Commit Graph

36 Commits

Author SHA1 Message Date
Glenn Strauss af3df29ae8 [multiple] reduce redundant NULL buffer checks
This commit is a large set of code changes and results in removal of
hundreds, perhaps thousands, of CPU instructions, a portion of which
are on hot code paths.

Most (buffer *) used by lighttpd are not NULL, especially since buffers
were inlined into numerous larger structs such as request_st and chunk.

In the small number of instances where that is not the case, a NULL
check is often performed earlier in a function where that buffer is
later used with a buffer_* func.  In the handful of cases that remained,
a NULL check was added, e.g. with r->http_host and r->conf.server_tag.

- check for empty strings at config time and set value to NULL if blank
  string will be ignored at runtime; at runtime, simple pointer check
  for NULL can be used to check for a value that has been set and is not
  blank ("")
- use buffer_is_blank() instead of buffer_string_is_empty(),
  and use buffer_is_unset() instead of buffer_is_empty(),
  where buffer is known not to be NULL so that NULL check can be skipped
- use buffer_clen() instead of buffer_string_length() when buffer is
  known not to be NULL (to avoid NULL check at runtime)
- use buffer_truncate() instead of buffer_string_set_length() to
  truncate string, and use buffer_extend() to extend

Examples where buffer known not to be NULL:
  - cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL
    (though we might set it to NULL if buffer_is_blank(cpv->v.b))
  - address of buffer is arg (&foo)
    (compiler optimizer detects this in most, but not all, cases)
  - buffer is checked for NULL earlier in func
  - buffer is accessed in same scope without a NULL check (e.g. b->ptr)

internal behavior change:
  callers must not pass a NULL buffer to some funcs.
  - buffer_init_buffer() requires non-null args
  - buffer_copy_buffer() requires non-null args
  - buffer_append_string_buffer() requires non-null args
  - buffer_string_space() requires non-null arg
2021-08-27 02:16:53 -04:00
Glenn Strauss 3538f8f2a4 [mod_auth*] rename http_auth.* -> mod_auth_api.*
rename http_auth.[ch] -> mod_auth_api.[ch]
2021-08-27 02:16:52 -04:00
Glenn Strauss 38c8735850 [multiple] optimize primitives, buffer_extend()
optimize buffer_* primitives

Other than buffer_string_set_length(), reallocate with one power-2 step
in size (or use the requested size, if larger).  This replaces the fixed
BUFFER_PIECE_SIZE round-up of only 64 bytes extension each reallocation,
which could lead to excessive reallocations in some scenarios.

buffer_extend() convenience routine to prep for batch append
(combines buffer_string_prepare_append() and buffer_commit())

mod_fastcgi, mod_scgi, mod_proxy and others now leverage buffer_extend()

mod_scgi directly performs little-endian encoding of short ints

http_response_write_header() optimizes writing response header,
leveraging buffer_extend()

modify mod_proxy to append line ends
similar to how it is done in http_response_write_header()
(removes one call to buffer_append_string_len())
2021-03-26 07:33:42 -04:00
Glenn Strauss 20b54fa918 [mod_authn_ldap, mod_vhostdb_ldap] default cafile
set default cafile at startup if cafile configured in global scope
2020-12-16 02:00:17 -05:00
Glenn Strauss 2565ad1b86 [mod_authn_ldap] fix crash (fixes #3048)
(thx mgottinger)

fix crash due to uninitialized memory during config parsing

  "Broken LDAP authentication on lighttpd 1.4.56"
2020-12-16 02:00:17 -05:00
Glenn Strauss 563fe5f013 [mod_authn_ldap,mod_vhostdb_ldap] add timeout opt (#2805)
auth.backend.ldap.timeout = "2000000"    # quoted-string; microseconds
vhostdb.ldap += ("timeout" => "2000000") # quoted-string; microseconds

Default is 2000000 microseconds (2 secs)

These values are converted to struct timeval and passed to
  ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, );
  ldap_set_option(ld, LDAP_OPT_TIMEOUT, ...);
if those LDAP_OPT_* values are available (both are OpenLDAP-specific).

  "mod_auth caching"
2020-07-13 17:39:30 -04:00
Glenn Strauss c18f442a63 [multiple] add summaries to top of some modules 2020-07-08 22:51:31 -04:00
Glenn Strauss c752d4696e [multiple] correct misspellings in comments
  "Script for fixing spelling errors with codespell"
2020-07-08 19:54:30 -04:00
Glenn Strauss 7c7f8c467c [multiple] split con, request (very large change)
NB: r->tmp_buf == srv->tmp_buf (pointer is copied for quicker access)

NB: request read and write chunkqueues currently point to connection
    chunkqueues; per-request and per-connection chunkqueues are
    not distinct from one another
      con->read_queue  == r->read_queue
      con->write_queue == r->write_queue

NB: in the future, a separate connection config may be needed for
    connection-level module hooks.  Similarly, might need to have
    per-request chunkqueues separate from per-connection chunkqueues.
    Should probably also have a request_reset() which is distinct from
2020-07-08 19:54:29 -04:00
Glenn Strauss ca97505a72 [multiple] store srv->tmp_buf in tb var
rather than using srv->tmp_buf directly in code modifying temp buf (tb)
2020-07-08 19:54:28 -04:00
Glenn Strauss 010c28949c [multiple] prefer (connection *) to (srv *)
convert all log_error_write() to log_error() and pass (log_error_st *)

use con->errh in preference to srv->errh (even though currently same)

avoid passing (server *) when previously used only for logging (errh)
2020-07-08 19:54:28 -04:00
Glenn Strauss a03afc9043 [mod_auth] inline arrays in http_auth_require_t
also, keep ptr to const buffer *realm rather than copy
2020-07-08 18:08:52 -04:00
Glenn Strauss b73949e03f [multiple] plugin.c handles common FREE_FUNC code
(simpler for modules; less boilerplate to cut-n-paste)
2020-07-08 18:08:51 -04:00
Glenn Strauss 8e713130b3 [mod_auth*] use config_plugin_values_init() 2020-07-08 18:08:51 -04:00
Glenn Strauss e2de4e581e [core] const char *name in struct plugin
put void *data (always used) as first member of struct plugin

add int nconfig member to PLUGIN_DATA

calloc() inits p->data to NULL
2020-05-23 17:59:29 -04:00
Glenn Strauss 36f64b26a1 [core] simpler config_check_cond()
optimize for common case where condition has been evaluated for
the request and a cached result exists

(also: begin isolating data_config)
2020-05-23 17:59:29 -04:00
Glenn Strauss 47a758f959 [core] inline buffer key for *_patch_connection()
handle buffer key as part of DATA_UNSET in *_patch_connection()
(instead of key being (buffer *))
2020-02-24 11:15:32 -05:00
Glenn Strauss ad9b7e009b [core] inline buffer as part of DATA_UNSET key
(instead of key being (buffer *))
2020-02-24 11:15:32 -05:00
Glenn Strauss 1300815688 [core] use buffer_eq_icase_ssn func
specialized buffer_eq_icase_ssn func replace strncasecmp()
in cases where string lengths are not known to be at least
as large as the len being compared case-insensitively.
(Separate commit in case any future changes modify the
implementation to be unsafe for shorter strings, where
strncasecmp() would stop at '\0' in either string)
2019-06-06 02:48:43 -04:00
Glenn Strauss ae9cafecea [mod_authn_ldap] ldap_set_option LDAP_OPT_RESTART (fixes #2940)
ldap_set_option LDAP_OPT_RESTART to handle EINTR on SIGCHLD from CGI

(ldap uses poll(), which is not restartable with sigaction SA_RESTART)

  "mod_authn_ldap/mod_cgi race condition, "Can't contact LDAP server""
2019-05-27 08:32:48 -04:00
Mohammed Sadiq 6a988bb0d0 [multiple] cleaner calloc use in SETDEFAULTS_FUNC
github: closes #99

  "cleaner calloc use in SETDEFAULTS_FUNC"
2019-04-20 02:09:04 -04:00
Glenn Strauss f69bd9cdb8 [core] perf: simple, quick buffer_clear()
quickly clear buffer instead of buffer_string_set_length(b, 0) or
buffer_reset(b).  Avoids free() of large buffers about to be reused,
or buffers that are module-scoped, persistent, and reused.

(buffer_reset() should still be used with buffers in connection *con
 when the data in the buffers is supplied by external, untrusted source)
2018-11-23 00:37:38 -05:00
Glenn Strauss 04d76e7afd [core] some header cleanup
provide standard types in first.h instead of base.h
provide lighttpd types in base_decls.h instead of settings.h
reduce headers exposed by headers for core data structures
  do not expose <pcre.h> or <stdlib.h> in headers
move stat_cache_entry to stat_cache.h
reduce use of "server.h" and "base.h" in headers
2018-04-08 22:22:23 -04:00
Glenn Strauss d5f37803dd [mod_authn_ldap] auth with ldap referrals (fixes #2846)
use ldap_set_rebind_proc() to provide auth when rebinding following
ldap referrals (instead of rebinding anonymously for ldap referrals)

  "LDAP authentication vs. AD: problems with referrals"
2018-01-07 12:50:30 -05:00
Glenn Strauss 37f9b60d5e [mod_authn_ldap] fix mem leak when ldap auth fails (fixes #2849)
thx, codehero

  "Linux OOM kills lighttpd when using mod_authn_ldap"
2017-12-21 17:44:23 -05:00
Glenn Strauss fdc4c324c4 [mod_authn_ldap] replace use of deprecated funcs
replace use of deprecated funcs
2017-11-05 18:50:25 -05:00
Glenn Strauss a53f662a30 [core] remove some unused header includes
remove exposure of stdio.h in buffer.h for print_backtrace(), now static
2017-03-28 02:17:33 -04:00
Glenn Strauss a90c2ffbeb [mod_auth] have LDAP template replace '?'
For consistency with other databases, which use '?' for placeholders,
have LDAP template replace '?' with username, in addition to the
(mod_auth historic) '$' char.
2017-01-31 14:36:15 -05:00
Glenn Strauss eda72ebfc7 [mod_auth] LDAP escape username in DN and filters
(replaces restriction on characters allowed in username)
2017-01-31 14:36:15 -05:00
Glenn Strauss 9c91af0cfd [mod_auth] support LDAP groups for HTTP auth (fixes #1817)
  "LDAP-Group support for HTTP-Authentication"
2017-01-31 14:36:15 -05:00
Glenn Strauss ac90699d28 [autobuild] rm module stub code for missing deps
remove module stub code since the build system(s) no longer build any
module when the dependencies for a given module are not present.
2016-10-17 14:15:50 -04:00
Glenn Strauss 8b282db1d1 [mod_auth] permit specifying ldap DN; skip search (fixes #1248)
If auth.backend.ldap.filter begins with ',', then concatenate
uid=<username> with the 'filter' value to form the DN instead of using
ldap_search to query LDAP for the DN for the username, applying the
provided filter.

  "Allow User-DN to be supplied in the configuration rather than searching"
2016-10-04 05:03:15 -04:00
Glenn Strauss 59c753bf9f [mod_auth] ldap filter subst user for multiple '$' (fixes #1508)
ldap filter supports substitution of multiple '$', each with username

  "auth.backend.ldap.filter: only one/first "$" replaced with Username"
2016-09-28 16:57:43 -04:00
Glenn Strauss a401c9469a [mod_auth] HTTP Basic auth backends also do authz (#1817)
HTTP Basic auth backends now do both authn and authz
in order to allow provide a means to extend backends to optionally
support group authz

  "LDAP-Group support for HTTP-Authentication"
2016-09-28 06:36:38 -04:00
Glenn Strauss d4f812550c [mod_auth] refactor LDAP code into smaller funcs
better handling and freeing of resources
replace deprecated LDAP routines
2016-09-28 04:24:46 -04:00
Glenn Strauss 4b3a91e64b [mod_auth] extensible interface for auth backends
create new, extensible interface for (additional) auth backends

attempt to handle HANDLER_WAIT_FOR_EVENT returned by auth backends
to allow for async auth backends (e.g. to mysql database)

separate auth backends from mod_auth and http_auth
  mod_authn_file.c htdigest, htpasswd, plain auth backends
  mod_authn_ldap.c ldap auth backend
add http_auth.c to common_sources for auth backend registration

(mod_authn_file could be three separate modules, but no need for now)
2016-08-20 13:42:08 -04:00