Commit Graph

2347 Commits

Author SHA1 Message Date
Glenn Strauss 31011adda9 [core] mv log_error_{open,cycle.close} to server.c 2017-07-15 22:42:15 -04:00
Glenn Strauss a9970fec23 [core] consolidate fork()/execve() code (#1393)
(refactoring work to address issue #1393)

  "access log pipe writer should restart child process if it exits"
2017-07-15 22:42:15 -04:00
Glenn Strauss ddf339569c [core] server.error_handler_404 X-Sendfile ENOENT (#2474)
Better handling if server.error_handler_404 is a dynamic handler which
returns X-Sendfile pointing to a file which does not exist

(server.error_handler_404 historically did not reset con->file_started,
 and for mod_fastcgi, an X-Sendfile failure in the error handler would
 result in an empty response body.)

  "Option to map send-file file-not-found error to normal 404"
2017-07-15 22:42:15 -04:00
Glenn Strauss 55867b5602 [core] get port from sock_addr if AF_INET,AF_INET6
sock_addr_get_port() to get port from sock_addr if AF_INET or AF_INET6,
or else return 0
2017-07-15 22:42:12 -04:00
Glenn Strauss d15ddcb6fa [core] server.socket-perms to set perms on unix (fixes #656)
server.socket-perms = "0770" to set perms on unix domain socket
on which lighttpd listens for requests, e.g. $SERVER["socket"] == "..."

  "Feature request: add server config for setting permissions on Unix domain socket"
2017-06-13 08:56:13 -04:00
Glenn Strauss 6f88c28c44 [core] fix compiler warnings on Mac OS X
(thx wardw)
2017-06-13 08:56:13 -04:00
Glenn Strauss 9fd39690be [mod_openssl] adjust use of is used to send list of valid CA DNs to client for client
cert verification.  If is not specified, then the CAs in are used.

client certs are validated against the set of certs from both and, but issuer of cert provided by
client must be in if is specified.

(certs should not need to be in to both and

(thx m4t)
2017-06-13 08:55:38 -04:00
Glenn Strauss 8af9e71ccc [core] allow earlier plugin init for SSL/TLS
If lighttpd is started privileged, then SSL/TLS modules need to be
initialized prior to chroot (optional) and prior to dropping privileges
in order to be able to read sensitive files such as private certificates

(thx m4t)
2017-05-21 21:31:05 -04:00
Glenn Strauss fb87ae8604 [mod_openssl] safer_X509_NAME_oneline() (fixes #2693)
provide a safer X590_NAME_oneline() with return value semantics similar
to those of snprintf() and use safer_X509_NAME_oneline() to set
SSL_CLIENT_S_DN when client cert is validated.

The manpage for X509_NAME_oneline() says:

    The functions X509_NAME_oneline() and X509_NAME_print() are legacy functions which produce a non standard output form, they don't handle multi character fields and have various quirks and inconsistencies. Their use is strongly discouraged in new applications.

Besides X509_NAME_oneline() function being deprecated, until fairly recently, there was a security issue with the function, too.

    The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.

github: closes #63, closes #83

2017-05-21 00:32:52 -04:00
Glenn Strauss e29f7d5738 [mod_dirlisting] sort "../" to top of names
sort "../" to top of names and do not emit "../" for docroot
2017-05-20 14:33:56 -04:00
Glenn Strauss b298e2acb0 [mod_extforward] quiet clang compiler warning
It does seem possible for PROXY protocol subelements to be misaligned
and a message has been sent to HAProxy author of the PROXY protocol.

On most modern processors and operating systems, misaligned access has a
cost, but not the outrageous cost that it historical had on processors
and older operating systems such as on SPARC processors running Solaris
prior to Solaris 11.
2017-05-17 21:55:32 -04:00
Glenn Strauss 21081c7b72 [mod_openssl] fix compile with openssl 1.1.0
fix compile with openssl 1.1.0
remove stray tabs from prior commit

(thx gazoo74)
2017-05-17 00:44:55 -04:00
Gaël PORTAY 04d510af20 [mod_openssl] ignore client verification error if not enforced
ignore client verification error if not enforced
  e.g. *not* ssl.verifyclient.enforce = "enable"

github: closes #83

  "ignore client verification error if not enforced"
2017-05-16 22:25:00 -04:00
Glenn Strauss 69aeaf2fad [mod_proxy] fix typo identified by coverity
fix mod_proxy.c typo identified by coverity
silence some warnings checking return values of fcntl() in fdevent.c
2017-05-15 23:59:22 -04:00
Glenn Strauss 0399609ac2 [mod_openssl] (fixes #2694)
(original patch by mackyle)

The option provides independent control of
the "certificate_authorities" field (see RFC 5246 section
7.4.4 Certificate Request) separate from the actual list
of trusted certificate authorities used for client
certificate verification.

It may be necessary to send a hint that includes the DN
of a non-root client CA in order to receive the correct
certificate from the client, but such a non-root CA really
does not belong in the trusted client root CA list.

Signed-off-by: Kyle J. McKay

github: closes #64

  "add support for ssl.cadn-file"
2017-05-15 23:12:36 -04:00
Gaël PORTAY e422ac128a [mod_openssl] for CRL (fixes #2319)
(original patch by binbrain, and updated by flynn)

github: closes #82

  "Support CRLs for client certificate verification"
2017-05-15 22:02:33 -04:00
Glenn Strauss 6f75cdddda [build] autotools use AC_PROG_CC_STDC macro
autotools now use AC_PROG_CC_STDC macro instead of -std=gnu99.
The default in current modern gcc compilers is -std=gnu11

(Note: src/CMakeLists.txt and SConstruct still specify -std=gnu99)
2017-05-15 22:02:33 -04:00
Glenn Strauss 1e8147fc3a [build] -Werror if --enable-extra-warnings=error
enable -Werror if ./configure --enable-extra-warnings=error

   "Fix warnings"
2017-05-15 22:02:33 -04:00
Gaël PORTAY e8498bbfcc [core] silence compiler warnings if !HAVE_FORK
silence compiler warnings if HAVE_FORK is not set

However, if HAVE_FORK is not set, then -Werror was probably passed to
./configure, which is currently a mistake.  lighttpd can successfully
compiles src/ with -Werror on many platforms, but ./configure tests
should not be run with -Werror. [gstrauss]

github: closes #81

   "Fix warnings"
2017-05-15 22:02:33 -04:00
Glenn Strauss 7a27d5eff5 [core] buffer to disk streaming to slow backends
buffer input to disk when streaming request body to slow backends
2017-05-15 22:02:33 -04:00
Glenn Strauss 574fb562f1 [mod_cgi] basic support for Upgrade: websocket
transition to transparent gateway for e.g. Upgrade: websocket


disabled by default
enabled with cgi.upgrade = "enable"
2017-05-15 22:02:33 -04:00
Glenn Strauss b641850376 [core] optional condition in config "else" clause (fixes #1268)
  "condition should be optional in "else" clause in configuration file"
2017-05-15 22:02:33 -04:00
Glenn Strauss 86bb8be2c8 [core] perf: skip redundant strlen() if len known
performance: skip redundant strlen() if length is already known

introduce array_get_element_klen() to take key and klen params
2017-05-15 22:02:33 -04:00
Glenn Strauss 07cde2cf0b [core] set server.max-keep-alive-requests = 100 (fixes #2205)
median webpage in today's day and age contains 75-100 requests per page
so increasing the default server.max-keep-alive-requests in lighttpd
from 16 is more than warranted

  "set server.max-keep-alive-requests = 100"
2017-05-15 22:02:32 -04:00
Glenn Strauss 8913dc4e59 [mod_extforward] compile on OSX
define MSG_DONTWAIT and MSG_NOSIGNAL to be no-ops on platforms
without support.  (fd should already be configured O_NONBLOCK
and SIGPIPE signal is configured to be ignored)

(thx avij and wardw)
2017-05-15 22:02:32 -04:00
Glenn Strauss 14656f8f89 [mod_proxy] basic support for Upgrade: websocket (fixes #2811)
transition to transparent proxy for e.g. Upgrade: websocket


disabled by default
enabled with proxy.header = ( "upgrade" => "enable" )

  "proxy Upgrade: websocket"
2017-05-15 22:02:04 -04:00
Glenn Strauss 316e959b4d [core] prep mod transitions to transparent proxy
prep mod_proxy,mod_fastcgi,mod_scgi for transition to transparent proxy
2017-05-14 00:09:23 -04:00
Glenn Strauss dfc1603c4b [core] fix crash for invalid syntax in config file (fixes #2810)
fix crash for invalid syntax in config file for server.modules

  "Missing array entry type check in config_insert (configfile.c), SIGSEGV"
2017-05-14 00:09:23 -04:00
Stefan Bühler 9752620792 [core] configparser: fix resource handling in error cases (fixes #2809)
- lemon never calls the destructor for variables on the RHS, make sure
  to manually clean up
- outside `if (ctx->ok) { }` always check for NULL pointers, i.e:
  - if (x) x->free(x)
  - buffer_free and array_free check for NULL on their own
- cleanup RHS variables below `if (ctx->ok) { }` at the bottom
  - set variables to NULL before if ownership gets passed on
- move some buffers instead of copying them

  "Memory corruption in yy_reduce (configparser.y), SIGSEGV"
2017-05-14 00:09:23 -04:00
Glenn Strauss a48d65c8a5 [core] remove redundant resets of fde_ndx
after initialization, value of fde_ndx should be managed by fdevent.c
2017-05-14 00:09:23 -04:00
Glenn Strauss e685ef70f1 [core] act as transparent proxy after con Upgrade 2017-05-14 00:09:23 -04:00
Glenn Strauss 28851b2cdf [core] skip socket shutdown() if con->fd negative
(allow for future module(s) which give fd away over unix domain socket)
2017-05-10 23:21:15 -04:00
Glenn Strauss c66e826978 [mod_proxy,mod_scgi] fix truncated error trace 2017-05-10 23:21:15 -04:00
Glenn Strauss 77509ed087 [mod_fastcgi] consolidate backend read code
Use same funcs as other dynamic handlers to recv data from backend.
Add hook for fastcgi to process FastCGI packets (and other future
dynamic handlers may hook this in order to handle custom data framing)
2017-05-10 23:21:15 -04:00
Glenn Strauss e622aa4114 [mod_uploadprogress] handle query str progress ID (fixes #2808)
  "mod_uploadprogress fails when using parameters"
2017-05-07 14:34:32 -04:00
Glenn Strauss 036d3d3d66 [mod_proxy] simple host/url mapping in headers (fixes #152)
Provide a simple mechanism for mapping host and urlpath header strings
in proxied request and response well-known headers.  This *is not*
intended as a one-size-fits-all, infinitely extensible, regex rewriting
engine.  Instead, the proxy.header directive aims to provide built-in
functionality in mod_proxy for a few common use cases by performing
simple host matching or urlpath prefix matching, and using the
mapping of the first match.  More complex use cases could possibly be
handled by a custom lighttpd module (which does not currently exist).

Note: the contents of the HTTP request-line and HTTP headers may or
may not be in normalized canonical forms, which may or may not influence
the simple matching performed.  Admins should take care to provide safe
defaults (fail closed) if mapping is expected to occur and blindly
passing non-mapped requests is undesirable.

proxy.header = (
    #"map-host-request" => (
        #"-" => "...",#replace provided given Host request authority
        #"..." => "-",#preserve existing authority (no further matching)
        #"..." => "", #preserve existing authority (no further matching)
        #             #(equivalent to "xxx" => "xxx")
        #"xxx" => "yyy", #map one string ("xxx") to another ("yyy")
    #"map-host-response" => (
        #"-" => "...",#replace authority used in backend request
        #"..." => "-",#replace with original authority
        #"..." => "", #preserve existing authority (no further matching)
        #             #(equivalent to "xxx" => "xxx")
        #"xxx" => "yyy", #map one string ("xxx") to another ("yyy")
    #"map-urlpath" => (
        #"/xxx"  => "/yyy",#map one urlpath prefix to another
        #"/xxx/" => "/",   #map one urlpath prefix to another
        #"/xxx"  => "",    #map one urlpath prefix to another
        #"/key"  => "/value",
        # Note: request headers have matching "key" prefix replaced with
        # "value", and response headers have matching "value" prefix
        # replaced with "key", with a pre-test of the "value" from the
        # first-matched "key" in request headers (if there was a match)
    #"https-remap" => "enable",
        # For https requests from client, map https:// to http://
        # when map-host-request matches URI in request, and map http://
        # to https:// when map-host-response matches URI in response.
        # (mod_proxy currently sends all backend requests as http)

  "feature to remove part of the URI when passing along requests..."
2017-05-07 14:34:32 -04:00
Glenn Strauss 1465cf80f9 [core] calloc plugin_config for consistent init 2017-04-30 20:38:03 -04:00
Glenn Strauss 9c0ef6876d [core] permit strings,ints,arrays in config array
(modules may implement more particular restrictions)

  "[mod_proxy] forwarded is a string array only"
2017-04-28 18:51:15 -04:00
Glenn Strauss b23065e547 [mod_accesslog] flag high precision ts for %T (fixes #2807)
flag high precision ts for %T after parsing %{xxx}T config

  "%D and %{UNIT}T of mod_accesslog do not work as expected"
2017-04-26 15:16:01 -04:00
Glenn Strauss 45bb2c1f59 [core] permit strings and integers in config array
(modules may implement more particular restrictions)

github: closes #80
2017-04-26 00:38:20 -04:00
Gaël PORTAY 589faeef63 [core] fix build issue without ipv6 support
This patch fixes the build issue introduced with when code has been
shared in commit a448886485.

	http-header-glue.c: In function 'http_cgi_headers':
	http-header-glue.c:1555:39: error: 'b2' undeclared (first use in this function)
	http-header-glue.c:1555:39: note: each undeclared identifier is reported only once for each function it appears in

github: closes #79
2017-04-26 00:38:04 -04:00
Glenn Strauss 40f72a41b9 [core] omit default port from normalized host str
omit default scheme port from normalized host string
2017-04-25 11:12:53 -04:00
Glenn Strauss 440b371997 [mod_proxy] fix backslash escaping
(thx gportay)
2017-04-25 01:04:36 -04:00
Glenn Strauss 2986221cab [core] sys-strings.h abstraction for strings.h 2017-04-24 10:14:17 -04:00
Glenn Strauss 05c34ce464 [core] buffer_substr_replace() 2017-04-24 02:38:30 -04:00
Glenn Strauss ac143ead29 [core] inline simple buffer is empty checks 2017-04-24 02:37:10 -04:00
Glenn Strauss 8641d1b03f [core] no SOCK_CLOEXEC on Linux kernel < 2.6.27
Linux kernels < 2.6.27 (old!) might return EINVAL if SOCK_CLOEXEC used

2017-04-15 17:46:25 -04:00
Glenn Strauss 9e46b8ea25 [core] extend mimetype search w/o leading '.'
repeat extension search without leading '.' to handle situation
where admin configured mimetype.assign keys without leading '.'
2017-04-15 12:44:11 -04:00
Glenn Strauss a434a3fab0 [mod_openssl] free local_send_buffer at exit 2017-04-15 03:42:28 -04:00
Glenn Strauss ba679290f9 [core] inet_ntop_cache now 4-element cache
(round-robin replacement; fixes what was effectively a 1-element cache)
2017-04-15 03:42:28 -04:00