|
|
|
@ -4,14 +4,13 @@ |
|
|
|
#include "buffer.h" |
|
|
|
#include "array.h" |
|
|
|
#include "log.h" |
|
|
|
#include "fdevent.h" |
|
|
|
#include "http_header.h" |
|
|
|
#include "sock_addr.h" |
|
|
|
|
|
|
|
#include "configfile.h" |
|
|
|
|
|
|
|
#include <string.h> |
|
|
|
#include <stdlib.h> |
|
|
|
#include <stdlib.h> /* strtol */ |
|
|
|
|
|
|
|
/**
|
|
|
|
* like all glue code this file contains functions which |
|
|
|
@ -203,6 +202,7 @@ int config_insert_values_global(server *srv, const array *ca, const config_value |
|
|
|
return config_insert_values_internal(srv, ca, cv, scope); |
|
|
|
} |
|
|
|
|
|
|
|
__attribute_cold__ |
|
|
|
static const char* cond_result_to_string(cond_result_t cond_result) { |
|
|
|
switch (cond_result) { |
|
|
|
case COND_RESULT_UNSET: return "unset"; |
|
|
|
@ -213,65 +213,67 @@ static const char* cond_result_to_string(cond_result_t cond_result) { |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
static int config_addrstr_eq_remote_ip_mask(server *srv, const char *addrstr, int nm_bits, sock_addr *rmt) { |
|
|
|
static int config_addrstr_eq_remote_ip_mask(connection *con, const char *addrstr, int nm_bits, sock_addr *rmt) { |
|
|
|
/* special-case 0 == nm_bits to mean "all bits of the address" in addrstr */ |
|
|
|
sock_addr addr; |
|
|
|
if (1 == sock_addr_inet_pton(&addr, addrstr, AF_INET, 0)) { |
|
|
|
if (nm_bits > 32) { |
|
|
|
log_error_write(srv, __FILE__, __LINE__, "sd", "ERROR: ipv4 netmask too large:", nm_bits); |
|
|
|
log_error(con->errh, __FILE__, __LINE__, "ERROR: ipv4 netmask too large: %d", nm_bits); |
|
|
|
return -1; |
|
|
|
} |
|
|
|
} else if (1 == sock_addr_inet_pton(&addr, addrstr, AF_INET6, 0)) { |
|
|
|
if (nm_bits > 128) { |
|
|
|
log_error_write(srv, __FILE__, __LINE__, "sd", "ERROR: ipv6 netmask too large:", nm_bits); |
|
|
|
log_error(con->errh, __FILE__, __LINE__, "ERROR: ipv6 netmask too large: %d", nm_bits); |
|
|
|
return -1; |
|
|
|
} |
|
|
|
} else { |
|
|
|
log_error_write(srv, __FILE__, __LINE__, "ss", "ERROR: ip addr is invalid:", addrstr); |
|
|
|
log_error(con->errh, __FILE__, __LINE__, "ERROR: ip addr is invalid: %s", addrstr); |
|
|
|
return -1; |
|
|
|
} |
|
|
|
return sock_addr_is_addr_eq_bits(&addr, rmt, nm_bits); |
|
|
|
} |
|
|
|
|
|
|
|
static int config_addrbuf_eq_remote_ip_mask(server *srv, const buffer *string, char *nm_slash, sock_addr *rmt) { |
|
|
|
static int config_addrbuf_eq_remote_ip_mask(connection *con, const buffer *string, char *nm_slash, sock_addr *rmt) { |
|
|
|
char *err; |
|
|
|
int nm_bits = strtol(nm_slash + 1, &err, 10); |
|
|
|
size_t addrstrlen = (size_t)(nm_slash - string->ptr); |
|
|
|
char addrstr[64]; /*(larger than INET_ADDRSTRLEN and INET6_ADDRSTRLEN)*/ |
|
|
|
|
|
|
|
if (*err) { |
|
|
|
log_error_write(srv, __FILE__, __LINE__, "sbs", "ERROR: non-digit found in netmask:", string, err); |
|
|
|
log_error(con->errh, __FILE__, __LINE__, "ERROR: non-digit found in netmask: %s %s", string->ptr, err); |
|
|
|
return -1; |
|
|
|
} |
|
|
|
|
|
|
|
if (nm_bits <= 0) { |
|
|
|
if (*(nm_slash+1) == '\0') { |
|
|
|
log_error_write(srv, __FILE__, __LINE__, "sb", "ERROR: no number after / ", string); |
|
|
|
log_error(con->errh, __FILE__, __LINE__, "ERROR: no number after / %s", string->ptr); |
|
|
|
} else { |
|
|
|
log_error_write(srv, __FILE__, __LINE__, "sbs", "ERROR: invalid netmask <= 0:", string, err); |
|
|
|
log_error(con->errh, __FILE__, __LINE__, "ERROR: invalid netmask <= 0: %s %s", string->ptr, err); |
|
|
|
} |
|
|
|
return -1; |
|
|
|
} |
|
|
|
|
|
|
|
if (addrstrlen >= sizeof(addrstr)) { |
|
|
|
log_error_write(srv, __FILE__, __LINE__, "sb", "ERROR: address string too long:", string); |
|
|
|
log_error(con->errh, __FILE__, __LINE__, "ERROR: address string too long: %s", string->ptr); |
|
|
|
return -1; |
|
|
|
} |
|
|
|
|
|
|
|
memcpy(addrstr, string->ptr, addrstrlen); |
|
|
|
addrstr[addrstrlen] = '\0'; |
|
|
|
|
|
|
|
return config_addrstr_eq_remote_ip_mask(srv, addrstr, nm_bits, rmt); |
|
|
|
return config_addrstr_eq_remote_ip_mask(con, addrstr, nm_bits, rmt); |
|
|
|
} |
|
|
|
|
|
|
|
static int data_config_pcre_exec(const data_config *dc, cond_cache_t *cache, const buffer *b); |
|
|
|
|
|
|
|
static cond_result_t config_check_cond_cached(server *srv, connection *con, const data_config *dc); |
|
|
|
static cond_result_t config_check_cond_cached(connection *con, const data_config *dc, const int debug_cond); |
|
|
|
|
|
|
|
static cond_result_t config_check_cond_nocache(server *srv, connection *con, const data_config *dc) { |
|
|
|
const buffer *l; |
|
|
|
server_socket *srv_sock = con->srv_socket; |
|
|
|
cond_cache_t *cache = &con->cond_cache[dc->context_ndx]; |
|
|
|
static cond_result_t config_check_cond_nocache(connection *con, const data_config *dc, const int debug_cond) { |
|
|
|
static struct const_char_buffer { |
|
|
|
const char *ptr; |
|
|
|
uint32_t used; |
|
|
|
uint32_t size; |
|
|
|
} empty_string = { "", 1, 0 }; |
|
|
|
|
|
|
|
/* check parent first */ |
|
|
|
if (dc->parent && dc->parent->context_ndx) { |
|
|
|
@ -280,11 +282,11 @@ static cond_result_t config_check_cond_nocache(server *srv, connection *con, con |
|
|
|
* |
|
|
|
* if the parent is not decided yet or false, we can't be true either |
|
|
|
*/ |
|
|
|
if (con->conf.log_condition_handling) { |
|
|
|
log_error_write(srv, __FILE__, __LINE__, "sb", "go parent", &dc->parent->key); |
|
|
|
if (debug_cond) { |
|
|
|
log_error(con->errh, __FILE__, __LINE__, "go parent %s", dc->parent->key.ptr); |
|
|
|
} |
|
|
|
|
|
|
|
switch (config_check_cond_cached(srv, con, dc->parent)) { |
|
|
|
switch (config_check_cond_cached(con, dc->parent, debug_cond)) { |
|
|
|
case COND_RESULT_UNSET: |
|
|
|
/* decide later */ |
|
|
|
return COND_RESULT_UNSET; |
|
|
|
@ -303,12 +305,12 @@ static cond_result_t config_check_cond_nocache(server *srv, connection *con, con |
|
|
|
* a else branch; can only be executed if the previous branch |
|
|
|
* was evaluated as "false" (not unset/skipped/true) |
|
|
|
*/ |
|
|
|
if (con->conf.log_condition_handling) { |
|
|
|
log_error_write(srv, __FILE__, __LINE__, "sb", "go prev", &dc->prev->key); |
|
|
|
if (debug_cond) { |
|
|
|
log_error(con->errh, __FILE__, __LINE__, "go prev %s", dc->prev->key.ptr); |
|
|
|
} |
|
|
|
|
|
|
|
/* make sure prev is checked first */ |
|
|
|
switch (config_check_cond_cached(srv, con, dc->prev)) { |
|
|
|
switch (config_check_cond_cached(con, dc->prev, debug_cond)) { |
|
|
|
case COND_RESULT_UNSET: |
|
|
|
/* decide later */ |
|
|
|
return COND_RESULT_UNSET; |
|
|
|
@ -323,17 +325,17 @@ static cond_result_t config_check_cond_nocache(server *srv, connection *con, con |
|
|
|
} |
|
|
|
|
|
|
|
if (!(con->conditional_is_valid & (1 << dc->comp))) { |
|
|
|
if (con->conf.log_condition_handling) { |
|
|
|
log_error_write(srv, __FILE__, __LINE__, "dss", |
|
|
|
if (debug_cond) { |
|
|
|
log_error(con->errh, __FILE__, __LINE__, "%d %s not available yet", |
|
|
|
dc->comp, |
|
|
|
dc->key.ptr, |
|
|
|
"not available yet"); |
|
|
|
dc->key.ptr); |
|
|
|
} |
|
|
|
|
|
|
|
return COND_RESULT_UNSET; |
|
|
|
} |
|
|
|
|
|
|
|
/* if we had a real result before and weren't cleared just return it */ |
|
|
|
cond_cache_t * const cache = &con->cond_cache[dc->context_ndx]; |
|
|
|
switch (cache->local_result) { |
|
|
|
case COND_RESULT_TRUE: |
|
|
|
case COND_RESULT_FALSE: |
|
|
|
@ -346,47 +348,46 @@ static cond_result_t config_check_cond_nocache(server *srv, connection *con, con |
|
|
|
|
|
|
|
/* pass the rules */ |
|
|
|
|
|
|
|
buffer *l; |
|
|
|
switch (dc->comp) { |
|
|
|
case COMP_HTTP_HOST: { |
|
|
|
char *ck_colon = NULL, *val_colon = NULL; |
|
|
|
unsigned short port; |
|
|
|
|
|
|
|
if (!buffer_string_is_empty(con->uri.authority)) { |
|
|
|
|
|
|
|
/*
|
|
|
|
* append server-port to the HTTP_POST if necessary |
|
|
|
*/ |
|
|
|
|
|
|
|
l = con->uri.authority; |
|
|
|
|
|
|
|
switch(dc->cond) { |
|
|
|
case CONFIG_COND_NE: |
|
|
|
case CONFIG_COND_EQ: |
|
|
|
port = sock_addr_get_port(&srv_sock->addr); |
|
|
|
if (0 == port) break; |
|
|
|
ck_colon = strchr(dc->string.ptr, ':'); |
|
|
|
val_colon = strchr(l->ptr, ':'); |
|
|
|
|
|
|
|
if (NULL != ck_colon && NULL == val_colon) { |
|
|
|
/* condition "host:port" but client send "host" */ |
|
|
|
buffer_copy_buffer(srv->cond_check_buf, l); |
|
|
|
buffer_append_string_len(srv->cond_check_buf, CONST_STR_LEN(":")); |
|
|
|
buffer_append_int(srv->cond_check_buf, port); |
|
|
|
l = srv->cond_check_buf; |
|
|
|
} else if (NULL != val_colon && NULL == ck_colon) { |
|
|
|
/* condition "host" but client send "host:port" */ |
|
|
|
buffer_copy_string_len(srv->cond_check_buf, l->ptr, val_colon - l->ptr); |
|
|
|
l = srv->cond_check_buf; |
|
|
|
} |
|
|
|
break; |
|
|
|
default: |
|
|
|
break; |
|
|
|
case COMP_HTTP_HOST: |
|
|
|
|
|
|
|
l = con->uri.authority; |
|
|
|
|
|
|
|
if (buffer_string_is_empty(l)) { |
|
|
|
l = (buffer *)&empty_string; |
|
|
|
break; |
|
|
|
} |
|
|
|
|
|
|
|
switch(dc->cond) { |
|
|
|
case CONFIG_COND_NE: |
|
|
|
case CONFIG_COND_EQ: { |
|
|
|
unsigned short port = sock_addr_get_port(&con->srv_socket->addr); |
|
|
|
if (0 == port) break; |
|
|
|
const char *ck_colon = strchr(dc->string.ptr, ':'); |
|
|
|
const char *val_colon = strchr(l->ptr, ':'); |
|
|
|
|
|
|
|
/* append server-port if necessary */ |
|
|
|
if (NULL != ck_colon && NULL == val_colon) { |
|
|
|
/* condition "host:port" but client send "host" */ |
|
|
|
buffer *tb = con->srv->tmp_buf; |
|
|
|
buffer_copy_buffer(tb, l); |
|
|
|
buffer_append_string_len(tb, CONST_STR_LEN(":")); |
|
|
|
buffer_append_int(tb, port); |
|
|
|
l = tb; |
|
|
|
} else if (NULL != val_colon && NULL == ck_colon) { |
|
|
|
/* condition "host" but client send "host:port" */ |
|
|
|
buffer *tb = con->srv->tmp_buf; |
|
|
|
buffer_copy_string_len(tb, l->ptr, val_colon - l->ptr); |
|
|
|
l = tb; |
|
|
|
} |
|
|
|
} else { |
|
|
|
l = srv->empty_string; |
|
|
|
break; |
|
|
|
} |
|
|
|
default: |
|
|
|
break; |
|
|
|
} |
|
|
|
|
|
|
|
break; |
|
|
|
} |
|
|
|
case COMP_HTTP_REMOTE_IP: { |
|
|
|
char *nm_slash; |
|
|
|
/* handle remoteip limitations
|
|
|
|
@ -401,7 +402,7 @@ static cond_result_t config_check_cond_nocache(server *srv, connection *con, con |
|
|
|
if ((dc->cond == CONFIG_COND_EQ || |
|
|
|
dc->cond == CONFIG_COND_NE) && |
|
|
|
(NULL != (nm_slash = strchr(dc->string.ptr, '/')))) { |
|
|
|
switch (config_addrbuf_eq_remote_ip_mask(srv, &dc->string, nm_slash, &con->dst_addr)) { |
|
|
|
switch (config_addrbuf_eq_remote_ip_mask(con, &dc->string, nm_slash, &con->dst_addr)) { |
|
|
|
case 1: return (dc->cond == CONFIG_COND_EQ) ? COND_RESULT_TRUE : COND_RESULT_FALSE; |
|
|
|
case 0: return (dc->cond == CONFIG_COND_EQ) ? COND_RESULT_FALSE : COND_RESULT_TRUE; |
|
|
|
case -1: return COND_RESULT_FALSE; /*(error parsing configfile entry)*/ |
|
|
|
@ -423,34 +424,32 @@ static cond_result_t config_check_cond_nocache(server *srv, connection *con, con |
|
|
|
break; |
|
|
|
|
|
|
|
case COMP_SERVER_SOCKET: |
|
|
|
l = srv_sock->srv_token; |
|
|
|
l = con->srv_socket->srv_token; |
|
|
|
break; |
|
|
|
|
|
|
|
case COMP_HTTP_REQUEST_HEADER: |
|
|
|
l = http_header_request_get(con, HTTP_HEADER_UNSPECIFIED, CONST_BUF_LEN(dc->comp_tag)); |
|
|
|
if (NULL == l) l = srv->empty_string; |
|
|
|
*((const buffer **)&l) = http_header_request_get(con, HTTP_HEADER_UNSPECIFIED, CONST_BUF_LEN(dc->comp_tag)); |
|
|
|
if (NULL == l) l = (buffer *)&empty_string; |
|
|
|
break; |
|
|
|
case COMP_HTTP_REQUEST_METHOD: |
|
|
|
l = srv->tmp_buf; |
|
|
|
buffer_clear(srv->tmp_buf); |
|
|
|
http_method_append(srv->tmp_buf, con->request.http_method); |
|
|
|
l = con->srv->tmp_buf; |
|
|
|
buffer_clear(l); |
|
|
|
http_method_append(l, con->request.http_method); |
|
|
|
break; |
|
|
|
default: |
|
|
|
return COND_RESULT_FALSE; |
|
|
|
} |
|
|
|
|
|
|
|
if (NULL == l) { |
|
|
|
if (con->conf.log_condition_handling) { |
|
|
|
log_error_write(srv, __FILE__, __LINE__, "bsbs", dc->comp_key, |
|
|
|
"(", l, ") compare to NULL"); |
|
|
|
} |
|
|
|
if (NULL == l) { /*(should not happen)*/ |
|
|
|
log_error(con->errh, __FILE__, __LINE__, |
|
|
|
"%s () compare to NULL", dc->comp_key->ptr); |
|
|
|
return COND_RESULT_FALSE; |
|
|
|
} |
|
|
|
|
|
|
|
if (con->conf.log_condition_handling) { |
|
|
|
log_error_write(srv, __FILE__, __LINE__, "bsbsb", dc->comp_key, |
|
|
|
"(", l, ") compare to ", &dc->string); |
|
|
|
else if (debug_cond) { |
|
|
|
log_error(con->errh, __FILE__, __LINE__, |
|
|
|
"%s (%s) compare to %s", dc->comp_key->ptr, l->ptr, dc->string.ptr); |
|
|
|
} |
|
|
|
|
|
|
|
switch(dc->cond) { |
|
|
|
case CONFIG_COND_NE: |
|
|
|
case CONFIG_COND_EQ: |
|
|
|
@ -476,36 +475,32 @@ static cond_result_t config_check_cond_nocache(server *srv, connection *con, con |
|
|
|
return COND_RESULT_FALSE; |
|
|
|
} |
|
|
|
|
|
|
|
static cond_result_t config_check_cond_cached(server *srv, connection *con, const data_config *dc) { |
|
|
|
cond_cache_t *caches = con->cond_cache; |
|
|
|
static cond_result_t config_check_cond_cached(connection *con, const data_config *dc, const int debug_cond) { |
|
|
|
cond_cache_t * const cache = &con->cond_cache[dc->context_ndx]; |
|
|
|
int offset = 2; |
|
|
|
|
|
|
|
if (COND_RESULT_UNSET == caches[dc->context_ndx].result) { |
|
|
|
caches[dc->context_ndx].result = config_check_cond_nocache(srv, con, dc); |
|
|
|
switch (caches[dc->context_ndx].result) { |
|
|
|
if (COND_RESULT_UNSET == cache->result) { |
|
|
|
offset = 0; |
|
|
|
cache->result = config_check_cond_nocache(con, dc, debug_cond); |
|
|
|
switch (cache->result) { |
|
|
|
case COND_RESULT_FALSE: |
|
|
|
case COND_RESULT_TRUE: |
|
|
|
/* remember result of local condition for a partial reset */ |
|
|
|
caches[dc->context_ndx].local_result = caches[dc->context_ndx].result; |
|
|
|
cache->local_result = cache->result; |
|
|
|
break; |
|
|
|
default: |
|
|
|
break; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
if (con->conf.log_condition_handling) { |
|
|
|
log_error_write(srv, __FILE__, __LINE__, "dss", |
|
|
|
dc->context_ndx, |
|
|
|
"(uncached) result:", |
|
|
|
cond_result_to_string(caches[dc->context_ndx].result)); |
|
|
|
} |
|
|
|
} else { |
|
|
|
if (con->conf.log_condition_handling) { |
|
|
|
log_error_write(srv, __FILE__, __LINE__, "dss", |
|
|
|
dc->context_ndx, |
|
|
|
"(cached) result:", |
|
|
|
cond_result_to_string(caches[dc->context_ndx].result)); |
|
|
|
} |
|
|
|
if (debug_cond) { |
|
|
|
log_error(con->errh, __FILE__, __LINE__, "%d (%s) result: %s", |
|
|
|
dc->context_ndx, |
|
|
|
"uncached"+offset, |
|
|
|
cond_result_to_string(cache->result)); |
|
|
|
} |
|
|
|
return caches[dc->context_ndx].result; |
|
|
|
|
|
|
|
return cache->result; |
|
|
|
} |
|
|
|
|
|
|
|
/* if we reset the cache result for a node, we also need to clear all
|
|
|
|
@ -573,10 +568,12 @@ void config_cond_cache_reset(server *srv, connection *con) { |
|
|
|
} |
|
|
|
|
|
|
|
int config_check_cond(server *srv, connection *con, const data_config *dc) { |
|
|
|
if (con->conf.log_condition_handling) { |
|
|
|
log_error_write(srv, __FILE__, __LINE__, "s", "=== start of condition block ==="); |
|
|
|
UNUSED(srv); |
|
|
|
const int debug_cond = con->conf.log_condition_handling; |
|
|
|
if (debug_cond) { |
|
|
|
log_error(con->errh, __FILE__, __LINE__, "=== start of condition block ==="); |
|
|
|
} |
|
|
|
return (config_check_cond_cached(srv, con, dc) == COND_RESULT_TRUE); |
|
|
|
return (config_check_cond_cached(con, dc, debug_cond) == COND_RESULT_TRUE); |
|
|
|
} |
|
|
|
|
|
|
|
#ifdef HAVE_PCRE_H |
|
|
|
|
