KPoolableRedirect *KAcserverManager::refsAcserver(std::string name) { lock.RLock(); KPoolableRedirect *ac = getAcserver(name); if (ac) { ac->addRef(); } lock.RUnlock(); return ac; }
int KAccess::check(KHttpRequest *rq, KHttpObject *obj) { register int jumpType = default_jump_type; unsigned checked_table = 0; KJump *jump = default_jump; KPoolableRedirect *as; const char *hitTable = NULL; int hitChain; lock.RLock(); if (!actionParsed) { setChainAction(); } if (begin) { if (begin->match(rq, obj, jumpType, &jump, checked_table, &hitTable,&hitChain) && jumpType != JUMP_DEFAULT) { } else { //reset jump to default jumpType = default_jump_type; jump = default_jump; } } switch (jumpType) { case JUMP_SERVER: assert(rq->fetchObj==NULL); as = (KPoolableRedirect *) jump; if (as->proto != Proto_http && as->proto!=Proto_ajp) { jumpType = JUMP_DENY; } else { assert(rq->fetchObj==NULL); rq->fetchObj = as->makeFetchObject(rq,NULL); as->addRef(); KBaseRedirect *brd = new KBaseRedirect(as,0); rq->fetchObj->bindBaseRedirect(brd); brd->release(); jumpType = JUMP_ALLOW; } break; #ifdef ENABLE_WRITE_BACK case JUMP_WBACK: if (jump) { KWriteBack *wb = (KWriteBack *) jump; wb->buildRequest(rq); } jumpType = JUMP_DENY; break; #endif case JUMP_PROXY: assert(rq->fetchObj==NULL); #ifdef HTTP_PROXY if (rq->meth == METH_CONNECT) rq->fetchObj = new KPipeMessageFetchObject(NULL); else #endif rq->fetchObj = new KHttpProxyFetchObject(); break; case JUMP_DROP: //直接丢弃 lock.RUnlock(); SET(rq->flags,RQ_CONNECTION_CLOSE); stageEndRequest(rq); return JUMP_DENY; } lock.RUnlock(); if (type==REQUEST){ #ifdef ENABLE_VH_RS_LIMIT if (jumpType == JUMP_VHS) { query_vh_result vh_result; #ifdef KSOCKET_SSL if (rq->c->sni) { vh_result = rq->c->useSniVirtualHost(rq); } else #endif vh_result = conf.gvm->queryVirtualHost(rq->c->ls,&rq->svh,rq->url->host); switch (vh_result) { case query_vh_connect_limit: jumpType = JUMP_DENY; send_error(rq, NULL, STATUS_SERVER_ERROR, "max connect limit."); break; case query_vh_host_not_found: jumpType = JUMP_DENY; send_error(rq,NULL,STATUS_BAD_REQUEST,"host not found."); break; default: break; } } else #endif if (jumpType == JUMP_DENY) { if (rq->send_ctx.getBufferSize()>0 || rq->buffer.getLen() > 0) { #ifdef ENABLE_TF_EXCHANGE if (rq->tf) { delete rq->tf; rq->tf = NULL; } #endif rq->startResponseBody(); stageWriteRequest(rq); } else if (TEST(rq->filter_flags,RQ_SEND_AUTH)) { send_auth(rq); } else if (!TEST(rq->flags,RQ_HAS_SEND_HEADER)) { send_error(rq, NULL, STATUS_FORBIDEN, "denied by request access control"); } } } return jumpType; }