#ifndef HTTPD_POLICY_H #define HTTPD_POLICY_H #include "opt_policy.h" #define HTTPD_POLICY__PATH_LIM_FULL 0 #define HTTPD_POLICY__PATH_LIM_BEG 1 #define HTTPD_POLICY__PATH_LIM_END 2 #define HTTPD_POLICY__PATH_LIM_EQ 3 #define HTTPD_POLICY__PATH_LIM_MASK 3 #define HTTPD_POLICY_PATH_LIM_NONE 0 #define HTTPD_POLICY_PATH_LIM_PATH_FULL (0x4 | HTTPD_POLICY__PATH_LIM_FULL) #define HTTPD_POLICY_PATH_LIM_PATH_BEG (0x4 | HTTPD_POLICY__PATH_LIM_BEG) #define HTTPD_POLICY_PATH_LIM_PATH_END (0x4 | HTTPD_POLICY__PATH_LIM_END) #define HTTPD_POLICY_PATH_LIM_PATH_EQ (0x4 | HTTPD_POLICY__PATH_LIM_EQ) #define HTTPD_POLICY_PATH_LIM_NAME_FULL (0x8 | HTTPD_POLICY__PATH_LIM_FULL) #define HTTPD_POLICY_PATH_LIM_NAME_BEG (0x8 | HTTPD_POLICY__PATH_LIM_BEG) #define HTTPD_POLICY_PATH_LIM_NAME_END (0x8 | HTTPD_POLICY__PATH_LIM_END) #define HTTPD_POLICY_PATH_LIM_NAME_EQ (0x8 | HTTPD_POLICY__PATH_LIM_EQ) #define HTTPD_POLICY_PATH_LIM_EXTN_FULL (0xc | HTTPD_POLICY__PATH_LIM_FULL) #define HTTPD_POLICY_PATH_LIM_EXTN_BEG (0xc | HTTPD_POLICY__PATH_LIM_BEG) #define HTTPD_POLICY_PATH_LIM_EXTN_END (0xc | HTTPD_POLICY__PATH_LIM_END) #define HTTPD_POLICY_PATH_LIM_EXTN_EQ (0xc | HTTPD_POLICY__PATH_LIM_EQ) #define HTTPD_POLICY_PATH_LIM_EXTS_FULL (0x14 | HTTPD_POLICY__PATH_LIM_FULL) #define HTTPD_POLICY_PATH_LIM_EXTS_BEG (0x14 | HTTPD_POLICY__PATH_LIM_BEG) #define HTTPD_POLICY_PATH_LIM_EXTS_END (0x14 | HTTPD_POLICY__PATH_LIM_END) #define HTTPD_POLICY_PATH_LIM_EXTS_EQ (0x14 | HTTPD_POLICY__PATH_LIM_EQ) #define HTTPD_POLICY_PATH_LIM_BWEN_FULL (0x18 | HTTPD_POLICY__PATH_LIM_FULL) #define HTTPD_POLICY_PATH_LIM_BWEN_BEG (0x18 | HTTPD_POLICY__PATH_LIM_BEG) #define HTTPD_POLICY_PATH_LIM_BWEN_END (0x18 | HTTPD_POLICY__PATH_LIM_END) #define HTTPD_POLICY_PATH_LIM_BWEN_EQ (0x18 | HTTPD_POLICY__PATH_LIM_EQ) #define HTTPD_POLICY_PATH_LIM_BWES_FULL (0x1c | HTTPD_POLICY__PATH_LIM_FULL) #define HTTPD_POLICY_PATH_LIM_BWES_BEG (0x1c | HTTPD_POLICY__PATH_LIM_BEG) #define HTTPD_POLICY_PATH_LIM_BWES_END (0x1c | HTTPD_POLICY__PATH_LIM_END) #define HTTPD_POLICY_PATH_LIM_BWES_EQ (0x1c | HTTPD_POLICY__PATH_LIM_EQ) /* choosing (1024) as a offset ... kinda hackyish */ #define HTTPD_POLICY_REQ_PATH_BEG (1024 + 0) #define HTTPD_POLICY_REQ_PATH_END (1024 + 1) #define HTTPD_POLICY_REQ_PATH_EQ (1024 + 2) #define HTTPD_POLICY_REQ_NAME_BEG (1024 + 3) #define HTTPD_POLICY_REQ_NAME_END (1024 + 4) #define HTTPD_POLICY_REQ_NAME_EQ (1024 + 5) #define HTTPD_POLICY_REQ_BWEN_BEG (1024 + 6) #define HTTPD_POLICY_REQ_BWEN_END (1024 + 7) #define HTTPD_POLICY_REQ_BWEN_EQ (1024 + 8) #define HTTPD_POLICY_REQ_BWES_BEG (1024 + 9) #define HTTPD_POLICY_REQ_BWES_END (1024 + 10) #define HTTPD_POLICY_REQ_BWES_EQ (1024 + 11) #define HTTPD_POLICY_REQ_EXTN_BEG (1024 + 12) #define HTTPD_POLICY_REQ_EXTN_END (1024 + 13) #define HTTPD_POLICY_REQ_EXTN_EQ (1024 + 14) #define HTTPD_POLICY_REQ_EXTS_BEG (1024 + 15) #define HTTPD_POLICY_REQ_EXTS_END (1024 + 16) #define HTTPD_POLICY_REQ_EXTS_EQ (1024 + 17) typedef struct Httpd_policy_path { Vstr_base *s1; void (*ref_func)(Vstr_ref *); } Httpd_policy_path; extern void httpd_policy_change_con(struct Con *, const Httpd_policy_opts *); extern void httpd_policy_change_req(Httpd_req_data *, const Httpd_policy_opts *); extern int httpd_policy_build_path(struct Con *, Httpd_req_data *, const Conf_parse *, Conf_token *, int *, int *); extern int httpd_policy_path_make(struct Con *con, Httpd_req_data *req, Conf_parse *, Conf_token *, unsigned int, Vstr_ref **); extern int httpd_policy_path_eq(const Vstr_base *, const Vstr_base *, size_t *, size_t *); extern int httpd_policy_path_beg_eq(const Vstr_base *, const Vstr_base *, size_t *, size_t *); extern int httpd_policy_path_end_eq(const Vstr_base *, const Vstr_base *, size_t *, size_t *); extern void httpd_policy_path_mod_name(const Vstr_base *, size_t *, size_t *); extern void httpd_policy_path_mod_dirn(const Vstr_base *, size_t *, size_t *); extern void httpd_policy_path_mod_extn(const Vstr_base *, size_t *, size_t *); extern void httpd_policy_path_mod_exts(const Vstr_base *, size_t *, size_t *); extern void httpd_policy_path_mod_bwen(const Vstr_base *, size_t *, size_t *); extern void httpd_policy_path_mod_bwes(const Vstr_base *, size_t *, size_t *); extern int httpd_policy_path_lim_eq(const Vstr_base *, size_t *, size_t *, unsigned int, size_t, Vstr_ref *); extern int httpd_policy_uri_eq(const Vstr_base *, const Vstr_base *, size_t *, size_t *); extern int httpd_policy_uri_beg_eq(const Vstr_base *, const Vstr_base *, size_t *, size_t *); extern int httpd_policy_uri_end_eq(const Vstr_base *, const Vstr_base *, size_t *, size_t *); extern void httpd_policy_uri_mod_name(const Vstr_base *, size_t *, size_t *); extern void httpd_policy_uri_mod_dirn(const Vstr_base *, size_t *, size_t *); extern void httpd_policy_uri_mod_extn(const Vstr_base *, size_t *, size_t *); extern void httpd_policy_uri_mod_exts(const Vstr_base *, size_t *, size_t *); extern void httpd_policy_uri_mod_bwen(const Vstr_base *, size_t *, size_t *); extern void httpd_policy_uri_mod_bwes(const Vstr_base *, size_t *, size_t *); extern int httpd_policy_uri_lim_eq(const Vstr_base *, size_t *, size_t *, unsigned int, int, Vstr_ref *); extern int httpd_policy_path_req2lim(unsigned int); extern int httpd_policy_ipv4_make(struct Con *, Httpd_req_data *, Conf_parse *, Conf_token *, unsigned int, struct sockaddr *, int *); extern int httpd_policy_ipv4_cidr_eq(struct Con *, Httpd_req_data *, Opt_policy_ipv4 *, struct sockaddr *); extern void httpd_policy_exit(Httpd_policy_opts *); extern int httpd_policy_init(Httpd_opts *, Httpd_policy_opts *); extern Opt_serv_policy_opts *httpd_policy_make(Opt_serv_opts *); extern int httpd_policy_copy(Opt_serv_policy_opts *, const Opt_serv_policy_opts *); #if !defined(HTTPD_POLICY_COMPILE_INLINE) # ifdef VSTR_AUTOCONF_NDEBUG # define HTTPD_POLICY_COMPILE_INLINE 1 # else # define HTTPD_POLICY_COMPILE_INLINE 0 # endif #endif #if defined(VSTR_AUTOCONF_HAVE_INLINE) && HTTPD_POLICY_COMPILE_INLINE #ifndef VSTR_AUTOCONF_NDEBUG # define HTTPD_POLICY__ASSERT ASSERT #else # define HTTPD_POLICY__ASSERT(x) #endif #define HTTPD_POLICY__TRUE 1 #define HTTPD_POLICY__FALSE 0 extern inline void httpd_policy_change_con(struct Con *con, const Httpd_policy_opts *policy) { con->use_sendfile = policy->use_sendfile; con->use_posix_fadvise = policy->use_posix_fadvise; con->policy = policy; } extern inline void httpd_policy_change_req(Httpd_req_data *req, const Httpd_policy_opts *policy) { req->parse_accept = policy->use_err_406; req->parse_accept_language = policy->use_err_406; req->allow_accept_encoding = policy->use_enc_content_replacement; if (req->vhost_prefix_len && !policy->use_vhosts_name) { /* NOTE: doesn't do chk_host properly */ vstr_del(req->fname, 1, req->vhost_prefix_len); req->vhost_prefix_len = 0; } if (!req->chked_encoded_path) { req->chk_encoded_slash = policy->chk_encoded_slash; req->chk_encoded_dot = policy->chk_encoded_dot; } req->policy = policy; } extern inline int httpd_policy_path_eq(const Vstr_base *s1, const Vstr_base *s2, size_t *p2, size_t *l2) { return (vstr_cmp_eq(s1, 1, s1->len, s2, *p2, *l2)); } /* if the s1 is equal to the begining of s2 */ extern inline int httpd_policy_path_beg_eq(const Vstr_base *s1, const Vstr_base *s2, size_t *p2, size_t *l2) { if (*l2 > s1->len) *l2 = s1->len; return (vstr_cmp_eq(s1, 1, s1->len, s2, *p2, *l2)); } /* if the s1 is equal to the end of s2 */ extern inline int httpd_policy_path_end_eq(const Vstr_base *s1, const Vstr_base *s2, size_t *p2, size_t *l2) { if (*l2 > s1->len) { *p2 += (*l2 - s1->len); *l2 = s1->len; } return (vstr_cmp_eq(s1, 1, s1->len, s2, *p2, *l2)); } extern inline void httpd_policy_path_mod_name(const Vstr_base *s1, size_t *pos, size_t *len) { size_t srch = vstr_srch_chr_rev(s1, *pos, *len, '/'); HTTPD_POLICY__ASSERT(srch); *len -= vstr_sc_posdiff(*pos, srch); *pos += vstr_sc_posdiff(*pos, srch); } extern inline void httpd_policy_path_mod_dirn(const Vstr_base *s1, size_t *pos, size_t *len) { size_t srch = vstr_srch_chr_rev(s1, *pos, *len, '/'); HTTPD_POLICY__ASSERT(srch); *len = vstr_sc_posdiff(*pos, srch); } extern inline void httpd_policy_path_mod_extn(const Vstr_base *s1, size_t *pos, size_t *len) { size_t srch = 0; httpd_policy_path_mod_name(s1, pos, len); if ((srch = vstr_srch_chr_rev(s1, *pos, *len, '.'))) { /* include '.' */ *len -= srch - *pos; *pos = srch; } else { /* at point just after basename */ *pos = vstr_sc_poslast(*pos, *len); *len = 0; } } extern inline void httpd_policy_path_mod_exts(const Vstr_base *s1, size_t *pos, size_t *len) { size_t srch = 0; httpd_policy_path_mod_name(s1, pos, len); if ((srch = vstr_srch_chr_fwd(s1, *pos, *len, '.'))) { /* include '.' */ *len -= srch - *pos; *pos = srch; } else { /* at point just after basename */ *pos = vstr_sc_poslast(*pos, *len); *len = 0; } } extern inline void httpd_policy_path_mod_bwen(const Vstr_base *s1, size_t *pos, size_t *len) { size_t srch = 0; httpd_policy_path_mod_name(s1, pos, len); if ((srch = vstr_srch_chr_rev(s1, *pos, *len, '.'))) *len = vstr_sc_posdiff(*pos, srch) - 1; /* don't include '.' */ } extern inline void httpd_policy_path_mod_bwes(const Vstr_base *s1, size_t *pos, size_t *len) { size_t srch = 0; httpd_policy_path_mod_name(s1, pos, len); if ((srch = vstr_srch_chr_fwd(s1, *pos, *len, '.'))) *len = vstr_sc_posdiff(*pos, srch) - 1; /* don't include '.' */ } extern inline int httpd_policy_path_lim_eq(const Vstr_base *s1, size_t *pos, size_t *len, unsigned int lim, size_t vhost_prefix_len, Vstr_ref *ref) { const Httpd_policy_path *srch = NULL; if (lim == HTTPD_POLICY_PATH_LIM_NONE) return (HTTPD_POLICY__TRUE); *len -= vhost_prefix_len; *pos += vhost_prefix_len; switch (lim) { default: HTTPD_POLICY__ASSERT(HTTPD_POLICY__FALSE); case HTTPD_POLICY_PATH_LIM_PATH_FULL: case HTTPD_POLICY_PATH_LIM_PATH_BEG: case HTTPD_POLICY_PATH_LIM_PATH_END: case HTTPD_POLICY_PATH_LIM_PATH_EQ: break; case HTTPD_POLICY_PATH_LIM_NAME_FULL: case HTTPD_POLICY_PATH_LIM_NAME_BEG: case HTTPD_POLICY_PATH_LIM_NAME_END: case HTTPD_POLICY_PATH_LIM_NAME_EQ: httpd_policy_path_mod_name(s1, pos, len); break; case HTTPD_POLICY_PATH_LIM_EXTN_FULL: case HTTPD_POLICY_PATH_LIM_EXTN_BEG: case HTTPD_POLICY_PATH_LIM_EXTN_END: case HTTPD_POLICY_PATH_LIM_EXTN_EQ: httpd_policy_path_mod_extn(s1, pos, len); break; case HTTPD_POLICY_PATH_LIM_EXTS_FULL: case HTTPD_POLICY_PATH_LIM_EXTS_BEG: case HTTPD_POLICY_PATH_LIM_EXTS_END: case HTTPD_POLICY_PATH_LIM_EXTS_EQ: httpd_policy_path_mod_exts(s1, pos, len); break; case HTTPD_POLICY_PATH_LIM_BWEN_FULL: case HTTPD_POLICY_PATH_LIM_BWEN_BEG: case HTTPD_POLICY_PATH_LIM_BWEN_END: case HTTPD_POLICY_PATH_LIM_BWEN_EQ: httpd_policy_path_mod_bwen(s1, pos, len); break; case HTTPD_POLICY_PATH_LIM_BWES_FULL: case HTTPD_POLICY_PATH_LIM_BWES_BEG: case HTTPD_POLICY_PATH_LIM_BWES_END: case HTTPD_POLICY_PATH_LIM_BWES_EQ: httpd_policy_path_mod_bwes(s1, pos, len); break; } if ((lim & HTTPD_POLICY__PATH_LIM_MASK) == HTTPD_POLICY__PATH_LIM_FULL) return (HTTPD_POLICY__TRUE); HTTPD_POLICY__ASSERT(ref); srch = ref->ptr; if (0) { } else if ((lim & HTTPD_POLICY__PATH_LIM_MASK) == HTTPD_POLICY__PATH_LIM_BEG) { if (!httpd_policy_path_beg_eq(srch->s1, s1, pos, len)) goto path_no_match; } else if ((lim & HTTPD_POLICY__PATH_LIM_MASK) == HTTPD_POLICY__PATH_LIM_END) { if (!httpd_policy_path_end_eq(srch->s1, s1, pos, len)) goto path_no_match; } else if ((lim & HTTPD_POLICY__PATH_LIM_MASK) == HTTPD_POLICY__PATH_LIM_EQ) { if (!httpd_policy_path_eq(srch->s1, s1, pos, len)) goto path_no_match; } else HTTPD_POLICY__ASSERT(HTTPD_POLICY__FALSE); vstr_ref_del(ref); ref = NULL; return (HTTPD_POLICY__TRUE); path_no_match: vstr_ref_del(ref); ref = NULL; return (HTTPD_POLICY__FALSE); } static inline int httpd_policy__uri_eq(const Vstr_base *s1, const Vstr_base *s2, size_t p2, size_t l2, size_t *ret_len) { size_t p1 = 1; size_t l1 = s1->len; while (l1 && (l2 >= l1)) { size_t tmp = vstr_cspn_cstr_chrs_fwd(s2, p2, l1, "%"); unsigned int val1 = 0; unsigned int val2 = 0; unsigned int num_flags = VSTR_FLAG02(PARSE_NUM_NO, BEG_ZERO, BEG_PM); if (tmp) { if (!vstr_cmp_eq(s1, p1, tmp, s2, p2, tmp)) return (HTTPD_POLICY__FALSE); l1 -= tmp; p1 += tmp; l2 -= tmp; p2 += tmp; continue; } if (l2 < 3) return (HTTPD_POLICY__FALSE); HTTPD_POLICY__ASSERT(vstr_export_chr(s2, p2) == '%'); val1 = (unsigned char)vstr_export_chr(s1, p1); val2 = vstr_parse_ushort(s2, p2 + 1, 2, 16 | num_flags, &tmp, NULL); if ((tmp != 2) || (val1 != val2)) return (HTTPD_POLICY__FALSE); l1 -= 1; p1 += 1; l2 -= 3; p2 += 3; } *ret_len = l2; return (!l1); } extern inline int httpd_policy_uri_eq(const Vstr_base *s1, const Vstr_base *s2, size_t *p2, size_t *l2) { size_t tmp = 0; return (httpd_policy__uri_eq(s1, s2, *p2, *l2, &tmp) && !tmp); } /* if the s1 is equal to the begining of s2 */ extern inline int httpd_policy_uri_beg_eq(const Vstr_base *s1, const Vstr_base *s2, size_t *p2, size_t *l2) { size_t tmp = 0; if (!httpd_policy__uri_eq(s1, s2, *p2, *l2, &tmp)) return (HTTPD_POLICY__FALSE); if (tmp) *l2 -= tmp; return (HTTPD_POLICY__TRUE); } /* if the s1 is equal to the end of s2 */ extern inline int httpd_policy_uri_end_eq(const Vstr_base *s1, const Vstr_base *s2, size_t *p2, size_t *l2) { if (!vstr_srch_chr_fwd(s2, *p2, *l2, '%')) { if (*l2 > s1->len) { *p2 += (*l2 - s1->len); *l2 = s1->len; } return (vstr_cmp_eq(s1, 1, s1->len, s2, *p2, *l2)); } if (*l2 > (s1->len * 3)) { *p2 += (*l2 - (s1->len * 3)); *l2 = (s1->len * 3); } while (*l2 >= s1->len) { size_t tmp = 0; if (httpd_policy__uri_eq(s1, s2, *p2, *l2, &tmp) && !tmp) return (HTTPD_POLICY__TRUE); *l2 -= 1; *p2 += 1; } return (HTTPD_POLICY__FALSE); } extern inline void httpd_policy_uri_mod_name(const Vstr_base *s1, size_t *pos, size_t *len) { size_t srch1 = vstr_srch_chr_rev(s1, *pos, *len, '/'); size_t srch2 = vstr_srch_case_cstr_buf_rev(s1, *pos, *len, "%2f"); HTTPD_POLICY__ASSERT(srch1); if (srch1 < srch2) srch1 = srch2 + 2; *len -= vstr_sc_posdiff(*pos, srch1); *pos += vstr_sc_posdiff(*pos, srch1); } extern inline void httpd_policy_uri_mod_dirn(const Vstr_base *s1, size_t *pos, size_t *len) { size_t srch1 = vstr_srch_chr_rev(s1, *pos, *len, '/'); size_t srch2 = vstr_srch_case_cstr_buf_rev(s1, *pos, *len, "%2f"); HTTPD_POLICY__ASSERT(srch1); if (srch1 < srch2) srch1 = srch2 + 2; *len = vstr_sc_posdiff(*pos, srch1); } extern inline void httpd_policy_uri_mod_extn(const Vstr_base *s1, size_t *pos, size_t *len) { size_t srch1 = 0; size_t srch2 = 0; httpd_policy_uri_mod_name(s1, pos, len); srch1 = vstr_srch_chr_rev(s1, *pos, *len, '.'); srch2 = vstr_srch_case_cstr_buf_rev(s1, *pos, *len, "%2e"); if (srch1 < srch2) srch1 = srch2; if (srch1) { /* include '.' or "%2e" */ *len -= srch1 - *pos; *pos = srch1; } else { /* at point just after basename */ *pos = vstr_sc_poslast(*pos, *len); *len = 0; } } extern inline void httpd_policy_uri_mod_exts(const Vstr_base *s1, size_t *pos, size_t *len) { size_t srch1 = 0; size_t srch2 = 0; httpd_policy_uri_mod_name(s1, pos, len); srch1 = vstr_srch_chr_fwd(s1, *pos, *len, '.'); srch2 = vstr_srch_case_cstr_buf_fwd(s1, *pos, *len, "%2e"); if (srch1 > srch2) srch1 = srch2; if (srch1) { /* include '.' or "%2e" */ *len -= srch1 - *pos; *pos = srch1; } else { /* at point just after basename */ *pos = vstr_sc_poslast(*pos, *len); *len = 0; } } extern inline void httpd_policy_uri_mod_bwen(const Vstr_base *s1, size_t *pos, size_t *len) { size_t srch1 = 0; size_t srch2 = 0; unsigned int num = 1; httpd_policy_uri_mod_name(s1, pos, len); srch1 = vstr_srch_chr_rev(s1, *pos, *len, '.'); srch2 = vstr_srch_case_cstr_buf_rev(s1, *pos, *len, "%2e"); if (srch1 < srch2) { srch1 = srch2; num = 3; } if (srch1) *len = vstr_sc_posdiff(*pos, srch1) - num; /* don't include '.' */ } extern inline void httpd_policy_uri_mod_bwes(const Vstr_base *s1, size_t *pos, size_t *len) { size_t srch1 = 0; size_t srch2 = 0; unsigned int num = 1; httpd_policy_uri_mod_name(s1, pos, len); srch1 = vstr_srch_chr_fwd(s1, *pos, *len, '.'); srch2 = vstr_srch_case_cstr_buf_fwd(s1, *pos, *len, "%2e"); if (srch1 > srch2) { srch1 = srch2; num = 3; } if (srch1) *len = vstr_sc_posdiff(*pos, srch1) - num; /* don't include '.' */ } extern inline int httpd_policy_uri_lim_eq(const Vstr_base *s1, size_t *pos, size_t *len, unsigned int lim, int slash_dot_safe, Vstr_ref *ref) { const Httpd_policy_path *srch = NULL; switch (lim) { default: HTTPD_POLICY__ASSERT(HTTPD_POLICY__FALSE); case HTTPD_POLICY_PATH_LIM_NONE: HTTPD_POLICY__ASSERT(!ref); return (HTTPD_POLICY__TRUE); case HTTPD_POLICY_PATH_LIM_PATH_FULL: case HTTPD_POLICY_PATH_LIM_PATH_BEG: case HTTPD_POLICY_PATH_LIM_PATH_END: case HTTPD_POLICY_PATH_LIM_PATH_EQ: break; case HTTPD_POLICY_PATH_LIM_NAME_FULL: case HTTPD_POLICY_PATH_LIM_NAME_BEG: case HTTPD_POLICY_PATH_LIM_NAME_END: case HTTPD_POLICY_PATH_LIM_NAME_EQ: if (slash_dot_safe) httpd_policy_path_mod_name(s1, pos, len); else httpd_policy_uri_mod_name(s1, pos, len); break; case HTTPD_POLICY_PATH_LIM_EXTN_FULL: case HTTPD_POLICY_PATH_LIM_EXTN_BEG: case HTTPD_POLICY_PATH_LIM_EXTN_END: case HTTPD_POLICY_PATH_LIM_EXTN_EQ: if (slash_dot_safe) httpd_policy_path_mod_extn(s1, pos, len); else httpd_policy_uri_mod_extn(s1, pos, len); break; case HTTPD_POLICY_PATH_LIM_EXTS_FULL: case HTTPD_POLICY_PATH_LIM_EXTS_BEG: case HTTPD_POLICY_PATH_LIM_EXTS_END: case HTTPD_POLICY_PATH_LIM_EXTS_EQ: if (slash_dot_safe) httpd_policy_path_mod_exts(s1, pos, len); else httpd_policy_uri_mod_exts(s1, pos, len); break; case HTTPD_POLICY_PATH_LIM_BWEN_FULL: case HTTPD_POLICY_PATH_LIM_BWEN_BEG: case HTTPD_POLICY_PATH_LIM_BWEN_END: case HTTPD_POLICY_PATH_LIM_BWEN_EQ: if (slash_dot_safe) httpd_policy_path_mod_bwen(s1, pos, len); else httpd_policy_uri_mod_bwen(s1, pos, len); break; case HTTPD_POLICY_PATH_LIM_BWES_FULL: case HTTPD_POLICY_PATH_LIM_BWES_BEG: case HTTPD_POLICY_PATH_LIM_BWES_END: case HTTPD_POLICY_PATH_LIM_BWES_EQ: if (slash_dot_safe) httpd_policy_path_mod_bwes(s1, pos, len); else httpd_policy_uri_mod_bwes(s1, pos, len); break; } if ((lim & HTTPD_POLICY__PATH_LIM_MASK) == HTTPD_POLICY__PATH_LIM_FULL) { HTTPD_POLICY__ASSERT(!ref); return (HTTPD_POLICY__TRUE); } HTTPD_POLICY__ASSERT(ref); srch = ref->ptr; if (0) { } else if ((lim & HTTPD_POLICY__PATH_LIM_MASK) == HTTPD_POLICY__PATH_LIM_BEG) { if (!httpd_policy_uri_beg_eq(srch->s1, s1, pos, len)) goto path_no_match; } else if ((lim & HTTPD_POLICY__PATH_LIM_MASK) == HTTPD_POLICY__PATH_LIM_END) { if (!httpd_policy_uri_end_eq(srch->s1, s1, pos, len)) goto path_no_match; } else if ((lim & HTTPD_POLICY__PATH_LIM_MASK) == HTTPD_POLICY__PATH_LIM_EQ) { if (!httpd_policy_uri_eq(srch->s1, s1, pos, len)) goto path_no_match; } else HTTPD_POLICY__ASSERT(HTTPD_POLICY__FALSE); vstr_ref_del(ref); ref = NULL; return (HTTPD_POLICY__TRUE); path_no_match: vstr_ref_del(ref); ref = NULL; return (HTTPD_POLICY__FALSE); } extern inline int httpd_policy_path_req2lim(unsigned int type) { unsigned int lim = HTTPD_POLICY_PATH_LIM_NONE; switch (type) { case HTTPD_POLICY_REQ_PATH_BEG: lim = HTTPD_POLICY_PATH_LIM_PATH_BEG; break; case HTTPD_POLICY_REQ_PATH_END: lim = HTTPD_POLICY_PATH_LIM_PATH_END; break; case HTTPD_POLICY_REQ_PATH_EQ: lim = HTTPD_POLICY_PATH_LIM_PATH_EQ; break; case HTTPD_POLICY_REQ_NAME_BEG: lim = HTTPD_POLICY_PATH_LIM_NAME_BEG; break; case HTTPD_POLICY_REQ_NAME_END: lim = HTTPD_POLICY_PATH_LIM_NAME_END; break; case HTTPD_POLICY_REQ_NAME_EQ: lim = HTTPD_POLICY_PATH_LIM_NAME_EQ; break; case HTTPD_POLICY_REQ_BWEN_BEG: lim = HTTPD_POLICY_PATH_LIM_BWEN_BEG; break; case HTTPD_POLICY_REQ_BWEN_END: lim = HTTPD_POLICY_PATH_LIM_BWEN_END; break; case HTTPD_POLICY_REQ_BWEN_EQ: lim = HTTPD_POLICY_PATH_LIM_BWEN_EQ; break; case HTTPD_POLICY_REQ_BWES_BEG: lim = HTTPD_POLICY_PATH_LIM_BWES_BEG; break; case HTTPD_POLICY_REQ_BWES_END: lim = HTTPD_POLICY_PATH_LIM_BWES_END; break; case HTTPD_POLICY_REQ_BWES_EQ: lim = HTTPD_POLICY_PATH_LIM_BWES_EQ; break; case HTTPD_POLICY_REQ_EXTN_BEG: lim = HTTPD_POLICY_PATH_LIM_EXTN_BEG; break; case HTTPD_POLICY_REQ_EXTN_END: lim = HTTPD_POLICY_PATH_LIM_EXTN_END; break; case HTTPD_POLICY_REQ_EXTN_EQ: lim = HTTPD_POLICY_PATH_LIM_EXTN_EQ; break; case HTTPD_POLICY_REQ_EXTS_BEG: lim = HTTPD_POLICY_PATH_LIM_EXTS_BEG; break; case HTTPD_POLICY_REQ_EXTS_END: lim = HTTPD_POLICY_PATH_LIM_EXTS_END; break; case HTTPD_POLICY_REQ_EXTS_EQ: lim = HTTPD_POLICY_PATH_LIM_EXTS_EQ; break; default: HTTPD_POLICY__ASSERT(HTTPD_POLICY__FALSE); } return (lim); } extern inline int httpd_policy_ipv4_make(struct Con *con, Httpd_req_data *req, Conf_parse *conf, Conf_token *token, unsigned int type, struct sockaddr *sa, int *matches) { HTTPD_POLICY__ASSERT(con); if (sa == EVNT_SA(con->evnt)) { if (req) req->vary_star = HTTPD_POLICY__TRUE; else con->vary_star = HTTPD_POLICY__TRUE; } return (opt_policy_ipv4_make(conf, token, type, sa, matches)); } extern inline int httpd_policy_ipv4_cidr_eq(struct Con *con,Httpd_req_data *req, Opt_policy_ipv4 *ipv4, struct sockaddr *sa) { HTTPD_POLICY__ASSERT(con); if (sa == EVNT_SA(con->evnt)) { if (req) req->vary_star = HTTPD_POLICY__TRUE; else con->vary_star = HTTPD_POLICY__TRUE; } return (opt_policy_ipv4_cidr_eq(ipv4, sa)); } #endif #endif