Commit Graph

140 Commits

Author SHA1 Message Date
Glenn Strauss 1fc8a3e1f2 [core] sys-crypto-md.h w/ inline message digest fn
sys-crypto-md.h w/ inline message digest functions; shared code
2020-07-08 22:51:31 -04:00
Glenn Strauss bf4054f8ec [mod_gnutls] GnuTLS option for TLS (fixes #109)

mod_gnutls supports most ssl.* config options supported by mod_openssl

  "GnuTLS support for the mod_ssl"
2020-07-08 22:51:31 -04:00
Glenn Strauss cb753ec5b5 [mod_mbedtls] mbedTLS option for TLS

mod_mbedtls supports most ssl.* config options supported by mod_openssl

thx Ward Willats for the initial discussion and attempt in the comments
2020-07-08 22:51:31 -04:00
Glenn Strauss 9fdf24468d [doc] src/t/README 2020-07-08 19:54:29 -04:00
Glenn Strauss d013d0abd3 [core] http_request_parse_target()
http_request_parse_target() split from http_response_prepare()
2020-07-08 19:54:29 -04:00
Glenn Strauss c8a1cba0c1 [tests] t/test_mod_userdir
create t/test_mod_userdir to replace sparse tests in tests/mod-userdir.t
remove tests/mod-userdir.t
2020-07-08 19:54:29 -04:00
Glenn Strauss 8b7e110973 [tests] stub out config funcs in test_mod_* 2020-07-08 19:54:29 -04:00
Glenn Strauss 5977ce2b4a [core] isolate use of data_config, configfile.h 2020-07-08 18:08:52 -04:00
Glenn Strauss 0c64096555 [core] isolate data_config.c, vector.c
isolate data_config.c, vector.c to lighttpd executable, not modules
2020-02-24 11:15:32 -05:00
Glenn Strauss 62e97967ca [core] prefer uint32_t to size_t in base.h
even 2 billion is way larger than even extreme operating values
expected for the members in base.h

include some structs directly in struct server, rather than by ptr
2020-02-24 11:15:32 -05:00
Glenn Strauss 5c3f439bcf [build] PGSQL_CFLAGS with pkg-config for postgres (#2965)
build postgres modules with $(PGSQL_CFLAGS) in

  "pg_config is deprecated to build postgres client applications"
2019-09-11 02:15:06 -04:00
Glenn Strauss 4ac239c401 [mod_maxminddb] MaxMind GeoIP2 support 2019-05-26 10:21:57 -04:00
Glenn Strauss 52c489837f [build] detect FreeBSD elftc_copyfile() 2019-05-05 23:05:02 -04:00
Glenn Strauss b9e2be50c9 [mod_auth] HTTP Auth Digest algorithm=SHA-256
(also support Digest algorithm=SHA-512-256 if library support present)

enable additional algorithms by configuring lighttpd.conf auth.require
with new optional keyword "algorithm" => "MD5|SHA-256"

default algorithm remains MD5 if "algorithm" not specified

Tested with: curl --digest -u "user:pass" ... (which supports SHA-256)

  "HTTP Digest Access Authentication"
2019-03-07 00:32:17 -05:00
Glenn Strauss c8f9658536 [core] remove server.h 2019-02-04 03:01:33 -05:00
Glenn Strauss 4608ddec2f [build] autotools: try mysqlclient.pc and mariadb.pc (fixes #2925)
(thx helmut)

  "autotools cross build failure with lighttpd"
2019-01-19 17:42:12 -05:00
Glenn Strauss f03e5e239d [tests] t/test_keyvalue
create t/test_keyvalue to replace sparse tests in
  tests/mod-redirect.t and tests/mod-rewrite.t
remove tests/mod-redirect.t and tests/mod-rewrite.t
2018-12-10 22:36:23 -05:00
Glenn Strauss 5a32d0f72a [mod_access] t/test_mod_access
create t/test_mod_access to test mod_access basic logic
remove tests/mod-access.t
2018-12-03 23:03:04 -05:00
Glenn Strauss 8aad091613 [mod_evhost] t/test_mod_evhost
create t/test_mod_evhost to test mod_evhost basic logic
remove tests/mod-evhost.t
2018-12-03 23:03:04 -05:00
Glenn Strauss b2a6239851 [mod_simple_vhost] t/test_mod_simple_vhost
create t/test_mod_simple_vhost to test mod_simple_vhost basic logic
remove tests/mod-simplevhost.t, which was not testing mod_simple_vhost
2018-12-03 23:03:04 -05:00
Glenn Strauss 368630d925 [TLS] sys-crypto.h abstraction 2018-09-26 01:08:24 -04:00
Glenn Strauss 2dbcfc9266 [core] inline status_counter routines 2018-09-23 18:01:58 -04:00
Glenn Strauss 002a4c524d [core] array_get_int_ptr() 2018-09-23 18:01:58 -04:00
Glenn Strauss 66ff05db8f [tests] t/test_array.c
(more tests should be added, but starting with something has benefits)
2018-09-23 18:01:58 -04:00
Glenn Strauss df4812ec2e [mod_authn_pam] mod_auth PAM support (fixes #688)
  "auth via pam"
2018-09-23 18:01:58 -04:00
Glenn Strauss 3dd3cde902 [core] abstraction layer for HTTP header manip
convert existing calls to manip request/response headers
convert existing calls to manip environment array (often header-related)
2018-09-23 18:01:58 -04:00
Glenn Strauss c4d743bb4d mod_sockproxy - socket forwarding
2018-08-12 14:43:22 -04:00
Glenn Strauss f832b71180 [mod_redirect,mod_rewrite] base64url encoding opt
Provide means to encode redirect and rewrite backreference substitutions

  %{encb64u:...} encode to base64url characters (no-padding)
  %{decb64u:...} decode from base64url characters
2018-08-12 14:43:22 -04:00
Glenn Strauss 3eb7902e10 [core] server.http-parseopts URL normalization opt (fixes #1720)
server.http-parseopts = ( ... ) URL normalization options

Note: *not applied* to CONNECT method

Note: In a future release, URL normalization likely enabled by default
  (normalize URL, reject control chars, remove . and .. path segments)
  To prepare for this change, lighttpd.conf configurations should
  explicitly select desired behavior by enabling or disabling:
    server.http-parseopts = ( "url-normalize" => "enable", ... )
    server.http-parseopts = ( "url-normalize" => "disable" )

  "lighttpd ... compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data."
  "Rewrite/redirect rules and URL encoding"
2018-08-12 14:43:22 -04:00
Glenn Strauss 6ccccaaa38 [tests] move src/test_*.c to src/t/ 2018-08-05 03:44:15 -04:00
Glenn Strauss a46bc4f5de [core] remove proc_open.[ch], reduce stdio.h use 2018-08-05 03:44:15 -04:00
Glenn Strauss c56b21084e [core] http_kv.[ch] method, status, version str
move method, status, version strings from keyvalue.[ch] to http_kv.[ch]
2018-08-05 03:44:15 -04:00
Glenn Strauss 1b62dc325c [tests] test_request unit tests
unit tests for request processing
collect existing request processing tests from Perl tests/*.t
(test_request.c runs *much* more quickly than Perl tests/*.t)
2018-08-05 03:44:15 -04:00
Glenn Strauss e8c1efd5df [core] data_config_pcre_compile,exec()
collect PCRE usage related to config processing
2018-08-05 03:44:15 -04:00
Glenn Strauss d61714dd0d [mod_authn_sasl] SASL auth (new) (fixes #2275)

HTTP Basic authentication using saslauthd

server.modules += ( "mod_auth" )
server.modules += ( "mod_authn_sasl" )
auth.backend = "sasl"
auth.backend.sasl.opts = ( "pwcheck_method" => "saslauthd" ) # default

  "SASL auth like libapache2-mod-authn-sasl"
2017-11-05 20:11:07 -05:00
Glenn Strauss 8f3bbd7f13 [core] isolate backend fdevent handler defs 2017-11-03 23:02:08 -04:00
Glenn Strauss 142971a80c [core] consolidate backend network write handlers
network_write.[ch] isolates various write, writev, sendfile wrappers
2017-11-02 00:41:53 -04:00
Glenn Strauss 1367f60626 [core] isolate sock_addr manipulation 2017-10-29 01:23:19 -04:00
Stefan Bühler 16c4530e61 [meson] new build system
Needed to extend lemon to take an output path parameter.
2017-10-28 22:54:45 -04:00
Glenn Strauss 3c8afd194c [core] base_decls.h to quiet compiler warnings
quiet compiler warning for -Wtypedef-redefinition
(redefinition of typedef is a C11 feature)
2017-07-30 23:45:01 -04:00
Glenn Strauss 477534084a [mod_wstunnel] websocket tunnel to other protocol

decodes websockets and passes body back and forth from backend
(body could be known protocol such as JSON, or any custom protocol)

originally based off
2017-07-25 02:29:23 -04:00
Glenn Strauss 889db409dc [core] add public domain SHA1() if no crypto
add public domain SHA1() if not linking with crypto lib

obtained from
 * Originally written by Steve Reid <>
 * Modified by Aaron D. Gifford <>
 * The original unmodified version is available at:
2017-07-25 02:07:49 -04:00
Glenn Strauss 45b970e69b [core] shared code for socket backends
common codebase for socket backends, based off mod_fastcgi with
some features added for mod_proxy

(mostly intended to reduce code duplication and enhance code isolation)

mod_fastcgi and mod_scgi can now use fastcgi.balance and scgi.balance
  for similar behavior as proxy.balance, but the balancing is per-host
  and not per-proc.  proxy.balance is also per-host and not per-proc.

mod_proxy and mod_scgi can now use and, similar to

mod_fastcgi behavior change (affects only mod_status):
- statistics tags have been renamed from "fastcgi.*" to "gw.*"
  "fastcgi.backend.*"       -> "gw.backend.*"
  "" -> ""
  ("fastcgi.requests" remains "fastcgi.requests")
  ("proxy.requests" is new)
  ("scgi.requests" is new)

mod_scgi behavior change (likely minor):
- removed scgi_proclist_sort_down() and scgi_proclist_sort_up().
  procs now chosen based on load as measured by num socket connnections

modules using gw_backend.[ch] are currently still independent modules.
If it had been written as a single module with fastcgi, scgi, proxy
implementations, then there would have been a chance of breaking some
existing user configurations where module ordering made a difference
for which module handled a given request, though for most people, this
would have made no difference.

Details about mod_fastcgi code transformations:
unsigned int debug -> int debug
fastcgi_env member removed from plugin_config
renamed "fcgi" and "fastcgi" to "gw", and "FCGI" to "GW"
reorganize routines for high-level and lower-level interfaces
some lower-level internal interfaces changed to use host,proc,debug
  args rather than knowing about higher-level (app) hctx and plugin_data
tabs->spaces and reformatting
2017-07-23 19:02:00 -04:00
Glenn Strauss 9b9f445a7b [mod_proxy] move data_fastcgi into mod_proxy.c
(data_fastcgi is used only by mod_proxy at this point)
2017-07-15 22:42:15 -04:00
Glenn Strauss 8913dc4e59 [mod_extforward] compile on OSX
define MSG_DONTWAIT and MSG_NOSIGNAL to be no-ops on platforms
without support.  (fd should already be configured O_NONBLOCK
and SIGPIPE signal is configured to be ignored)

(thx avij and wardw)
2017-05-15 22:02:32 -04:00
Glenn Strauss 2986221cab [core] sys-strings.h abstraction for strings.h 2017-04-24 10:14:17 -04:00
Glenn Strauss daa94fceee [core] move version.h logic into server.c
and remove version.h
2017-02-12 00:55:44 -05:00
Glenn Strauss 2f83aac9fb mod_vhostdb* (dbi,mysql,pgsql,ldap) (fixes #485, fixes #1936, fixes #2297)
mod_vhostdb - vhost docroot lookups


mod_vhostdb_mysql  (now preferred over mod_mysql_vhost.c)

STATUS: experimental  (testing and feedback appreciated)

  "PostgreSQL virtual host support"
  "LDAP Virtual Host Definition Storage Integration"
  "mod_dbi_vhost (patch included)"
2017-01-31 14:36:15 -05:00
Glenn Strauss 86d0396761 [build] only mod_openssl depends on -lssl
some other modules depend only on -lcrypto, when available,
for SHA1, HMAC, MD5, etc
2017-01-31 14:36:14 -05:00
Glenn Strauss bdbea2aea8 [mod_openssl] move openssl code into mod_openssl
large code move, but minimal changes made to code (besides whitespace),
so that code builds

next: need to isolate openssl data structures and config parsing
2017-01-14 01:06:16 -05:00