mirror of
https://github.com/cesanta/mongoose.git
synced 2025-07-29 08:56:16 +08:00
Merge branch 'master' of github.com:cesanta/mongoose
This commit is contained in:
cpq
commit
bf8c4dfc83
10
mongoose.c
10
mongoose.c
@ -6044,14 +6044,20 @@ static int parse_net(const char *spec, uint32_t *net, uint32_t *mask) {
|
|||||||
return len;
|
return len;
|
||||||
}
|
}
|
||||||
|
|
||||||
int mg_check_ip_acl(struct mg_str acl, uint32_t remote_ip) {
|
int mg_check_ip_acl(struct mg_str acl, struct mg_addr *remote_ip) {
|
||||||
struct mg_str k, v;
|
struct mg_str k, v;
|
||||||
int allowed = acl.len == 0 ? '+' : '-'; // If any ACL is set, deny by default
|
int allowed = acl.len == 0 ? '+' : '-'; // If any ACL is set, deny by default
|
||||||
|
uint32_t remote_ip4;
|
||||||
|
if (remote_ip->is_ip6) {
|
||||||
|
return -1; // TODO(): handle IPv6 ACL and addresses
|
||||||
|
} else { // IPv4
|
||||||
|
memcpy((void *) &remote_ip4, remote_ip->ip, sizeof(remote_ip4));
|
||||||
while (mg_commalist(&acl, &k, &v)) {
|
while (mg_commalist(&acl, &k, &v)) {
|
||||||
uint32_t net, mask;
|
uint32_t net, mask;
|
||||||
if (k.ptr[0] != '+' && k.ptr[0] != '-') return -1;
|
if (k.ptr[0] != '+' && k.ptr[0] != '-') return -1;
|
||||||
if (parse_net(&k.ptr[1], &net, &mask) == 0) return -2;
|
if (parse_net(&k.ptr[1], &net, &mask) == 0) return -2;
|
||||||
if ((mg_ntohl(remote_ip) & mask) == net) allowed = k.ptr[0];
|
if ((mg_ntohl(remote_ip4) & mask) == net) allowed = k.ptr[0];
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return allowed == '+';
|
return allowed == '+';
|
||||||
}
|
}
|
||||||
|
|||||||
@ -858,7 +858,6 @@ bool mg_split(struct mg_str *s, struct mg_str *k, struct mg_str *v, char delim);
|
|||||||
char *mg_hex(const void *buf, size_t len, char *dst);
|
char *mg_hex(const void *buf, size_t len, char *dst);
|
||||||
void mg_unhex(const char *buf, size_t len, unsigned char *to);
|
void mg_unhex(const char *buf, size_t len, unsigned char *to);
|
||||||
unsigned long mg_unhexn(const char *s, size_t len);
|
unsigned long mg_unhexn(const char *s, size_t len);
|
||||||
int mg_check_ip_acl(struct mg_str acl, uint32_t remote_ip);
|
|
||||||
bool mg_path_is_sane(const char *path);
|
bool mg_path_is_sane(const char *path);
|
||||||
|
|
||||||
|
|
||||||
@ -1043,6 +1042,9 @@ uint64_t mg_millis(void);
|
|||||||
#define MG_IPADDR_PARTS(ADDR) \
|
#define MG_IPADDR_PARTS(ADDR) \
|
||||||
MG_U8P(ADDR)[0], MG_U8P(ADDR)[1], MG_U8P(ADDR)[2], MG_U8P(ADDR)[3]
|
MG_U8P(ADDR)[0], MG_U8P(ADDR)[1], MG_U8P(ADDR)[2], MG_U8P(ADDR)[3]
|
||||||
|
|
||||||
|
struct mg_addr;
|
||||||
|
int mg_check_ip_acl(struct mg_str acl, struct mg_addr *remote_ip);
|
||||||
|
|
||||||
// Linked list management macros
|
// Linked list management macros
|
||||||
#define LIST_ADD_HEAD(type_, head_, elem_) \
|
#define LIST_ADD_HEAD(type_, head_, elem_) \
|
||||||
do { \
|
do { \
|
||||||
|
|||||||
@ -34,5 +34,4 @@ bool mg_split(struct mg_str *s, struct mg_str *k, struct mg_str *v, char delim);
|
|||||||
char *mg_hex(const void *buf, size_t len, char *dst);
|
char *mg_hex(const void *buf, size_t len, char *dst);
|
||||||
void mg_unhex(const char *buf, size_t len, unsigned char *to);
|
void mg_unhex(const char *buf, size_t len, unsigned char *to);
|
||||||
unsigned long mg_unhexn(const char *s, size_t len);
|
unsigned long mg_unhexn(const char *s, size_t len);
|
||||||
int mg_check_ip_acl(struct mg_str acl, uint32_t remote_ip);
|
|
||||||
bool mg_path_is_sane(const char *path);
|
bool mg_path_is_sane(const char *path);
|
||||||
|
|||||||
10
src/util.c
10
src/util.c
@ -80,14 +80,20 @@ static int parse_net(const char *spec, uint32_t *net, uint32_t *mask) {
|
|||||||
return len;
|
return len;
|
||||||
}
|
}
|
||||||
|
|
||||||
int mg_check_ip_acl(struct mg_str acl, uint32_t remote_ip) {
|
int mg_check_ip_acl(struct mg_str acl, struct mg_addr *remote_ip) {
|
||||||
struct mg_str k, v;
|
struct mg_str k, v;
|
||||||
int allowed = acl.len == 0 ? '+' : '-'; // If any ACL is set, deny by default
|
int allowed = acl.len == 0 ? '+' : '-'; // If any ACL is set, deny by default
|
||||||
|
uint32_t remote_ip4;
|
||||||
|
if (remote_ip->is_ip6) {
|
||||||
|
return -1; // TODO(): handle IPv6 ACL and addresses
|
||||||
|
} else { // IPv4
|
||||||
|
memcpy((void *) &remote_ip4, remote_ip->ip, sizeof(remote_ip4));
|
||||||
while (mg_commalist(&acl, &k, &v)) {
|
while (mg_commalist(&acl, &k, &v)) {
|
||||||
uint32_t net, mask;
|
uint32_t net, mask;
|
||||||
if (k.ptr[0] != '+' && k.ptr[0] != '-') return -1;
|
if (k.ptr[0] != '+' && k.ptr[0] != '-') return -1;
|
||||||
if (parse_net(&k.ptr[1], &net, &mask) == 0) return -2;
|
if (parse_net(&k.ptr[1], &net, &mask) == 0) return -2;
|
||||||
if ((mg_ntohl(remote_ip) & mask) == net) allowed = k.ptr[0];
|
if ((mg_ntohl(remote_ip4) & mask) == net) allowed = k.ptr[0];
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return allowed == '+';
|
return allowed == '+';
|
||||||
}
|
}
|
||||||
|
|||||||
@ -30,6 +30,9 @@ uint64_t mg_millis(void);
|
|||||||
#define MG_IPADDR_PARTS(ADDR) \
|
#define MG_IPADDR_PARTS(ADDR) \
|
||||||
MG_U8P(ADDR)[0], MG_U8P(ADDR)[1], MG_U8P(ADDR)[2], MG_U8P(ADDR)[3]
|
MG_U8P(ADDR)[0], MG_U8P(ADDR)[1], MG_U8P(ADDR)[2], MG_U8P(ADDR)[3]
|
||||||
|
|
||||||
|
struct mg_addr;
|
||||||
|
int mg_check_ip_acl(struct mg_str acl, struct mg_addr *remote_ip);
|
||||||
|
|
||||||
// Linked list management macros
|
// Linked list management macros
|
||||||
#define LIST_ADD_HEAD(type_, head_, elem_) \
|
#define LIST_ADD_HEAD(type_, head_, elem_) \
|
||||||
do { \
|
do { \
|
||||||
|
|||||||
@ -2570,16 +2570,18 @@ static void test_udp(void) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
static void test_check_ip_acl(void) {
|
static void test_check_ip_acl(void) {
|
||||||
uint32_t ip = mg_htonl(0x01020304);
|
struct mg_addr ip = {{1,2,3,4}, 0, false}; // 1.2.3.4
|
||||||
ASSERT(mg_check_ip_acl(mg_str(NULL), ip) == 1);
|
ASSERT(mg_check_ip_acl(mg_str(NULL), &ip) == 1);
|
||||||
ASSERT(mg_check_ip_acl(mg_str(""), ip) == 1);
|
ASSERT(mg_check_ip_acl(mg_str(""), &ip) == 1);
|
||||||
ASSERT(mg_check_ip_acl(mg_str("invalid"), ip) == -1);
|
ASSERT(mg_check_ip_acl(mg_str("invalid"), &ip) == -1);
|
||||||
ASSERT(mg_check_ip_acl(mg_str("+hi"), ip) == -2);
|
ASSERT(mg_check_ip_acl(mg_str("+hi"), &ip) == -2);
|
||||||
ASSERT(mg_check_ip_acl(mg_str("+//"), ip) == -2);
|
ASSERT(mg_check_ip_acl(mg_str("+//"), &ip) == -2);
|
||||||
ASSERT(mg_check_ip_acl(mg_str("-0.0.0.0/0"), ip) == 0);
|
ASSERT(mg_check_ip_acl(mg_str("-0.0.0.0/0"), &ip) == 0);
|
||||||
ASSERT(mg_check_ip_acl(mg_str("-0.0.0.0/0,+1.0.0.0/8"), ip) == 1);
|
ASSERT(mg_check_ip_acl(mg_str("-0.0.0.0/0,+1.0.0.0/8"), &ip) == 1);
|
||||||
ASSERT(mg_check_ip_acl(mg_str("-0.0.0.0/0,+1.2.3.4"), ip) == 1);
|
ASSERT(mg_check_ip_acl(mg_str("-0.0.0.0/0,+1.2.3.4"), &ip) == 1);
|
||||||
ASSERT(mg_check_ip_acl(mg_str("-0.0.0.0/0,+1.0.0.0/16"), ip) == 0);
|
ASSERT(mg_check_ip_acl(mg_str("-0.0.0.0/0,+1.0.0.0/16"), &ip) == 0);
|
||||||
|
ip.is_ip6 = true;
|
||||||
|
ASSERT(mg_check_ip_acl(mg_str("-0.0.0.0/0"), &ip) == -1); // not yet supported
|
||||||
}
|
}
|
||||||
|
|
||||||
static void w3(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
|
static void w3(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user