Project

General

Profile

lighttpd-1.4.19-access_allow.diff

lighttpd-1.4.19-access_allow.diff - japc, 2008-06-05 15:15

View differences:

lighttpd-1.4.19/src/mod_access.c 2008-06-05 16:10:15.000000000 +0100
10 10

  
11 11
typedef struct {
12 12
	array *access_deny;
13
	array *access_allow;
13 14
} plugin_config;
14 15

  
15 16
typedef struct {
......
41 42
			plugin_config *s = p->config_storage[i];
42 43

  
43 44
			array_free(s->access_deny);
45
			array_free(s->access_allow);
44 46

  
45 47
			free(s);
46 48
		}
......
58 60

  
59 61
	config_values_t cv[] = {
60 62
		{ "url.access-deny",             NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION },
63
		{ "url.access-allow",            NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION },
61 64
		{ NULL,                          NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
62 65
	};
63 66

  
......
68 71

  
69 72
		s = calloc(1, sizeof(plugin_config));
70 73
		s->access_deny    = array_init();
74
		s->access_allow   = array_init();
71 75

  
72 76
		cv[0].destination = s->access_deny;
77
		cv[1].destination = s->access_allow;
73 78

  
74 79
		p->config_storage[i] = s;
75 80

  
......
88 93
	plugin_config *s = p->config_storage[0];
89 94

  
90 95
	PATCH(access_deny);
96
	PATCH(access_allow);
91 97

  
92 98
	/* skip the first, the global context */
93 99
	for (i = 1; i < srv->config_context->used; i++) {
......
104 110
			if (buffer_is_equal_string(du->key, CONST_STR_LEN("url.access-deny"))) {
105 111
				PATCH(access_deny);
106 112
			}
113
			if (buffer_is_equal_string(du->key, CONST_STR_LEN("url.access-allow"))) {
114
				PATCH(access_allow);
115
			}
107 116
		}
108 117
	}
109 118

  
......
136 145
				"-- mod_access_uri_handler called");
137 146
	}
138 147

  
148
	for (k = 0; k < p->conf.access_allow->used; k++) {
149
		data_string *ds = (data_string *)p->conf.access_allow->data[k];
150
		int ct_len = ds->value->used - 1;
151
		int allowed = 0;
152

  
153

  
154
		if (ct_len > s_len) continue;
155
		if (ds->value->used == 0) continue;
156

  
157
		/* if we have a case-insensitive FS we have to lower-case the URI here too */
158

  
159
		if (con->conf.force_lowercase_filenames) {
160
			if (0 == strncasecmp(con->uri.path->ptr + s_len - ct_len, ds->value->ptr, ct_len)) {
161
				allowed = 1;
162
			}
163
		} else {
164
			if (0 == strncmp(con->uri.path->ptr + s_len - ct_len, ds->value->ptr, ct_len)) {
165
				allowed = 1;
166
			}
167
		}
168

  
169
		if (allowed) {
170
			return HANDLER_GO_ON;
171
		}
172

  
173
	}
174

  
175
	if (k > 0) { /* have access_allow but none matched */
176
		con->http_status = 403;
177
		if (con->conf.log_request_handling)
178
			log_error_write(srv, __FILE__, __LINE__, "sb",
179
				"url denied as failed to match any from access_allow");
180
		return HANDLER_FINISHED;
181
	}
182

  
139 183
	for (k = 0; k < p->conf.access_deny->used; k++) {
140 184
		data_string *ds = (data_string *)p->conf.access_deny->data[k];
141 185
		int ct_len = ds->value->used - 1;