KPoolableRedirect *KAcserverManager::refsAcserver(std::string name) {
    lock.RLock();
    KPoolableRedirect *ac = getAcserver(name);
    if (ac) {
        ac->addRef();
    }
    lock.RUnlock();
    return ac;
}
Exemple #2
0
int KAccess::check(KHttpRequest *rq, KHttpObject *obj) {
	register int jumpType = default_jump_type;
	unsigned checked_table = 0;
	KJump *jump = default_jump;
	KPoolableRedirect *as;
	const char *hitTable = NULL;
	int hitChain;
	lock.RLock();
	if (!actionParsed) {
		setChainAction();
	}
	if (begin) {
		if (begin->match(rq, obj, jumpType, &jump, checked_table, &hitTable,&hitChain)
			&& jumpType != JUMP_DEFAULT) {
		} else {
			//reset jump to default
			jumpType = default_jump_type;
			jump = default_jump;
		}
	}
	switch (jumpType) {
	case JUMP_SERVER:
		assert(rq->fetchObj==NULL);
		as = (KPoolableRedirect *) jump;
		if (as->proto != Proto_http && as->proto!=Proto_ajp) {
			jumpType = JUMP_DENY;
		} else {
			assert(rq->fetchObj==NULL);
			rq->fetchObj = as->makeFetchObject(rq,NULL);
			as->addRef();
			KBaseRedirect *brd = new KBaseRedirect(as,0);
			rq->fetchObj->bindBaseRedirect(brd);
			brd->release();
			jumpType = JUMP_ALLOW;
		}
		break;
#ifdef ENABLE_WRITE_BACK
	case JUMP_WBACK:
		if (jump) {
			KWriteBack *wb = (KWriteBack *) jump;
			wb->buildRequest(rq);
		}
		jumpType = JUMP_DENY;
		break;
#endif
	case JUMP_PROXY:
		assert(rq->fetchObj==NULL);
#ifdef HTTP_PROXY
		if (rq->meth == METH_CONNECT) 
			rq->fetchObj = new KPipeMessageFetchObject(NULL);
		else 
#endif
		rq->fetchObj = new KHttpProxyFetchObject();
		break;
	case JUMP_DROP:
		//直接丢弃
		lock.RUnlock();
		SET(rq->flags,RQ_CONNECTION_CLOSE);
		stageEndRequest(rq);
		return JUMP_DENY;
	}
	lock.RUnlock();
	if (type==REQUEST){
#ifdef ENABLE_VH_RS_LIMIT
		if (jumpType == JUMP_VHS) {
			query_vh_result vh_result;
#ifdef KSOCKET_SSL
			if (rq->c->sni) {
				vh_result = rq->c->useSniVirtualHost(rq);
			} else
#endif
				vh_result = conf.gvm->queryVirtualHost(rq->c->ls,&rq->svh,rq->url->host);
			switch (vh_result) {
			case query_vh_connect_limit:
				jumpType = JUMP_DENY;
				send_error(rq, NULL, STATUS_SERVER_ERROR, "max connect limit.");
				break;
			case query_vh_host_not_found:
				jumpType = JUMP_DENY;
				send_error(rq,NULL,STATUS_BAD_REQUEST,"host not found.");
				break;
			default:
				break;
			}
		} else 
#endif
		if (jumpType == JUMP_DENY) {
			if (rq->send_ctx.getBufferSize()>0 || rq->buffer.getLen() > 0) {
#ifdef ENABLE_TF_EXCHANGE
				if (rq->tf) {

					delete rq->tf;
					rq->tf = NULL;
				}
#endif
				rq->startResponseBody();
				stageWriteRequest(rq);
			} else if (TEST(rq->filter_flags,RQ_SEND_AUTH)) {
				send_auth(rq);
			} else if (!TEST(rq->flags,RQ_HAS_SEND_HEADER)) {
				send_error(rq, NULL, STATUS_FORBIDEN, "denied by request access control");
			}
		}
	}
	return jumpType;
}