source: mod_gnutls/include/mod_gnutls.h.in @ 9ee0464

debian/masterdebian/stretch-backportsjessie-backportsmsvaupstream
Last change on this file since 9ee0464 was 9ee0464, checked in by Dash Shendy <neuromancer@…>, 7 years ago

Compilation Errors Cleanup

Signed-off-by: Dash Shendy <neuromancer@…>

  • Property mode set to 100644
File size: 10.5 KB
Line 
1/**
2 *  Copyright 2004-2005 Paul Querna
3 *
4 *  Licensed under the Apache License, Version 2.0 (the "License");
5 *  you may not use this file except in compliance with the License.
6 *  You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 *  Unless required by applicable law or agreed to in writing, software
11 *  distributed under the License is distributed on an "AS IS" BASIS,
12 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 *  See the License for the specific language governing permissions and
14 *  limitations under the License.
15 *
16 */
17
18#include "httpd.h"
19#include "http_config.h"
20#include "http_protocol.h"
21#include "http_connection.h"
22#include "http_request.h"
23#include "http_core.h"
24#include "http_log.h"
25#include "apr_buckets.h"
26#include "apr_strings.h"
27#include "apr_tables.h"
28#include "ap_release.h"
29
30#include <gnutls/gnutls.h>
31#include <gnutls/extra.h>
32#include <gnutls/openpgp.h>
33#include <gnutls/x509.h>
34
35#ifndef __mod_gnutls_h_inc
36#define __mod_gnutls_h_inc
37
38#define HAVE_APR_MEMCACHE    @have_apr_memcache@
39
40extern module AP_MODULE_DECLARE_DATA gnutls_module;
41
42#define GNUTLS_OUTPUT_FILTER_NAME "gnutls_output_filter"
43#define GNUTLS_INPUT_FILTER_NAME "gnutls_input_filter"
44
45#define GNUTLS_ENABLED_FALSE 0
46#define GNUTLS_ENABLED_TRUE  1
47
48#define MOD_GNUTLS_VERSION "@MOD_GNUTLS_VERSION@"
49
50#define MOD_GNUTLS_DEBUG @OOO_MAINTAIN@
51
52/* Recent Versions of 2.1 renamed several hooks. This allows us to
53   compile on 2.0.xx  */
54#if AP_SERVER_MINORVERSION_NUMBER >= 2 || (AP_SERVER_MINORVERSION_NUMBER == 1 && AP_SERVER_PATCHLEVEL_NUMBER >= 3)
55#define USING_2_1_RECENT 1
56#else
57#define USING_2_1_RECENT 0
58#endif
59
60typedef enum
61{
62    mgs_cache_none,
63    mgs_cache_dbm,
64    mgs_cache_gdbm,
65#if HAVE_APR_MEMCACHE
66    mgs_cache_memcache
67#endif
68} mgs_cache_e;
69
70typedef struct
71{
72    int client_verify_mode;
73    const char* lua_bytecode;
74    apr_size_t lua_bytecode_len;
75} mgs_dirconf_rec;
76
77
78/* The maximum number of certificates to send in a chain
79 */
80#define MAX_CHAIN_SIZE 8
81
82typedef struct
83{
84    gnutls_certificate_credentials_t certs;
85    gnutls_srp_server_credentials_t srp_creds;
86    gnutls_anon_server_credentials_t anon_creds;
87    char* cert_cn;
88    gnutls_x509_crt_t certs_x509[MAX_CHAIN_SIZE]; /* A certificate chain */
89    unsigned int certs_x509_num;
90    gnutls_x509_privkey_t privkey_x509;
91    gnutls_openpgp_crt_t cert_pgp; /* A certificate chain */
92    gnutls_openpgp_privkey_t privkey_pgp;
93    int enabled;
94    /* whether to send the PEM encoded certificates
95     * to CGIs
96     */
97    int export_certificates_enabled;
98    gnutls_priority_t priorities;
99    gnutls_rsa_params_t rsa_params;
100    gnutls_dh_params_t dh_params;
101    int cache_timeout;
102    mgs_cache_e cache_type;
103    const char* cache_config;
104    const char* srp_tpasswd_file;
105    const char* srp_tpasswd_conf_file;
106    gnutls_x509_crt_t *ca_list;
107    gnutls_openpgp_keyring_t pgp_list;
108    unsigned int ca_list_size;
109    int client_verify_mode;
110    apr_time_t last_cache_check;
111    int tickets; /* whether session tickets are allowed */
112    int proxy_enabled;
113    int non_ssl_request;
114} mgs_srvconf_rec;
115
116typedef struct {
117    int length;
118    char *value;
119} mgs_char_buffer_t;
120
121typedef struct
122{
123    mgs_srvconf_rec *sc;
124    conn_rec* c;
125    gnutls_session_t session;
126    apr_status_t input_rc;
127    ap_filter_t *input_filter;
128    apr_bucket_brigade *input_bb;
129    apr_read_type_e input_block;
130    ap_input_mode_t input_mode;
131    mgs_char_buffer_t input_cbuf;
132    char input_buffer[AP_IOBUFSIZE];
133    apr_status_t output_rc;
134    ap_filter_t *output_filter;
135    apr_bucket_brigade *output_bb;
136    char output_buffer[AP_IOBUFSIZE];
137    apr_size_t output_blen;
138    apr_size_t output_length;
139    int status;
140} mgs_handle_t;
141
142/** Functions in gnutls_io.c **/
143
144/* apr_signal_block() for blocking SIGPIPE */
145apr_status_t apr_signal_block(int signum);
146
147 /* Proxy Support */
148/* An optional function which returns non-zero if the given connection
149is using SSL/TLS. */
150APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
151/* The ssl_proxy_enable() and ssl_engine_disable() optional functions
152 * are used by mod_proxy to enable use of SSL for outgoing
153 * connections. */
154APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
155APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
156int ssl_is_https(conn_rec *c);
157int ssl_proxy_enable(conn_rec *c);
158int ssl_engine_disable(conn_rec *c);
159const char *mgs_set_proxy_engine(cmd_parms * parms, void *dummy,
160    const char *arg);
161apr_status_t mgs_cleanup_pre_config(void *data);
162
163/**
164 * mgs_filter_input will filter the input data
165 * by decrypting it using GnuTLS and passes it cleartext.
166 *
167 * @param f     the filter info record
168 * @param bb    the bucket brigade, where to store the result to
169 * @param mode  what shall we read?
170 * @param block a block index we shall read from?
171 * @return result status
172 */
173apr_status_t mgs_filter_input(ap_filter_t * f,
174                                     apr_bucket_brigade * bb,
175                                     ap_input_mode_t mode,
176                                     apr_read_type_e block,
177                                     apr_off_t readbytes);
178
179/**
180 * mgs_filter_output will filter the encrypt
181 * the incoming bucket using GnuTLS and passes it onto the next filter.
182 *
183 * @param f     the filter info record
184 * @param bb    the bucket brigade, where to store the result to
185 * @return result status
186 */
187apr_status_t mgs_filter_output(ap_filter_t * f,
188                                      apr_bucket_brigade * bb);
189
190
191/**
192 * mgs_transport_read is called from GnuTLS to provide encrypted
193 * data from the client.
194 *
195 * @param ptr     pointer to the filter context
196 * @param buffer  place to put data
197 * @param len     maximum size
198 * @return size   length of the data stored in buffer
199 */
200ssize_t mgs_transport_read(gnutls_transport_ptr_t ptr,
201                                  void *buffer, size_t len);
202
203/**
204 * mgs_transport_write is called from GnuTLS to
205 * write data to the client.
206 *
207 * @param ptr     pointer to the filter context
208 * @param buffer  buffer to write to the client
209 * @param len     size of the buffer
210 * @return size   length of the data written
211 */
212ssize_t mgs_transport_write(gnutls_transport_ptr_t ptr,
213                                   const void *buffer, size_t len);
214
215
216int mgs_rehandshake(mgs_handle_t * ctxt);
217
218
219
220/**
221 * Init the Cache after Configuration is done
222 */
223int mgs_cache_post_config(apr_pool_t *p, server_rec *s,
224                                 mgs_srvconf_rec *sc);
225/**
226 * Init the Cache inside each Process
227 */
228int mgs_cache_child_init(apr_pool_t *p, server_rec *s,
229                                mgs_srvconf_rec *sc);
230/**
231 * Setup the Session Caching
232 */
233int mgs_cache_session_init(mgs_handle_t *ctxt);
234
235#define GNUTLS_SESSION_ID_STRING_LEN \
236    ((GNUTLS_MAX_SESSION_ID + 1) * 2)
237   
238/**
239 * Convert a SSL Session ID into a Null Terminated Hex Encoded String
240 * @param id raw SSL Session ID
241 * @param idlen Length of the raw Session ID
242 * @param str Location to store the Hex Encoded String
243 * @param strsize The Maximum Length that can be stored in str
244 */
245char *mgs_session_id2sz(unsigned char *id, int idlen,
246                                char *str, int strsize);
247
248/**
249 * Convert a time_t into a Null Terminated String
250 * @param t time_t time
251 * @param str Location to store the Hex Encoded String
252 * @param strsize The Maximum Length that can be stored in str
253 */
254char *mgs_time2sz(time_t t, char *str, int strsize);
255
256
257/* Configuration Functions */
258
259const char *mgs_set_srp_tpasswd_conf_file(cmd_parms * parms, void *dummy,
260                                        const char *arg);
261const char *mgs_set_srp_tpasswd_file(cmd_parms * parms, void *dummy,
262                                        const char *arg);
263const char *mgs_set_dh_file(cmd_parms * parms, void *dummy,
264                                        const char *arg);
265const char *mgs_set_rsa_export_file(cmd_parms * parms, void *dummy,
266                                        const char *arg);
267const char *mgs_set_cert_file(cmd_parms * parms, void *dummy,
268                                        const char *arg);
269
270const char *mgs_set_key_file(cmd_parms * parms, void *dummy,
271                             const char *arg);
272
273const char *mgs_set_pgpcert_file(cmd_parms * parms, void *dummy,
274                                        const char *arg);
275
276const char *mgs_set_pgpkey_file(cmd_parms * parms, void *dummy,
277                             const char *arg);
278
279const char *mgs_set_cache(cmd_parms * parms, void *dummy,
280                          const char *type, const char* arg);
281
282const char *mgs_set_cache_timeout(cmd_parms * parms, void *dummy,
283                                  const char *arg);
284
285const char *mgs_set_client_verify(cmd_parms * parms, void *dummy,
286                                  const char *arg);
287
288const char *mgs_set_client_ca_file(cmd_parms * parms, void *dummy,
289                                   const char *arg);
290
291const char *mgs_set_keyring_file(cmd_parms * parms, void *dummy,
292                                   const char *arg);
293
294const char *mgs_set_enabled(cmd_parms * parms, void *dummy,
295                            const char *arg);
296const char *mgs_set_export_certificates_enabled(cmd_parms * parms, void *dummy,
297                            const char *arg);
298const char *mgs_set_priorities(cmd_parms * parms, void *dummy,
299                            const char *arg);
300const char *mgs_set_tickets(cmd_parms * parms, void *dummy,
301                            const char *arg);
302                           
303const char *mgs_set_require_section(cmd_parms *cmd,
304                                    void *mconfig, const char *arg);
305void *mgs_config_server_create(apr_pool_t * p, server_rec * s);
306
307void *mgs_config_dir_merge(apr_pool_t *p, void *basev, void *addv);
308
309void *mgs_config_dir_create(apr_pool_t *p, char *dir);
310
311const char *mgs_set_require_bytecode(cmd_parms *cmd,
312                                    void *mconfig, const char *arg);
313
314mgs_srvconf_rec* mgs_find_sni_server(gnutls_session_t session);
315
316/* mod_gnutls Hooks. */
317
318int mgs_hook_pre_config(apr_pool_t * pconf,
319                        apr_pool_t * plog, apr_pool_t * ptemp);
320
321int mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
322                         apr_pool_t * ptemp,
323                         server_rec * base_server);
324
325void mgs_hook_child_init(apr_pool_t *p, server_rec *s);
326
327const char *mgs_hook_http_scheme(const request_rec * r);
328
329apr_port_t mgs_hook_default_port(const request_rec * r);
330
331int mgs_hook_pre_connection(conn_rec * c, void *csd);
332
333int mgs_hook_fixups(request_rec *r);
334
335int mgs_hook_authz(request_rec *r);
336
337#endif /*  __mod_gnutls_h_inc */
Note: See TracBrowser for help on using the repository browser.