source: mod_gnutls/include/mod_gnutls.h.in @ 771ca63

debian/masterdebian/stretch-backportsjessie-backportsmsvaupstream
Last change on this file since 771ca63 was 771ca63, checked in by Nikos Mavrogiannopoulos <nmav@…>, 9 years ago

The GnuTLSCache variable now can be given the specific
option "sdbm" instead of "dbm". "dbm" will use the default
dbm type of libapr while sdbm will force sdbm to be used.

  • Property mode set to 100644
File size: 9.8 KB
Line 
1/**
2 *  Copyright 2004-2005 Paul Querna
3 *
4 *  Licensed under the Apache License, Version 2.0 (the "License");
5 *  you may not use this file except in compliance with the License.
6 *  You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 *  Unless required by applicable law or agreed to in writing, software
11 *  distributed under the License is distributed on an "AS IS" BASIS,
12 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 *  See the License for the specific language governing permissions and
14 *  limitations under the License.
15 *
16 */
17
18#include "httpd.h"
19#include "http_config.h"
20#include "http_protocol.h"
21#include "http_connection.h"
22#include "http_request.h"
23#include "http_core.h"
24#include "http_log.h"
25#include "apr_buckets.h"
26#include "apr_strings.h"
27#include "apr_tables.h"
28#include "ap_release.h"
29
30#include <gnutls/gnutls.h>
31#include <gnutls/extra.h>
32#include <gnutls/openpgp.h>
33#include <gnutls/x509.h>
34
35#ifndef __mod_gnutls_h_inc
36#define __mod_gnutls_h_inc
37
38#define HAVE_APR_MEMCACHE    @have_apr_memcache@
39
40extern module AP_MODULE_DECLARE_DATA gnutls_module;
41
42#define GNUTLS_OUTPUT_FILTER_NAME "gnutls_output_filter"
43#define GNUTLS_INPUT_FILTER_NAME "gnutls_input_filter"
44
45#define GNUTLS_ENABLED_FALSE 0
46#define GNUTLS_ENABLED_TRUE  1
47
48#define MOD_GNUTLS_VERSION "@MOD_GNUTLS_VERSION@"
49
50#define MOD_GNUTLS_DEBUG @OOO_MAINTAIN@
51
52/* Recent Versions of 2.1 renamed several hooks. This allows us to
53   compile on 2.0.xx  */
54#if AP_SERVER_MINORVERSION_NUMBER >= 2 || (AP_SERVER_MINORVERSION_NUMBER == 1 && AP_SERVER_PATCHLEVEL_NUMBER >= 3)
55#define USING_2_1_RECENT 1
56#endif
57
58#ifndef USING_2_1_RECENT
59#define USING_2_1_RECENT 0
60#endif
61
62typedef enum
63{
64    mgs_cache_none,
65    mgs_cache_dbm,
66    mgs_cache_sdbm,
67#if HAVE_APR_MEMCACHE
68    mgs_cache_memcache
69#endif
70} mgs_cache_e;
71
72typedef struct
73{
74    int client_verify_mode;
75    const char* lua_bytecode;
76    apr_size_t lua_bytecode_len;
77} mgs_dirconf_rec;
78
79
80/* The maximum number of certificates to send in a chain
81 */
82#define MAX_CHAIN_SIZE 8
83
84typedef struct
85{
86    gnutls_certificate_credentials_t certs;
87    gnutls_srp_server_credentials_t srp_creds;
88    gnutls_anon_server_credentials_t anon_creds;
89    char* cert_cn;
90    gnutls_x509_crt_t certs_x509[MAX_CHAIN_SIZE]; /* A certificate chain */
91    unsigned int certs_x509_num;
92    gnutls_x509_privkey_t privkey_x509;
93    gnutls_openpgp_crt_t cert_pgp; /* A certificate chain */
94    gnutls_openpgp_privkey_t privkey_pgp;
95    int enabled;
96    /* whether to send the PEM encoded certificates
97     * to CGIs
98     */
99    int export_certificates_enabled;
100    gnutls_priority_t priorities;
101    gnutls_rsa_params_t rsa_params;
102    gnutls_dh_params_t dh_params;
103    int cache_timeout;
104    mgs_cache_e cache_type;
105    const char* cache_config;
106    const char* srp_tpasswd_file;
107    const char* srp_tpasswd_conf_file;
108    gnutls_x509_crt_t *ca_list;
109    gnutls_openpgp_keyring_t pgp_list;
110    unsigned int ca_list_size;
111    int client_verify_mode;
112    apr_time_t last_cache_check;
113    int tickets; /* whether session tickets are allowed */
114} mgs_srvconf_rec;
115
116typedef struct {
117    int length;
118    char *value;
119} mgs_char_buffer_t;
120
121typedef struct
122{
123    mgs_srvconf_rec *sc;
124    conn_rec* c;
125    gnutls_session_t session;
126
127    apr_status_t input_rc;
128    ap_filter_t *input_filter;
129    apr_bucket_brigade *input_bb;
130    apr_read_type_e input_block;
131    ap_input_mode_t input_mode;
132    mgs_char_buffer_t input_cbuf;
133    char input_buffer[AP_IOBUFSIZE];
134
135    apr_status_t output_rc;
136    ap_filter_t *output_filter;
137    apr_bucket_brigade *output_bb;
138    char output_buffer[AP_IOBUFSIZE];
139    apr_size_t output_blen;
140    apr_size_t output_length;
141
142    int status;
143    int non_https;
144} mgs_handle_t;
145
146/** Functions in gnutls_io.c **/
147
148/**
149 * mgs_filter_input will filter the input data
150 * by decrypting it using GnuTLS and passes it cleartext.
151 *
152 * @param f     the filter info record
153 * @param bb    the bucket brigade, where to store the result to
154 * @param mode  what shall we read?
155 * @param block a block index we shall read from?
156 * @return result status
157 */
158apr_status_t mgs_filter_input(ap_filter_t * f,
159                                     apr_bucket_brigade * bb,
160                                     ap_input_mode_t mode,
161                                     apr_read_type_e block,
162                                     apr_off_t readbytes);
163
164/**
165 * mgs_filter_output will filter the encrypt
166 * the incoming bucket using GnuTLS and passes it onto the next filter.
167 *
168 * @param f     the filter info record
169 * @param bb    the bucket brigade, where to store the result to
170 * @return result status
171 */
172apr_status_t mgs_filter_output(ap_filter_t * f,
173                                      apr_bucket_brigade * bb);
174
175
176/**
177 * mgs_transport_read is called from GnuTLS to provide encrypted
178 * data from the client.
179 *
180 * @param ptr     pointer to the filter context
181 * @param buffer  place to put data
182 * @param len     maximum size
183 * @return size   length of the data stored in buffer
184 */
185ssize_t mgs_transport_read(gnutls_transport_ptr_t ptr,
186                                  void *buffer, size_t len);
187
188/**
189 * mgs_transport_write is called from GnuTLS to
190 * write data to the client.
191 *
192 * @param ptr     pointer to the filter context
193 * @param buffer  buffer to write to the client
194 * @param len     size of the buffer
195 * @return size   length of the data written
196 */
197ssize_t mgs_transport_write(gnutls_transport_ptr_t ptr,
198                                   const void *buffer, size_t len);
199
200
201int mgs_rehandshake(mgs_handle_t * ctxt);
202
203
204
205/**
206 * Init the Cache after Configuration is done
207 */
208int mgs_cache_post_config(apr_pool_t *p, server_rec *s,
209                                 mgs_srvconf_rec *sc);
210/**
211 * Init the Cache inside each Process
212 */
213int mgs_cache_child_init(apr_pool_t *p, server_rec *s,
214                                mgs_srvconf_rec *sc);
215/**
216 * Setup the Session Caching
217 */
218int mgs_cache_session_init(mgs_handle_t *ctxt);
219
220#define GNUTLS_SESSION_ID_STRING_LEN \
221    ((GNUTLS_MAX_SESSION_ID + 1) * 2)
222   
223/**
224 * Convert a SSL Session ID into a Null Terminated Hex Encoded String
225 * @param id raw SSL Session ID
226 * @param idlen Length of the raw Session ID
227 * @param str Location to store the Hex Encoded String
228 * @param strsize The Maximum Length that can be stored in str
229 */
230char *mgs_session_id2sz(unsigned char *id, int idlen,
231                                char *str, int strsize);
232
233/**
234 * Convert a time_t into a Null Terminated String
235 * @param t time_t time
236 * @param str Location to store the Hex Encoded String
237 * @param strsize The Maximum Length that can be stored in str
238 */
239char *mgs_time2sz(time_t t, char *str, int strsize);
240
241
242/* Configuration Functions */
243
244const char *mgs_set_srp_tpasswd_conf_file(cmd_parms * parms, void *dummy,
245                                        const char *arg);
246const char *mgs_set_srp_tpasswd_file(cmd_parms * parms, void *dummy,
247                                        const char *arg);
248const char *mgs_set_dh_file(cmd_parms * parms, void *dummy,
249                                        const char *arg);
250const char *mgs_set_rsa_export_file(cmd_parms * parms, void *dummy,
251                                        const char *arg);
252const char *mgs_set_cert_file(cmd_parms * parms, void *dummy,
253                                        const char *arg);
254
255const char *mgs_set_key_file(cmd_parms * parms, void *dummy,
256                             const char *arg);
257
258const char *mgs_set_pgpcert_file(cmd_parms * parms, void *dummy,
259                                        const char *arg);
260
261const char *mgs_set_pgpkey_file(cmd_parms * parms, void *dummy,
262                             const char *arg);
263
264const char *mgs_set_cache(cmd_parms * parms, void *dummy,
265                          const char *type, const char* arg);
266
267const char *mgs_set_cache_timeout(cmd_parms * parms, void *dummy,
268                                  const char *arg);
269
270const char *mgs_set_client_verify(cmd_parms * parms, void *dummy,
271                                  const char *arg);
272
273const char *mgs_set_client_ca_file(cmd_parms * parms, void *dummy,
274                                   const char *arg);
275
276const char *mgs_set_keyring_file(cmd_parms * parms, void *dummy,
277                                   const char *arg);
278
279const char *mgs_set_enabled(cmd_parms * parms, void *dummy,
280                            const char *arg);
281const char *mgs_set_export_certificates_enabled(cmd_parms * parms, void *dummy,
282                            const char *arg);
283const char *mgs_set_priorities(cmd_parms * parms, void *dummy,
284                            const char *arg);
285const char *mgs_set_tickets(cmd_parms * parms, void *dummy,
286                            const char *arg);
287                           
288const char *mgs_set_require_section(cmd_parms *cmd,
289                                    void *mconfig, const char *arg);
290void *mgs_config_server_create(apr_pool_t * p, server_rec * s);
291
292void *mgs_config_dir_merge(apr_pool_t *p, void *basev, void *addv);
293
294void *mgs_config_dir_create(apr_pool_t *p, char *dir);
295
296const char *mgs_set_require_bytecode(cmd_parms *cmd,
297                                    void *mconfig, const char *arg);
298
299mgs_srvconf_rec* mgs_find_sni_server(gnutls_session_t session);
300
301/* mod_gnutls Hooks. */
302
303int mgs_hook_pre_config(apr_pool_t * pconf,
304                        apr_pool_t * plog, apr_pool_t * ptemp);
305
306int mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
307                         apr_pool_t * ptemp,
308                         server_rec * base_server);
309
310void mgs_hook_child_init(apr_pool_t *p, server_rec *s);
311
312const char *mgs_hook_http_scheme(const request_rec * r);
313
314apr_port_t mgs_hook_default_port(const request_rec * r);
315
316int mgs_hook_pre_connection(conn_rec * c, void *csd);
317
318int mgs_hook_fixups(request_rec *r);
319
320int mgs_hook_authz(request_rec *r);
321
322int mgs_authz_lua(request_rec* r);
323
324#endif /*  __mod_gnutls_h_inc */
Note: See TracBrowser for help on using the repository browser.