Klaus Demo nginx / 5c95f88
Disable symlinks: added the "from=" parameter to the "disable_symlinks" directive. Valentin Bartenev 10 years ago
2 changed file(s) with 145 addition(s) and 17 deletion(s). Raw diff Collapse all Expand all
7575 static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd,
7676 void *conf);
7777 #endif
78 #if (NGX_HAVE_OPENAT)
79 static char *ngx_http_disable_symlinks(ngx_conf_t *cf, ngx_command_t *cmd,
80 void *conf);
81 #endif
7882
7983 static char *ngx_http_core_lowat_check(ngx_conf_t *cf, void *post, void *data);
8084 static char *ngx_http_core_pool_size(ngx_conf_t *cf, void *post, void *data);
186190 #endif
187191
188192
189 #if (NGX_HAVE_OPENAT)
190
191 static ngx_conf_enum_t ngx_http_core_disable_symlinks[] = {
192 { ngx_string("off"), NGX_DISABLE_SYMLINKS_OFF },
193 { ngx_string("if_not_owner"), NGX_DISABLE_SYMLINKS_NOTOWNER },
194 { ngx_string("on"), NGX_DISABLE_SYMLINKS_ON },
195 { ngx_null_string, 0 }
196 };
197
198 #endif
199
200
201193 static ngx_command_t ngx_http_core_commands[] = {
202194
203195 { ngx_string("variables_hash_max_size"),
778770 #if (NGX_HAVE_OPENAT)
779771
780772 { ngx_string("disable_symlinks"),
781 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
782 ngx_conf_set_enum_slot,
783 NGX_HTTP_LOC_CONF_OFFSET,
784 offsetof(ngx_http_core_loc_conf_t, disable_symlinks),
785 &ngx_http_core_disable_symlinks },
773 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE12,
774 ngx_http_disable_symlinks,
775 NGX_HTTP_LOC_CONF_OFFSET,
776 0,
777 NULL },
786778
787779 #endif
788780
26512643 ngx_http_core_loc_conf_t *clcf, ngx_str_t *path, ngx_open_file_info_t *of)
26522644 {
26532645 #if (NGX_HAVE_OPENAT)
2646 u_char *p;
2647 ngx_str_t from;
2648
26542649 of->disable_symlinks = clcf->disable_symlinks;
2650
2651 if (clcf->disable_symlinks_from == NULL) {
2652 return NGX_OK;
2653 }
2654
2655 if (ngx_http_complex_value(r, clcf->disable_symlinks_from, &from)
2656 != NGX_OK)
2657 {
2658 return NGX_ERROR;
2659 }
2660
2661 if (from.len == 0
2662 || from.len > path->len
2663 || ngx_memcmp(path->data, from.data, from.len) != 0)
2664 {
2665 return NGX_OK;
2666 }
2667
2668 if (from.len == path->len) {
2669 of->disable_symlinks = NGX_DISABLE_SYMLINKS_OFF;
2670 return NGX_OK;
2671 }
2672
2673 p = path->data + from.len;
2674
2675 if (*p == '/') {
2676 of->disable_symlinks_from = from.len;
2677 return NGX_OK;
2678 }
2679
2680 p--;
2681
2682 if (*p == '/') {
2683 of->disable_symlinks_from = from.len - 1;
2684 }
26552685 #endif
26562686
26572687 return NGX_OK;
33883418
33893419 #if (NGX_HAVE_OPENAT)
33903420 clcf->disable_symlinks = NGX_CONF_UNSET_UINT;
3421 clcf->disable_symlinks_from = NGX_CONF_UNSET_PTR;
33913422 #endif
33923423
33933424 return clcf;
36723703 #if (NGX_HAVE_OPENAT)
36733704 ngx_conf_merge_uint_value(conf->disable_symlinks, prev->disable_symlinks,
36743705 NGX_DISABLE_SYMLINKS_OFF);
3706 ngx_conf_merge_ptr_value(conf->disable_symlinks_from,
3707 prev->disable_symlinks_from, NULL);
36753708 #endif
36763709
36773710 return NGX_CONF_OK;
48074840 #endif
48084841
48094842
4843 #if (NGX_HAVE_OPENAT)
4844
4845 static char *
4846 ngx_http_disable_symlinks(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
4847 {
4848 ngx_http_core_loc_conf_t *clcf = conf;
4849
4850 ngx_str_t *value;
4851 ngx_uint_t i;
4852 ngx_http_compile_complex_value_t ccv;
4853
4854 if (clcf->disable_symlinks != NGX_CONF_UNSET_UINT) {
4855 return "is duplicate";
4856 }
4857
4858 value = cf->args->elts;
4859
4860 for (i = 1; i < cf->args->nelts; i++) {
4861
4862 if (ngx_strcmp(value[i].data, "off") == 0) {
4863 clcf->disable_symlinks = NGX_DISABLE_SYMLINKS_OFF;
4864 continue;
4865 }
4866
4867 if (ngx_strcmp(value[i].data, "if_not_owner") == 0) {
4868 clcf->disable_symlinks = NGX_DISABLE_SYMLINKS_NOTOWNER;
4869 continue;
4870 }
4871
4872 if (ngx_strcmp(value[i].data, "on") == 0) {
4873 clcf->disable_symlinks = NGX_DISABLE_SYMLINKS_ON;
4874 continue;
4875 }
4876
4877 if (ngx_strncmp(value[i].data, "from=", 5) == 0) {
4878 value[i].len -= 5;
4879 value[i].data += 5;
4880
4881 ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t));
4882
4883 ccv.cf = cf;
4884 ccv.value = &value[i];
4885 ccv.complex_value = ngx_palloc(cf->pool,
4886 sizeof(ngx_http_complex_value_t));
4887 if (ccv.complex_value == NULL) {
4888 return NGX_CONF_ERROR;
4889 }
4890
4891 if (ngx_http_compile_complex_value(&ccv) != NGX_OK) {
4892 return NGX_CONF_ERROR;
4893 }
4894
4895 clcf->disable_symlinks_from = ccv.complex_value;
4896
4897 continue;
4898 }
4899
4900 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
4901 "invalid parameter \"%V\"", &value[i]);
4902 return NGX_CONF_ERROR;
4903 }
4904
4905 if (clcf->disable_symlinks == NGX_CONF_UNSET_UINT) {
4906 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
4907 "\"%V\" must have \"off\", \"on\" "
4908 "or \"if_not_owner\" parameter",
4909 &cmd->name);
4910 return NGX_CONF_ERROR;
4911 }
4912
4913 if (cf->args->nelts == 2) {
4914 clcf->disable_symlinks_from = NULL;
4915 return NGX_CONF_OK;
4916 }
4917
4918 if (clcf->disable_symlinks_from == NGX_CONF_UNSET_PTR) {
4919 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
4920 "duplicate parameters \"%V %V\"",
4921 &value[1], &value[2]);
4922 return NGX_CONF_ERROR;
4923 }
4924
4925 if (clcf->disable_symlinks == NGX_DISABLE_SYMLINKS_OFF) {
4926 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
4927 "\"from=\" cannot be used with \"off\" parameter");
4928 return NGX_CONF_ERROR;
4929 }
4930
4931 return NGX_CONF_OK;
4932 }
4933
4934 #endif
4935
4936
48104937 static char *
48114938 ngx_http_core_lowat_check(ngx_conf_t *cf, void *post, void *data)
48124939 {
405405
406406 #if (NGX_HAVE_OPENAT)
407407 ngx_uint_t disable_symlinks; /* disable_symlinks */
408 ngx_http_complex_value_t *disable_symlinks_from;
408409 #endif
409410
410411 ngx_array_t *error_pages; /* error_page */