1 /* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
5 * Copyright (C) 2001-2010, Eduardo Silva P.
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU Library General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
32 /* Plugin data for register */
33 mk_plugin_data_t _shortname
= "security";
34 mk_plugin_data_t _name
= "Security";
35 mk_plugin_data_t _version
= "0.11.0";
36 mk_plugin_hook_t _hooks
= MK_PLUGIN_STAGE_10
| MK_PLUGIN_STAGE_20
;
38 struct plugin_api
*mk_api
;
39 struct mk_config
*conf
;
41 /* Read database configuration parameters */
42 int mk_security_conf(char *confdir
)
47 struct mk_security
*new, *r
;
48 struct mk_config_section
*section
;
49 struct mk_config_entry
*entry
;
51 /* Read configuration */
52 mk_api
->str_build(&conf_path
, &len
, "%s/security.conf", confdir
);
53 conf
= mk_api
->config_create(conf_path
);
54 section
= mk_api
->config_section_get(conf
, "RULES");
55 entry
= section
->entry
;
59 /* Passing to internal struct */
60 new = mk_api
->mem_alloc(sizeof(struct mk_security
));
61 if (strcasecmp(entry
->key
, "IP") == 0) {
62 new->type
= MK_SECURITY_TYPE_IP
;
64 else if (strcasecmp(entry
->key
, "URL") == 0) {
65 new->type
= MK_SECURITY_TYPE_URL
;
68 new->value
= entry
->val
;
86 PLUGIN_TRACE("Security rules");
88 printf("%s", ANSI_YELLOW
);
90 if (r
->type
== MK_SECURITY_TYPE_IP
) {
93 else if (r
->type
== MK_SECURITY_TYPE_URL
) {
96 printf("%s'\n", r
->value
);
100 printf("%s", ANSI_RESET
);
104 mk_api
->mem_free(conf_path
);
108 int mk_security_check_ip(char *ipv4
)
111 struct mk_security
*p
;
115 if (p
->type
== MK_SECURITY_TYPE_IP
) {
116 for (i
= 0; p
->value
[i
]; i
++) {
117 if (p
->value
[i
] == '?') {
118 if (ipv4
[i
] == '.' || ipv4
[i
] == '\0')
124 if (p
->value
[i
] == '*') {
128 if (p
->value
[i
] != ipv4
[i
]) {
136 if (ipv4
[i
] == '\0') {
143 int mk_security_check_url(mk_pointer url
)
146 struct mk_security
*p
;
150 if (p
->type
== MK_SECURITY_TYPE_URL
) {
151 n
= mk_api
->str_search_n(url
.data
, p
->value
, url
.len
);
162 int _mkp_init(void **api
, char *confdir
)
167 /* Read configuration */
168 mk_security_conf(confdir
);
176 int _mkp_stage_10(unsigned int socket
, struct sched_connection
*conx
)
178 if (mk_security_check_ip(conx
->ipv4
.data
) != 0) {
180 PLUGIN_TRACE("Close connection FD %i", socket
);
182 return MK_PLUGIN_RET_CLOSE_CONX
;
185 return MK_PLUGIN_RET_CONTINUE
;
188 int _mkp_stage_20(struct client_request
*cr
, struct request
*sr
)
190 if (mk_security_check_url(sr
->uri
) < 0) {
192 PLUGIN_TRACE("Close connection FD %i", cr
->socket
);
194 mk_api
->header_set_http_status(sr
, M_CLIENT_FORBIDDEN
);
195 return MK_PLUGIN_RET_CLOSE_CONX
;
198 return MK_PLUGIN_RET_CONTINUE
;