ngx_tcpwrappers

Merge lp:~sjinks/ngx-tcpwrappers/lp625299 into lp:ngx-tcpwrappers

  1. lp625299
  2. Merge into trunk
Proposed by Volodymyr Kolesnykov
Status: Merged
Approved by: Volodymyr Kolesnykov
Approved revision: 5
Merged at revision: 5
Proposed branch: lp:~sjinks/ngx-tcpwrappers/lp625299
Merge into: lp:ngx-tcpwrappers
Diff against target: 389 lines (+241/-65)
1 file modified
ngx_tcpwrappers.c (+241/-65)
To merge this branch: bzr merge lp:~sjinks/ngx-tcpwrappers/lp625299
Reviewer Review Type Date Requested Status
Volodymyr Kolesnykov Approve
Review via email: mp+33924@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Volodymyr Kolesnykov (sjinks) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'ngx_tcpwrappers.c'
--- ngx_tcpwrappers.c 2010-08-25 04:29:23 +0000
+++ ngx_tcpwrappers.c 2010-08-27 15:56:41 +0000
@@ -8,6 +8,7 @@
8#include <ngx_http.h>8#include <ngx_http.h>
9#include <ngx_inet.h>9#include <ngx_inet.h>
10#include <tcpd.h>10#include <tcpd.h>
11#include <syslog.h>
1112
12/**13/**
13 * @brief Default daemon name for libwrap14 * @brief Default daemon name for libwrap
@@ -18,78 +19,48 @@
18static ngx_mutex_t* libwrap_mutex;19static ngx_mutex_t* libwrap_mutex;
19#endif20#endif
2021
21/**22static int orig_allow_severity;
22 * @param daemon Daemon name23static int orig_deny_severity;
23 * @param client_addr Client IP address24static int orig_hosts_access_verbose;
24 * @return Whether access should be granted25static char* orig_allow_table;
25 * @retval 0 No26static char* orig_deny_table;
26 * @retval 1 Yes
27 */
28static int my_hosts_ctl(char* daemon, char* client_addr)
29{
30 int res;
31
32#if (NGX_THREADS)
33 ngx_mutex_lock(libwrap_mutex);
34#endif
35
36 res = hosts_ctl(daemon, "", client_addr, "");
37
38#if (NGX_THREADS)
39 ngx_mutex_unlock(libwrap_mutex);
40#endif
41 return res;
42}
43
44/**
45 * @param daemon Daemon name
46 * @param conn nginx connection structure
47 * @return Whether access should be granted
48 * @retval 0 No
49 * @retval 1 Yes
50 */
51static int my_hosts_access(char* daemon, ngx_connection_t* conn)
52{
53 int res;
54 struct request_info request_info;
55
56#if (NGX_THREADS)
57 ngx_mutex_lock(libwrap_mutex);
58#endif
59
60 request_init(
61 &request_info,
62 RQ_DAEMON, daemon,
63 RQ_USER, STRING_UNKNOWN,
64 RQ_CLIENT_SIN, conn->local_sockaddr,
65 RQ_SERVER_SIN, conn->sockaddr,
66 RQ_FILE, conn->fd,
67 NULL
68 );
69
70 fromhost(&request_info);
71
72 res = hosts_access(&request_info);
73
74#if (NGX_THREADS)
75 ngx_mutex_unlock(libwrap_mutex);
76#endif
77 return res;
78}
7927
80/**28/**
81 * @brief Module configuration structure29 * @brief Module configuration structure
82 */30 */
83typedef struct {31typedef struct {
84 ngx_flag_t enabled; /**< tcpwrappers on */32 ngx_flag_t enabled; /**< tcpwrappers */
85 ngx_flag_t thorough; /**< tcpwrappers_thorough on */33 ngx_flag_t thorough; /**< tcpwrappers_thorough */
86 ngx_str_t daemon; /**< tcpwrappers_daemon */34 ngx_str_t daemon; /**< tcpwrappers_daemon */
35 ngx_uint_t allow_severity; /**< tcpwrappers_allow_severity */
36 ngx_uint_t deny_severity; /**< tcpwrappers_deny_severity */
37 ngx_flag_t verbose_access; /**< tcpwrappers_verbose */
38 ngx_str_t allow_file; /**< tcpwrappers_allow_file */
39 ngx_str_t deny_file; /**< tcpwrappers_deny_file */
87} ngx_http_tcpwrappers_conf_t;40} ngx_http_tcpwrappers_conf_t;
8841
42/* Forward declarations */
89static ngx_int_t ngx_http_tcpwrappers_handler(ngx_http_request_t* r);43static ngx_int_t ngx_http_tcpwrappers_handler(ngx_http_request_t* r);
90static ngx_int_t ngx_http_tcpwrappers_init(ngx_conf_t* cf);44static ngx_int_t ngx_http_tcpwrappers_init(ngx_conf_t* cf);
91static void* ngx_http_tcpwrappers_create_loc_conf(ngx_conf_t* cf);45static void* ngx_http_tcpwrappers_create_loc_conf(ngx_conf_t* cf);
92static char* ngx_http_tcpwrappers_merge_loc_conf(ngx_conf_t* cf, void* parent, void* child);46static char* ngx_http_tcpwrappers_merge_loc_conf(ngx_conf_t* cf, void* parent, void* child);
47static int my_hosts_ctl(char* daemon, ngx_connection_t* conn, char* client_addr, ngx_http_tcpwrappers_conf_t* config);
48static int my_hosts_access(char* daemon, ngx_connection_t* conn, ngx_http_tcpwrappers_conf_t* config);
49
50/**
51 * @brief Severities for @c tcpwrappers_allow_severity and tcpwrappers_deny_severity
52 */
53static ngx_conf_enum_t severities[] = {
54 { ngx_string("emerg"), LOG_EMERG },
55 { ngx_string("alert"), LOG_ALERT },
56 { ngx_string("crit"), LOG_CRIT },
57 { ngx_string("err"), LOG_ERR },
58 { ngx_string("warning"), LOG_WARNING },
59 { ngx_string("notice"), LOG_NOTICE },
60 { ngx_string("info"), LOG_INFO },
61 { ngx_string("debug"), LOG_DEBUG },
62 { ngx_null_string, 0 }
63};
9364
94/**65/**
95 * @brief Configuration directives66 * @brief Configuration directives
@@ -122,6 +93,51 @@
122 NULL93 NULL
123 },94 },
12495
96 {
97 ngx_string("tcpwrappers_allow_severity"),
98 NGX_HTTP_MAIN_CONF | NGX_HTTP_SRV_CONF | NGX_HTTP_LOC_CONF | NGX_HTTP_LMT_CONF | NGX_CONF_TAKE1,
99 ngx_conf_set_enum_slot,
100 NGX_HTTP_LOC_CONF_OFFSET,
101 offsetof(ngx_http_tcpwrappers_conf_t, allow_severity),
102 &severities
103 },
104
105 {
106 ngx_string("tcpwrappers_deny_severity"),
107 NGX_HTTP_MAIN_CONF | NGX_HTTP_SRV_CONF | NGX_HTTP_LOC_CONF | NGX_HTTP_LMT_CONF | NGX_CONF_TAKE1,
108 ngx_conf_set_enum_slot,
109 NGX_HTTP_LOC_CONF_OFFSET,
110 offsetof(ngx_http_tcpwrappers_conf_t, deny_severity),
111 &severities
112 },
113
114 {
115 ngx_string("tcpwrappers_verbose"),
116 NGX_HTTP_MAIN_CONF | NGX_HTTP_SRV_CONF | NGX_HTTP_LOC_CONF | NGX_HTTP_LMT_CONF | NGX_CONF_TAKE1,
117 ngx_conf_set_flag_slot,
118 NGX_HTTP_LOC_CONF_OFFSET,
119 offsetof(ngx_http_tcpwrappers_conf_t, verbose_access),
120 NULL
121 },
122
123 {
124 ngx_string("tcpwrappers_allow_file"),
125 NGX_HTTP_MAIN_CONF | NGX_HTTP_SRV_CONF | NGX_HTTP_LOC_CONF | NGX_HTTP_LMT_CONF | NGX_CONF_TAKE1,
126 ngx_conf_set_str_slot,
127 NGX_HTTP_LOC_CONF_OFFSET,
128 offsetof(ngx_http_tcpwrappers_conf_t, allow_file),
129 NULL
130 },
131
132 {
133 ngx_string("tcpwrappers_deny_file"),
134 NGX_HTTP_MAIN_CONF | NGX_HTTP_SRV_CONF | NGX_HTTP_LOC_CONF | NGX_HTTP_LMT_CONF | NGX_CONF_TAKE1,
135 ngx_conf_set_str_slot,
136 NGX_HTTP_LOC_CONF_OFFSET,
137 offsetof(ngx_http_tcpwrappers_conf_t, deny_file),
138 NULL
139 },
140
125 ngx_null_command141 ngx_null_command
126};142};
127143
@@ -173,6 +189,7 @@
173 ngx_http_tcpwrappers_conf_t* config = ngx_http_get_module_loc_conf(r, ngx_tcpwrappers_module);189 ngx_http_tcpwrappers_conf_t* config = ngx_http_get_module_loc_conf(r, ngx_tcpwrappers_module);
174 int res;190 int res;
175 char* daemon_name;191 char* daemon_name;
192 char* p;
176193
177 if (1 != config->enabled || !config->daemon.len) {194 if (1 != config->enabled || !config->daemon.len) {
178 return NGX_DECLINED;195 return NGX_DECLINED;
@@ -189,11 +206,11 @@
189 }206 }
190207
191 daemon_name = (char*)alloca(config->daemon.len + 1);208 daemon_name = (char*)alloca(config->daemon.len + 1);
192 memcpy(daemon_name, config->daemon.data, config->daemon.len);209 p = ngx_cpymem(daemon_name, config->daemon.data, config->daemon.len);
193 daemon_name[config->daemon.len] = '\0';210 *p = '\0';
194211
195 if (1 == config->thorough) {212 if (1 == config->thorough) {
196 res = my_hosts_access(daemon_name, r->connection);213 res = my_hosts_access(daemon_name, r->connection, config);
197 }214 }
198 else {215 else {
199 char* client_addr = STRING_UNKNOWN;216 char* client_addr = STRING_UNKNOWN;
@@ -205,7 +222,7 @@
205 client_addr = addr;222 client_addr = addr;
206 }223 }
207224
208 res = my_hosts_ctl(daemon_name, client_addr);225 res = my_hosts_ctl(daemon_name, r->connection, client_addr, config);
209 }226 }
210227
211 if (!res) {228 if (!res) {
@@ -226,6 +243,8 @@
226 * @return Whether initialization succeeded243 * @return Whether initialization succeeded
227 * @retval NGX_OK Yes244 * @retval NGX_OK Yes
228 * @retval NGX_ERROR No245 * @retval NGX_ERROR No
246 * @sa orig_allow_severity
247 * @sa orig_deny_severity
229 */248 */
230static ngx_int_t ngx_http_tcpwrappers_init(ngx_conf_t* cf)249static ngx_int_t ngx_http_tcpwrappers_init(ngx_conf_t* cf)
231{250{
@@ -261,10 +280,23 @@
261static void* ngx_http_tcpwrappers_create_loc_conf(ngx_conf_t* cf)280static void* ngx_http_tcpwrappers_create_loc_conf(ngx_conf_t* cf)
262{281{
263 ngx_http_tcpwrappers_conf_t* conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_tcpwrappers_conf_t));282 ngx_http_tcpwrappers_conf_t* conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_tcpwrappers_conf_t));
283
284 orig_allow_severity = allow_severity;
285 orig_deny_severity = deny_severity;
286 resident = 1;
287 orig_hosts_access_verbose = hosts_access_verbose;
288 orig_allow_table = hosts_allow_table;
289 orig_deny_table = hosts_deny_table;
290
264 if (NULL != conf) {291 if (NULL != conf) {
265 conf->enabled = NGX_CONF_UNSET;292 conf->enabled = NGX_CONF_UNSET;
266 conf->thorough = NGX_CONF_UNSET;293 conf->thorough = NGX_CONF_UNSET;
267 ngx_str_null(&conf->daemon);294 ngx_str_null(&conf->daemon);
295 conf->allow_severity = NGX_CONF_UNSET;
296 conf->deny_severity = NGX_CONF_UNSET;
297 conf->verbose_access = NGX_CONF_UNSET;
298 ngx_str_null(&conf->allow_file);
299 ngx_str_null(&conf->deny_file);
268 }300 }
269301
270 return conf;302 return conf;
@@ -287,6 +319,150 @@
287 ngx_conf_merge_value(conf->enabled, prev->enabled, 0);319 ngx_conf_merge_value(conf->enabled, prev->enabled, 0);
288 ngx_conf_merge_value(conf->thorough, prev->thorough, 0);320 ngx_conf_merge_value(conf->thorough, prev->thorough, 0);
289 ngx_conf_merge_str_value(conf->daemon, prev->daemon, NGX_TCPWRAPPERS_DAEMON);321 ngx_conf_merge_str_value(conf->daemon, prev->daemon, NGX_TCPWRAPPERS_DAEMON);
322 ngx_conf_merge_value(conf->allow_severity, prev->allow_severity, orig_allow_severity);
323 ngx_conf_merge_value(conf->deny_severity, prev->deny_severity, orig_deny_severity);
324 ngx_conf_merge_value(conf->verbose_access, prev->verbose_access, orig_hosts_access_verbose);
325
326 if (!conf->allow_file.data) {
327 if (prev->allow_file.data) {
328 conf->allow_file.len = prev->allow_file.len;
329 conf->allow_file.data = prev->allow_file.data;
330 }
331 else {
332 conf->allow_file.len = strlen(orig_allow_table);
333 conf->allow_file.data = (u_char*)orig_allow_table;
334 }
335 }
336
337 if (!conf->deny_file.data) {
338 if (prev->deny_file.data) {
339 conf->deny_file.len = prev->deny_file.len;
340 conf->deny_file.data = prev->deny_file.data;
341 }
342 else {
343 conf->deny_file.len = strlen(orig_deny_table);
344 conf->deny_file.data = (u_char*)orig_deny_table;
345 }
346 }
290347
291 return NGX_CONF_OK;348 return NGX_CONF_OK;
292}349}
350
351/**
352 * @param daemon Daemon name
353 * @param client_addr Client IP address
354 * @return Whether access should be granted
355 * @retval 0 No
356 * @retval 1 Yes
357 */
358static int my_hosts_ctl(char* daemon, ngx_connection_t* conn, char* client_addr, ngx_http_tcpwrappers_conf_t* config)
359{
360 int res;
361 char* p;
362 char* allow_file;
363 char* deny_file;
364
365 p = alloca(config->allow_file.len + config->deny_file.len + 2);
366 allow_file = p;
367
368 p = ngx_cpymem(p, config->allow_file.data, config->allow_file.len);
369 *p = '\0';
370 ++p;
371 deny_file = p;
372 p = ngx_cpymem(p, config->deny_file.data, config->deny_file.len);
373 *p = '\0';
374
375 ngx_log_debug4(
376 NGX_LOG_DEBUG_HTTP,
377 conn->log,
378 0,
379 "ngx_tcpwrappers: daemon: %s, allow file: %s, deny file: %s, verbosity: %d",
380 daemon,
381 allow_file,
382 deny_file,
383 config->verbose_access
384 );
385
386#if (NGX_THREADS)
387 ngx_mutex_lock(libwrap_mutex);
388#endif
389
390 allow_severity = config->allow_severity;
391 deny_severity = config->deny_severity;
392 hosts_access_verbose = config->verbose_access;
393 hosts_allow_table = allow_file;
394 hosts_deny_table = deny_file;
395
396 res = hosts_ctl(daemon, "", client_addr, "");
397
398#if (NGX_THREADS)
399 ngx_mutex_unlock(libwrap_mutex);
400#endif
401 return res;
402}
403
404/**
405 * @param daemon Daemon name
406 * @param conn nginx connection structure
407 * @return Whether access should be granted
408 * @retval 0 No
409 * @retval 1 Yes
410 */
411static int my_hosts_access(char* daemon, ngx_connection_t* conn, ngx_http_tcpwrappers_conf_t* config)
412{
413 int res;
414 char* p;
415 char* allow_file;
416 char* deny_file;
417 struct request_info request_info;
418
419 p = alloca(config->allow_file.len + config->deny_file.len + 2);
420 allow_file = p;
421
422 p = ngx_cpymem(p, config->allow_file.data, config->allow_file.len);
423 *p = '\0';
424 ++p;
425 deny_file = p;
426 p = ngx_cpymem(p, config->deny_file.data, config->deny_file.len);
427 *p = '\0';
428
429 ngx_log_debug4(
430 NGX_LOG_DEBUG_HTTP,
431 conn->log,
432 0,
433 "ngx_tcpwrappers: daemon: %s, allow file: %s, deny file: %s, verbosity: %d",
434 daemon,
435 allow_file,
436 deny_file,
437 config->verbose_access
438 );
439
440#if (NGX_THREADS)
441 ngx_mutex_lock(libwrap_mutex);
442#endif
443
444 allow_severity = config->allow_severity;
445 deny_severity = config->deny_severity;
446 hosts_access_verbose = config->verbose_access;
447 hosts_allow_table = allow_file;
448 hosts_deny_table = deny_file;
449
450 request_init(
451 &request_info,
452 RQ_DAEMON, daemon,
453 RQ_USER, STRING_UNKNOWN,
454 RQ_CLIENT_SIN, conn->local_sockaddr,
455 RQ_SERVER_SIN, conn->sockaddr,
456 RQ_FILE, conn->fd,
457 NULL
458 );
459
460 fromhost(&request_info);
461
462 res = hosts_access(&request_info);
463
464#if (NGX_THREADS)
465 ngx_mutex_unlock(libwrap_mutex);
466#endif
467 return res;
468}

Subscribers

People subscribed via source and target branches

to all changes: