20 plugin_config
**config_storage
;
25 INIT_FUNC(mod_access_init
) {
28 p
= calloc(1, sizeof(*p
));
33 FREE_FUNC(mod_access_free
) {
38 if (!p
) return HANDLER_GO_ON
;
40 if (p
->config_storage
) {
42 for (i
= 0; i
< srv
->config_context
->used
; i
++) {
43 plugin_config
*s
= p
->config_storage
[i
];
45 if (NULL
== s
) continue;
47 array_free(s
->access_deny
);
51 free(p
->config_storage
);
59 SETDEFAULTS_FUNC(mod_access_set_defaults
) {
63 config_values_t cv
[] = {
64 { "url.access-deny", NULL
, T_CONFIG_ARRAY
, T_CONFIG_SCOPE_CONNECTION
},
65 { NULL
, NULL
, T_CONFIG_UNSET
, T_CONFIG_SCOPE_UNSET
}
68 p
->config_storage
= calloc(1, srv
->config_context
->used
* sizeof(plugin_config
*));
70 for (i
= 0; i
< srv
->config_context
->used
; i
++) {
71 data_config
const* config
= (data_config
const*)srv
->config_context
->data
[i
];
74 s
= calloc(1, sizeof(plugin_config
));
75 s
->access_deny
= array_init();
77 cv
[0].destination
= s
->access_deny
;
79 p
->config_storage
[i
] = s
;
81 if (0 != config_insert_values_global(srv
, config
->value
, cv
, i
== 0 ? T_CONFIG_SCOPE_SERVER
: T_CONFIG_SCOPE_CONNECTION
)) {
91 static int mod_access_patch_connection(server
*srv
, connection
*con
, plugin_data
*p
) {
93 plugin_config
*s
= p
->config_storage
[0];
97 /* skip the first, the global context */
98 for (i
= 1; i
< srv
->config_context
->used
; i
++) {
99 data_config
*dc
= (data_config
*)srv
->config_context
->data
[i
];
100 s
= p
->config_storage
[i
];
102 /* condition didn't match */
103 if (!config_check_cond(srv
, con
, dc
)) continue;
106 for (j
= 0; j
< dc
->value
->used
; j
++) {
107 data_unset
*du
= dc
->value
->data
[j
];
109 if (buffer_is_equal_string(du
->key
, CONST_STR_LEN("url.access-deny"))) {
122 * we will get called twice:
123 * - after the clean up of the URL and
124 * - after the pathinfo checks are done
126 * this handles the issue of trailing slashes
128 URIHANDLER_FUNC(mod_access_uri_handler
) {
129 plugin_data
*p
= p_d
;
133 if (buffer_is_empty(con
->uri
.path
)) return HANDLER_GO_ON
;
135 mod_access_patch_connection(srv
, con
, p
);
137 s_len
= buffer_string_length(con
->uri
.path
);
139 if (con
->conf
.log_request_handling
) {
140 log_error_write(srv
, __FILE__
, __LINE__
, "s",
141 "-- mod_access_uri_handler called");
144 for (k
= 0; k
< p
->conf
.access_deny
->used
; k
++) {
145 data_string
*ds
= (data_string
*)p
->conf
.access_deny
->data
[k
];
146 int ct_len
= buffer_string_length(ds
->value
);
150 if (ct_len
> s_len
) continue;
151 if (buffer_is_empty(ds
->value
)) continue;
153 /* if we have a case-insensitive FS we have to lower-case the URI here too */
155 if (con
->conf
.force_lowercase_filenames
) {
156 if (0 == strncasecmp(con
->uri
.path
->ptr
+ s_len
- ct_len
, ds
->value
->ptr
, ct_len
)) {
160 if (0 == strncmp(con
->uri
.path
->ptr
+ s_len
- ct_len
, ds
->value
->ptr
, ct_len
)) {
166 con
->http_status
= 403;
169 if (con
->conf
.log_request_handling
) {
170 log_error_write(srv
, __FILE__
, __LINE__
, "sb",
171 "url denied as we match:", ds
->value
);
174 return HANDLER_FINISHED
;
179 return HANDLER_GO_ON
;
183 int mod_access_plugin_init(plugin
*p
);
184 int mod_access_plugin_init(plugin
*p
) {
185 p
->version
= LIGHTTPD_VERSION_ID
;
186 p
->name
= buffer_init_string("access");
188 p
->init
= mod_access_init
;
189 p
->set_defaults
= mod_access_set_defaults
;
190 p
->handle_uri_clean
= mod_access_uri_handler
;
191 p
->handle_subrequest_start
= mod_access_uri_handler
;
192 p
->cleanup
= mod_access_free
;