static liAction* mod_limit_action_create(liServer *srv, liPlugin *p, mod_limit_context_type type, liValue *val) {
const char* act_names[] = { "limit.con", "limit.con_ip", "limit.req", "limit.req_ip" };
mod_limit_context *ctx;
gint limit = 0;
liAction *action_limit_reached = NULL;
val = li_value_get_single_argument(val);
val = li_value_get_single_argument(val);
if (LI_VALUE_NUMBER == li_value_type(val) && val->data.number > 0) {
/* limit.* N; */
limit = val->data.number;
action_limit_reached = NULL;
} else if (LI_VALUE_LIST == li_value_type(val)
&& li_value_list_has_len(val, 2)
&& LI_VALUE_NUMBER == li_value_list_type_at(val, 0)
&& li_value_list_at(val, 0)->data.number > 0
&& LI_VALUE_ACTION == li_value_list_type_at(val, 1)) {
limit = li_value_list_at(val, 0)->data.number;
action_limit_reached = li_value_extract_action(li_value_list_at(val, 1));
} else {
ERROR(srv, "%s expects either an integer > 0 as parameter, or a list of (int > 0,action)", act_names[type]);
return NULL;
}
ctx = mod_limit_context_new(type, limit, action_limit_reached, p);
return li_action_new_function(mod_limit_action_handle, NULL, mod_limit_action_free, ctx);
}
static liAction* core_throttle_connection(liServer *srv, liWorker *wrk, liPlugin* p, liValue *val, gpointer userdata) {
liThrottleParam *param;
guint64 rate, burst;
UNUSED(wrk); UNUSED(p); UNUSED(userdata);
val = li_value_get_single_argument(val);
val = li_value_get_single_argument(val);
if (li_value_list_has_len(val, 2)) {
liValue *v1 = li_value_list_at(val, 0);
liValue *v2 = li_value_list_at(val, 1);
if (LI_VALUE_NUMBER != li_value_type(v1) || LI_VALUE_NUMBER != li_value_type(v2)) {
ERROR(srv, "%s", "'io.throttle' action expects a positiv integer or a pair of those as parameter");
return NULL;
}
rate = v2->data.number;
burst = v1->data.number;
} else if (LI_VALUE_NUMBER == li_value_type(val)) {
rate = val->data.number;
burst = 2 * rate;
} else {
ERROR(srv, "'io.throttle' action expects a positiv integer or a pair of those as parameter, %s given", li_value_type_string(val));
return NULL;
}
if ((rate != 0 || burst != 0) && !sanity_check(srv, rate, burst)) return NULL;
param = g_slice_new(liThrottleParam);
param->rate = rate;
param->burst = burst;
return li_action_new_function(core_handle_throttle_connection, NULL, core_throttle_connection_free, param);
}
static liAction* lua_handler_create(liServer *srv, liWorker *wrk, liPlugin* p, liValue *val, gpointer userdata) {
liValue *v_filename = NULL, *v_options = NULL, *v_args = NULL;
lua_config *conf;
guint ttl = 0;
UNUSED(wrk); UNUSED(userdata);
if (LI_VALUE_STRING == li_value_type(val)) {
v_filename = val;
} else if (LI_VALUE_LIST == li_value_type(val)) {
switch (li_value_list_len(val)) {
case 3: v_args = li_value_list_at(val, 2); /* fall through */
case 2: v_options = li_value_list_at(val, 1); /* fall through */
case 1: v_filename = li_value_list_at(val, 0); /* fall through */
case 0: break;
default:
ERROR(srv, "%s", "lua.handler expects at most 3 arguments");
return NULL;
}
}
if (LI_VALUE_STRING != li_value_type(v_filename)) {
ERROR(srv, "%s", "lua.handler expects at least a filename, or a filename and some options");
return NULL;
}
if (NULL != v_options) {
if (NULL == (v_options = li_value_to_key_value_list(v_options))) {
ERROR(srv, "%s", "lua.handler expects options in a hash/key-value list");
return NULL;
}
LI_VALUE_FOREACH(entry, v_options)
liValue *entryKey = li_value_list_at(entry, 0);
liValue *entryValue = li_value_list_at(entry, 1);
GString *entryKeyStr;
if (LI_VALUE_STRING != li_value_type(entryKey)) {
ERROR(srv, "%s", "lua.handler doesn't take default keys");
return NULL;
}
entryKeyStr = entryKey->data.string; /* keys are either NONE or STRING */
if (g_string_equal(entryKeyStr, &lon_ttl)) {
if (LI_VALUE_NUMBER != li_value_type(entryValue) || entryValue->data.number <= 0) {
ERROR(srv, "lua.handler option '%s' expects positive integer as parameter", entryKeyStr->str);
return NULL;
}
ttl = entryValue->data.number;
} else {
ERROR(srv, "unknown option for lua.handler '%s'", entryKeyStr->str);
return NULL;
}
LI_VALUE_END_FOREACH()
}
conf = lua_config_new(srv, p, li_value_extract_string(v_filename), ttl, li_value_extract(v_args));
return li_action_new_function(lua_handle, NULL, lua_config_free, conf);
}
static liAction* redirect_create(liServer *srv, liWorker *wrk, liPlugin* p, liValue *val, gpointer userdata) {
redirect_data *rd;
UNUSED(wrk); UNUSED(userdata);
val = li_value_get_single_argument(val);
if (LI_VALUE_STRING != li_value_type(val) && LI_VALUE_LIST != li_value_type(val)) {
ERROR(srv, "%s", "redirect expects a either a string, a tuple of strings or a list of string tuples");
return NULL;
}
rd = g_slice_new(redirect_data);
rd->p = p;
rd->rules = g_array_new(FALSE, FALSE, sizeof(redirect_rule));
if (LI_VALUE_STRING == li_value_type(val)) {
redirect_rule rule;
/* redirect "/foo/bar"; */
if (!redirect_rule_parse(srv, NULL, val->data.string, &rule)) {
redirect_free(NULL, rd);
return NULL;
}
g_array_append_val(rd->rules, rule);
} else if (li_value_list_has_len(val, 2) && LI_VALUE_STRING == li_value_list_type_at(val, 0) && LI_VALUE_STRING == li_value_list_type_at(val, 1)) {
redirect_rule rule;
/* only one rule */
if (!redirect_rule_parse(srv, li_value_list_at(val, 0)->data.string, li_value_list_at(val, 1)->data.string, &rule)) {
redirect_free(NULL, rd);
return NULL;
}
g_array_append_val(rd->rules, rule);
} else {
/* probably multiple rules */
LI_VALUE_FOREACH(v, val)
redirect_rule rule;
if (!li_value_list_has_len(v, 2)
|| LI_VALUE_STRING != li_value_list_type_at(v, 0) || LI_VALUE_STRING != li_value_list_type_at(v, 1)) {
redirect_free(NULL, rd);
ERROR(srv, "%s", "redirect expects a either a tuple of strings or a list of those");
return NULL;
}
if (!redirect_rule_parse(srv, li_value_list_at(v, 0)->data.string, li_value_list_at(v, 1)->data.string, &rule)) {
redirect_free(NULL, rd);
return NULL;
}
g_array_append_val(rd->rules, rule);
LI_VALUE_END_FOREACH()
}
return li_action_new_function(redirect, NULL, redirect_free, rd);
}
static liAction* vhost_map_create(liServer *srv, liWorker *wrk, liPlugin* p, liValue *val, gpointer userdata) {
vhost_map_data *md;
UNUSED(wrk); UNUSED(userdata);
val = li_value_get_single_argument(val);
if (NULL == (val = li_value_to_key_value_list(val))) {
ERROR(srv, "%s", "vhost.map expects a hashtable/key-value list as parameter");
return NULL;
}
md = g_slice_new0(vhost_map_data);
md->plugin = p;
md->hash = li_value_new_hashtable();
LI_VALUE_FOREACH(entry, val)
liValue *entryKey = li_value_list_at(entry, 0);
liValue *entryValue = li_value_list_at(entry, 1);
GString *entryKeyStr;
if (LI_VALUE_ACTION != li_value_type(entryValue)) {
ERROR(srv, "vhost.map expects a hashtable/key-value list with action values as parameter, %s value given", li_value_type_string(entryValue));
vhost_map_free(srv, md);
return NULL;
}
/* we now own the key string: free it in case of failure */
entryKeyStr = li_value_extract_string(entryKey);
if (NULL != entryKeyStr && g_str_equal(entryKeyStr->str, "default")) {
WARNING(srv, "%s", "vhost.map: found entry with string key \"default\". please convert the parameter to a key-value list and use the keyword default instead.");
/* TODO: remove support for "default" (LI_VALUE_HASH) */
g_string_free(entryKeyStr, TRUE);
entryKeyStr = NULL;
}
if (NULL == entryKeyStr) {
if (NULL != md->default_action) {
ERROR(srv, "%s", "vhost.map: already have a default action");
/* key string is NULL, nothing to free */
vhost_map_free(srv, md);
return NULL;
}
md->default_action = li_value_extract(entryValue);
} else {
if (NULL != g_hash_table_lookup(md->hash, entryKeyStr)) {
ERROR(srv, "vhost.map: duplicate entry for '%s'", entryKeyStr->str);
g_string_free(entryKeyStr, TRUE);
vhost_map_free(srv, md);
return NULL;
}
g_hash_table_insert(md->hash, entryKeyStr, li_value_extract(entryValue));
}
LI_VALUE_END_FOREACH()
return li_action_new_function(vhost_map, NULL, vhost_map_free, md);
}
static liAction* vhost_map_regex_create(liServer *srv, liWorker *wrk, liPlugin* p, liValue *val, gpointer userdata) {
vhost_map_regex_data *mrd;
UNUSED(wrk); UNUSED(userdata);
val = li_value_get_single_argument(val);
if (NULL == (val = li_value_to_key_value_list(val))) {
ERROR(srv, "%s", "vhost.map_regex expects a hashtable/key-value list as parameter");
return NULL;
}
mrd = g_slice_new0(vhost_map_regex_data);
mrd->plugin = p;
mrd->list = g_array_new(FALSE, FALSE, sizeof(vhost_map_regex_entry));
LI_VALUE_FOREACH(entry, val)
liValue *entryKey = li_value_list_at(entry, 0);
liValue *entryValue = li_value_list_at(entry, 1);
GString *entryKeyStr;
if (LI_VALUE_ACTION != li_value_type(entryValue)) {
ERROR(srv, "vhost.map_regex expects a hashtable/key-value list with action values as parameter, %s value given", li_value_type_string(entryValue));
vhost_map_free(srv, mrd);
return NULL;
}
/* we now own the key string: free it in case of failure */
entryKeyStr = li_value_extract_string(entryKey);
if (NULL != entryKeyStr && g_str_equal(entryKeyStr->str, "default")) {
WARNING(srv, "%s", "vhost.map_regex: found entry with string key \"default\". please convert the parameter to a key-value list and use the keyword default instead.");
/* TODO: remove support for "default" (LI_VALUE_HASH) */
g_string_free(entryKeyStr, TRUE);
entryKeyStr = NULL;
}
if (NULL == entryKeyStr) {
if (NULL != mrd->default_action) {
ERROR(srv, "%s", "vhost.map_regex: already have a default action");
vhost_map_free(srv, mrd);
return NULL;
}
mrd->default_action = li_value_extract(entryValue);
} else {
GError *err = NULL;
vhost_map_regex_entry map_entry;
map_entry.regex = g_regex_new(entryKeyStr->str, G_REGEX_RAW | G_REGEX_OPTIMIZE, 0, &err);
g_string_free(entryKeyStr, TRUE);
if (NULL == map_entry.regex) {
assert(NULL != err);
vhost_map_regex_free(srv, mrd);
ERROR(srv, "vhost.map_regex: error compiling regex \"%s\": %s", entryKeyStr->str, err->message);
g_error_free(err);
return NULL;
}
assert(NULL == err);
map_entry.action = li_value_extract(entryValue);
g_array_append_val(mrd->list, map_entry);
}
LI_VALUE_END_FOREACH()
return li_action_new_function(vhost_map_regex, NULL, vhost_map_regex_free, mrd);
}
static liAction* dirlist_create(liServer *srv, liWorker *wrk, liPlugin* p, liValue *val, gpointer userdata) {
dirlist_data *data;
UNUSED(wrk); UNUSED(userdata);
val = li_value_get_single_argument(val);
if (NULL != val && NULL == (val = li_value_to_key_value_list(val))) {
ERROR(srv, "%s", "dirlist expects an optional list of string-value pairs");
return NULL;
}
data = g_slice_new0(dirlist_data);
data->plugin = p;
data->hide_dotfiles = TRUE;
data->hide_tildefiles = TRUE;
data->include_readme = TRUE;
data->encode_header = TRUE;
data->encode_readme = TRUE;
data->include_sort = TRUE;
data->exclude_suffix = g_ptr_array_new();
data->exclude_prefix = g_ptr_array_new();
data->content_type = g_string_new("text/html; charset=utf-8");
LI_VALUE_FOREACH(entry, val)
liValue *entryKey = li_value_list_at(entry, 0);
liValue *entryValue = li_value_list_at(entry, 1);
GString *entryKeyStr;
if (LI_VALUE_STRING != li_value_type(entryKey)) {
ERROR(srv, "%s", "dirlist doesn't take default keys");
dirlist_free(srv, data);
return NULL;
}
entryKeyStr = entryKey->data.string; /* keys are either NONE or STRING */
/* TODO: check for duplicate keys? */
if (g_str_equal(entryKeyStr->str, "sort")) { /* "name", "size" or "type" */
if (LI_VALUE_STRING != li_value_type(entryValue)) {
ERROR(srv, "%s", "dirlist: sort parameter must be a string");
dirlist_free(srv, data);
return NULL;
}
/* TODO */
WARNING(srv, "%s", "dirlist: sort parameter not supported yet!");
} else if (g_str_equal(entryKeyStr->str, "css")) {
if (LI_VALUE_STRING != li_value_type(entryValue)) {
ERROR(srv, "%s", "dirlist: css parameter must be a string");
dirlist_free(srv, data);
return NULL;
}
if (NULL != data->css) g_string_free(data->css, TRUE);
data->css = li_value_extract_string(entryValue);
} else if (g_str_equal(entryKeyStr->str, "hide-dotfiles")) {
if (LI_VALUE_BOOLEAN != li_value_type(entryValue)) {
ERROR(srv, "%s", "dirlist: hide-dotfiles parameter must be a boolean (true or false)");
dirlist_free(srv, data);
return NULL;
}
data->hide_dotfiles = entryValue->data.boolean;
} else if (g_str_equal(entryKeyStr->str, "hide-tildefiles")) {
if (LI_VALUE_BOOLEAN != li_value_type(entryValue)) {
ERROR(srv, "%s", "dirlist: hide-tildefiles parameter must be a boolean (true or false)");
dirlist_free(srv, data);
return NULL;
}
data->hide_tildefiles = entryValue->data.boolean;
} else if (g_str_equal(entryKeyStr->str, "hide-directories")) {
if (LI_VALUE_BOOLEAN != li_value_type(entryValue)) {
ERROR(srv, "%s", "dirlist: hide-directories parameter must be a boolean (true or false)");
dirlist_free(srv, data);
return NULL;
}
data->hide_directories = entryValue->data.boolean;
} else if (g_str_equal(entryKeyStr->str, "include-header")) {
if (LI_VALUE_BOOLEAN != li_value_type(entryValue)) {
ERROR(srv, "%s", "dirlist: include-header parameter must be a boolean (true or false)");
dirlist_free(srv, data);
return NULL;
}
data->include_header = entryValue->data.boolean;
} else if (g_str_equal(entryKeyStr->str, "hide-header")) {
if (LI_VALUE_BOOLEAN != li_value_type(entryValue)) {
ERROR(srv, "%s", "dirlist: hide-header parameter must be a boolean (true or false)");
dirlist_free(srv, data);
return NULL;
}
data->hide_header = entryValue->data.boolean;
} else if (g_str_equal(entryKeyStr->str, "encode-header")) {
if (LI_VALUE_BOOLEAN != li_value_type(entryValue)) {
ERROR(srv, "%s", "dirlist: encode-header parameter must be a boolean (true or false)");
dirlist_free(srv, data);
return NULL;
}
data->encode_header = entryValue->data.boolean;
} else if (g_str_equal(entryKeyStr->str, "include-readme")) {
if (LI_VALUE_BOOLEAN != li_value_type(entryValue)) {
ERROR(srv, "%s", "dirlist: include-readme parameter must be a boolean (true or false)");
dirlist_free(srv, data);
return NULL;
}
data->include_readme = entryValue->data.boolean;
} else if (g_str_equal(entryKeyStr->str, "hide-readme")) {
if (LI_VALUE_BOOLEAN != li_value_type(entryValue)) {
ERROR(srv, "%s", "dirlist: hide-readme parameter must be a boolean (true or false)");
dirlist_free(srv, data);
return NULL;
}
data->hide_readme = entryValue->data.boolean;
} else if (g_str_equal(entryKeyStr->str, "encode-readme")) {
if (LI_VALUE_BOOLEAN != li_value_type(entryValue)) {
ERROR(srv, "%s", "dirlist: encode-readme parameter must be a boolean (true or false)");
dirlist_free(srv, data);
return NULL;
}
data->encode_readme = entryValue->data.boolean;
} else if (g_str_equal(entryKeyStr->str, "exclude-suffix")) {
if (LI_VALUE_LIST != li_value_type(entryValue)) {
ERROR(srv, "%s", "dirlist: exclude-suffix parameter must be a list of strings");
dirlist_free(srv, data);
return NULL;
}
LI_VALUE_FOREACH(suffix, entryValue)
if (LI_VALUE_STRING != li_value_type(suffix)) {
ERROR(srv, "%s", "dirlist: exclude-suffix parameter must be a list of strings");
dirlist_free(srv, data);
return NULL;
} else {
g_ptr_array_add(data->exclude_suffix, li_value_extract_string(suffix));
}
LI_VALUE_END_FOREACH()
} else if (g_str_equal(entryKeyStr->str, "exclude-prefix")) {
static liValue* option_value(liValue *val) {
if (li_value_list_has_len(val, 1)) return li_value_list_at(val, 0);
if (li_value_list_has_len(val, 0)) return NULL;
return val;
}
static gboolean creds_add_pemfile(liServer *srv, mod_context *ctx, gnutls_certificate_credentials_t creds, liValue *pemfile) {
const char *keyfile = NULL;
const char *certfile = NULL;
const char *ocspfile = NULL;
int r;
if (LI_VALUE_STRING == li_value_type(pemfile)) {
keyfile = pemfile->data.string->str;
certfile = pemfile->data.string->str;
} else if (li_value_list_len(pemfile) >= 2) {
if (NULL == (pemfile = li_value_to_key_value_list(pemfile))) {
ERROR(srv, "%s", "gnutls expects a hash/key-value list or a string as pemfile parameter");
return FALSE;
}
LI_VALUE_FOREACH(entry, pemfile)
liValue *entryKey = li_value_list_at(entry, 0);
liValue *entryValue = li_value_list_at(entry, 1);
GString *entryKeyStr;
if (LI_VALUE_STRING != li_value_type(entryKey)) {
ERROR(srv, "%s", "gnutls doesn't take default keys");
return FALSE;
}
entryKeyStr = entryKey->data.string; /* keys are either NONE or STRING */
if (g_str_equal(entryKeyStr->str, "key")) {
if (LI_VALUE_STRING != li_value_type(entryValue)) {
ERROR(srv, "%s", "gnutls pemfile.key expects a string as parameter");
return FALSE;
}
if (NULL != keyfile) {
ERROR(srv, "gnutls unexpected duplicate parameter pemfile %s", entryKeyStr->str);
return FALSE;
}
keyfile = entryValue->data.string->str;
} else if (g_str_equal(entryKeyStr->str, "cert")) {
if (LI_VALUE_STRING != li_value_type(entryValue)) {
ERROR(srv, "%s", "gnutls pemfile.cert expects a string as parameter");
return FALSE;
}
if (NULL != certfile) {
ERROR(srv, "gnutls unexpected duplicate parameter pemfile %s", entryKeyStr->str);
return FALSE;
}
certfile = entryValue->data.string->str;
} else if (g_str_equal(entryKeyStr->str, "ocsp")) {
if (LI_VALUE_STRING != li_value_type(entryValue)) {
ERROR(srv, "%s", "gnutls pemfile.ocsp expects a string as parameter");
return FALSE;
}
if (NULL != ocspfile) {
ERROR(srv, "gnutls unexpected duplicate parameter pemfile %s", entryKeyStr->str);
return FALSE;
}
ocspfile = entryValue->data.string->str;
} else {
ERROR(srv, "invalid parameter for gnutls: pemfile %s", entryKeyStr->str);
return FALSE;
}
LI_VALUE_END_FOREACH()
} else {
static liAction* auth_generic_create(liServer *srv, liWorker *wrk, liPlugin* p, liValue *val, const char *actname, AuthBasicBackend basic_action, gboolean has_realm) {
AuthFile *afd;
GString *method = NULL, *file = NULL;
liValue *realm = NULL;
gboolean have_ttl_parameter = FALSE;
gint ttl = 10;
val = li_value_get_single_argument(val);
if (NULL == (val = li_value_to_key_value_list(val))) {
ERROR(srv, "%s expects a hashtable/key-value list with at least 3 elements: method, realm and file", actname);
return NULL;
}
LI_VALUE_FOREACH(entry, val)
liValue *entryKey = li_value_list_at(entry, 0);
liValue *entryValue = li_value_list_at(entry, 1);
GString *entryKeyStr;
if (LI_VALUE_NONE == li_value_type(entryKey)) {
ERROR(srv, "%s doesn't take default keys", actname);
return NULL;
}
entryKeyStr = entryKey->data.string; /* keys are either NONE or STRING */
if (g_string_equal(entryKeyStr, &aon_method)) {
if (LI_VALUE_STRING != li_value_type(entryValue)) {
ERROR(srv, "auth option '%s' expects string as parameter", entryKeyStr->str);
return NULL;
}
if (NULL != method) {
ERROR(srv, "duplicate auth option '%s'", entryKeyStr->str);
return NULL;
}
method = entryValue->data.string;
} else if (g_string_equal(entryKeyStr, &aon_realm)) {
if (LI_VALUE_STRING != li_value_type(entryValue)) {
ERROR(srv, "auth option '%s' expects string as parameter", entryKeyStr->str);
return NULL;
}
if (NULL != realm) {
ERROR(srv, "duplicate auth option '%s'", entryKeyStr->str);
return NULL;
}
realm = entryValue;
} else if (g_string_equal(entryKeyStr, &aon_file)) {
if (LI_VALUE_STRING != li_value_type(entryValue)) {
ERROR(srv, "auth option '%s' expects string as parameter", entryKeyStr->str);
return NULL;
}
if (NULL != file) {
ERROR(srv, "duplicate auth option '%s'", entryKeyStr->str);
return NULL;
}
file = entryValue->data.string;
} else if (g_string_equal(entryKeyStr, &aon_ttl)) {
if (LI_VALUE_NUMBER != li_value_type(entryValue) || entryValue->data.number < 0) {
ERROR(srv, "auth option '%s' expects non-negative number as parameter", entryKeyStr->str);
return NULL;
}
if (have_ttl_parameter) {
ERROR(srv, "duplicate auth option '%s'", entryKeyStr->str);
return NULL;
}
have_ttl_parameter = TRUE;
ttl = entryValue->data.number;
} else {
ERROR(srv, "unknown auth option '%s'", entryKeyStr->str);
return NULL;
}
LI_VALUE_END_FOREACH()
if (NULL == method || NULL == realm || NULL == file) {
ERROR(srv, "%s expects a hashtable/key-value list with 3 elements: method, realm and file", actname);
return NULL;
}
if (!g_str_equal(method->str, "basic") && !g_str_equal(method->str, "digest")) {
ERROR(srv, "%s: unknown method: %s", actname, method->str);
return NULL;
}
if (g_str_equal(method->str, "digest")) {
ERROR(srv, "%s: digest authentication not implemented yet", actname);
return NULL;
}
/* load users from file */
afd = auth_file_new(wrk, file, has_realm, ttl);
if (!afd)
return FALSE;
if (g_str_equal(method->str, "basic")) {
AuthBasicData *bdata;
bdata = g_slice_new(AuthBasicData);
bdata->p = p;
bdata->realm = li_value_extract_string(realm);
bdata->backend = basic_action;
bdata->data = afd;
return li_action_new_function(auth_basic, NULL, auth_basic_free, bdata);
} else {
auth_file_free(afd);
return NULL; /* li_action_new_function(NULL, NULL, auth_backend_plain_free, ad); */
}
}