subject:"httpd\(8\)\: add location access tests"

Re: httpd(8): add location access tests

2020-10-27 Thread Denis Fondras

On Tue, Oct 27, 2020 at 12:02:18PM +0100, Matthias Pressfreund wrote:
> True. Updated patch below.
> 

Thanks, I have been using the diff (from your GH account) since a few weeks.

OK denis@

I will commit tonight if nobody stands against.


> 
> 
> Index: usr.sbin/httpd/httpd.conf.5
> ===
> RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
> retrieving revision 1.113
> diff -u -p -u -p -r1.113 httpd.conf.5
> --- usr.sbin/httpd/httpd.conf.5   5 Sep 2020 11:49:38 -   1.113
> +++ usr.sbin/httpd/httpd.conf.5   27 Oct 2020 10:59:35 -
> @@ -1,5 +1,6 @@
>  .\"  $OpenBSD: httpd.conf.5,v 1.113 2020/09/05 11:49:38 tb Exp $
>  .\"
> +.\" Copyright (c) 2020 Matthias Pressfreund 
>  .\" Copyright (c) 2014, 2015 Reyk Floeter 
>  .\"
>  .\" Permission to use, copy, modify, and distribute this software for any
> @@ -14,7 +15,7 @@
>  .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
>  .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
>  .\"
> -.Dd $Mdocdate: September 5 2020 $
> +.Dd $Mdocdate: October 27 2020 $
>  .Dt HTTPD.CONF 5
>  .Os
>  .Sh NAME
> @@ -399,11 +400,16 @@ of the host's domain should be considere
>  .It Ic listen on Ar address Oo Ic tls Oc Ic port Ar number
>  Set the listen address and port.
>  This statement can be specified multiple times.
> -.It Ic location Ar path Brq ...
> +.It Ic location Oo Oo Ic not Oc Ic found Oc Ar path Brq ...
>  Specify server configuration rules for a specific location.
>  The
>  .Ar path
>  argument will be matched against the request path with shell globbing rules.
> +Optionally, it is also possible to match for
> +.Ic found
> +(i.e. accessible) or
> +.Ic not found
> +request paths only.
>  In case of multiple location statements in the same context, the
>  first matching location statement will be put into effect, while all
>  later ones will be ignored.
> @@ -419,7 +425,7 @@ except
>  .Ic tcp
>  and
>  .Ic tls .
> -.It Ic location match Ar path Brq ...
> +.It Ic location Oo Oo Ic not Oc Ic found Oc Ic match Ar path Brq ...
>  Like the
>  .Ic location
>  option,
> Index: usr.sbin/httpd/httpd.h
> ===
> RCS file: /cvs/src/usr.sbin/httpd/httpd.h,v
> retrieving revision 1.152
> diff -u -p -u -p -r1.152 httpd.h
> --- usr.sbin/httpd/httpd.h29 Aug 2020 07:53:48 -  1.152
> +++ usr.sbin/httpd/httpd.h27 Oct 2020 05:59:05 -
> @@ -1,6 +1,7 @@
>  /*   $OpenBSD: httpd.h,v 1.152 2020/08/29 07:53:48 florian Exp $ */
>  
>  /*
> + * Copyright (c) 2020 Matthias Pressfreund 
>   * Copyright (c) 2006 - 2015 Reyk Floeter 
>   * Copyright (c) 2006, 2007 Pierre-Yves Ritschard 
>   * Copyright (c) 2003, 2004 Henning Brauer 
> @@ -391,13 +392,16 @@ SPLAY_HEAD(client_tree, client);
>  #define SRVFLAG_DEFAULT_TYPE 0x0080
>  #define SRVFLAG_PATH_REWRITE 0x0100
>  #define SRVFLAG_NO_PATH_REWRITE  0x0200
> +#define SRVFLAG_LOCATION_FOUND   0x4000
> +#define SRVFLAG_LOCATION_NOT_FOUND 0x8000
>  
>  #define SRVFLAG_BITS \
>   "\10\01INDEX\02NO_INDEX\03AUTO_INDEX\04NO_AUTO_INDEX"   \
>   "\05ROOT\06LOCATION\07FCGI\10NO_FCGI\11LOG\12NO_LOG"\
>   "\14SYSLOG\15NO_SYSLOG\16TLS\17ACCESS_LOG\20ERROR_LOG"  \
>   "\21AUTH\22NO_AUTH\23BLOCK\24NO_BLOCK\25LOCATION_MATCH" \
> - "\26SERVER_MATCH\27SERVER_HSTS\30DEFAULT_TYPE\31PATH\32NO_PATH"
> + "\26SERVER_MATCH\27SERVER_HSTS\30DEFAULT_TYPE\31PATH\32NO_PATH" \
> + "\37LOCATION_FOUND\40LOCATION_NOT_FOUND"
>  
>  #define TCPFLAG_NODELAY  0x01
>  #define TCPFLAG_NNODELAY 0x02
> @@ -690,6 +694,7 @@ const char *
>server_root_strip(const char *, int);
>  struct server_config *
>server_getlocation(struct client *, const char *);
> +int   server_locationaccesstest(struct server_config *, const char *);
>  const char *
>server_http_host(struct sockaddr_storage *, char *, size_t);
>  char *server_http_parsehost(char *, char *, size_t, int *);
> Index: usr.sbin/httpd/parse.y
> ===
> RCS file: /cvs/src/usr.sbin/httpd/parse.y,v
> retrieving revision 1.119
> diff -u -p -u -p -r1.119 parse.y
> --- usr.sbin/httpd/parse.y26 Oct 2020 19:31:22 -  1.119
> +++ usr.sbin/httpd/parse.y27 Oct 2020 05:59:05 -
> @@ -143,12 +143,12 @@ typedef struct {
>  %token   PROTOCOLS REQUESTS ROOT SACK SERVER SOCKET STRIP STYLE SYSLOG 
> TCP TICKET
>  %token   TIMEOUT TLS TYPE TYPES HSTS MAXAGE SUBDOMAINS DEFAULT PRELOAD 
> REQUEST
>  %token   ERROR INCLUDE AUTHENTICATE WITH BLOCK DROP RETURN PASS REWRITE
> -%token   CA CLIENT CRL OPTIONAL PARAM FORWARDED
> +%token   CA CLIENT CRL OPTIONAL PARAM FORWARDED FOUND NOT
>  %token STRING
>  %token NUMBER
>  %typeport
>  %type

Re: httpd(8): add location access tests

2020-10-27 Thread Matthias Pressfreund

True. Updated patch below.


On 2020-10-27 11:29, Denis Fondras wrote:
> Thanks Matthias,
> 
> comment below.
> 
> On Tue, Oct 27, 2020 at 08:37:39AM +0100, Matthias Pressfreund wrote:
>> Index: usr.sbin/httpd/httpd.conf.5
>> ===
>> RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
>> retrieving revision 1.113
>> diff -u -p -u -p -r1.113 httpd.conf.5
>> --- usr.sbin/httpd/httpd.conf.5  5 Sep 2020 11:49:38 -   1.113
>> +++ usr.sbin/httpd/httpd.conf.5  27 Oct 2020 05:59:05 -
>> @@ -1,5 +1,6 @@
>>  .\" $OpenBSD: httpd.conf.5,v 1.113 2020/09/05 11:49:38 tb Exp $
>>  .\"
>> +.\" Copyright (c) 2020 Matthias Pressfreund 
>>  .\" Copyright (c) 2014, 2015 Reyk Floeter 
>>  .\"
>>  .\" Permission to use, copy, modify, and distribute this software for any
>> @@ -14,7 +15,7 @@
>>  .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
>>  .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
>>  .\"
>> -.Dd $Mdocdate: September 5 2020 $
>> +.Dd $Mdocdate: October 27 2020 $
>>  .Dt HTTPD.CONF 5
>>  .Os
>>  .Sh NAME
>> @@ -399,11 +400,16 @@ of the host's domain should be considere
>>  .It Ic listen on Ar address Oo Ic tls Oc Ic port Ar number
>>  Set the listen address and port.
>>  This statement can be specified multiple times.
>> -.It Ic location Ar path Brq ...
>> +.It Ic location Oo Oo Ic not Oc Ic found Oc Ar path Brq ...
>>  Specify server configuration rules for a specific location.
>>  The
>>  .Ar path
>>  argument will be matched against the request path with shell globbing rules.
>> +Optionally, it is also possible to match for
>> +.Ar found
>> +(i.e. accessible) or
>> +.Ar not found
> 
> .Ic seems best suited here.
> 


Index: usr.sbin/httpd/httpd.conf.5
===
RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
retrieving revision 1.113
diff -u -p -u -p -r1.113 httpd.conf.5
--- usr.sbin/httpd/httpd.conf.5 5 Sep 2020 11:49:38 -   1.113
+++ usr.sbin/httpd/httpd.conf.5 27 Oct 2020 10:59:35 -
@@ -1,5 +1,6 @@
 .\"$OpenBSD: httpd.conf.5,v 1.113 2020/09/05 11:49:38 tb Exp $
 .\"
+.\" Copyright (c) 2020 Matthias Pressfreund 
 .\" Copyright (c) 2014, 2015 Reyk Floeter 
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -14,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 5 2020 $
+.Dd $Mdocdate: October 27 2020 $
 .Dt HTTPD.CONF 5
 .Os
 .Sh NAME
@@ -399,11 +400,16 @@ of the host's domain should be considere
 .It Ic listen on Ar address Oo Ic tls Oc Ic port Ar number
 Set the listen address and port.
 This statement can be specified multiple times.
-.It Ic location Ar path Brq ...
+.It Ic location Oo Oo Ic not Oc Ic found Oc Ar path Brq ...
 Specify server configuration rules for a specific location.
 The
 .Ar path
 argument will be matched against the request path with shell globbing rules.
+Optionally, it is also possible to match for
+.Ic found
+(i.e. accessible) or
+.Ic not found
+request paths only.
 In case of multiple location statements in the same context, the
 first matching location statement will be put into effect, while all
 later ones will be ignored.
@@ -419,7 +425,7 @@ except
 .Ic tcp
 and
 .Ic tls .
-.It Ic location match Ar path Brq ...
+.It Ic location Oo Oo Ic not Oc Ic found Oc Ic match Ar path Brq ...
 Like the
 .Ic location
 option,
Index: usr.sbin/httpd/httpd.h
===
RCS file: /cvs/src/usr.sbin/httpd/httpd.h,v
retrieving revision 1.152
diff -u -p -u -p -r1.152 httpd.h
--- usr.sbin/httpd/httpd.h  29 Aug 2020 07:53:48 -  1.152
+++ usr.sbin/httpd/httpd.h  27 Oct 2020 05:59:05 -
@@ -1,6 +1,7 @@
 /* $OpenBSD: httpd.h,v 1.152 2020/08/29 07:53:48 florian Exp $ */
 
 /*
+ * Copyright (c) 2020 Matthias Pressfreund 
  * Copyright (c) 2006 - 2015 Reyk Floeter 
  * Copyright (c) 2006, 2007 Pierre-Yves Ritschard 
  * Copyright (c) 2003, 2004 Henning Brauer 
@@ -391,13 +392,16 @@ SPLAY_HEAD(client_tree, client);
 #define SRVFLAG_DEFAULT_TYPE   0x0080
 #define SRVFLAG_PATH_REWRITE   0x0100
 #define SRVFLAG_NO_PATH_REWRITE0x0200
+#define SRVFLAG_LOCATION_FOUND 0x4000
+#define SRVFLAG_LOCATION_NOT_FOUND 0x8000
 
 #define SRVFLAG_BITS   \
"\10\01INDEX\02NO_INDEX\03AUTO_INDEX\04NO_AUTO_INDEX"   \
"\05ROOT\06LOCATION\07FCGI\10NO_FCGI\11LOG\12NO_LOG"\
"\14SYSLOG\15NO_SYSLOG\16TLS\17ACCESS_LOG\20ERROR_LOG"  \
"\21AUTH\22NO_AUTH\23BLOCK\24NO_BLOCK\25LOCATION_MATCH" \
-   "\26SERVER_MATCH\27SERVER_HSTS\30DEFAULT_TYPE\31PATH\32NO_PATH"
+   "\26SERVER_MATCH\27SERVER_HSTS\30DEFAULT_TYPE\31PATH\32NO_PATH" \
+   "\37LOCATION_

Re: httpd(8): add location access tests

2020-10-27 Thread Denis Fondras

Thanks Matthias,

comment below.

On Tue, Oct 27, 2020 at 08:37:39AM +0100, Matthias Pressfreund wrote:
> Index: usr.sbin/httpd/httpd.conf.5
> ===
> RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
> retrieving revision 1.113
> diff -u -p -u -p -r1.113 httpd.conf.5
> --- usr.sbin/httpd/httpd.conf.5   5 Sep 2020 11:49:38 -   1.113
> +++ usr.sbin/httpd/httpd.conf.5   27 Oct 2020 05:59:05 -
> @@ -1,5 +1,6 @@
>  .\"  $OpenBSD: httpd.conf.5,v 1.113 2020/09/05 11:49:38 tb Exp $
>  .\"
> +.\" Copyright (c) 2020 Matthias Pressfreund 
>  .\" Copyright (c) 2014, 2015 Reyk Floeter 
>  .\"
>  .\" Permission to use, copy, modify, and distribute this software for any
> @@ -14,7 +15,7 @@
>  .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
>  .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
>  .\"
> -.Dd $Mdocdate: September 5 2020 $
> +.Dd $Mdocdate: October 27 2020 $
>  .Dt HTTPD.CONF 5
>  .Os
>  .Sh NAME
> @@ -399,11 +400,16 @@ of the host's domain should be considere
>  .It Ic listen on Ar address Oo Ic tls Oc Ic port Ar number
>  Set the listen address and port.
>  This statement can be specified multiple times.
> -.It Ic location Ar path Brq ...
> +.It Ic location Oo Oo Ic not Oc Ic found Oc Ar path Brq ...
>  Specify server configuration rules for a specific location.
>  The
>  .Ar path
>  argument will be matched against the request path with shell globbing rules.
> +Optionally, it is also possible to match for
> +.Ar found
> +(i.e. accessible) or
> +.Ar not found

.Ic seems best suited here.

httpd(8): add location access tests

2020-10-27 Thread Matthias Pressfreund

The patch below adds access tests ('found' or 'not found') for
'location' resource paths via httpd.conf(5).  This enables WordPress
Pretty Permalinks (https://wordpress.org/support/article/using-permalinks/)
just like on an Apache web server with 'mod_rewrite' installed:

server "www.example.com" {
listen on * port www
directory index "index.php"

location not found "/*" {
request rewrite "/index.php"
}
location "/*.php" {
fastcgi socket "/run/php-fpm.sock"
}
}

NOTE: Even with this patch, WordPress is unable to discover that
the OpenBSD web server is now capable to perform required URL
rewrites.  This will make the Permalink Settings Screen
(https://wordpress.org/support/article/settings-permalinks-screen/)
not behave as expected.  Luckily, and for this case exactly, the
'got_url_rewrite' hook
(https://developer.wordpress.org/reference/hooks/got_url_rewrite/)
exists.  Adding the following line of code into the current theme's
'functions.php' file will straighten things out:

add_filter('got_url_rewrite', '__return_true');


(from https://github.com/mpfr/httpd-plus)



Index: usr.sbin/httpd/httpd.conf.5
===
RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
retrieving revision 1.113
diff -u -p -u -p -r1.113 httpd.conf.5
--- usr.sbin/httpd/httpd.conf.5 5 Sep 2020 11:49:38 -   1.113
+++ usr.sbin/httpd/httpd.conf.5 27 Oct 2020 05:59:05 -
@@ -1,5 +1,6 @@
 .\"$OpenBSD: httpd.conf.5,v 1.113 2020/09/05 11:49:38 tb Exp $
 .\"
+.\" Copyright (c) 2020 Matthias Pressfreund 
 .\" Copyright (c) 2014, 2015 Reyk Floeter 
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -14,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 5 2020 $
+.Dd $Mdocdate: October 27 2020 $
 .Dt HTTPD.CONF 5
 .Os
 .Sh NAME
@@ -399,11 +400,16 @@ of the host's domain should be considere
 .It Ic listen on Ar address Oo Ic tls Oc Ic port Ar number
 Set the listen address and port.
 This statement can be specified multiple times.
-.It Ic location Ar path Brq ...
+.It Ic location Oo Oo Ic not Oc Ic found Oc Ar path Brq ...
 Specify server configuration rules for a specific location.
 The
 .Ar path
 argument will be matched against the request path with shell globbing rules.
+Optionally, it is also possible to match for
+.Ar found
+(i.e. accessible) or
+.Ar not found
+request paths only.
 In case of multiple location statements in the same context, the
 first matching location statement will be put into effect, while all
 later ones will be ignored.
@@ -419,7 +425,7 @@ except
 .Ic tcp
 and
 .Ic tls .
-.It Ic location match Ar path Brq ...
+.It Ic location Oo Oo Ic not Oc Ic found Oc Ic match Ar path Brq ...
 Like the
 .Ic location
 option,
Index: usr.sbin/httpd/httpd.h
===
RCS file: /cvs/src/usr.sbin/httpd/httpd.h,v
retrieving revision 1.152
diff -u -p -u -p -r1.152 httpd.h
--- usr.sbin/httpd/httpd.h  29 Aug 2020 07:53:48 -  1.152
+++ usr.sbin/httpd/httpd.h  27 Oct 2020 05:59:05 -
@@ -1,6 +1,7 @@
 /* $OpenBSD: httpd.h,v 1.152 2020/08/29 07:53:48 florian Exp $ */
 
 /*
+ * Copyright (c) 2020 Matthias Pressfreund 
  * Copyright (c) 2006 - 2015 Reyk Floeter 
  * Copyright (c) 2006, 2007 Pierre-Yves Ritschard 
  * Copyright (c) 2003, 2004 Henning Brauer 
@@ -391,13 +392,16 @@ SPLAY_HEAD(client_tree, client);
 #define SRVFLAG_DEFAULT_TYPE   0x0080
 #define SRVFLAG_PATH_REWRITE   0x0100
 #define SRVFLAG_NO_PATH_REWRITE0x0200
+#define SRVFLAG_LOCATION_FOUND 0x4000
+#define SRVFLAG_LOCATION_NOT_FOUND 0x8000
 
 #define SRVFLAG_BITS   \
"\10\01INDEX\02NO_INDEX\03AUTO_INDEX\04NO_AUTO_INDEX"   \
"\05ROOT\06LOCATION\07FCGI\10NO_FCGI\11LOG\12NO_LOG"\
"\14SYSLOG\15NO_SYSLOG\16TLS\17ACCESS_LOG\20ERROR_LOG"  \
"\21AUTH\22NO_AUTH\23BLOCK\24NO_BLOCK\25LOCATION_MATCH" \
-   "\26SERVER_MATCH\27SERVER_HSTS\30DEFAULT_TYPE\31PATH\32NO_PATH"
+   "\26SERVER_MATCH\27SERVER_HSTS\30DEFAULT_TYPE\31PATH\32NO_PATH" \
+   "\37LOCATION_FOUND\40LOCATION_NOT_FOUND"
 
 #define TCPFLAG_NODELAY0x01
 #define TCPFLAG_NNODELAY   0x02
@@ -690,6 +694,7 @@ const char *
 server_root_strip(const char *, int);
 struct server_config *
 server_getlocation(struct client *, const char *);
+int server_locationaccesstest(struct server_config *, const char *);
 const char *
 server_http_host(struct sockaddr_storage *, char *, size_t);
 char   *server_http_parsehost(char *, char *, size_t, int *);
Index: usr.sbin/httpd/parse.y
===
RC

Re: httpd(8): add location access tests

Re: httpd(8): add location access tests

Re: httpd(8): add location access tests

httpd(8): add location access tests

4 matches

Site Navigation

Mail list logo

Footer information