[Fedora-directory-commits] mod_nss mod_nss.c, 1.15, 1.16 mod_nss.h, 1.17, 1.18 nss_engine_init.c, 1.28, 1.29 nss_engine_io.c, 1.7, 1.8 nss_engine_kernel.c, 1.9, 1.10 nss_engine_vars.c, 1.8, 1.9 nss_util.c, 1.2, 1.3
Robert Crittenden (rcritten)
fedora-directory-commits at redhat.com
Thu May 31 21:36:05 UTC 2007
- Previous message: [Fedora-directory-commits] adminutil Makefile.am, 1.3, 1.4 Makefile.in, 1.4, 1.5 adminutil.spec, 1.5, 1.6 configure, 1.4, 1.5 configure.ac, 1.3, 1.4 aclocal.m4, 1.4, 1.5 missing, 1.3, 1.4 install-sh, 1.3, 1.4 depcomp, 1.3, 1.4 config.guess, 1.3, 1.4 compile, 1.3, 1.4 config.sub, 1.3, 1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rcritten
Update of /cvs/dirsec/mod_nss
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20057
Modified Files:
mod_nss.c mod_nss.h nss_engine_init.c nss_engine_io.c
nss_engine_kernel.c nss_engine_vars.c nss_util.c
Log Message:
Resolves: 241936
Bring in some updates based on diffs from 2.0.59 to 2.2.4
- Do explicit TRUE/FALSE tests with sc->enabled to see if SSL is enabled.
Don't depend on the fact that TRUE == 1
- Remove some dead code
- Minor update to the buffer code that buffers POST data during a
renegotation
- Optimize setting environment variables by using a switch statement.
Index: mod_nss.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/mod_nss.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- mod_nss.c 20 Oct 2006 15:23:39 -0000 1.15
+++ mod_nss.c 31 May 2007 21:36:03 -0000 1.16
@@ -206,7 +206,7 @@
SSLConnRec *sslconn;
- if (!sc->enabled) {
+ if (sc->enabled == FALSE) {
return 0;
}
Index: mod_nss.h
===================================================================
RCS file: /cvs/dirsec/mod_nss/mod_nss.h,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- mod_nss.h 20 Oct 2006 15:23:39 -0000 1.17
+++ mod_nss.h 31 May 2007 21:36:03 -0000 1.18
@@ -446,9 +446,6 @@
/* Utility Functions */
char *nss_util_vhostid(apr_pool_t *, server_rec *);
-void nss_util_strupper(char *);
-void nss_util_uuencode(char *, const char *, BOOL);
-void nss_util_uuencode_binary(unsigned char *, const unsigned char *, int, BOOL);
apr_file_t *nss_util_ppopen(server_rec *, apr_pool_t *, const char *,
const char * const *);
void nss_util_ppclose(server_rec *, apr_pool_t *, apr_file_t *);
Index: nss_engine_init.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/nss_engine_init.c,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- nss_engine_init.c 1 Feb 2007 14:06:56 -0000 1.28
+++ nss_engine_init.c 31 May 2007 21:36:03 -0000 1.29
@@ -1036,13 +1036,13 @@
apr_pool_t *ptemp,
SSLSrvConfigRec *sc)
{
- if (sc->enabled) {
+ if (sc->enabled == TRUE) {
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Configuring server for SSL protocol");
nss_init_server_ctx(s, p, ptemp, sc);
}
- if (sc->proxy_enabled) {
+ if (sc->proxy_enabled == TRUE) {
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Enabling proxy.");
nss_init_proxy_ctx(s, p, ptemp, sc);
@@ -1070,7 +1070,7 @@
for (s = base_server; s; s = s->next) {
sc = mySrvConfig(s);
- if (sc->enabled) {
+ if (sc->enabled == TRUE) {
if (sc->server->nickname) {
CERT_DestroyCertificate(sc->server->servercert);
SECKEY_DestroyPrivateKey(sc->server->serverkey);
Index: nss_engine_io.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/nss_engine_io.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- nss_engine_io.c 9 Aug 2006 20:11:45 -0000 1.7
+++ nss_engine_io.c 31 May 2007 21:36:03 -0000 1.8
@@ -578,8 +578,7 @@
switch (status) {
case HTTP_BAD_REQUEST:
/* log the situation */
- ap_log_error(APLOG_MARK, APLOG_INFO, 0,
- f->c->base_server,
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, f->c->base_server,
"SSL handshake failed: HTTP spoken on HTTPS port; "
"trying to send HTML error page");
@@ -924,6 +923,7 @@
struct modnss_buffer_ctx {
apr_bucket_brigade *bb;
+ apr_pool_t *pool;
};
int nss_io_buffer_fill(request_rec *r)
@@ -936,7 +936,8 @@
/* Create the context which will be passed to the input filter. */
ctx = apr_palloc(r->pool, sizeof *ctx);
- ctx->bb = apr_brigade_create(r->pool, c->bucket_alloc);
+ apr_pool_create(&ctx->pool, r->pool);
+ ctx->bb = apr_brigade_create(ctx->pool, c->bucket_alloc);
/* ... and a temporary brigade. */
tempb = apr_brigade_create(r->pool, c->bucket_alloc);
@@ -981,7 +982,7 @@
total += len;
}
- rv = apr_bucket_setaside(e, r->pool);
+ rv = apr_bucket_setaside(e, ctx->pool);
if (rv != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"could not setaside bucket for SSL buffer");
@@ -1059,6 +1060,9 @@
* the APR_BRIGADE_* macros. */
APR_RING_UNSPLICE(d, e, link);
APR_RING_SPLICE_HEAD(&bb->list, d, e, apr_bucket, link);
+
+ APR_BRIGADE_CHECK_CONSISTENCY(bb);
+ APR_BRIGADE_CHECK_CONSISTENCY(ctx->bb);
}
}
else {
Index: nss_engine_kernel.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/nss_engine_kernel.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- nss_engine_kernel.c 9 Aug 2006 20:32:47 -0000 1.9
+++ nss_engine_kernel.c 31 May 2007 21:36:03 -0000 1.10
@@ -130,7 +130,7 @@
* no further access control checks are relevant. The test for
* sc->enabled is probably strictly unnecessary
*/
- if (!(sc->enabled || !ssl)) {
+ if (!((sc->enabled == TRUE) || !ssl)) {
return DECLINED;
}
@@ -619,7 +619,7 @@
* - ssl not enabled
* - client did not present a certificate
*/
- if (!(sc->enabled && sslconn && sslconn->ssl && sslconn->client_cert) ||
+ if (!((sc->enabled == TRUE) && sslconn && sslconn->ssl && sslconn->client_cert) ||
!(dc->nOptions & SSL_OPT_FAKEBASICAUTH) || r->user)
{
return DECLINED;
@@ -781,7 +781,7 @@
/*
* Check to see if SSL is on
*/
- if (!(sc->enabled && sslconn && (ssl = sslconn->ssl))) {
+ if (!((sc->enabled == TRUE) && sslconn && (ssl = sslconn->ssl))) {
return DECLINED;
}
Index: nss_engine_vars.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/nss_engine_vars.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- nss_engine_vars.c 9 Aug 2006 19:31:18 -0000 1.8
+++ nss_engine_vars.c 31 May 2007 21:36:03 -0000 1.9
@@ -80,59 +80,82 @@
* Request dependent stuff
*/
if (r != NULL) {
- if (strcEQ(var, "HTTP_USER_AGENT"))
- result = nss_var_lookup_header(p, r, "User-Agent");
- else if (strcEQ(var, "HTTP_REFERER"))
- result = nss_var_lookup_header(p, r, "Referer");
- else if (strcEQ(var, "HTTP_COOKIE"))
- result = nss_var_lookup_header(p, r, "Cookie");
- else if (strcEQ(var, "HTTP_FORWARDED"))
- result = nss_var_lookup_header(p, r, "Forwarded");
- else if (strcEQ(var, "HTTP_HOST"))
- result = nss_var_lookup_header(p, r, "Host");
- else if (strcEQ(var, "HTTP_PROXY_CONNECTION"))
- result = nss_var_lookup_header(p, r, "Proxy-Connection");
- else if (strcEQ(var, "HTTP_ACCEPT"))
- result = nss_var_lookup_header(p, r, "Accept");
- else if (strlen(var) > 5 && strcEQn(var, "HTTP:", 5))
- /* all other headers from which we are still not know about */
- result = nss_var_lookup_header(p, r, var+5);
- else if (strcEQ(var, "THE_REQUEST"))
- result = r->the_request;
- else if (strcEQ(var, "REQUEST_METHOD"))
- result = (char *)(r->method);
- else if (strcEQ(var, "REQUEST_SCHEME"))
+ switch (var[0]) {
+ case 'H':
+ case 'h':
+ if (strcEQ(var, "HTTP_USER_AGENT"))
+ result = nss_var_lookup_header(p, r, "User-Agent");
+ else if (strcEQ(var, "HTTP_REFERER"))
+ result = nss_var_lookup_header(p, r, "Referer");
+ else if (strcEQ(var, "HTTP_COOKIE"))
+ result = nss_var_lookup_header(p, r, "Cookie");
+ else if (strcEQ(var, "HTTP_FORWARDED"))
+ result = nss_var_lookup_header(p, r, "Forwarded");
+ else if (strcEQ(var, "HTTP_HOST"))
+ result = nss_var_lookup_header(p, r, "Host");
+ else if (strcEQ(var, "HTTP_PROXY_CONNECTION"))
+ result = nss_var_lookup_header(p, r, "Proxy-Connection");
+ else if (strcEQ(var, "HTTP_ACCEPT"))
+ result = nss_var_lookup_header(p, r, "Accept");
+ else if (strlen(var) > 5 && strcEQn(var, "HTTP:", 5))
+ /* all other headers from which we are still not know about */
+ result = nss_var_lookup_header(p, r, var+5);
+ break;
+
+ case 'R':
+ case 'r':
+ if (strcEQ(var, "REQUEST_METHOD"))
+ result = (char *)(r->method);
+ else if (strcEQ(var, "REQUEST_SCHEME"))
#if AP_SERVER_MINORVERSION_NUMBER < 2 /* See comment in mod_nss.h */
- result = (char *)ap_http_method(r);
+ result = (char *)ap_http_method(r);
#else
- result = (char *)ap_http_scheme(r);
+ result = (char *)ap_http_scheme(r);
#endif
- else if (strcEQ(var, "REQUEST_URI"))
- result = r->uri;
- else if (strcEQ(var, "SCRIPT_FILENAME") ||
- strcEQ(var, "REQUEST_FILENAME"))
- result = r->filename;
- else if (strcEQ(var, "PATH_INFO"))
- result = r->path_info;
- else if (strcEQ(var, "QUERY_STRING"))
- result = r->args;
- else if (strcEQ(var, "REMOTE_HOST"))
- result = (char *)ap_get_remote_host(r->connection,
+ else if (strcEQ(var, "REQUEST_URI"))
+ result = r->uri;
+ else if (strcEQ(var, "REQUEST_FILENAME"))
+ result = r->filename;
+ else if (strcEQ(var, "REMOTE_HOST"))
+ result = (char *)ap_get_remote_host(r->connection,
r->per_dir_config, REMOTE_NAME, NULL);
- else if (strcEQ(var, "REMOTE_IDENT"))
- result = (char *)ap_get_remote_logname(r);
- else if (strcEQ(var, "IS_SUBREQ"))
- result = (r->main != NULL ? "true" : "false");
- else if (strcEQ(var, "DOCUMENT_ROOT"))
- result = (char *)ap_document_root(r);
- else if (strcEQ(var, "SERVER_ADMIN"))
- result = r->server->server_admin;
- else if (strcEQ(var, "SERVER_NAME"))
- result = (char *)ap_get_server_name(r);
- else if (strcEQ(var, "SERVER_PORT"))
- result = apr_psprintf(p, "%u", ap_get_server_port(r));
- else if (strcEQ(var, "SERVER_PROTOCOL"))
- result = r->protocol;
+ else if (strcEQ(var, "REMOTE_IDENT"))
+ result = (char *)ap_get_remote_logname(r);
+ else if (strcEQ(var, "REMOTE_USER"))
+ result = r->user;
+ break;
+
+ case 'S':
+ case 's':
+ if (strcEQn(var, "SSL", 3)) break; /* shortcut common case */
+
+ if (strcEQ(var, "SERVER_ADMIN"))
+ result = r->server->server_admin;
+ else if (strcEQ(var, "SERVER_NAME"))
+ result = (char *)ap_get_server_name(r);
+ else if (strcEQ(var, "SERVER_PORT"))
+ result = apr_psprintf(p, "%u", ap_get_server_port(r));
+ else if (strcEQ(var, "SERVER_PROTOCOL"))
+ result = r->protocol;
+ else if (strcEQ(var, "SCRIPT_FILENAME"))
+ result = r->filename;
+ break;
+
+ default:
+ if (strcEQ(var, "PATH_INFO"))
+ result = r->path_info;
+ else if (strcEQ(var, "QUERY_STRING"))
+ result = r->args;
+ else if (strcEQ(var, "IS_SUBREQ"))
+ result = (r->main != NULL ? "true" : "false");
+ else if (strcEQ(var, "DOCUMENT_ROOT"))
+ result = (char *)ap_document_root(r);
+ else if (strcEQ(var, "AUTH_TYPE"))
+ result = r->ap_auth_type;
+ if (strcEQ(var, "THE_REQUEST"))
+ result = r->the_request;
+ break;
+ }
}
/*
@@ -140,15 +163,11 @@
*/
if (result == NULL && c != NULL) {
SSLConnRec *sslconn = myConnConfig(c);
- if (strcEQ(var, "REMOTE_ADDR"))
- result = c->remote_ip;
- else if (strcEQ(var, "REMOTE_USER"))
- result = r->user;
- else if (strcEQ(var, "AUTH_TYPE"))
- result = r->ap_auth_type;
- else if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
+ if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
&& sslconn && sslconn->ssl)
result = nss_var_lookup_ssl(p, c, var+4);
+ else if (strcEQ(var, "REMOTE_ADDR"))
+ result = c->remote_ip;
else if (strcEQ(var, "HTTPS")) {
if (sslconn && sslconn->ssl)
result = "on";
Index: nss_util.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/nss_util.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- nss_util.c 31 May 2005 14:32:42 -0000 1.2
+++ nss_util.c 31 May 2007 21:36:03 -0000 1.3
@@ -36,7 +36,7 @@
port = s->port;
else {
sc = mySrvConfig(s);
- if (sc->enabled)
+ if (sc->enabled == TRUE)
port = DEFAULT_HTTPS_PORT;
else
port = DEFAULT_HTTP_PORT;
@@ -45,52 +45,6 @@
return id;
}
-void nss_util_strupper(char *s)
-{
- for (; *s; ++s)
- *s = apr_toupper(*s);
- return;
-}
-
-static const char nss_util_uuencode_six2pr[64+1] =
- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
-void nss_util_uuencode(char *szTo, const char *szFrom, BOOL bPad)
-{
- nss_util_uuencode_binary((unsigned char *)szTo,
- (const unsigned char *)szFrom,
- strlen(szFrom), bPad);
-}
-
-void nss_util_uuencode_binary(unsigned char *szTo,
- const unsigned char *szFrom,
- int nLength, BOOL bPad)
-{
- const unsigned char *s;
- int nPad = 0;
-
- for (s = szFrom; nLength > 0; s += 3) {
- *szTo++ = nss_util_uuencode_six2pr[s[0] >> 2];
- *szTo++ = nss_util_uuencode_six2pr[(s[0] << 4 | s[1] >> 4) & 0x3f];
- if (--nLength == 0) {
- nPad = 2;
- break;
- }
- *szTo++ = nss_util_uuencode_six2pr[(s[1] << 2 | s[2] >> 6) & 0x3f];
- if (--nLength == 0) {
- nPad = 1;
- break;
- }
- *szTo++ = nss_util_uuencode_six2pr[s[2] & 0x3f];
- --nLength;
- }
- while(bPad && nPad--) {
- *szTo++ = NUL;
- }
- *szTo = NUL;
- return;
-}
-
apr_file_t *nss_util_ppopen(server_rec *s, apr_pool_t *p, const char *cmd,
const char * const *argv)
{
- Previous message: [Fedora-directory-commits] adminutil Makefile.am, 1.3, 1.4 Makefile.in, 1.4, 1.5 adminutil.spec, 1.5, 1.6 configure, 1.4, 1.5 configure.ac, 1.3, 1.4 aclocal.m4, 1.4, 1.5 missing, 1.3, 1.4 install-sh, 1.3, 1.4 depcomp, 1.3, 1.4 config.guess, 1.3, 1.4 compile, 1.3, 1.4 config.sub, 1.3, 1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the 389-commits
mailing list