ngx_int_t
ngx_http_dummy_create_hashtables_n(ngx_http_dummy_loc_conf_t *dlc,
ngx_conf_t *cf)
{
int zone, uri_idx, name_idx, ret;
ngx_http_rule_t *curr_r/*, *father_r*/;
ngx_http_whitelist_rule_t *father_wlr;
ngx_http_rule_t **rptr;
ngx_regex_compile_t *rgc;
char *fullname;
uint i;
if (!dlc->whitelist_rules || dlc->whitelist_rules->nelts < 1) {
NX_LOG_DEBUG(_debug_whitelist_heavy ,
NGX_LOG_EMERG, cf, 0,
"No whitelist registred, but it's your call.");
return (NGX_OK);
}
NX_LOG_DEBUG(_debug_whitelist_heavy,
NGX_LOG_EMERG, cf, 0,
"Building whitelist hashtables, %d items in list",
dlc->whitelist_rules->nelts);
dlc->tmp_wlr = ngx_array_create(cf->pool, dlc->whitelist_rules->nelts,
sizeof(ngx_http_whitelist_rule_t));
/* iterate through each stored whitelist rule. */
for (i = 0; i < dlc->whitelist_rules->nelts; i++) {
uri_idx = name_idx = zone = -1;
/*a whitelist is in fact just another basic_rule_t */
curr_r = &(((ngx_http_rule_t*)(dlc->whitelist_rules->elts))[i]);
NX_LOG_DEBUG(_debug_whitelist_heavy,
NGX_LOG_EMERG, cf, 0,
"Processing wl %d/%p", i, curr_r);
/*no custom location at all means that the rule is disabled */
if (!curr_r->br->custom_locations) {
NX_LOG_DEBUG(_debug_whitelist_heavy,
NGX_LOG_EMERG, cf, 0,
"WL %d is a disable rule.", i);
if (ngx_http_wlr_push_disabled(cf, dlc, curr_r) == NGX_ERROR)
return (NGX_ERROR);
continue;
}
ret = ngx_http_wlr_identify(cf, dlc, curr_r, &zone, &uri_idx, &name_idx);
if (ret != NGX_OK) /* LCOV_EXCL_START */
{
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"Following whitelist doesn't target any zone or is incorrect :");
if (name_idx != -1)
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "whitelist target name : %V",
&(custloc_array(curr_r->br->custom_locations->elts)[name_idx].target));
else
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "whitelist has no target name.");
if (uri_idx != -1)
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "whitelist target uri : %V",
&(custloc_array(curr_r->br->custom_locations->elts)[uri_idx].target));
else
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "whitelists has no target uri.");
return (NGX_ERROR);
} /* LCOV_EXCL_STOP */
curr_r->br->zone = zone;
/*
** Handle regular-expression-matchzone rules :
** Store them in a separate linked list, parsed
** at runtime.
*/
if (curr_r->br->rx_mz == 1) {
if (!dlc->rxmz_wlr) {
dlc->rxmz_wlr = ngx_array_create(cf->pool, 1,
sizeof(ngx_http_rule_t *));
if (!dlc->rxmz_wlr) return (NGX_ERROR); /* LCOV_EXCL_LINE */
}
if (name_idx != -1 && !custloc_array(curr_r->br->custom_locations->elts)[name_idx].target_rx) {
custloc_array(curr_r->br->custom_locations->elts)[name_idx].target_rx =
ngx_pcalloc(cf->pool, sizeof(ngx_regex_compile_t));
rgc = custloc_array(curr_r->br->custom_locations->elts)[name_idx].target_rx;
rgc->options = PCRE_CASELESS|PCRE_MULTILINE;
rgc->pattern = custloc_array(curr_r->br->custom_locations->elts)[name_idx].target;
rgc->pool = cf->pool;
rgc->err.len = 0;
rgc->err.data = NULL;
//custloc_array(curr_r->br->custom_locations->elts)[name_idx].target;
if (ngx_regex_compile(rgc) != NGX_OK)
return (NGX_ERROR);
}
if (uri_idx != -1 && !custloc_array(curr_r->br->custom_locations->elts)[uri_idx].target_rx) {
custloc_array(curr_r->br->custom_locations->elts)[uri_idx].target_rx =
ngx_pcalloc(cf->pool, sizeof(ngx_regex_compile_t));
rgc = custloc_array(curr_r->br->custom_locations->elts)[uri_idx].target_rx;
rgc->options = PCRE_CASELESS|PCRE_MULTILINE;
rgc->pattern = custloc_array(curr_r->br->custom_locations->elts)[uri_idx].target;
rgc->pool = cf->pool;
rgc->err.len = 0;
rgc->err.data = NULL;
//custloc_array(curr_r->br->custom_locations->elts)[name_idx].target;
if (ngx_regex_compile(rgc) != NGX_OK)
return (NGX_ERROR);
}
rptr = ngx_array_push(dlc->rxmz_wlr);
if (!rptr)
return (NGX_ERROR);
*rptr = curr_r;
continue;
}
/*
** Handle static match-zones for hashtables
*/
father_wlr = ngx_http_wlr_find(cf, dlc, curr_r, zone, uri_idx, name_idx, (char **) &fullname);
if (!father_wlr) {
NX_LOG_DEBUG(_debug_whitelist_heavy,
NGX_LOG_EMERG, cf, 0,
"creating fresh WL [%s].", fullname);
/* creates a new whitelist rule in the right place.
setup name and zone, create a new (empty) whitelist_location, as well
as a new (empty) id aray. */
father_wlr = ngx_array_push(dlc->tmp_wlr);
if (!father_wlr)
return (NGX_ERROR);
memset(father_wlr, 0, sizeof(ngx_http_whitelist_rule_t));
father_wlr->name = ngx_pcalloc(cf->pool, sizeof(ngx_str_t));
if (!father_wlr->name)
return (NGX_ERROR);
father_wlr->name->len = strlen((const char *) fullname);
father_wlr->name->data = (unsigned char *) fullname;
father_wlr->zone = zone;
/* If there is URI and no name idx, specify it,
so that WL system won't get fooled by an argname like an URL */
if (uri_idx != -1 && name_idx == -1)
father_wlr->uri_only = 1;
/* If target_name is present in son, report it. */
if (curr_r->br->target_name)
father_wlr->target_name = curr_r->br->target_name;
}
/*merges the two whitelist rules together, including custom_locations. */
if (ngx_http_wlr_merge(cf, father_wlr, curr_r) != NGX_OK)
return (NGX_ERROR);
}
/* and finally, build the hashtables for various zones. */
if (ngx_http_wlr_finalize_hashtables(cf, dlc) != NGX_OK)
return (NGX_ERROR);
/* TODO : Free old whitelist_rules (dlc->whitelist_rules)*/
return (NGX_OK);
}
//#define whitelist_heavy_debug
ngx_int_t
ngx_http_dummy_create_hashtables_n(ngx_http_dummy_loc_conf_t *dlc,
ngx_conf_t *cf)
{
int zone, uri_idx, name_idx, ret;
ngx_http_rule_t *curr_r/*, *father_r*/;
ngx_http_whitelist_rule_t *father_wlr;
unsigned char *fullname;
uint i;
if (!dlc->whitelist_rules || dlc->whitelist_rules->nelts < 1) {
#ifdef whitelist_heavy_debug
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"No whitelist registred, but it's your call.");
#endif
return (NGX_OK);
}
#ifdef whitelist_heavy_debug
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"Building whitelist hashtables, %d items in list",
dlc->whitelist_rules->nelts);
#endif
dlc->tmp_wlr = ngx_array_create(cf->pool, dlc->whitelist_rules->nelts,
sizeof(ngx_http_whitelist_rule_t));
/* iterate through each stored whitelist rule. */
for (i = 0; i < dlc->whitelist_rules->nelts; i++) {
uri_idx = name_idx = zone = -1;
/*a whitelist is in fact just another basic_rule_t */
curr_r = &(httprule_array(dlc->whitelist_rules->elts)[i]);
#ifdef whitelist_heavy_debug
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"Processing wl %d/%p", i, curr_r);
#endif
/*no custom location at all means that the rule is disabled */
if (!curr_r->br->custom_locations) {
#ifdef whitelist_heavy_debug
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"WL %d is a disable rule.", i);
#endif
if (ngx_http_wlr_push_disabled(cf, dlc, curr_r) == NGX_ERROR)
return (NGX_ERROR);
continue;
}
ret = ngx_http_wlr_identify(cf, dlc, curr_r, &zone, &uri_idx, &name_idx);
if (ret != NGX_OK)
{
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"naxsi internal error in wlr_identify.");
return (NGX_ERROR);
}
father_wlr = ngx_http_wlr_find(cf, dlc, curr_r, zone, uri_idx, name_idx, (char **) &fullname);
if (!father_wlr) {
#ifdef whitelist_heavy_debug
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"creating fresh WL [%s].", fullname);
#endif
/* creates a new whitelist rule in the right place.
setup name and zone, create a new (empty) whitelist_location, as well
as a new (empty) id aray. */
father_wlr = ngx_array_push(dlc->tmp_wlr);
if (!father_wlr)
return (NGX_ERROR);
memset(father_wlr, 0, sizeof(ngx_http_whitelist_rule_t));
father_wlr->name = ngx_pcalloc(cf->pool, sizeof(ngx_str_t));
if (!father_wlr->name)
return (NGX_ERROR);
father_wlr->name->len = strlen((const char *) fullname);
father_wlr->name->data = fullname;
father_wlr->zone = zone;
/* If there is URI and no name idx, specify it,
so that WL system won't get fooled by an argname like an URL */
if (uri_idx != -1 && name_idx == -1)
father_wlr->uri_only = 1;
/* If target_name is present in son, report it. */
if (curr_r->br && curr_r->br->target_name)
father_wlr->target_name = curr_r->br->target_name;
}
/*merges the two whitelist rules together, including custom_locations. */
if (ngx_http_wlr_merge(cf, father_wlr, curr_r) != NGX_OK)
return (NGX_ERROR);
}
/* and finally, build the hashtables for various zones. */
if (ngx_http_wlr_finalize_hashtables(cf, dlc) != NGX_OK)
return (NGX_ERROR);
/* TODO : Free old whitelist_rules (dlc->whitelist_rules)*/
return (NGX_OK);
}