Do not use main/server contexts for creating/merging configuration

Author: defanator

src/ngx_http_modsecurity_module.c

@@ -25,12 +25,9 @@
 #include <ngx_http.h>
 
 static ngx_int_t ngx_http_modsecurity_init(ngx_conf_t *cf);
-static void *ngx_http_modsecurity_create_main_conf(ngx_conf_t *cf);
 static void *ngx_http_modsecurity_create_conf(ngx_conf_t *cf);
-static char *ngx_http_modsecurity_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child);
-static char *ngx_http_modsecurity_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child);
+static char *ngx_http_modsecurity_merge_conf(ngx_conf_t *cf, void *parent, void *child);
 static void ngx_http_modsecurity_config_cleanup(void *data);
-static char *ngx_http_modsecurity_init_main_conf(ngx_conf_t *cf, void *conf);
 
 
 /*
@@ -234,31 +231,30 @@ ngx_http_modsecurity_cleanup(void *data)
 ngx_inline ngx_http_modsecurity_ctx_t *
 ngx_http_modsecurity_create_ctx(ngx_http_request_t *r)
 {
- ngx_http_modsecurity_ctx_t *ctx;
- ngx_http_modsecurity_conf_t *loc_cf = NULL;
- ngx_http_modsecurity_conf_t *cf = NULL;
- ngx_pool_cleanup_t *cln = NULL;
- ngx_str_t s;
+ ngx_str_t s;
+ ngx_pool_cleanup_t *cln;
+ ngx_http_modsecurity_ctx_t *ctx;
+ ngx_http_modsecurity_conf_t *mcf;
 
  ctx = ngx_pcalloc(r->pool, sizeof(ngx_http_modsecurity_ctx_t));
  if (ctx == NULL)
  {
  dd("failed to allocate memory for the context.");
  return NULL;
  }
- cf = ngx_http_get_module_main_conf(r, ngx_http_modsecurity_module);
- loc_cf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module);
 
- dd("creating transaction with the following rules: '%p' -- ms: '%p'", loc_cf->rules_set, cf->modsec);
+ mcf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module);
+
+ dd("creating transaction with the following rules: '%p' -- ms: '%p'", mcf->rules_set, mcf->modsec);
 
- if (loc_cf->transaction_id) {
- if (ngx_http_complex_value(r, loc_cf->transaction_id, &s) != NGX_OK) {
+ if (mcf->transaction_id) {
+ if (ngx_http_complex_value(r, mcf->transaction_id, &s) != NGX_OK) {
  return NGX_CONF_ERROR;
  }
- ctx->modsec_transaction = msc_new_transaction_with_id(cf->modsec, loc_cf->rules_set, (char *) s.data, r->connection->log);
+ ctx->modsec_transaction = msc_new_transaction_with_id(mcf->modsec, mcf->rules_set, (char *) s.data, r->connection->log);
 
  } else {
- ctx->modsec_transaction = msc_new_transaction(cf->modsec, loc_cf->rules_set, r->connection->log);
+ ctx->modsec_transaction = msc_new_transaction(mcf->modsec, mcf->rules_set, r->connection->log);
  }
 
  dd("transaction created");
@@ -437,32 +433,32 @@ static ngx_command_t ngx_http_modsecurity_commands[] = {
 
 
 static ngx_http_module_t ngx_http_modsecurity_ctx = {
- NULL,  /* preconfiguration */
- ngx_http_modsecurity_init,  /* postconfiguration */
+ NULL, /* preconfiguration */
+ ngx_http_modsecurity_init, /* postconfiguration */
 
- ngx_http_modsecurity_create_main_conf, /* create main configuration */
- ngx_http_modsecurity_init_main_conf, /* init main configuration */
+ NULL,  /* create main configuration */
+ NULL,  /* init main configuration */
 
- ngx_http_modsecurity_create_conf, /* create server configuration */
- ngx_http_modsecurity_merge_srv_conf, /* merge server configuration */
+ NULL,  /* create server configuration */
+ NULL,  /* merge server configuration */
 
- ngx_http_modsecurity_create_conf,  /* create location configuration */
- ngx_http_modsecurity_merge_loc_conf /* merge location configuration */
+ ngx_http_modsecurity_create_conf, /* create location configuration */
+ ngx_http_modsecurity_merge_conf  /* merge location configuration */
 };
 
 
 ngx_module_t ngx_http_modsecurity_module = {
  NGX_MODULE_V1,
- &ngx_http_modsecurity_ctx,  /* module context */
- ngx_http_modsecurity_commands,  /* module directives */
- NGX_HTTP_MODULE,  /* module type */
- NULL, /* init master */
- NULL, /* init module */
- NULL, /* init process */
- NULL, /* init thread */
- NULL, /* exit thread */
- NULL, /* exit process */
- NULL, /* exit master */
+ &ngx_http_modsecurity_ctx, /* module context */
+ ngx_http_modsecurity_commands, /* module directives */
+ NGX_HTTP_MODULE, /* module type */
+ NULL,  /* init master */
+ NULL,  /* init module */
+ NULL,  /* init process */
+ NULL,  /* init thread */
+ NULL,  /* exit thread */
+ NULL,  /* exit process */
+ NULL,  /* exit master */
  NGX_MODULE_V1_PADDING
 };
 
@@ -545,51 +541,15 @@ ngx_http_modsecurity_init(ngx_conf_t *cf)
 
 
 static void *
-ngx_http_modsecurity_create_main_conf(ngx_conf_t *cf)
+ngx_http_modsecurity_create_conf(ngx_conf_t *cf)
 {
- ngx_http_modsecurity_conf_t *conf;
+ ngx_pool_cleanup_t *cln;
+ ngx_http_modsecurity_conf_t *conf;
 
  ngx_log_error(NGX_LOG_NOTICE, cf->log, 0, MODSECURITY_NGINX_WHOAMI);
 
- /* ngx_pcalloc already sets all of this scructure to zeros. */
- conf = ngx_http_modsecurity_create_conf(cf);
-
- if (conf == NULL || conf == NGX_CONF_ERROR) {
- dd("failed to allocate space for the ModSecurity configuration");
- return NGX_CONF_ERROR;
- }
-
- dd ("conf crated at: '%p'", conf);
-
- /* Create our ModSecurity instace */
- conf->modsec = msc_init();
- if (conf->modsec == NULL)
- {
- dd("failed to create the ModSecurity instance");
- return NGX_CONF_ERROR;
- }
-
- /* Provide our connector information to LibModSecurity */
- msc_set_connector_info(conf->modsec, MODSECURITY_NGINX_WHOAMI);
- msc_set_log_cb(conf->modsec, ngx_http_modsecurity_log);
-
- return conf;
-}
-
-
-static char *ngx_http_modsecurity_init_main_conf(ngx_conf_t *cf, void *conf)
-{
- dd("modsec main conf init. Loaded rules:");
-
- return NGX_CONF_OK;
-}
-
-
-static void *ngx_http_modsecurity_create_conf(ngx_conf_t *cf)
-{
- ngx_pool_cleanup_t *cln = NULL;
- ngx_http_modsecurity_conf_t *conf = (ngx_http_modsecurity_conf_t *)
- ngx_pcalloc(cf->pool, sizeof(ngx_http_modsecurity_conf_t));
+ conf = (ngx_http_modsecurity_conf_t *) ngx_pcalloc(cf->pool,
+ sizeof(ngx_http_modsecurity_conf_t));
 
  if (conf == NULL)
  {
@@ -619,58 +579,30 @@ static void *ngx_http_modsecurity_create_conf(ngx_conf_t *cf)
  dd("failed to create the ModSecurity configuration cleanup");
  return NGX_CONF_ERROR;
  }
+
  cln->handler = ngx_http_modsecurity_config_cleanup;
  cln->data = conf;
 
- return conf;
-}
-
+ dd ("conf created at: '%p'", conf);
 
-static char *
-ngx_http_modsecurity_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
-{
- ngx_http_modsecurity_conf_t *p = parent;
- ngx_http_modsecurity_conf_t *c = child;
-#if defined(MODSECURITY_DDEBUG) && (MODSECURITY_DDEBUG)
- ngx_http_core_srv_conf_t *clcf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_core_module);
-#endif
- int rules;
- const char *error = NULL;
-
- dd("merging srv config [%s] - parent: '%p' child: '%p'",
- ngx_str_to_char(clcf->server_name, cf->pool), parent,
- child);
- dd(" state - parent: '%d' child: '%d'",
- (int) p->enable, (int) c->enable);
-
- ngx_conf_merge_value(c->enable, p->enable, 0);
- ngx_conf_merge_value(c->sanity_checks_enabled, p->sanity_checks_enabled, 0);
- ngx_conf_merge_ptr_value(c->transaction_id, p->transaction_id, NULL);
-
-#if defined(MODSECURITY_DDEBUG) && (MODSECURITY_DDEBUG)
- dd("PARENT RULES");
- msc_rules_dump(p->rules_set);
- dd("CHILD RULES");
- msc_rules_dump(c->rules_set);
-#endif
+ /* Create our ModSecurity instance */
+ conf->modsec = msc_init();
+ if (conf->modsec == NULL)
+ {
+ dd("failed to create the ModSecurity instance");
+ return NGX_CONF_ERROR;
+ }
 
- rules = msc_rules_merge(c->rules_set, p->rules_set, &error);
+ /* Provide our connector information to LibModSecurity */
+ msc_set_connector_info(conf->modsec, MODSECURITY_NGINX_WHOAMI);
+ msc_set_log_cb(conf->modsec, ngx_http_modsecurity_log);
 
- if (rules < 0) {
- return strdup(error);
- }
- dd(" state - this: '%d'",
- (int) c->enable);
-#if defined(MODSECURITY_DDEBUG) && (MODSECURITY_DDEBUG)
- dd("NEW CHIELD RULES");
- msc_rules_dump(c->rules_set);
-#endif
- return NGX_CONF_OK;
+ return conf;
 }
 
 
 static char *
-ngx_http_modsecurity_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
+ngx_http_modsecurity_merge_conf(ngx_conf_t *cf, void *parent, void *child)
 {
  ngx_http_modsecurity_conf_t *p = parent;
  ngx_http_modsecurity_conf_t *c = child;
@@ -704,7 +636,7 @@ ngx_http_modsecurity_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
  }
 
 #if defined(MODSECURITY_DDEBUG) && (MODSECURITY_DDEBUG)
- dd("NEW CHIELD RULES");
+ dd("NEW CHILD RULES");
  msc_rules_dump(c->rules_set);
 #endif
  return NGX_CONF_OK;