many fixes

Fri, 30 Dec 2016 14:15:52 +0100

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Fri, 30 Dec 2016 14:15:52 +0100
changeset 141
ff311b63c3af
parent 140
93247a579184
child 142
55298bc9ed28

many fixes

fixes pathcheck with more than one saf
fixes log config
acl_evaluate sets auth vars now
fixes session ssl flag
cgi sets https env
require_access saf fix

src/server/config/keyfile.c file | annotate | diff | comparison | revisions
src/server/daemon/acl.c file | annotate | diff | comparison | revisions
src/server/daemon/httprequest.c file | annotate | diff | comparison | revisions
src/server/daemon/log.c file | annotate | diff | comparison | revisions
src/server/daemon/protocol.c file | annotate | diff | comparison | revisions
src/server/daemon/sessionhandler.c file | annotate | diff | comparison | revisions
src/server/safs/cgiutils.c file | annotate | diff | comparison | revisions
src/server/safs/pathcheck.c file | annotate | diff | comparison | revisions
--- a/src/server/config/keyfile.c	Thu Dec 29 10:15:43 2016 +0100
+++ b/src/server/config/keyfile.c	Fri Dec 30 14:15:52 2016 +0100
@@ -57,7 +57,7 @@
 
 void free_keyfile_config(KeyfileConfig *conf) {
     if(conf->users) {
-        ucx_list_free(conf->users);
+        ucx_list_free_a(conf->parser.mp, conf->users);
     }
     ucx_mempool_destroy(conf->parser.mp->pool);
     free(conf);
@@ -120,13 +120,15 @@
         sstr_t groups_str = sstrtrim(tk[2]);
         ssize_t ngroups = 0;
         sstr_t *groups = sstrsplit(groups_str, sstrn(",", 1), &ngroups);
-        entry->groups = mp->calloc(mp->pool, ngroups, sizeof(sstr_t));
-        entry->numgroups = ngroups;
-        for(int i=0;i<ngroups;i++) {
-            entry->groups[i] = sstrdup_a(mp, sstrtrim(groups[i]));
-            free(groups[i].ptr);
+        if(ngroups > 0) {
+            entry->groups = mp->calloc(mp->pool, ngroups, sizeof(sstr_t));
+            entry->numgroups = ngroups;
+            for(int i=0;i<ngroups;i++) {
+                entry->groups[i] = sstrdup_a(mp, sstrtrim(groups[i]));
+                free(groups[i].ptr);
+            }
+            free(groups);
         }
-        free(groups);
     }
     
     // add user
--- a/src/server/daemon/acl.c	Thu Dec 29 10:15:43 2016 +0100
+++ b/src/server/daemon/acl.c	Fri Dec 30 14:15:52 2016 +0100
@@ -32,10 +32,13 @@
 
 #include "../util/util.h"
 #include "../util/pool.h"
+#include "../util/pblock.h"
 #include "../safs/auth.h"
 #include "log.h"
 #include "acl.h"
 
+#define AUTH_TYPE_BASIC "basic"
+
 void acllist_createhandle(Session *sn, Request *rq) {
     ACLListHandle *handle = pool_malloc(sn->pool, sizeof(ACLListHandle));
     handle->defaultauthdb = NULL;
@@ -114,6 +117,16 @@
                 return NULL;
             }
             // ok - user is authenticated
+            pblock_kvinsert(
+                    pb_key_auth_user,
+                    user->name,
+                    strlen(user->name),
+                    rq->vars);
+            pblock_kvinsert(
+                    pb_key_auth_type,
+                    AUTH_TYPE_BASIC,
+                    sizeof(AUTH_TYPE_BASIC)-1,
+                    rq->vars);
         }
     }
     
--- a/src/server/daemon/httprequest.c	Thu Dec 29 10:15:43 2016 +0100
+++ b/src/server/daemon/httprequest.c	Fri Dec 30 14:15:52 2016 +0100
@@ -98,10 +98,12 @@
     if(sn == NULL) {
         /* TODO: error */
     }
+    ZERO(sn, sizeof(NSAPISession));
     NSAPIRequest *rq = pool_malloc(pool, sizeof(NSAPIRequest));
     if(rq == NULL) {
         /* TODO: error */
     }
+    ZERO(rq, sizeof(NSAPIRequest));
     rq->rq.req_start = request->req_start;
     rq->phase = NSAPIAuthTrans;
 
@@ -114,6 +116,7 @@
     IOStream *io;
     if(request->connection->ssl) {
         io = sslstream_new(pool, request->connection->ssl);
+        sn->sn.ssl = 1;
     } else {
         io = sysstream_new(pool, request->connection->fd);
     }
@@ -677,7 +680,7 @@
 
         // execute directives
         for(int j=NCX_DI(rq);j<dt->ndir;j++) {
-            if(ret == REQ_NOACTION || REQ_PROCEED) {
+            if(ret == REQ_NOACTION || ret == REQ_PROCEED) {
                 directive *d = dt->dirs[j];
                 ret = nsapi_exec(d, sn, rq);
             } else {
--- a/src/server/daemon/log.c	Thu Dec 29 10:15:43 2016 +0100
+++ b/src/server/daemon/log.c	Fri Dec 30 14:15:52 2016 +0100
@@ -116,6 +116,8 @@
         can_log[LOG_INFORM] = 0;
     } else if(!strcmp(cfg->level, "INFO")) {
         
+    } else if(!strcmp(cfg->level, "VERBOSE")) {
+        can_log[LOG_VERBOSE] = 1;
     }
     
     if(cfg->log_stdout) {
--- a/src/server/daemon/protocol.c	Thu Dec 29 10:15:43 2016 +0100
+++ b/src/server/daemon/protocol.c	Fri Dec 30 14:15:52 2016 +0100
@@ -371,7 +371,7 @@
     // flush buffer to the socket
     conn->write(conn, out->ptr, out->length);
     sbuf_free(out);
-    
+     
     rq->senthdrs = 1;
     
     return 0;
--- a/src/server/daemon/sessionhandler.c	Thu Dec 29 10:15:43 2016 +0100
+++ b/src/server/daemon/sessionhandler.c	Fri Dec 30 14:15:52 2016 +0100
@@ -61,6 +61,13 @@
     int ret = SSL_read(conn->ssl, buf, len);
     if(ret <= 0) {
         conn->ssl_error = SSL_get_error(conn->ssl, ret);
+        if(conn->ssl_error == SSL_ERROR_SYSCALL) {
+            log_ereport(
+                    LOG_VERBOSE,
+                    "Connection: %d: SSL_read failed: %s",
+                    (int)conn,
+                    strerror(errno));
+        }
     }
     return ret;
 }
@@ -69,6 +76,13 @@
     int ret = SSL_write(conn->ssl, buf, len);
     if(ret <= 0) {
         conn->ssl_error = SSL_get_error(conn->ssl, ret);
+        if(conn->ssl_error == SSL_ERROR_SYSCALL) {
+            log_ereport(
+                    LOG_VERBOSE,
+                    "Connection: %d: SSL_write failed: %s",
+                    (int)conn,
+                    strerror(errno));
+        }
     }
     return ret;
 }
--- a/src/server/safs/cgiutils.c	Thu Dec 29 10:15:43 2016 +0100
+++ b/src/server/safs/cgiutils.c	Fri Dec 30 14:15:52 2016 +0100
@@ -349,6 +349,10 @@
         }
     }
 
+    if(sn->ssl) {
+        env[x++] = util_env_str("HTTPS", "ON");
+    }
+    
 #if 0
     if (GetSecurity(sn)) {
         env[x++] = util_env_str("HTTPS", "ON");
--- a/src/server/safs/pathcheck.c	Thu Dec 29 10:15:43 2016 +0100
+++ b/src/server/safs/pathcheck.c	Fri Dec 30 14:15:52 2016 +0100
@@ -56,7 +56,7 @@
 }
 
 int require_access(pblock *pb, Session *sn, Request *rq) {
-    char *mask_str = pblock_findval("mask", rq->vars);
+    char *mask_str = pblock_findval("mask", pb);
     if(!mask_str) {
         log_ereport(LOG_MISCONFIG, "require-access: missing mask parameter");
         protocol_status(sn, rq, 500, NULL);

mercurial