Commit Graph

2499 Commits (c383ff562ce53ed86ba6c0d6bb3d5a1bbfef2dba)

Author SHA1 Message Date
Glenn Strauss 20946a8b92 [mod_openssl] allow ssl.verifyclient on url paths (fixes #2245)
re-patch mod_openssl config within the request so that per-request
settings can be applied, such as activating client cert verification
for specific URL paths.

(This can be used in conjunction with auth.backend = "extern"
 to require auth to occur)

  "SSL : authenticate only clients for a particular URL"
2017-01-31 14:36:14 -05:00
Glenn Strauss f54d628cd5 [mod_auth] enable optional authz if extern authn (fixes #2481)
Set auth.extern-authn = "enable" to check REMOTE_USER (if set) against
require rules, and proceed if allowed.  If REMOTE_USER is not present,
or the require rules do not match, then check configured auth scheme.

REMOTE_USER might be set by another module, e.g. mod_openssl client cert
verification and REMOTE_USER configured with ssl.verifyclient.username)

  "[mod_auth] allow SSL clientcert authenticated users to bypass AUTH"
2017-01-31 14:36:14 -05:00
Glenn Strauss 86d0396761 [build] only mod_openssl depends on -lssl
some other modules depend only on -lcrypto, when available,
for SHA1, HMAC, MD5, etc
2017-01-31 14:36:14 -05:00
Glenn Strauss f5356302a7 [mod_geoip] call from handle_request_env hook
(instead of handle_subrequest_start hook)

The handle_request_env hook is called on demand by dynamic handlers
and this change makes mod_geoip available for mod_magnet lua code.
2017-01-31 14:36:14 -05:00
Glenn Strauss d0f17f1e10 [core] move connection_read_cq() to connections.c 2017-01-31 14:36:14 -05:00
Glenn Strauss 8960633dc7 [mod_openssl] move openssl config into mod_openssl
move openssl data structures and config parsing into mod_openssl
2017-01-31 14:36:10 -05:00
Glenn Strauss bdbea2aea8 [mod_openssl] move openssl code into mod_openssl
large code move, but minimal changes made to code (besides whitespace),
so that code builds

next: need to isolate openssl data structures and config parsing
2017-01-14 01:06:16 -05:00
Glenn Strauss 4364a4e029 [core] move network_open_file_chunk() to chunk.c
move network_open_file_chunk() to chunk.c:chunkqueue_open_file_chunk()
for reuse from modules
2017-01-14 01:06:16 -05:00
Glenn Strauss cb9ebe9fa6 [mod_openssl] new module (preliminary layout) 2017-01-14 01:06:16 -05:00
Glenn Strauss cb7ed13621 [core] new plugin hooks to help isolate SSL
handle_request_env        (called on demand by handlers to populate env)
handle_connection_shut_wr (was handle_connection_close)
handle_connection_close   (now occurs at socket close())
2017-01-14 01:06:16 -05:00
Glenn Strauss 2bc94dee82 [core] con interface for read/write; isolate SSL 2017-01-14 01:06:16 -05:00
Glenn Strauss 93fc82c4ac [mod_mysql_vhost] remove dev debug code 2017-01-14 01:06:16 -05:00
Glenn Strauss 1adf1df285 remove redundant calls to end-of-request hooks
The (misnamed) connection_reset hook is always called after a request,
whether request completes or is aborted, and whether keep-alive or not,
so no needed to repeat the same function in the handle_connection_close
2017-01-14 01:06:16 -05:00
Glenn Strauss a801ef55a0 [TLS] mark code that uses -lcrypto but not -lssl
mark code that uses openssl -lcrypto with USE_OPENSSL_CRYPTO
to note that it does not depend on openssl -lssl (USE_OPENSSL)
2017-01-14 01:06:16 -05:00
Glenn Strauss b0d63e31e8 - next is 1.4.46 2017-01-14 01:06:00 -05:00
Glenn Strauss f9b391645f [mod_cgi] check cgi fd for num bytes ready to read
(fix code which incorrectly checked con->fd, which may have resulted
 in suboptimal buffer size for read)
2017-01-13 15:02:53 -05:00
Glenn Strauss 83b2b71527 [tests] give time for periodic jobs to detect exit
give time for periodic jobs to detect backend exit
2017-01-10 19:18:36 -05:00
Glenn Strauss 16f171588f [tests] FCGI_Finish() final request before exit 2017-01-10 18:16:35 -05:00
Glenn Strauss 32443ea1c7 [tests] update test skip count for !fcgi-responder 2017-01-10 17:04:11 -05:00
Glenn Strauss 4f00aafcde [doc] NEWS 2017-01-10 16:24:27 -05:00
Glenn Strauss b03c496298 [TLS] = "disable" for low mem (fixes #2778)
new directive = "enable"/"disable" to control
SSL_CTX_set_read_ahead().  Default "enable".  The "disable" setting
is intended for use on low memory systems with a slow CPU which is
unable to keep up with decryption of large request bodies.

  "larger memory usage for file uploads via SSL on embedded system"
2017-01-10 15:59:50 -05:00
Glenn Strauss be520a8058 [mod_scgi] detect child exit, restart proactively
(instead of detecting upon a subsequent HTTP request)

(for backends spawned by mod_scgi)
2017-01-10 07:55:18 -05:00
Glenn Strauss 64df38aad8 [mod_fastcgi] detect child exit, restart proactively
(instead of detecting upon a subsequent HTTP request)

(for backends spawned by mod_fastcgi)
2017-01-10 07:54:47 -05:00
Glenn Strauss 987a76ff58 [mod_webdav] fix crash when plugin_ctx cleaned up (fixes #2780)
fixes error trace
  (connections.c.273) missing cleanup in webdav

(thx nickrickard)

  "mod_webdav crash with keep-alive (1.4.44)"
2017-01-09 22:27:54 -05:00
Glenn Strauss f57d8c54b4 [mod_cgi] skip local-redir handling if to self (fixes #2779, #2108)
Loosen local redirect handling in mod_cgi to skip handling as local
redirect if the Location matches con->uri.path, since if the request
is intended to redirect back to the same CGI using the same request
method, path info, and query string, the CGI would logically just
return the final intended response.  Loosening this handling avoids a
problem with applications (potentially) accessible through multiple
gateways, where the application is not aware of this specific handling
of Location in the Common Gateway Interface (CGI/1.1), the application
sends abs-path in the Location response header instead of absoluteURI,
and the application expects the client to receive this Location response
header instead of the server to process as a CGI local redirect.

One example of such an application is LuCI,
which sends Set-Cookie with Location: /abs-path

(Note that this loose check for matching con->uri.path is not perfect
 and might not match if the CGI returned a path with a different case
 and the server is on a case-insensitive filesystem, or if the path
 returned by the CGI is rewritten elsewhere to a different con->uri.path
 before getting to mod_cgi.)

RFC3875 CGI 1.1 specification section 6.2.2 Local Redirect Response

  "CGI local-redir handling conflicts with LuCI redirect w/ Set-Cookie"
  "CGI local redirect not implemented correctly"
2017-01-09 22:27:53 -05:00
Glenn Strauss 656f9e454d - next is 1.4.45 2016-12-24 01:07:46 -05:00
Glenn Strauss 367bc5fd28 [doc] NEWS 2016-12-23 20:49:46 -05:00
Glenn Strauss 38d00abd8f [TLS] openssl 1.1.0 makes SSL_OP_NO_SSLv2 no-op
silence coverity warning

openssl 1.1.0 makes SSL_OP_NO_SSLv2 flag a no-op, leading to
logically dead code when used with openssl 1.1.0.  However, the code
is still valid with earlier openssl versions, and so must be preserved.
2016-12-23 07:36:30 -05:00
Stefan Bühler a09d80dfd1 fix SCons fullstatic build with glibc pthreads
[with some modifications by gstrauss]
2016-12-23 02:16:32 -05:00
Glenn Strauss c718064911 [mod_cgi] fall back to pipe() if pipe2() fails
This change should fix an issue with lighttpd on Debian kfreebsd-* arch
  (kfreebsd-amd64 and kfreebsd-i386)
.libs/mod_cgi.o: In function `cgi_create_env':
./src/mod_cgi.c:1103: warning: pipe2 is not implemented and will always fail

lighttpd is single-threaded so there is no race with pipe()
and then fcntl() F_SETFD FD_CLOEXEC on the pair of pipe fds.
Using pipe2() where available is still slightly more efficient
by eliding the syscalls to set FD_CLOEXEC.
2016-12-23 01:51:38 -05:00
Glenn Strauss 2ca402c64d [mod_proxy] proxy.replace-http-host enable/disable
mark directive as taking boolean value, not integer value
2016-12-22 12:44:51 -05:00
Glenn Strauss 15bc2313a4 [tests] mark tests/docroot/www/*.pl scripts a+x 2016-12-22 05:40:37 -05:00
Glenn Strauss 0f4cc0d697 [mod_evhost] fix an incorrect error trace 2016-12-19 02:50:46 -05:00
Glenn Strauss 22ca2778a8 [build] check for pipe2() at configure time
Lack of pipe2() on relic Unix as well as missing on Mac OSX is likely
one reason why threaded web servers such as nginx choose not to support
CGI except via an external service to the process.  Without pipe2(),
race conditions exist and it is not safe for a threaded server to use
pipe() and fork() when the server also does not want to potentially leak
open file descriptors to various unrelated CGI scripts.
2016-12-17 18:07:42 -05:00
Glenn Strauss 9619d643ff [build] compile fixes for AIX
x-ref:  (see comments section)
2016-12-17 17:54:53 -05:00
Glenn Strauss 17f6595e1a [mod_secdownload] warn if SHA used w/o SSL crypto
issue warning at startup, instead of fatal error, if SHA used in
secdownload.algorithm = "..." but mod_secdownload was built without
SSL crypto.  When lighttpd is built without openssl, this allows most
tests/* to be run and pass, except the ones in tests/mod-secdownload.t
which use "hmac-sha1" or "hmac-sha256".

(alternatively, could have made, used isolated tests/secdownload.conf)
2016-12-17 16:56:55 -05:00
Glenn Strauss 6598968796 [mod_proxy] proxy.balance = "sticky" option (fixes #2117)
attempt to route requests to same backends based on requestor (client)
IP address and target host and port of request.

(thx bra)

  "Source IP sticky load balancing patch"
2016-12-17 02:16:21 -05:00
Glenn Strauss 539deb7370 [autobuild] set NO_RDYNAMIC=yes for midipix
(thx Redfoxmoon)
2016-12-16 17:43:10 -05:00
Glenn Strauss 4d7f5737f1 [core] support Transfer-Encoding: chunked req body (fixes #2156)
support Transfer-Encoding: chunked request body in conjunction with = 0

dynamic handlers will still return 411 Length Required if = 1 or 2 (!= 0)
  since CGI-like env requires CONTENT_LENGTH be set
  (and mod_proxy currently sends HTTP/1.0 requests to backends,
   and Content-Length recommended for robust interaction with backend)

  "request: support Chunked Transfer Coding for HTTP PUT"
2016-12-16 16:58:04 -05:00
Glenn Strauss f792d84cf9 [core] fix segfault when parsing a bad config file
(thx goblin)

  "fix a segfault when parsing a bad config file"

github: closes #75
2016-12-16 08:38:53 -05:00
Glenn Strauss ede9b3fc4c [core] consolidate duplicated read-to-close code
more efficiently detect end-of-stream when closing connection

log fd prior to resetting fd to -1 when log_state_handling enabled
2016-12-13 18:47:08 -05:00
Glenn Strauss c367b1ca80 [mod_ssi] implement, ignore <!--#comment ... --> 2016-12-11 13:25:07 -05:00
Glenn Strauss 185e262bf5 [mod_ssi] basic recursive SSI include virtual (fixes #536)
EXPERIMENTAL: basic recursive SSI <!--#include virtual="..." -->
Marked experimental since behavior may change in future.

Prior behavior was simpler and treated them all as files included as-is.

New behavior treats all #include virtual="..." targets as SSI files.

In the future, this may change to be a full recursive subrequest and the
virtual path may be treated as a new subrequest and might be something
other than SSI (e.g. might be CGI).  This has not been implemented.

Current behavior processes <!--#include virtual="..." --> as static file
Enable new behavior by setting ssi.recursion-max to value other than 0.
ssi.recursion-max = X to set maximum recusion depth

  "add recursion to the SSI #include directive"
2016-12-11 02:40:58 -05:00
Glenn Strauss 879ce0b534 [mod_proxy] replace HTTP Host sent to backend (fixes #2770)
replace HTTP Host sent to backend if configured with
  proxy.replace-http-host = "enable"
and lighttpd.conf proxy.server definition provides replacement Host

(thx altblue)

  "Override proxified Host header"
2016-12-10 01:37:49 -05:00
Glenn Strauss 090985af6b [mod_dirlisting] render dirlisting as HTML (fixes #2767)
(thx altblue)

  "Render dirlisting as HTML"
2016-12-10 01:36:00 -05:00
Glenn Strauss da86a596f5 [core] permit connection-level state in modules
modules may now keep state for the lifetime of a connection,
rather than being required to be reset after every request (when
there can be multiple keep-alive requests on the same connection)
2016-12-09 02:44:38 -05:00
Glenn Strauss 28c8fec42b [core] defer li_rand_init() until first use
defer li_rand_init() until first use of li_rand_pseudo_bytes()

li_rand_init() is now deferred until first use so that installations
that do not use modules which use these routines do need to potentially
block at startup.  Current use by core lighttpd modules is in mod_auth
HTTP Digest auth and in mod_usertrack.  Deferring collection of random
data until first use may allow sufficient entropy to be collected by
kernel before first use, helping reduce or avoid situations in
low-entropy-generating embedded devices which might otherwise block
lighttpd for minutes at device startup.  Further discussion in
2016-12-09 02:17:52 -05:00
Glenn Strauss 544ccee5e1 [core] remove srv->entropy[]
unlikely to provide any real additional benefit as long as
PRNG has been appropriately initialized with random data
2016-12-09 01:40:46 -05:00
Glenn Strauss 83ec97a054 [mod_ssi] produce content in subrequest hook
(prerequisite for future mod_ssi enhancements)

This commit also addresses the concern that mod_geoip would
(previously) need to be listed in modules prior to mod_ssi.
2016-12-06 13:32:29 -05:00
Glenn Strauss ac9822f468 [core] combine duplicated connection reset code
connection_reset() now calls connection_response_reset()
instead of duplicating the code in both routines
2016-12-05 22:53:09 -05:00