From 113afb09ea7ddeebf2376cf6df3af212705e6128 Mon Sep 17 00:00:00 2001 From: Zhidao HONG Date: Thu, 22 Apr 2021 13:13:06 +0800 Subject: Router: grouped app and share fields in nxt_http_action_t. This is a prerequisite for further introduction of openat2() features. No functional changes. --- src/nxt_http_static.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'src/nxt_http_static.c') diff --git a/src/nxt_http_static.c b/src/nxt_http_static.c index df2655fc..c0b48586 100644 --- a/src/nxt_http_static.c +++ b/src/nxt_http_static.c @@ -49,8 +49,8 @@ nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, if (nxt_slow_path(!nxt_str_eq(r->method, "GET", 3))) { if (!nxt_str_eq(r->method, "HEAD", 4)) { - if (action->u.fallback != NULL) { - return action->u.fallback; + if (action->u.share.fallback != NULL) { + return action->u.share.fallback; } nxt_http_request_error(task, r, NXT_HTTP_METHOD_NOT_ALLOWED); @@ -127,8 +127,8 @@ nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, break; } - if (level == NXT_LOG_ERR && action->u.fallback != NULL) { - return action->u.fallback; + if (level == NXT_LOG_ERR && action->u.share.fallback != NULL) { + return action->u.share.fallback; } if (status != NXT_HTTP_NOT_FOUND) { @@ -230,8 +230,8 @@ nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, nxt_file_close(task, f); if (nxt_slow_path(!nxt_is_dir(&fi))) { - if (action->u.fallback != NULL) { - return action->u.fallback; + if (action->u.share.fallback != NULL) { + return action->u.share.fallback; } nxt_log(task, NXT_LOG_ERR, "\"%FN\" is not a regular file", -- cgit From 53279af5d44dce2b679399d6a36eb46292928175 Mon Sep 17 00:00:00 2001 From: Zhidao HONG Date: Thu, 29 Apr 2021 22:04:34 +0800 Subject: Static: support for openat2() features. Support for chrooting, rejecting symlinks, and rejecting crossing mounting points on a per-request basis during static file serving. --- src/nxt_http_static.c | 123 +++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 97 insertions(+), 26 deletions(-) (limited to 'src/nxt_http_static.c') diff --git a/src/nxt_http_static.c b/src/nxt_http_static.c index c0b48586..98d70739 100644 --- a/src/nxt_http_static.c +++ b/src/nxt_http_static.c @@ -31,15 +31,15 @@ nxt_http_action_t * nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, nxt_http_action_t *action) { - size_t alloc, encode; - u_char *p; + size_t length, encode; + u_char *p, *fname; struct tm tm; nxt_buf_t *fb; nxt_int_t ret; - nxt_str_t index, extension, *mtype; + nxt_str_t index, extension, *mtype, *chroot; nxt_uint_t level; nxt_bool_t need_body; - nxt_file_t *f; + nxt_file_t *f, af, file; nxt_file_info_t fi; nxt_http_field_t *field; nxt_http_status_t status; @@ -63,13 +63,6 @@ nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, need_body = 1; } - f = nxt_mp_zget(r->mem_pool, sizeof(nxt_file_t)); - if (nxt_slow_path(f == NULL)) { - goto fail; - } - - f->fd = NXT_FILE_INVALID; - if (r->path->start[r->path->length - 1] == '/') { /* TODO: dynamic index setting. */ nxt_str_set(&index, "index.html"); @@ -80,23 +73,83 @@ nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, nxt_str_null(&extension); } - alloc = action->name.length + r->path->length + index.length + 1; + f = NULL; - f->name = nxt_mp_nget(r->mem_pool, alloc); - if (nxt_slow_path(f->name == NULL)) { + length = action->name.length + r->path->length + index.length; + + fname = nxt_mp_nget(r->mem_pool, length + 1); + if (nxt_slow_path(fname == NULL)) { goto fail; } - p = f->name; + p = fname; p = nxt_cpymem(p, action->name.start, action->name.length); p = nxt_cpymem(p, r->path->start, r->path->length); p = nxt_cpymem(p, index.start, index.length); *p = '\0'; - ret = nxt_file_open(task, f, NXT_FILE_RDONLY, NXT_FILE_OPEN, 0); + nxt_memzero(&file, sizeof(nxt_file_t)); + + file.name = fname; + + chroot = &action->u.share.chroot; + +#if (NXT_HAVE_OPENAT2) + + if (action->u.share.resolve != 0) { + + if (chroot->length > 0) { + file.name = chroot->start; + + if (length > chroot->length + && nxt_memcmp(fname, chroot->start, chroot->length) == 0) + { + fname += chroot->length; + ret = nxt_file_open(task, &file, NXT_FILE_SEARCH, NXT_FILE_OPEN, + 0); + + } else { + file.error = NXT_EACCES; + ret = NXT_ERROR; + } + + } else if (fname[0] == '/') { + file.name = (u_char *) "/"; + ret = nxt_file_open(task, &file, NXT_FILE_SEARCH, NXT_FILE_OPEN, 0); + + } else { + file.name = (u_char *) "."; + file.fd = AT_FDCWD; + ret = NXT_OK; + } + + if (nxt_fast_path(ret == NXT_OK)) { + af = file; + nxt_memzero(&file, sizeof(nxt_file_t)); + file.name = fname; + + ret = nxt_file_openat2(task, &file, NXT_FILE_RDONLY, + NXT_FILE_OPEN, 0, af.fd, + action->u.share.resolve); + + if (af.fd != AT_FDCWD) { + nxt_file_close(task, &af); + } + } + + } else { + ret = nxt_file_open(task, &file, NXT_FILE_RDONLY, NXT_FILE_OPEN, 0); + } + +#else + + ret = nxt_file_open(task, &file, NXT_FILE_RDONLY, NXT_FILE_OPEN, 0); + +#endif if (nxt_slow_path(ret != NXT_OK)) { - switch (f->error) { + + switch (file.error) { /* * For Unix domain sockets "errno" is set to: @@ -117,6 +170,10 @@ nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, break; case NXT_EACCES: +#if (NXT_HAVE_OPENAT2) + case NXT_ELOOP: + case NXT_EXDEV: +#endif level = NXT_LOG_ERR; status = NXT_HTTP_FORBIDDEN; break; @@ -132,13 +189,27 @@ nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, } if (status != NXT_HTTP_NOT_FOUND) { - nxt_log(task, level, "open(\"%FN\") failed %E", f->name, f->error); + if (chroot->length > 0) { + nxt_log(task, level, "opening \"%FN\" at \"%FN\" failed %E", + fname, chroot, file.error); + + } else { + nxt_log(task, level, "opening \"%FN\" failed %E", + fname, file.error); + } } nxt_http_request_error(task, r, status); return NULL; } + f = nxt_mp_get(r->mem_pool, sizeof(nxt_file_t)); + if (nxt_slow_path(f == NULL)) { + goto fail; + } + + *f = file; + ret = nxt_file_info(f, &fi); if (nxt_slow_path(ret != NXT_OK)) { goto fail; @@ -172,15 +243,15 @@ nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, nxt_http_field_name_set(field, "ETag"); - alloc = NXT_TIME_T_HEXLEN + NXT_OFF_T_HEXLEN + 3; + length = NXT_TIME_T_HEXLEN + NXT_OFF_T_HEXLEN + 3; - p = nxt_mp_nget(r->mem_pool, alloc); + p = nxt_mp_nget(r->mem_pool, length); if (nxt_slow_path(p == NULL)) { goto fail; } field->value = p; - field->value_length = nxt_sprintf(p, p + alloc, "\"%xT-%xO\"", + field->value_length = nxt_sprintf(p, p + length, "\"%xT-%xO\"", nxt_file_mtime(&fi), nxt_file_size(&fi)) - p; @@ -254,19 +325,19 @@ nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, nxt_http_field_name_set(field, "Location"); encode = nxt_encode_uri(NULL, r->path->start, r->path->length); - alloc = r->path->length + encode * 2 + 1; + length = r->path->length + encode * 2 + 1; if (r->args->length > 0) { - alloc += 1 + r->args->length; + length += 1 + r->args->length; } - p = nxt_mp_nget(r->mem_pool, alloc); + p = nxt_mp_nget(r->mem_pool, length); if (nxt_slow_path(p == NULL)) { goto fail; } field->value = p; - field->value_length = alloc; + field->value_length = length; if (encode > 0) { p = (u_char *) nxt_encode_uri(p, r->path->start, r->path->length); @@ -294,7 +365,7 @@ fail: nxt_http_request_error(task, r, NXT_HTTP_INTERNAL_SERVER_ERROR); - if (f != NULL && f->fd != NXT_FILE_INVALID) { + if (f != NULL) { nxt_file_close(task, f); } -- cgit From 8bea2977bc292a9631512734ff6c46b62b24cf26 Mon Sep 17 00:00:00 2001 From: Zhidao HONG Date: Wed, 5 May 2021 16:30:26 +0800 Subject: Fixed building without openat2(). --- src/nxt_http_static.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/nxt_http_static.c') diff --git a/src/nxt_http_static.c b/src/nxt_http_static.c index 98d70739..fe3e19cc 100644 --- a/src/nxt_http_static.c +++ b/src/nxt_http_static.c @@ -39,7 +39,7 @@ nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, nxt_str_t index, extension, *mtype, *chroot; nxt_uint_t level; nxt_bool_t need_body; - nxt_file_t *f, af, file; + nxt_file_t *f, file; nxt_file_info_t fi; nxt_http_field_t *field; nxt_http_status_t status; @@ -124,6 +124,8 @@ nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, } if (nxt_fast_path(ret == NXT_OK)) { + nxt_file_t af; + af = file; nxt_memzero(&file, sizeof(nxt_file_t)); file.name = fname; -- cgit From de631d8c36cebdd69018dfa3ff145ba8b701a2d1 Mon Sep 17 00:00:00 2001 From: Zhidao HONG Date: Wed, 5 May 2021 17:23:33 +0800 Subject: Fixed format and arguments mismatches in error log messages. --- src/nxt_http_static.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/nxt_http_static.c') diff --git a/src/nxt_http_static.c b/src/nxt_http_static.c index fe3e19cc..e603819b 100644 --- a/src/nxt_http_static.c +++ b/src/nxt_http_static.c @@ -192,11 +192,11 @@ nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, if (status != NXT_HTTP_NOT_FOUND) { if (chroot->length > 0) { - nxt_log(task, level, "opening \"%FN\" at \"%FN\" failed %E", + nxt_log(task, level, "opening \"%s\" at \"%V\" failed %E", fname, chroot, file.error); } else { - nxt_log(task, level, "opening \"%FN\" failed %E", + nxt_log(task, level, "opening \"%s\" failed %E", fname, file.error); } } -- cgit From b9d5eb285a2fca8b9b60d948acc679a5e16b3f94 Mon Sep 17 00:00:00 2001 From: Oisin Canty Date: Thu, 6 May 2021 14:22:21 +0000 Subject: Static: implemented MIME filtering --- src/nxt_http_static.c | 39 +++++++++++++++++++++++++++++++++++---- 1 file changed, 35 insertions(+), 4 deletions(-) (limited to 'src/nxt_http_static.c') diff --git a/src/nxt_http_static.c b/src/nxt_http_static.c index e603819b..c961bb97 100644 --- a/src/nxt_http_static.c +++ b/src/nxt_http_static.c @@ -75,6 +75,37 @@ nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, f = NULL; + rtcf = r->conf->socket_conf->router_conf; + + mtype = NULL; + + if (action->u.share.types != NULL && extension.start == NULL) { + nxt_http_static_extract_extension(r->path, &extension); + mtype = nxt_http_static_mtypes_hash_find(&rtcf->mtypes_hash, + &extension); + + if (mtype != NULL) { + ret = nxt_http_route_test_rule(r, action->u.share.types, + mtype->start, mtype->length); + if (ret == 1) { + goto mime_ok; + } + + if (nxt_slow_path(ret == NXT_ERROR)) { + goto fail; + } + } + + if (action->u.share.fallback != NULL) { + return action->u.share.fallback; + } + + nxt_http_request_error(task, r, NXT_HTTP_FORBIDDEN); + return NULL; + } + +mime_ok: + length = action->name.length + r->path->length + index.length; fname = nxt_mp_nget(r->mem_pool, length + 1); @@ -262,10 +293,10 @@ nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, nxt_http_static_extract_extension(r->path, &extension); } - rtcf = r->conf->socket_conf->router_conf; - - mtype = nxt_http_static_mtypes_hash_find(&rtcf->mtypes_hash, - &extension); + if (mtype == NULL) { + mtype = nxt_http_static_mtypes_hash_find(&rtcf->mtypes_hash, + &extension); + } if (mtype != NULL) { field = nxt_list_zero_add(r->resp.fields); -- cgit From 81e31872e3d05c912551dbf1382e3c78f4f65f4b Mon Sep 17 00:00:00 2001 From: Oisin Canty Date: Wed, 26 May 2021 16:48:05 +0000 Subject: MIME: added PHP. --- src/nxt_http_static.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/nxt_http_static.c') diff --git a/src/nxt_http_static.c b/src/nxt_http_static.c index c961bb97..08f451b6 100644 --- a/src/nxt_http_static.c +++ b/src/nxt_http_static.c @@ -643,6 +643,8 @@ nxt_http_static_mtypes_init(nxt_mp_t *mp, nxt_lvlhsh_t *hash) { nxt_string("application/octet-stream"), ".deb" }, { nxt_string("application/octet-stream"), ".rpm" }, + + { nxt_string("application/x-httpd-php"), ".php" }, }; for (i = 0; i < nxt_nitems(default_types); i++) { -- cgit From d67a0c871157454d591fa1d2a8b2d831b32e4040 Mon Sep 17 00:00:00 2001 From: Oisin Canty Date: Wed, 26 May 2021 16:48:11 +0000 Subject: Static: handled unknown MIME types when MIME-filtering active. --- src/nxt_http_static.c | 32 ++++++++++++++------------------ 1 file changed, 14 insertions(+), 18 deletions(-) (limited to 'src/nxt_http_static.c') diff --git a/src/nxt_http_static.c b/src/nxt_http_static.c index 08f451b6..c8b73fac 100644 --- a/src/nxt_http_static.c +++ b/src/nxt_http_static.c @@ -84,28 +84,22 @@ nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, mtype = nxt_http_static_mtypes_hash_find(&rtcf->mtypes_hash, &extension); - if (mtype != NULL) { - ret = nxt_http_route_test_rule(r, action->u.share.types, - mtype->start, mtype->length); - if (ret == 1) { - goto mime_ok; - } + ret = nxt_http_route_test_rule(r, action->u.share.types, + mtype->start, mtype->length); + if (nxt_slow_path(ret == NXT_ERROR)) { + goto fail; + } - if (nxt_slow_path(ret == NXT_ERROR)) { - goto fail; + if (ret == 0) { + if (action->u.share.fallback != NULL) { + return action->u.share.fallback; } - } - if (action->u.share.fallback != NULL) { - return action->u.share.fallback; + nxt_http_request_error(task, r, NXT_HTTP_FORBIDDEN); + return NULL; } - - nxt_http_request_error(task, r, NXT_HTTP_FORBIDDEN); - return NULL; } -mime_ok: - length = action->name.length + r->path->length + index.length; fname = nxt_mp_nget(r->mem_pool, length + 1); @@ -298,7 +292,7 @@ mime_ok: &extension); } - if (mtype != NULL) { + if (mtype->length != 0) { field = nxt_list_zero_add(r->resp.fields); if (nxt_slow_path(field == NULL)) { goto fail; @@ -711,6 +705,8 @@ nxt_http_static_mtypes_hash_find(nxt_lvlhsh_t *hash, nxt_str_t *extension) nxt_lvlhsh_query_t lhq; nxt_http_static_mtype_t *mtype; + static nxt_str_t empty = nxt_string(""); + lhq.key = *extension; lhq.key_hash = nxt_djb_hash_lowcase(lhq.key.start, lhq.key.length); lhq.proto = &nxt_http_static_mtypes_hash_proto; @@ -720,7 +716,7 @@ nxt_http_static_mtypes_hash_find(nxt_lvlhsh_t *hash, nxt_str_t *extension) return mtype->type; } - return NULL; + return ∅ } -- cgit