diff options
| author | Igor Sysoev <igor@sysoev.ru> | 2006-08-04 16:04:04 +0000 |
|---|---|---|
| committer | Igor Sysoev <igor@sysoev.ru> | 2006-08-04 16:04:04 +0000 |
| commit | b71c690895870290663dd4eef453d195209269ce (patch) | |
| tree | f95ec569e2482a95ee2789e5e25991d0fbbb92e6 /src/http/modules | |
| parent | 9bda615eef680b3a2ea8ceccb51a872a4bcc340e (diff) | |
| download | nginx-release-0.3.56.tar.gz nginx-release-0.3.56.tar.bz2 | |
nginx-0.3.56-RELEASE importrelease-0.3.56
*) Feature: the "dav_access" directive.
*) Feature: the "if" directive supports the "-d", "!-d", "-e", "!-e",
"-x", and "!-x" operators.
*) Bugfix: a segmentation fault occurred if a request returned a
redirect and some sent to client header lines were logged in the
access log.
Diffstat (limited to '')
| -rw-r--r-- | src/http/modules/ngx_http_dav_module.c | 111 | ||||
| -rw-r--r-- | src/http/modules/ngx_http_rewrite_module.c | 30 | ||||
| -rw-r--r-- | src/http/modules/ngx_http_ssl_module.c | 11 |
3 files changed, 144 insertions, 8 deletions
diff --git a/src/http/modules/ngx_http_dav_module.c b/src/http/modules/ngx_http_dav_module.c index 0ea937f87..990138607 100644 --- a/src/http/modules/ngx_http_dav_module.c +++ b/src/http/modules/ngx_http_dav_module.c @@ -14,6 +14,7 @@ typedef struct { ngx_uint_t methods; ngx_flag_t create_full_put_path; + ngx_uint_t access; } ngx_http_dav_loc_conf_t; @@ -22,6 +23,8 @@ static void ngx_http_dav_put_handler(ngx_http_request_t *r); static ngx_int_t ngx_http_dav_error(ngx_http_request_t *, ngx_err_t err, ngx_int_t not_found, char *failed, u_char *path); static ngx_int_t ngx_http_dav_location(ngx_http_request_t *r, u_char *path); +static char *ngx_http_dav_access(ngx_conf_t *cf, ngx_command_t *cmd, + void *conf); static void *ngx_http_dav_create_loc_conf(ngx_conf_t *cf); static char *ngx_http_dav_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child); @@ -53,6 +56,13 @@ static ngx_command_t ngx_http_dav_commands[] = { offsetof(ngx_http_dav_loc_conf_t, create_full_put_path), NULL }, + { ngx_string("dav_access"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE12, + ngx_http_dav_access, + NGX_HTTP_LOC_CONF_OFFSET, + 0, + NULL }, + ngx_null_command }; @@ -214,7 +224,7 @@ ngx_http_dav_handler(ngx_http_request_t *r) ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http mkcol path: \"%s\"", path.data); - if (ngx_create_dir(path.data) != NGX_FILE_ERROR) { + if (ngx_create_dir(path.data, dlcf->access) != NGX_FILE_ERROR) { if (ngx_http_dav_location(r, path.data) != NGX_OK) { return NGX_HTTP_INTERNAL_SERVER_ERROR; } @@ -233,6 +243,8 @@ ngx_http_dav_handler(ngx_http_request_t *r) static void ngx_http_dav_put_handler(ngx_http_request_t *r) { + char *failed; + u_char *name; ngx_err_t err; ngx_str_t *temp, path; ngx_uint_t status; @@ -267,6 +279,25 @@ ngx_http_dav_put_handler(ngx_http_request_t *r) } } + dlcf = ngx_http_get_module_loc_conf(r, ngx_http_dav_module); + +#if !(NGX_WIN32) + + if (ngx_change_file_access(temp->data, dlcf->access & ~0111) + == NGX_FILE_ERROR) + { + err = ngx_errno; + failed = ngx_change_file_access_n; + name = temp->data; + + goto failed; + } + +#endif + + failed = ngx_rename_file_n; + name = path.data; + if (ngx_rename_file(temp->data, path.data) != NGX_FILE_ERROR) { goto ok; } @@ -275,10 +306,8 @@ ngx_http_dav_put_handler(ngx_http_request_t *r) if (err == NGX_ENOENT) { - dlcf = ngx_http_get_module_loc_conf(r, ngx_http_dav_module); - if (dlcf->create_full_put_path) { - err = ngx_create_full_path(path.data); + err = ngx_create_full_path(path.data, dlcf->access); if (err == 0) { if (ngx_rename_file(temp->data, path.data) != NGX_FILE_ERROR) { @@ -303,6 +332,11 @@ ngx_http_dav_put_handler(ngx_http_request_t *r) err = ngx_errno; } + +#else + +failed: + #endif if (ngx_delete_file(temp->data) == NGX_FILE_ERROR) { @@ -311,9 +345,9 @@ ngx_http_dav_put_handler(ngx_http_request_t *r) temp->data); } - ngx_http_finalize_request(r, ngx_http_dav_error(r, err, NGX_HTTP_CONFLICT, - ngx_rename_file_n, - path.data)); + ngx_http_finalize_request(r, + ngx_http_dav_error(r, err, NGX_HTTP_CONFLICT, failed, name)); + return; ok: @@ -407,6 +441,66 @@ ngx_http_dav_location(ngx_http_request_t *r, u_char *path) } +static char * +ngx_http_dav_access(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ + ngx_http_dav_loc_conf_t *lcf = conf; + + u_char *p; + ngx_str_t *value; + ngx_uint_t i, right, shift; + + if (lcf->access != NGX_CONF_UNSET_UINT) { + return "is duplicate"; + } + + value = cf->args->elts; + + lcf->access = 0700; + + for (i = 1; i < 3; i++) { + + p = value[i].data; + + if (ngx_strncmp(p, "user:", sizeof("user:") - 1) == 0) { + shift = 6; + p += sizeof("user:") - 1; + + } else if (ngx_strncmp(p, "group:", sizeof("group:") - 1) == 0) { + shift = 3; + p += sizeof("group:") - 1; + + } else if (ngx_strncmp(p, "all:", sizeof("all:") - 1) == 0) { + shift = 0; + p += sizeof("all:") - 1; + + } else { + goto invalid; + } + + if (ngx_strcmp(p, "rw") == 0) { + right = 7; + + } else if (ngx_strcmp(p, "r") == 0) { + right = 5; + + } else { + goto invalid; + } + + lcf->access += right << shift; + } + + return NGX_CONF_OK; + +invalid: + + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid value \"%V\"", &value[i]); + return NGX_CONF_ERROR; +} + + static void * ngx_http_dav_create_loc_conf(ngx_conf_t *cf) { @@ -424,6 +518,7 @@ ngx_http_dav_create_loc_conf(ngx_conf_t *cf) */ conf->create_full_put_path = NGX_CONF_UNSET; + conf->access = NGX_CONF_UNSET_UINT; return conf; } @@ -441,6 +536,8 @@ ngx_http_dav_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) ngx_conf_merge_value(conf->create_full_put_path, prev->create_full_put_path, 0); + ngx_conf_merge_uint_value(conf->access, prev->access, 0600); + return NGX_CONF_OK; } diff --git a/src/http/modules/ngx_http_rewrite_module.c b/src/http/modules/ngx_http_rewrite_module.c index 980de1920..30fbcd87e 100644 --- a/src/http/modules/ngx_http_rewrite_module.c +++ b/src/http/modules/ngx_http_rewrite_module.c @@ -817,11 +817,41 @@ ngx_http_rewrite_if_condition(ngx_conf_t *cf, ngx_http_rewrite_loc_conf_t *lcf) return NGX_CONF_OK; } + if (p[1] == 'd') { + fop->op = ngx_http_script_file_dir; + return NGX_CONF_OK; + } + + if (p[1] == 'e') { + fop->op = ngx_http_script_file_exists; + return NGX_CONF_OK; + } + + if (p[1] == 'x') { + fop->op = ngx_http_script_file_exec; + return NGX_CONF_OK; + } + if (p[0] == '!') { if (p[2] == 'f') { fop->op = ngx_http_script_file_not_plain; return NGX_CONF_OK; } + + if (p[2] == 'd') { + fop->op = ngx_http_script_file_not_dir; + return NGX_CONF_OK; + } + + if (p[2] == 'e') { + fop->op = ngx_http_script_file_not_exists; + return NGX_CONF_OK; + } + + if (p[2] == 'x') { + fop->op = ngx_http_script_file_not_exec; + return NGX_CONF_OK; + } } ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c index 8c78e0f95..344f61361 100644 --- a/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c @@ -17,6 +17,7 @@ typedef u_char *(*ngx_ssl_variable_handler_pt)(ngx_connection_t *); #define NGX_DEFLAUT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" +static int ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store); static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); static ngx_int_t ngx_http_ssl_client_s_dn(ngx_http_request_t *r, @@ -384,7 +385,8 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) } if (conf->verify) { - SSL_CTX_set_verify(conf->ssl.ctx, NGX_SSL_VERIFY, NULL); + SSL_CTX_set_verify(conf->ssl.ctx, NGX_SSL_VERIFY, + ngx_http_ssl_verify_callback); SSL_CTX_set_verify_depth(conf->ssl.ctx, conf->verify_depth); @@ -422,6 +424,13 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) } +static int +ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store) +{ + return 1; +} + + #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) static char * |