[core] config_get_config_cond_info()

isolate direct use of (data_config *)
personal/stbuehler/ci-build
Glenn Strauss 3 years ago
parent 4a6fe83837
commit d23071a38f
  1. 10
      src/configfile-glue.c
  2. 12
      src/configfile.h
  3. 63
      src/mod_openssl.c
  4. 16
      src/mod_rewrite.c
  5. 20
      src/network.c

@ -25,6 +25,16 @@
*/
void config_get_config_cond_info(server *srv, uint32_t idx, config_cond_info *cfginfo) {
data_config *dc = (data_config *)srv->config_context->data[idx];
cfginfo->comp = dc->comp;
cfginfo->cond = dc->cond;
cfginfo->string = &dc->string;
cfginfo->comp_tag = dc->comp_tag;
cfginfo->comp_key = dc->comp_key;
cfginfo->op = dc->op;
}
int config_plugin_values_init(server * const srv, void *p_d, const config_plugin_keys_t * const cpk, const char * const mname) {
plugin_data_base * const p = (plugin_data_base *)p_d;
array * const touched = srv->config_touched;

@ -40,6 +40,18 @@ typedef enum {
COMP_LAST_ELEMENT
} comp_key_t;
typedef struct {
comp_key_t comp;
config_cond_t cond;
const buffer *string;
const buffer *comp_tag;
const buffer *comp_key;
const char *op;
} config_cond_info;
__attribute_cold__
void config_get_config_cond_info(server *srv, uint32_t idx, config_cond_info *cfginfo);
/* $HTTP["host"] == "incremental.home.kneschke.de" { ... }
* for print: comp_key op string
* for compare: comp cond string/regex

@ -525,21 +525,8 @@ error:
static int
network_openssl_load_pemfile (server *srv, plugin_config *s, size_t ndx)
network_openssl_load_pemfile (server *srv, plugin_config *s)
{
#ifdef OPENSSL_NO_TLSEXT
data_config *dc = (data_config *)srv->config_context->data[ndx];
if ((ndx > 0 && (COMP_SERVER_SOCKET != dc->comp
|| dc->cond != CONFIG_COND_EQ)) || !s->ssl_enabled) {
log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
"ssl.pemfile only works in SSL socket binding context "
"as openssl version does not support TLS extensions");
return -1;
}
#else
UNUSED(ndx);
#endif
s->ssl_pemfile_x509 = x509_load_pem_file(srv, s->ssl_pemfile->ptr);
if (NULL == s->ssl_pemfile_x509) return -1;
s->ssl_pemfile_pkey = !buffer_string_is_empty(s->ssl_privkey)
@ -883,15 +870,21 @@ network_init_ssl (server *srv, void *p_d)
if (!buffer_string_is_empty(s->ssl_pemfile)) {
#ifdef OPENSSL_NO_TLSEXT
data_config *dc = (data_config *)srv->config_context->data[i];
if (COMP_HTTP_HOST == dc->comp) {
log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
"can't use ssl.pemfile with $HTTP[\"host\"], "
"openssl version does not support TLS "
"extensions");
if (!s->ssl_enabled
|| (i > 0 && (COMP_SERVER_SOCKET != dc->comp
|| dc->cond != CONFIG_COND_EQ))) {
if (COMP_HTTP_HOST == dc->comp)
log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
"can't use ssl.pemfile with $HTTP[\"host\"], "
"as openssl version does not support TLS extensions");
else
log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
"ssl.pemfile only works in SSL socket binding context "
"as openssl version does not support TLS extensions");
return -1;
}
#endif
if (network_openssl_load_pemfile(srv, s, i)) return -1;
if (network_openssl_load_pemfile(srv, s)) return -1;
}
@ -1823,29 +1816,23 @@ CONNECTION_FUNC(mod_openssl_handle_con_accept)
hctx->con = con;
hctx->srv = srv;
con->plugin_ctx[p->id] = hctx;
mod_openssl_patch_connection(srv, con, hctx);
/* connect fd to SSL */
hctx->ssl = SSL_new(p->config_storage[srv_sock->sidx]->ssl_ctx);
if (NULL == hctx->ssl) {
log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
ERR_error_string(ERR_get_error(), NULL));
return HANDLER_ERROR;
if (NULL != hctx->ssl
&& SSL_set_app_data(hctx->ssl, hctx)
&& SSL_set_fd(hctx->ssl, con->fd)) {
SSL_set_accept_state(hctx->ssl);
con->network_read = connection_read_cq_ssl;
con->network_write = connection_write_cq_ssl;
buffer_copy_string_len(con->proto, CONST_STR_LEN("https"));
mod_openssl_patch_connection(srv, con, hctx);
return HANDLER_GO_ON;
}
buffer_copy_string_len(con->proto, CONST_STR_LEN("https"));
con->network_read = connection_read_cq_ssl;
con->network_write = connection_write_cq_ssl;
SSL_set_app_data(hctx->ssl, hctx);
SSL_set_accept_state(hctx->ssl);
if (1 != (SSL_set_fd(hctx->ssl, con->fd))) {
log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
ERR_error_string(ERR_get_error(), NULL));
else {
log_error(srv->errh, __FILE__, __LINE__,
"SSL: %s", ERR_error_string(ERR_get_error(), NULL));
return HANDLER_ERROR;
}
return HANDLER_GO_ON;
}

@ -280,15 +280,19 @@ static handler_t process_rewrite_rules(server *srv, connection *con, plugin_data
uintptr_t * const hctx = (uintptr_t *)(con->plugin_ctx + p->id);
if (((++*hctx) & 0x1FF) > 100) {
if (0 == kvb->x0) {
log_error_write(srv, __FILE__, __LINE__, "s",
"ENDLESS LOOP IN rewrite-rule DETECTED ... aborting request");
if (0 != kvb->x0) {
config_cond_info cfginfo;
config_get_config_cond_info(srv, kvb->x0, &cfginfo);
log_error(con->errh, __FILE__, __LINE__,
"ENDLESS LOOP IN rewrite-rule DETECTED ... aborting request, "
"perhaps you want to use url.rewrite-once instead of "
"url.rewrite-repeat ($%s %s \"%s\")", cfginfo.comp_key->ptr,
cfginfo.op, cfginfo.string->ptr);
return HANDLER_ERROR;
}
data_config *dc = (data_config *)srv->config_context->data[kvb->x0];
log_error_write(srv, __FILE__, __LINE__, "SbsSBS",
"ENDLESS LOOP IN rewrite-rule DETECTED ... aborting request, perhaps you want to use url.rewrite-once instead of url.rewrite-repeat ($", dc->comp_key, dc->op, "\"", &dc->string, "\")");
log_error(con->errh, __FILE__, __LINE__,
"ENDLESS LOOP IN rewrite-rule DETECTED ... aborting request");
return HANDLER_ERROR;
}

@ -478,25 +478,29 @@ int network_init(server *srv, int stdin_fd) {
}
/* check for $SERVER["socket"] */
for (size_t i = 1; i < srv->config_context->used; ++i) {
data_config *dc = (data_config *)srv->config_context->data[i];
for (uint32_t i = 1; i < srv->config_context->used; ++i) {
config_cond_info cfginfo;
config_get_config_cond_info(srv, i, &cfginfo);
buffer *host_token;
*(const buffer **)&host_token = cfginfo.string;
/*(cfginfo.string is modified during config)*/
/* not our stage */
if (COMP_SERVER_SOCKET != dc->comp) continue;
if (COMP_SERVER_SOCKET != cfginfo.comp) continue;
if (dc->cond == CONFIG_COND_NE) {
if (cfginfo.cond == CONFIG_COND_NE) {
socklen_t addr_len = sizeof(sock_addr);
sock_addr addr;
if (0 != network_host_parse_addr(srv, &addr, &addr_len, &dc->string, srv->config_storage[i]->use_ipv6)) {
if (0 != network_host_parse_addr(srv, &addr, &addr_len, host_token, srv->config_storage[i]->use_ipv6)) {
return -1;
}
network_host_normalize_addr_str(&dc->string, &addr);
network_host_normalize_addr_str(host_token, &addr);
continue;
}
if (dc->cond != CONFIG_COND_EQ) continue;
if (cfginfo.cond != CONFIG_COND_EQ) continue;
if (0 != network_server_init(srv, &dc->string, i, -1)) return -1;
if (0 != network_server_init(srv, host_token, i, -1)) return -1;
}
if (srv->srvconf.systemd_socket_activation) {

Loading…
Cancel
Save