Changeset 84cb5b2 in mod_gnutls

Timestamp:

May 17, 2005, 5:00:53 PM (14 years ago)

Author:

Paul Querna <chip@…>

Branches:

debian/master, debian/stretch-backports, jessie-backports, master, msva, upstream

Children:

836c2f9

Parents:

836417f

Message:

• add lua to do client verification
• only use gcrypt locking when required to

Files:

• Makefile.am (modified) (1 diff)
• configure.ac (modified) (1 diff)
• include/mod_gnutls.h.in (modified) (3 diffs)
• mod_gnutls.xcode/project.pbxproj (modified) (1 diff)
• src/Makefile.am (modified) (1 diff)
• src/gnutls_config.c (modified) (2 diffs)
• src/gnutls_hooks.c (modified) (6 diffs)
• src/gnutls_lua.c (added)
• src/mod_gnutls.c (modified) (3 diffs)

Makefile.am

@@ -3 +3 @@
 EXTRA_DIST = m4/outoforder.m4 m4/apache.m4 \
                 m4/libgnutls.m4 m4/apr_memcache.m4 \
-                m4/apache_test.m4 \
+                m4/apache_test.m4 m4/lua.m4 \
                 include/mod_gnutls.h.in \
                 README \

configure.ac

@@ -30 +30 @@
 CHECK_LIBGNUTLS($MIN_TLS_VERSION)
 
+CHECK_LUA()
+
 have_apr_memcache=0
 CHECK_APR_MEMCACHE([have_apr_memcache=1], [have_apr_memcache=0])

include/mod_gnutls.h.in

@@ -73 +73 @@
 {
     int client_verify_mode;
+    const char* lua_bytecode;
+    apr_size_t lua_bytecode_len;
 } mgs_dirconf_rec;
 
@@ -236 +238 @@
 const char *mgs_set_enabled(cmd_parms * parms, void *dummy,
                             const char *arg);
-
+                            
+const char *mgs_set_require_section(cmd_parms *cmd, 
+                                    void *mconfig, const char *arg);
 void *mgs_config_server_create(apr_pool_t * p, server_rec * s);
 
+void *mgs_config_dir_merge(apr_pool_t *p, void *basev, void *addv);
+
 void *mgs_config_dir_create(apr_pool_t *p, char *dir);
+
+const char *mgs_set_require_bytecode(cmd_parms *cmd, 
+                                    void *mconfig, const char *arg);
 
 mgs_srvconf_rec* mgs_find_sni_server(gnutls_session_t session);
@@ -264 +273 @@
 int mgs_hook_authz(request_rec *r);
 
+int mgs_authz_lua(request_rec* r);
+
 #endif /*  __mod_gnutls_h_inc */

mod_gnutls.xcode/project.pbxproj

@@ -24 +24 @@
                         sourceTree = SOURCE_ROOT;
                 };
+                4541F3CF081DC7F1007457C1 = {
+                        fileEncoding = 4;
+                        isa = PBXFileReference;
+                        lastKnownFileType = sourcecode.c.c;
+                        name = gnutls_lua.c;
+                        path = src/gnutls_lua.c;
+                        refType = 4;
+                        sourceTree = "<group>";
+                };
                 45B624630802F1E200CBFD9A = {
                         children = (
+                                4541F3CF081DC7F1007457C1,
                                 4541F3BA081C4B1A007457C1,
                                 4541F3C5081C4F2B007457C1,

src/Makefile.am

@@ -1 +1 @@
 CLEANFILES = .libs/libmod_gnutls *~
 
-libmod_gnutls_la_SOURCES = mod_gnutls.c gnutls_io.c gnutls_cache.c gnutls_config.c gnutls_hooks.c
-libmod_gnutls_la_CFLAGS = -Wall ${MODULE_CFLAGS}
-libmod_gnutls_la_LDFLAGS = -rpath ${AP_LIBEXECDIR} -module -avoid-version ${MODULE_LIBS}
+libmod_gnutls_la_SOURCES = mod_gnutls.c gnutls_io.c gnutls_cache.c gnutls_config.c gnutls_hooks.c gnutls_lua.c
+libmod_gnutls_la_CFLAGS = -Wall ${MODULE_CFLAGS} ${LUA_CFLAGS}
+libmod_gnutls_la_LDFLAGS = -rpath ${AP_LIBEXECDIR} -module -avoid-version ${MODULE_LIBS} ${LUA_LIBS}
 
 lib_LTLIBRARIES = libmod_gnutls.la

src/gnutls_config.c

@@ -318 +318 @@
 }
 
+void *mgs_config_dir_merge(apr_pool_t *p, void *basev, void *addv)
+{
+    mgs_dirconf_rec *new;
+    mgs_dirconf_rec *base = (mgs_dirconf_rec *) basev;
+    mgs_dirconf_rec *add = (mgs_dirconf_rec *) addv;
+    
+    new = (mgs_dirconf_rec *) apr_pcalloc(p, sizeof(mgs_dirconf_rec));
+    new->lua_bytecode = apr_pstrmemdup(p, add->lua_bytecode,
+                                       add->lua_bytecode_len);
+    new->lua_bytecode_len = add->lua_bytecode_len;
+    new->client_verify_mode = add->client_verify_mode;
+    return new;
+}
+
 void *mgs_config_dir_create(apr_pool_t *p, char *dir)
 {
@@ -323 +337 @@
     
     dc->client_verify_mode = -1;
-    
+    dc->lua_bytecode = NULL;
+    dc->lua_bytecode_len = 0;
     return dc;
 }

src/gnutls_hooks.c

@@ -18 +18 @@
 #include "mod_gnutls.h"
 #include "http_vhost.h"
+#include "ap_mpm.h"
 
 #if !USING_2_1_RECENT
@@ -31 +32 @@
 #endif
 
+static int mpm_is_threaded;
+
 static apr_status_t mgs_cleanup_pre_config(void *data)
 {
@@ -49 +52 @@
 
 #if APR_HAS_THREADS
-    /* TODO: Check MPM Type here */
-    gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+    ap_mpm_query(AP_MPMQ_IS_THREADED, &mpm_is_threaded);
+    if (mpm_is_threaded) {
+        gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+    }
+#else
+    mpm_is_threaded = 0;
 #endif
 
@@ -235 +242 @@
                                                GNUTLS_OID_X520_COMMON_NAME, 0, 0,
                                                sc->cert_cn, &data_len);
-            ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
-                         s,
-                         "GnuTLS: sni-x509 cn: %s/%d pk: %s s: 0x%08X sc: 0x%08X", sc->cert_cn, rv,
-                         gnutls_pk_algorithm_get_name(gnutls_x509_privkey_get_pk_algorithm(sc->privkey_x509)),
-                         (unsigned int)s, (unsigned int)sc);
         }
     }
@@ -569 +571 @@
         apr_table_setn(env, "SSL_SERVER_I_DN", apr_pstrmemdup(r->pool, buf, len));
     }
-    
     return rv;
 }
@@ -586 +587 @@
         return DECLINED;
     }
-    
-    if (!dc) {
-        dc = mgs_config_dir_create(r->pool, NULL);
-    }
-
+    ap_add_common_vars(r);
+    mgs_hook_fixups(r);
+    status = mgs_authz_lua(r);
+    if (status != 0) {
+        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, 
+                      "GnuTLS: FAILED Lua Authorization Test");
+        return HTTP_FORBIDDEN;
+    }
     if (dc->client_verify_mode == GNUTLS_CERT_IGNORE) {
         ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, 

src/mod_gnutls.c

@@ -55 +55 @@
 }
 
-
 static const command_rec mgs_config_cmds[] = {
     AP_INIT_TAKE1("GnuTLSClientVerify", mgs_set_client_verify,
@@ -82 +81 @@
                   "Cache Configuration"),
     AP_INIT_TAKE1("GnuTLSEnable", mgs_set_enabled,
-                  NULL, RSRC_CONF,
+                  NULL,
+                  RSRC_CONF,
                   "Whether this server has GnuTLS Enabled. Default: Off"),
-    
+    AP_INIT_RAW_ARGS("<GnuTLSRequire", mgs_set_require_section,
+                  NULL,
+                  EXEC_ON_READ|OR_ALL,
+                  "Whether this server has GnuTLS Enabled. Default: Off"),
+    AP_INIT_RAW_ARGS("GnuTLSRequireByteCode", mgs_set_require_bytecode,
+                     NULL,
+                     OR_ALL,
+                     "Internal Command for reading Lua Bytecode."),
     {NULL}
 };
@@ -91 +98 @@
     STANDARD20_MODULE_STUFF,
     mgs_config_dir_create,
-    NULL,
+    mgs_config_dir_merge,
     mgs_config_server_create,
     NULL,