr merge lp:~sjinks/ngx-tcpwrappers/lp625299
Reviewer Review Type Date Requested Status
Volodymyr Kolesnykov Approve
Review via email: mp+33924@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Volodymyr Kolesnykov (sjinks) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'ngx_tcpwrappers.c'
2--- ngx_tcpwrappers.c 2010-08-25 04:29:23 +0000
3+++ ngx_tcpwrappers.c 2010-08-27 15:56:41 +0000
4@@ -8,6 +8,7 @@
5 #include <ngx_http.h>
6 #include <ngx_inet.h>
7 #include <tcpd.h>
8+#include <syslog.h>
9
10 /**
11 * @brief Default daemon name for libwrap
12@@ -18,78 +19,48 @@
13 static ngx_mutex_t* libwrap_mutex;
14 #endif
15
16-/**
17- * @param daemon Daemon name
18- * @param client_addr Client IP address
19- * @return Whether access should be granted
20- * @retval 0 No
21- * @retval 1 Yes
22- */
23-static int my_hosts_ctl(char* daemon, char* client_addr)
24-{
25- int res;
26-
27-#if (NGX_THREADS)
28- ngx_mutex_lock(libwrap_mutex);
29-#endif
30-
31- res = hosts_ctl(daemon, "", client_addr, "");
32-
33-#if (NGX_THREADS)
34- ngx_mutex_unlock(libwrap_mutex);
35-#endif
36- return res;
37-}
38-
39-/**
40- * @param daemon Daemon name
41- * @param conn nginx connection structure
42- * @return Whether access should be granted
43- * @retval 0 No
44- * @retval 1 Yes
45- */
46-static int my_hosts_access(char* daemon, ngx_connection_t* conn)
47-{
48- int res;
49- struct request_info request_info;
50-
51-#if (NGX_THREADS)
52- ngx_mutex_lock(libwrap_mutex);
53-#endif
54-
55- request_init(
56- &request_info,
57- RQ_DAEMON, daemon,
58- RQ_USER, STRING_UNKNOWN,
59- RQ_CLIENT_SIN, conn->local_sockaddr,
60- RQ_SERVER_SIN, conn->sockaddr,
61- RQ_FILE, conn->fd,
62- NULL
63- );
64-
65- fromhost(&request_info);
66-
67- res = hosts_access(&request_info);
68-
69-#if (NGX_THREADS)
70- ngx_mutex_unlock(libwrap_mutex);
71-#endif
72- return res;
73-}
74+static int orig_allow_severity;
75+static int orig_deny_severity;
76+static int orig_hosts_access_verbose;
77+static char* orig_allow_table;
78+static char* orig_deny_table;
79
80 /**
81 * @brief Module configuration structure
82 */
83 typedef struct {
84- ngx_flag_t enabled; /**< tcpwrappers on */
85- ngx_flag_t thorough; /**< tcpwrappers_thorough on */
86- ngx_str_t daemon; /**< tcpwrappers_daemon */
87+ ngx_flag_t enabled; /**< tcpwrappers */
88+ ngx_flag_t thorough; /**< tcpwrappers_thorough */
89+ ngx_str_t daemon; /**< tcpwrappers_daemon */
90+ ngx_uint_t allow_severity; /**< tcpwrappers_allow_severity */
91+ ngx_uint_t deny_severity; /**< tcpwrappers_deny_severity */
92+ ngx_flag_t verbose_access; /**< tcpwrappers_verbose */
93+ ngx_str_t allow_file; /**< tcpwrappers_allow_file */
94+ ngx_str_t deny_file; /**< tcpwrappers_deny_file */
95 } ngx_http_tcpwrappers_conf_t;
96
97+/* Forward declarations */
98 static ngx_int_t ngx_http_tcpwrappers_handler(ngx_http_request_t* r);
99 static ngx_int_t ngx_http_tcpwrappers_init(ngx_conf_t* cf);
100 static void* ngx_http_tcpwrappers_create_loc_conf(ngx_conf_t* cf);
101 static char* ngx_http_tcpwrappers_merge_loc_conf(ngx_conf_t* cf, void* parent, void* child);
102+static int my_hosts_ctl(char* daemon, ngx_connection_t* conn, char* client_addr, ngx_http_tcpwrappers_conf_t* config);
103+static int my_hosts_access(char* daemon, ngx_connection_t* conn, ngx_http_tcpwrappers_conf_t* config);
104+
105+/**
106+ * @brief Severities for @c tcpwrappers_allow_severity and tcpwrappers_deny_severity
107+ */
108+static ngx_conf_enum_t severities[] = {
109+ { ngx_string("emerg"), LOG_EMERG },
110+ { ngx_string("alert"), LOG_ALERT },
111+ { ngx_string("crit"), LOG_CRIT },
112+ { ngx_string("err"), LOG_ERR },
113+ { ngx_string("warning"), LOG_WARNING },
114+ { ngx_string("notice"), LOG_NOTICE },
115+ { ngx_string("info"), LOG_INFO },
116+ { ngx_string("debug"), LOG_DEBUG },
117+ { ngx_null_string, 0 }
118+};
119
120 /**
121 * @brief Configuration directives
122@@ -122,6 +93,51 @@
123 NULL
124 },
125
126+ {
127+ ngx_string("tcpwrappers_allow_severity"),
128+ NGX_HTTP_MAIN_CONF | NGX_HTTP_SRV_CONF | NGX_HTTP_LOC_CONF | NGX_HTTP_LMT_CONF | NGX_CONF_TAKE1,
129+ ngx_conf_set_enum_slot,
130+ NGX_HTTP_LOC_CONF_OFFSET,
131+ offsetof(ngx_http_tcpwrappers_conf_t, allow_severity),
132+ &severities
133+ },
134+
135+ {
136+ ngx_string("tcpwrappers_deny_severity"),
137+ NGX_HTTP_MAIN_CONF | NGX_HTTP_SRV_CONF | NGX_HTTP_LOC_CONF | NGX_HTTP_LMT_CONF | NGX_CONF_TAKE1,
138+ ngx_conf_set_enum_slot,
139+ NGX_HTTP_LOC_CONF_OFFSET,
140+ offsetof(ngx_http_tcpwrappers_conf_t, deny_severity),
141+ &severities
142+ },
143+
144+ {
145+ ngx_string("tcpwrappers_verbose"),
146+ NGX_HTTP_MAIN_CONF | NGX_HTTP_SRV_CONF | NGX_HTTP_LOC_CONF | NGX_HTTP_LMT_CONF | NGX_CONF_TAKE1,
147+ ngx_conf_set_flag_slot,
148+ NGX_HTTP_LOC_CONF_OFFSET,
149+ offsetof(ngx_http_tcpwrappers_conf_t, verbose_access),
150+ NULL
151+ },
152+
153+ {
154+ ngx_string("tcpwrappers_allow_file"),
155+ NGX_HTTP_MAIN_CONF | NGX_HTTP_SRV_CONF | NGX_HTTP_LOC_CONF | NGX_HTTP_LMT_CONF | NGX_CONF_TAKE1,
156+ ngx_conf_set_str_slot,
157+ NGX_HTTP_LOC_CONF_OFFSET,
158+ offsetof(ngx_http_tcpwrappers_conf_t, allow_file),
159+ NULL
160+ },
161+
162+ {
163+ ngx_string("tcpwrappers_deny_file"),
164+ NGX_HTTP_MAIN_CONF | NGX_HTTP_SRV_CONF | NGX_HTTP_LOC_CONF | NGX_HTTP_LMT_CONF | NGX_CONF_TAKE1,
165+ ngx_conf_set_str_slot,
166+ NGX_HTTP_LOC_CONF_OFFSET,
167+ offsetof(ngx_http_tcpwrappers_conf_t, deny_file),
168+ NULL
169+ },
170+
171 ngx_null_command
172 };
173
174@@ -173,6 +189,7 @@
175 ngx_http_tcpwrappers_conf_t* config = ngx_http_get_module_loc_conf(r, ngx_tcpwrappers_module);
176 int res;
177 char* daemon_name;
178+ char* p;
179
180 if (1 != config->enabled || !config->daemon.len) {
181 return NGX_DECLINED;
182@@ -189,11 +206,11 @@
183 }
184
185 daemon_name = (char*)alloca(config->daemon.len + 1);
186- memcpy(daemon_name, config->daemon.data, config->daemon.len);
187- daemon_name[config->daemon.len] = '\0';
188+ p = ngx_cpymem(daemon_name, config->daemon.data, config->daemon.len);
189+ *p = '\0';
190
191 if (1 == config->thorough) {
192- res = my_hosts_access(daemon_name, r->connection);
193+ res = my_hosts_access(daemon_name, r->connection, config);
194 }
195 else {
196 char* client_addr = STRING_UNKNOWN;
197@@ -205,7 +222,7 @@
198 client_addr = addr;
199 }
200
201- res = my_hosts_ctl(daemon_name, client_addr);
202+ res = my_hosts_ctl(daemon_name, r->connection, client_addr, config);
203 }
204
205 if (!res) {
206@@ -226,6 +243,8 @@
207 * @return Whether initialization succeeded
208 * @retval NGX_OK Yes
209 * @retval NGX_ERROR No
210+ * @sa orig_allow_severity
211+ * @sa orig_deny_severity
212 */
213 static ngx_int_t ngx_http_tcpwrappers_init(ngx_conf_t* cf)
214 {
215@@ -261,10 +280,23 @@
216 static void* ngx_http_tcpwrappers_create_loc_conf(ngx_conf_t* cf)
217 {
218 ngx_http_tcpwrappers_conf_t* conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_tcpwrappers_conf_t));
219+
220+ orig_allow_severity = allow_severity;
221+ orig_deny_severity = deny_severity;
222+ resident = 1;
223+ orig_hosts_access_verbose = hosts_access_verbose;
224+ orig_allow_table = hosts_allow_table;
225+ orig_deny_table = hosts_deny_table;
226+
227 if (NULL != conf) {
228 conf->enabled = NGX_CONF_UNSET;
229 conf->thorough = NGX_CONF_UNSET;
230 ngx_str_null(&conf->daemon);
231+ conf->allow_severity = NGX_CONF_UNSET;
232+ conf->deny_severity = NGX_CONF_UNSET;
233+ conf->verbose_access = NGX_CONF_UNSET;
234+ ngx_str_null(&conf->allow_file);
235+ ngx_str_null(&conf->deny_file);
236 }
237
238 return conf;
239@@ -287,6 +319,150 @@
240 ngx_conf_merge_value(conf->enabled, prev->enabled, 0);
241 ngx_conf_merge_value(conf->thorough, prev->thorough, 0);
242 ngx_conf_merge_str_value(conf->daemon, prev->daemon, NGX_TCPWRAPPERS_DAEMON);
243+ ngx_conf_merge_value(conf->allow_severity, prev->allow_severity, orig_allow_severity);
244+ ngx_conf_merge_value(conf->deny_severity, prev->deny_severity, orig_deny_severity);
245+ ngx_conf_merge_value(conf->verbose_access, prev->verbose_access, orig_hosts_access_verbose);
246+
247+ if (!conf->allow_file.data) {
248+ if (prev->allow_file.data) {
249+ conf->allow_file.len = prev->allow_file.len;
250+ conf->allow_file.data = prev->allow_file.data;
251+ }
252+ else {
253+ conf->allow_file.len = strlen(orig_allow_table);
254+ conf->allow_file.data = (u_char*)orig_allow_table;
255+ }
256+ }
257+
258+ if (!conf->deny_file.data) {
259+ if (prev->deny_file.data) {
260+ conf->deny_file.len = prev->deny_file.len;
261+ conf->deny_file.data = prev->deny_file.data;
262+ }
263+ else {
264+ conf->deny_file.len = strlen(orig_deny_table);
265+ conf->deny_file.data = (u_char*)orig_deny_table;
266+ }
267+ }
268
269 return NGX_CONF_OK;
270 }
271+
272+/**
273+ * @param daemon Daemon name
274+ * @param client_addr Client IP address
275+ * @return Whether access should be granted
276+ * @retval 0 No
277+ * @retval 1 Yes
278+ */
279+static int my_hosts_ctl(char* daemon, ngx_connection_t* conn, char* client_addr, ngx_http_tcpwrappers_conf_t* config)
280+{
281+ int res;
282+ char* p;
283+ char* allow_file;
284+ char* deny_file;
285+
286+ p = alloca(config->allow_file.len + config->deny_file.len + 2);
287+ allow_file = p;
288+
289+ p = ngx_cpymem(p, config->allow_file.data, config->allow_file.len);
290+ *p = '\0';
291+ ++p;
292+ deny_file = p;
293+ p = ngx_cpymem(p, config->deny_file.data, config->deny_file.len);
294+ *p = '\0';
295+
296+ ngx_log_debug4(
297+ NGX_LOG_DEBUG_HTTP,
298+ conn->log,
299+ 0,
300+ "ngx_tcpwrappers: daemon: %s, allow file: %s, deny file: %s, verbosity: %d",
301+ daemon,
302+ allow_file,
303+ deny_file,
304+ config->verbose_access
305+ );
306+
307+#if (NGX_THREADS)
308+ ngx_mutex_lock(libwrap_mutex);
309+#endif
310+
311+ allow_severity = config->allow_severity;
312+ deny_severity = config->deny_severity;
313+ hosts_access_verbose = config->verbose_access;
314+ hosts_allow_table = allow_file;
315+ hosts_deny_table = deny_file;
316+
317+ res = hosts_ctl(daemon, "", client_addr, "");
318+
319+#if (NGX_THREADS)
320+ ngx_mutex_unlock(libwrap_mutex);
321+#endif
322+ return res;
323+}
324+
325+/**
326+ * @param daemon Daemon name
327+ * @param conn nginx connection structure
328+ * @return Whether access should be granted
329+ * @retval 0 No
330+ * @retval 1 Yes
331+ */
332+static int my_hosts_access(char* daemon, ngx_connection_t* conn, ngx_http_tcpwrappers_conf_t* config)
333+{
334+ int res;
335+ char* p;
336+ char* allow_file;
337+ char* deny_file;
338+ struct request_info request_info;
339+
340+ p = alloca(config->allow_file.len + config->deny_file.len + 2);
341+ allow_file = p;
342+
343+ p = ngx_cpymem(p, config->allow_file.data, config->allow_file.len);
344+ *p = '\0';
345+ ++p;
346+ deny_file = p;
347+ p = ngx_cpymem(p, config->deny_file.data, config->deny_file.len);
348+ *p = '\0';
349+
350+ ngx_log_debug4(
351+ NGX_LOG_DEBUG_HTTP,
352+ conn->log,
353+ 0,
354+ "ngx_tcpwrappers: daemon: %s, allow file: %s, deny file: %s, verbosity: %d",
355+ daemon,
356+ allow_file,
357+ deny_file,
358+ config->verbose_access
359+ );
360+
361+#if (NGX_THREADS)
362+ ngx_mutex_lock(libwrap_mutex);
363+#endif
364+
365+ allow_severity = config->allow_severity;
366+ deny_severity = config->deny_severity;
367+ hosts_access_verbose = config->verbose_access;
368+ hosts_allow_table = allow_file;
369+ hosts_deny_table = deny_file;
370+
371+ request_init(
372+ &request_info,
373+ RQ_DAEMON, daemon,
374+ RQ_USER, STRING_UNKNOWN,
375+ RQ_CLIENT_SIN, conn->local_sockaddr,
376+ RQ_SERVER_SIN, conn->sockaddr,
377+ RQ_FILE, conn->fd,
378+ NULL
379+ );
380+
381+ fromhost(&request_info);
382+
383+ res = hosts_access(&request_info);
384+
385+#if (NGX_THREADS)
386+ ngx_mutex_unlock(libwrap_mutex);
387+#endif
388+ return res;
389+}

Subscribers

People subscribed via source and target branches

to all changes: