source: mod_gnutls/include/mod_gnutls.h.in @ 9ddaa29

debian/masterdebian/stretch-backportsjessie-backportsmsvaupstream
Last change on this file since 9ddaa29 was 9ddaa29, checked in by Dash Shendy <neuromancer@…>, 7 years ago

Added missing header for string matching function ap_fnmatch()

  • Property mode set to 100644
File size: 10.5 KB
Line 
1/**
2 *  Copyright 2004-2005 Paul Querna
3 *
4 *  Licensed under the Apache License, Version 2.0 (the "License");
5 *  you may not use this file except in compliance with the License.
6 *  You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 *  Unless required by applicable law or agreed to in writing, software
11 *  distributed under the License is distributed on an "AS IS" BASIS,
12 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 *  See the License for the specific language governing permissions and
14 *  limitations under the License.
15 *
16 */
17
18#include "httpd.h"
19#include "http_config.h"
20#include "http_protocol.h"
21#include "http_connection.h"
22#include "http_request.h"
23#include "http_core.h"
24#include "http_log.h"
25#include "apr_buckets.h"
26#include "apr_strings.h"
27#include "apr_tables.h"
28#include "ap_release.h"
29#include "apr_fnmatch.h"
30
31#include <gnutls/gnutls.h>
32#include <gnutls/extra.h>
33#include <gnutls/openpgp.h>
34#include <gnutls/x509.h>
35
36#ifndef __mod_gnutls_h_inc
37#define __mod_gnutls_h_inc
38
39#define HAVE_APR_MEMCACHE    @have_apr_memcache@
40
41extern module AP_MODULE_DECLARE_DATA gnutls_module;
42
43#define GNUTLS_OUTPUT_FILTER_NAME "gnutls_output_filter"
44#define GNUTLS_INPUT_FILTER_NAME "gnutls_input_filter"
45
46#define GNUTLS_ENABLED_FALSE 0
47#define GNUTLS_ENABLED_TRUE  1
48
49#define MOD_GNUTLS_VERSION "@MOD_GNUTLS_VERSION@"
50
51#define MOD_GNUTLS_DEBUG @OOO_MAINTAIN@
52
53/* Recent Versions of 2.1 renamed several hooks. This allows us to
54   compile on 2.0.xx  */
55#if AP_SERVER_MINORVERSION_NUMBER >= 2 || (AP_SERVER_MINORVERSION_NUMBER == 1 && AP_SERVER_PATCHLEVEL_NUMBER >= 3)
56#define USING_2_1_RECENT 1
57#else
58#define USING_2_1_RECENT 0
59#endif
60
61typedef enum
62{
63    mgs_cache_none,
64    mgs_cache_dbm,
65    mgs_cache_gdbm,
66#if HAVE_APR_MEMCACHE
67    mgs_cache_memcache
68#endif
69} mgs_cache_e;
70
71typedef struct
72{
73    int client_verify_mode;
74    const char* lua_bytecode;
75    apr_size_t lua_bytecode_len;
76} mgs_dirconf_rec;
77
78
79/* The maximum number of certificates to send in a chain
80 */
81#define MAX_CHAIN_SIZE 8
82
83typedef struct
84{
85    gnutls_certificate_credentials_t certs;
86    gnutls_srp_server_credentials_t srp_creds;
87    gnutls_anon_server_credentials_t anon_creds;
88    char* cert_cn;
89    gnutls_x509_crt_t certs_x509[MAX_CHAIN_SIZE]; /* A certificate chain */
90    unsigned int certs_x509_num;
91    gnutls_x509_privkey_t privkey_x509;
92    gnutls_openpgp_crt_t cert_pgp; /* A certificate chain */
93    gnutls_openpgp_privkey_t privkey_pgp;
94    int enabled;
95    /* whether to send the PEM encoded certificates
96     * to CGIs
97     */
98    int export_certificates_enabled;
99    gnutls_priority_t priorities;
100    gnutls_rsa_params_t rsa_params;
101    gnutls_dh_params_t dh_params;
102    int cache_timeout;
103    mgs_cache_e cache_type;
104    const char* cache_config;
105    const char* srp_tpasswd_file;
106    const char* srp_tpasswd_conf_file;
107    gnutls_x509_crt_t *ca_list;
108    gnutls_openpgp_keyring_t pgp_list;
109    unsigned int ca_list_size;
110    int client_verify_mode;
111    apr_time_t last_cache_check;
112    int tickets; /* whether session tickets are allowed */
113    int proxy_enabled;
114    int non_ssl_request;
115} mgs_srvconf_rec;
116
117typedef struct {
118    int length;
119    char *value;
120} mgs_char_buffer_t;
121
122typedef struct
123{
124    mgs_srvconf_rec *sc;
125    conn_rec* c;
126    gnutls_session_t session;
127    apr_status_t input_rc;
128    ap_filter_t *input_filter;
129    apr_bucket_brigade *input_bb;
130    apr_read_type_e input_block;
131    ap_input_mode_t input_mode;
132    mgs_char_buffer_t input_cbuf;
133    char input_buffer[AP_IOBUFSIZE];
134    apr_status_t output_rc;
135    ap_filter_t *output_filter;
136    apr_bucket_brigade *output_bb;
137    char output_buffer[AP_IOBUFSIZE];
138    apr_size_t output_blen;
139    apr_size_t output_length;
140    int status;
141} mgs_handle_t;
142
143/** Functions in gnutls_io.c **/
144
145/* apr_signal_block() for blocking SIGPIPE */
146apr_status_t apr_signal_block(int signum);
147
148 /* Proxy Support */
149/* An optional function which returns non-zero if the given connection
150is using SSL/TLS. */
151APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
152/* The ssl_proxy_enable() and ssl_engine_disable() optional functions
153 * are used by mod_proxy to enable use of SSL for outgoing
154 * connections. */
155APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
156APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
157int ssl_is_https(conn_rec *c);
158int ssl_proxy_enable(conn_rec *c);
159int ssl_engine_disable(conn_rec *c);
160const char *mgs_set_proxy_engine(cmd_parms * parms, void *dummy,
161    const char *arg);
162apr_status_t mgs_cleanup_pre_config(void *data);
163
164/**
165 * mgs_filter_input will filter the input data
166 * by decrypting it using GnuTLS and passes it cleartext.
167 *
168 * @param f     the filter info record
169 * @param bb    the bucket brigade, where to store the result to
170 * @param mode  what shall we read?
171 * @param block a block index we shall read from?
172 * @return result status
173 */
174apr_status_t mgs_filter_input(ap_filter_t * f,
175                                     apr_bucket_brigade * bb,
176                                     ap_input_mode_t mode,
177                                     apr_read_type_e block,
178                                     apr_off_t readbytes);
179
180/**
181 * mgs_filter_output will filter the encrypt
182 * the incoming bucket using GnuTLS and passes it onto the next filter.
183 *
184 * @param f     the filter info record
185 * @param bb    the bucket brigade, where to store the result to
186 * @return result status
187 */
188apr_status_t mgs_filter_output(ap_filter_t * f,
189                                      apr_bucket_brigade * bb);
190
191
192/**
193 * mgs_transport_read is called from GnuTLS to provide encrypted
194 * data from the client.
195 *
196 * @param ptr     pointer to the filter context
197 * @param buffer  place to put data
198 * @param len     maximum size
199 * @return size   length of the data stored in buffer
200 */
201ssize_t mgs_transport_read(gnutls_transport_ptr_t ptr,
202                                  void *buffer, size_t len);
203
204/**
205 * mgs_transport_write is called from GnuTLS to
206 * write data to the client.
207 *
208 * @param ptr     pointer to the filter context
209 * @param buffer  buffer to write to the client
210 * @param len     size of the buffer
211 * @return size   length of the data written
212 */
213ssize_t mgs_transport_write(gnutls_transport_ptr_t ptr,
214                                   const void *buffer, size_t len);
215
216
217int mgs_rehandshake(mgs_handle_t * ctxt);
218
219
220
221/**
222 * Init the Cache after Configuration is done
223 */
224int mgs_cache_post_config(apr_pool_t *p, server_rec *s,
225                                 mgs_srvconf_rec *sc);
226/**
227 * Init the Cache inside each Process
228 */
229int mgs_cache_child_init(apr_pool_t *p, server_rec *s,
230                                mgs_srvconf_rec *sc);
231/**
232 * Setup the Session Caching
233 */
234int mgs_cache_session_init(mgs_handle_t *ctxt);
235
236#define GNUTLS_SESSION_ID_STRING_LEN \
237    ((GNUTLS_MAX_SESSION_ID + 1) * 2)
238   
239/**
240 * Convert a SSL Session ID into a Null Terminated Hex Encoded String
241 * @param id raw SSL Session ID
242 * @param idlen Length of the raw Session ID
243 * @param str Location to store the Hex Encoded String
244 * @param strsize The Maximum Length that can be stored in str
245 */
246char *mgs_session_id2sz(unsigned char *id, int idlen,
247                                char *str, int strsize);
248
249/**
250 * Convert a time_t into a Null Terminated String
251 * @param t time_t time
252 * @param str Location to store the Hex Encoded String
253 * @param strsize The Maximum Length that can be stored in str
254 */
255char *mgs_time2sz(time_t t, char *str, int strsize);
256
257
258/* Configuration Functions */
259
260const char *mgs_set_srp_tpasswd_conf_file(cmd_parms * parms, void *dummy,
261                                        const char *arg);
262const char *mgs_set_srp_tpasswd_file(cmd_parms * parms, void *dummy,
263                                        const char *arg);
264const char *mgs_set_dh_file(cmd_parms * parms, void *dummy,
265                                        const char *arg);
266const char *mgs_set_rsa_export_file(cmd_parms * parms, void *dummy,
267                                        const char *arg);
268const char *mgs_set_cert_file(cmd_parms * parms, void *dummy,
269                                        const char *arg);
270
271const char *mgs_set_key_file(cmd_parms * parms, void *dummy,
272                             const char *arg);
273
274const char *mgs_set_pgpcert_file(cmd_parms * parms, void *dummy,
275                                        const char *arg);
276
277const char *mgs_set_pgpkey_file(cmd_parms * parms, void *dummy,
278                             const char *arg);
279
280const char *mgs_set_cache(cmd_parms * parms, void *dummy,
281                          const char *type, const char* arg);
282
283const char *mgs_set_cache_timeout(cmd_parms * parms, void *dummy,
284                                  const char *arg);
285
286const char *mgs_set_client_verify(cmd_parms * parms, void *dummy,
287                                  const char *arg);
288
289const char *mgs_set_client_ca_file(cmd_parms * parms, void *dummy,
290                                   const char *arg);
291
292const char *mgs_set_keyring_file(cmd_parms * parms, void *dummy,
293                                   const char *arg);
294
295const char *mgs_set_enabled(cmd_parms * parms, void *dummy,
296                            const char *arg);
297const char *mgs_set_export_certificates_enabled(cmd_parms * parms, void *dummy,
298                            const char *arg);
299const char *mgs_set_priorities(cmd_parms * parms, void *dummy,
300                            const char *arg);
301const char *mgs_set_tickets(cmd_parms * parms, void *dummy,
302                            const char *arg);
303                           
304const char *mgs_set_require_section(cmd_parms *cmd,
305                                    void *mconfig, const char *arg);
306void *mgs_config_server_create(apr_pool_t * p, server_rec * s);
307
308void *mgs_config_dir_merge(apr_pool_t *p, void *basev, void *addv);
309
310void *mgs_config_dir_create(apr_pool_t *p, char *dir);
311
312const char *mgs_set_require_bytecode(cmd_parms *cmd,
313                                    void *mconfig, const char *arg);
314
315mgs_srvconf_rec* mgs_find_sni_server(gnutls_session_t session);
316
317/* mod_gnutls Hooks. */
318
319int mgs_hook_pre_config(apr_pool_t * pconf,
320                        apr_pool_t * plog, apr_pool_t * ptemp);
321
322int mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
323                         apr_pool_t * ptemp,
324                         server_rec * base_server);
325
326void mgs_hook_child_init(apr_pool_t *p, server_rec *s);
327
328const char *mgs_hook_http_scheme(const request_rec * r);
329
330apr_port_t mgs_hook_default_port(const request_rec * r);
331
332int mgs_hook_pre_connection(conn_rec * c, void *csd);
333
334int mgs_hook_fixups(request_rec *r);
335
336int mgs_hook_authz(request_rec *r);
337
338#endif /*  __mod_gnutls_h_inc */
Note: See TracBrowser for help on using the repository browser.