Fri, 30 Dec 2016 14:15:52 +0100
many fixes
fixes pathcheck with more than one saf
fixes log config
acl_evaluate sets auth vars now
fixes session ssl flag
cgi sets https env
require_access saf fix
--- a/src/server/config/keyfile.c Thu Dec 29 10:15:43 2016 +0100 +++ b/src/server/config/keyfile.c Fri Dec 30 14:15:52 2016 +0100 @@ -57,7 +57,7 @@ void free_keyfile_config(KeyfileConfig *conf) { if(conf->users) { - ucx_list_free(conf->users); + ucx_list_free_a(conf->parser.mp, conf->users); } ucx_mempool_destroy(conf->parser.mp->pool); free(conf); @@ -120,13 +120,15 @@ sstr_t groups_str = sstrtrim(tk[2]); ssize_t ngroups = 0; sstr_t *groups = sstrsplit(groups_str, sstrn(",", 1), &ngroups); - entry->groups = mp->calloc(mp->pool, ngroups, sizeof(sstr_t)); - entry->numgroups = ngroups; - for(int i=0;i<ngroups;i++) { - entry->groups[i] = sstrdup_a(mp, sstrtrim(groups[i])); - free(groups[i].ptr); + if(ngroups > 0) { + entry->groups = mp->calloc(mp->pool, ngroups, sizeof(sstr_t)); + entry->numgroups = ngroups; + for(int i=0;i<ngroups;i++) { + entry->groups[i] = sstrdup_a(mp, sstrtrim(groups[i])); + free(groups[i].ptr); + } + free(groups); } - free(groups); } // add user
--- a/src/server/daemon/acl.c Thu Dec 29 10:15:43 2016 +0100 +++ b/src/server/daemon/acl.c Fri Dec 30 14:15:52 2016 +0100 @@ -32,10 +32,13 @@ #include "../util/util.h" #include "../util/pool.h" +#include "../util/pblock.h" #include "../safs/auth.h" #include "log.h" #include "acl.h" +#define AUTH_TYPE_BASIC "basic" + void acllist_createhandle(Session *sn, Request *rq) { ACLListHandle *handle = pool_malloc(sn->pool, sizeof(ACLListHandle)); handle->defaultauthdb = NULL; @@ -114,6 +117,16 @@ return NULL; } // ok - user is authenticated + pblock_kvinsert( + pb_key_auth_user, + user->name, + strlen(user->name), + rq->vars); + pblock_kvinsert( + pb_key_auth_type, + AUTH_TYPE_BASIC, + sizeof(AUTH_TYPE_BASIC)-1, + rq->vars); } }
--- a/src/server/daemon/httprequest.c Thu Dec 29 10:15:43 2016 +0100 +++ b/src/server/daemon/httprequest.c Fri Dec 30 14:15:52 2016 +0100 @@ -98,10 +98,12 @@ if(sn == NULL) { /* TODO: error */ } + ZERO(sn, sizeof(NSAPISession)); NSAPIRequest *rq = pool_malloc(pool, sizeof(NSAPIRequest)); if(rq == NULL) { /* TODO: error */ } + ZERO(rq, sizeof(NSAPIRequest)); rq->rq.req_start = request->req_start; rq->phase = NSAPIAuthTrans; @@ -114,6 +116,7 @@ IOStream *io; if(request->connection->ssl) { io = sslstream_new(pool, request->connection->ssl); + sn->sn.ssl = 1; } else { io = sysstream_new(pool, request->connection->fd); } @@ -677,7 +680,7 @@ // execute directives for(int j=NCX_DI(rq);j<dt->ndir;j++) { - if(ret == REQ_NOACTION || REQ_PROCEED) { + if(ret == REQ_NOACTION || ret == REQ_PROCEED) { directive *d = dt->dirs[j]; ret = nsapi_exec(d, sn, rq); } else {
--- a/src/server/daemon/log.c Thu Dec 29 10:15:43 2016 +0100 +++ b/src/server/daemon/log.c Fri Dec 30 14:15:52 2016 +0100 @@ -116,6 +116,8 @@ can_log[LOG_INFORM] = 0; } else if(!strcmp(cfg->level, "INFO")) { + } else if(!strcmp(cfg->level, "VERBOSE")) { + can_log[LOG_VERBOSE] = 1; } if(cfg->log_stdout) {
--- a/src/server/daemon/protocol.c Thu Dec 29 10:15:43 2016 +0100 +++ b/src/server/daemon/protocol.c Fri Dec 30 14:15:52 2016 +0100 @@ -371,7 +371,7 @@ // flush buffer to the socket conn->write(conn, out->ptr, out->length); sbuf_free(out); - + rq->senthdrs = 1; return 0;
--- a/src/server/daemon/sessionhandler.c Thu Dec 29 10:15:43 2016 +0100 +++ b/src/server/daemon/sessionhandler.c Fri Dec 30 14:15:52 2016 +0100 @@ -61,6 +61,13 @@ int ret = SSL_read(conn->ssl, buf, len); if(ret <= 0) { conn->ssl_error = SSL_get_error(conn->ssl, ret); + if(conn->ssl_error == SSL_ERROR_SYSCALL) { + log_ereport( + LOG_VERBOSE, + "Connection: %d: SSL_read failed: %s", + (int)conn, + strerror(errno)); + } } return ret; } @@ -69,6 +76,13 @@ int ret = SSL_write(conn->ssl, buf, len); if(ret <= 0) { conn->ssl_error = SSL_get_error(conn->ssl, ret); + if(conn->ssl_error == SSL_ERROR_SYSCALL) { + log_ereport( + LOG_VERBOSE, + "Connection: %d: SSL_write failed: %s", + (int)conn, + strerror(errno)); + } } return ret; }
--- a/src/server/safs/cgiutils.c Thu Dec 29 10:15:43 2016 +0100 +++ b/src/server/safs/cgiutils.c Fri Dec 30 14:15:52 2016 +0100 @@ -349,6 +349,10 @@ } } + if(sn->ssl) { + env[x++] = util_env_str("HTTPS", "ON"); + } + #if 0 if (GetSecurity(sn)) { env[x++] = util_env_str("HTTPS", "ON");
--- a/src/server/safs/pathcheck.c Thu Dec 29 10:15:43 2016 +0100 +++ b/src/server/safs/pathcheck.c Fri Dec 30 14:15:52 2016 +0100 @@ -56,7 +56,7 @@ } int require_access(pblock *pb, Session *sn, Request *rq) { - char *mask_str = pblock_findval("mask", rq->vars); + char *mask_str = pblock_findval("mask", pb); if(!mask_str) { log_ereport(LOG_MISCONFIG, "require-access: missing mask parameter"); protocol_status(sn, rq, 500, NULL);