Mercurial > hg > nginx

comparison src/http/ngx_http_core_module.c @ 4495:b4379a91f9b5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Disable symlinks: added the "from=" parameter to the "disable_symlinks" directive.
author Valentin Bartenev <vbart@nginx.com>
date Mon, 27 Feb 2012 16:54:10 +0000
parents 13e09cf11d4e
children 14411ee4d89f
comparison
equal deleted inserted replaced
4494:13e09cf11d4e 4495:b4379a91f9b5
74 static ngx_int_t ngx_http_gzip_accept_encoding(ngx_str_t *ae); 74 static ngx_int_t ngx_http_gzip_accept_encoding(ngx_str_t *ae);
75 static ngx_uint_t ngx_http_gzip_quantity(u_char *p, u_char *last); 75 static ngx_uint_t ngx_http_gzip_quantity(u_char *p, u_char *last);
76 static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd, 76 static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd,
77 void *conf); 77 void *conf);
78 #endif 78 #endif
79 #if (NGX_HAVE_OPENAT)
80 static char *ngx_http_disable_symlinks(ngx_conf_t *cf, ngx_command_t *cmd,
81 void *conf);
82 #endif
79 83
80 static char *ngx_http_core_lowat_check(ngx_conf_t *cf, void *post, void *data); 84 static char *ngx_http_core_lowat_check(ngx_conf_t *cf, void *post, void *data);
81 static char *ngx_http_core_pool_size(ngx_conf_t *cf, void *post, void *data); 85 static char *ngx_http_core_pool_size(ngx_conf_t *cf, void *post, void *data);
82 86
83 static ngx_conf_post_t ngx_http_core_lowat_post = 87 static ngx_conf_post_t ngx_http_core_lowat_post =
185 static ngx_str_t ngx_http_gzip_private = ngx_string("private"); 189 static ngx_str_t ngx_http_gzip_private = ngx_string("private");
186 190
187 #endif 191 #endif
188 192
189 193
190 #if (NGX_HAVE_OPENAT)
191
192 static ngx_conf_enum_t ngx_http_core_disable_symlinks[] = {
193 { ngx_string("off"), NGX_DISABLE_SYMLINKS_OFF },
194 { ngx_string("if_not_owner"), NGX_DISABLE_SYMLINKS_NOTOWNER },
195 { ngx_string("on"), NGX_DISABLE_SYMLINKS_ON },
196 { ngx_null_string, 0 }
197 };
198
199 #endif
200
201
202 static ngx_command_t ngx_http_core_commands[] = { 194 static ngx_command_t ngx_http_core_commands[] = {
203 195
204 { ngx_string("variables_hash_max_size"), 196 { ngx_string("variables_hash_max_size"),
205 NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1, 197 NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1,
206 ngx_conf_set_num_slot, 198 ngx_conf_set_num_slot,
777 #endif 769 #endif
778 770
779 #if (NGX_HAVE_OPENAT) 771 #if (NGX_HAVE_OPENAT)
780 772
781 { ngx_string("disable_symlinks"), 773 { ngx_string("disable_symlinks"),
782 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, 774 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE12,
783 ngx_conf_set_enum_slot, 775 ngx_http_disable_symlinks,
784 NGX_HTTP_LOC_CONF_OFFSET, 776 NGX_HTTP_LOC_CONF_OFFSET,
785 offsetof(ngx_http_core_loc_conf_t, disable_symlinks), 777 0,
786 &ngx_http_core_disable_symlinks }, 778 NULL },
787 779
788 #endif 780 #endif
789 781
790 ngx_null_command 782 ngx_null_command
791 }; 783 };
2650 ngx_int_t 2642 ngx_int_t
2651 ngx_http_set_disable_symlinks(ngx_http_request_t *r, 2643 ngx_http_set_disable_symlinks(ngx_http_request_t *r,
2652 ngx_http_core_loc_conf_t *clcf, ngx_str_t *path, ngx_open_file_info_t *of) 2644 ngx_http_core_loc_conf_t *clcf, ngx_str_t *path, ngx_open_file_info_t *of)
2653 { 2645 {
2654 #if (NGX_HAVE_OPENAT) 2646 #if (NGX_HAVE_OPENAT)
2647 u_char *p;
2648 ngx_str_t from;
2649
2655 of->disable_symlinks = clcf->disable_symlinks; 2650 of->disable_symlinks = clcf->disable_symlinks;
2651
2652 if (clcf->disable_symlinks_from == NULL) {
2653 return NGX_OK;
2654 }
2655
2656 if (ngx_http_complex_value(r, clcf->disable_symlinks_from, &from)
2657 != NGX_OK)
2658 {
2659 return NGX_ERROR;
2660 }
2661
2662 if (from.len == 0
2663 || from.len > path->len
2664 || ngx_memcmp(path->data, from.data, from.len) != 0)
2665 {
2666 return NGX_OK;
2667 }
2668
2669 if (from.len == path->len) {
2670 of->disable_symlinks = NGX_DISABLE_SYMLINKS_OFF;
2671 return NGX_OK;
2672 }
2673
2674 p = path->data + from.len;
2675
2676 if (*p == '/') {
2677 of->disable_symlinks_from = from.len;
2678 return NGX_OK;
2679 }
2680
2681 p--;
2682
2683 if (*p == '/') {
2684 of->disable_symlinks_from = from.len - 1;
2685 }
2656 #endif 2686 #endif
2657 2687
2658 return NGX_OK; 2688 return NGX_OK;
2659 } 2689 }
2660 2690
3387 #endif 3417 #endif
3388 #endif 3418 #endif
3389 3419
3390 #if (NGX_HAVE_OPENAT) 3420 #if (NGX_HAVE_OPENAT)
3391 clcf->disable_symlinks = NGX_CONF_UNSET_UINT; 3421 clcf->disable_symlinks = NGX_CONF_UNSET_UINT;
3422 clcf->disable_symlinks_from = NGX_CONF_UNSET_PTR;
3392 #endif 3423 #endif
3393 3424
3394 return clcf; 3425 return clcf;
3395 } 3426 }
3396 3427
3671 #endif 3702 #endif
3672 3703
3673 #if (NGX_HAVE_OPENAT) 3704 #if (NGX_HAVE_OPENAT)
3674 ngx_conf_merge_uint_value(conf->disable_symlinks, prev->disable_symlinks, 3705 ngx_conf_merge_uint_value(conf->disable_symlinks, prev->disable_symlinks,
3675 NGX_DISABLE_SYMLINKS_OFF); 3706 NGX_DISABLE_SYMLINKS_OFF);
3707 ngx_conf_merge_ptr_value(conf->disable_symlinks_from,
3708 prev->disable_symlinks_from, NULL);
3676 #endif 3709 #endif
3677 3710
3678 return NGX_CONF_OK; 3711 return NGX_CONF_OK;
3679 } 3712 }
3680 3713
4806 } 4839 }
4807 4840
4808 #endif 4841 #endif
4809 4842
4810 4843
4844 #if (NGX_HAVE_OPENAT)
4845
4846 static char *
4847 ngx_http_disable_symlinks(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
4848 {
4849 ngx_http_core_loc_conf_t *clcf = conf;
4850
4851 ngx_str_t *value;
4852 ngx_uint_t i;
4853 ngx_http_compile_complex_value_t ccv;
4854
4855 if (clcf->disable_symlinks != NGX_CONF_UNSET_UINT) {
4856 return "is duplicate";
4857 }
4858
4859 value = cf->args->elts;
4860
4861 for (i = 1; i < cf->args->nelts; i++) {
4862
4863 if (ngx_strcmp(value[i].data, "off") == 0) {
4864 clcf->disable_symlinks = NGX_DISABLE_SYMLINKS_OFF;
4865 continue;
4866 }
4867
4868 if (ngx_strcmp(value[i].data, "if_not_owner") == 0) {
4869 clcf->disable_symlinks = NGX_DISABLE_SYMLINKS_NOTOWNER;
4870 continue;
4871 }
4872
4873 if (ngx_strcmp(value[i].data, "on") == 0) {
4874 clcf->disable_symlinks = NGX_DISABLE_SYMLINKS_ON;
4875 continue;
4876 }
4877
4878 if (ngx_strncmp(value[i].data, "from=", 5) == 0) {
4879 value[i].len -= 5;
4880 value[i].data += 5;
4881
4882 ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t));
4883
4884 ccv.cf = cf;
4885 ccv.value = &value[i];
4886 ccv.complex_value = ngx_palloc(cf->pool,
4887 sizeof(ngx_http_complex_value_t));
4888 if (ccv.complex_value == NULL) {
4889 return NGX_CONF_ERROR;
4890 }
4891
4892 if (ngx_http_compile_complex_value(&ccv) != NGX_OK) {
4893 return NGX_CONF_ERROR;
4894 }
4895
4896 clcf->disable_symlinks_from = ccv.complex_value;
4897
4898 continue;
4899 }
4900
4901 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
4902 "invalid parameter \"%V\"", &value[i]);
4903 return NGX_CONF_ERROR;
4904 }
4905
4906 if (clcf->disable_symlinks == NGX_CONF_UNSET_UINT) {
4907 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
4908 "\"%V\" must have \"off\", \"on\" "
4909 "or \"if_not_owner\" parameter",
4910 &cmd->name);
4911 return NGX_CONF_ERROR;
4912 }
4913
4914 if (cf->args->nelts == 2) {
4915 clcf->disable_symlinks_from = NULL;
4916 return NGX_CONF_OK;
4917 }
4918
4919 if (clcf->disable_symlinks_from == NGX_CONF_UNSET_PTR) {
4920 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
4921 "duplicate parameters \"%V %V\"",
4922 &value[1], &value[2]);
4923 return NGX_CONF_ERROR;
4924 }
4925
4926 if (clcf->disable_symlinks == NGX_DISABLE_SYMLINKS_OFF) {
4927 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
4928 "\"from=\" cannot be used with \"off\" parameter");
4929 return NGX_CONF_ERROR;
4930 }
4931
4932 return NGX_CONF_OK;
4933 }
4934
4935 #endif
4936
4937
4811 static char * 4938 static char *
4812 ngx_http_core_lowat_check(ngx_conf_t *cf, void *post, void *data) 4939 ngx_http_core_lowat_check(ngx_conf_t *cf, void *post, void *data)
4813 { 4940 {
4814 #if (NGX_FREEBSD) 4941 #if (NGX_FREEBSD)
4815 ssize_t *np = data; 4942 ssize_t *np = data;