20 plugin_config
**config_storage
;
25 INIT_FUNC(mod_access_init
) {
28 p
= calloc(1, sizeof(*p
));
33 FREE_FUNC(mod_access_free
) {
38 if (!p
) return HANDLER_GO_ON
;
40 if (p
->config_storage
) {
42 for (i
= 0; i
< srv
->config_context
->used
; i
++) {
43 plugin_config
*s
= p
->config_storage
[i
];
45 if (NULL
== s
) continue;
47 array_free(s
->access_allow
);
48 array_free(s
->access_deny
);
52 free(p
->config_storage
);
60 SETDEFAULTS_FUNC(mod_access_set_defaults
) {
64 config_values_t cv
[] = {
65 { "url.access-deny", NULL
, T_CONFIG_ARRAY
, T_CONFIG_SCOPE_CONNECTION
},
66 { "url.access-allow", NULL
, T_CONFIG_ARRAY
, T_CONFIG_SCOPE_CONNECTION
},
67 { NULL
, NULL
, T_CONFIG_UNSET
, T_CONFIG_SCOPE_UNSET
}
70 p
->config_storage
= calloc(1, srv
->config_context
->used
* sizeof(plugin_config
*));
72 for (i
= 0; i
< srv
->config_context
->used
; i
++) {
73 data_config
const* config
= (data_config
const*)srv
->config_context
->data
[i
];
76 s
= calloc(1, sizeof(plugin_config
));
77 s
->access_deny
= array_init();
78 s
->access_allow
= array_init();
80 cv
[0].destination
= s
->access_deny
;
81 cv
[1].destination
= s
->access_allow
;
83 p
->config_storage
[i
] = s
;
85 if (0 != config_insert_values_global(srv
, config
->value
, cv
, i
== 0 ? T_CONFIG_SCOPE_SERVER
: T_CONFIG_SCOPE_CONNECTION
)) {
89 if (!array_is_vlist(s
->access_deny
)) {
90 log_error_write(srv
, __FILE__
, __LINE__
, "s",
91 "unexpected value for url.access-deny; expected list of \"suffix\"");
95 if (!array_is_vlist(s
->access_allow
)) {
96 log_error_write(srv
, __FILE__
, __LINE__
, "s",
97 "unexpected value for url.access-allow; expected list of \"suffix\"");
102 return HANDLER_GO_ON
;
107 static int mod_access_patch_connection(server
*srv
, connection
*con
, plugin_data
*p
) {
109 plugin_config
*s
= p
->config_storage
[0];
114 /* skip the first, the global context */
115 for (i
= 1; i
< srv
->config_context
->used
; i
++) {
116 data_config
*dc
= (data_config
*)srv
->config_context
->data
[i
];
117 s
= p
->config_storage
[i
];
119 /* condition didn't match */
120 if (!config_check_cond(srv
, con
, dc
)) continue;
123 for (j
= 0; j
< dc
->value
->used
; j
++) {
124 data_unset
*du
= dc
->value
->data
[j
];
126 if (buffer_is_equal_string(du
->key
, CONST_STR_LEN("url.access-deny"))) {
128 } else if (buffer_is_equal_string(du
->key
, CONST_STR_LEN("url.access-allow"))) {
141 * we will get called twice:
142 * - after the clean up of the URL and
143 * - after the pathinfo checks are done
145 * this handles the issue of trailing slashes
147 URIHANDLER_FUNC(mod_access_uri_handler
) {
148 plugin_data
*p
= p_d
;
152 if (buffer_is_empty(con
->uri
.path
)) return HANDLER_GO_ON
;
154 mod_access_patch_connection(srv
, con
, p
);
156 s_len
= buffer_string_length(con
->uri
.path
);
158 if (con
->conf
.log_request_handling
) {
159 log_error_write(srv
, __FILE__
, __LINE__
, "s",
160 "-- mod_access_uri_handler called");
163 for (k
= 0; k
< p
->conf
.access_allow
->used
; ++k
) {
164 data_string
*ds
= (data_string
*)p
->conf
.access_allow
->data
[k
];
165 int ct_len
= buffer_string_length(ds
->value
);
168 if (ct_len
> s_len
) continue;
169 if (buffer_is_empty(ds
->value
)) continue;
171 /* if we have a case-insensitive FS we have to lower-case the URI here too */
173 if (con
->conf
.force_lowercase_filenames
) {
174 if (0 == strncasecmp(con
->uri
.path
->ptr
+ s_len
- ct_len
, ds
->value
->ptr
, ct_len
)) {
178 if (0 == strncmp(con
->uri
.path
->ptr
+ s_len
- ct_len
, ds
->value
->ptr
, ct_len
)) {
184 return HANDLER_GO_ON
;
188 if (k
> 0) { /* have access_allow but none matched */
189 con
->http_status
= 403;
192 if (con
->conf
.log_request_handling
) {
193 log_error_write(srv
, __FILE__
, __LINE__
, "sb",
194 "url denied as failed to match any from access_allow", con
->uri
.path
);
197 return HANDLER_FINISHED
;
200 for (k
= 0; k
< p
->conf
.access_deny
->used
; k
++) {
201 data_string
*ds
= (data_string
*)p
->conf
.access_deny
->data
[k
];
202 int ct_len
= buffer_string_length(ds
->value
);
206 if (ct_len
> s_len
) continue;
207 if (buffer_is_empty(ds
->value
)) continue;
209 /* if we have a case-insensitive FS we have to lower-case the URI here too */
211 if (con
->conf
.force_lowercase_filenames
) {
212 if (0 == strncasecmp(con
->uri
.path
->ptr
+ s_len
- ct_len
, ds
->value
->ptr
, ct_len
)) {
216 if (0 == strncmp(con
->uri
.path
->ptr
+ s_len
- ct_len
, ds
->value
->ptr
, ct_len
)) {
222 con
->http_status
= 403;
225 if (con
->conf
.log_request_handling
) {
226 log_error_write(srv
, __FILE__
, __LINE__
, "sb",
227 "url denied as we match:", ds
->value
);
230 return HANDLER_FINISHED
;
235 return HANDLER_GO_ON
;
239 int mod_access_plugin_init(plugin
*p
);
240 int mod_access_plugin_init(plugin
*p
) {
241 p
->version
= LIGHTTPD_VERSION_ID
;
242 p
->name
= buffer_init_string("access");
244 p
->init
= mod_access_init
;
245 p
->set_defaults
= mod_access_set_defaults
;
246 p
->handle_uri_clean
= mod_access_uri_handler
;
247 p
->handle_subrequest_start
= mod_access_uri_handler
;
248 p
->cleanup
= mod_access_free
;