www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-01 07:26:57 +03:00
Code Activity

Fix a compile of compiler warnings. I don't know how these slipped past.

Browse Source 
Also, uncomment a line of code that the last commit should have uncommented.
Randall found this line and the fix, but I forgot to uncomment this line
along with the fix.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97179 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Ryan Bloom
2002-10-11 15:29:22 +00:00
parent 571d1a1228
commit 37f9061757
10 changed files with 197 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
include/httpd.h
View File

@ -437,7 +437,7 @@ AP_DECLARE(const char *) ap_get_server_built(void);
* all of the potential response status-lines (a sparse table). * all of the potential response status-lines (a sparse table).
* A future version should dynamically generate the apr_table_t at startup. * A future version should dynamically generate the apr_table_t at startup.
*/ */
#define RESPONSE_CODES 55 #define RESPONSE_CODES 57
#define HTTP_CONTINUE 100 #define HTTP_CONTINUE 100
#define HTTP_SWITCHING_PROTOCOLS 101 #define HTTP_SWITCHING_PROTOCOLS 101
@ -478,6 +478,7 @@ AP_DECLARE(const char *) ap_get_server_built(void);
#define HTTP_UNPROCESSABLE_ENTITY 422 #define HTTP_UNPROCESSABLE_ENTITY 422
#define HTTP_LOCKED 423 #define HTTP_LOCKED 423
#define HTTP_FAILED_DEPENDENCY 424 #define HTTP_FAILED_DEPENDENCY 424
#define HTTP_UPGRADE_REQUIRED 426
#define HTTP_INTERNAL_SERVER_ERROR 500 #define HTTP_INTERNAL_SERVER_ERROR 500
#define HTTP_NOT_IMPLEMENTED 501 #define HTTP_NOT_IMPLEMENTED 501
#define HTTP_BAD_GATEWAY 502 #define HTTP_BAD_GATEWAY 502

13
modules/http/http_protocol.c
View File

@ -163,7 +163,12 @@ static const char * const status_lines[RESPONSE_CODES] =
"422 Unprocessable Entity", "422 Unprocessable Entity",
"423 Locked", "423 Locked",
"424 Failed Dependency", "424 Failed Dependency",
#define LEVEL_500 44 /* This is a hack, but it is required for ap_index_of_response
* to work with 426.
*/
"425 No code",
"426 Upgrade Required",
#define LEVEL_500 46
"500 Internal Server Error", "500 Internal Server Error",
"501 Method Not Implemented", "501 Method Not Implemented",
"502 Bad Gateway", "502 Bad Gateway",
@ -2190,6 +2195,12 @@ static const char *get_canned_error_string(int status,
return("<p>The method could not be performed on the resource\n" return("<p>The method could not be performed on the resource\n"
"because the requested action depended on another\n" "because the requested action depended on another\n"
"action and that other action failed.</p>\n"); "action and that other action failed.</p>\n");
case HTTP_UPGRADE_REQUIRED:
return("<p>The requested resource can only be retrieved\n"
"using SSL. The server is willing to upgrade the current\n"
"connection to SSL, but your client doesn't support it.\n"
"Either upgrade your client, or try requesting the page\n"
"using https://\n");
case HTTP_INSUFFICIENT_STORAGE: case HTTP_INSUFFICIENT_STORAGE:
return("<p>The method could not be performed on the resource\n" return("<p>The method could not be performed on the resource\n"
"because the server is unable to store the\n" "because the server is unable to store the\n"

87
modules/ssl/mod_ssl.c
View File

@ -105,7 +105,7 @@ static const command_rec ssl_config_cmds[] = {
/* /*
* Per-server context configuration directives * Per-server context configuration directives
*/ */
SSL_CMD_SRV(Engine, FLAG, SSL_CMD_SRV(Engine, TAKE1,
"SSL switch for the protocol engine " "SSL switch for the protocol engine "
"(`on', `off')") "(`on', `off')")
SSL_CMD_ALL(CipherSuite, TAKE1, SSL_CMD_ALL(CipherSuite, TAKE1,
@ -274,7 +274,7 @@ int ssl_engine_disable(conn_rec *c)
return 1; return 1;
} }
static int ssl_hook_pre_connection(conn_rec *c, void *csd) int ssl_init_ssl_connection(conn_rec *c)
{ {
SSLSrvConfigRec *sc = mySrvConfig(c->base_server); SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
SSL *ssl; SSL *ssl;
@ -282,41 +282,15 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd)
char *vhost_md5; char *vhost_md5;
modssl_ctx_t *mctx; modssl_ctx_t *mctx;
/*
* Immediately stop processing if SSL is disabled for this connection
*/
if (!(sc && (sc->enabled ||
(sslconn && sslconn->is_proxy))))
{
return DECLINED;
}
/*
* Create SSL context
*/
if (!sslconn) {
sslconn = ssl_init_connection_ctx(c);
}
if (sslconn->disabled) {
return DECLINED;
}
/*
* Remember the connection information for
* later access inside callback functions
*/
ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server,
"Connection to child %ld established "
"(server %s, client %s)", c->id, sc->vhost_id,
c->remote_ip ? c->remote_ip : "unknown");
/* /*
* Seed the Pseudo Random Number Generator (PRNG) * Seed the Pseudo Random Number Generator (PRNG)
*/ */
ssl_rand_seed(c->base_server, c->pool, SSL_RSCTX_CONNECT, ""); ssl_rand_seed(c->base_server, c->pool, SSL_RSCTX_CONNECT, "");
if (!sslconn) {
sslconn = ssl_init_connection_ctx(c);
}
mctx = sslconn->is_proxy ? sc->proxy : sc->server; mctx = sslconn->is_proxy ? sc->proxy : sc->server;
/* /*
@ -368,6 +342,44 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd)
return APR_SUCCESS; return APR_SUCCESS;
} }
static int ssl_hook_pre_connection(conn_rec *c, void *csd)
{
SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
SSLConnRec *sslconn = myConnConfig(c);
/*
* Immediately stop processing if SSL is disabled for this connection
*/
if (!(sc && (sc->enabled == TRUE ||
(sslconn && sslconn->is_proxy))))
{
return DECLINED;
}
/*
* Create SSL context
*/
if (!sslconn) {
sslconn = ssl_init_connection_ctx(c);
}
if (sslconn->disabled) {
return DECLINED;
}
/*
* Remember the connection information for
* later access inside callback functions
*/
ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server,
"Connection to child %ld established "
"(server %s, client %s)", c->id, sc->vhost_id,
c->remote_ip ? c->remote_ip : "unknown");
return ssl_init_ssl_connection(c);
}
static apr_status_t ssl_abort(SSLFilterRec *filter, conn_rec *c) static apr_status_t ssl_abort(SSLFilterRec *filter, conn_rec *c)
{ {
SSLConnRec *sslconn = myConnConfig(c); SSLConnRec *sslconn = myConnConfig(c);
@ -572,6 +584,15 @@ static apr_port_t ssl_hook_default_port(const request_rec *r)
return 443; return 443;
} }
static void ssl_hook_Insert_Filter(request_rec *r)
{
SSLSrvConfigRec *sc = mySrvConfig(r->server);
if (sc->enabled == UNSET) {
ap_add_output_filter("UPGRADE_FILTER", NULL, r, r->connection);
}
}
/* /*
* the module registration phase * the module registration phase
*/ */
@ -592,6 +613,8 @@ static void ssl_register_hooks(apr_pool_t *p)
ap_hook_access_checker(ssl_hook_Access, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_access_checker(ssl_hook_Access, NULL,NULL, APR_HOOK_MIDDLE);
ap_hook_auth_checker (ssl_hook_Auth, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_auth_checker (ssl_hook_Auth, NULL,NULL, APR_HOOK_MIDDLE);
ap_hook_post_read_request(ssl_hook_ReadReq, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_post_read_request(ssl_hook_ReadReq, NULL,NULL, APR_HOOK_MIDDLE);
ap_hook_insert_filter (ssl_hook_Insert_Filter, NULL,NULL, APR_HOOK_MIDDLE);
/* ap_hook_handler (ssl_hook_Upgrade, NULL,NULL, APR_HOOK_MIDDLE); */
ssl_var_register(); ssl_var_register();

5
modules/ssl/mod_ssl.h
View File

@ -549,7 +549,7 @@ const char *ssl_cmd_SSLMutex(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLCryptoDevice(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLCryptoDevice(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLRandomSeed(cmd_parms *, void *, const char *, const char *, const char *); const char *ssl_cmd_SSLRandomSeed(cmd_parms *, void *, const char *, const char *, const char *);
const char *ssl_cmd_SSLEngine(cmd_parms *, void *, int); const char *ssl_cmd_SSLEngine(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLCipherSuite(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLCipherSuite(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLCertificateFile(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLCertificateFile(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, void *, const char *);
@ -601,6 +601,7 @@ int ssl_hook_Access(request_rec *);
int ssl_hook_Fixup(request_rec *); int ssl_hook_Fixup(request_rec *);
int ssl_hook_ReadReq(request_rec *); int ssl_hook_ReadReq(request_rec *);
int ssl_hook_Handler(request_rec *); int ssl_hook_Handler(request_rec *);
int ssl_hook_Upgrade(request_rec *);
/* OpenSSL callbacks */ /* OpenSSL callbacks */
RSA *ssl_callback_TmpRSA(SSL *, int, int); RSA *ssl_callback_TmpRSA(SSL *, int, int);
@ -722,6 +723,8 @@ ssl_algo_t ssl_util_algotypeof(X509 *, EVP_PKEY *);
char *ssl_util_algotypestr(ssl_algo_t); char *ssl_util_algotypestr(ssl_algo_t);
char *ssl_util_ptxtsub(apr_pool_t *, const char *, const char *, char *); char *ssl_util_ptxtsub(apr_pool_t *, const char *, const char *, char *);
void ssl_util_thread_setup(apr_pool_t *); void ssl_util_thread_setup(apr_pool_t *);
int ssl_init_ssl_connection(conn_rec *c);
#define APR_SHM_MAXSIZE (64 * 1024 * 1024) #define APR_SHM_MAXSIZE (64 * 1024 * 1024)
#endif /* __MOD_SSL_H__ */ #endif /* __MOD_SSL_H__ */

19
modules/ssl/ssl_engine_config.c
View File

@ -205,7 +205,7 @@ static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p)
SSLSrvConfigRec *sc = apr_palloc(p, sizeof(*sc)); SSLSrvConfigRec *sc = apr_palloc(p, sizeof(*sc));
sc->mc = NULL; sc->mc = NULL;
sc->enabled = UNSET; sc->enabled = FALSE;
sc->proxy_enabled = UNSET; sc->proxy_enabled = UNSET;
sc->vhost_id = NULL; /* set during module init */ sc->vhost_id = NULL; /* set during module init */
sc->vhost_id_len = 0; /* set during module init */ sc->vhost_id_len = 0; /* set during module init */
@ -581,13 +581,24 @@ const char *ssl_cmd_SSLRandomSeed(cmd_parms *cmd,
return NULL; return NULL;
} }
const char *ssl_cmd_SSLEngine(cmd_parms *cmd, void *dcfg, int flag) const char *ssl_cmd_SSLEngine(cmd_parms *cmd, void *dcfg, const char *arg)
{ {
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
sc->enabled = flag ? TRUE : FALSE; if (!strcasecmp(arg, "On")) {
sc->enabled = TRUE;
return NULL;
}
else if (!strcasecmp(arg, "Off")) {
sc->enabled = FALSE;
return NULL;
}
else if (!strcasecmp(arg, "Optional")) {
sc->enabled = UNSET;
return NULL;
}
return NULL; return "Argument must be On, Off, or Optional";
} }
const char *ssl_cmd_SSLCipherSuite(cmd_parms *cmd, const char *ssl_cmd_SSLCipherSuite(cmd_parms *cmd,

11
modules/ssl/ssl_engine_init.c
View File

@ -247,11 +247,13 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
sc->vhost_id = ssl_util_vhostid(p, s); sc->vhost_id = ssl_util_vhostid(p, s);
sc->vhost_id_len = strlen(sc->vhost_id); sc->vhost_id_len = strlen(sc->vhost_id);
/* Fix up stuff that may not have been set */ #if 0
/* If sc->enabled is UNSET, then SSL is optional on this vhost */
/* Fix up stuff that may not have been set */
if (sc->enabled == UNSET) { if (sc->enabled == UNSET) {
sc->enabled = FALSE; sc->enabled = FALSE;
} }
#endif
if (sc->proxy_enabled == UNSET) { if (sc->proxy_enabled == UNSET) {
sc->proxy_enabled = FALSE; sc->proxy_enabled = FALSE;
} }
@ -981,6 +983,9 @@ void ssl_init_ConfigureServer(server_rec *s,
apr_pool_t *ptemp, apr_pool_t *ptemp,
SSLSrvConfigRec *sc) SSLSrvConfigRec *sc)
{ {
/* A bit of a hack, but initialize the server if SSL is optional or
* not.
*/
if (sc->enabled) { if (sc->enabled) {
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Configuring server for SSL protocol"); "Configuring server for SSL protocol");
@ -1009,7 +1014,7 @@ void ssl_init_CheckServers(server_rec *base_server, apr_pool_t *p)
for (s = base_server; s; s = s->next) { for (s = base_server; s; s = s->next) {
sc = mySrvConfig(s); sc = mySrvConfig(s);
if (sc->enabled && (s->port == DEFAULT_HTTP_PORT)) { if ((sc->enabled == TRUE) && (s->port == DEFAULT_HTTP_PORT)) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, ap_log_error(APLOG_MARK, APLOG_WARNING, 0,
base_server, base_server,
"Init: (%s) You configured HTTPS(%d) " "Init: (%s) You configured HTTPS(%d) "

84
modules/ssl/ssl_engine_io.c
View File

@ -577,6 +577,85 @@ static apr_status_t ssl_filter_write(ap_filter_t *f,
return APR_SUCCESS; return APR_SUCCESS;
} }
static apr_status_t ssl_io_filter_Upgrade(ap_filter_t *f,
apr_bucket_brigade *bb)
{
#define SWITCH_STATUS_LINE "101 Switching Protocols"
#define UPGRADE_HEADER "Upgrade: TLS/1.0 HTTP/1.1"
#define CONNECTION_HEADER "Conenction: Upgrade"
const char *upgrade;
const char *connection;
apr_bucket_brigade *upgradebb;
request_rec *r = f->r;
SSLConnRec *sslconn;
SSL *ssl;
/* Just remove the filter, if it doesn't work the first time, it won't
* work at all for this request.
*/
ap_remove_output_filter(f);
/* No need to ensure that this is a server with optional SSL, the filter
* is only inserted if that is true.
*/
upgrade = apr_table_get(r->headers_in, "Upgrade");
if (upgrade == NULL) {
return ap_pass_brigade(f->next, bb);
}
connection = apr_table_get(r->headers_in, "Connection");
apr_table_unset(r->headers_out, "Upgrade");
if (strcmp(connection, "Upgrade") || strcmp(upgrade, "TLS/1.0")) {
return ap_pass_brigade(f->next, bb);
}
if (r->method_number == M_OPTIONS) {
apr_bucket *b = NULL;
/* This is a mandatory SSL upgrade. */
upgradebb = apr_brigade_create(r->pool, f->c->bucket_alloc);
ap_fputstrs(f->next, upgradebb, SWITCH_STATUS_LINE, CRLF,
UPGRADE_HEADER, CRLF, CONNECTION_HEADER, CRLF, CRLF, NULL);
b = apr_bucket_flush_create(f->c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(upgradebb, b);
ap_pass_brigade(f->next, upgradebb);
}
else {
/* This is optional, and should be configurable, for now don't bother
* doing anything.
*/
return ap_pass_brigade(f->next, bb);
}
ssl_init_ssl_connection(f->c);
ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
"Awaiting re-negotiation handshake");
sslconn = myConnConfig(f->c);
ssl = sslconn->ssl;
SSL_set_state(ssl, SSL_ST_ACCEPT);
SSL_do_handshake(ssl);
if (SSL_get_state(ssl) != SSL_ST_OK) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
"Re-negotiation handshake failed: "
"Not accepted by client!?");
return AP_FILTER_ERROR;
}
return OK;
}
static apr_status_t ssl_io_filter_Output(ap_filter_t *f, static apr_status_t ssl_io_filter_Output(ap_filter_t *f,
apr_bucket_brigade *bb) apr_bucket_brigade *bb)
{ {
@ -943,6 +1022,11 @@ void ssl_io_filter_init(conn_rec *c, SSL *ssl)
void ssl_io_filter_register(apr_pool_t *p) void ssl_io_filter_register(apr_pool_t *p)
{ {
/* This filter MUST be after the HTTP_HEADER filter, but it also must be
* a resource-level filter so it has the request_rec.
*/
ap_register_output_filter ("UPGRADE_FILTER", ssl_io_filter_Upgrade, NULL, AP_FTYPE_PROTOCOL + 5);
ap_register_input_filter (ssl_io_filter, ssl_io_filter_Input, NULL, AP_FTYPE_CONNECTION + 5); ap_register_input_filter (ssl_io_filter, ssl_io_filter_Input, NULL, AP_FTYPE_CONNECTION + 5);
ap_register_output_filter (ssl_io_filter, ssl_io_filter_Output, NULL, AP_FTYPE_CONNECTION + 5); ap_register_output_filter (ssl_io_filter, ssl_io_filter_Output, NULL, AP_FTYPE_CONNECTION + 5);
return; return;

14
modules/ssl/ssl_engine_kernel.c
View File

@ -322,6 +322,16 @@ int ssl_hook_Access(request_rec *r)
* Support for SSLRequireSSL directive * Support for SSLRequireSSL directive
*/ */
if (dc->bSSLRequired && !ssl) { if (dc->bSSLRequired && !ssl) {
if (sc->enabled == UNSET) {
/* This vhost was configured for optional SSL, just tell the
* client that we need to upgrade.
*/
apr_table_setn(r->err_headers_out, "Upgrade", "TLS/1.0, HTTP/1.1");
apr_table_setn(r->err_headers_out, "Connection", "Upgrade");
return HTTP_UPGRADE_REQUIRED;
}
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"access to %s failed, reason: %s", "access to %s failed, reason: %s",
r->filename, "SSL connection required"); r->filename, "SSL connection required");
@ -1110,6 +1120,10 @@ int ssl_hook_Fixup(request_rec *r)
SSL *ssl; SSL *ssl;
int i; int i;
if (sc->enabled == UNSET) {
apr_table_setn(r->headers_out, "Upgrade", "TLS/1.0, HTTP/1.1");
}
/* /*
* Check to see if SSL is on * Check to see if SSL is on
*/ */

2
modules/ssl/ssl_util.c
View File

@ -84,7 +84,7 @@ char *ssl_util_vhostid(apr_pool_t *p, server_rec *s)
port = s->port; port = s->port;
else { else {
sc = mySrvConfig(s); sc = mySrvConfig(s);
if (sc->enabled) if (sc->enabled == TRUE)
port = DEFAULT_HTTPS_PORT; port = DEFAULT_HTTPS_PORT;
else else
port = DEFAULT_HTTP_PORT; port = DEFAULT_HTTP_PORT;

8
server/mpm/experimental/perchild/perchild.c
View File

@ -580,7 +580,7 @@ static void process_socket(apr_pool_t *p, apr_socket_t *sock, long conn_id,
} }
} }
static perchild_process_connection(conn_rec *c) static int perchild_process_connection(conn_rec *c)
{ {
ap_filter_t *f; ap_filter_t *f;
apr_bucket_brigade *bb; apr_bucket_brigade *bb;
@ -684,7 +684,6 @@ static apr_status_t receive_from_other_child(void **csd, ap_listen_rec *lr,
struct iovec iov[2]; struct iovec iov[2];
int ret, dp; int ret, dp;
apr_os_sock_t sd; apr_os_sock_t sd;
apr_socket_t *unix_sd = NULL;
apr_bucket_alloc_t *alloc = apr_bucket_alloc_create(ptrans); apr_bucket_alloc_t *alloc = apr_bucket_alloc_create(ptrans);
apr_bucket_brigade *bb = apr_brigade_create(ptrans, alloc); apr_bucket_brigade *bb = apr_brigade_create(ptrans, alloc);
apr_bucket *bucket; apr_bucket *bucket;
@ -1664,9 +1663,8 @@ static int pass_request(request_rec *r)
h.p = r->pool; h.p = r->pool;
h.headers = apr_pstrcat(h.p, r->the_request, CRLF, "Host: ", r->hostname, h.headers = apr_pstrcat(h.p, r->the_request, CRLF, "Host: ", r->hostname,
CRLF, NULL); CRLF, NULL);
/* XXX This REALLY needs to be uncommented, but it is causing problems.
apr_table_do((int (*) (void *, const char *, const char *)) apr_table_do((int (*) (void *, const char *, const char *))
perchild_header_field, (void *) &h, r->headers_in, NULL); */ perchild_header_field, (void *) &h, r->headers_in, NULL);
h.headers = apr_pstrcat(h.p, h.headers, CRLF, NULL); h.headers = apr_pstrcat(h.p, h.headers, CRLF, NULL);
iov[0].iov_base = h.headers; iov[0].iov_base = h.headers;
@ -1944,8 +1942,6 @@ static const char *set_child_per_uid(cmd_parms *cmd, void *dummy, const char *u,
for (i = curr_child_num; i < max_this_time; i++, curr_child_num++) { for (i = curr_child_num; i < max_this_time; i++, curr_child_num++) {
int uid = 0, gid = 0;
if (i > num_daemons) { if (i > num_daemons) {
return "Trying to use more child ID's than NumServers. Increase " return "Trying to use more child ID's than NumServers. Increase "
"NumServers in your config file."; "NumServers in your config file.";