nginxtra 1.4.7.9 → 1.6.0.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/nginxtra +1 -1
- data/bin/nginxtra_rails +1 -1
- data/lib/nginxtra/version.rb +1 -1
- data/vendor/nginx/CHANGES +286 -19
- data/vendor/nginx/CHANGES.ru +296 -22
- data/vendor/nginx/auto/cc/clang +4 -3
- data/vendor/nginx/auto/cc/conf +23 -0
- data/vendor/nginx/auto/cc/msvc +1 -0
- data/vendor/nginx/auto/cc/name +1 -1
- data/vendor/nginx/auto/cc/owc +4 -4
- data/vendor/nginx/auto/cc/sunc +1 -1
- data/vendor/nginx/auto/endianness +2 -2
- data/vendor/nginx/auto/feature +1 -1
- data/vendor/nginx/auto/include +1 -1
- data/vendor/nginx/auto/lib/libatomic/make +3 -1
- data/vendor/nginx/auto/lib/openssl/conf +4 -0
- data/vendor/nginx/auto/lib/openssl/make +1 -1
- data/vendor/nginx/auto/lib/pcre/conf +5 -0
- data/vendor/nginx/auto/lib/pcre/make +11 -11
- data/vendor/nginx/auto/lib/pcre/makefile.bcc +4 -3
- data/vendor/nginx/auto/lib/pcre/makefile.msvc +2 -1
- data/vendor/nginx/auto/lib/pcre/makefile.owc +2 -1
- data/vendor/nginx/auto/lib/perl/make +1 -0
- data/vendor/nginx/auto/lib/test +1 -1
- data/vendor/nginx/auto/lib/zlib/make +22 -1
- data/vendor/nginx/auto/modules +8 -0
- data/vendor/nginx/auto/options +3 -0
- data/vendor/nginx/auto/os/darwin +1 -1
- data/vendor/nginx/auto/os/linux +32 -0
- data/vendor/nginx/auto/os/win32 +12 -1
- data/vendor/nginx/auto/sources +8 -2
- data/vendor/nginx/auto/types/sizeof +1 -1
- data/vendor/nginx/auto/types/typedef +1 -1
- data/vendor/nginx/auto/types/uintptr_t +1 -1
- data/vendor/nginx/auto/unix +13 -1
- data/vendor/nginx/conf/mime.types +11 -2
- data/vendor/nginx/conf/nginx.conf +3 -4
- data/vendor/nginx/contrib/README +6 -0
- data/vendor/nginx/contrib/vim/ftdetect/nginx.vim +4 -0
- data/vendor/nginx/contrib/vim/indent/nginx.vim +11 -0
- data/vendor/nginx/contrib/vim/syntax/nginx.vim +703 -0
- data/vendor/nginx/src/core/nginx.c +2 -7
- data/vendor/nginx/src/core/nginx.h +2 -2
- data/vendor/nginx/src/core/ngx_conf_file.c +8 -88
- data/vendor/nginx/src/core/ngx_conf_file.h +3 -3
- data/vendor/nginx/src/core/ngx_config.h +2 -2
- data/vendor/nginx/src/core/ngx_connection.c +100 -29
- data/vendor/nginx/src/core/ngx_connection.h +11 -0
- data/vendor/nginx/src/core/ngx_core.h +1 -0
- data/vendor/nginx/src/core/ngx_cycle.c +23 -99
- data/vendor/nginx/src/core/ngx_cycle.h +2 -0
- data/vendor/nginx/src/core/ngx_file.c +100 -8
- data/vendor/nginx/src/core/ngx_file.h +3 -0
- data/vendor/nginx/src/core/ngx_hash.c +6 -9
- data/vendor/nginx/src/core/ngx_inet.c +93 -5
- data/vendor/nginx/src/core/ngx_inet.h +4 -2
- data/vendor/nginx/src/core/ngx_list.c +1 -9
- data/vendor/nginx/src/core/ngx_log.c +132 -30
- data/vendor/nginx/src/core/ngx_log.h +5 -2
- data/vendor/nginx/src/core/ngx_open_file_cache.c +67 -1
- data/vendor/nginx/src/core/ngx_palloc.c +5 -2
- data/vendor/nginx/src/core/ngx_proxy_protocol.c +91 -0
- data/vendor/nginx/src/core/ngx_proxy_protocol.h +23 -0
- data/vendor/nginx/src/core/ngx_resolver.c +1080 -285
- data/vendor/nginx/src/core/ngx_resolver.h +33 -3
- data/vendor/nginx/src/core/ngx_slab.c +7 -2
- data/vendor/nginx/src/core/ngx_slab.h +2 -0
- data/vendor/nginx/src/core/ngx_string.c +78 -13
- data/vendor/nginx/src/core/ngx_string.h +2 -0
- data/vendor/nginx/src/event/modules/ngx_devpoll_module.c +2 -2
- data/vendor/nginx/src/event/modules/ngx_epoll_module.c +13 -5
- data/vendor/nginx/src/event/modules/ngx_select_module.c +1 -1
- data/vendor/nginx/src/event/modules/ngx_win32_select_module.c +2 -2
- data/vendor/nginx/src/event/ngx_event.c +0 -1
- data/vendor/nginx/src/event/ngx_event.h +7 -6
- data/vendor/nginx/src/event/ngx_event_accept.c +6 -4
- data/vendor/nginx/src/event/ngx_event_connect.c +2 -2
- data/vendor/nginx/src/event/ngx_event_openssl.c +304 -13
- data/vendor/nginx/src/event/ngx_event_openssl.h +20 -1
- data/vendor/nginx/src/event/ngx_event_openssl_stapling.c +35 -23
- data/vendor/nginx/src/event/ngx_event_pipe.c +15 -30
- data/vendor/nginx/src/http/modules/ngx_http_access_module.c +115 -35
- data/vendor/nginx/src/http/modules/ngx_http_auth_basic_module.c +1 -1
- data/vendor/nginx/src/http/modules/ngx_http_auth_request_module.c +444 -0
- data/vendor/nginx/src/http/modules/ngx_http_autoindex_module.c +2 -1
- data/vendor/nginx/src/http/modules/ngx_http_charset_filter_module.c +1 -1
- data/vendor/nginx/src/http/modules/ngx_http_dav_module.c +1 -3
- data/vendor/nginx/src/http/modules/ngx_http_fastcgi_module.c +251 -36
- data/vendor/nginx/src/http/modules/ngx_http_gunzip_filter_module.c +9 -5
- data/vendor/nginx/src/http/modules/ngx_http_gzip_filter_module.c +5 -3
- data/vendor/nginx/src/http/modules/ngx_http_gzip_static_module.c +1 -1
- data/vendor/nginx/src/http/modules/ngx_http_headers_filter_module.c +4 -0
- data/vendor/nginx/src/http/modules/ngx_http_image_filter_module.c +8 -2
- data/vendor/nginx/src/http/modules/ngx_http_limit_req_module.c +5 -1
- data/vendor/nginx/src/http/modules/ngx_http_map_module.c +3 -3
- data/vendor/nginx/src/http/modules/ngx_http_memcached_module.c +21 -10
- data/vendor/nginx/src/http/modules/ngx_http_mp4_module.c +669 -197
- data/vendor/nginx/src/http/modules/ngx_http_proxy_module.c +93 -60
- data/vendor/nginx/src/http/modules/ngx_http_range_filter_module.c +13 -6
- data/vendor/nginx/src/http/modules/ngx_http_realip_module.c +20 -1
- data/vendor/nginx/src/http/modules/ngx_http_referer_module.c +132 -74
- data/vendor/nginx/src/http/modules/ngx_http_scgi_module.c +18 -12
- data/vendor/nginx/src/http/modules/ngx_http_ssi_filter_module.c +22 -20
- data/vendor/nginx/src/http/modules/ngx_http_ssl_module.c +121 -3
- data/vendor/nginx/src/http/modules/ngx_http_ssl_module.h +5 -0
- data/vendor/nginx/src/http/modules/ngx_http_stub_status_module.c +3 -0
- data/vendor/nginx/src/http/modules/ngx_http_sub_filter_module.c +123 -91
- data/vendor/nginx/src/http/modules/ngx_http_upstream_ip_hash_module.c +29 -19
- data/vendor/nginx/src/http/modules/ngx_http_upstream_keepalive_module.c +2 -5
- data/vendor/nginx/src/http/modules/ngx_http_uwsgi_module.c +215 -19
- data/vendor/nginx/src/http/modules/ngx_http_xslt_filter_module.c +32 -6
- data/vendor/nginx/src/http/modules/perl/nginx.xs +4 -7
- data/vendor/nginx/src/http/modules/perl/ngx_http_perl_module.c +2 -2
- data/vendor/nginx/src/http/ngx_http.c +17 -7
- data/vendor/nginx/src/http/ngx_http_cache.h +4 -2
- data/vendor/nginx/src/http/ngx_http_copy_filter_module.c +4 -2
- data/vendor/nginx/src/http/ngx_http_core_module.c +63 -50
- data/vendor/nginx/src/http/ngx_http_core_module.h +5 -0
- data/vendor/nginx/src/http/ngx_http_file_cache.c +115 -3
- data/vendor/nginx/src/http/ngx_http_header_filter_module.c +9 -6
- data/vendor/nginx/src/http/ngx_http_parse.c +88 -10
- data/vendor/nginx/src/http/ngx_http_postpone_filter_module.c +2 -4
- data/vendor/nginx/src/http/ngx_http_request.c +116 -8
- data/vendor/nginx/src/http/ngx_http_request.h +5 -1
- data/vendor/nginx/src/http/ngx_http_request_body.c +7 -7
- data/vendor/nginx/src/http/ngx_http_script.c +6 -5
- data/vendor/nginx/src/http/ngx_http_spdy.c +889 -271
- data/vendor/nginx/src/http/ngx_http_spdy.h +51 -28
- data/vendor/nginx/src/http/ngx_http_spdy_filter_module.c +382 -167
- data/vendor/nginx/src/http/ngx_http_spdy_module.c +65 -8
- data/vendor/nginx/src/http/ngx_http_spdy_module.h +5 -0
- data/vendor/nginx/src/http/ngx_http_special_response.c +1 -1
- data/vendor/nginx/src/http/ngx_http_upstream.c +290 -114
- data/vendor/nginx/src/http/ngx_http_upstream.h +9 -5
- data/vendor/nginx/src/http/ngx_http_upstream_round_robin.c +32 -24
- data/vendor/nginx/src/http/ngx_http_variables.c +40 -6
- data/vendor/nginx/src/http/ngx_http_write_filter_module.c +12 -5
- data/vendor/nginx/src/mail/ngx_mail.c +4 -2
- data/vendor/nginx/src/mail/ngx_mail.h +2 -0
- data/vendor/nginx/src/mail/ngx_mail_auth_http_module.c +0 -1
- data/vendor/nginx/src/mail/ngx_mail_core_module.c +2 -1
- data/vendor/nginx/src/mail/ngx_mail_handler.c +17 -4
- data/vendor/nginx/src/mail/ngx_mail_parse.c +32 -2
- data/vendor/nginx/src/mail/ngx_mail_proxy_module.c +54 -7
- data/vendor/nginx/src/mail/ngx_mail_smtp_handler.c +50 -78
- data/vendor/nginx/src/mail/ngx_mail_ssl_module.c +48 -11
- data/vendor/nginx/src/mail/ngx_mail_ssl_module.h +3 -0
- data/vendor/nginx/src/os/unix/ngx_channel.c +3 -1
- data/vendor/nginx/src/os/unix/ngx_darwin_config.h +1 -0
- data/vendor/nginx/src/os/unix/ngx_darwin_init.c +1 -1
- data/vendor/nginx/src/os/unix/ngx_darwin_sendfile_chain.c +14 -16
- data/vendor/nginx/src/os/unix/ngx_errno.h +3 -0
- data/vendor/nginx/src/os/unix/ngx_files.h +10 -16
- data/vendor/nginx/src/os/unix/ngx_freebsd_config.h +6 -0
- data/vendor/nginx/src/os/unix/ngx_freebsd_init.c +1 -1
- data/vendor/nginx/src/os/unix/ngx_freebsd_rfork_thread.c +1 -1
- data/vendor/nginx/src/os/unix/ngx_freebsd_rfork_thread.h +2 -2
- data/vendor/nginx/src/os/unix/ngx_freebsd_sendfile_chain.c +17 -19
- data/vendor/nginx/src/os/unix/ngx_linux_config.h +8 -2
- data/vendor/nginx/src/os/unix/ngx_linux_sendfile_chain.c +20 -22
- data/vendor/nginx/src/os/unix/ngx_posix_config.h +1 -0
- data/vendor/nginx/src/os/unix/ngx_process.c +5 -0
- data/vendor/nginx/src/os/unix/ngx_process_cycle.c +15 -3
- data/vendor/nginx/src/os/unix/ngx_readv_chain.c +2 -1
- data/vendor/nginx/src/os/unix/ngx_recv.c +4 -1
- data/vendor/nginx/src/os/unix/ngx_solaris_config.h +1 -0
- data/vendor/nginx/src/os/unix/ngx_solaris_sendfilev_chain.c +14 -16
- metadata +8 -2
@@ -29,6 +29,7 @@
|
|
29
29
|
typedef struct {
|
30
30
|
SSL_CTX *ctx;
|
31
31
|
ngx_log_t *log;
|
32
|
+
size_t buffer_size;
|
32
33
|
} ngx_ssl_t;
|
33
34
|
|
34
35
|
|
@@ -37,6 +38,7 @@ typedef struct {
|
|
37
38
|
|
38
39
|
ngx_int_t last;
|
39
40
|
ngx_buf_t *buf;
|
41
|
+
size_t buffer_size;
|
40
42
|
|
41
43
|
ngx_connection_handler_pt handler;
|
42
44
|
|
@@ -48,6 +50,7 @@ typedef struct {
|
|
48
50
|
unsigned buffer:1;
|
49
51
|
unsigned no_wait_shutdown:1;
|
50
52
|
unsigned no_send_shutdown:1;
|
53
|
+
unsigned handshake_buffer_set:1;
|
51
54
|
} ngx_ssl_connection_t;
|
52
55
|
|
53
56
|
|
@@ -82,6 +85,16 @@ typedef struct {
|
|
82
85
|
} ngx_ssl_session_cache_t;
|
83
86
|
|
84
87
|
|
88
|
+
#ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
|
89
|
+
|
90
|
+
typedef struct {
|
91
|
+
u_char name[16];
|
92
|
+
u_char aes_key[16];
|
93
|
+
u_char hmac_key[16];
|
94
|
+
} ngx_ssl_session_ticket_key_t;
|
95
|
+
|
96
|
+
#endif
|
97
|
+
|
85
98
|
|
86
99
|
#define NGX_SSL_SSLv2 0x0002
|
87
100
|
#define NGX_SSL_SSLv3 0x0004
|
@@ -109,11 +122,14 @@ ngx_int_t ngx_ssl_stapling(ngx_conf_t *cf, ngx_ssl_t *ssl,
|
|
109
122
|
ngx_str_t *file, ngx_str_t *responder, ngx_uint_t verify);
|
110
123
|
ngx_int_t ngx_ssl_stapling_resolver(ngx_conf_t *cf, ngx_ssl_t *ssl,
|
111
124
|
ngx_resolver_t *resolver, ngx_msec_t resolver_timeout);
|
112
|
-
RSA *ngx_ssl_rsa512_key_callback(
|
125
|
+
RSA *ngx_ssl_rsa512_key_callback(ngx_ssl_conn_t *ssl_conn, int is_export,
|
126
|
+
int key_length);
|
113
127
|
ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file);
|
114
128
|
ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name);
|
115
129
|
ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
|
116
130
|
ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout);
|
131
|
+
ngx_int_t ngx_ssl_session_ticket_keys(ngx_conf_t *cf, ngx_ssl_t *ssl,
|
132
|
+
ngx_array_t *paths);
|
117
133
|
ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, void *data);
|
118
134
|
ngx_int_t ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c,
|
119
135
|
ngx_uint_t flags);
|
@@ -141,6 +157,8 @@ ngx_int_t ngx_ssl_get_cipher_name(ngx_connection_t *c, ngx_pool_t *pool,
|
|
141
157
|
ngx_str_t *s);
|
142
158
|
ngx_int_t ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool,
|
143
159
|
ngx_str_t *s);
|
160
|
+
ngx_int_t ngx_ssl_get_session_reused(ngx_connection_t *c, ngx_pool_t *pool,
|
161
|
+
ngx_str_t *s);
|
144
162
|
ngx_int_t ngx_ssl_get_raw_certificate(ngx_connection_t *c, ngx_pool_t *pool,
|
145
163
|
ngx_str_t *s);
|
146
164
|
ngx_int_t ngx_ssl_get_certificate(ngx_connection_t *c, ngx_pool_t *pool,
|
@@ -171,6 +189,7 @@ void ngx_ssl_cleanup_ctx(void *data);
|
|
171
189
|
extern int ngx_ssl_connection_index;
|
172
190
|
extern int ngx_ssl_server_conf_index;
|
173
191
|
extern int ngx_ssl_session_cache_index;
|
192
|
+
extern int ngx_ssl_session_ticket_keys_index;
|
174
193
|
extern int ngx_ssl_certificate_index;
|
175
194
|
extern int ngx_ssl_stapling_index;
|
176
195
|
|
@@ -792,7 +792,6 @@ ngx_ssl_ocsp_request(ngx_ssl_ocsp_ctx_t *ctx)
|
|
792
792
|
}
|
793
793
|
|
794
794
|
resolve->name = ctx->host;
|
795
|
-
resolve->type = NGX_RESOLVE_A;
|
796
795
|
resolve->handler = ngx_ssl_ocsp_resolve_handler;
|
797
796
|
resolve->data = ctx;
|
798
797
|
resolve->timeout = ctx->resolver_timeout;
|
@@ -816,13 +815,14 @@ ngx_ssl_ocsp_resolve_handler(ngx_resolver_ctx_t *resolve)
|
|
816
815
|
{
|
817
816
|
ngx_ssl_ocsp_ctx_t *ctx = resolve->data;
|
818
817
|
|
819
|
-
u_char
|
820
|
-
size_t
|
821
|
-
in_port_t
|
822
|
-
|
823
|
-
|
818
|
+
u_char *p;
|
819
|
+
size_t len;
|
820
|
+
in_port_t port;
|
821
|
+
socklen_t socklen;
|
822
|
+
ngx_uint_t i;
|
823
|
+
struct sockaddr *sockaddr;
|
824
824
|
|
825
|
-
ngx_log_debug0(
|
825
|
+
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
|
826
826
|
"ssl ocsp resolve handler");
|
827
827
|
|
828
828
|
if (resolve->state) {
|
@@ -835,15 +835,19 @@ ngx_ssl_ocsp_resolve_handler(ngx_resolver_ctx_t *resolve)
|
|
835
835
|
|
836
836
|
#if (NGX_DEBUG)
|
837
837
|
{
|
838
|
-
|
838
|
+
u_char text[NGX_SOCKADDR_STRLEN];
|
839
|
+
ngx_str_t addr;
|
840
|
+
|
841
|
+
addr.data = text;
|
839
842
|
|
840
843
|
for (i = 0; i < resolve->naddrs; i++) {
|
841
|
-
addr =
|
844
|
+
addr.len = ngx_sock_ntop(resolve->addrs[i].sockaddr,
|
845
|
+
resolve->addrs[i].socklen,
|
846
|
+
text, NGX_SOCKADDR_STRLEN, 0);
|
847
|
+
|
848
|
+
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
|
849
|
+
"name was resolved to %V", &addr);
|
842
850
|
|
843
|
-
ngx_log_debug4(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
|
844
|
-
"name was resolved to %ud.%ud.%ud.%ud",
|
845
|
-
(addr >> 24) & 0xff, (addr >> 16) & 0xff,
|
846
|
-
(addr >> 8) & 0xff, addr & 0xff);
|
847
851
|
}
|
848
852
|
}
|
849
853
|
#endif
|
@@ -859,26 +863,34 @@ ngx_ssl_ocsp_resolve_handler(ngx_resolver_ctx_t *resolve)
|
|
859
863
|
|
860
864
|
for (i = 0; i < resolve->naddrs; i++) {
|
861
865
|
|
862
|
-
|
863
|
-
|
866
|
+
socklen = resolve->addrs[i].socklen;
|
867
|
+
|
868
|
+
sockaddr = ngx_palloc(ctx->pool, socklen);
|
869
|
+
if (sockaddr == NULL) {
|
864
870
|
goto failed;
|
865
871
|
}
|
866
872
|
|
867
|
-
|
868
|
-
sin->sin_port = port;
|
869
|
-
sin->sin_addr.s_addr = resolve->addrs[i];
|
873
|
+
ngx_memcpy(sockaddr, resolve->addrs[i].sockaddr, socklen);
|
870
874
|
|
871
|
-
|
872
|
-
|
875
|
+
switch (sockaddr->sa_family) {
|
876
|
+
#if (NGX_HAVE_INET6)
|
877
|
+
case AF_INET6:
|
878
|
+
((struct sockaddr_in6 *) sockaddr)->sin6_port = port;
|
879
|
+
break;
|
880
|
+
#endif
|
881
|
+
default: /* AF_INET */
|
882
|
+
((struct sockaddr_in *) sockaddr)->sin_port = port;
|
883
|
+
}
|
873
884
|
|
874
|
-
|
885
|
+
ctx->addrs[i].sockaddr = sockaddr;
|
886
|
+
ctx->addrs[i].socklen = socklen;
|
875
887
|
|
876
|
-
p = ngx_pnalloc(ctx->pool,
|
888
|
+
p = ngx_pnalloc(ctx->pool, NGX_SOCKADDR_STRLEN);
|
877
889
|
if (p == NULL) {
|
878
890
|
goto failed;
|
879
891
|
}
|
880
892
|
|
881
|
-
len = ngx_sock_ntop(
|
893
|
+
len = ngx_sock_ntop(sockaddr, socklen, p, NGX_SOCKADDR_STRLEN, 1);
|
882
894
|
|
883
895
|
ctx->addrs[i].name.len = len;
|
884
896
|
ctx->addrs[i].name.data = p;
|
@@ -57,7 +57,7 @@ ngx_event_pipe(ngx_event_pipe_t *p, ngx_int_t do_write)
|
|
57
57
|
do_write = 1;
|
58
58
|
}
|
59
59
|
|
60
|
-
if (p->upstream->fd != -1) {
|
60
|
+
if (p->upstream->fd != (ngx_socket_t) -1) {
|
61
61
|
rev = p->upstream->read;
|
62
62
|
|
63
63
|
flags = (rev->eof || rev->error) ? NGX_CLOSE_EVENT : 0;
|
@@ -74,7 +74,9 @@ ngx_event_pipe(ngx_event_pipe_t *p, ngx_int_t do_write)
|
|
74
74
|
}
|
75
75
|
}
|
76
76
|
|
77
|
-
if (p->downstream->fd != -1
|
77
|
+
if (p->downstream->fd != (ngx_socket_t) -1
|
78
|
+
&& p->downstream->data == p->output_ctx)
|
79
|
+
{
|
78
80
|
wev = p->downstream->write;
|
79
81
|
if (ngx_handle_write_event(wev, p->send_lowat) != NGX_OK) {
|
80
82
|
return NGX_ABORT;
|
@@ -220,8 +222,8 @@ ngx_event_pipe_read_upstream(ngx_event_pipe_t *p)
|
|
220
222
|
{
|
221
223
|
|
222
224
|
/*
|
223
|
-
* if it is allowed, then save some bufs from
|
224
|
-
* to a temporary file, and add them to a
|
225
|
+
* if it is allowed, then save some bufs from p->in
|
226
|
+
* to a temporary file, and add them to a p->out chain
|
225
227
|
*/
|
226
228
|
|
227
229
|
rc = ngx_event_pipe_write_chain_to_temp_file(p);
|
@@ -454,7 +456,7 @@ ngx_event_pipe_write_to_downstream(ngx_event_pipe_t *p)
|
|
454
456
|
size_t bsize;
|
455
457
|
ngx_int_t rc;
|
456
458
|
ngx_uint_t flush, flushed, prev_last_shadow;
|
457
|
-
ngx_chain_t *out, **ll, *cl
|
459
|
+
ngx_chain_t *out, **ll, *cl;
|
458
460
|
ngx_connection_t *downstream;
|
459
461
|
|
460
462
|
downstream = p->downstream;
|
@@ -514,13 +516,10 @@ ngx_event_pipe_write_to_downstream(ngx_event_pipe_t *p)
|
|
514
516
|
}
|
515
517
|
|
516
518
|
if (p->cacheable && p->buf_to_file) {
|
519
|
+
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, p->log, 0,
|
520
|
+
"pipe write chain");
|
517
521
|
|
518
|
-
|
519
|
-
file.next = NULL;
|
520
|
-
|
521
|
-
if (ngx_write_chain_to_temp_file(p->temp_file, &file)
|
522
|
-
== NGX_ERROR)
|
523
|
-
{
|
522
|
+
if (ngx_event_pipe_write_chain_to_temp_file(p) == NGX_ABORT) {
|
524
523
|
return NGX_ABORT;
|
525
524
|
}
|
526
525
|
}
|
@@ -858,19 +857,13 @@ ngx_event_pipe_copy_input_filter(ngx_event_pipe_t *p, ngx_buf_t *buf)
|
|
858
857
|
return NGX_OK;
|
859
858
|
}
|
860
859
|
|
861
|
-
|
862
|
-
|
863
|
-
|
864
|
-
p->free = cl->next;
|
865
|
-
ngx_free_chain(p->pool, cl);
|
866
|
-
|
867
|
-
} else {
|
868
|
-
b = ngx_alloc_buf(p->pool);
|
869
|
-
if (b == NULL) {
|
870
|
-
return NGX_ERROR;
|
871
|
-
}
|
860
|
+
cl = ngx_chain_get_free_buf(p->pool, &p->free);
|
861
|
+
if (cl == NULL) {
|
862
|
+
return NGX_ERROR;
|
872
863
|
}
|
873
864
|
|
865
|
+
b = cl->buf;
|
866
|
+
|
874
867
|
ngx_memcpy(b, buf, sizeof(ngx_buf_t));
|
875
868
|
b->shadow = buf;
|
876
869
|
b->tag = p->tag;
|
@@ -878,14 +871,6 @@ ngx_event_pipe_copy_input_filter(ngx_event_pipe_t *p, ngx_buf_t *buf)
|
|
878
871
|
b->recycled = 1;
|
879
872
|
buf->shadow = b;
|
880
873
|
|
881
|
-
cl = ngx_alloc_chain_link(p->pool);
|
882
|
-
if (cl == NULL) {
|
883
|
-
return NGX_ERROR;
|
884
|
-
}
|
885
|
-
|
886
|
-
cl->buf = b;
|
887
|
-
cl->next = NULL;
|
888
|
-
|
889
874
|
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, p->log, 0, "input buf #%d", b->num);
|
890
875
|
|
891
876
|
if (p->in) {
|
@@ -26,11 +26,22 @@ typedef struct {
|
|
26
26
|
|
27
27
|
#endif
|
28
28
|
|
29
|
+
#if (NGX_HAVE_UNIX_DOMAIN)
|
30
|
+
|
31
|
+
typedef struct {
|
32
|
+
ngx_uint_t deny; /* unsigned deny:1; */
|
33
|
+
} ngx_http_access_rule_un_t;
|
34
|
+
|
35
|
+
#endif
|
36
|
+
|
29
37
|
typedef struct {
|
30
38
|
ngx_array_t *rules; /* array of ngx_http_access_rule_t */
|
31
39
|
#if (NGX_HAVE_INET6)
|
32
40
|
ngx_array_t *rules6; /* array of ngx_http_access_rule6_t */
|
33
41
|
#endif
|
42
|
+
#if (NGX_HAVE_UNIX_DOMAIN)
|
43
|
+
ngx_array_t *rules_un; /* array of ngx_http_access_rule_un_t */
|
44
|
+
#endif
|
34
45
|
} ngx_http_access_loc_conf_t;
|
35
46
|
|
36
47
|
|
@@ -41,6 +52,10 @@ static ngx_int_t ngx_http_access_inet(ngx_http_request_t *r,
|
|
41
52
|
static ngx_int_t ngx_http_access_inet6(ngx_http_request_t *r,
|
42
53
|
ngx_http_access_loc_conf_t *alcf, u_char *p);
|
43
54
|
#endif
|
55
|
+
#if (NGX_HAVE_UNIX_DOMAIN)
|
56
|
+
static ngx_int_t ngx_http_access_unix(ngx_http_request_t *r,
|
57
|
+
ngx_http_access_loc_conf_t *alcf);
|
58
|
+
#endif
|
44
59
|
static ngx_int_t ngx_http_access_found(ngx_http_request_t *r, ngx_uint_t deny);
|
45
60
|
static char *ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd,
|
46
61
|
void *conf);
|
@@ -144,6 +159,19 @@ ngx_http_access_handler(ngx_http_request_t *r)
|
|
144
159
|
return ngx_http_access_inet6(r, alcf, p);
|
145
160
|
}
|
146
161
|
|
162
|
+
break;
|
163
|
+
|
164
|
+
#endif
|
165
|
+
|
166
|
+
#if (NGX_HAVE_UNIX_DOMAIN)
|
167
|
+
|
168
|
+
case AF_UNIX:
|
169
|
+
if (alcf->rules_un) {
|
170
|
+
return ngx_http_access_unix(r, alcf);
|
171
|
+
}
|
172
|
+
|
173
|
+
break;
|
174
|
+
|
147
175
|
#endif
|
148
176
|
}
|
149
177
|
|
@@ -221,6 +249,29 @@ ngx_http_access_inet6(ngx_http_request_t *r, ngx_http_access_loc_conf_t *alcf,
|
|
221
249
|
#endif
|
222
250
|
|
223
251
|
|
252
|
+
#if (NGX_HAVE_UNIX_DOMAIN)
|
253
|
+
|
254
|
+
static ngx_int_t
|
255
|
+
ngx_http_access_unix(ngx_http_request_t *r, ngx_http_access_loc_conf_t *alcf)
|
256
|
+
{
|
257
|
+
ngx_uint_t i;
|
258
|
+
ngx_http_access_rule_un_t *rule_un;
|
259
|
+
|
260
|
+
rule_un = alcf->rules_un->elts;
|
261
|
+
for (i = 0; i < alcf->rules_un->nelts; i++) {
|
262
|
+
|
263
|
+
/* TODO: check path */
|
264
|
+
if (1) {
|
265
|
+
return ngx_http_access_found(r, rule_un[i].deny);
|
266
|
+
}
|
267
|
+
}
|
268
|
+
|
269
|
+
return NGX_DECLINED;
|
270
|
+
}
|
271
|
+
|
272
|
+
#endif
|
273
|
+
|
274
|
+
|
224
275
|
static ngx_int_t
|
225
276
|
ngx_http_access_found(ngx_http_request_t *r, ngx_uint_t deny)
|
226
277
|
{
|
@@ -246,13 +297,16 @@ ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|
246
297
|
{
|
247
298
|
ngx_http_access_loc_conf_t *alcf = conf;
|
248
299
|
|
249
|
-
ngx_int_t
|
250
|
-
ngx_uint_t
|
251
|
-
ngx_str_t
|
252
|
-
ngx_cidr_t
|
253
|
-
ngx_http_access_rule_t
|
300
|
+
ngx_int_t rc;
|
301
|
+
ngx_uint_t all;
|
302
|
+
ngx_str_t *value;
|
303
|
+
ngx_cidr_t cidr;
|
304
|
+
ngx_http_access_rule_t *rule;
|
254
305
|
#if (NGX_HAVE_INET6)
|
255
|
-
ngx_http_access_rule6_t
|
306
|
+
ngx_http_access_rule6_t *rule6;
|
307
|
+
#endif
|
308
|
+
#if (NGX_HAVE_UNIX_DOMAIN)
|
309
|
+
ngx_http_access_rule_un_t *rule_un;
|
256
310
|
#endif
|
257
311
|
|
258
312
|
ngx_memzero(&cidr, sizeof(ngx_cidr_t));
|
@@ -263,7 +317,19 @@ ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|
263
317
|
|
264
318
|
if (!all) {
|
265
319
|
|
320
|
+
#if (NGX_HAVE_UNIX_DOMAIN)
|
321
|
+
|
322
|
+
if (value[1].len == 5 && ngx_strcmp(value[1].data, "unix:") == 0) {
|
323
|
+
cidr.family = AF_UNIX;
|
324
|
+
rc = NGX_OK;
|
325
|
+
|
326
|
+
} else {
|
327
|
+
rc = ngx_ptocidr(&value[1], &cidr);
|
328
|
+
}
|
329
|
+
|
330
|
+
#else
|
266
331
|
rc = ngx_ptocidr(&value[1], &cidr);
|
332
|
+
#endif
|
267
333
|
|
268
334
|
if (rc == NGX_ERROR) {
|
269
335
|
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
@@ -277,11 +343,28 @@ ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|
277
343
|
}
|
278
344
|
}
|
279
345
|
|
280
|
-
|
346
|
+
if (cidr.family == AF_INET || all) {
|
347
|
+
|
348
|
+
if (alcf->rules == NULL) {
|
349
|
+
alcf->rules = ngx_array_create(cf->pool, 4,
|
350
|
+
sizeof(ngx_http_access_rule_t));
|
351
|
+
if (alcf->rules == NULL) {
|
352
|
+
return NGX_CONF_ERROR;
|
353
|
+
}
|
354
|
+
}
|
355
|
+
|
356
|
+
rule = ngx_array_push(alcf->rules);
|
357
|
+
if (rule == NULL) {
|
358
|
+
return NGX_CONF_ERROR;
|
359
|
+
}
|
360
|
+
|
361
|
+
rule->mask = cidr.u.in.mask;
|
362
|
+
rule->addr = cidr.u.in.addr;
|
363
|
+
rule->deny = (value[0].data[0] == 'd') ? 1 : 0;
|
364
|
+
}
|
281
365
|
|
282
366
|
#if (NGX_HAVE_INET6)
|
283
|
-
|
284
|
-
case 0: /* all */
|
367
|
+
if (cidr.family == AF_INET6 || all) {
|
285
368
|
|
286
369
|
if (alcf->rules6 == NULL) {
|
287
370
|
alcf->rules6 = ngx_array_create(cf->pool, 4,
|
@@ -299,33 +382,28 @@ ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|
299
382
|
rule6->mask = cidr.u.in6.mask;
|
300
383
|
rule6->addr = cidr.u.in6.addr;
|
301
384
|
rule6->deny = (value[0].data[0] == 'd') ? 1 : 0;
|
302
|
-
|
303
|
-
if (!all) {
|
304
|
-
break;
|
305
|
-
}
|
306
|
-
|
307
|
-
/* "all" passes through */
|
385
|
+
}
|
308
386
|
#endif
|
309
387
|
|
310
|
-
|
388
|
+
#if (NGX_HAVE_UNIX_DOMAIN)
|
389
|
+
if (cidr.family == AF_UNIX || all) {
|
311
390
|
|
312
|
-
if (alcf->
|
313
|
-
alcf->
|
314
|
-
|
315
|
-
if (alcf->
|
391
|
+
if (alcf->rules_un == NULL) {
|
392
|
+
alcf->rules_un = ngx_array_create(cf->pool, 1,
|
393
|
+
sizeof(ngx_http_access_rule_un_t));
|
394
|
+
if (alcf->rules_un == NULL) {
|
316
395
|
return NGX_CONF_ERROR;
|
317
396
|
}
|
318
397
|
}
|
319
398
|
|
320
|
-
|
321
|
-
if (
|
399
|
+
rule_un = ngx_array_push(alcf->rules_un);
|
400
|
+
if (rule_un == NULL) {
|
322
401
|
return NGX_CONF_ERROR;
|
323
402
|
}
|
324
403
|
|
325
|
-
|
326
|
-
rule->addr = cidr.u.in.addr;
|
327
|
-
rule->deny = (value[0].data[0] == 'd') ? 1 : 0;
|
404
|
+
rule_un->deny = (value[0].data[0] == 'd') ? 1 : 0;
|
328
405
|
}
|
406
|
+
#endif
|
329
407
|
|
330
408
|
return NGX_CONF_OK;
|
331
409
|
}
|
@@ -351,20 +429,22 @@ ngx_http_access_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
|
|
351
429
|
ngx_http_access_loc_conf_t *prev = parent;
|
352
430
|
ngx_http_access_loc_conf_t *conf = child;
|
353
431
|
|
432
|
+
if (conf->rules == NULL
|
354
433
|
#if (NGX_HAVE_INET6)
|
355
|
-
|
356
|
-
|
434
|
+
&& conf->rules6 == NULL
|
435
|
+
#endif
|
436
|
+
#if (NGX_HAVE_UNIX_DOMAIN)
|
437
|
+
&& conf->rules_un == NULL
|
438
|
+
#endif
|
439
|
+
) {
|
357
440
|
conf->rules = prev->rules;
|
441
|
+
#if (NGX_HAVE_INET6)
|
358
442
|
conf->rules6 = prev->rules6;
|
359
|
-
}
|
360
|
-
|
361
|
-
#else
|
362
|
-
|
363
|
-
if (conf->rules == NULL) {
|
364
|
-
conf->rules = prev->rules;
|
365
|
-
}
|
366
|
-
|
367
443
|
#endif
|
444
|
+
#if (NGX_HAVE_UNIX_DOMAIN)
|
445
|
+
conf->rules_un = prev->rules_un;
|
446
|
+
#endif
|
447
|
+
}
|
368
448
|
|
369
449
|
return NGX_CONF_OK;
|
370
450
|
}
|