Context Navigation

source: mod_gnutls/src/gnutls_io.c @ 836417f

Visit:

debian/masterdebian/stretch-backportsjessie-backportsmsvaproxy-ticketupstream

Last change on this file since 836417f was 836417f, checked in by Paul Querna <chip@…>, 15 years ago
Refactor finding the correct server record to fix resumed sessions.
Property mode set to `100644`
File size: 21.7 KB

Rev	Line
[fcb122d]	1	/**
	2	* Copyright 2004-2005 Paul Querna
[7e2b223]	3	*
	4	* Licensed under the Apache License, Version 2.0 (the "License");
	5	* you may not use this file except in compliance with the License.
	6	* You may obtain a copy of the License at
	7	*
	8	* http://www.apache.org/licenses/LICENSE-2.0
	9	*
	10	* Unless required by applicable law or agreed to in writing, software
	11	* distributed under the License is distributed on an "AS IS" BASIS,
	12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	13	* See the License for the specific language governing permissions and
	14	* limitations under the License.
	15	*
	16	*/
	17
	18	#include "mod_gnutls.h"
	19
	20	/**
	21	* Describe how the GnuTLS Filter system works here
[dae0aec]	22	* - Basicly the same as what mod_ssl does with OpenSSL.
	23	*
[7e2b223]	24	*/
	25
[dae0aec]	26	#define HTTP_ON_HTTPS_PORT \
	27	"GET /" CRLF
[7e2b223]	28
[dae0aec]	29	#define HTTP_ON_HTTPS_PORT_BUCKET(alloc) \
	30	apr_bucket_immortal_create(HTTP_ON_HTTPS_PORT, \
	31	sizeof(HTTP_ON_HTTPS_PORT) - 1, \
	32	alloc)
[7e2b223]	33
[dae0aec]	34	static apr_status_t gnutls_io_filter_error(ap_filter_t * f,
	35	apr_bucket_brigade * bb,
	36	apr_status_t status)
[7e2b223]	37	{
[c301152]	38	mgs_handle_t ctxt = (mgs_handle_t ) f->ctx;
[dae0aec]	39	apr_bucket *bucket;
[7e2b223]	40
[dae0aec]	41	switch (status) {
	42	case HTTP_BAD_REQUEST:
	43	/* log the situation */
	44	ap_log_error(APLOG_MARK, APLOG_INFO, 0,
	45	f->c->base_server,
	46	"GnuTLS handshake failed: HTTP spoken on HTTPS port; "
	47	"trying to send HTML error page");
[7e2b223]	48
[dae0aec]	49	ctxt->status = -1;
[7e2b223]	50
[dae0aec]	51	/* fake the request line */
	52	bucket = HTTP_ON_HTTPS_PORT_BUCKET(f->c->bucket_alloc);
	53	break;
[7e2b223]	54
[dae0aec]	55	default:
	56	return status;
[7e2b223]	57	}
	58
[dae0aec]	59	APR_BRIGADE_INSERT_TAIL(bb, bucket);
	60	bucket = apr_bucket_eos_create(f->c->bucket_alloc);
	61	APR_BRIGADE_INSERT_TAIL(bb, bucket);
[7e2b223]	62
[dae0aec]	63	return APR_SUCCESS;
	64	}
[7e2b223]	65
[c301152]	66	static int char_buffer_read(mgs_char_buffer_t * buffer, char *in,
[dae0aec]	67	int inl)
	68	{
	69	if (!buffer->length) {
	70	return 0;
	71	}
[7e2b223]	72
[dae0aec]	73	if (buffer->length > inl) {
	74	/* we have have enough to fill the caller's buffer */
	75	memcpy(in, buffer->value, inl);
	76	buffer->value += inl;
	77	buffer->length -= inl;
	78	}
	79	else {
	80	/* swallow remainder of the buffer */
	81	memcpy(in, buffer->value, buffer->length);
	82	inl = buffer->length;
	83	buffer->value = NULL;
	84	buffer->length = 0;
[7e2b223]	85	}
	86
[dae0aec]	87	return inl;
	88	}
	89
[c301152]	90	static int char_buffer_write(mgs_char_buffer_t * buffer, char *in,
[dae0aec]	91	int inl)
	92	{
	93	buffer->value = in;
	94	buffer->length = inl;
	95	return inl;
[7e2b223]	96	}
	97
	98	/**
	99	* From mod_ssl / ssl_engine_io.c
	100	* This function will read from a brigade and discard the read buckets as it
	101	* proceeds. It will read at most *len bytes.
	102	*/
	103	static apr_status_t brigade_consume(apr_bucket_brigade * bb,
	104	apr_read_type_e block,
	105	char c, apr_size_t len)
	106	{
	107	apr_size_t actual = 0;
	108	apr_status_t status = APR_SUCCESS;
	109
	110	while (!APR_BRIGADE_EMPTY(bb)) {
	111	apr_bucket *b = APR_BRIGADE_FIRST(bb);
	112	const char *str;
	113	apr_size_t str_len;
	114	apr_size_t consume;
	115
	116	/* Justin points out this is an http-ism that might
	117	* not fit if brigade_consume is added to APR. Perhaps
	118	* apr_bucket_read(eos_bucket) should return APR_EOF?
	119	* Then this becomes mainline instead of a one-off.
	120	*/
	121	if (APR_BUCKET_IS_EOS(b)) {
	122	status = APR_EOF;
	123	break;
	124	}
	125
	126	/* The reason I'm not offering brigade_consume yet
	127	* across to apr-util is that the following call
	128	* illustrates how borked that API really is. For
	129	* this sort of case (caller provided buffer) it
	130	* would be much more trivial for apr_bucket_consume
	131	* to do all the work that follows, based on the
	132	* particular characteristics of the bucket we are
	133	* consuming here.
	134	*/
	135	status = apr_bucket_read(b, &str, &str_len, block);
	136
	137	if (status != APR_SUCCESS) {
	138	if (APR_STATUS_IS_EOF(status)) {
	139	/* This stream bucket was consumed */
	140	apr_bucket_delete(b);
	141	continue;
	142	}
	143	break;
	144	}
	145
	146	if (str_len > 0) {
	147	/* Do not block once some data has been consumed */
	148	block = APR_NONBLOCK_READ;
	149
	150	/* Assure we don't overflow. */
	151	consume = (str_len + actual > len) ? len - actual : str_len;
	152
	153	memcpy(c, str, consume);
	154
	155	c += consume;
	156	actual += consume;
	157
	158	if (consume >= b->length) {
	159	/* This physical bucket was consumed */
	160	apr_bucket_delete(b);
	161	}
	162	else {
	163	/* Only part of this physical bucket was consumed */
	164	b->start += consume;
	165	b->length -= consume;
	166	}
	167	}
	168	else if (b->length == 0) {
	169	apr_bucket_delete(b);
	170	}
	171
	172	/* This could probably be actual == *len, but be safe from stray
	173	* photons. */
	174	if (actual >= *len) {
	175	break;
	176	}
	177	}
	178
	179	*len = actual;
	180	return status;
	181	}
	182
	183
[c301152]	184	static apr_status_t gnutls_io_input_read(mgs_handle_t * ctxt,
[dae0aec]	185	char buf, apr_size_t len)
	186	{
	187	apr_size_t wanted = *len;
	188	apr_size_t bytes = 0;
	189	int rc;
	190
	191	*len = 0;
	192
	193	/* If we have something leftover from last time, try that first. */
	194	if ((bytes = char_buffer_read(&ctxt->input_cbuf, buf, wanted))) {
	195	*len = bytes;
	196	if (ctxt->input_mode == AP_MODE_SPECULATIVE) {
	197	/* We want to rollback this read. */
	198	if (ctxt->input_cbuf.length > 0) {
	199	ctxt->input_cbuf.value -= bytes;
	200	ctxt->input_cbuf.length += bytes;
	201	}
	202	else {
	203	char_buffer_write(&ctxt->input_cbuf, buf, (int) bytes);
	204	}
	205	return APR_SUCCESS;
	206	}
	207	/* This could probably be *len == wanted, but be safe from stray
	208	* photons.
	209	*/
	210	if (*len >= wanted) {
	211	return APR_SUCCESS;
	212	}
	213	if (ctxt->input_mode == AP_MODE_GETLINE) {
	214	if (memchr(buf, APR_ASCII_LF, *len)) {
	215	return APR_SUCCESS;
	216	}
	217	}
	218	else {
	219	/* Down to a nonblock pattern as we have some data already
	220	*/
	221	ctxt->input_block = APR_NONBLOCK_READ;
	222	}
	223	}
	224
	225	while (1) {
	226
	227	rc = gnutls_record_recv(ctxt->session, buf + bytes, wanted - bytes);
	228
	229	if (rc > 0) {
	230	*len += rc;
	231	if (ctxt->input_mode == AP_MODE_SPECULATIVE) {
	232	/* We want to rollback this read. */
	233	char_buffer_write(&ctxt->input_cbuf, buf, rc);
	234	}
	235	return ctxt->input_rc;
	236	}
	237	else if (rc == 0) {
	238	/* If EAGAIN, we will loop given a blocking read,
	239	* otherwise consider ourselves at EOF.
	240	*/
	241	if (APR_STATUS_IS_EAGAIN(ctxt->input_rc)
	242	\|\| APR_STATUS_IS_EINTR(ctxt->input_rc)) {
	243	/* Already read something, return APR_SUCCESS instead.
	244	* On win32 in particular, but perhaps on other kernels,
	245	* a blocking call isn't 'always' blocking.
	246	*/
	247	if (*len > 0) {
	248	ctxt->input_rc = APR_SUCCESS;
	249	break;
	250	}
	251	if (ctxt->input_block == APR_NONBLOCK_READ) {
	252	break;
	253	}
	254	}
	255	else {
	256	if (*len > 0) {
	257	ctxt->input_rc = APR_SUCCESS;
	258	}
	259	else {
	260	ctxt->input_rc = APR_EOF;
	261	}
	262	break;
	263	}
	264	}
	265	else { /* (rc < 0) */
	266
	267	if (rc == GNUTLS_E_REHANDSHAKE) {
	268	/* A client has asked for a new Hankshake. Currently, we don't do it */
	269	ap_log_error(APLOG_MARK, APLOG_INFO, ctxt->input_rc,
	270	ctxt->c->base_server,
	271	"GnuTLS: Error reading data. Client Requested a New Handshake."
	272	" (%d) '%s'", rc, gnutls_strerror(rc));
	273	}
[42307a9]	274	else if (rc == GNUTLS_E_WARNING_ALERT_RECEIVED) {
	275	rc = gnutls_alert_get(ctxt->session);
	276	ap_log_error(APLOG_MARK, APLOG_INFO, ctxt->input_rc,
	277	ctxt->c->base_server,
	278	"GnuTLS: Warning Alert From Client: "
	279	" (%d) '%s'", rc, gnutls_alert_get_name(rc));
	280	}
	281	else if (rc == GNUTLS_E_FATAL_ALERT_RECEIVED) {
	282	rc = gnutls_alert_get(ctxt->session);
	283	ap_log_error(APLOG_MARK, APLOG_INFO, ctxt->input_rc,
	284	ctxt->c->base_server,
	285	"GnuTLS: Fatal Alert From Client: "
	286	"(%d) '%s'", rc, gnutls_alert_get_name(rc));
	287	ctxt->input_rc = APR_EGENERAL;
	288	break;
	289	}
[dae0aec]	290	else {
	291	/* Some Other Error. Report it. Die. */
[a66e147]	292	if(gnutls_error_is_fatal(rc)) {
	293	ap_log_error(APLOG_MARK, APLOG_INFO, ctxt->input_rc,
	294	ctxt->c->base_server,
	295	"GnuTLS: Error reading data. (%d) '%s'", rc,
	296	gnutls_strerror(rc));
	297	}
	298	else if(*len > 0) {
	299	ctxt->input_rc = APR_SUCCESS;
	300	break;
	301	}
[dae0aec]	302	}
	303
	304	if (ctxt->input_rc == APR_SUCCESS) {
	305	ctxt->input_rc = APR_EGENERAL;
	306	}
	307	break;
	308	}
	309	}
	310	return ctxt->input_rc;
	311	}
	312
[c301152]	313	static apr_status_t gnutls_io_input_getline(mgs_handle_t * ctxt,
[dae0aec]	314	char buf, apr_size_t len)
	315	{
	316	const char *pos = NULL;
	317	apr_status_t status;
	318	apr_size_t tmplen = len, buflen = len, offset = 0;
	319
	320	*len = 0;
	321
	322	while (tmplen > 0) {
	323	status = gnutls_io_input_read(ctxt, buf + offset, &tmplen);
	324
	325	if (status != APR_SUCCESS) {
	326	return status;
	327	}
	328
	329	*len += tmplen;
	330
	331	if ((pos = memchr(buf, APR_ASCII_LF, *len))) {
	332	break;
	333	}
	334
	335	offset += tmplen;
	336	tmplen = buflen - offset;
	337	}
	338
	339	if (pos) {
	340	char *value;
	341	int length;
	342	apr_size_t bytes = pos - buf;
	343
	344	bytes += 1;
	345	value = buf + bytes;
	346	length = *len - bytes;
	347
	348	char_buffer_write(&ctxt->input_cbuf, value, length);
	349
	350	*len = bytes;
	351	}
	352
	353	return APR_SUCCESS;
	354	}
	355
[c301152]	356	static int gnutls_do_handshake(mgs_handle_t * ctxt)
[dae0aec]	357	{
[32f2e60]	358	int ret;
[42307a9]	359	int errcode;
[fcb122d]	360	if (ctxt->status != 0) {
[e924ddd]	361	return -1;
[fcb122d]	362	}
	363
	364	tryagain:
[e924ddd]	365	do {
	366	ret = gnutls_handshake(ctxt->session);
	367	} while (ret == GNUTLS_E_AGAIN);
	368
[fcb122d]	369	if (ret < 0) {
	370	if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
	371	\|\| ret == GNUTLS_E_FATAL_ALERT_RECEIVED) {
[42307a9]	372	errcode = gnutls_alert_get(ctxt->session);
[b1f7f11]	373	ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server,
[42307a9]	374	"GnuTLS: Hanshake Alert (%d) '%s'.", errcode,
	375	gnutls_alert_get_name(errcode));
[b1f7f11]	376	}
[fcb122d]	377
	378	if (!gnutls_error_is_fatal(ret)) {
	379	ap_log_error(APLOG_MARK, APLOG_INFO, 0, ctxt->c->base_server,
	380	"GnuTLS: Non-Fatal Handshake Error: (%d) '%s'", ret,
	381	gnutls_strerror(ret));
	382	goto tryagain;
[b1f7f11]	383	}
[316bd8c]	384	#if USING_2_1_RECENT
	385	ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, ctxt->c,
[fcb122d]	386	"GnuTLS: Handshake Failed (%d) '%s'", ret,
	387	gnutls_strerror(ret));
[316bd8c]	388	#else
	389	ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server,
	390	"GnuTLS: Handshake Failed (%d) '%s'", ret,
	391	gnutls_strerror(ret));
	392	#endif
[fcb122d]	393	ctxt->status = -1;
	394	gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL,
	395	gnutls_error_to_alert(ret, NULL));
	396	gnutls_deinit(ctxt->session);
[31645b2]	397	return ret;
[fcb122d]	398	}
	399	else {
[31645b2]	400	/* all done with the handshake */
[fcb122d]	401	ctxt->status = 1;
[836417f]	402	/* If the session was resumed, we did not set the correct
	403	* server_rec in ctxt->sc. Go Find it. (ick!)
	404	*/
	405	if (gnutls_session_is_resumed(ctxt->session)) {
	406	mgs_srvconf_rec* sc;
	407	sc = mgs_find_sni_server(ctxt->session);
	408	if (sc) {
	409	ctxt->sc = sc;
	410	}
	411	}
[e924ddd]	412	return 0;
[31645b2]	413	}
	414	}
	415
[c301152]	416	int mgs_rehandshake(mgs_handle_t * ctxt)
[31645b2]	417	{
	418	int rv;
	419
	420	rv = gnutls_rehandshake(ctxt->session);
	421
	422	if (rv != 0) {
	423	/* the client did not want to rehandshake. goodbye */
	424	ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server,
	425	"GnuTLS: Client Refused Rehandshake request.");
	426	return -1;
	427	}
	428
	429	ctxt->status = 0;
	430
[e924ddd]	431	rv = gnutls_do_handshake(ctxt);
	432
	433	return rv;
[dae0aec]	434	}
	435
	436
[c301152]	437	apr_status_t mgs_filter_input(ap_filter_t* f,
[dae0aec]	438	apr_bucket_brigade * bb,
	439	ap_input_mode_t mode,
	440	apr_read_type_e block,
	441	apr_off_t readbytes)
	442	{
	443	apr_status_t status = APR_SUCCESS;
[c301152]	444	mgs_handle_t ctxt = (mgs_handle_t ) f->ctx;
[dae0aec]	445	apr_size_t len = sizeof(ctxt->input_buffer);
	446
	447	if (f->c->aborted) {
	448	apr_bucket *bucket = apr_bucket_eos_create(f->c->bucket_alloc);
	449	APR_BRIGADE_INSERT_TAIL(bb, bucket);
	450	return APR_ECONNABORTED;
	451	}
	452
	453	if (ctxt->status == 0) {
	454	gnutls_do_handshake(ctxt);
	455	}
	456
	457	if (ctxt->status < 0) {
[0b3bc05]	458	return ap_get_brigade(f->next, bb, mode, block, readbytes);
[dae0aec]	459	}
	460
	461	/* XXX: we don't currently support anything other than these modes. */
	462	if (mode != AP_MODE_READBYTES && mode != AP_MODE_GETLINE &&
	463	mode != AP_MODE_SPECULATIVE && mode != AP_MODE_INIT) {
	464	return APR_ENOTIMPL;
	465	}
	466
	467	ctxt->input_mode = mode;
	468	ctxt->input_block = block;
	469
	470	if (ctxt->input_mode == AP_MODE_READBYTES \|\|
	471	ctxt->input_mode == AP_MODE_SPECULATIVE) {
	472	/* Err. This is bad. readbytes can be a 64bit int! len.. is NOT */
	473	if (readbytes < len) {
	474	len = (apr_size_t) readbytes;
	475	}
	476	status = gnutls_io_input_read(ctxt, ctxt->input_buffer, &len);
	477	}
	478	else if (ctxt->input_mode == AP_MODE_GETLINE) {
	479	status = gnutls_io_input_getline(ctxt, ctxt->input_buffer, &len);
	480	}
	481	else {
	482	/* We have no idea what you are talking about, so return an error. */
	483	return APR_ENOTIMPL;
	484	}
	485
	486	if (status != APR_SUCCESS) {
	487	return gnutls_io_filter_error(f, bb, status);
	488	}
	489
	490	/* Create a transient bucket out of the decrypted data. */
	491	if (len > 0) {
	492	apr_bucket *bucket =
	493	apr_bucket_transient_create(ctxt->input_buffer, len,
	494	f->c->bucket_alloc);
	495	APR_BRIGADE_INSERT_TAIL(bb, bucket);
	496	}
	497
	498	return status;
	499	}
	500
[c301152]	501	apr_status_t mgs_filter_output(ap_filter_t * f,
[dae0aec]	502	apr_bucket_brigade * bb)
	503	{
[32f2e60]	504	apr_size_t ret;
[42307a9]	505	apr_bucket* e;
[c301152]	506	mgs_handle_t ctxt = (mgs_handle_t ) f->ctx;
[dae0aec]	507	apr_status_t status = APR_SUCCESS;
	508	apr_read_type_e rblock = APR_NONBLOCK_READ;
	509
	510	if (f->c->aborted) {
	511	apr_brigade_cleanup(bb);
	512	return APR_ECONNABORTED;
	513	}
	514
	515	if (ctxt->status == 0) {
	516	gnutls_do_handshake(ctxt);
	517	}
	518
	519	if (ctxt->status < 0) {
	520	return ap_pass_brigade(f->next, bb);
	521	}
	522
	523	while (!APR_BRIGADE_EMPTY(bb)) {
	524	apr_bucket *bucket = APR_BRIGADE_FIRST(bb);
[fcb122d]	525	if (AP_BUCKET_IS_EOC(bucket)) {
[42307a9]	526	do {
	527	ret = gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL,
	528	GNUTLS_A_CLOSE_NOTIFY);
	529	} while(ret == GNUTLS_E_INTERRUPTED \|\| ret == GNUTLS_E_AGAIN);
	530
	531	apr_bucket_copy(bucket, &e);
	532	APR_BRIGADE_INSERT_TAIL(ctxt->output_bb, e);
	533
	534	if ((status = ap_pass_brigade(f->next, ctxt->output_bb)) != APR_SUCCESS) {
	535	apr_brigade_cleanup(ctxt->output_bb);
	536	return status;
	537	}
[0b3bc05]	538
[42307a9]	539	apr_brigade_cleanup(ctxt->output_bb);
[a66e147]	540	gnutls_bye(ctxt->session, GNUTLS_SHUT_WR);
	541	gnutls_deinit(ctxt->session);
[42307a9]	542	continue;
[0b3bc05]	543
[fcb122d]	544	} else if (APR_BUCKET_IS_FLUSH(bucket) \|\| APR_BUCKET_IS_EOS(bucket)) {
[0b3bc05]	545
[42307a9]	546	apr_bucket_copy(bucket, &e);
	547	APR_BRIGADE_INSERT_TAIL(ctxt->output_bb, e);
[dae0aec]	548	if ((status = ap_pass_brigade(f->next, bb)) != APR_SUCCESS) {
[42307a9]	549	apr_brigade_cleanup(ctxt->output_bb);
[dae0aec]	550	return status;
	551	}
[42307a9]	552	apr_brigade_cleanup(ctxt->output_bb);
	553	continue;
[dae0aec]	554	}
	555	else {
	556	/* filter output */
	557	const char *data;
	558	apr_size_t len;
	559
	560	status = apr_bucket_read(bucket, &data, &len, rblock);
	561
	562	if (APR_STATUS_IS_EAGAIN(status)) {
	563	rblock = APR_BLOCK_READ;
	564	continue; /* and try again with a blocking read. */
	565	}
	566
	567	rblock = APR_NONBLOCK_READ;
	568
	569	if (!APR_STATUS_IS_EOF(status) && (status != APR_SUCCESS)) {
	570	break;
	571	}
	572
[0b3bc05]	573	do {
	574	ret = gnutls_record_send(ctxt->session, data, len);
	575	}
	576	while(ret == GNUTLS_E_INTERRUPTED \|\| ret == GNUTLS_E_AGAIN);
[dae0aec]	577
	578	if (ret < 0) {
	579	/* error sending output */
	580	ap_log_error(APLOG_MARK, APLOG_INFO, ctxt->output_rc,
	581	ctxt->c->base_server,
	582	"GnuTLS: Error writing data."
	583	" (%d) '%s'", ret, gnutls_strerror(ret));
	584	if (ctxt->output_rc == APR_SUCCESS) {
	585	ctxt->output_rc = APR_EGENERAL;
	586	}
	587	}
[32f2e60]	588	else if (ret != len) {
	589	/* Not able to send the entire bucket,
	590	split it and send it again. */
	591	apr_bucket_split(bucket, ret);
[dae0aec]	592	}
	593
	594	apr_bucket_delete(bucket);
	595
	596	if (ctxt->output_rc != APR_SUCCESS) {
	597	break;
	598	}
	599	}
	600	}
	601
	602	return status;
	603	}
	604
[c301152]	605	ssize_t mgs_transport_read(gnutls_transport_ptr_t ptr,
[7e2b223]	606	void *buffer, size_t len)
	607	{
[c301152]	608	mgs_handle_t *ctxt = ptr;
[7e2b223]	609	apr_status_t rc;
	610	apr_size_t in = len;
[dae0aec]	611	apr_read_type_e block = ctxt->input_block;
	612
	613	ctxt->input_rc = APR_SUCCESS;
	614
[7e2b223]	615	/* If Len = 0, we don't do anything. */
	616	if (!len)
	617	return 0;
	618
[dae0aec]	619	if (!ctxt->input_bb) {
	620	ctxt->input_rc = APR_EOF;
	621	return -1;
	622	}
	623
[7e2b223]	624	if (APR_BRIGADE_EMPTY(ctxt->input_bb)) {
	625
	626	rc = ap_get_brigade(ctxt->input_filter->next, ctxt->input_bb,
	627	AP_MODE_READBYTES, ctxt->input_block, in);
	628
	629	/* Not a problem, there was simply no data ready yet.
	630	*/
	631	if (APR_STATUS_IS_EAGAIN(rc) \|\| APR_STATUS_IS_EINTR(rc)
	632	\|\| (rc == APR_SUCCESS && APR_BRIGADE_EMPTY(ctxt->input_bb))) {
	633	return 0;
	634	}
	635
	636	if (rc != APR_SUCCESS) {
	637	/* Unexpected errors discard the brigade */
	638	apr_brigade_cleanup(ctxt->input_bb);
	639	ctxt->input_bb = NULL;
	640	return -1;
	641	}
	642	}
	643
[dae0aec]	644	ctxt->input_rc = brigade_consume(ctxt->input_bb, block, buffer, &len);
[7e2b223]	645
[dae0aec]	646	if (ctxt->input_rc == APR_SUCCESS) {
	647	return (ssize_t) len;
	648	}
[7e2b223]	649
[dae0aec]	650	if (APR_STATUS_IS_EAGAIN(ctxt->input_rc)
	651	\|\| APR_STATUS_IS_EINTR(ctxt->input_rc)) {
	652	return (ssize_t) len;
	653	}
[7e2b223]	654
[dae0aec]	655	/* Unexpected errors and APR_EOF clean out the brigade.
	656	* Subsequent calls will return APR_EOF.
	657	*/
	658	apr_brigade_cleanup(ctxt->input_bb);
	659	ctxt->input_bb = NULL;
	660
	661	if (APR_STATUS_IS_EOF(ctxt->input_rc) && len) {
	662	/* Provide the results of this read pass,
	663	* without resetting the BIO retry_read flag
	664	*/
	665	return (ssize_t) len;
	666	}
	667
	668	return -1;
	669	}
	670
	671
[c301152]	672	static ssize_t write_flush(mgs_handle_t * ctxt)
[dae0aec]	673	{
	674	apr_bucket *e;
	675
	676	if (!(ctxt->output_blen \|\| ctxt->output_length)) {
	677	ctxt->output_rc = APR_SUCCESS;
	678	return 1;
	679	}
	680
	681	if (ctxt->output_blen) {
	682	e = apr_bucket_transient_create(ctxt->output_buffer,
	683	ctxt->output_blen,
	684	ctxt->output_bb->bucket_alloc);
	685	/* we filled this buffer first so add it to the
	686	* head of the brigade
	687	*/
	688	APR_BRIGADE_INSERT_HEAD(ctxt->output_bb, e);
	689	ctxt->output_blen = 0;
	690	}
	691
	692	ctxt->output_length = 0;
	693	e = apr_bucket_flush_create(ctxt->output_bb->bucket_alloc);
	694	APR_BRIGADE_INSERT_TAIL(ctxt->output_bb, e);
	695
	696	ctxt->output_rc = ap_pass_brigade(ctxt->output_filter->next,
	697	ctxt->output_bb);
[42307a9]	698	/* clear the brigade to be ready for next time */
	699	apr_brigade_cleanup(ctxt->output_bb);
	700
[dae0aec]	701	return (ctxt->output_rc == APR_SUCCESS) ? 1 : -1;
[7e2b223]	702	}
	703
[c301152]	704	ssize_t mgs_transport_write(gnutls_transport_ptr_t ptr,
[7e2b223]	705	const void *buffer, size_t len)
	706	{
[c301152]	707	mgs_handle_t *ctxt = ptr;
[7e2b223]	708
[42307a9]	709	/* pass along the encrypted data
	710	* need to flush since we're using SSL's malloc-ed buffer
	711	* which will be overwritten once we leave here
	712	*/
	713	apr_bucket *bucket = apr_bucket_transient_create(buffer, len,
	714	ctxt->output_bb->bucket_alloc);
	715	ctxt->output_length += len;
	716	APR_BRIGADE_INSERT_TAIL(ctxt->output_bb, bucket);
[7e2b223]	717
[42307a9]	718	if (write_flush(ctxt) < 0) {
	719	return -1;
	720	}
[dae0aec]	721	return len;
[7e2b223]	722	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: