Context Navigation

← Previous Change
Next Change →

Changeset 84cb5b2 in mod_gnutls for src

Timestamp:

May 17, 2005, 5:00:53 PM (15 years ago)

Author:

Paul Querna <chip@…>

Branches:

debian/master, debian/stretch-backports, jessie-backports, master, msva, upstream

Children:

Parents:

Message:

add lua to do client verification
only use gcrypt locking when required to

Location:

Files:

: 1 added
: 4 edited

Makefile.am (modified) (1 diff)
gnutls_config.c (modified) (2 diffs)
gnutls_hooks.c (modified) (6 diffs)
gnutls_lua.c (added)
mod_gnutls.c (modified) (3 diffs)

Legend:

: Unmodified
: Added
: Removed

src/Makefile.am

-                      r836417f
+                      r84cb5b2
 CLEANFILES = .libs/libmod_gnutls *~
 libmod_gnutls_la_SOURCES = mod_gnutls.c gnutls_io.c gnutls_cache.c gnutls_config.c gnutls_hooks.c
 libmod_gnutls_la_CFLAGS = -Wall ${MODULE_CFLAGS}
 libmod_gnutls_la_LDFLAGS = -rpath ${AP_LIBEXECDIR} -module -avoid-version ${MODULE_LIBS}
+libmod_gnutls_la_SOURCES = mod_gnutls.c gnutls_io.c gnutls_cache.c gnutls_config.c gnutls_hooks.c gnutls_lua.c
+libmod_gnutls_la_CFLAGS = -Wall ${MODULE_CFLAGS} ${LUA_CFLAGS}
+libmod_gnutls_la_LDFLAGS = -rpath ${AP_LIBEXECDIR} -module -avoid-version ${MODULE_LIBS} ${LUA_LIBS}
 lib_LTLIBRARIES = libmod_gnutls.la

src/gnutls_config.c

-                      r836417f
+                      r84cb5b2
+}
+void *mgs_config_dir_merge(apr_pool_t *p, void *basev, void *addv)
+{
+    mgs_dirconf_rec *new;
+    mgs_dirconf_rec *base = (mgs_dirconf_rec *) basev;
+    mgs_dirconf_rec *add = (mgs_dirconf_rec *) addv;
+    new = (mgs_dirconf_rec *) apr_pcalloc(p, sizeof(mgs_dirconf_rec));
+    new->lua_bytecode = apr_pstrmemdup(p, add->lua_bytecode,
+                                       add->lua_bytecode_len);
+    new->lua_bytecode_len = add->lua_bytecode_len;
+    new->client_verify_mode = add->client_verify_mode;
+    return new;
+}
 void *mgs_config_dir_create(apr_pool_t *p, char *dir)
+{
 …
     dc->client_verify_mode = -1;
+    dc->lua_bytecode = NULL;
+    dc->lua_bytecode_len = 0;
     return dc;
+}

src/gnutls_hooks.c

-                      r836417f
+                      r84cb5b2
 #include "mod_gnutls.h"
 #include "http_vhost.h"
+#include "ap_mpm.h"
 #if !USING_2_1_RECENT
 …
 #endif
+static int mpm_is_threaded;
 static apr_status_t mgs_cleanup_pre_config(void *data)
+{
 …
 #if APR_HAS_THREADS
+    /* TODO: Check MPM Type here */
+    gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+    ap_mpm_query(AP_MPMQ_IS_THREADED, &mpm_is_threaded);
+    if (mpm_is_threaded) {
+        gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+    }
+#else
+    mpm_is_threaded = 0;
 #endif
 …
                                                GNUTLS_OID_X520_COMMON_NAME, 0, 0,
                                                sc->cert_cn, &data_len);
-            ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
-                         s,
-                         "GnuTLS: sni-x509 cn: %s/%d pk: %s s: 0x%08X sc: 0x%08X", sc->cert_cn, rv,
-                         gnutls_pk_algorithm_get_name(gnutls_x509_privkey_get_pk_algorithm(sc->privkey_x509)),
-                         (unsigned int)s, (unsigned int)sc);
+        }
+    }
 …
         apr_table_setn(env, "SSL_SERVER_I_DN", apr_pstrmemdup(r->pool, buf, len));
+    }
     return rv;
+}
 …
         return DECLINED;
+    }
+    if (!dc) {
+        dc = mgs_config_dir_create(r->pool, NULL);
+    }
+    ap_add_common_vars(r);
+    mgs_hook_fixups(r);
+    status = mgs_authz_lua(r);
+    if (status != 0) {
+        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+                      "GnuTLS: FAILED Lua Authorization Test");
+        return HTTP_FORBIDDEN;
+    }
     if (dc->client_verify_mode == GNUTLS_CERT_IGNORE) {
         ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,

src/mod_gnutls.c

-                      r836417f
+                      r84cb5b2
+}
 static const command_rec mgs_config_cmds[] = {
     AP_INIT_TAKE1("GnuTLSClientVerify", mgs_set_client_verify,
 …
                   "Cache Configuration"),
     AP_INIT_TAKE1("GnuTLSEnable", mgs_set_enabled,
+                  NULL, RSRC_CONF,
+                  NULL,
+                  RSRC_CONF,
                   "Whether this server has GnuTLS Enabled. Default: Off"),
+    AP_INIT_RAW_ARGS("<GnuTLSRequire", mgs_set_require_section,
+                  NULL,
+                  EXEC_ON_READ|OR_ALL,
+                  "Whether this server has GnuTLS Enabled. Default: Off"),
+    AP_INIT_RAW_ARGS("GnuTLSRequireByteCode", mgs_set_require_bytecode,
+                     NULL,
+                     OR_ALL,
+                     "Internal Command for reading Lua Bytecode."),
     {NULL}
 };
 …
     STANDARD20_MODULE_STUFF,
     mgs_config_dir_create,
     NULL,
+    mgs_config_dir_merge,
     mgs_config_server_create,
     NULL,

Note: See TracChangeset for help on using the changeset viewer.

Download in other formats: