Slightly tweaked diff by me, fixing "new sentence new line" in the man
page.
This is OK florian@ if someone wants to commit it or I can commit it
if someone OKs it.
diff --git httpd.conf.5 httpd.conf.5
index f4ea2e55766..494271672ea 100644
--- httpd.conf.5
+++ httpd.conf.5
@@ -300,6 +300,12 @@ Alternatively if
the FastCGI handler is listening on a TCP socket,
.Ar socket
starts with a colon followed by the TCP port number.
+.It Ic strip Ar number
+Strip
+.Ar number
+path components from the beginning of DOCUMENT_ROOT and
+SCRIPT_FILENAME before sending them to the FastCGI server.
+This allows FastCGI server chroot to be a directory under httpd chroot.
.It Ic param Ar variable value
Sets a variable that will be sent to the FastCGI server.
Each statement defines one variable.
diff --git httpd.h httpd.h
index b1f17af8cd7..b22586974a5 100644
--- httpd.h
+++ httpd.h
@@ -547,6 +547,7 @@ struct server_config {
uint8_t hsts_flags;
struct server_fcgiparams fcgiparams;
+ int fcgistrip;
TAILQ_ENTRY(server_config) entry;
};
diff --git parse.y parse.y
index 054302269f4..109efd36a9f 100644
--- parse.y
+++ parse.y
@@ -689,6 +689,13 @@ fcgiflags : SOCKET STRING {
param->name, param->value);
TAILQ_INSERT_HEAD(&srv_conf->fcgiparams, param, entry);
}
+ | STRIP NUMBER {
+ if ($2 < 0 || $2 > INT_MAX) {
+ yyerror("invalid fastcgi strip number");
+ YYERROR;
+ }
+ srv_conf->fcgistrip = $2;
+ }
;
connection : CONNECTION '{' optnl conflags_l '}'
diff --git server_fcgi.c server_fcgi.c
index 864ce6b16d5..a85b5b44804 100644
--- server_fcgi.c
+++ server_fcgi.c
@@ -241,7 +241,8 @@ server_fcgi(struct httpd *env, struct client *clt)
errstr = "failed to encode param";
goto fail;
}
- if (fcgi_add_param(¶m, "SCRIPT_FILENAME", script, clt) == -1) {
+ if (fcgi_add_param(¶m, "SCRIPT_FILENAME", server_root_strip(script,
+ srv_conf->fcgistrip), clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
@@ -257,8 +258,8 @@ server_fcgi(struct httpd *env, struct client *clt)
goto fail;
}
- if (fcgi_add_param(¶m, "DOCUMENT_ROOT", srv_conf->root,
- clt) == -1) {
+ if (fcgi_add_param(¶m, "DOCUMENT_ROOT", server_root_strip(
+ srv_conf->root, srv_conf->fcgistrip), clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
On Sat, Jan 18, 2020 at 07:19:33AM +0100, Nazar Zhuk wrote:
> On Tue, Jan 14, 2020 at 03:07:05PM +0100, Florian Obser wrote:
> > I like the idea. Unfortunately the diff does not apply.
> Looks like I had formatting issues there. This should apply cleanly now.
>
>
> Index: usr.sbin/httpd/httpd.conf.5
> ===================================================================
> RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
> retrieving revision 1.107
> diff -u -p -u -r1.107 httpd.conf.5
> --- usr.sbin/httpd/httpd.conf.5 8 May 2019 21:46:56 -0000 1.107
> +++ usr.sbin/httpd/httpd.conf.5 17 Jan 2020 06:20:14 -0000
> @@ -300,6 +300,10 @@ Alternatively if
> the FastCGI handler is listening on a TCP socket,
> .Ar socket
> starts with a colon followed by the TCP port number.
> +.It Ic strip Ar number
> +Strip
> +.Ar number
> +path components from the beginning of DOCUMENT_ROOT and SCRIPT_FILENAME
> before sending them to the FastCGI server. This allows FastCGI server chroot
> to be a directory under httpd chroot.
> .It Ic param Ar variable value
> Sets a variable that will be sent to the FastCGI server.
> Each statement defines one variable.
> Index: usr.sbin/httpd/httpd.h
> ===================================================================
> RCS file: /cvs/src/usr.sbin/httpd/httpd.h,v
> retrieving revision 1.145
> diff -u -p -u -r1.145 httpd.h
> --- usr.sbin/httpd/httpd.h 8 May 2019 19:57:45 -0000 1.145
> +++ usr.sbin/httpd/httpd.h 17 Jan 2020 06:20:14 -0000
> @@ -547,6 +547,7 @@ struct server_config {
> uint8_t hsts_flags;
>
> struct server_fcgiparams fcgiparams;
> + int fcgistrip;
>
> TAILQ_ENTRY(server_config) entry;
> };
> Index: usr.sbin/httpd/parse.y
> ===================================================================
> RCS file: /cvs/src/usr.sbin/httpd/parse.y,v
> retrieving revision 1.113
> diff -u -p -u -r1.113 parse.y
> --- usr.sbin/httpd/parse.y 28 Jun 2019 13:32:47 -0000 1.113
> +++ usr.sbin/httpd/parse.y 17 Jan 2020 06:20:15 -0000
> @@ -689,6 +689,13 @@ fcgiflags : SOCKET STRING {
> param->name, param->value);
> TAILQ_INSERT_HEAD(&srv_conf->fcgiparams, param, entry);
> }
> + | STRIP NUMBER {
> + if ($2 < 0 || $2 > INT_MAX) {
> + yyerror("invalid fastcgi strip number");
> + YYERROR;
> + }
> + srv_conf->fcgistrip = $2;
> + }
> ;
>
> connection : CONNECTION '{' optnl conflags_l '}'
> Index: usr.sbin/httpd/server_fcgi.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/httpd/server_fcgi.c,v
> retrieving revision 1.80
> diff -u -p -u -r1.80 server_fcgi.c
> --- usr.sbin/httpd/server_fcgi.c 8 May 2019 21:41:06 -0000 1.80
> +++ usr.sbin/httpd/server_fcgi.c 17 Jan 2020 06:20:15 -0000
> @@ -241,7 +241,9 @@ server_fcgi(struct httpd *env, struct cl
> errstr = "failed to encode param";
> goto fail;
> }
> - if (fcgi_add_param(¶m, "SCRIPT_FILENAME", script, clt) == -1) {
> + if (fcgi_add_param(¶m, "SCRIPT_FILENAME",
> + server_root_strip(script, srv_conf->fcgistrip),
> + clt) == -1) {
> errstr = "failed to encode param";
> goto fail;
> }
> @@ -257,7 +259,8 @@ server_fcgi(struct httpd *env, struct cl
> goto fail;
> }
>
> - if (fcgi_add_param(¶m, "DOCUMENT_ROOT", srv_conf->root,
> + if (fcgi_add_param(¶m, "DOCUMENT_ROOT",
> + server_root_strip(srv_conf->root, srv_conf->fcgistrip),
> clt) == -1) {
> errstr = "failed to encode param";
> goto fail;
>
--
I'm not entirely sure you are real.
