lighttpd
/
lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity
lighttpd 1.4.x https://www.lighttpd.net/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4133 Commits
8 Branches
79 Tags
48 MiB
Tree: 3f0833328c
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3f0833328c'
${ noResults }
lighttpd1.4/src/mod_auth.c

1463 lines
50 KiB
Raw Normal View History Unescape

[mod_auth*] rename http_auth.* -> mod_auth_api.* rename http_auth.[ch] -> mod_auth_api.[ch]
1 year ago
/*
* http_auth - HTTP authentication and authorization
*
* Largely-rewritten from original
* Copyright(c) 2016,2021 Glenn Strauss gstrauss()gluelogic.com All rights reserved
* License: BSD 3-clause (same as lighttpd)
*/
consistent inclusion of config.h at top of files (fixes #2073) From: Glenn Strauss <gstrauss@gluelogic.com> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3113 152afb58-edef-0310-8abb-c4023f1b3aa9
6 years ago
#include "first.h"
[core] sys-crypto-md.h w/ inline message digest fn sys-crypto-md.h w/ inline message digest functions; shared code
2 years ago
#include <stdlib.h>
#include <string.h>
[mod_auth*] rename http_auth.* -> mod_auth_api.* rename http_auth.[ch] -> mod_auth_api.[ch]
1 year ago
#include "mod_auth_api.h"
[core] sys-crypto-md.h w/ inline message digest fn sys-crypto-md.h w/ inline message digest functions; shared code
2 years ago
#include "sys-crypto-md.h" /* USE_LIB_CRYPTO */
[core] some header cleanup provide standard types in first.h instead of base.h provide lighttpd types in base_decls.h instead of settings.h reduce headers exposed by headers for core data structures do not expose <pcre.h> or <stdlib.h> in headers move stat_cache_entry to stat_cache.h reduce use of "server.h" and "base.h" in headers
4 years ago
#include "base.h"
[multiple] move const time cmp funcs to ck.[ch] http_auth_const_time_memeq_pad() -> ck_memeq_const_time() http_auth_const_time_memeq() -> ck_memeq_const_time_fixed_len()
1 year ago
#include "ck.h"
[core] abstraction layer for HTTP header manip http_header.[ch] convert existing calls to manip request/response headers convert existing calls to manip environment array (often header-related)
4 years ago
#include "http_header.h"
Fix header inclusion order, always include "config.h" before any system header git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2624 152afb58-edef-0310-8abb-c4023f1b3aa9
13 years ago
#include "log.h"
[core] rename splaytree.[ch] to algo_splaytree.[ch]
2 years ago
#include "algo_splaytree.h"
[mod_auth*] rename http_auth.* -> mod_auth_api.* rename http_auth.[ch] -> mod_auth_api.[ch]
1 year ago
#include "plugin.h"
#include "plugin_config.h"
moved everything below trunk/ and added branches/ and tags/ git-svn-id: svn://svn.lighttpd.net/lighttpd/trunk@30 152afb58-edef-0310-8abb-c4023f1b3aa9
18 years ago
/**
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
* auth framework
moved everything below trunk/ and added branches/ and tags/ git-svn-id: svn://svn.lighttpd.net/lighttpd/trunk@30 152afb58-edef-0310-8abb-c4023f1b3aa9
18 years ago
*/
[mod_auth,mod_vhostdb] add caching option (fixes #2805) auth.cache = ("max-age" => "600") vhostdb.cache = ("max-age" => "600") If specified with an empty array, default max-age is 600 secs (10 mins) auth.cache = () vhostdb.cache = () (Note: cache expiration occurs every 8 seconds, so maximum cache time might be up to max-age + 8 seconds) x-ref: "mod_auth caching" https://redmine.lighttpd.net/issues/2805
2 years ago
typedef struct {
splay_tree *sptree; /* data in nodes of tree are (http_auth_cache_entry *)*/
time_t max_age;
} http_auth_cache;
[mod_auth] extensible interface for auth backends create new, extensible interface for (additional) auth backends attempt to handle HANDLER_WAIT_FOR_EVENT returned by auth backends to allow for async auth backends (e.g. to mysql database) separate auth backends from mod_auth and http_auth mod_authn_file.c htdigest, htpasswd, plain auth backends mod_authn_ldap.c ldap auth backend add http_auth.c to common_sources for auth backend registration (mod_authn_file could be three separate modules, but no need for now)
6 years ago
typedef struct {
[mod_auth*] use config_plugin_values_init()
3 years ago
const http_auth_backend_t *auth_backend;
const array *auth_require;
[mod_auth,mod_vhostdb] add caching option (fixes #2805) auth.cache = ("max-age" => "600") vhostdb.cache = ("max-age" => "600") If specified with an empty array, default max-age is 600 secs (10 mins) auth.cache = () vhostdb.cache = () (Note: cache expiration occurs every 8 seconds, so maximum cache time might be up to max-age + 8 seconds) x-ref: "mod_auth caching" https://redmine.lighttpd.net/issues/2805
2 years ago
http_auth_cache *auth_cache;
[mod_auth*] use config_plugin_values_init()
3 years ago
unsigned int auth_extern_authn;
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
} plugin_config;
[mod_auth] extensible interface for auth backends create new, extensible interface for (additional) auth backends attempt to handle HANDLER_WAIT_FOR_EVENT returned by auth backends to allow for async auth backends (e.g. to mysql database) separate auth backends from mod_auth and http_auth mod_authn_file.c htdigest, htpasswd, plain auth backends mod_authn_ldap.c ldap auth backend add http_auth.c to common_sources for auth backend registration (mod_authn_file could be three separate modules, but no need for now)
6 years ago
typedef struct {
[mod_auth*] use config_plugin_values_init()
3 years ago
PLUGIN_DATA;
plugin_config defaults;
plugin_config conf;
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
} plugin_data;
[mod_auth,mod_vhostdb] add caching option (fixes #2805) auth.cache = ("max-age" => "600") vhostdb.cache = ("max-age" => "600") If specified with an empty array, default max-age is 600 secs (10 mins) auth.cache = () vhostdb.cache = () (Note: cache expiration occurs every 8 seconds, so maximum cache time might be up to max-age + 8 seconds) x-ref: "mod_auth caching" https://redmine.lighttpd.net/issues/2805
2 years ago
typedef struct {
const struct http_auth_require_t *require;
[multiple] Y2038 32-bit signed time_t mitigations Most OS platforms have already provided solutions to Y2038 32-bit signed time_t 5 - 10 years ago (or more!) Notable exceptions are Linux i686 and FreeBSD i386. Since 32-bit systems tend to be embedded systems, and since many distros take years to pick up new software, this commit aims to provide Y2038 mitigations for lighttpd running on 32-bit systems with Y2038-unsafe 32-bit signed time_t * Y2038: lighttpd 1.4.60 and later report Y2038 safety $ lighttpd -V + Y2038 support # Y2038-SAFE $ lighttpd -V - Y2038 support (unsafe 32-bit signed time_t) # Y2038-UNSAFE * Y2038: general platform info * Y2038-SAFE: lighttpd 64-bit builds on platforms using 64-bit time_t - all major 64-bit platforms (known to this author) use 64-bit time_t * Y2038-SAFE: lighttpd 32-bit builds on platforms using 64-bit time_t - Linux x32 ABI (different from i686) - FreeBSD all 32-bit and 64-bit architectures *except* 32-bit i386 - NetBSD 6.0 (released Oct 2012) all 32-bit and 64-bit architectures - OpenBSD 5.5 (released May 2014) all 32-bit and 64-bit architectures - Microsoft Windows XP and Visual Studio 2005 (? unsure ?) Another reference suggests Visual Studio 2015 defaults to 64-bit time_t - MacOS 10.15 Catalina (released 2019) drops support for 32-bit apps * Y2038-SAFE: lighttpd 32-bit builds on platforms using 32-bit unsigned time_t - e.g. OpenVMS (unknown if lighttpd builds on this platform) * Y2038-UNSAFE: lighttpd 32-bit builds on platforms using 32-bit signed time_t - Linux 32-bit (including i686) - glibc 32-bit library support not yet available for 64-bit time_t - https://sourceware.org/glibc/wiki/Y2038ProofnessDesign - Linux kernel 5.6 on 32-bit platforms does support 64-bit time_t https://itsubuntu.com/linux-kernel-5-6-to-fix-the-year-2038-issue-unix-y2k/ - https://www.gnu.org/software/libc/manual/html_node/64_002dbit-time-symbol-handling.html "Note: at this point, 64-bit time support in dual-time configurations is work-in-progress, so for these configurations, the public API only makes the 32-bit time support available. In a later change, the public API will allow user code to choose the time size for a given compilation unit." - compiling with -D_TIME_BITS=64 currently has no effect - glibc recent (Jul 2021) mailing list discussion - https://public-inbox.org/bug-gnulib/878s2ozq70.fsf@oldenburg.str.redhat.com/T/ - FreeBSD i386 - DragonFlyBSD 32-bit * Y2038 mitigations attempted on Y2038-UNSAFE platforms (32-bit signed time_t) * lighttpd prefers system monotonic clock instead of realtime clock in places where realtime clock is not required * lighttpd treats negative time_t values as after 19 Jan 2038 03:14:07 GMT * (lighttpd presumes that lighttpd will not encounter dates before 1970 during normal operation.) * lighttpd casts struct stat st.st_mtime (and st.st_*time) through uint64_t to convert negative timestamps for comparisions with 64-bit timestamps (treating negative timestamp values as after 19 Jan 2038 03:14:07 GMT) * lighttpd provides unix_time64_t (int64_t) and * lighttpd provides struct unix_timespec64 (unix_timespec64_t) (struct timespec equivalent using unix_time64_t tv_sec member) * lighttpd provides gmtime64_r() and localtime64_r() wrappers for platforms 32-bit platforms using 32-bit time_t and lighttpd temporarily shifts the year in order to use gmtime_r() and localtime_r() (or gmtime() and localtime()) from standard libraries, before readjusting year and passing struct tm to formatting functions such as strftime() * lighttpd provides TIME64_CAST() macro to cast signed 32-bit time_t to unsigned 32-bit and then to unix_time64_t * Note: while lighttpd tries handle times past 19 Jan 2038 03:14:07 GMT on 32-bit platforms using 32-bit signed time_t, underlying libraries and underlying filesystems might not behave properly after 32-bit signed time_t overflows (19 Jan 2038 03:14:08 GMT). If a given 32-bit OS does not work properly using negative time_t values, then lighttpd likely will not work properly on that system. * Other references and blogs - https://en.wikipedia.org/wiki/Year_2038_problem - https://en.wikipedia.org/wiki/Time_formatting_and_storage_bugs - http://www.lieberbiber.de/2017/03/14/a-look-at-the-year-20362038-problems-and-time-proofness-in-various-systems/
12 months ago
unix_time64_t ctime;
[mod_auth,mod_vhostdb] add caching option (fixes #2805) auth.cache = ("max-age" => "600") vhostdb.cache = ("max-age" => "600") If specified with an empty array, default max-age is 600 secs (10 mins) auth.cache = () vhostdb.cache = () (Note: cache expiration occurs every 8 seconds, so maximum cache time might be up to max-age + 8 seconds) x-ref: "mod_auth caching" https://redmine.lighttpd.net/issues/2805
2 years ago
int dalgo;
uint32_t dlen;
uint32_t ulen;
char *username;
char *pwdigest;
} http_auth_cache_entry;
static http_auth_cache_entry *
http_auth_cache_entry_init (const struct http_auth_require_t * const require, const int dalgo, const char *username, const uint32_t ulen, const char *pw, const uint32_t pwlen)
{
/*(similar to buffer_copy_string_len() for each element,
* but allocate exact lengths in single chunk of memory
* for cache to avoid wasting space and for memory locality)*/
/* http_auth_require_t is stored instead of copying realm
*(store pointer to http_auth_require_t, which is persistent
* and will be different for each realm + permissions combo)*/
http_auth_cache_entry * const ae =
malloc(sizeof(http_auth_cache_entry) + ulen + pwlen);
force_assert(ae);
ae->require = require;
[multiple] prefer monotonic time for internal use Note: monotonic time does not change while VM is suspended Continue to use real time where required by HTTP protocol, for logging and for other user-visible instances, such as mod_status, as well as for external databases and caches.
1 year ago
ae->ctime = log_monotonic_secs;
[mod_auth,mod_vhostdb] add caching option (fixes #2805) auth.cache = ("max-age" => "600") vhostdb.cache = ("max-age" => "600") If specified with an empty array, default max-age is 600 secs (10 mins) auth.cache = () vhostdb.cache = () (Note: cache expiration occurs every 8 seconds, so maximum cache time might be up to max-age + 8 seconds) x-ref: "mod_auth caching" https://redmine.lighttpd.net/issues/2805
2 years ago
ae->dalgo = dalgo;
ae->ulen = ulen;
ae->dlen = pwlen;
ae->username = (char *)(ae + 1);
ae->pwdigest = ae->username + ulen;
memcpy(ae->username, username, ulen);
memcpy(ae->pwdigest, pw, pwlen);
return ae;
}
static void
http_auth_cache_entry_free (void *data)
{
http_auth_cache_entry * const ae = data;
[multiple] rename safe_memclear() -> ck_memzero()
1 year ago
ck_memzero(ae->pwdigest, ae->dlen);
[mod_auth,mod_vhostdb] add caching option (fixes #2805) auth.cache = ("max-age" => "600") vhostdb.cache = ("max-age" => "600") If specified with an empty array, default max-age is 600 secs (10 mins) auth.cache = () vhostdb.cache = () (Note: cache expiration occurs every 8 seconds, so maximum cache time might be up to max-age + 8 seconds) x-ref: "mod_auth caching" https://redmine.lighttpd.net/issues/2805
2 years ago
free(ae);
}
static void
http_auth_cache_free (http_auth_cache *ac)
{
splay_tree *sptree = ac->sptree;
while (sptree) {
http_auth_cache_entry_free(sptree->data);
sptree = splaytree_delete(sptree, sptree->key);
}
free(ac);
}
static http_auth_cache *
http_auth_cache_init (const array *opts)
{
http_auth_cache *ac = malloc(sizeof(http_auth_cache));
force_assert(ac);
ac->sptree = NULL;
ac->max_age = 600; /* 10 mins */
for (uint32_t i = 0, used = opts->used; i < used; ++i) {
[core] config_plugin_value_to_int32()
2 years ago
data_unset *du = opts->data[i];
if (buffer_is_equal_string(&du->key, CONST_STR_LEN("max-age")))
ac->max_age = (time_t)config_plugin_value_to_int32(du, ac->max_age);
[mod_auth,mod_vhostdb] add caching option (fixes #2805) auth.cache = ("max-age" => "600") vhostdb.cache = ("max-age" => "600") If specified with an empty array, default max-age is 600 secs (10 mins) auth.cache = () vhostdb.cache = () (Note: cache expiration occurs every 8 seconds, so maximum cache time might be up to max-age + 8 seconds) x-ref: "mod_auth caching" https://redmine.lighttpd.net/issues/2805
2 years ago
}
return ac;
}
static int
http_auth_cache_hash (const struct http_auth_require_t * const require, const char *username, const uint32_t ulen)
{
uint32_t h = /*(hash pointer value, which includes realm and permissions)*/
djbhash((char *)(intptr_t)require, sizeof(intptr_t), DJBHASH_INIT);
h = djbhash(username, ulen, h);
/* strip highest bit of hash value for splaytree (see splaytree_djbhash())*/
return (int32_t)(h & ~(((uint32_t)1) << 31));
}
static http_auth_cache_entry *
http_auth_cache_query (splay_tree ** const sptree, const int ndx)
{
*sptree = splaytree_splay(*sptree, ndx);
return (*sptree && (*sptree)->key == ndx) ? (*sptree)->data : NULL;
}
static void
http_auth_cache_insert (splay_tree ** const sptree, const int ndx, void * const data, void(data_free_fn)(void *))
{
/*(not necessary to re-splay (with current usage) since single-threaded
* and splaytree has not been modified since http_auth_cache_query())*/
/* *sptree = splaytree_splay(*sptree, ndx); */
if (NULL == *sptree || (*sptree)->key != ndx)
*sptree = splaytree_insert(*sptree, ndx, data);
else { /* collision; replace old entry */
data_free_fn((*sptree)->data);
(*sptree)->data = data;
}
}
/* walk though cache, collect expired ids, and remove them in a second loop */
static void
[multiple] Y2038 32-bit signed time_t mitigations Most OS platforms have already provided solutions to Y2038 32-bit signed time_t 5 - 10 years ago (or more!) Notable exceptions are Linux i686 and FreeBSD i386. Since 32-bit systems tend to be embedded systems, and since many distros take years to pick up new software, this commit aims to provide Y2038 mitigations for lighttpd running on 32-bit systems with Y2038-unsafe 32-bit signed time_t * Y2038: lighttpd 1.4.60 and later report Y2038 safety $ lighttpd -V + Y2038 support # Y2038-SAFE $ lighttpd -V - Y2038 support (unsafe 32-bit signed time_t) # Y2038-UNSAFE * Y2038: general platform info * Y2038-SAFE: lighttpd 64-bit builds on platforms using 64-bit time_t - all major 64-bit platforms (known to this author) use 64-bit time_t * Y2038-SAFE: lighttpd 32-bit builds on platforms using 64-bit time_t - Linux x32 ABI (different from i686) - FreeBSD all 32-bit and 64-bit architectures *except* 32-bit i386 - NetBSD 6.0 (released Oct 2012) all 32-bit and 64-bit architectures - OpenBSD 5.5 (released May 2014) all 32-bit and 64-bit architectures - Microsoft Windows XP and Visual Studio 2005 (? unsure ?) Another reference suggests Visual Studio 2015 defaults to 64-bit time_t - MacOS 10.15 Catalina (released 2019) drops support for 32-bit apps * Y2038-SAFE: lighttpd 32-bit builds on platforms using 32-bit unsigned time_t - e.g. OpenVMS (unknown if lighttpd builds on this platform) * Y2038-UNSAFE: lighttpd 32-bit builds on platforms using 32-bit signed time_t - Linux 32-bit (including i686) - glibc 32-bit library support not yet available for 64-bit time_t - https://sourceware.org/glibc/wiki/Y2038ProofnessDesign - Linux kernel 5.6 on 32-bit platforms does support 64-bit time_t https://itsubuntu.com/linux-kernel-5-6-to-fix-the-year-2038-issue-unix-y2k/ - https://www.gnu.org/software/libc/manual/html_node/64_002dbit-time-symbol-handling.html "Note: at this point, 64-bit time support in dual-time configurations is work-in-progress, so for these configurations, the public API only makes the 32-bit time support available. In a later change, the public API will allow user code to choose the time size for a given compilation unit." - compiling with -D_TIME_BITS=64 currently has no effect - glibc recent (Jul 2021) mailing list discussion - https://public-inbox.org/bug-gnulib/878s2ozq70.fsf@oldenburg.str.redhat.com/T/ - FreeBSD i386 - DragonFlyBSD 32-bit * Y2038 mitigations attempted on Y2038-UNSAFE platforms (32-bit signed time_t) * lighttpd prefers system monotonic clock instead of realtime clock in places where realtime clock is not required * lighttpd treats negative time_t values as after 19 Jan 2038 03:14:07 GMT * (lighttpd presumes that lighttpd will not encounter dates before 1970 during normal operation.) * lighttpd casts struct stat st.st_mtime (and st.st_*time) through uint64_t to convert negative timestamps for comparisions with 64-bit timestamps (treating negative timestamp values as after 19 Jan 2038 03:14:07 GMT) * lighttpd provides unix_time64_t (int64_t) and * lighttpd provides struct unix_timespec64 (unix_timespec64_t) (struct timespec equivalent using unix_time64_t tv_sec member) * lighttpd provides gmtime64_r() and localtime64_r() wrappers for platforms 32-bit platforms using 32-bit time_t and lighttpd temporarily shifts the year in order to use gmtime_r() and localtime_r() (or gmtime() and localtime()) from standard libraries, before readjusting year and passing struct tm to formatting functions such as strftime() * lighttpd provides TIME64_CAST() macro to cast signed 32-bit time_t to unsigned 32-bit and then to unix_time64_t * Note: while lighttpd tries handle times past 19 Jan 2038 03:14:07 GMT on 32-bit platforms using 32-bit signed time_t, underlying libraries and underlying filesystems might not behave properly after 32-bit signed time_t overflows (19 Jan 2038 03:14:08 GMT). If a given 32-bit OS does not work properly using negative time_t values, then lighttpd likely will not work properly on that system. * Other references and blogs - https://en.wikipedia.org/wiki/Year_2038_problem - https://en.wikipedia.org/wiki/Time_formatting_and_storage_bugs - http://www.lieberbiber.de/2017/03/14/a-look-at-the-year-20362038-problems-and-time-proofness-in-various-systems/
12 months ago
mod_auth_tag_old_entries (splay_tree * const t, int * const keys, int * const ndx, const time_t max_age, const unix_time64_t cur_ts)
[mod_auth,mod_vhostdb] add caching option (fixes #2805) auth.cache = ("max-age" => "600") vhostdb.cache = ("max-age" => "600") If specified with an empty array, default max-age is 600 secs (10 mins) auth.cache = () vhostdb.cache = () (Note: cache expiration occurs every 8 seconds, so maximum cache time might be up to max-age + 8 seconds) x-ref: "mod_auth caching" https://redmine.lighttpd.net/issues/2805
2 years ago
{
if (*ndx == 8192) return; /*(must match num array entries in keys[])*/
if (t->left)
mod_auth_tag_old_entries(t->left, keys, ndx, max_age, cur_ts);
if (t->right)
mod_auth_tag_old_entries(t->right, keys, ndx, max_age, cur_ts);
if (*ndx == 8192) return; /*(must match num array entries in keys[])*/
const http_auth_cache_entry * const ae = t->data;
if (cur_ts - ae->ctime > max_age)
keys[(*ndx)++] = t->key;
}
__attribute_noinline__
static void
[multiple] Y2038 32-bit signed time_t mitigations Most OS platforms have already provided solutions to Y2038 32-bit signed time_t 5 - 10 years ago (or more!) Notable exceptions are Linux i686 and FreeBSD i386. Since 32-bit systems tend to be embedded systems, and since many distros take years to pick up new software, this commit aims to provide Y2038 mitigations for lighttpd running on 32-bit systems with Y2038-unsafe 32-bit signed time_t * Y2038: lighttpd 1.4.60 and later report Y2038 safety $ lighttpd -V + Y2038 support # Y2038-SAFE $ lighttpd -V - Y2038 support (unsafe 32-bit signed time_t) # Y2038-UNSAFE * Y2038: general platform info * Y2038-SAFE: lighttpd 64-bit builds on platforms using 64-bit time_t - all major 64-bit platforms (known to this author) use 64-bit time_t * Y2038-SAFE: lighttpd 32-bit builds on platforms using 64-bit time_t - Linux x32 ABI (different from i686) - FreeBSD all 32-bit and 64-bit architectures *except* 32-bit i386 - NetBSD 6.0 (released Oct 2012) all 32-bit and 64-bit architectures - OpenBSD 5.5 (released May 2014) all 32-bit and 64-bit architectures - Microsoft Windows XP and Visual Studio 2005 (? unsure ?) Another reference suggests Visual Studio 2015 defaults to 64-bit time_t - MacOS 10.15 Catalina (released 2019) drops support for 32-bit apps * Y2038-SAFE: lighttpd 32-bit builds on platforms using 32-bit unsigned time_t - e.g. OpenVMS (unknown if lighttpd builds on this platform) * Y2038-UNSAFE: lighttpd 32-bit builds on platforms using 32-bit signed time_t - Linux 32-bit (including i686) - glibc 32-bit library support not yet available for 64-bit time_t - https://sourceware.org/glibc/wiki/Y2038ProofnessDesign - Linux kernel 5.6 on 32-bit platforms does support 64-bit time_t https://itsubuntu.com/linux-kernel-5-6-to-fix-the-year-2038-issue-unix-y2k/ - https://www.gnu.org/software/libc/manual/html_node/64_002dbit-time-symbol-handling.html "Note: at this point, 64-bit time support in dual-time configurations is work-in-progress, so for these configurations, the public API only makes the 32-bit time support available. In a later change, the public API will allow user code to choose the time size for a given compilation unit." - compiling with -D_TIME_BITS=64 currently has no effect - glibc recent (Jul 2021) mailing list discussion - https://public-inbox.org/bug-gnulib/878s2ozq70.fsf@oldenburg.str.redhat.com/T/ - FreeBSD i386 - DragonFlyBSD 32-bit * Y2038 mitigations attempted on Y2038-UNSAFE platforms (32-bit signed time_t) * lighttpd prefers system monotonic clock instead of realtime clock in places where realtime clock is not required * lighttpd treats negative time_t values as after 19 Jan 2038 03:14:07 GMT * (lighttpd presumes that lighttpd will not encounter dates before 1970 during normal operation.) * lighttpd casts struct stat st.st_mtime (and st.st_*time) through uint64_t to convert negative timestamps for comparisions with 64-bit timestamps (treating negative timestamp values as after 19 Jan 2038 03:14:07 GMT) * lighttpd provides unix_time64_t (int64_t) and * lighttpd provides struct unix_timespec64 (unix_timespec64_t) (struct timespec equivalent using unix_time64_t tv_sec member) * lighttpd provides gmtime64_r() and localtime64_r() wrappers for platforms 32-bit platforms using 32-bit time_t and lighttpd temporarily shifts the year in order to use gmtime_r() and localtime_r() (or gmtime() and localtime()) from standard libraries, before readjusting year and passing struct tm to formatting functions such as strftime() * lighttpd provides TIME64_CAST() macro to cast signed 32-bit time_t to unsigned 32-bit and then to unix_time64_t * Note: while lighttpd tries handle times past 19 Jan 2038 03:14:07 GMT on 32-bit platforms using 32-bit signed time_t, underlying libraries and underlying filesystems might not behave properly after 32-bit signed time_t overflows (19 Jan 2038 03:14:08 GMT). If a given 32-bit OS does not work properly using negative time_t values, then lighttpd likely will not work properly on that system. * Other references and blogs - https://en.wikipedia.org/wiki/Year_2038_problem - https://en.wikipedia.org/wiki/Time_formatting_and_storage_bugs - http://www.lieberbiber.de/2017/03/14/a-look-at-the-year-20362038-problems-and-time-proofness-in-various-systems/
12 months ago
mod_auth_periodic_cleanup(splay_tree **sptree_ptr, const time_t max_age, const unix_time64_t cur_ts)
[mod_auth,mod_vhostdb] add caching option (fixes #2805) auth.cache = ("max-age" => "600") vhostdb.cache = ("max-age" => "600") If specified with an empty array, default max-age is 600 secs (10 mins) auth.cache = () vhostdb.cache = () (Note: cache expiration occurs every 8 seconds, so maximum cache time might be up to max-age + 8 seconds) x-ref: "mod_auth caching" https://redmine.lighttpd.net/issues/2805
2 years ago
{
splay_tree *sptree = *sptree_ptr;
int max_ndx, i;
int keys[8192]; /* 32k size on stack */
do {
if (!sptree) break;
max_ndx = 0;
mod_auth_tag_old_entries(sptree, keys, &max_ndx, max_age, cur_ts);
for (i = 0; i < max_ndx; ++i) {
int ndx = keys[i];
sptree = splaytree_splay(sptree, ndx);
if (sptree && sptree->key == ndx) {
http_auth_cache_entry_free(sptree->data);
sptree = splaytree_delete(sptree, ndx);
}
}
} while (max_ndx == sizeof(keys)/sizeof(int));
*sptree_ptr = sptree;
}
TRIGGER_FUNC(mod_auth_periodic)
{
const plugin_data * const p = p_d;
[multiple] Y2038 32-bit signed time_t mitigations Most OS platforms have already provided solutions to Y2038 32-bit signed time_t 5 - 10 years ago (or more!) Notable exceptions are Linux i686 and FreeBSD i386. Since 32-bit systems tend to be embedded systems, and since many distros take years to pick up new software, this commit aims to provide Y2038 mitigations for lighttpd running on 32-bit systems with Y2038-unsafe 32-bit signed time_t * Y2038: lighttpd 1.4.60 and later report Y2038 safety $ lighttpd -V + Y2038 support # Y2038-SAFE $ lighttpd -V - Y2038 support (unsafe 32-bit signed time_t) # Y2038-UNSAFE * Y2038: general platform info * Y2038-SAFE: lighttpd 64-bit builds on platforms using 64-bit time_t - all major 64-bit platforms (known to this author) use 64-bit time_t * Y2038-SAFE: lighttpd 32-bit builds on platforms using 64-bit time_t - Linux x32 ABI (different from i686) - FreeBSD all 32-bit and 64-bit architectures *except* 32-bit i386 - NetBSD 6.0 (released Oct 2012) all 32-bit and 64-bit architectures - OpenBSD 5.5 (released May 2014) all 32-bit and 64-bit architectures - Microsoft Windows XP and Visual Studio 2005 (? unsure ?) Another reference suggests Visual Studio 2015 defaults to 64-bit time_t - MacOS 10.15 Catalina (released 2019) drops support for 32-bit apps * Y2038-SAFE: lighttpd 32-bit builds on platforms using 32-bit unsigned time_t - e.g. OpenVMS (unknown if lighttpd builds on this platform) * Y2038-UNSAFE: lighttpd 32-bit builds on platforms using 32-bit signed time_t - Linux 32-bit (including i686) - glibc 32-bit library support not yet available for 64-bit time_t - https://sourceware.org/glibc/wiki/Y2038ProofnessDesign - Linux kernel 5.6 on 32-bit platforms does support 64-bit time_t https://itsubuntu.com/linux-kernel-5-6-to-fix-the-year-2038-issue-unix-y2k/ - https://www.gnu.org/software/libc/manual/html_node/64_002dbit-time-symbol-handling.html "Note: at this point, 64-bit time support in dual-time configurations is work-in-progress, so for these configurations, the public API only makes the 32-bit time support available. In a later change, the public API will allow user code to choose the time size for a given compilation unit." - compiling with -D_TIME_BITS=64 currently has no effect - glibc recent (Jul 2021) mailing list discussion - https://public-inbox.org/bug-gnulib/878s2ozq70.fsf@oldenburg.str.redhat.com/T/ - FreeBSD i386 - DragonFlyBSD 32-bit * Y2038 mitigations attempted on Y2038-UNSAFE platforms (32-bit signed time_t) * lighttpd prefers system monotonic clock instead of realtime clock in places where realtime clock is not required * lighttpd treats negative time_t values as after 19 Jan 2038 03:14:07 GMT * (lighttpd presumes that lighttpd will not encounter dates before 1970 during normal operation.) * lighttpd casts struct stat st.st_mtime (and st.st_*time) through uint64_t to convert negative timestamps for comparisions with 64-bit timestamps (treating negative timestamp values as after 19 Jan 2038 03:14:07 GMT) * lighttpd provides unix_time64_t (int64_t) and * lighttpd provides struct unix_timespec64 (unix_timespec64_t) (struct timespec equivalent using unix_time64_t tv_sec member) * lighttpd provides gmtime64_r() and localtime64_r() wrappers for platforms 32-bit platforms using 32-bit time_t and lighttpd temporarily shifts the year in order to use gmtime_r() and localtime_r() (or gmtime() and localtime()) from standard libraries, before readjusting year and passing struct tm to formatting functions such as strftime() * lighttpd provides TIME64_CAST() macro to cast signed 32-bit time_t to unsigned 32-bit and then to unix_time64_t * Note: while lighttpd tries handle times past 19 Jan 2038 03:14:07 GMT on 32-bit platforms using 32-bit signed time_t, underlying libraries and underlying filesystems might not behave properly after 32-bit signed time_t overflows (19 Jan 2038 03:14:08 GMT). If a given 32-bit OS does not work properly using negative time_t values, then lighttpd likely will not work properly on that system. * Other references and blogs - https://en.wikipedia.org/wiki/Year_2038_problem - https://en.wikipedia.org/wiki/Time_formatting_and_storage_bugs - http://www.lieberbiber.de/2017/03/14/a-look-at-the-year-20362038-problems-and-time-proofness-in-various-systems/
12 months ago
const unix_time64_t cur_ts = log_monotonic_secs;
[mod_auth,mod_vhostdb] add caching option (fixes #2805) auth.cache = ("max-age" => "600") vhostdb.cache = ("max-age" => "600") If specified with an empty array, default max-age is 600 secs (10 mins) auth.cache = () vhostdb.cache = () (Note: cache expiration occurs every 8 seconds, so maximum cache time might be up to max-age + 8 seconds) x-ref: "mod_auth caching" https://redmine.lighttpd.net/issues/2805
2 years ago
if (cur_ts & 0x7) return HANDLER_GO_ON; /*(continue once each 8 sec)*/
UNUSED(srv);
/* future: might construct array of (http_auth_cache *) at startup
* to avoid the need to search for them here */
[multiple] avoid duplicate parsing in trigger func (#3056) x-ref: "OCSP Stapling reload seems not to work" https://redmine.lighttpd.net/issues/3056
1 year ago
/* (init i to 0 if global context; to 1 to skip empty global context) */
if (NULL == p->cvlist) return HANDLER_GO_ON;
for (int i = !p->cvlist[0].v.u2[1], used = p->nconfig; i < used; ++i) {
[mod_auth,mod_vhostdb] add caching option (fixes #2805) auth.cache = ("max-age" => "600") vhostdb.cache = ("max-age" => "600") If specified with an empty array, default max-age is 600 secs (10 mins) auth.cache = () vhostdb.cache = () (Note: cache expiration occurs every 8 seconds, so maximum cache time might be up to max-age + 8 seconds) x-ref: "mod_auth caching" https://redmine.lighttpd.net/issues/2805
2 years ago
const config_plugin_value_t *cpv = p->cvlist + p->cvlist[i].v.u2[0];
for (; cpv->k_id != -1; ++cpv) {
if (cpv->k_id != 3) continue; /* k_id == 3 for auth.cache */
if (cpv->vtype != T_CONFIG_LOCAL) continue;
http_auth_cache *ac = cpv->v.v;
mod_auth_periodic_cleanup(&ac->sptree, ac->max_age, cur_ts);
}
}
return HANDLER_GO_ON;
}
[multiple] split con, request (very large change) NB: r->tmp_buf == srv->tmp_buf (pointer is copied for quicker access) NB: request read and write chunkqueues currently point to connection chunkqueues; per-request and per-connection chunkqueues are not distinct from one another con->read_queue == r->read_queue con->write_queue == r->write_queue NB: in the future, a separate connection config may be needed for connection-level module hooks. Similarly, might need to have per-request chunkqueues separate from per-connection chunkqueues. Should probably also have a request_reset() which is distinct from connection_reset().
3 years ago
static handler_t mod_auth_check_basic(request_st *r, void *p_d, const struct http_auth_require_t *require, const struct http_auth_backend_t *backend);
static handler_t mod_auth_check_digest(request_st *r, void *p_d, const struct http_auth_require_t *require, const struct http_auth_backend_t *backend);
static handler_t mod_auth_check_extern(request_st *r, void *p_d, const struct http_auth_require_t *require, const struct http_auth_backend_t *backend);
[mod_auth] extensible interface for auth backends create new, extensible interface for (additional) auth backends attempt to handle HANDLER_WAIT_FOR_EVENT returned by auth backends to allow for async auth backends (e.g. to mysql database) separate auth backends from mod_auth and http_auth mod_authn_file.c htdigest, htpasswd, plain auth backends mod_authn_ldap.c ldap auth backend add http_auth.c to common_sources for auth backend registration (mod_authn_file could be three separate modules, but no need for now)
6 years ago
moved everything below trunk/ and added branches/ and tags/ git-svn-id: svn://svn.lighttpd.net/lighttpd/trunk@30 152afb58-edef-0310-8abb-c4023f1b3aa9
18 years ago
INIT_FUNC(mod_auth_init) {
[mod_auth,mod_vhostdb] add caching option (fixes #2805) auth.cache = ("max-age" => "600") vhostdb.cache = ("max-age" => "600") If specified with an empty array, default max-age is 600 secs (10 mins) auth.cache = () vhostdb.cache = () (Note: cache expiration occurs every 8 seconds, so maximum cache time might be up to max-age + 8 seconds) x-ref: "mod_auth caching" https://redmine.lighttpd.net/issues/2805
2 years ago
static http_auth_scheme_t http_auth_scheme_basic = { "basic", mod_auth_check_basic, NULL };
static http_auth_scheme_t http_auth_scheme_digest = { "digest", mod_auth_check_digest, NULL };
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
static const http_auth_scheme_t http_auth_scheme_extern = { "extern", mod_auth_check_extern, NULL };
[mod_auth,mod_vhostdb] add caching option (fixes #2805) auth.cache = ("max-age" => "600") vhostdb.cache = ("max-age" => "600") If specified with an empty array, default max-age is 600 secs (10 mins) auth.cache = () vhostdb.cache = () (Note: cache expiration occurs every 8 seconds, so maximum cache time might be up to max-age + 8 seconds) x-ref: "mod_auth caching" https://redmine.lighttpd.net/issues/2805
2 years ago
plugin_data *p = calloc(1, sizeof(*p));
force_assert(p);
- white space cleanup part 2 this time 1.4 ;) i hope it helps with merging stuff back to 1.5 git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1371 152afb58-edef-0310-8abb-c4023f1b3aa9
16 years ago
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
/* register http_auth_scheme_* */
[mod_auth,mod_vhostdb] add caching option (fixes #2805) auth.cache = ("max-age" => "600") vhostdb.cache = ("max-age" => "600") If specified with an empty array, default max-age is 600 secs (10 mins) auth.cache = () vhostdb.cache = () (Note: cache expiration occurs every 8 seconds, so maximum cache time might be up to max-age + 8 seconds) x-ref: "mod_auth caching" https://redmine.lighttpd.net/issues/2805
2 years ago
http_auth_scheme_basic.p_d = p;
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
http_auth_scheme_set(&http_auth_scheme_basic);
[mod_auth,mod_vhostdb] add caching option (fixes #2805) auth.cache = ("max-age" => "600") vhostdb.cache = ("max-age" => "600") If specified with an empty array, default max-age is 600 secs (10 mins) auth.cache = () vhostdb.cache = () (Note: cache expiration occurs every 8 seconds, so maximum cache time might be up to max-age + 8 seconds) x-ref: "mod_auth caching" https://redmine.lighttpd.net/issues/2805
2 years ago
http_auth_scheme_digest.p_d = p;
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
http_auth_scheme_set(&http_auth_scheme_digest);
http_auth_scheme_set(&http_auth_scheme_extern);
- white space cleanup part 2 this time 1.4 ;) i hope it helps with merging stuff back to 1.5 git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1371 152afb58-edef-0310-8abb-c4023f1b3aa9
16 years ago
moved everything below trunk/ and added branches/ and tags/ git-svn-id: svn://svn.lighttpd.net/lighttpd/trunk@30 152afb58-edef-0310-8abb-c4023f1b3aa9
18 years ago
return p;
}
[multiple] plugin.c handles common FREE_FUNC code (simpler for modules; less boilerplate to cut-n-paste)
3 years ago
FREE_FUNC(mod_auth_free) {
plugin_data * const p = p_d;
[mod_auth*] use config_plugin_values_init()
3 years ago
if (NULL == p->cvlist) return;
/* (init i to 0 if global context; to 1 to skip empty global context) */
for (int i = !p->cvlist[0].v.u2[1], used = p->nconfig; i < used; ++i) {
config_plugin_value_t *cpv = p->cvlist + p->cvlist[i].v.u2[0];
for (; -1 != cpv->k_id; ++cpv) {
if (cpv->vtype != T_CONFIG_LOCAL || NULL == cpv->v.v) continue;
switch (cpv->k_id) {
case 1: /* auth.require */
array_free(cpv->v.v);
break;
[mod_auth,mod_vhostdb] add caching option (fixes #2805) auth.cache = ("max-age" => "600") vhostdb.cache = ("max-age" => "600") If specified with an empty array, default max-age is 600 secs (10 mins) auth.cache = () vhostdb.cache = () (Note: cache expiration occurs every 8 seconds, so maximum cache time might be up to max-age + 8 seconds) x-ref: "mod_auth caching" https://redmine.lighttpd.net/issues/2805
2 years ago
case 3: /* auth.cache */
http_auth_cache_free(cpv->v.v);
break;
[mod_auth*] use config_plugin_values_init()
3 years ago
default:
break;
}
}
}
[mod_auth,mod_vhostdb] move helper funcs to mods link http_auth.c into mod_auth link http_vhostdb.c into mod_vhostdb ensure that mod_auth loads before mod_authn_* ensure that mod_vhostdb loads before mod_vhostdb_*
1 year ago
http_auth_dumbdata_reset();
[mod_auth*] use config_plugin_values_init()
3 years ago
}
- white space cleanup part 2 this time 1.4 ;) i hope it helps with merging stuff back to 1.5 git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1371 152afb58-edef-0310-8abb-c4023f1b3aa9
16 years ago
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
/* data type for mod_auth structured data
* (parsed from auth.require array of strings) */
typedef struct {
DATA_UNSET;
http_auth_require_t *require;
} data_auth;
static void data_auth_free(data_unset *d)
{
data_auth * const dauth = (data_auth *)d;
[core] inline buffer as part of DATA_UNSET key (instead of key being (buffer *))
3 years ago
free(dauth->key.ptr);
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
http_auth_require_free(dauth->require);
free(dauth);
}
static data_auth *data_auth_init(void)
{
[core] more memory-efficient fn table for data_* save 40 bytes (64-bit), or 16 bytes (32-bit) per data_* element at the cost of going through indirect function pointer to execute methods. At runtime, the reset() method is most used among them.
4 years ago
static const struct data_methods fn = {
NULL, /* copy must not be called on this data */
data_auth_free,
NULL, /* insert_dup must not be called on this data */
};
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
data_auth * const dauth = calloc(1, sizeof(*dauth));
force_assert(NULL != dauth);
dauth->type = TYPE_OTHER;
[core] more memory-efficient fn table for data_* save 40 bytes (64-bit), or 16 bytes (32-bit) per data_* element at the cost of going through indirect function pointer to execute methods. At runtime, the reset() method is most used among them.
4 years ago
dauth->fn = &fn;
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
dauth->require = http_auth_require_init();
return dauth;
}
[mod_auth] mod_auth_algorithm_parse() w/ algo len mod_auth_algorithm_parse() now takes an additional arg: algorithm strlen
1 year ago
static int mod_auth_algorithm_parse(http_auth_info_t *ai, const char *s, size_t len) {
if (0 == len) {
[mod_auth] HTTP Auth Digest algorithm=SHA-256 (also support Digest algorithm=SHA-512-256 if library support present) enable additional algorithms by configuring lighttpd.conf auth.require with new optional keyword "algorithm" => "MD5|SHA-256" default algorithm remains MD5 if "algorithm" not specified Tested with: curl --digest -u "user:pass" ... (which supports SHA-256) x-ref: "HTTP Digest Access Authentication" https://tools.ietf.org/html/rfc7616
3 years ago
ai->dalgo = HTTP_AUTH_DIGEST_MD5;
ai->dlen = HTTP_AUTH_DIGEST_MD5_BINLEN;
return 1;
}
if (len > 5
&& (s[len-5] ) == '-'
&& (s[len-4] | 0x20) == 's'
&& (s[len-3] | 0x20) == 'e'
&& (s[len-2] | 0x20) == 's'
&& (s[len-1] | 0x20) == 's') {
ai->dalgo = HTTP_AUTH_DIGEST_SESS;
len -= 5;
}
else {
ai->dalgo = HTTP_AUTH_DIGEST_NONE;
}
if (3 == len
&& 'm' == (s[0] | 0x20)
&& 'd' == (s[1] | 0x20)
&& '5' == (s[2] )) {
ai->dalgo |= HTTP_AUTH_DIGEST_MD5;
ai->dlen = HTTP_AUTH_DIGEST_MD5_BINLEN;
return 1;
}
[multiple] ./configure --with-nettle to use Nettle ./configure --with-nettle to use Nettle crypto lib for algorithms, instead of OpenSSL or wolfSSL. Note: Nettle does not provide TLS. x-ref: "How to use SHA-256 without OpenSSL?" https://redmine.lighttpd.net/boards/2/topics/8903
2 years ago
#ifdef USE_LIB_CRYPTO
[mod_auth] HTTP Auth Digest algorithm=SHA-256 (also support Digest algorithm=SHA-512-256 if library support present) enable additional algorithms by configuring lighttpd.conf auth.require with new optional keyword "algorithm" => "MD5|SHA-256" default algorithm remains MD5 if "algorithm" not specified Tested with: curl --digest -u "user:pass" ... (which supports SHA-256) x-ref: "HTTP Digest Access Authentication" https://tools.ietf.org/html/rfc7616
3 years ago
else if (len >= 7
&& 's' == (s[0] | 0x20)
&& 'h' == (s[1] | 0x20)
&& 'a' == (s[2] | 0x20)
&& '-' == (s[3] )) {
if (len == 7 && s[4] == '2' && s[5] == '5' && s[6] == '6') {
ai->dalgo |= HTTP_AUTH_DIGEST_SHA256;
ai->dlen = HTTP_AUTH_DIGEST_SHA256_BINLEN;
return 1;
}
[core] sys-crypto-md.h w/ inline message digest fn sys-crypto-md.h w/ inline message digest functions; shared code
2 years ago
#ifdef USE_LIB_CRYPTO_SHA512_256
[mod_auth] HTTP Auth Digest algorithm=SHA-256 (also support Digest algorithm=SHA-512-256 if library support present) enable additional algorithms by configuring lighttpd.conf auth.require with new optional keyword "algorithm" => "MD5|SHA-256" default algorithm remains MD5 if "algorithm" not specified Tested with: curl --digest -u "user:pass" ... (which supports SHA-256) x-ref: "HTTP Digest Access Authentication" https://tools.ietf.org/html/rfc7616
3 years ago
if (len == 11 && 0 == memcmp(s+4, "512-256", 7)) {
ai->dalgo |= HTTP_AUTH_DIGEST_SHA512_256;
ai->dlen = HTTP_AUTH_DIGEST_SHA512_256_BINLEN;
return 1;
}
#endif
}
#endif
return 0; /*(error)*/
}
static int mod_auth_algorithms_parse(int *algorithm, buffer *algos) {
[mod_auth] mod_auth_algorithm_parse() w/ algo len mod_auth_algorithm_parse() now takes an additional arg: algorithm strlen
1 year ago
for (const char *s = algos->ptr, *p; s; s = p ? p+1 : NULL) {
[mod_auth] HTTP Auth Digest algorithm=SHA-256 (also support Digest algorithm=SHA-512-256 if library support present) enable additional algorithms by configuring lighttpd.conf auth.require with new optional keyword "algorithm" => "MD5|SHA-256" default algorithm remains MD5 if "algorithm" not specified Tested with: curl --digest -u "user:pass" ... (which supports SHA-256) x-ref: "HTTP Digest Access Authentication" https://tools.ietf.org/html/rfc7616
3 years ago
http_auth_info_t ai;
p = strchr(s, '|');
[mod_auth] mod_auth_algorithm_parse() w/ algo len mod_auth_algorithm_parse() now takes an additional arg: algorithm strlen
1 year ago
if (!mod_auth_algorithm_parse(&ai, s, p ? (size_t)(p - s) : strlen(s)))
return 0;
[mod_auth] HTTP Auth Digest algorithm=SHA-256 (also support Digest algorithm=SHA-512-256 if library support present) enable additional algorithms by configuring lighttpd.conf auth.require with new optional keyword "algorithm" => "MD5|SHA-256" default algorithm remains MD5 if "algorithm" not specified Tested with: curl --digest -u "user:pass" ... (which supports SHA-256) x-ref: "HTTP Digest Access Authentication" https://tools.ietf.org/html/rfc7616
3 years ago
*algorithm |= ai.dalgo;
}
return 1;
}
[multiple] reduce direct use of srv->errh
3 years ago
static int mod_auth_require_parse (http_auth_require_t * const require, const buffer *b, log_error_st *errh)
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
{
/* user=name1|user=name2|group=name3|host=name4 */
const char *str = b->ptr;
const char *p;
if (buffer_is_equal_string(b, CONST_STR_LEN("valid-user"))) {
require->valid_user = 1;
return 1; /* success */
}
do {
const char *eq;
size_t len;
p = strchr(str, '|');
len = NULL != p ? (size_t)(p - str) : strlen(str);
eq = memchr(str, '=', len);
if (NULL == eq) {
[multiple] reduce direct use of srv->errh
3 years ago
log_error(errh, __FILE__, __LINE__,
[multiple] prefer (connection *) to (srv *) convert all log_error_write() to log_error() and pass (log_error_st *) use con->errh in preference to srv->errh (even though currently same) avoid passing (server *) when previously used only for logging (errh)
3 years ago
"error parsing auth.require 'require' field: missing '=' "
"(expecting \"valid-user\" or \"user=a|user=b|group=g|host=h\"). "
"error value: %s error near: %s", b->ptr, str);
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
return 0;
}
[mod_auth] minor: adjust config validation x-ref: "PVS-Studio Analysis Results" https://redmine.lighttpd.net/boards/3/topics/8459 http://www.fly-server.ru/pvs-studio/lighttpd/
3 years ago
if (eq[1] == '|' || eq[1] == '\0') {
[multiple] reduce direct use of srv->errh
3 years ago
log_error(errh, __FILE__, __LINE__,
[multiple] prefer (connection *) to (srv *) convert all log_error_write() to log_error() and pass (log_error_st *) use con->errh in preference to srv->errh (even though currently same) avoid passing (server *) when previously used only for logging (errh)
3 years ago
"error parsing auth.require 'require' field: "
"missing token after '=' "
"(expecting \"valid-user\" or \"user=a|user=b|group=g|host=h\"). "
"error value: %s error near: %s", b->ptr, str);
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
return 0;
}
switch ((int)(eq - str)) {
case 4:
if (0 == memcmp(str, CONST_STR_LEN("user"))) {
[multiple] code reuse: using array_*() funcs
4 years ago
/*("user=" is 5)*/
[mod_auth] inline arrays in http_auth_require_t also, keep ptr to const buffer *realm rather than copy
3 years ago
array_set_key_value(&require->user, str+5, len-5, CONST_STR_LEN(""));
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
continue;
}
else if (0 == memcmp(str, CONST_STR_LEN("host"))) {
[multiple] code reuse: using array_*() funcs
4 years ago
/*("host=" is 5)*/
[mod_auth] inline arrays in http_auth_require_t also, keep ptr to const buffer *realm rather than copy
3 years ago
array_set_key_value(&require->host, str+5, len-5, CONST_STR_LEN(""));
[multiple] reduce direct use of srv->errh
3 years ago
log_error(errh, __FILE__, __LINE__,
[multiple] prefer (connection *) to (srv *) convert all log_error_write() to log_error() and pass (log_error_st *) use con->errh in preference to srv->errh (even though currently same) avoid passing (server *) when previously used only for logging (errh)
3 years ago
"warning parsing auth.require 'require' field: "
"'host' not implemented; field value: %s", b->ptr);
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
continue;
}
break; /* to error */
case 5:
if (0 == memcmp(str, CONST_STR_LEN("group"))) {
[multiple] code reuse: using array_*() funcs
4 years ago
/*("group=" is 6)*/
[mod_auth] inline arrays in http_auth_require_t also, keep ptr to const buffer *realm rather than copy
3 years ago
array_set_key_value(&require->group, str+6, len-6, CONST_STR_LEN(""));
[mod_auth] support LDAP groups for HTTP auth (fixes #1817) x-ref: "LDAP-Group support for HTTP-Authentication" https://redmine.lighttpd.net/issues/1817
6 years ago
#if 0/*(supported by mod_authn_ldap, but not all other backends)*/
[multiple] reduce direct use of srv->errh
3 years ago
log_error(errh, __FILE__, __LINE__,
[multiple] prefer (connection *) to (srv *) convert all log_error_write() to log_error() and pass (log_error_st *) use con->errh in preference to srv->errh (even though currently same) avoid passing (server *) when previously used only for logging (errh)
3 years ago
"warning parsing auth.require 'require' field: "
"'group' not implemented; field value: %s", b->ptr);
[mod_auth] support LDAP groups for HTTP auth (fixes #1817) x-ref: "LDAP-Group support for HTTP-Authentication" https://redmine.lighttpd.net/issues/1817
6 years ago
#endif
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
continue;
}
break; /* to error */
case 10:
if (0 == memcmp(str, CONST_STR_LEN("valid-user"))) {
[multiple] reduce direct use of srv->errh
3 years ago
log_error(errh, __FILE__, __LINE__,
[multiple] prefer (connection *) to (srv *) convert all log_error_write() to log_error() and pass (log_error_st *) use con->errh in preference to srv->errh (even though currently same) avoid passing (server *) when previously used only for logging (errh)
3 years ago
"error parsing auth.require 'require' field: "
"valid user can not be combined with other require rules "
"(expecting \"valid-user\" or "
"\"user=a|user=b|group=g|host=h\"). error value: %s", b->ptr);
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
return 0;
}
break; /* to error */
default:
break; /* to error */
}
[multiple] reduce direct use of srv->errh
3 years ago
log_error(errh, __FILE__, __LINE__,
[multiple] prefer (connection *) to (srv *) convert all log_error_write() to log_error() and pass (log_error_st *) use con->errh in preference to srv->errh (even though currently same) avoid passing (server *) when previously used only for logging (errh)
3 years ago
"error parsing auth.require 'require' field: "
"invalid/unsupported token "
"(expecting \"valid-user\" or \"user=a|user=b|group=g|host=h\"). "
"error value: %s error near: %s", b->ptr, str);
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
return 0;
} while (p && *((str = p+1)));
return 1; /* success */
}
[multiple] reduce direct use of srv->errh
3 years ago
static handler_t mod_auth_require_parse_array(const array *value, array * const auth_require, log_error_st *errh)
[mod_auth*] use config_plugin_values_init()
3 years ago
{
for (uint32_t n = 0; n < value->used; ++n) {
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
size_t m;
[mod_auth*] use config_plugin_values_init()
3 years ago
data_array *da_file = (data_array *)value->data[n];
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
const buffer *method = NULL, *realm = NULL, *require = NULL;
[mod_auth] "nonce_secret" option to validate nonce (fixes #2976) "nonce_secret" option to validate nonce was generated by the server Marginally hardens HTTP Digest Auth. Necessary piece, but not sufficient, to restrict re-use of nonce (mitigations for replay or limiting nonce count reuse via nc=... are not implemented) x-ref: "Digest auth nonces are not validated" https://redmine.lighttpd.net/issues/2976
2 years ago
const buffer *nonce_secret = NULL;
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
const http_auth_scheme_t *auth_scheme;
[mod_auth] HTTP Auth Digest algorithm=SHA-256 (also support Digest algorithm=SHA-512-256 if library support present) enable additional algorithms by configuring lighttpd.conf auth.require with new optional keyword "algorithm" => "MD5|SHA-256" default algorithm remains MD5 if "algorithm" not specified Tested with: curl --digest -u "user:pass" ... (which supports SHA-256) x-ref: "HTTP Digest Access Authentication" https://tools.ietf.org/html/rfc7616
3 years ago
buffer *algos = NULL;
int algorithm = HTTP_AUTH_DIGEST_SESS;
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
[core] inline array as part of data_array value (instead of value being (array *))
3 years ago
if (!array_is_kvstring(&da_file->value)) {
[multiple] reduce direct use of srv->errh
3 years ago
log_error(errh, __FILE__, __LINE__,
[multiple] prefer (connection *) to (srv *) convert all log_error_write() to log_error() and pass (log_error_st *) use con->errh in preference to srv->errh (even though currently same) avoid passing (server *) when previously used only for logging (errh)
3 years ago
"unexpected value for auth.require; expected "
"auth.require = ( \"urlpath\" => ( \"option\" => \"value\" ) )");
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
return HANDLER_ERROR;
}
[core] inline array as part of data_array value (instead of value being (array *))
3 years ago
for (m = 0; m < da_file->value.used; m++) {
if (da_file->value.data[m]->type == TYPE_STRING) {
data_string *ds = (data_string *)da_file->value.data[m];
[core] inline buffer as part of DATA_UNSET key (instead of key being (buffer *))
3 years ago
if (buffer_is_equal_string(&ds->key, CONST_STR_LEN("method"))) {
[core] inline buffer as part of data_string value (instead of value being (buffer *))
3 years ago
method = &ds->value;
[core] inline buffer as part of DATA_UNSET key (instead of key being (buffer *))
3 years ago
} else if (buffer_is_equal_string(&ds->key, CONST_STR_LEN("realm"))) {
[core] inline buffer as part of data_string value (instead of value being (buffer *))
3 years ago
realm = &ds->value;
[core] inline buffer as part of DATA_UNSET key (instead of key being (buffer *))
3 years ago
} else if (buffer_is_equal_string(&ds->key, CONST_STR_LEN("require"))) {
[core] inline buffer as part of data_string value (instead of value being (buffer *))
3 years ago
require = &ds->value;
[core] inline buffer as part of DATA_UNSET key (instead of key being (buffer *))
3 years ago
} else if (buffer_is_equal_string(&ds->key, CONST_STR_LEN("algorithm"))) {
[core] inline buffer as part of data_string value (instead of value being (buffer *))
3 years ago
algos = &ds->value;
[mod_auth] accept "nonce-secret" & "nonce_secret"
2 years ago
} else if (buffer_is_equal_string(&ds->key, CONST_STR_LEN("nonce_secret"))
|| buffer_is_equal_string(&ds->key, CONST_STR_LEN("nonce-secret"))) {
[mod_auth] "nonce_secret" option to validate nonce (fixes #2976) "nonce_secret" option to validate nonce was generated by the server Marginally hardens HTTP Digest Auth. Necessary piece, but not sufficient, to restrict re-use of nonce (mitigations for replay or limiting nonce count reuse via nc=... are not implemented) x-ref: "Digest auth nonces are not validated" https://redmine.lighttpd.net/issues/2976
2 years ago
nonce_secret = &ds->value;
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
} else {
[multiple] reduce direct use of srv->errh
3 years ago
log_error(errh, __FILE__, __LINE__,
[multiple] prefer (connection *) to (srv *) convert all log_error_write() to log_error() and pass (log_error_st *) use con->errh in preference to srv->errh (even though currently same) avoid passing (server *) when previously used only for logging (errh)
3 years ago
"the field is unknown in: "
"auth.require = ( \"...\" => ( ..., -> \"%s\" <- => \"...\" ) )",
da_file->value.data[m]->key.ptr);
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
return HANDLER_ERROR;
}
} else {
[multiple] reduce direct use of srv->errh
3 years ago
log_error(errh, __FILE__, __LINE__,
[multiple] prefer (connection *) to (srv *) convert all log_error_write() to log_error() and pass (log_error_st *) use con->errh in preference to srv->errh (even though currently same) avoid passing (server *) when previously used only for logging (errh)
3 years ago
"a string was expected for: "
"auth.require = ( \"...\" => ( ..., -> \"%s\" <- => \"...\" ) )",
da_file->value.data[m]->key.ptr);
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
return HANDLER_ERROR;
}
}
[multiple] reduce redundant NULL buffer checks This commit is a large set of code changes and results in removal of hundreds, perhaps thousands, of CPU instructions, a portion of which are on hot code paths. Most (buffer *) used by lighttpd are not NULL, especially since buffers were inlined into numerous larger structs such as request_st and chunk. In the small number of instances where that is not the case, a NULL check is often performed earlier in a function where that buffer is later used with a buffer_* func. In the handful of cases that remained, a NULL check was added, e.g. with r->http_host and r->conf.server_tag. - check for empty strings at config time and set value to NULL if blank string will be ignored at runtime; at runtime, simple pointer check for NULL can be used to check for a value that has been set and is not blank ("") - use buffer_is_blank() instead of buffer_string_is_empty(), and use buffer_is_unset() instead of buffer_is_empty(), where buffer is known not to be NULL so that NULL check can be skipped - use buffer_clen() instead of buffer_string_length() when buffer is known not to be NULL (to avoid NULL check at runtime) - use buffer_truncate() instead of buffer_string_set_length() to truncate string, and use buffer_extend() to extend Examples where buffer known not to be NULL: - cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL (though we might set it to NULL if buffer_is_blank(cpv->v.b)) - address of buffer is arg (&foo) (compiler optimizer detects this in most, but not all, cases) - buffer is checked for NULL earlier in func - buffer is accessed in same scope without a NULL check (e.g. b->ptr) internal behavior change: callers must not pass a NULL buffer to some funcs. - buffer_init_buffer() requires non-null args - buffer_copy_buffer() requires non-null args - buffer_append_string_buffer() requires non-null args - buffer_string_space() requires non-null arg
1 year ago
if (!method || buffer_is_blank(method)) {
[multiple] reduce direct use of srv->errh
3 years ago
log_error(errh, __FILE__, __LINE__,
[multiple] prefer (connection *) to (srv *) convert all log_error_write() to log_error() and pass (log_error_st *) use con->errh in preference to srv->errh (even though currently same) avoid passing (server *) when previously used only for logging (errh)
3 years ago
"the method field is missing or blank in: "
"auth.require = ( \"...\" => ( ..., \"method\" => \"...\" ) )");
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
return HANDLER_ERROR;
} else {
auth_scheme = http_auth_scheme_get(method);
if (NULL == auth_scheme) {
[multiple] reduce direct use of srv->errh
3 years ago
log_error(errh, __FILE__, __LINE__,
[multiple] prefer (connection *) to (srv *) convert all log_error_write() to log_error() and pass (log_error_st *) use con->errh in preference to srv->errh (even though currently same) avoid passing (server *) when previously used only for logging (errh)
3 years ago
"unknown method %s (e.g. \"basic\", \"digest\" or \"extern\") in "
"auth.require = ( \"...\" => ( ..., \"method\" => \"...\") )", method->ptr);
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
return HANDLER_ERROR;
}
}
[multiple] reduce redundant NULL buffer checks This commit is a large set of code changes and results in removal of hundreds, perhaps thousands, of CPU instructions, a portion of which are on hot code paths. Most (buffer *) used by lighttpd are not NULL, especially since buffers were inlined into numerous larger structs such as request_st and chunk. In the small number of instances where that is not the case, a NULL check is often performed earlier in a function where that buffer is later used with a buffer_* func. In the handful of cases that remained, a NULL check was added, e.g. with r->http_host and r->conf.server_tag. - check for empty strings at config time and set value to NULL if blank string will be ignored at runtime; at runtime, simple pointer check for NULL can be used to check for a value that has been set and is not blank ("") - use buffer_is_blank() instead of buffer_string_is_empty(), and use buffer_is_unset() instead of buffer_is_empty(), where buffer is known not to be NULL so that NULL check can be skipped - use buffer_clen() instead of buffer_string_length() when buffer is known not to be NULL (to avoid NULL check at runtime) - use buffer_truncate() instead of buffer_string_set_length() to truncate string, and use buffer_extend() to extend Examples where buffer known not to be NULL: - cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL (though we might set it to NULL if buffer_is_blank(cpv->v.b)) - address of buffer is arg (&foo) (compiler optimizer detects this in most, but not all, cases) - buffer is checked for NULL earlier in func - buffer is accessed in same scope without a NULL check (e.g. b->ptr) internal behavior change: callers must not pass a NULL buffer to some funcs. - buffer_init_buffer() requires non-null args - buffer_copy_buffer() requires non-null args - buffer_append_string_buffer() requires non-null args - buffer_string_space() requires non-null arg
1 year ago
if (!realm) {
[multiple] reduce direct use of srv->errh
3 years ago
log_error(errh, __FILE__, __LINE__,
[multiple] prefer (connection *) to (srv *) convert all log_error_write() to log_error() and pass (log_error_st *) use con->errh in preference to srv->errh (even though currently same) avoid passing (server *) when previously used only for logging (errh)
3 years ago
"the realm field is missing in: "
"auth.require = ( \"...\" => ( ..., \"realm\" => \"...\" ) )");
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
return HANDLER_ERROR;
}
[multiple] reduce redundant NULL buffer checks This commit is a large set of code changes and results in removal of hundreds, perhaps thousands, of CPU instructions, a portion of which are on hot code paths. Most (buffer *) used by lighttpd are not NULL, especially since buffers were inlined into numerous larger structs such as request_st and chunk. In the small number of instances where that is not the case, a NULL check is often performed earlier in a function where that buffer is later used with a buffer_* func. In the handful of cases that remained, a NULL check was added, e.g. with r->http_host and r->conf.server_tag. - check for empty strings at config time and set value to NULL if blank string will be ignored at runtime; at runtime, simple pointer check for NULL can be used to check for a value that has been set and is not blank ("") - use buffer_is_blank() instead of buffer_string_is_empty(), and use buffer_is_unset() instead of buffer_is_empty(), where buffer is known not to be NULL so that NULL check can be skipped - use buffer_clen() instead of buffer_string_length() when buffer is known not to be NULL (to avoid NULL check at runtime) - use buffer_truncate() instead of buffer_string_set_length() to truncate string, and use buffer_extend() to extend Examples where buffer known not to be NULL: - cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL (though we might set it to NULL if buffer_is_blank(cpv->v.b)) - address of buffer is arg (&foo) (compiler optimizer detects this in most, but not all, cases) - buffer is checked for NULL earlier in func - buffer is accessed in same scope without a NULL check (e.g. b->ptr) internal behavior change: callers must not pass a NULL buffer to some funcs. - buffer_init_buffer() requires non-null args - buffer_copy_buffer() requires non-null args - buffer_append_string_buffer() requires non-null args - buffer_string_space() requires non-null arg
1 year ago
if (!require || buffer_is_blank(require)) {
[multiple] reduce direct use of srv->errh
3 years ago
log_error(errh, __FILE__, __LINE__,
[multiple] prefer (connection *) to (srv *) convert all log_error_write() to log_error() and pass (log_error_st *) use con->errh in preference to srv->errh (even though currently same) avoid passing (server *) when previously used only for logging (errh)
3 years ago
"the require field is missing or blank in: "
"auth.require = ( \"...\" => ( ..., \"require\" => \"...\" ) )");
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
return HANDLER_ERROR;
}
[multiple] reduce redundant NULL buffer checks This commit is a large set of code changes and results in removal of hundreds, perhaps thousands, of CPU instructions, a portion of which are on hot code paths. Most (buffer *) used by lighttpd are not NULL, especially since buffers were inlined into numerous larger structs such as request_st and chunk. In the small number of instances where that is not the case, a NULL check is often performed earlier in a function where that buffer is later used with a buffer_* func. In the handful of cases that remained, a NULL check was added, e.g. with r->http_host and r->conf.server_tag. - check for empty strings at config time and set value to NULL if blank string will be ignored at runtime; at runtime, simple pointer check for NULL can be used to check for a value that has been set and is not blank ("") - use buffer_is_blank() instead of buffer_string_is_empty(), and use buffer_is_unset() instead of buffer_is_empty(), where buffer is known not to be NULL so that NULL check can be skipped - use buffer_clen() instead of buffer_string_length() when buffer is known not to be NULL (to avoid NULL check at runtime) - use buffer_truncate() instead of buffer_string_set_length() to truncate string, and use buffer_extend() to extend Examples where buffer known not to be NULL: - cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL (though we might set it to NULL if buffer_is_blank(cpv->v.b)) - address of buffer is arg (&foo) (compiler optimizer detects this in most, but not all, cases) - buffer is checked for NULL earlier in func - buffer is accessed in same scope without a NULL check (e.g. b->ptr) internal behavior change: callers must not pass a NULL buffer to some funcs. - buffer_init_buffer() requires non-null args - buffer_copy_buffer() requires non-null args - buffer_append_string_buffer() requires non-null args - buffer_string_space() requires non-null arg
1 year ago
if (!algos || buffer_is_blank(algos)) {
[mod_auth] HTTP Auth Digest algorithm=SHA-256 (also support Digest algorithm=SHA-512-256 if library support present) enable additional algorithms by configuring lighttpd.conf auth.require with new optional keyword "algorithm" => "MD5|SHA-256" default algorithm remains MD5 if "algorithm" not specified Tested with: curl --digest -u "user:pass" ... (which supports SHA-256) x-ref: "HTTP Digest Access Authentication" https://tools.ietf.org/html/rfc7616
3 years ago
algorithm |= HTTP_AUTH_DIGEST_MD5;
} else if (!mod_auth_algorithms_parse(&algorithm, algos)) {
[multiple] reduce direct use of srv->errh
3 years ago
log_error(errh, __FILE__, __LINE__,
[multiple] prefer (connection *) to (srv *) convert all log_error_write() to log_error() and pass (log_error_st *) use con->errh in preference to srv->errh (even though currently same) avoid passing (server *) when previously used only for logging (errh)
3 years ago
"invalid algorithm in: "
"auth.require = ( \"...\" => ( ..., \"algorithm\" => \"...\" ) )");
[mod_auth] HTTP Auth Digest algorithm=SHA-256 (also support Digest algorithm=SHA-512-256 if library support present) enable additional algorithms by configuring lighttpd.conf auth.require with new optional keyword "algorithm" => "MD5|SHA-256" default algorithm remains MD5 if "algorithm" not specified Tested with: curl --digest -u "user:pass" ... (which supports SHA-256) x-ref: "HTTP Digest Access Authentication" https://tools.ietf.org/html/rfc7616
3 years ago
return HANDLER_ERROR;
}
silence warnings from clang ccc-analyzer
6 years ago
if (require) { /*(always true at this point)*/
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
data_auth * const dauth = data_auth_init();
[core] inline buffer as part of DATA_UNSET key (instead of key being (buffer *))
3 years ago
buffer_copy_buffer(&dauth->key, &da_file->key);
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
dauth->require->scheme = auth_scheme;
[mod_auth] HTTP Auth Digest algorithm=SHA-256 (also support Digest algorithm=SHA-512-256 if library support present) enable additional algorithms by configuring lighttpd.conf auth.require with new optional keyword "algorithm" => "MD5|SHA-256" default algorithm remains MD5 if "algorithm" not specified Tested with: curl --digest -u "user:pass" ... (which supports SHA-256) x-ref: "HTTP Digest Access Authentication" https://tools.ietf.org/html/rfc7616
3 years ago
dauth->require->algorithm = algorithm;
[mod_auth] inline arrays in http_auth_require_t also, keep ptr to const buffer *realm rather than copy
3 years ago
dauth->require->realm = realm;
[mod_auth] "nonce_secret" option to validate nonce (fixes #2976) "nonce_secret" option to validate nonce was generated by the server Marginally hardens HTTP Digest Auth. Necessary piece, but not sufficient, to restrict re-use of nonce (mitigations for replay or limiting nonce count reuse via nc=... are not implemented) x-ref: "Digest auth nonces are not validated" https://redmine.lighttpd.net/issues/2976
2 years ago
dauth->require->nonce_secret = nonce_secret; /*(NULL is ok)*/
[multiple] reduce direct use of srv->errh
3 years ago
if (!mod_auth_require_parse(dauth->require, require, errh)) {
[core] more memory-efficient fn table for data_* save 40 bytes (64-bit), or 16 bytes (32-bit) per data_* element at the cost of going through indirect function pointer to execute methods. At runtime, the reset() method is most used among them.
4 years ago
dauth->fn->free((data_unset *)dauth);
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
return HANDLER_ERROR;
}
[mod_auth*] use config_plugin_values_init()
3 years ago
array_insert_unique(auth_require, (data_unset *)dauth);
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
}
}
return HANDLER_GO_ON;
}
[mod_auth*] use config_plugin_values_init()
3 years ago
static void mod_auth_merge_config_cpv(plugin_config * const pconf, const config_plugin_value_t * const cpv) {
switch (cpv->k_id) { /* index into static config_plugin_keys_t cpk[] */
case 0: /* auth.backend */
if (cpv->vtype == T_CONFIG_LOCAL)
pconf->auth_backend = cpv->v.v;
break;
case 1: /* auth.require */
if (cpv->vtype == T_CONFIG_LOCAL)
pconf->auth_require = cpv->v.v;
break;
case 2: /* auth.extern-authn */
pconf->auth_extern_authn = cpv->v.u;
[mod_auth,mod_vhostdb] add caching option (fixes #2805) auth.cache = ("max-age" => "600") vhostdb.cache = ("max-age" => "600") If specified with an empty array, default max-age is 600 secs (10 mins) auth.cache = () vhostdb.cache = () (Note: cache expiration occurs every 8 seconds, so maximum cache time might be up to max-age + 8 seconds) x-ref: "mod_auth caching" https://redmine.lighttpd.net/issues/2805
2 years ago
break;
case 3: /* auth.cache */
if (cpv->vtype == T_CONFIG_LOCAL)
pconf->auth_cache = cpv->v.v;
break;
[mod_auth*] use config_plugin_values_init()
3 years ago
default:/* should not happen */
return;
}
}
static void mod_auth_merge_config(plugin_config * const pconf, const config_plugin_value_t *cpv) {
do {
mod_auth_merge_config_cpv(pconf, cpv);
} while ((++cpv)->k_id != -1);
}
[multiple] split con, request (very large change) NB: r->tmp_buf == srv->tmp_buf (pointer is copied for quicker access) NB: request read and write chunkqueues currently point to connection chunkqueues; per-request and per-connection chunkqueues are not distinct from one another con->read_queue == r->read_queue con->write_queue == r->write_queue NB: in the future, a separate connection config may be needed for connection-level module hooks. Similarly, might need to have per-request chunkqueues separate from per-connection chunkqueues. Should probably also have a request_reset() which is distinct from connection_reset().
3 years ago
static void mod_auth_patch_config(request_st * const r, plugin_data * const p) {
[multiple] copy small struct instead of memcpy() when patching config
3 years ago
p->conf = p->defaults; /* copy small struct instead of memcpy() */
/*memcpy(&p->conf, &p->defaults, sizeof(plugin_config));*/
[mod_auth*] use config_plugin_values_init()
3 years ago
for (int i = 1, used = p->nconfig; i < used; ++i) {
[multiple] split con, request (very large change) NB: r->tmp_buf == srv->tmp_buf (pointer is copied for quicker access) NB: request read and write chunkqueues currently point to connection chunkqueues; per-request and per-connection chunkqueues are not distinct from one another con->read_queue == r->read_queue con->write_queue == r->write_queue NB: in the future, a separate connection config may be needed for connection-level module hooks. Similarly, might need to have per-request chunkqueues separate from per-connection chunkqueues. Should probably also have a request_reset() which is distinct from connection_reset().
3 years ago
if (config_check_cond(r, (uint32_t)p->cvlist[i].k_id))
[mod_auth*] use config_plugin_values_init()
3 years ago
mod_auth_merge_config(&p->conf, p->cvlist + p->cvlist[i].v.u2[0]);
}
}
SETDEFAULTS_FUNC(mod_auth_set_defaults) {
static const config_plugin_keys_t cpk[] = {
{ CONST_STR_LEN("auth.backend"),
T_CONFIG_STRING,
T_CONFIG_SCOPE_CONNECTION }
,{ CONST_STR_LEN("auth.require"),
[multiple] generic config array type checking
3 years ago
T_CONFIG_ARRAY_KVARRAY,
[mod_auth*] use config_plugin_values_init()
3 years ago
T_CONFIG_SCOPE_CONNECTION }
,{ CONST_STR_LEN("auth.extern-authn"),
T_CONFIG_BOOL,
T_CONFIG_SCOPE_CONNECTION }
[mod_auth,mod_vhostdb] add caching option (fixes #2805) auth.cache = ("max-age" => "600") vhostdb.cache = ("max-age" => "600") If specified with an empty array, default max-age is 600 secs (10 mins) auth.cache = () vhostdb.cache = () (Note: cache expiration occurs every 8 seconds, so maximum cache time might be up to max-age + 8 seconds) x-ref: "mod_auth caching" https://redmine.lighttpd.net/issues/2805
2 years ago
,{ CONST_STR_LEN("auth.cache"),
T_CONFIG_ARRAY,
T_CONFIG_SCOPE_CONNECTION }
[mod_auth*] use config_plugin_values_init()
3 years ago
,{ NULL, 0,
T_CONFIG_UNSET,
T_CONFIG_SCOPE_UNSET }
};
plugin_data * const p = p_d;
if (!config_plugin_values_init(srv, p, cpk, "mod_auth"))
return HANDLER_ERROR;
/* process and validate config directives
* (init i to 0 if global context; to 1 to skip empty global context) */
for (int i = !p->cvlist[0].v.u2[1]; i < p->nconfig; ++i) {
config_plugin_value_t *cpv = p->cvlist + p->cvlist[i].v.u2[0];
for (; -1 != cpv->k_id; ++cpv) {
switch (cpv->k_id) {
case 0: /* auth.backend */
[multiple] reduce redundant NULL buffer checks This commit is a large set of code changes and results in removal of hundreds, perhaps thousands, of CPU instructions, a portion of which are on hot code paths. Most (buffer *) used by lighttpd are not NULL, especially since buffers were inlined into numerous larger structs such as request_st and chunk. In the small number of instances where that is not the case, a NULL check is often performed earlier in a function where that buffer is later used with a buffer_* func. In the handful of cases that remained, a NULL check was added, e.g. with r->http_host and r->conf.server_tag. - check for empty strings at config time and set value to NULL if blank string will be ignored at runtime; at runtime, simple pointer check for NULL can be used to check for a value that has been set and is not blank ("") - use buffer_is_blank() instead of buffer_string_is_empty(), and use buffer_is_unset() instead of buffer_is_empty(), where buffer is known not to be NULL so that NULL check can be skipped - use buffer_clen() instead of buffer_string_length() when buffer is known not to be NULL (to avoid NULL check at runtime) - use buffer_truncate() instead of buffer_string_set_length() to truncate string, and use buffer_extend() to extend Examples where buffer known not to be NULL: - cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL (though we might set it to NULL if buffer_is_blank(cpv->v.b)) - address of buffer is arg (&foo) (compiler optimizer detects this in most, but not all, cases) - buffer is checked for NULL earlier in func - buffer is accessed in same scope without a NULL check (e.g. b->ptr) internal behavior change: callers must not pass a NULL buffer to some funcs. - buffer_init_buffer() requires non-null args - buffer_copy_buffer() requires non-null args - buffer_append_string_buffer() requires non-null args - buffer_string_space() requires non-null arg
1 year ago
if (!buffer_is_blank(cpv->v.b)) {
[mod_auth*] use config_plugin_values_init()
3 years ago
const http_auth_backend_t * const auth_backend =
http_auth_backend_get(cpv->v.b);
if (NULL == auth_backend) {
log_error(srv->errh, __FILE__, __LINE__,
"auth.backend not supported: %s", cpv->v.b->ptr);
return HANDLER_ERROR;
}
*(const http_auth_backend_t **)&cpv->v.v = auth_backend;
cpv->vtype = T_CONFIG_LOCAL;
}
break;
case 1: /* auth.require */
[multiple] generic config array type checking
3 years ago
{
[core] array_init() arg for initial size
3 years ago
array * const a = array_init(4);
[mod_auth*] use config_plugin_values_init()
3 years ago
if (HANDLER_GO_ON !=
[multiple] reduce direct use of srv->errh
3 years ago
mod_auth_require_parse_array(cpv->v.a, a, srv->errh)) {
[mod_auth*] use config_plugin_values_init()
3 years ago
array_free(a);
return HANDLER_ERROR;
}
cpv->v.a = a;
cpv->vtype = T_CONFIG_LOCAL;
}
break;
case 2: /* auth.extern-authn */
break;
[mod_auth,mod_vhostdb] add caching option (fixes #2805) auth.cache = ("max-age" => "600") vhostdb.cache = ("max-age" => "600") If specified with an empty array, default max-age is 600 secs (10 mins) auth.cache = () vhostdb.cache = () (Note: cache expiration occurs every 8 seconds, so maximum cache time might be up to max-age + 8 seconds) x-ref: "mod_auth caching" https://redmine.lighttpd.net/issues/2805
2 years ago
case 3: /* auth.cache */
cpv->v.v = http_auth_cache_init(cpv->v.a);
cpv->vtype = T_CONFIG_LOCAL;
break;
[mod_auth*] use config_plugin_values_init()
3 years ago
default:/* should not happen */
break;
}
}
}
/* initialize p->defaults from global config context */
if (p->nconfig > 0 && p->cvlist->v.u2[1]) {
const config_plugin_value_t *cpv = p->cvlist + p->cvlist->v.u2[0];
if (-1 != cpv->k_id)
mod_auth_merge_config(&p->defaults, cpv);
}
- white space cleanup part 2 this time 1.4 ;) i hope it helps with merging stuff back to 1.5 git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1371 152afb58-edef-0310-8abb-c4023f1b3aa9
16 years ago
[mod_auth*] use config_plugin_values_init()
3 years ago
return HANDLER_GO_ON;
moved everything below trunk/ and added branches/ and tags/ git-svn-id: svn://svn.lighttpd.net/lighttpd/trunk@30 152afb58-edef-0310-8abb-c4023f1b3aa9
18 years ago
}
[multiple] split con, request (very large change) NB: r->tmp_buf == srv->tmp_buf (pointer is copied for quicker access) NB: request read and write chunkqueues currently point to connection chunkqueues; per-request and per-connection chunkqueues are not distinct from one another con->read_queue == r->read_queue con->write_queue == r->write_queue NB: in the future, a separate connection config may be needed for connection-level module hooks. Similarly, might need to have per-request chunkqueues separate from per-connection chunkqueues. Should probably also have a request_reset() which is distinct from connection_reset().
3 years ago
static handler_t mod_auth_uri_handler(request_st * const r, void *p_d) {
[mod_auth] structured data, register auth schemes - parse auth.* directives into structured data during config processing - register auth schemes (basic, digest, extern, ...) for extensibility - remove auth.debug directive
6 years ago
plugin_data *p