- Introduce ap_log_cserror to allow mod_ssl to associate log messages to

different servers than c->base_server. - Adjust the scope of some mod_ssl trace logging from server to conn. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@954611 13f79535-47bb-0310-9956-ffa450edef68
2025-08-08 15:02:10 +03:00 · 2010-06-14 19:59:05 +00:00
parent ec66a903b9
commit 0d11ddb595
7 changed files with 123 additions and 14 deletions
--- a/include/ap_mmn.h
+++ b/include/ap_mmn.h
@@ -228,6 +228,7 @@
 * 20100606.1 (2.3.6-dev)  Added extended timestamp formatting via
 *                         ap_recent_ctime_ex().
 * 20100609.0 (2.3.6-dev)  Dropped ap_args_to_table due to missing constraints.
+ * 20100609.1 (2.3.7-dev)  Introduce ap_log_cserror()
 */

 #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */
@@ -235,7 +236,7 @@
 #ifndef MODULE_MAGIC_NUMBER_MAJOR
 #define MODULE_MAGIC_NUMBER_MAJOR 20100609
 #endif
-#define MODULE_MAGIC_NUMBER_MINOR 0                     /* 0...n */
+#define MODULE_MAGIC_NUMBER_MINOR 1                     /* 0...n */

 /**
 * Determine if the server's current MODULE_MAGIC_NUMBER is at least a
--- a/include/http_config.h
+++ b/include/http_config.h
@@ -497,6 +497,18 @@ AP_DECLARE(int) ap_get_server_module_loglevel(const server_rec *s, int index);
 */
 AP_DECLARE(int) ap_get_conn_module_loglevel(const conn_rec *c, int index);

+/**
+ * Generic accessor for modules the module-specific loglevel
+ * @param c The connection from which to get the loglevel.
+ * @param s The server from which to get the loglevel if c does not have a
+ *          specific loglevel configuration.
+ * @param index The module_index of the module to get the loglevel for.
+ * @return The module-specific loglevel
+ */
+AP_DECLARE(int) ap_get_conn_server_module_loglevel(const conn_rec *c,
+                                                   const server_rec *s,
+                                                   int index);
+
 /**
 * Generic accessor for modules to get the module-specific loglevel
 * @param r The request from which to get the loglevel.
@@ -521,6 +533,11 @@ AP_DECLARE(void) ap_set_module_loglevel(apr_pool_t *p, struct ap_logconf *l,
    ((c)->log             ? (c)->log             : \
     &(c)->base_server->log)

+#define ap_get_conn_server_logconf(c,s)                             \
+    ( ( (c)->log != &(c)->base_server->log && (c)->log != NULL )  ? \
+      (c)->log                                                    : \
+      &(s)->log )
+
 #define ap_get_request_logconf(r)                  \
    ((r)->log             ? (r)->log             : \
     (r)->connection->log ? (r)->connection->log : \
@@ -537,6 +554,9 @@ AP_DECLARE(void) ap_set_module_loglevel(apr_pool_t *p, struct ap_logconf *l,
 #define ap_get_conn_module_loglevel(c,i)  \
    (ap_get_module_loglevel(ap_get_conn_logconf(c),i))

+#define ap_get_conn_server_module_loglevel(c,s,i)  \
+    (ap_get_module_loglevel(ap_get_conn_server_logconf(c,s),i))
+
 #define ap_get_request_module_loglevel(r,i)  \
    (ap_get_module_loglevel(ap_get_request_logconf(r),i))

--- a/include/http_log.h
+++ b/include/http_log.h
@@ -136,6 +136,10 @@ static int * const aplog_module_index;
          ( (((level)&APLOG_LEVELMASK) <= APLOG_NOTICE) ||       \
            (ap_get_conn_module_loglevel(c, module_index)        \
             >= ((level)&APLOG_LEVELMASK) ) )
+#define APLOG_CS_MODULE_IS_LEVEL(c,s,module_index,level)            \
+          ( (((level)&APLOG_LEVELMASK) <= APLOG_NOTICE) ||          \
+            (ap_get_conn_server_module_loglevel(c, s, module_index) \
+             >= ((level)&APLOG_LEVELMASK) ) )
 #define APLOG_R_MODULE_IS_LEVEL(r,module_index,level)            \
          ( (((level)&APLOG_LEVELMASK) <= APLOG_NOTICE) ||       \
            (ap_get_request_module_loglevel(r, module_index)     \
@@ -147,6 +151,11 @@ static int * const aplog_module_index;
            (s == NULL) ||                                       \
            (ap_get_server_module_loglevel(s, module_index)      \
             >= ((level)&APLOG_LEVELMASK) ) ) )
+#define APLOG_CS_MODULE_IS_LEVEL(c,s,module_index,level)            \
+        ( (((level)&APLOG_LEVELMASK) <= APLOG_MAX_LOGLEVEL) &&      \
+          ( (((level)&APLOG_LEVELMASK) <= APLOG_NOTICE) ||          \
+            (ap_get_conn_server_module_loglevel(c, s, module_index) \
+             >= ((level)&APLOG_LEVELMASK) ) ) )
 #define APLOG_C_MODULE_IS_LEVEL(c,module_index,level)            \
        ( (((level)&APLOG_LEVELMASK) <= APLOG_MAX_LOGLEVEL) &&   \
          ( (((level)&APLOG_LEVELMASK) <= APLOG_NOTICE) ||       \
@@ -163,6 +172,8 @@ static int * const aplog_module_index;
    APLOG_MODULE_IS_LEVEL(s,APLOG_MODULE_INDEX,level)
 #define APLOG_C_IS_LEVEL(c,level)   \
    APLOG_C_MODULE_IS_LEVEL(c,APLOG_MODULE_INDEX,level)
+#define APLOG_CS_IS_LEVEL(c,s,level) \
+    APLOG_CS_MODULE_IS_LEVEL(c,s,APLOG_MODULE_INDEX,level)
 #define APLOG_R_IS_LEVEL(r,level)   \
    APLOG_R_MODULE_IS_LEVEL(r,APLOG_MODULE_INDEX,level)

@@ -327,7 +338,7 @@ AP_DECLARE(void) ap_log_perror_(const char *file, int line, int module_index,

 /**
 * ap_log_rerror() - log messages which are related to a particular
- * request.  This uses a a printf-like format to log messages to the
+ * request.  This uses a printf-like format to log messages to the
 * error_log.
 * @param file The file in which this function is called
 * @param line The line number on which this function is called
@@ -362,7 +373,7 @@ AP_DECLARE(void) ap_log_rerror_(const char *file, int line, int module_index,

 /**
 * ap_log_cerror() - log messages which are related to a particular
- * connection.  This uses a a printf-like format to log messages to the
+ * connection.  This uses a printf-like format to log messages to the
 * error_log.
 * @param file The file in which this function is called
 * @param line The line number on which this function is called
@@ -397,6 +408,47 @@ AP_DECLARE(void) ap_log_cerror_(const char *file, int line, int module_level,
                                const conn_rec *c, const char *fmt, ...)
 			    __attribute__((format(printf,7,8)));

+/**
+ * ap_log_cserror() - log messages which are related to a particular
+ * connection and to a vhost other than c->base_server.  This uses a
+ * printf-like format to log messages to the error_log.
+ * @param file The file in which this function is called
+ * @param line The line number on which this function is called
+ * @param level The level of this error message
+ * @param module_index The module_index of the module generating this message
+ * @param status The status code from the previous command
+ * @param c The connection which we are logging for
+ * @param s The server which we are logging for
+ * @param fmt The format string
+ * @param ... The arguments to use to fill out fmt.
+ * @note Use APLOG_MARK to fill out file and line
+ * @note If a request_rec is available, use that with ap_log_rerror()
+ * in preference to calling this function. This function is mainly useful for
+ * modules like mod_ssl to use before the request_rec is created.
+ * @warning It is VERY IMPORTANT that you not include any raw data from 
+ * the network, such as the request-URI or request header fields, within 
+ * the format string.  Doing so makes the server vulnerable to a 
+ * denial-of-service attack and other messy behavior.  Instead, use a 
+ * simple format string like "%s", followed by the string containing the 
+ * untrusted data.
+ */
+#if __STDC_VERSION__ >= 199901L
+/* need additional step to expand APLOG_MARK first */
+#define ap_log_cserror(...) ap_log_cserror__(__VA_ARGS__)
+#define ap_log_cserror__(file, line, mi, level, status, c, s, ...)  \
+    do { if (APLOG_CS_MODULE_IS_LEVEL(c, s, mi, level))             \
+             ap_log_cserror_(file, line, mi, level, status, c, s,   \
+                             __VA_ARGS__);                          \
+    } while(0)
+#else
+#define ap_log_cserror ap_log_cserror_
+#endif
+AP_DECLARE(void) ap_log_cserror_(const char *file, int line, int module_level,
+                                 int level, apr_status_t status,
+                                 const conn_rec *c, const server_rec *s,
+                                 const char *fmt, ...)
+                             __attribute__((format(printf,8,9)));
+
 /**
 * Convert stderr to the error log
 * @param s The current server
--- a/modules/ssl/ssl_engine_io.c
+++ b/modules/ssl/ssl_engine_io.c
@@ -1017,11 +1017,12 @@ static void ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx,
    SSL_smart_shutdown(ssl);

    /* and finally log the fact that we've closed the connection */
-    if (APLOG_C_IS_LEVEL(c, loglevel)) {
-        ap_log_cerror(APLOG_MARK, loglevel, 0, c,
+    if (APLOG_CS_IS_LEVEL(c, mySrvFromConn(c), loglevel)) {
+        ap_log_cserror(APLOG_MARK, loglevel, 0, c, mySrvFromConn(c),
                       "Connection closed to child %ld with %s shutdown "
                       "(server %s)",
-                      c->id, type, ssl_util_vhostid(c->pool, mySrvFromConn(c)));
+                       c->id, type,
+                       ssl_util_vhostid(c->pool, mySrvFromConn(c)));
    }

    /* deallocate the SSL connection */
@@ -1740,7 +1741,7 @@ void ssl_io_filter_init(conn_rec *c, request_rec *r, SSL *ssl)
    apr_pool_cleanup_register(c->pool, (void*)filter_ctx,
                              ssl_io_filter_cleanup, apr_pool_cleanup_null);

-    if (APLOGctrace4(c)) {
+    if (APLOG_CS_IS_LEVEL(c, mySrvFromConn(c), APLOG_TRACE4)) {
        BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb);
        BIO_set_callback_arg(SSL_get_rbio(ssl), (void *)ssl);
    }
@@ -1850,18 +1851,18 @@ long ssl_io_data_cb(BIO *bio, int cmd,
    if (   cmd == (BIO_CB_WRITE|BIO_CB_RETURN)
        || cmd == (BIO_CB_READ |BIO_CB_RETURN) ) {
        if (rc >= 0) {
-            ap_log_error(APLOG_MARK, APLOG_TRACE4, 0, s,
+            ap_log_cserror(APLOG_MARK, APLOG_TRACE4, 0, c, s,
                    "%s: %s %ld/%d bytes %s BIO#%pp [mem: %pp] %s",
                    SSL_LIBRARY_NAME,
                    (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"),
                    rc, argi, (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "to" : "from"),
                    bio, argp,
                    (argp != NULL ? "(BIO dump follows)" : "(Oops, no memory buffer?)"));
-            if ((argp != NULL) && APLOGctrace7(c))
+            if ((argp != NULL) && APLOG_CS_IS_LEVEL(c, s, APLOG_TRACE7))
                ssl_io_data_dump(s, argp, rc);
        }
        else {
-            ap_log_error(APLOG_MARK, APLOG_TRACE4, 0, s,
+            ap_log_cserror(APLOG_MARK, APLOG_TRACE4, 0, c, s,
                    "%s: I/O error, %d bytes expected to %s on BIO#%pp [mem: %pp]",
                    SSL_LIBRARY_NAME, argi,
                    (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"),
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -2138,10 +2138,10 @@ static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s)
         * There is one special filter callback, which is set
         * very early depending on the base_server's log level.
         * If this is not the first vhost we're now selecting
-         * (and the first vhost doesn't use APLOG_DEBUG), then
+         * (and the first vhost doesn't use APLOG_TRACE4), then
         * we need to set that callback here.
         */
-        if (APLOGdebug(s)) {
+        if (APLOGtrace4(s)) {
            BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb);
            BIO_set_callback_arg(SSL_get_rbio(ssl), (void *)ssl);
        }
--- a/server/log.c
+++ b/server/log.c
@@ -820,6 +820,19 @@ AP_DECLARE(void) ap_log_rerror_(const char *file, int line, int module_index,
    va_end(args);
 }

+AP_DECLARE(void) ap_log_cserror_(const char *file, int line, int module_index,
+                                 int level, apr_status_t status,
+                                 const conn_rec *c, const server_rec *s,
+                                 const char *fmt, ...)
+{
+    va_list args;
+
+    va_start(args, fmt);
+    log_error_core(file, line, module_index, level, status, s, c,
+                   NULL, NULL, fmt, args);
+    va_end(args);
+}
+
 AP_DECLARE(void) ap_log_cerror_(const char *file, int line, int module_index,
                                int level, apr_status_t status,
                                const conn_rec *c, const char *fmt, ...)
--- a/server/util_debug.c
+++ b/server/util_debug.c
@@ -139,6 +139,28 @@ AP_DECLARE(int) ap_get_conn_module_loglevel(const conn_rec *c, int module_index)
    return l->module_levels[module_index];
 }

+#if defined(ap_get_conn_server_module_loglevel)
+#undef ap_get_conn_server_module_loglevel
+AP_DECLARE(int) ap_get_conn_server_module_loglevel(const conn_rec *c,
+                                                   const server_rec *s,
+                                                   int module_index);
+#endif
+
+AP_DECLARE(int) ap_get_conn_server_module_loglevel(const conn_rec *c,
+                                                   const server_rec *s,
+                                                   int module_index)
+{
+    const struct ap_logconf *l = (c->log && c->log != &c->base_server->log) ?
+                                 c->log : &s->log;
+    if (module_index < 0 || l->module_levels == NULL ||
+        l->module_levels[module_index] < 0)
+    {
+        return l->level;
+    }
+
+    return l->module_levels[module_index];
+}
+
 #if defined(ap_get_request_module_loglevel)
 #undef ap_get_request_module_loglevel
 AP_DECLARE(int) ap_get_request_module_loglevel(const request_rec *c, int module_index);