Commit Graph

75 Commits (41eb4d323c75db996437e398bc7d2477b42a9989)

Author SHA1 Message Date
Glenn Strauss 477534084a [mod_wstunnel] websocket tunnel to other protocol

decodes websockets and passes body back and forth from backend
(body could be known protocol such as JSON, or any custom protocol)

originally based off
2017-07-25 02:29:23 -04:00
Glenn Strauss 889db409dc [core] add public domain SHA1() if no crypto
add public domain SHA1() if not linking with crypto lib

obtained from
 * Originally written by Steve Reid <>
 * Modified by Aaron D. Gifford <>
 * The original unmodified version is available at:
2017-07-25 02:07:49 -04:00
Glenn Strauss 45b970e69b [core] shared code for socket backends
common codebase for socket backends, based off mod_fastcgi with
some features added for mod_proxy

(mostly intended to reduce code duplication and enhance code isolation)

mod_fastcgi and mod_scgi can now use fastcgi.balance and scgi.balance
  for similar behavior as proxy.balance, but the balancing is per-host
  and not per-proc.  proxy.balance is also per-host and not per-proc.

mod_proxy and mod_scgi can now use and, similar to

mod_fastcgi behavior change (affects only mod_status):
- statistics tags have been renamed from "fastcgi.*" to "gw.*"
  "fastcgi.backend.*"       -> "gw.backend.*"
  "" -> ""
  ("fastcgi.requests" remains "fastcgi.requests")
  ("proxy.requests" is new)
  ("scgi.requests" is new)

mod_scgi behavior change (likely minor):
- removed scgi_proclist_sort_down() and scgi_proclist_sort_up().
  procs now chosen based on load as measured by num socket connnections

modules using gw_backend.[ch] are currently still independent modules.
If it had been written as a single module with fastcgi, scgi, proxy
implementations, then there would have been a chance of breaking some
existing user configurations where module ordering made a difference
for which module handled a given request, though for most people, this
would have made no difference.

Details about mod_fastcgi code transformations:
unsigned int debug -> int debug
fastcgi_env member removed from plugin_config
renamed "fcgi" and "fastcgi" to "gw", and "FCGI" to "GW"
reorganize routines for high-level and lower-level interfaces
some lower-level internal interfaces changed to use host,proc,debug
  args rather than knowing about higher-level (app) hctx and plugin_data
tabs->spaces and reformatting
2017-07-23 19:02:00 -04:00
Glenn Strauss 9b9f445a7b [mod_proxy] move data_fastcgi into mod_proxy.c
(data_fastcgi is used only by mod_proxy at this point)
2017-07-15 22:42:15 -04:00
Glenn Strauss 6f88c28c44 [core] fix compiler warnings on Mac OS X
(thx wardw)
2017-06-13 08:56:13 -04:00
Glenn Strauss 2986221cab [core] sys-strings.h abstraction for strings.h 2017-04-24 10:14:17 -04:00
Glenn Strauss 2f83aac9fb mod_vhostdb* (dbi,mysql,pgsql,ldap) (fixes #485, fixes #1936, fixes #2297)
mod_vhostdb - vhost docroot lookups


mod_vhostdb_mysql  (now preferred over mod_mysql_vhost.c)

STATUS: experimental  (testing and feedback appreciated)

  "PostgreSQL virtual host support"
  "LDAP Virtual Host Definition Storage Integration"
  "mod_dbi_vhost (patch included)"
2017-01-31 14:36:15 -05:00
Glenn Strauss 86d0396761 [build] only mod_openssl depends on -lssl
some other modules depend only on -lcrypto, when available,
for SHA1, HMAC, MD5, etc
2017-01-31 14:36:14 -05:00
Glenn Strauss bdbea2aea8 [mod_openssl] move openssl code into mod_openssl
large code move, but minimal changes made to code (besides whitespace),
so that code builds

next: need to isolate openssl data structures and config parsing
2017-01-14 01:06:16 -05:00
Glenn Strauss cb9ebe9fa6 [mod_openssl] new module (preliminary layout) 2017-01-14 01:06:16 -05:00
Glenn Strauss 22ca2778a8 [build] check for pipe2() at configure time
Lack of pipe2() on relic Unix as well as missing on Mac OSX is likely
one reason why threaded web servers such as nginx choose not to support
CGI except via an external service to the process.  Without pipe2(),
race conditions exist and it is not safe for a threaded server to use
pipe() and fork() when the server also does not want to potentially leak
open file descriptors to various unrelated CGI scripts.
2016-12-17 18:07:42 -05:00
Glenn Strauss 394278c61a [build] build network_*.c into lighttpd executable
(not into liblightcomp used by modules, on platforms that require that)
2016-12-05 02:40:12 -05:00
Glenn Strauss df61f19daf [core] compile fix for Mac OS X 10.6 (old) (fixes #2773)
Mac OS X 10.7 Lion introduces arc4random_buf()

(thx ryandesign)

  "Mac OS X build issue Undefined symbols"
2016-11-28 12:39:11 -05:00
Glenn Strauss 1f3ad401ba [mod_deflate] skip deflate if loadavg too high (fixes #1505)
[mod_deflate] skip deflate if 1 min loadavg too high
deflate.max-loadavg  = "3.50"  # express value as string of float num

[mod_compress] skip compression if 1 min loadavg too high
compress.max-loadavg = "3.50"  # express value as string of float num

Feature available on BSD-like systems which have getloadavg() in libc

Note: load average calculations are different on different operating
systems and different types of system loads, so there is no value that
can be recommended for one-size-fits-all.

  "Enable mod_compress to abandon compression when load average is too high"
2016-10-19 16:38:47 -04:00
Glenn Strauss c073a31f69 [autobuild] omit module stubs when missing deps
do not build any module (containing module stubs) when the dependencies
for a given module are not present.
2016-10-17 14:15:50 -04:00
Glenn Strauss 5feb2694f7 [autobuild] remove mod_authn_gssapi dep on resolv
remove mod_authn_gssapi explicit dependency on -lresolv
This fixes build on FreeBSD when ./configure --with-krb5
(On systems that need libresolv, libkrb5 depends on libresolv)

Also remove obsolete hstrerror() references from build
2016-10-16 08:56:30 -04:00
Glenn Strauss 032772ab6c add random() to list of rand() fallbacks
(but prefer better mechanisms)
2016-10-16 05:11:38 -04:00
Glenn Strauss 7f4e156e5f [core] rand.[ch] to use better RNGs when available
prefer RAND_pseudo_bytes() (openssl), arc4random() or jrand48(),
if available, over rand()

These are not necessarily cryptographically secure, but should be better
than rand()
2016-10-15 23:28:09 -04:00
Glenn Strauss ebbd639029 [cmake] build mod_authn_gssapi if WITH_KRB5 2016-10-04 05:03:15 -04:00
Glenn Strauss ed3065cfb2 [CMake] fix clang -Wcast-align warnings in lemon.c 2016-09-23 02:24:23 -04:00
Glenn Strauss 1c1a63786e [mod_auth] mod_authn_gssapi Kerberos auth backend (fixes #1899)
module status: experimental; more testing and review needed

Kerberos library calls have been preserved from original patch set
and should be reviewed.

module has been quickly tested with Basic auth (Use over TLS!)

SPNEGO -has not- been tested.  Again, kerberos library calls have
been preserved from original patch set.  YMMV. (Use over TLS!)

  "Kerberos/GSSAPI Delegation Support"
2016-09-22 23:15:38 -04:00
Glenn Strauss 381aaae363 remove unused array type TYPE_COUNT data_count
(unused type, and very similar to TYPE_INTEGER data_integer,
 differing only in initial value and how dup inserts are merged)
2016-09-22 19:54:57 -04:00
Glenn Strauss cb1a3c6299 backport mod_deflate to lighttpd 1.4 (fixes #1824, fixes #2753)
lots of fixes and improvements

limitations: see comments at top of mod_deflate.c

missing functionality: encode streaming response
  (module currently requires response be collected before being sent)

potential functionality: addition of compressed file cache would
  allow mod_deflate to fully supplant mod_compress in lighttpd 1.4.x

  "Adding mod_deflate to 1.4.xx"
  "mod_deflate backport compile error if ENABLE_MMAP not defined"

github: closes #67
2016-09-22 13:36:04 -04:00
Glenn Strauss 5dfe21acc9 [mod_geoip] add to default build (fixes #2705, fixes #2101, fixes #2092, fixes #2025, fixes #1962, fixes #1938)
(add to default build to reduce distributor package maintenance)

  "broken module API since 1.4.38"
  "lighttpd-1.4.24 fails to compile with mod_geoip.c"
  "unsafe sprintfs mod_geoip"
  "mod_geoip crashes lighttpd 1.5.x on FreeBSD 7.2 AMD64"
  "lighttpd 1.4 crashes on FreeBSD 7.0 AMD64 when mod_geoip compiled in"
2016-09-13 02:49:00 -04:00
Glenn Strauss ab935a2b96 [mod_uploadprogress] add to default build
(module is distributed in Gentoo)
(add to default build to reduce distributor package maintenance)
2016-09-12 02:53:11 -04:00
Glenn Strauss ae91578895 [mod_auth] mod_authn_mysql.c MySQL auth backend (fixes #752, fixes #1845)
(automatically load mod_authn_mysql with mod_auth for compatibility with
 existing config usage via patches in various distros, e.g. FreeBSD)

  "mySQL auth"
  "MySQL Digest Authentication"
2016-09-11 10:59:05 -04:00
Glenn Strauss 4b3a91e64b [mod_auth] extensible interface for auth backends
create new, extensible interface for (additional) auth backends

attempt to handle HANDLER_WAIT_FOR_EVENT returned by auth backends
to allow for async auth backends (e.g. to mysql database)

separate auth backends from mod_auth and http_auth
  mod_authn_file.c htdigest, htpasswd, plain auth backends
  mod_authn_ldap.c ldap auth backend
add http_auth.c to common_sources for auth backend registration

(mod_authn_file could be three separate modules, but no need for now)
2016-08-20 13:42:08 -04:00
Stefan Bühler 46b0e01217 [cmake] enable warnings for GCC and Clang
Also set -Wno-cast-align for lemon; lemon is only the parser generator, either
it crashes or it works.
2016-07-30 23:42:57 -04:00
Stefan Bühler f7b3745552 [cmake] always define _GNU_SOURCE
first.h only defines _GNU_SOURCE if no config.h is present.
2016-07-30 14:20:52 +02:00
Glenn Strauss 1ebc83f11f [build_cmake] clock_gettime() -lrt w/ glibc < 2.17 (fixes #2737)
clock_gettime() needs -lrt with glibc < 2.17,
and possibly other platforms

This commit contains fixes for CMake and SCONS
See also commit:4d920466 which updated for same

  "1.4.40 compiling issuses on Debian Wheezy"
2016-07-19 04:03:14 -04:00
Glenn Strauss 53d906968b [autobuild] CMake check for struct tm tm_gmtoff (fixes #2014)
  "cmake scripts don't HAVE_STRUCT_TM_GMTOFF -> wrong timezone"
2016-07-06 14:00:07 -04:00
Glenn Strauss bb93414a23 [build_cmake] use MODULE on Mac OS X (fixes #1761)
add instructions in INSTALL to build using CMake and Xcode on Mac OS X
  along with MacPorts
update CMake to link test_configfile with pcre

  "loadable-module naming on macosx + cmake"
2016-05-21 14:07:57 -04:00
Glenn Strauss a5fcfee6fc [mod_ssi] more flexible quoting (fixes #1768)
allow double-quotes, single-quotes or no quote on SSI param values

remove use of PCRE from mod_ssi

fix misspelling of 'unknow' to be 'unknown'

  "mod_ssi doesn't accept single quotes"
2016-05-14 05:50:37 -04:00
Glenn Strauss 1ca52fdce3 build with libressl
libressl defines SSL_OP_NO_SSLv2 and SSL_OP_NO_SSLv3 as 0x0
  (thx Christian Heckendorf)

libressl matches ERR_remove_thread_state() signature from openssl 1.0.2
  (libressl pretends that libressl is openssl version 2.0.0,
   but openssl 1.1.0 changes signature of ERR_remove_thread_state())

libressl does not yet provide compatibility interfaces for the new
  prototypes introduced in openssl 1.1.0, including
  DH_set0_pqg() and DH_set_length()

remove OPENSSL_NO_KRB5 from build config (added in 5fab991b in 2005)
  (define USE_OPENSSL_KERBEROS if required)
  (Note: OPENSSL_NO_KRB5 removed in openssl 1.1.0)
2016-05-07 12:50:41 -04:00
Glenn Strauss bed63b7962 [core] support IPv6 in $HTTP["remote-ip"] CIDR cond match (fixes #2706)
  "Matching IPv6 addresses with $HTTP["remoteip"]"

github: closes #52
2016-04-25 01:52:12 -04:00
Stefan Bühler 92c3da847b [unittests] add test_buffer and test_base64 unit tests
From: Stefan Bühler <>

git-svn-id: svn:// 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-03-25 16:58:12 +00:00
Stefan Bühler 8455734f4a [core] add generic vector implementation
From: Stefan Bühler <>

git-svn-id: svn:// 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-03-19 15:27:36 +00:00
Stefan Bühler f3b577ddee use libmemcached instead of deprecated libmemcache
Differential Revision:

From: Stefan Bühler <>

git-svn-id: svn:// 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-01-03 14:48:11 +00:00
Stefan Bühler c354229f42 add handling for lua 5.2 and 5.3 (fixes #2674)
Reviewers: stbuehler

Differential Revision:

From: Stefan Bühler <>

git-svn-id: svn:// 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-01-03 14:48:09 +00:00
Kyle J. McKay 159ca0c15d [network] add darwin-sendfile backend (fixes #2687)
The FreeBSD version of sendfile is already supported.  Starting
with OS X 10.5, Darwin also supports sendfile, but using a
slightly different argument list even though much of the
implementation is likely taken from FreeBSD just like the man
page is.

Add support for darwin's sendfile by introducing a new
network_darwin_sendfile.c file that's just a copy of the
network_freebsd_sendfile.c file except with the arguments
adjusted to compensate for the minor API difference (FreeBSD
has separate in and out byte count arguments whereas Darwin
has a combined in/out byte count argument).

Signed-off-by: Kyle J. McKay <>

git-svn-id: svn:// 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-12-04 20:48:21 +00:00
Stefan Bühler bfaa48260a [mod_secdownload] add required algorithm option; old behaviour available as "md5", new options "hmac-sha1" and "hmac-sha256"
Differential Revision:

From: Stefan Bühler <>

git-svn-id: svn:// 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-11-22 22:22:22 +00:00
Stefan Bühler b0a4421272 [core] refactor base64 functions into separate file
Differential Revision:

From: Stefan Bühler <>

git-svn-id: svn:// 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-11-22 22:22:20 +00:00
Loganaden Velvindron d7be04beb5 [mod_auth] implement and use safe_memclear, using memset_s or explicit_bzero if available
From: Loganaden Velvindron <>

git-svn-id: svn:// 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-09-26 10:11:24 +00:00
Stefan Bühler 2b9be8f072 [build] put --as-needed into linker flags instead of cflags
From: Stefan Bühler <>

git-svn-id: svn:// 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-08-23 08:07:47 +00:00
Stefan Bühler 27ab3f76db [mod_dirlisting] remove sys/syslimits.h; base.h already includes limits.h
From: Stefan Bühler <>

git-svn-id: svn:// 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-08-23 07:41:09 +00:00
Stefan Bühler 5c48617737 [cmake] fix FreeBSD linker bug
From: Stefan Bühler <>

git-svn-id: svn:// 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-08-22 17:52:17 +00:00
Stefan Bühler 16e1a78ad5 [cmake] don't put date into config.h (not used anyway), only unset local vars for disabled features instead of clearing cache
From: Stefan Bühler <>

git-svn-id: svn:// 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-08-22 17:39:04 +00:00
Stefan Bühler 10f1490fb1 [cmake] cleanup cache variables if features get deactivated
From: Stefan Bühler <>

git-svn-id: svn:// 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-08-22 16:01:05 +00:00
Stefan Bühler 403afcd251 [cmake] lowercase commands, whitespace cleanup, remove clutter in else(...), endif(...), endforeach(...)
From: Stefan Bühler <>

git-svn-id: svn:// 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-08-22 16:01:02 +00:00
Stefan Bühler 593599f14a rewrite network (write) backends
From: Stefan Bühler <>

git-svn-id: svn:// 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-08-22 16:00:59 +00:00