Re: httpd: add include_dir keyword
> I do not understand why it is believed that people will generate > better configurations if they split the parts out into different > files. I can not speak for "better" configurations as a result of dividing up the main configuration file. Although I believe it lowers the risk of mistakenly mangling parts of the configuration while otherwise working within a single file. The risk increases when changes are commonplace. I frequently add and remove server definitions as resouces I am hosting change. I already use the existing include directive for this very reason. > Adding that kind of trick to an already established grammer rarely works > well. It only works in narrowly constrained uses of the old grammer, > because now one must consider what is in the included files. At that > point, why the extra files? It does not require less brainpower, it > potentially requires more, when the included files start interfering > with the core. > > This feels ripe for abuse, and of not much use. Adding support for including globbed paths may be somewhat offensive to the existing include grammer, and as you mentioned users may overlook something wrong or even malicious in their include path. Luckily users can still include specific files or they can completely forgo use of the include directive. Users would effectivly opt-in by providing a globbed path to include. This is admittedly a minor convenience feature which may not be useful enough to overcome the security risks. In my workflow, I currently add/remove (uncomment/comment) include lines in my main configuration. Where as with globbed includes I would `import "/etc/httpd.d/*.conf"` enabling me to switch between .conf and .disabled and restart the daemon to switch virtual servers on or off. In any case, I was not ready to share my changes for the reasons discussed above and because my code is neither complete nor correct. I decided to share since I was working in the same vein. Thank you for your consideration. -Matt
Re: httpd: add include_dir keyword
Coincidentally I have been working on adding globbing support to
include in the httpd config parser. I have only done light testing,
nothing in production yet but the patch provided below has not given
me any trouble in my test environment yet. Any feedback is welcome!
-Matt
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/httpd/parse.y,v
retrieving revision 1.128
diff -u -p -u -p -r1.128 parse.y
--- parse.y 27 Feb 2022 20:30:30 - 1.128
+++ parse.y 2 Jun 2022 20:29:46 -
@@ -52,6 +52,7 @@
#include
#include
#include
+#include
#include "httpd.h"
#include "http.h"
@@ -165,16 +166,21 @@ grammar : /* empty */
include: INCLUDE STRING{
struct file *nfile;
+ glob_t g;
- if ((nfile = pushfile($2, 0)) == NULL) {
- yyerror("failed to include file %s", $2);
- free($2);
- YYERROR;
+ memset(, 0, sizeof(g));
+ glob($2, GLOB_NOCHECK, NULL, );
+ for(int i = 0; i < g.gl_pathc; ++i) {
+ if ((nfile = pushfile(g.gl_pathv[i], 0)) ==
NULL) {
+ yyerror("failed to include file %s",
g.gl_pathv[i]);
+ free(g.gl_pathv[i]);
+ YYERROR;
+ }
+ file = nfile;
+ lungetc('\n');
}
+ globfree();
free($2);
-
- file = nfile;
- lungetc('\n');
}
;
