lighttpd
/
lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

[multiple] con hooks store ctx in con->plugin_ctx 

modules with connection level hooks now store ctx in con->plugin_ctx
master
Glenn Strauss 2 years ago
parent
fea5bdc873
commit
164f7600b7
6 changed files with 124 additions and 137 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 28
      src/mod_extforward.c
  2. 49
      src/mod_gnutls.c
  3. 14
      src/mod_maxminddb.c
  4. 52
      src/mod_mbedtls.c
  5. 51
      src/mod_nss.c
  6. 67
      src/mod_openssl.c

28
src/mod_extforward.c
Unescape View File

@ -413,10 +413,10 @@ SETDEFAULTS_FUNC(mod_extforward_set_defaults) {
/* attempt to warn if mod_extforward is not last module loaded to hook
* handle_connection_accept. (Nice to have, but remove this check if
* it reaches too far into internals and prevents other code changes.)
* While it would be nice to check connection_handle_accept plugin slot
* While it would be nice to check handle_connection_accept plugin slot
* to make sure mod_extforward is last, that info is private to plugin.c
* so merely warn if mod_openssl is loaded after mod_extforward, though
* future modules which hook connection_handle_accept might be missed.*/
* future modules which hook handle_connection_accept might be missed.*/
if (hap_PROXY) {
uint32_t i;
for (i = 0; i < srv->srvconf.modules->used; ++i) {
@ -543,7 +543,7 @@ static const char *last_not_in_array(array *a, plugin_data *p)
static int mod_extforward_set_addr(request_st * const r, plugin_data *p, const char *addr) {
connection * const con = r->con;
sock_addr sock;
handler_ctx *hctx = r->plugin_ctx[p->id];
handler_ctx *hctx = con->plugin_ctx[p->id];
if (r->conf.log_request_handling) {
log_error(r->conf.errh, __FILE__, __LINE__, "using address: %s", addr);
@ -566,7 +566,7 @@ static int mod_extforward_set_addr(request_st * const r, plugin_data *p, const c
hctx->saved_remote_addr_buf = NULL;
}
} else {
r->plugin_ctx[p->id] = hctx = handler_ctx_init();
con->plugin_ctx[p->id] = hctx = handler_ctx_init();
}
/* save old address */
if (extforward_check_proxy) {
@ -1044,7 +1044,6 @@ static handler_t mod_extforward_Forwarded (request_st * const r, plugin_data * c
URIHANDLER_FUNC(mod_extforward_uri_handler) {
plugin_data *p = p_d;
const buffer *forwarded = NULL;
handler_ctx *hctx = r->plugin_ctx[p->id];
int is_forwarded_header = 0;
mod_extforward_patch_config(r, p);
@ -1056,6 +1055,7 @@ URIHANDLER_FUNC(mod_extforward_uri_handler) {
if (p->conf.hap_PROXY_ssl_client_verify) {
const data_string *ds;
handler_ctx *hctx = r->con->plugin_ctx[p->id];
if (NULL != hctx && hctx->ssl_client_verify && NULL != hctx->env
&& NULL != (ds = (const data_string *)array_get_element_klen(hctx->env, CONST_STR_LEN("SSL_CLIENT_S_DN_CN")))) {
http_header_env_set(r,
@ -1114,7 +1114,7 @@ URIHANDLER_FUNC(mod_extforward_uri_handler) {
REQUEST_FUNC(mod_extforward_handle_request_env) {
plugin_data *p = p_d;
handler_ctx *hctx = r->plugin_ctx[p->id];
handler_ctx *hctx = r->con->plugin_ctx[p->id];
if (NULL == hctx || NULL == hctx->env) return HANDLER_GO_ON;
for (uint32_t i=0; i < hctx->env->used; ++i) {
/* note: replaces values which may have been set by mod_openssl
@ -1131,11 +1131,11 @@ REQUEST_FUNC(mod_extforward_restore) {
/* XXX: should change this to not occur at request reset,
* but instead at connection reset */
plugin_data *p = p_d;
handler_ctx *hctx = r->plugin_ctx[p->id];
connection * const con = r->con;
handler_ctx *hctx = con->plugin_ctx[p->id];
if (!hctx) return HANDLER_GO_ON;
connection * const con = r->con;
if (NULL != hctx->saved_network_read) {
con->network_read = hctx->saved_network_read;
hctx->saved_network_read = NULL;
@ -1152,7 +1152,7 @@ REQUEST_FUNC(mod_extforward_restore) {
if (NULL == hctx->env) {
handler_ctx_free(hctx);
r->plugin_ctx[p->id] = NULL;
con->plugin_ctx[p->id] = NULL;
}
return HANDLER_GO_ON;
@ -1161,9 +1161,8 @@ REQUEST_FUNC(mod_extforward_restore) {
CONNECTION_FUNC(mod_extforward_handle_con_close)
{
request_st * const r = &con->request;
plugin_data *p = p_d;
handler_ctx *hctx = r->plugin_ctx[p->id];
handler_ctx *hctx = con->plugin_ctx[p->id];
if (NULL != hctx) {
if (NULL != hctx->saved_network_read) {
con->network_read = hctx->saved_network_read;
@ -1177,7 +1176,7 @@ CONNECTION_FUNC(mod_extforward_handle_con_close)
array_free(hctx->env);
}
handler_ctx_free(hctx);
r->plugin_ctx[p->id] = NULL;
con->plugin_ctx[p->id] = NULL;
}
return HANDLER_GO_ON;
@ -1195,7 +1194,7 @@ CONNECTION_FUNC(mod_extforward_handle_con_accept)
if (NULL == p->conf.forwarder) return HANDLER_GO_ON;
if (is_connection_trusted(con, p)) {
handler_ctx *hctx = handler_ctx_init();
r->plugin_ctx[p->id] = hctx;
con->plugin_ctx[p->id] = hctx;
hctx->saved_network_read = con->network_read;
con->network_read = mod_extforward_network_read;
}
@ -1606,10 +1605,9 @@ static int mod_extforward_hap_PROXY_v2 (connection * const con,
case PP2_TYPE_CRC32C:
#endif
case PP2_TYPE_SSL: {
request_st * const r = &con->request;
static const uint32_t zero = 0;
handler_ctx *hctx =
r->plugin_ctx[mod_extforward_plugin_data_singleton->id];
con->plugin_ctx[mod_extforward_plugin_data_singleton->id];
struct pp2_tlv_ssl *tlv_ssl =
(struct pp2_tlv_ssl *)(void *)((char *)tlv+3);
struct pp2_tlv *subtlv = tlv;

49
src/mod_gnutls.c
Unescape View File

@ -135,7 +135,7 @@ typedef struct {
static int ssl_is_init;
/* need assigned p->id for deep access of module handler_ctx for connection
* i.e. handler_ctx *hctx = r->plugin_ctx[plugin_data_singleton->id]; */
* i.e. handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id]; */
static plugin_data *plugin_data_singleton;
#define LOCAL_SEND_BUFSIZE 16384 /* DEFAULT_MAX_RECORD_SIZE */
static char *local_send_buffer;
@ -144,7 +144,6 @@ typedef struct {
gnutls_session_t ssl; /* gnutls request/connection context */
request_st *r;
connection *con;
int8_t request_env_patched;
int8_t close_notify;
uint8_t alpn;
int8_t ssl_session_ticket;
@ -153,6 +152,7 @@ typedef struct {
plugin_config conf;
unsigned int verify_status;
buffer *tmp_buf;
log_error_st *errh;
gnutls_certificate_credentials_t acme_tls_1_cred;
} handler_ctx;
@ -2201,8 +2201,9 @@ SETDEFAULTS_FUNC(mod_gnutls_set_defaults)
static int
load_next_chunk (request_st * const r, chunkqueue * const cq, off_t max_bytes,
const char ** const data, size_t * const data_len)
load_next_chunk (chunkqueue * const cq, off_t max_bytes,
const char ** const data, size_t * const data_len,
log_error_st * const errh)
{
chunk *c = cq->first;
@ -2256,7 +2257,7 @@ load_next_chunk (request_st * const r, chunkqueue * const cq, off_t max_bytes,
return 0;
case FILE_CHUNK:
if (0 != chunkqueue_open_file_chunk(cq, r->conf.errh)) return -1;
if (0 != chunkqueue_open_file_chunk(cq, errh)) return -1;
{
off_t offset, toSend;
@ -2269,11 +2270,11 @@ load_next_chunk (request_st * const r, chunkqueue * const cq, off_t max_bytes,
if (toSend > max_bytes) toSend = max_bytes;
if (-1 == lseek(c->file.fd, offset, SEEK_SET)) {
log_perror(r->conf.errh, __FILE__, __LINE__, "lseek");
log_perror(errh, __FILE__, __LINE__, "lseek");
return -1;
}
if (-1 == (toSend = read(c->file.fd, local_send_buffer, toSend))) {
log_perror(r->conf.errh, __FILE__, __LINE__, "read");
log_perror(errh, __FILE__, __LINE__, "read");
return -1;
}
@ -2389,8 +2390,7 @@ mod_gnutls_close_notify(handler_ctx *hctx);
static int
connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
{
request_st * const r = &con->request;
handler_ctx *hctx = r->plugin_ctx[plugin_data_singleton->id];
handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id];
gnutls_session_t ssl = hctx->ssl;
if (hctx->pending_write) {
@ -2417,12 +2417,13 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
* headers and beginning of files before uncorking.
*/
log_error_st * const errh = hctx->errh;
while (max_bytes > 0 && NULL != cq->first) {
const char *data;
size_t data_len;
int wr;
if (0 != load_next_chunk(r, cq, max_bytes, &data, &data_len)) return -1;
if (0 != load_next_chunk(cq,max_bytes,&data,&data_len,errh)) return -1;
/* gnutls_record_send() copies the data, up to max record size, but if
* (temporarily) unable to write the entire record, it is documented
@ -2482,8 +2483,7 @@ mod_gnutls_ssl_handshake (handler_ctx *hctx)
static int
connection_read_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
{
request_st * const r = &con->request;
handler_ctx *hctx = r->plugin_ctx[plugin_data_singleton->id];
handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id];
UNUSED(max_bytes);
@ -2546,7 +2546,8 @@ CONNECTION_FUNC(mod_gnutls_handle_con_accept)
hctx->r = r;
hctx->con = con;
hctx->tmp_buf = con->srv->tmp_buf;
r->plugin_ctx[p->id] = hctx;
hctx->errh = r->conf.errh;
con->plugin_ctx[p->id] = hctx;
plugin_ssl_ctx * const s = p->ssl_ctxs + srv_sock->sidx;
hctx->ssl_session_ticket = s->ssl_session_ticket;
@ -2620,9 +2621,8 @@ mod_gnutls_detach(handler_ctx *hctx)
CONNECTION_FUNC(mod_gnutls_handle_con_shut_wr)
{
request_st * const r = &con->request;
plugin_data *p = p_d;
handler_ctx *hctx = r->plugin_ctx[p->id];
handler_ctx *hctx = con->plugin_ctx[p->id];
if (NULL == hctx) return HANDLER_GO_ON;
hctx->close_notify = -2;
@ -2661,14 +2661,13 @@ mod_gnutls_close_notify (handler_ctx *hctx)
CONNECTION_FUNC(mod_gnutls_handle_con_close)
{
request_st * const r = &con->request;
plugin_data *p = p_d;
handler_ctx *hctx = r->plugin_ctx[p->id];
handler_ctx *hctx = con->plugin_ctx[p->id];
if (NULL != hctx) {
con->plugin_ctx[p->id] = NULL;
if (1 != hctx->close_notify)
mod_gnutls_close_notify(hctx); /*(one final try)*/
handler_ctx_free(hctx);
r->plugin_ctx[p->id] = NULL;
}
return HANDLER_GO_ON;
@ -2876,10 +2875,11 @@ http_cgi_ssl_env (request_st * const r, handler_ctx * const hctx)
REQUEST_FUNC(mod_gnutls_handle_request_env)
{
plugin_data *p = p_d;
handler_ctx *hctx = r->plugin_ctx[p->id];
/* simple flag for request_env_patched */
if (r->plugin_ctx[p->id]) return HANDLER_GO_ON;
handler_ctx *hctx = r->con->plugin_ctx[p->id];
if (NULL == hctx) return HANDLER_GO_ON;
if (hctx->request_env_patched) return HANDLER_GO_ON;
hctx->request_env_patched = 1;
r->plugin_ctx[p->id] = (void *)(uintptr_t)1u;
http_cgi_ssl_env(r, hctx);
if (hctx->conf.ssl_verifyclient) {
@ -2900,7 +2900,7 @@ REQUEST_FUNC(mod_gnutls_handle_uri_raw)
* is enabled with extforward.hap-PROXY = "enable", in which case the
* reverse is true: mod_extforward must be loaded after mod_gnutls */
plugin_data *p = p_d;
handler_ctx *hctx = r->plugin_ctx[p->id];
handler_ctx *hctx = r->con->plugin_ctx[p->id];
if (NULL == hctx) return HANDLER_GO_ON;
mod_gnutls_patch_config(r, &hctx->conf);
@ -2915,10 +2915,7 @@ REQUEST_FUNC(mod_gnutls_handle_uri_raw)
REQUEST_FUNC(mod_gnutls_handle_request_reset)
{
plugin_data *p = p_d;
handler_ctx *hctx = r->plugin_ctx[p->id];
if (NULL == hctx) return HANDLER_GO_ON;
hctx->request_env_patched = 0;
r->plugin_ctx[p->id] = NULL; /* simple flag for request_env_patched */
return HANDLER_GO_ON;
}

14
src/mod_maxminddb.c
Unescape View File

@ -421,7 +421,8 @@ mod_maxmind_geoip2 (array * const env, const struct sockaddr * const dst_addr,
REQUEST_FUNC(mod_maxminddb_request_env_handler)
{
const sock_addr * const dst_addr = &r->con->dst_addr;
connection * const con = r->con;
const sock_addr * const dst_addr = &con->dst_addr;
const int sa_family = dst_addr->plain.sa_family;
if (sa_family != AF_INET && sa_family != AF_INET6) return HANDLER_GO_ON;
@ -431,14 +432,14 @@ REQUEST_FUNC(mod_maxminddb_request_env_handler)
/* check that mod_maxmind is activated and env fields were requested */
if (!pconf.activate || NULL == pconf.env) return HANDLER_GO_ON;
array *env = r->plugin_ctx[p->id];
array *env = con->plugin_ctx[p->id];
if (NULL == env) {
env = r->plugin_ctx[p->id] = array_init(pconf.env->used);
env = con->plugin_ctx[p->id] = array_init(pconf.env->used);
if (pconf.mmdb)
mod_maxmind_geoip2(env, (const struct sockaddr *)dst_addr, &pconf);
}
for (size_t i = 0; i < env->used; ++i) {
for (uint32_t i = 0; i < env->used; ++i) {
/* note: replaces values which may have been set by mod_openssl
* (when mod_extforward is listed after mod_openssl in server.modules)*/
data_string *ds = (data_string *)env->data[i];
@ -452,12 +453,11 @@ REQUEST_FUNC(mod_maxminddb_request_env_handler)
CONNECTION_FUNC(mod_maxminddb_handle_con_close)
{
request_st * const r = &con->request;
plugin_data *p = p_d;
array *env = r->plugin_ctx[p->id];
array *env = con->plugin_ctx[p->id];
if (NULL != env) {
array_free(env);
r->plugin_ctx[p->id] = NULL;
con->plugin_ctx[p->id] = NULL;
}
return HANDLER_GO_ON;

52
src/mod_mbedtls.c
Unescape View File

@ -172,7 +172,7 @@ typedef struct {
static int ssl_is_init;
/* need assigned p->id for deep access of module handler_ctx for connection
* i.e. handler_ctx *hctx = r->plugin_ctx[plugin_data_singleton->id]; */
* i.e. handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id]; */
static plugin_data *plugin_data_singleton;
#define LOCAL_SEND_BUFSIZE MBEDTLS_SSL_MAX_CONTENT_LEN
static char *local_send_buffer;
@ -181,13 +181,13 @@ typedef struct {
mbedtls_ssl_context ssl; /* mbedtls request/connection context */
request_st *r;
connection *con;
int8_t request_env_patched;
int8_t close_notify;
unsigned short alpn;
int handshake_done;
size_t pending_write;
plugin_config conf;
buffer *tmp_buf;
log_error_st *errh;
mbedtls_pk_context *acme_tls_1_pkey;
mbedtls_x509_crt *acme_tls_1_x509;
} handler_ctx;
@ -1691,8 +1691,9 @@ SETDEFAULTS_FUNC(mod_mbedtls_set_defaults)
static int
load_next_chunk (request_st * const r, chunkqueue * const cq, off_t max_bytes,
const char ** const data, size_t * const data_len)
load_next_chunk (chunkqueue * const cq, off_t max_bytes,
const char ** const data, size_t * const data_len,
log_error_st * const errh)
{
chunk *c = cq->first;
@ -1744,7 +1745,7 @@ load_next_chunk (request_st * const r, chunkqueue * const cq, off_t max_bytes,
return 0;
case FILE_CHUNK:
if (0 != chunkqueue_open_file_chunk(cq, r->conf.errh)) return -1;
if (0 != chunkqueue_open_file_chunk(cq, errh)) return -1;
{
off_t offset, toSend;
@ -1757,11 +1758,11 @@ load_next_chunk (request_st * const r, chunkqueue * const cq, off_t max_bytes,
if (toSend > max_bytes) toSend = max_bytes;
if (-1 == lseek(c->file.fd, offset, SEEK_SET)) {
log_perror(r->conf.errh, __FILE__, __LINE__, "lseek");
log_perror(errh, __FILE__, __LINE__, "lseek");
return -1;
}
if (-1 == (toSend = read(c->file.fd, local_send_buffer, toSend))) {
log_perror(r->conf.errh, __FILE__, __LINE__, "read");
log_perror(errh, __FILE__, __LINE__, "read");
return -1;
}
@ -1813,8 +1814,7 @@ mod_mbedtls_close_notify(handler_ctx *hctx);
static int
connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
{
request_st * const r = &con->request;
handler_ctx *hctx = r->plugin_ctx[plugin_data_singleton->id];
handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id];
mbedtls_ssl_context * const ssl = &hctx->ssl;
if (hctx->pending_write) {
@ -1838,12 +1838,13 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
const int lim = mbedtls_ssl_get_max_out_record_payload(ssl);
if (lim < 0) return mod_mbedtls_ssl_write_err(con, hctx, lim, 0);
log_error_st * const errh = hctx->errh;
while (max_bytes > 0 && NULL != cq->first) {
const char *data;
size_t data_len;
int wr;
if (0 != load_next_chunk(r, cq, max_bytes, &data, &data_len)) return -1;
if (0 != load_next_chunk(cq,max_bytes,&data,&data_len,errh)) return -1;
/* mbedtls_ssl_write() copies the data, up to max record size, but if
* (temporarily) unable to write the entire record, it is documented
@ -1992,8 +1993,7 @@ mod_mbedtls_ssl_handshake (handler_ctx *hctx)
static int
connection_read_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
{
request_st * const r = &con->request;
handler_ctx *hctx = r->plugin_ctx[plugin_data_singleton->id];
handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id];
int len;
char *mem = NULL;
size_t mem_len = 0;
@ -2025,6 +2025,7 @@ connection_read_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
if (len < 0) {
int rc = len;
request_st * const r = &con->request;
switch (rc) {
case MBEDTLS_ERR_SSL_WANT_WRITE:
con->is_writable = -1;
@ -2047,7 +2048,7 @@ connection_read_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
if (!hctx->conf.ssl_log_noise) return -1;
__attribute_fallthrough__
default:
elog(r->conf.errh, __FILE__, __LINE__, rc, "Reading mbedtls");
elog(hctx->errh, __FILE__, __LINE__, rc, "Reading mbedtls");
return -1;
}
} else if (len == 0) {
@ -2082,7 +2083,8 @@ CONNECTION_FUNC(mod_mbedtls_handle_con_accept)
hctx->r = r;
hctx->con = con;
hctx->tmp_buf = con->srv->tmp_buf;
r->plugin_ctx[p->id] = hctx;
hctx->errh = r->conf.errh;
con->plugin_ctx[p->id] = hctx;
plugin_ssl_ctx * const s = p->ssl_ctxs + srv_sock->sidx;
mbedtls_ssl_init(&hctx->ssl);
@ -2137,9 +2139,8 @@ mod_mbedtls_detach(handler_ctx *hctx)
CONNECTION_FUNC(mod_mbedtls_handle_con_shut_wr)
{
request_st * const r = &con->request;
plugin_data *p = p_d;
handler_ctx *hctx = r->plugin_ctx[p->id];
handler_ctx *hctx = con->plugin_ctx[p->id];
if (NULL == hctx) return HANDLER_GO_ON;
hctx->close_notify = -2;
@ -2179,14 +2180,13 @@ mod_mbedtls_close_notify (handler_ctx *hctx)
CONNECTION_FUNC(mod_mbedtls_handle_con_close)
{
request_st * const r = &con->request;
plugin_data *p = p_d;
handler_ctx *hctx = r->plugin_ctx[p->id];
handler_ctx *hctx = con->plugin_ctx[p->id];
if (NULL != hctx) {
con->plugin_ctx[p->id] = NULL;
if (1 != hctx->close_notify)
mod_mbedtls_close_notify(hctx); /*(one final try)*/
handler_ctx_free(hctx);
r->plugin_ctx[p->id] = NULL;
}
return HANDLER_GO_ON;
@ -2371,10 +2371,11 @@ http_cgi_ssl_env (request_st * const r, handler_ctx * const hctx)
REQUEST_FUNC(mod_mbedtls_handle_request_env)
{
plugin_data *p = p_d;
handler_ctx *hctx = r->plugin_ctx[p->id];
/* simple flag for request_env_patched */
if (r->plugin_ctx[p->id]) return HANDLER_GO_ON;
handler_ctx *hctx = r->con->plugin_ctx[p->id];
if (NULL == hctx) return HANDLER_GO_ON;
if (hctx->request_env_patched) return HANDLER_GO_ON;
hctx->request_env_patched = 1;
r->plugin_ctx[p->id] = (void *)(uintptr_t)1u;
http_cgi_ssl_env(r, hctx);
if (hctx->conf.ssl_verifyclient) {
@ -2395,7 +2396,7 @@ REQUEST_FUNC(mod_mbedtls_handle_uri_raw)
* is enabled with extforward.hap-PROXY = "enable", in which case the
* reverse is true: mod_extforward must be loaded after mod_mbedtls */
plugin_data *p = p_d;
handler_ctx *hctx = r->plugin_ctx[p->id];
handler_ctx *hctx = r->con->plugin_ctx[p->id];
if (NULL == hctx) return HANDLER_GO_ON;
mod_mbedtls_patch_config(r, &hctx->conf);
@ -2410,10 +2411,7 @@ REQUEST_FUNC(mod_mbedtls_handle_uri_raw)
REQUEST_FUNC(mod_mbedtls_handle_request_reset)
{
plugin_data *p = p_d;
handler_ctx *hctx = r->plugin_ctx[p->id];
if (NULL == hctx) return HANDLER_GO_ON;
hctx->request_env_patched = 0;
r->plugin_ctx[p->id] = NULL; /* simple flag for request_env_patched */
return HANDLER_GO_ON;
}

51
src/mod_nss.c
Unescape View File

@ -178,7 +178,7 @@ typedef struct {
static int ssl_is_init;
/* need assigned p->id for deep access of module handler_ctx for connection
* i.e. handler_ctx *hctx = r->plugin_ctx[plugin_data_singleton->id]; */
* i.e. handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id]; */
static plugin_data *plugin_data_singleton;
#define LOCAL_SEND_BUFSIZE 16384 /* DEFAULT_MAX_RECORD_SIZE */
static char *local_send_buffer;
@ -187,7 +187,6 @@ typedef struct {
PRFileDesc *ssl;
request_st *r;
connection *con;
int8_t request_env_patched;
int8_t close_notify;
uint8_t alpn;
int8_t ssl_session_ticket;
@ -196,6 +195,7 @@ typedef struct {
plugin_config conf;
int verify_status;
buffer *tmp_buf;
log_error_st *errh;
} handler_ctx;
@ -2032,8 +2032,9 @@ SETDEFAULTS_FUNC(mod_nss_set_defaults)
static int
load_next_chunk (request_st * const r, chunkqueue * const cq, off_t max_bytes,
const char ** const data, size_t * const data_len)
load_next_chunk (chunkqueue * const cq, off_t max_bytes,
const char ** const data, size_t * const data_len,
log_error_st * const errh)
{
chunk *c = cq->first;
@ -2085,7 +2086,7 @@ load_next_chunk (request_st * const r, chunkqueue * const cq, off_t max_bytes,
return 0;
case FILE_CHUNK:
if (0 != chunkqueue_open_file_chunk(cq, r->conf.errh)) return -1;
if (0 != chunkqueue_open_file_chunk(cq, errh)) return -1;
{
off_t offset, toSend;
@ -2098,11 +2099,11 @@ load_next_chunk (request_st * const r, chunkqueue * const cq, off_t max_bytes,
if (toSend > max_bytes) toSend = max_bytes;
if (-1 == lseek(c->file.fd, offset, SEEK_SET)) {
log_perror(r->conf.errh, __FILE__, __LINE__, "lseek");
log_perror(errh, __FILE__, __LINE__, "lseek");
return -1;
}
if (-1 == (toSend = read(c->file.fd, local_send_buffer, toSend))) {
log_perror(r->conf.errh, __FILE__, __LINE__, "read");
log_perror(errh, __FILE__, __LINE__, "read");
return -1;
}
@ -2158,7 +2159,7 @@ mod_nss_read_err(connection *con, handler_ctx *hctx)
if (!hctx->conf.ssl_log_noise) return -1;
__attribute_fallthrough__
default:
elog(hctx->r->conf.errh, __FILE__, __LINE__, __func__);
elog(hctx->errh, __FILE__, __LINE__, __func__);
return -1;
}
}
@ -2171,9 +2172,9 @@ mod_nss_close_notify(handler_ctx *hctx);
static int
connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
{
request_st * const r = &con->request;
handler_ctx *hctx = r->plugin_ctx[plugin_data_singleton->id];
handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id];
PRFileDesc *ssl = hctx->ssl;
log_error_st * const errh = hctx->errh;
if (0 != hctx->close_notify) return mod_nss_close_notify(hctx);
@ -2188,7 +2189,7 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
size_t data_len;
int wr;
if (0 != load_next_chunk(r, cq, max_bytes, &data, &data_len)) return -1;
if (0 != load_next_chunk(cq,max_bytes,&data,&data_len,errh)) return -1;
/*(if partial write occurred, expect that subsequent writes will have
* at least that much data available from load_next_chunk(), which is
@ -2242,8 +2243,7 @@ mod_nss_SSLHandshakeCallback (PRFileDesc *fd, void *arg)
static int
connection_read_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
{
request_st * const r = &con->request;
handler_ctx *hctx = r->plugin_ctx[plugin_data_singleton->id];
handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id];
UNUSED(max_bytes);
@ -2305,7 +2305,8 @@ CONNECTION_FUNC(mod_nss_handle_con_accept)
hctx->r = r;
hctx->con = con;
hctx->tmp_buf = con->srv->tmp_buf;
r->plugin_ctx[p->id] = hctx;
hctx->errh = r->conf.errh;
con->plugin_ctx[p->id] = hctx;
plugin_ssl_ctx * const s = p->ssl_ctxs + srv_sock->sidx;
hctx->ssl_session_ticket = s->ssl_session_ticket;
@ -2399,9 +2400,8 @@ mod_nss_detach(handler_ctx *hctx)
CONNECTION_FUNC(mod_nss_handle_con_shut_wr)
{
request_st * const r = &con->request;
plugin_data *p = p_d;
handler_ctx *hctx = r->plugin_ctx[p->id];
handler_ctx *hctx = con->plugin_ctx[p->id];
if (NULL == hctx) return HANDLER_GO_ON;
hctx->close_notify = -2;
@ -2438,14 +2438,13 @@ mod_nss_close_notify (handler_ctx *hctx)
CONNECTION_FUNC(mod_nss_handle_con_close)
{
request_st * const r = &con->request;
plugin_data *p = p_d;
handler_ctx *hctx = r->plugin_ctx[p->id];
handler_ctx *hctx = con->plugin_ctx[p->id];
if (NULL != hctx) {
con->plugin_ctx[p->id] = NULL;
if (1 != hctx->close_notify)
mod_nss_close_notify(hctx); /*(one final try)*/
handler_ctx_free(hctx);
r->plugin_ctx[p->id] = NULL;
}
return HANDLER_GO_ON;
@ -2638,10 +2637,11 @@ http_cgi_ssl_env (request_st * const r, handler_ctx * const hctx)
REQUEST_FUNC(mod_nss_handle_request_env)
{
plugin_data *p = p_d;
handler_ctx *hctx = r->plugin_ctx[p->id];
/* simple flag for request_env_patched */
if (r->plugin_ctx[p->id]) return HANDLER_GO_ON;
handler_ctx *hctx = r->con->plugin_ctx[p->id];
if (NULL == hctx) return HANDLER_GO_ON;
if (hctx->request_env_patched) return HANDLER_GO_ON;
hctx->request_env_patched = 1;
r->plugin_ctx[p->id] = (void *)(uintptr_t)1u;
http_cgi_ssl_env(r, hctx);
if (hctx->conf.ssl_verifyclient) {
@ -2662,7 +2662,7 @@ REQUEST_FUNC(mod_nss_handle_uri_raw)
* is enabled with extforward.hap-PROXY = "enable", in which case the
* reverse is true: mod_extforward must be loaded after mod_nss */
plugin_data *p = p_d;
handler_ctx *hctx = r->plugin_ctx[p->id];
handler_ctx *hctx = r->con->plugin_ctx[p->id];
if (NULL == hctx) return HANDLER_GO_ON;
mod_nss_patch_config(r, &hctx->conf);
@ -2677,10 +2677,7 @@ REQUEST_FUNC(mod_nss_handle_uri_raw)
REQUEST_FUNC(mod_nss_handle_request_reset)
{
plugin_data *p = p_d;
handler_ctx *hctx = r->plugin_ctx[p->id];
if (NULL == hctx) return HANDLER_GO_ON;
hctx->request_env_patched = 0;
r->plugin_ctx[p->id] = NULL; /* simple flag for request_env_patched */
return HANDLER_GO_ON;
}

67
src/mod_openssl.c
Unescape View File

@ -240,7 +240,7 @@ typedef struct {
static int ssl_is_init;
/* need assigned p->id for deep access of module handler_ctx for connection
* i.e. handler_ctx *hctx = r->plugin_ctx[plugin_data_singleton->id]; */
* i.e. handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id]; */
static plugin_data *plugin_data_singleton;
#define LOCAL_SEND_BUFSIZE (16 * 1024)
static char *local_send_buffer;
@ -251,10 +251,10 @@ typedef struct {
connection *con;
short renegotiations; /* count of SSL_CB_HANDSHAKE_START */
short close_notify;
unsigned short request_env_patched;
unsigned short alpn;
plugin_config conf;
buffer *tmp_buf;
log_error_st *errh;
} handler_ctx;
@ -3518,8 +3518,9 @@ SETDEFAULTS_FUNC(mod_openssl_set_defaults)
static int
load_next_chunk (request_st * const r, chunkqueue * const cq, off_t max_bytes,
const char ** const data, size_t * const data_len)
load_next_chunk (chunkqueue * const cq, off_t max_bytes,
const char ** const data, size_t * const data_len,
log_error_st * const errh)
{
chunk *c = cq->first;
@ -3576,7 +3577,7 @@ load_next_chunk (request_st * const r, chunkqueue * const cq, off_t max_bytes,
return 0;
case FILE_CHUNK:
if (0 != chunkqueue_open_file_chunk(cq, r->conf.errh)) return -1;
if (0 != chunkqueue_open_file_chunk(cq, errh)) return -1;
{
off_t offset, toSend;
@ -3589,11 +3590,11 @@ load_next_chunk (request_st * const r, chunkqueue * const cq, off_t max_bytes,
if (toSend > max_bytes) toSend = max_bytes;
if (-1 == lseek(c->file.fd, offset, SEEK_SET)) {
log_perror(r->conf.errh, __FILE__, __LINE__, "lseek");
log_perror(errh, __FILE__, __LINE__, "lseek");
return -1;
}
if (-1 == (toSend = read(c->file.fd, local_send_buffer, toSend))) {
log_perror(r->conf.errh, __FILE__, __LINE__, "read");
log_perror(errh, __FILE__, __LINE__, "read");
return -1;
}
@ -3614,9 +3615,9 @@ mod_openssl_close_notify(handler_ctx *hctx);
static int
connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
{
request_st * const r = &con->request;
handler_ctx *hctx = r->plugin_ctx[plugin_data_singleton->id];
handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id];
SSL *ssl = hctx->ssl;
log_error_st * const errh = hctx->errh;
if (0 != hctx->close_notify) return mod_openssl_close_notify(hctx);
@ -3627,7 +3628,7 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
size_t data_len;
int wr;
if (0 != load_next_chunk(r, cq, max_bytes, &data, &data_len)) return -1;
if (0 != load_next_chunk(cq,max_bytes,&data,&data_len,errh)) return -1;
/**
* SSL_write man-page
@ -3643,7 +3644,7 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
if (hctx->renegotiations > 1
&& hctx->conf.ssl_disable_client_renegotiation) {
log_error(r->conf.errh, __FILE__, __LINE__,
log_error(errh, __FILE__, __LINE__,
"SSL: renegotiation initiated by client, killing connection");
return -1;
}
@ -3663,7 +3664,7 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
/* perhaps we have error waiting in our error-queue */
if (0 != (err = ERR_get_error())) {
do {
log_error(r->conf.errh, __FILE__, __LINE__,
log_error(errh, __FILE__, __LINE__,
"SSL: %d %d %s",ssl_r,wr,ERR_error_string(err,NULL));
} while((err = ERR_get_error()));
} else if (wr == -1) {
@ -3673,13 +3674,13 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
case ECONNRESET:
return -2;
default:
log_perror(r->conf.errh, __FILE__, __LINE__,
log_perror(errh, __FILE__, __LINE__,
"SSL: %d %d", ssl_r, wr);
break;
}
} else {
/* neither error-queue nor errno ? */
log_perror(r->conf.errh, __FILE__, __LINE__,
log_perror(errh, __FILE__, __LINE__,
"SSL (error): %d %d", ssl_r, wr);
}
break;
@ -3692,7 +3693,7 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
/* fall through */
default:
while((err = ERR_get_error())) {
log_error(r->conf.errh, __FILE__, __LINE__,
log_error(errh, __FILE__, __LINE__,
"SSL: %d %d %s", ssl_r, wr, ERR_error_string(err, NULL));
}
break;
@ -3713,8 +3714,7 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
static int
connection_read_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
{
request_st * const r = &con->request;
handler_ctx *hctx = r->plugin_ctx[plugin_data_singleton->id];
handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id];
int len;
char *mem = NULL;
size_t mem_len = 0;
@ -3740,7 +3740,7 @@ connection_read_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
if (hctx->renegotiations > 1
&& hctx->conf.ssl_disable_client_renegotiation) {
log_error(r->conf.errh, __FILE__, __LINE__,
log_error(hctx->errh, __FILE__, __LINE__,
"SSL: renegotiation initiated by client, killing connection");
return -1;
}
@ -3794,7 +3794,7 @@ connection_read_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
*/
while((ssl_err = ERR_get_error())) {
/* get all errors from the error-queue */
log_error(r->conf.errh, __FILE__, __LINE__,
log_error(hctx->errh, __FILE__, __LINE__,
"SSL: %d %s", rc, ERR_error_string(ssl_err, NULL));
}
@ -3811,7 +3811,7 @@ connection_read_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
if (0==oerrno && 0==cq->bytes_in && !hctx->conf.ssl_log_noise)
break;
log_error(r->conf.errh, __FILE__, __LINE__,
log_error(hctx->errh, __FILE__, __LINE__,
"SSL: %d %d %d %s", len, rc, oerrno, strerror(oerrno));
break;
}
@ -3847,7 +3847,7 @@ connection_read_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
break;
}
/* get all errors from the error-queue */
log_error(r->conf.errh, __FILE__, __LINE__,
log_error(hctx->errh, __FILE__, __LINE__,
"SSL: %d %s", rc, ERR_error_string(ssl_err, NULL));
}
break;
@ -3875,7 +3875,8 @@ CONNECTION_FUNC(mod_openssl_handle_con_accept)
hctx->r = r;
hctx->con = con;
hctx->tmp_buf = con->srv->tmp_buf;
r->plugin_ctx[p->id] = hctx;
hctx->errh = r->conf.errh;
con->plugin_ctx[p->id] = hctx;
plugin_ssl_ctx * const s = p->ssl_ctxs + srv_sock->sidx;
hctx->ssl = SSL_new(s->ssl_ctx);
@ -3912,9 +3913,8 @@ mod_openssl_detach(handler_ctx *hctx)
CONNECTION_FUNC(mod_openssl_handle_con_shut_wr)
{
request_st * const r = &con->request;
plugin_data *p = p_d;
handler_ctx *hctx = r->plugin_ctx[p->id];
handler_ctx *hctx = con->plugin_ctx[p->id];
if (NULL == hctx) return HANDLER_GO_ON;
hctx->close_notify = -2;
@ -4039,12 +4039,11 @@ mod_openssl_close_notify(handler_ctx *hctx)
CONNECTION_FUNC(mod_openssl_handle_con_close)
{
request_st * const r = &con->request;
plugin_data *p = p_d;
handler_ctx *hctx = r->plugin_ctx[p->id];
handler_ctx *hctx = con->plugin_ctx[p->id];
if (NULL != hctx) {
con->plugin_ctx[p->id] = NULL;
handler_ctx_free(hctx);
r->plugin_ctx[p->id] = NULL;
}
return HANDLER_GO_ON;
@ -4217,10 +4216,11 @@ http_cgi_ssl_env (request_st * const r, handler_ctx * const hctx)
REQUEST_FUNC(mod_openssl_handle_request_env)
{
plugin_data *p = p_d;
handler_ctx *hctx = r->plugin_ctx[p->id];
/* simple flag for request_env_patched */
if (r->plugin_ctx[p->id]) return HANDLER_GO_ON;
handler_ctx *hctx = r->con->plugin_ctx[p->id];
if (NULL == hctx) return HANDLER_GO_ON;
if (hctx->request_env_patched) return HANDLER_GO_ON;
hctx->request_env_patched = 1;
r->plugin_ctx[p->id] = (void *)(uintptr_t)1u;
http_cgi_ssl_env(r, hctx);
if (hctx->conf.ssl_verifyclient) {
@ -4241,7 +4241,7 @@ REQUEST_FUNC(mod_openssl_handle_uri_raw)
* is enabled with extforward.hap-PROXY = "enable", in which case the
* reverse is true: mod_extforward must be loaded after mod_openssl */
plugin_data *p = p_d;
handler_ctx *hctx = r->plugin_ctx[p->id];
handler_ctx *hctx = r->con->plugin_ctx[p->id];
if (NULL == hctx) return HANDLER_GO_ON;
mod_openssl_patch_config(r, &hctx->conf);
@ -4256,10 +4256,7 @@ REQUEST_FUNC(mod_openssl_handle_uri_raw)
REQUEST_FUNC(mod_openssl_handle_request_reset)
{
plugin_data *p = p_d;
handler_ctx *hctx = r->plugin_ctx[p->id];
if (NULL == hctx) return HANDLER_GO_ON;
hctx->request_env_patched = 0;
r->plugin_ctx[p->id] = NULL; /* simple flag for request_env_patched */
return HANDLER_GO_ON;
}

Write Preview
Loading…
Cancel
Save