Mercurial > hg > nginx
comparison src/http/ngx_http_core_module.c @ 4495:b4379a91f9b5
Disable symlinks: added the "from=" parameter to the "disable_symlinks"
directive.
author | Valentin Bartenev <vbart@nginx.com> |
---|---|
date | Mon, 27 Feb 2012 16:54:10 +0000 |
parents | 13e09cf11d4e |
children | 14411ee4d89f |
comparison
equal
deleted
inserted
replaced
4494:13e09cf11d4e | 4495:b4379a91f9b5 |
---|---|
74 static ngx_int_t ngx_http_gzip_accept_encoding(ngx_str_t *ae); | 74 static ngx_int_t ngx_http_gzip_accept_encoding(ngx_str_t *ae); |
75 static ngx_uint_t ngx_http_gzip_quantity(u_char *p, u_char *last); | 75 static ngx_uint_t ngx_http_gzip_quantity(u_char *p, u_char *last); |
76 static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd, | 76 static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd, |
77 void *conf); | 77 void *conf); |
78 #endif | 78 #endif |
79 #if (NGX_HAVE_OPENAT) | |
80 static char *ngx_http_disable_symlinks(ngx_conf_t *cf, ngx_command_t *cmd, | |
81 void *conf); | |
82 #endif | |
79 | 83 |
80 static char *ngx_http_core_lowat_check(ngx_conf_t *cf, void *post, void *data); | 84 static char *ngx_http_core_lowat_check(ngx_conf_t *cf, void *post, void *data); |
81 static char *ngx_http_core_pool_size(ngx_conf_t *cf, void *post, void *data); | 85 static char *ngx_http_core_pool_size(ngx_conf_t *cf, void *post, void *data); |
82 | 86 |
83 static ngx_conf_post_t ngx_http_core_lowat_post = | 87 static ngx_conf_post_t ngx_http_core_lowat_post = |
185 static ngx_str_t ngx_http_gzip_private = ngx_string("private"); | 189 static ngx_str_t ngx_http_gzip_private = ngx_string("private"); |
186 | 190 |
187 #endif | 191 #endif |
188 | 192 |
189 | 193 |
190 #if (NGX_HAVE_OPENAT) | |
191 | |
192 static ngx_conf_enum_t ngx_http_core_disable_symlinks[] = { | |
193 { ngx_string("off"), NGX_DISABLE_SYMLINKS_OFF }, | |
194 { ngx_string("if_not_owner"), NGX_DISABLE_SYMLINKS_NOTOWNER }, | |
195 { ngx_string("on"), NGX_DISABLE_SYMLINKS_ON }, | |
196 { ngx_null_string, 0 } | |
197 }; | |
198 | |
199 #endif | |
200 | |
201 | |
202 static ngx_command_t ngx_http_core_commands[] = { | 194 static ngx_command_t ngx_http_core_commands[] = { |
203 | 195 |
204 { ngx_string("variables_hash_max_size"), | 196 { ngx_string("variables_hash_max_size"), |
205 NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1, | 197 NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1, |
206 ngx_conf_set_num_slot, | 198 ngx_conf_set_num_slot, |
777 #endif | 769 #endif |
778 | 770 |
779 #if (NGX_HAVE_OPENAT) | 771 #if (NGX_HAVE_OPENAT) |
780 | 772 |
781 { ngx_string("disable_symlinks"), | 773 { ngx_string("disable_symlinks"), |
782 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | 774 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE12, |
783 ngx_conf_set_enum_slot, | 775 ngx_http_disable_symlinks, |
784 NGX_HTTP_LOC_CONF_OFFSET, | 776 NGX_HTTP_LOC_CONF_OFFSET, |
785 offsetof(ngx_http_core_loc_conf_t, disable_symlinks), | 777 0, |
786 &ngx_http_core_disable_symlinks }, | 778 NULL }, |
787 | 779 |
788 #endif | 780 #endif |
789 | 781 |
790 ngx_null_command | 782 ngx_null_command |
791 }; | 783 }; |
2650 ngx_int_t | 2642 ngx_int_t |
2651 ngx_http_set_disable_symlinks(ngx_http_request_t *r, | 2643 ngx_http_set_disable_symlinks(ngx_http_request_t *r, |
2652 ngx_http_core_loc_conf_t *clcf, ngx_str_t *path, ngx_open_file_info_t *of) | 2644 ngx_http_core_loc_conf_t *clcf, ngx_str_t *path, ngx_open_file_info_t *of) |
2653 { | 2645 { |
2654 #if (NGX_HAVE_OPENAT) | 2646 #if (NGX_HAVE_OPENAT) |
2647 u_char *p; | |
2648 ngx_str_t from; | |
2649 | |
2655 of->disable_symlinks = clcf->disable_symlinks; | 2650 of->disable_symlinks = clcf->disable_symlinks; |
2651 | |
2652 if (clcf->disable_symlinks_from == NULL) { | |
2653 return NGX_OK; | |
2654 } | |
2655 | |
2656 if (ngx_http_complex_value(r, clcf->disable_symlinks_from, &from) | |
2657 != NGX_OK) | |
2658 { | |
2659 return NGX_ERROR; | |
2660 } | |
2661 | |
2662 if (from.len == 0 | |
2663 || from.len > path->len | |
2664 || ngx_memcmp(path->data, from.data, from.len) != 0) | |
2665 { | |
2666 return NGX_OK; | |
2667 } | |
2668 | |
2669 if (from.len == path->len) { | |
2670 of->disable_symlinks = NGX_DISABLE_SYMLINKS_OFF; | |
2671 return NGX_OK; | |
2672 } | |
2673 | |
2674 p = path->data + from.len; | |
2675 | |
2676 if (*p == '/') { | |
2677 of->disable_symlinks_from = from.len; | |
2678 return NGX_OK; | |
2679 } | |
2680 | |
2681 p--; | |
2682 | |
2683 if (*p == '/') { | |
2684 of->disable_symlinks_from = from.len - 1; | |
2685 } | |
2656 #endif | 2686 #endif |
2657 | 2687 |
2658 return NGX_OK; | 2688 return NGX_OK; |
2659 } | 2689 } |
2660 | 2690 |
3387 #endif | 3417 #endif |
3388 #endif | 3418 #endif |
3389 | 3419 |
3390 #if (NGX_HAVE_OPENAT) | 3420 #if (NGX_HAVE_OPENAT) |
3391 clcf->disable_symlinks = NGX_CONF_UNSET_UINT; | 3421 clcf->disable_symlinks = NGX_CONF_UNSET_UINT; |
3422 clcf->disable_symlinks_from = NGX_CONF_UNSET_PTR; | |
3392 #endif | 3423 #endif |
3393 | 3424 |
3394 return clcf; | 3425 return clcf; |
3395 } | 3426 } |
3396 | 3427 |
3671 #endif | 3702 #endif |
3672 | 3703 |
3673 #if (NGX_HAVE_OPENAT) | 3704 #if (NGX_HAVE_OPENAT) |
3674 ngx_conf_merge_uint_value(conf->disable_symlinks, prev->disable_symlinks, | 3705 ngx_conf_merge_uint_value(conf->disable_symlinks, prev->disable_symlinks, |
3675 NGX_DISABLE_SYMLINKS_OFF); | 3706 NGX_DISABLE_SYMLINKS_OFF); |
3707 ngx_conf_merge_ptr_value(conf->disable_symlinks_from, | |
3708 prev->disable_symlinks_from, NULL); | |
3676 #endif | 3709 #endif |
3677 | 3710 |
3678 return NGX_CONF_OK; | 3711 return NGX_CONF_OK; |
3679 } | 3712 } |
3680 | 3713 |
4806 } | 4839 } |
4807 | 4840 |
4808 #endif | 4841 #endif |
4809 | 4842 |
4810 | 4843 |
4844 #if (NGX_HAVE_OPENAT) | |
4845 | |
4846 static char * | |
4847 ngx_http_disable_symlinks(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
4848 { | |
4849 ngx_http_core_loc_conf_t *clcf = conf; | |
4850 | |
4851 ngx_str_t *value; | |
4852 ngx_uint_t i; | |
4853 ngx_http_compile_complex_value_t ccv; | |
4854 | |
4855 if (clcf->disable_symlinks != NGX_CONF_UNSET_UINT) { | |
4856 return "is duplicate"; | |
4857 } | |
4858 | |
4859 value = cf->args->elts; | |
4860 | |
4861 for (i = 1; i < cf->args->nelts; i++) { | |
4862 | |
4863 if (ngx_strcmp(value[i].data, "off") == 0) { | |
4864 clcf->disable_symlinks = NGX_DISABLE_SYMLINKS_OFF; | |
4865 continue; | |
4866 } | |
4867 | |
4868 if (ngx_strcmp(value[i].data, "if_not_owner") == 0) { | |
4869 clcf->disable_symlinks = NGX_DISABLE_SYMLINKS_NOTOWNER; | |
4870 continue; | |
4871 } | |
4872 | |
4873 if (ngx_strcmp(value[i].data, "on") == 0) { | |
4874 clcf->disable_symlinks = NGX_DISABLE_SYMLINKS_ON; | |
4875 continue; | |
4876 } | |
4877 | |
4878 if (ngx_strncmp(value[i].data, "from=", 5) == 0) { | |
4879 value[i].len -= 5; | |
4880 value[i].data += 5; | |
4881 | |
4882 ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t)); | |
4883 | |
4884 ccv.cf = cf; | |
4885 ccv.value = &value[i]; | |
4886 ccv.complex_value = ngx_palloc(cf->pool, | |
4887 sizeof(ngx_http_complex_value_t)); | |
4888 if (ccv.complex_value == NULL) { | |
4889 return NGX_CONF_ERROR; | |
4890 } | |
4891 | |
4892 if (ngx_http_compile_complex_value(&ccv) != NGX_OK) { | |
4893 return NGX_CONF_ERROR; | |
4894 } | |
4895 | |
4896 clcf->disable_symlinks_from = ccv.complex_value; | |
4897 | |
4898 continue; | |
4899 } | |
4900 | |
4901 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
4902 "invalid parameter \"%V\"", &value[i]); | |
4903 return NGX_CONF_ERROR; | |
4904 } | |
4905 | |
4906 if (clcf->disable_symlinks == NGX_CONF_UNSET_UINT) { | |
4907 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
4908 "\"%V\" must have \"off\", \"on\" " | |
4909 "or \"if_not_owner\" parameter", | |
4910 &cmd->name); | |
4911 return NGX_CONF_ERROR; | |
4912 } | |
4913 | |
4914 if (cf->args->nelts == 2) { | |
4915 clcf->disable_symlinks_from = NULL; | |
4916 return NGX_CONF_OK; | |
4917 } | |
4918 | |
4919 if (clcf->disable_symlinks_from == NGX_CONF_UNSET_PTR) { | |
4920 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
4921 "duplicate parameters \"%V %V\"", | |
4922 &value[1], &value[2]); | |
4923 return NGX_CONF_ERROR; | |
4924 } | |
4925 | |
4926 if (clcf->disable_symlinks == NGX_DISABLE_SYMLINKS_OFF) { | |
4927 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
4928 "\"from=\" cannot be used with \"off\" parameter"); | |
4929 return NGX_CONF_ERROR; | |
4930 } | |
4931 | |
4932 return NGX_CONF_OK; | |
4933 } | |
4934 | |
4935 #endif | |
4936 | |
4937 | |
4811 static char * | 4938 static char * |
4812 ngx_http_core_lowat_check(ngx_conf_t *cf, void *post, void *data) | 4939 ngx_http_core_lowat_check(ngx_conf_t *cf, void *post, void *data) |
4813 { | 4940 { |
4814 #if (NGX_FREEBSD) | 4941 #if (NGX_FREEBSD) |
4815 ssize_t *np = data; | 4942 ssize_t *np = data; |