Mercurial > hg > nginx-tests
view http_disable_symlinks.t @ 1680:e6bf510f5e13
Tests: removed $http_auth_smtp_to from POP3 and IMAP tests.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 19 May 2021 04:33:00 +0300 |
parents | 56e7da831f46 |
children |
line wrap: on
line source
#!/usr/bin/perl # (C) Andrey Belov # Tests for disable_symlinks directive. ############################################################################### use warnings; use strict; use Test::More; use POSIX; use Cwd qw/ realpath /; BEGIN { use FindBin; chdir($FindBin::Bin); } use lib 'lib'; use Test::Nginx; ############################################################################### select STDERR; $| = 1; select STDOUT; $| = 1; my $t = Test::Nginx->new()->has(qw/http rewrite symlink/) ->write_file_expand('nginx.conf', <<'EOF'); %%TEST_GLOBALS%% daemon off; events { } http { %%TEST_GLOBALS_HTTP%% server { listen 127.0.0.1:8080; server_name s1; location /on/ { disable_symlinks on; } location /not_owner/ { disable_symlinks if_not_owner; } location /try_on/ { disable_symlinks on; try_files $uri $uri.html =404; } location /try_not_owner/ { disable_symlinks if_not_owner; try_files $uri $uri.txt =404; } location /if_on/ { disable_symlinks on; if (-f $request_filename) { return 204; } } location /if_not_owner/ { disable_symlinks if_not_owner; if (-f $request_filename) { return 204; } } location /complex/1/ { disable_symlinks on; alias %%TESTDIR%%/./cached/../; } location /complex/2/ { disable_symlinks on; alias %%TESTDIR%%//./cached/..//; } location /complex/3/ { disable_symlinks on; alias ///%%TESTDIR%%//./cached/..//; } location ~ (.+/)tail$ { disable_symlinks on; alias %%TESTDIR%%/$1; } location ~ (.+/)tailowner$ { disable_symlinks if_not_owner; alias %%TESTDIR%%/$1; } location ~ (.+/)tailoff$ { disable_symlinks off; alias %%TESTDIR%%/$1; } location /dir { disable_symlinks on; try_files $uri/ =404; } location /from { disable_symlinks on from=$document_root; location /from/wo_slash { alias %%TESTDIR%%/dirlink; } location /from/with_slash/ { alias %%TESTDIR%%/dirlink/; } location ~ ^/from/exact/(.+)$ { alias %%TESTDIR%%/$1; } } } server { listen 127.0.0.1:8080; server_name s2; open_file_cache max=16 inactive=60s; open_file_cache_valid 30s; open_file_cache_min_uses 1; open_file_cache_errors on; location /cached-off/ { disable_symlinks off; alias %%TESTDIR%%/cached/; } location /cached-on/ { disable_symlinks on; alias %%TESTDIR%%/cached/; } location /cached-if-not-owner/ { disable_symlinks if_not_owner; alias %%TESTDIR%%/cached/; } location / { disable_symlinks off; } } } EOF my $uid = getuid(); my ($extfile) = grep { -f && !-l && $uid != (stat())[4] } ('/etc/resolv.conf', '/etc/protocols', '/etc/host.conf'); plan(skip_all => 'no external file found') if !defined $extfile; $t->try_run('no disable_symlinks')->plan(28); my $d = $t->testdir(); mkdir("$d/on"); mkdir("$d/not_owner"); mkdir("$d/try_on"); mkdir("$d/try_not_owner"); mkdir("$d/if_on"); mkdir("$d/if_not_owner"); mkdir("$d/cached"); $t->write_file("empty.html", ""); symlink("empty.html", "$d/link"); symlink($extfile, "$d/link2"); $t->write_file("on/empty.html", ""); symlink("empty.html", "$d/on/link"); symlink($extfile, "$d/on/link2"); $t->write_file("not_owner/empty.html", ""); symlink("empty.html", "$d/not_owner/link"); symlink($extfile, "$d/not_owner/link2"); $t->write_file("try_on/try.html", "LOCAL TRY"); symlink($extfile, "$d/try_on/try"); $t->write_file("try_not_owner/try.html", "LOCAL TRY"); symlink($extfile, "$d/try_not_owner/try"); symlink("try.html", "$d/try_not_owner/try.txt"); $t->write_file("if_on/empty.html", ""); symlink("empty.html", "$d/if_on/link"); symlink($extfile, "$d/if_on/link2"); $t->write_file("if_not_owner/empty.html", ""); symlink("empty.html", "$d/if_not_owner/link"); symlink($extfile, "$d/if_not_owner/link2"); mkdir("$d/dir"); $t->write_file("dir/empty.html", ""); symlink("dir", "$d/dirlink"); symlink($extfile, "$d/cached/link"); ############################################################################### SKIP: { skip 'cannot test under symlink', 25 if $d ne realpath($d) or $^O eq 'netbsd'; like(http_get_host('s1', '/link'), qr!200 OK!, 'static (off, same uid)'); like(http_get_host('s1', '/link2'), qr!200 OK!, 'static (off, other uid)'); like(http_get_host('s1', '/on/link'), qr!403 Forbidden!, 'static (on, same uid)'); like(http_get_host('s1', '/on/link2'), qr!403 Forbidden!, 'static (on, other uid)'); like(http_get_host('s1', '/not_owner/link'), qr!200 OK!, 'static (if_not_owner, same uid)'); like(http_get_host('s1', '/not_owner/link2'), qr!403 Forbidden!, 'static (if_not_owner, other uid)'); like(http_get_host('s1', '/try_on/try'), qr/LOCAL TRY/, 'try_files (on)'); like(http_get_host('s1', '/try_not_owner/try'), qr/LOCAL TRY/, 'try_files (if_not_owner)'); like(http_get_host('s1', '/if_on/link'), qr!403 Forbidden!, 'if (on, same uid)'); like(http_get_host('s1', '/if_on/link2'), qr!403 Forbidden!, 'if (on, other uid)'); like(http_get_host('s1', '/if_not_owner/link'), qr!204 No Content!, 'if (if_not_owner, same uid)'); like(http_get_host('s1', '/if_not_owner/link2'), qr!403 Forbidden!, 'if (if_not_owner, other uid)'); like(http_get_host('s2', '/cached-off/link'), qr!200 OK!, 'open_file_cache (pass 1)'); like(http_get_host('s2', '/cached-on/link'), qr!403 Forbidden!, 'open_file_cache (pass 2)'); like(http_get_host('s2', '/cached-off/link'), qr!200 OK!, 'open_file_cache (pass 3)'); like(http_get_host('s2', '/cached-if-not-owner/link'), qr!403 Forbidden!, 'open_file_cache (pass 4)'); like(http_get_host('s2', '/cached-off/link'), qr!200 OK!, 'open_file_cache (pass 5)'); like(http_get('/complex/1/empty.html'), qr!200 OK!, 'complex root 1'); like(http_get('/complex/2/empty.html'), qr!200 OK!, 'complex root 2'); like(http_get('/complex/3/empty.html'), qr!200 OK!, 'complex root 3'); # workaround for freebsd 8: we use O_EXEC instead of O_SEARCH (since there # is no O_SEARCH), and O_DIRECTORY does nothing. setting the 'x' bit # tests to pass as openat() will correctly fail with ENOTDIR chmod(0700, "$d/link"); my $rc = $^O eq 'darwin' ? 200 : 404; like(http_get('/link/tail'), qr!40[34] !, 'file with trailing /, on'); like(http_get('/link/tailowner'), qr!404 !, 'file with trailing /, owner'); like(http_get('/link/tailoff'), qr!$rc !, 'file with trailing /, off'); like(http_get('/dirlink'), qr!404 !, 'directory without /'); like(http_get('/dirlink/'), qr!404 !, 'directory with trailing /'); } # SKIP: cannot test under symlink like(http_get('/from/wo_slash/empty.html'), qr!200 OK!, '"from=" without /'); like(http_get('/from/with_slash/empty.html'), qr!200 OK!, '"from=" with /'); like(http_get('/from/exact/link'), qr!200 OK!, '"from=" exact match'); ############################################################################### sub http_get_host { my ($host, $url) = @_; return http(<<EOF); GET $url HTTP/1.0 Host: $host EOF } ###############################################################################