refactor mod_auth_check_digest()
- smaller functions
- collect parsed Authorization header into http_auth_digest_params_t
- use string references rather than copying and modifying Authorization
dbi_conn_escape_string_copy() requires '\0'-terminated string.
While that is currently the case for strings in http_auth_info_t,
that will soon change, so consumers must use ai->username with ai->ulen,
and ai->realm with ai->rlen
reduce code duplication
make it easier to add new algos
mod_authn_file:
- leverage r->tmp_buf instead of temporary allocating buffer_init()
- mod_authn_file_htpasswd_basic()
- compare binary SHA1 (shorter) rather than base64 (longer)
- split crypt() from mod_authn_file_htpasswd_basic() to separate func
- apr_md5_encode() modifications for slightly better performance
clear etag in stat_cache_get_entry_open() after opening file
(in case a different caller used stat_get_get_entry() and then file
changed before being opened)
read file and use luaL_loadbuffer()
eliminate TOC-TOU race w/ independent stat() in stat_cache_get_entry()
restructure script_cache_get_script() into smaller funcs
This commit is a large set of code changes and results in removal of
hundreds, perhaps thousands, of CPU instructions, a portion of which
are on hot code paths.
Most (buffer *) used by lighttpd are not NULL, especially since buffers
were inlined into numerous larger structs such as request_st and chunk.
In the small number of instances where that is not the case, a NULL
check is often performed earlier in a function where that buffer is
later used with a buffer_* func. In the handful of cases that remained,
a NULL check was added, e.g. with r->http_host and r->conf.server_tag.
- check for empty strings at config time and set value to NULL if blank
string will be ignored at runtime; at runtime, simple pointer check
for NULL can be used to check for a value that has been set and is not
blank ("")
- use buffer_is_blank() instead of buffer_string_is_empty(),
and use buffer_is_unset() instead of buffer_is_empty(),
where buffer is known not to be NULL so that NULL check can be skipped
- use buffer_clen() instead of buffer_string_length() when buffer is
known not to be NULL (to avoid NULL check at runtime)
- use buffer_truncate() instead of buffer_string_set_length() to
truncate string, and use buffer_extend() to extend
Examples where buffer known not to be NULL:
- cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL
(though we might set it to NULL if buffer_is_blank(cpv->v.b))
- address of buffer is arg (&foo)
(compiler optimizer detects this in most, but not all, cases)
- buffer is checked for NULL earlier in func
- buffer is accessed in same scope without a NULL check (e.g. b->ptr)
internal behavior change:
callers must not pass a NULL buffer to some funcs.
- buffer_init_buffer() requires non-null args
- buffer_copy_buffer() requires non-null args
- buffer_append_string_buffer() requires non-null args
- buffer_string_space() requires non-null arg
note: etag buffer etag->ptr might be NULL (etag->used = etag->sze = 0)
so buffer will need to be extended, not truncated, in that case.
buffer_string_set_length() is typically used to truncate strings.
reset stek_rotate_ts if clock moves backwards > 28800 seconds
x-ref:
"Lighttpd 1.4.58 SSL connections stop working if system time of lighttpd server is changed to future one (+12h or even days)"
https://redmine.lighttpd.net/issues/3080
(mod_auth_api.c would be part of mod_auth.c
and mod_vhostdb_api.c would be part of mod_vhostdb.c
if not for MacOS)
MacOS modules can link against .dylib, but not against other modules
MacOS link with -module produces a .so, which lighttpd uses
MacOS link without -module procudes a .dylib,
but name *must* have prefix "lib...",
which lighttpd "mod_*" do not have.
Other lighttpd build configs (CMake, SCONS, meson) might not work
on MacOS. Patches (which do not make a huge mess of things) welcome.
When writev() is available, always use writev() instead of write()
(Silently ignores config option to use write() if writev() is available)
(Still uses sendfile() instead of writev() when config selects sendfile)
link http_auth.c into mod_auth
link http_vhostdb.c into mod_vhostdb
ensure that mod_auth loads before mod_authn_*
ensure that mod_vhostdb loads before mod_vhostdb_*
