Commit Graph

88 Commits

Author SHA1 Message Date
Glenn Strauss e00deb5578 [mod_nss] NSS option for TLS (fixes #1218)


mod_nss supports most ssl.* config options supported by mod_openssl

  "alternate ssl backend"
2020-07-08 22:51:32 -04:00
Glenn Strauss a479d08b7c [mod_extforward] config warning for module order
expand config warning for module load order to include other TLS modules
2020-07-08 22:51:31 -04:00
Glenn Strauss c18f442a63 [multiple] add summaries to top of some modules 2020-07-08 22:51:31 -04:00
Glenn Strauss 10dbe38a92 [core] stricter parse of numerical digits
stricter parse of numerical digits for http status code, port num,
and a few other places.  (stricter parse than that of strtol())

content ranges are still parsed more loosely at points of use
2020-07-08 22:51:31 -04:00
Glenn Strauss c752d4696e [multiple] correct misspellings in comments
  "Script for fixing spelling errors with codespell"
2020-07-08 19:54:30 -04:00
Glenn Strauss 7c7f8c467c [multiple] split con, request (very large change)
NB: r->tmp_buf == srv->tmp_buf (pointer is copied for quicker access)

NB: request read and write chunkqueues currently point to connection
    chunkqueues; per-request and per-connection chunkqueues are
    not distinct from one another
      con->read_queue  == r->read_queue
      con->write_queue == r->write_queue

NB: in the future, a separate connection config may be needed for
    connection-level module hooks.  Similarly, might need to have
    per-request chunkqueues separate from per-connection chunkqueues.
    Should probably also have a request_reset() which is distinct from
2020-07-08 19:54:29 -04:00
Glenn Strauss 31d9495330 [core] store subrequest_handler instead of mode
store pointer to module in handler_module instead of con->mode id
2020-07-08 19:54:29 -04:00
Glenn Strauss 100dfaa3f3 [core] move plugin_ctx into (request_st *)
NB: in the future, a separate plugin_ctx may be needed for
    connection-level plugins to keep state across multiple requests
2020-07-08 19:54:29 -04:00
Glenn Strauss 1dd58c5ad8 [multiple] con->proto_default_port 2020-07-08 19:54:28 -04:00
Glenn Strauss 034d7d6734 [core] http_request_host_policy w/ http_parseopts
pass http_parseopts arg (instead of con) to http_request_host_policy()
2020-07-08 19:54:28 -04:00
Glenn Strauss 03b4c993d2 [multiple] generic config array type checking 2020-07-08 19:54:28 -04:00
Glenn Strauss 50bdb55de8 [multiple] connection hooks no longer get (srv *)
(explicit (server *) not passed; available in con->srv)
2020-07-08 19:54:28 -04:00
Glenn Strauss 010c28949c [multiple] prefer (connection *) to (srv *)
convert all log_error_write() to log_error() and pass (log_error_st *)

use con->errh in preference to srv->errh (even though currently same)

avoid passing (server *) when previously used only for logging (errh)
2020-07-08 19:54:28 -04:00
Glenn Strauss 24680a9142 [core] array_init() arg for initial size 2020-07-08 18:08:52 -04:00
Glenn Strauss 5977ce2b4a [core] isolate use of data_config, configfile.h 2020-07-08 18:08:52 -04:00
Glenn Strauss b73949e03f [multiple] plugin.c handles common FREE_FUNC code
(simpler for modules; less boilerplate to cut-n-paste)
2020-07-08 18:08:51 -04:00
Glenn Strauss e38e907f86 [mod_extforward] use config_plugin_values_init() 2020-07-08 18:08:51 -04:00
Glenn Strauss e2de4e581e [core] const char *name in struct plugin
put void *data (always used) as first member of struct plugin

add int nconfig member to PLUGIN_DATA

calloc() inits p->data to NULL
2020-05-23 17:59:29 -04:00
Glenn Strauss 36f64b26a1 [core] simpler config_check_cond()
optimize for common case where condition has been evaluated for
the request and a cached result exists

(also: begin isolating data_config)
2020-05-23 17:59:29 -04:00
Glenn Strauss 6eb34ef5ab [core] add const to callers of http_header_*_get()
(The few places where value is modified in-place were not made const)
2020-02-24 11:15:32 -05:00
Glenn Strauss 601c572c39 [core] inline buffer as part of data_string value
(instead of value being (buffer *))
2020-02-24 11:15:32 -05:00
Glenn Strauss 47a758f959 [core] inline buffer key for *_patch_connection()
handle buffer key as part of DATA_UNSET in *_patch_connection()
(instead of key being (buffer *))
2020-02-24 11:15:32 -05:00
Glenn Strauss ad9b7e009b [core] inline buffer as part of DATA_UNSET key
(instead of key being (buffer *))
2020-02-24 11:15:32 -05:00
Glenn Strauss 83535bbef3 [core] differentiate array_get_* for ro and rw
array_get_element_klen() is now intended for read-only access
array_get_data_unset() is used by config processing for r/w access
array_get_buf_ptr() is used for r/w access to ds->value (string buffer)
2020-02-24 11:15:32 -05:00
Glenn Strauss 2fd0faf1bf [mod_extforward] simplify code: use light_isxdigit 2020-02-24 11:15:32 -05:00
Glenn Strauss fc42ec12d9 [multiple] replace strcasecmp() on short strings 2019-06-06 02:48:43 -04:00
Glenn Strauss e3874a20ba [core] use buffer_eq_icase* funcs
specialized buffer_eq_icase* funcs replace buffer_caseless_compare()
2019-06-06 02:48:43 -04:00
Mohammed Sadiq 6a988bb0d0 [multiple] cleaner calloc use in SETDEFAULTS_FUNC
github: closes #99

  "cleaner calloc use in SETDEFAULTS_FUNC"
2019-04-20 02:09:04 -04:00
Glenn Strauss b31e7840d5 [multiple] quiet clang --analyze where trivial
quiet clang --analyze warnings where trivial to do so
2019-01-21 18:05:10 -05:00
Glenn Strauss f69bd9cdb8 [core] perf: simple, quick buffer_clear()
quickly clear buffer instead of buffer_string_set_length(b, 0) or
buffer_reset(b).  Avoids free() of large buffers about to be reused,
or buffers that are module-scoped, persistent, and reused.

(buffer_reset() should still be used with buffers in connection *con
 when the data in the buffers is supplied by external, untrusted source)
2018-11-23 00:37:38 -05:00
Glenn Strauss 810109cc34 [multiple] code reuse: using array_*() funcs 2018-09-23 18:01:58 -04:00
Glenn Strauss 3dd3cde902 [core] abstraction layer for HTTP header manip
convert existing calls to manip request/response headers
convert existing calls to manip environment array (often header-related)
2018-09-23 18:01:58 -04:00
Glenn Strauss a7c27c9f99 [core] code reuse with array_insert_key_value()
code reuse with array_insert_key_value() and related array manipulation
2018-09-16 05:18:05 -04:00
Glenn Strauss 04d76e7afd [core] some header cleanup
provide standard types in first.h instead of base.h
provide lighttpd types in base_decls.h instead of settings.h
reduce headers exposed by headers for core data structures
  do not expose <pcre.h> or <stdlib.h> in headers
move stat_cache_entry to stat_cache.h
reduce use of "server.h" and "base.h" in headers
2018-04-08 22:22:23 -04:00
Glenn Strauss 78e25f0f50 [mod_extforward] allow explict IPs to be untrusted (#2860)
Allowing explicit IPs to be rejected might be useful in situations
where an internal network is to be allowed by CIDR mask, but there are
a small number of untrusted hosts on the network, e.g. hosts behind a
NAT to which some external ports are forwarded.

CIDR masks must be marked "trust", or else are ignored with a warning.

  "RFE: mod_extforward CIDR support"
2018-03-13 00:08:10 -04:00
Glenn Strauss fc7edb3946 [mod_extforward] CIDR support for trusted proxies (fixes #2860)
  "RFE: mod_extforward CIDR support"
2018-03-04 07:16:16 -05:00
Glenn Strauss 84b5064dc4 [core] discard from socket using recv MSG_TRUNC
discard from socket using recv MSG_TRUNC on Linux TCP SOCK_STREAM socket

Currently, lighttpd supports only TCP SOCK_STREAM.  If UDP SOCK_DGRAM
were to be supported in the future, then socket type will need to be
stored so that MSG_TRUNC is used appropriately for the desired effect.

To find out socket type on arbitrary socket fd:
  getsockopt(..., SOL_SOCKET, SO_TYPE, ...)
but better to store it with each listening socket.
2017-12-11 21:35:31 -05:00
Glenn Strauss 1367f60626 [core] isolate sock_addr manipulation 2017-10-29 01:23:19 -04:00
Glenn Strauss dadfb5fcf5 [core] attempt to quiet coverity false positives 2017-08-12 21:43:04 -04:00
Glenn Strauss 9bc61f16cb [core] attempt to quiet coverity false positives 2017-08-12 15:39:12 -04:00
Glenn Strauss b6bd4d3d94 [mod_extforward] PROXY proto and SSL_CLIENT_VERIFY
Use config directive extforward.hap-PROXY-ssl-client-verify = "enable"
to enable setting SSL_CLIENT_VERIFY, REMOTE_USER, and AUTH_TYPE using
information provided by HAProxy PROXY protocol.
2017-08-06 23:32:33 -04:00
Glenn Strauss cdfddce707 [mod_extforward] typo in comment 2017-07-30 12:24:01 -04:00
Glenn Strauss 6a8de931ec [core] continue collecting use of netdb.h
continue collecting use of netdb.h into inet_ntop_cache.[ch]
2017-07-15 22:42:15 -04:00
Glenn Strauss b298e2acb0 [mod_extforward] quiet clang compiler warning
It does seem possible for PROXY protocol subelements to be misaligned
and a message has been sent to HAProxy author of the PROXY protocol.

On most modern processors and operating systems, misaligned access has a
cost, but not the outrageous cost that it historical had on processors
and older operating systems such as on SPARC processors running Solaris
prior to Solaris 11.
2017-05-17 21:55:32 -04:00
Glenn Strauss 86bb8be2c8 [core] perf: skip redundant strlen() if len known
performance: skip redundant strlen() if length is already known

introduce array_get_element_klen() to take key and klen params
2017-05-15 22:02:33 -04:00
Glenn Strauss 8913dc4e59 [mod_extforward] compile on OSX
define MSG_DONTWAIT and MSG_NOSIGNAL to be no-ops on platforms
without support.  (fd should already be configured O_NONBLOCK
and SIGPIPE signal is configured to be ignored)

(thx avij and wardw)
2017-05-15 22:02:32 -04:00
Glenn Strauss 40f72a41b9 [core] omit default port from normalized host str
omit default scheme port from normalized host string
2017-04-25 11:12:53 -04:00
Glenn Strauss 8e97c84c0f [core] fix stat_cache initialization error
fix stat_cache initialization error (coverity identified memory leak)
  (bug introduced when moving stat_cache_init code from server.c to

quell insignificant coverity warning in mod_extforward
2017-04-11 13:17:54 -04:00
Glenn Strauss bd0b2592d1 [mod_extforward] fix typos in Forwarded handling
also: add commented-out code for potentially creating X-Forwarded-For
from Forwarded, if X-Forwarded-For is not present.
2017-04-09 12:57:56 -04:00
Glenn Strauss 78cc72726d [mod_extforward] support HAProxy "PROXY" protocol (fixes #2804)
experimental support to receive requests via HAProxy "PROXY" protocol

  "The PROXY protocol - Versions 1 & 2"
  "support (HAProxy) PROXY protocol for receiving requests"
2017-04-07 02:31:13 -04:00