📄 mod_authnz_pro.c
字号:
else fprintf(stderr,"\n -----------------sslconn is not null !!!-------------- \n"); #endif //获取X509证书. #ifdef DEBUG fprintf(stderr,"\n -----------------cert_begin-print-------------- \n"); #endif client_cert = sslconn ->client_cert; #ifdef DEBUG fprintf(stderr,"\n client_cert->x509->name=%s \n", client_cert->name); fprintf(stderr,"\n -----------------cert_end-print-------------- \n"); #endif //ssl = sslconn->ssl; if (sslconn->disabled) { #ifdef DEBUG fprintf(stderr,"\n -----------------sslconn->disabled !!!-------------- \n"); #endif return NULL; } #ifdef DEBUG else fprintf(stderr,"\n -----------------sslconn is abled !!!-------------- \n"); #endif } } return client_cert;}static char *post_type(const char *url){ char *ptr = strstr(url, "GET"); if (ptr != NULL) return "GET"; ptr = strstr(url, "POST"); if (ptr != NULL) return "POST"; return "OTHER";}/** * char *get_http_url()函数:查找HTTP请求的URL. * request_rec *r: 客户端请求 * int filter_key: 过滤类型(0:HTTP,1:HTTPS) * 返回:NULL:没有找到. 不等于NULL,找到的HTTP URL字符串 * */static char *get_http_url(request_rec *r,const int filter_key){ int i; int rtn_flag = 0; char *buf,*ptr=NULL,*sub_begin,*sub_end,sub_url[1024],the_url[1024]; sub_begin = strstr(r->the_request, "/"); sub_end = strstr(r->the_request, "HTTP/"); memset(sub_url,'\0',sizeof(sub_url)); memset(the_url,'\0',sizeof(the_url)); if ((sub_begin!=NULL) ) { i = 0; sub_begin++; while (sub_end>sub_begin) { if (*sub_begin == ' ') { sub_url[i] = '\0'; break; } sub_url[i] = *sub_begin; sub_begin++; i++; } } fprintf(stderr,"\n SUB URL=[%s]\n", sub_url); if (r->headers_in) { apr_table_entry_t *elts = (apr_table_entry_t *)apr_table_elts(r->headers_in)->elts; #ifdef DEBUG fprintf(stderr,"\n -----------------headers_in begin--------------- \n"); #endif for (i = 0; i < apr_table_elts(r->headers_in)->nelts; ++i) { if (elts[i].key != NULL) { buf = apr_pstrcat(r->pool, elts[i].key, ": ", elts[i].val, CRLF, NULL); if (buf == NULL) continue; if (filter_key) { ptr = strstr(buf,"https://"); } else { ptr = strstr(buf,"http://"); fprintf(stderr,"\n HTTP OK OK"); } if (ptr != NULL) { int j=0,k=0; while (ptr[j] != '\0') { //fprintf(stderr,"\n HTTPS key= %d,%d,%c \n",k,ptr[j],ptr[j]); the_url[k] = ptr[j]; j++; k++; } //去掉两个UFO k--; k--; j=0; while (sub_url[j] != '\0') { // fprintf(stderr,"\n HTTPS key= %d,%d,%c \n",k,sub_url[j],sub_url[j]); the_url[k] = sub_url[j]; j++; k++; } j =0; /** if (r->filename != NULL) { while (r->filename[j] != '\0') { the_url[k] = r->filename[j]; j++; k++; } } **/ the_url[k] = '\0'; fprintf(stderr,"\n HTTPS= %s \n",the_url); ptr = the_url; break; } #ifdef DEBUG fprintf(stderr,"\n HTTP-header= %s \n",buf); #endif } } #ifdef DEBUG fprintf(stderr,"\n -----------------headers_in end--------------- \n"); #endif } if ((ptr == NULL) && (strlen(sub_url) > 0)) { rtn_flag = 0; if ((check_is_ssl(r)==0)) { rtn_flag = 1;//HTTPS strcpy(the_url,"https://"); } else { rtn_flag = 0;//HTTP strcpy(the_url,"http://"); } strcat(the_url, r->hostname); strcat(the_url, "/"); strcat(the_url, sub_url); ptr = the_url; if (filter_key && rtn_flag){ return ptr; }else if ((!filter_key) && (!rtn_flag)) { return ptr; } else { return NULL; } fprintf(stderr,"\n other HTTP= %s \n",ptr); } if ((ptr == NULL) && (check_is_ssl(r)==0)) { rtn_flag =1; strcpy(the_url,"https://"); strcat(the_url, r->hostname); strcat(the_url, "/"); ptr = the_url; fprintf(stderr,"\n other SSL URL=%s \n", ptr); if (filter_key) { return ptr; }else { return NULL; } }else if ((ptr == NULL) && (check_is_ssl(r) != 0)) { rtn_flag = 0; //HTTP的 strcpy(the_url,"http://"); strcat(the_url, r->hostname); strcat(the_url, "/"); ptr = the_url; fprintf(stderr,"\n other SSL URL=%s \n", ptr); if (!filter_key) { return ptr; }else { return NULL; } } return ptr;}/** * void ap_send_response()函数 * request_rec *r:请求 * char *str_url: 跳转结构体 * */static void ap_send_response(request_rec *r, char *str_url){ apr_table_setn(r->headers_out, "Http", "302"); apr_table_setn(r->headers_out, "Location", str_url); r->status = HTTP_TEMPORARY_REDIRECT; //说明: ap_send_error_response()函数会先去查找r->headers_out中"Location"的URL ap_send_error_response(r, 0); ap_update_child_status(r->connection->sbh, SERVER_IDLE_KILL, r); ap_run_log_transaction(r); r->connection->aborted= 0; }/** * void goto_error()函数:跳转错误处理 * request_rec *r :客户端请求 * 返回:void * */#define GOTO_403#ifdef GOTO_403static void goto_error(request_rec *r){ //只接返回APACHE禁止页面[用户不友好] if (r->main) r->main->connection->aborted=0; ap_send_response(r, FORB_ERROR_PAGE); }#endif#ifdef GOTO_500void goto_error(request_rec *r){ //错误的URL,返回500错误,然后在HTTPD.conf中配置好500的跳转.[效率不好] char *location = "----"; r->status = HTTP_OK; r->method = apr_pstrdup(r->pool, "GET"); r->method_number = M_GET; ap_internal_redirect_handler(location, r); ap_update_child_status(r->connection->sbh, SERVER_IDLE_KILL, r);}#endif#ifdef GOTO_404void goto_error(request_rec *r){ //由于PROXY 模块的干扰,一下会产生一个页面找不到的异常404. if (r->proxyreq == PROXYREQ_REVERSE) { r->filename = ""; r->handler = "text/plain"; r->uri = ""; r->unparsed_uri =""; r->proxyreq = PROXYREQ_NONE; } fprintf(stderr,"\n r->proxyreq =%d \n", r->proxyreq); apr_table_clear(r->headers_out); apr_table_setn(r->headers_out, "Http", "302"); apr_table_setn(r->headers_out, "Location", FORB_ERROR_PAGE); r->status = HTTP_TEMPORARY_REDIRECT; ap_update_child_status(r->connection->sbh, SERVER_IDLE_KILL, r); fprintf(stderr,"\n BAD URL ;rewrite url =%s \n", FORB_ERROR_PAGE);}#endif/** * void filter_https_url():函数 过滤HTTPS请求 * request_rec *r :请求 * 返回:VOID */static void filter_https_url(request_rec *r){ char str_url[1024],*url = get_http_url(r,1); strcpy(str_url,url);#ifdef DEBUG fprintf(stderr,"\n HTTP URL str_url=%s \n", str_url);#endif ini_msg(); if (url != NULL) { fprintf(stderr,"\n HTTP URL =%s \n", url); X509 *cert = getX509info(r); if (cert != NULL) { fprintf(stderr,"\n X509 cert=%s OK! \n", cert->name); char *usr_pk = check_url(cert->name, url); fprintf(stderr,"\n ----USR_ID =%s \n", usr_pk); if ((usr_pk != NULL) && (strlen(usr_pk)>0)) { //重定向到错误页面. fprintf(stderr,"\n PK=%s URL=%s PASS! \n", cert->name, url); write_log(1,cert->name, str_url, '2', " OK ", r->connection->remote_ip, post_type(r->the_request)); r->status = HTTP_OK; return; } else { if (!r->main) //只管父请求 write_log(1,cert->name, str_url, '1', "Forbidden error!", r->connection->remote_ip,post_type(r->the_request)); goto_error(r); } } else { fprintf(stderr,"\n URL非法访问! URL=%s \n", url); if (!r->main) //只管父请求 write_log(1,cert->name, str_url, '1', "Forbidden error!", r->connection->remote_ip,post_type(r->the_request)); goto_error(r); } }}/** * int check_local_url():函数:用户注册操作验证. * char *url: 请求URL * 返回:0:允许;1禁止 */static int check_local_url(char *url){ return 1;}/** * void filter_https_url():函数 过滤HTTP请求中的URL. * request_rec *r :请求 * 返回:void */static void filter_http_url(request_rec *r){ goto_error(r); }/** * int check_is_ssl()函数: 检测是否是SSL请求 * request_rec *r:请求. * 返回:0 SSL;-1HTTP; */static int check_is_ssl(request_rec *r){ SSLConnRec *sslconn = myConnConfig(r->connection); SSLSrvConfigRec *sc = mySrvConfig(r->server); SSL *ssl; if (!(sc->enabled && sslconn && (ssl = sslconn->ssl))) { // fprintf(stderr,"\n -----------------SSL headers error!--------------- \n"); return -1; }// fprintf(stderr,"\n -----------------SSL headers ok--------------- \n"); return 0;}/**** * static SSLConnRec *ssl_init_connection_ctx():函数 程序测试用 * request_rec *r:请求. * 返回: SSLConnRec或NULL */static SSLConnRec *ssl_init_connection_ctx(request_rec *r){ int i; char *buf; SSLConnRec *sslconn = myConnConfig(r->connection); SSLSrvConfigRec *sc = mySrvConfig(r->server); apr_table_t *env = r->subprocess_env; SSL *ssl; if (!(sc->enabled && sslconn && (ssl = sslconn->ssl))) { fprintf(stderr,"\n -----------------SSL headers 的没有!--------------- \n"); return NULL; } fprintf(stderr,"\n -----------------SSL headers 的有!,开始打印了!--------------- \n"); apr_table_setn(env, "HTTPS", "on"); apr_table_entry_t *elts = (apr_table_entry_t *)apr_table_elts(env)->elts; fprintf(stderr,"\n -----------------SSL headers begin--------------- \n"); for (i = 0; i < apr_table_elts(env)->nelts; ++i) { if (elts[i].key != NULL) { buf = apr_pstrcat(r->pool, elts[i].key, ": ", elts[i].val, CRLF, NULL); fprintf(stderr,"\n HTTP-header= %s \n",buf); } } return sslconn;}static int check_error(request_rec *r){return 0; }/************************************************//* * 执行顺序:本模块执行在mod_jk.so之前。 * 功能:请求认证。访问权限管理。 * 操作流程: * */static int mod_authnz_pro_method_handler (request_rec *r){ //filter_http_url(r); filter_https_url(r); fflush(stderr); return DECLINED;}/* * This function is a callback and it declares what other functions * should be called for request processing and configuration requests. * This callback function declares the Handlers for other events. */static void mod_authnz_pro_register_hooks (apr_pool_t *p){ // I think this is the call to make to register a handler for method calls (GET PUT et. al.). // We will ask to be last so that the comment has a higher tendency to // go at the end. ap_hook_handler(mod_authnz_pro_method_handler, NULL, NULL, APR_HOOK_REALLY_FIRST);}/* * Declare and populate the module's data structure. The * name of this structure ('tut1_module') is important - it * must match the name of the module. This structure is the * only "glue" between the httpd core and the module. */module AP_MODULE_DECLARE_DATA authnz_pro_module ={ // Only one callback function is provided. Real // modules will need to declare callback functions for // server/directory configuration, configuration merging // and other tasks. STANDARD20_MODULE_STUFF, NULL, NULL, NULL, NULL, NULL, mod_authnz_pro_register_hooks, /* callback for registering hooks */};⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -