int config_parse_file(server *srv, config_t *context, const char *fn) {
tokenizer_t t;
stream s;
int ret;
buffer *filename;
if (buffer_is_empty(context->basedir) ||
(fn[0] == '/' || fn[0] == '\\') ||
(fn[0] == '.' && (fn[1] == '/' || fn[1] == '\\'))) {
filename = buffer_init_string(fn);
} else {
filename = buffer_init_buffer(context->basedir);
buffer_append_string(filename, fn);
}
if (0 != stream_open(&s, filename)) {
if (s.size == 0) {
/* the file was empty, nothing to parse */
ret = 0;
} else {
log_error_write(srv, __FILE__, __LINE__, "sbss",
"opening configfile ", filename, "failed:", strerror(errno));
ret = -1;
}
} else {
tokenizer_init(&t, filename, s.start, s.size);
ret = config_parse(srv, context, &t);
}
stream_close(&s);
buffer_free(filename);
return ret;
}
static int tokenizer_open(server *srv, tokenizer_t *t, buffer *basedir, const char *fn) {
if (buffer_is_empty(basedir) ||
(fn[0] == '/' || fn[0] == '\\') ||
(fn[0] == '.' && (fn[1] == '/' || fn[1] == '\\'))) {
t->file = buffer_init_string(fn);
} else {
t->file = buffer_init_buffer(basedir);
buffer_append_string(t->file, fn);
}
if (0 != stream_open(&(t->s), t->file)) {
log_error_write(srv, __FILE__, __LINE__, "sbss",
"opening configfile ", t->file, "failed:", strerror(errno));
buffer_free(t->file);
return -1;
}
t->input = t->s.start;
t->offset = 0;
t->size = t->s.size;
t->line = 1;
t->line_pos = 1;
t->in_key = 1;
t->in_brace = 0;
t->in_cond = 0;
return 0;
}
void mod_lisp_init_socket_pool (server *srv, plugin_data *p)
{
unsigned short size, i;
fd_data *ff;
UNUSED (srv);
if (! p->LispSocketPool) {
size = p->conf.LispSocketPoolSize;
p->LispSocketPoolSize = size;
p->LispSocketPool = calloc(size, sizeof(fd_data));
for (ff = p->LispSocketPool, i = 0; i < size; ++i, ++ff) {
ff->fd = -1;
ff->fde_ndx = -1;
ff->state = 0;
ff->ip = buffer_init_buffer(p->conf.LispServerIP);
ff->id = buffer_init_buffer(p->conf.LispServerId);
ff->port = p->conf.LispServerPort;
}
p->LispSocketPoolUsed = 0;
}
}
static void connection_handle_errdoc_init(server *srv, connection *con) {
/* modules that produce headers required with error response should
* typically also produce an error document. Make an exception for
* mod_auth WWW-Authenticate response header. */
buffer *www_auth = NULL;
if (401 == con->http_status) {
data_string *ds = (data_string *)array_get_element(con->response.headers, "WWW-Authenticate");
if (NULL != ds) {
www_auth = buffer_init_buffer(ds->value);
}
}
con->response.transfer_encoding = 0;
buffer_reset(con->physical.path);
array_reset(con->response.headers);
chunkqueue_reset(con->write_queue);
if (NULL != www_auth) {
response_header_insert(srv, con, CONST_STR_LEN("WWW-Authenticate"), CONST_BUF_LEN(www_auth));
buffer_free(www_auth);
}
}
/*
** Perform a reduce action and the shift that must immediately
** follow the reduce.
*/
static void yy_reduce(
yyParser *yypParser, /* The parser */
int yyruleno /* Number of the rule by which to reduce */
){
int yygoto; /* The next state */
int yyact; /* The next action */
YYMINORTYPE yygotominor; /* The LHS of the rule reduced */
yyStackEntry *yymsp; /* The top of the parser's stack */
int yysize; /* Amount to pop the stack */
configparserARG_FETCH;
yymsp = &yypParser->yystack[yypParser->yyidx];
#ifndef NDEBUG
if( yyTraceFILE && yyruleno>=0
&& yyruleno<sizeof(yyRuleName)/sizeof(yyRuleName[0]) ){
fprintf(yyTraceFILE, "%sReduce [%s].\n", yyTracePrompt,
yyRuleName[yyruleno]);
}
#endif /* NDEBUG */
switch( yyruleno ){
/* Beginning here are the reduction cases. A typical example
** follows:
** case 0:
** #line <lineno> <grammarfile>
** { ... } // User supplied code
** #line <lineno> <thisfile>
** break;
*/
case 0:
/* No destructor defined for metalines */
break;
case 1:
/* No destructor defined for metalines */
/* No destructor defined for metaline */
break;
case 2:
break;
case 3:
/* No destructor defined for varline */
break;
case 4:
/* No destructor defined for global */
break;
case 5:
#line 115 "./configparser.y"
{ yymsp[-1].minor.yy78 = NULL; }
#line 822 "configparser.c"
yy_destructor(1,&yymsp[0].minor);
break;
case 6:
/* No destructor defined for include */
break;
case 7:
/* No destructor defined for include_shell */
break;
case 8:
yy_destructor(1,&yymsp[0].minor);
break;
case 9:
#line 144 "./configparser.y"
{
if (ctx->ok) {
buffer_copy_string_buffer(yymsp[0].minor.yy41->key, yymsp[-2].minor.yy43);
if (strncmp(yymsp[-2].minor.yy43->ptr, "env.", sizeof("env.") - 1) == 0) {
fprintf(stderr, "Setting env variable is not supported in conditional %d %s: %s\n",
ctx->current->context_ndx,
ctx->current->key->ptr, yymsp[-2].minor.yy43->ptr);
ctx->ok = 0;
} else if (NULL == array_get_element(ctx->current->value, yymsp[0].minor.yy41->key->ptr)) {
array_insert_unique(ctx->current->value, yymsp[0].minor.yy41);
yymsp[0].minor.yy41 = NULL;
} else {
fprintf(stderr, "Duplicate config variable in conditional %d %s: %s\n",
ctx->current->context_ndx,
ctx->current->key->ptr, yymsp[0].minor.yy41->key->ptr);
ctx->ok = 0;
yymsp[0].minor.yy41->free(yymsp[0].minor.yy41);
yymsp[0].minor.yy41 = NULL;
}
}
buffer_free(yymsp[-2].minor.yy43);
yymsp[-2].minor.yy43 = NULL;
}
#line 859 "configparser.c"
yy_destructor(2,&yymsp[-1].minor);
break;
case 10:
#line 168 "./configparser.y"
{
array *vars = ctx->current->value;
data_unset *du;
if (strncmp(yymsp[-2].minor.yy43->ptr, "env.", sizeof("env.") - 1) == 0) {
fprintf(stderr, "Appending env variable is not supported in conditional %d %s: %s\n",
ctx->current->context_ndx,
ctx->current->key->ptr, yymsp[-2].minor.yy43->ptr);
ctx->ok = 0;
} else if (NULL != (du = array_get_element(vars, yymsp[-2].minor.yy43->ptr))) {
/* exists in current block */
du = configparser_merge_data(du, yymsp[0].minor.yy41);
if (NULL == du) {
ctx->ok = 0;
}
else {
buffer_copy_string_buffer(du->key, yymsp[-2].minor.yy43);
array_replace(vars, du);
}
yymsp[0].minor.yy41->free(yymsp[0].minor.yy41);
} else if (NULL != (du = configparser_get_variable(ctx, yymsp[-2].minor.yy43))) {
du = configparser_merge_data(du, yymsp[0].minor.yy41);
if (NULL == du) {
ctx->ok = 0;
du->free(du);
}
else {
buffer_copy_string_buffer(du->key, yymsp[-2].minor.yy43);
array_insert_unique(ctx->current->value, du);
}
yymsp[0].minor.yy41->free(yymsp[0].minor.yy41);
} else {
buffer_copy_string_buffer(yymsp[0].minor.yy41->key, yymsp[-2].minor.yy43);
array_insert_unique(ctx->current->value, yymsp[0].minor.yy41);
}
buffer_free(yymsp[-2].minor.yy43);
yymsp[-2].minor.yy43 = NULL;
yymsp[0].minor.yy41 = NULL;
}
#line 903 "configparser.c"
yy_destructor(3,&yymsp[-1].minor);
break;
case 11:
#line 208 "./configparser.y"
{
if (strchr(yymsp[0].minor.yy0->ptr, '.') == NULL) {
yygotominor.yy43 = buffer_init_string("var.");
buffer_append_string_buffer(yygotominor.yy43, yymsp[0].minor.yy0);
buffer_free(yymsp[0].minor.yy0);
yymsp[0].minor.yy0 = NULL;
} else {
yygotominor.yy43 = yymsp[0].minor.yy0;
yymsp[0].minor.yy0 = NULL;
}
}
#line 919 "configparser.c"
break;
case 12:
#line 220 "./configparser.y"
{
yygotominor.yy41 = configparser_merge_data(yymsp[-2].minor.yy41, yymsp[0].minor.yy41);
if (NULL == yygotominor.yy41) {
ctx->ok = 0;
}
yymsp[-2].minor.yy41 = NULL;
yymsp[0].minor.yy41->free(yymsp[0].minor.yy41);
yymsp[0].minor.yy41 = NULL;
}
#line 932 "configparser.c"
yy_destructor(5,&yymsp[-1].minor);
break;
case 13:
#line 230 "./configparser.y"
{
yygotominor.yy41 = yymsp[0].minor.yy41;
yymsp[0].minor.yy41 = NULL;
}
#line 941 "configparser.c"
break;
case 14:
#line 235 "./configparser.y"
{
yygotominor.yy41 = NULL;
if (strncmp(yymsp[0].minor.yy43->ptr, "env.", sizeof("env.") - 1) == 0) {
char *env;
if (NULL != (env = getenv(yymsp[0].minor.yy43->ptr + 4))) {
data_string *ds;
ds = data_string_init();
buffer_append_string(ds->value, env);
yygotominor.yy41 = (data_unset *)ds;
}
else {
fprintf(stderr, "Undefined env variable: %s\n", yymsp[0].minor.yy43->ptr + 4);
ctx->ok = 0;
}
} else if (NULL == (yygotominor.yy41 = configparser_get_variable(ctx, yymsp[0].minor.yy43))) {
fprintf(stderr, "Undefined config variable: %s\n", yymsp[0].minor.yy43->ptr);
ctx->ok = 0;
}
if (!yygotominor.yy41) {
/* make a dummy so it won't crash */
yygotominor.yy41 = (data_unset *)data_string_init();
}
buffer_free(yymsp[0].minor.yy43);
yymsp[0].minor.yy43 = NULL;
}
#line 971 "configparser.c"
break;
case 15:
#line 262 "./configparser.y"
{
yygotominor.yy41 = (data_unset *)data_string_init();
buffer_copy_string_buffer(((data_string *)(yygotominor.yy41))->value, yymsp[0].minor.yy0);
buffer_free(yymsp[0].minor.yy0);
yymsp[0].minor.yy0 = NULL;
}
#line 981 "configparser.c"
break;
case 16:
#line 269 "./configparser.y"
{
yygotominor.yy41 = (data_unset *)data_integer_init();
((data_integer *)(yygotominor.yy41))->value = strtol(yymsp[0].minor.yy0->ptr, NULL, 10);
buffer_free(yymsp[0].minor.yy0);
yymsp[0].minor.yy0 = NULL;
}
#line 991 "configparser.c"
break;
case 17:
#line 275 "./configparser.y"
{
yygotominor.yy41 = (data_unset *)data_array_init();
array_free(((data_array *)(yygotominor.yy41))->value);
((data_array *)(yygotominor.yy41))->value = yymsp[0].minor.yy40;
yymsp[0].minor.yy40 = NULL;
}
#line 1001 "configparser.c"
break;
case 18:
#line 281 "./configparser.y"
{
yygotominor.yy40 = array_init();
}
#line 1008 "configparser.c"
yy_destructor(8,&yymsp[-1].minor);
yy_destructor(9,&yymsp[0].minor);
break;
case 19:
#line 284 "./configparser.y"
{
yygotominor.yy40 = yymsp[-1].minor.yy40;
yymsp[-1].minor.yy40 = NULL;
}
#line 1018 "configparser.c"
yy_destructor(8,&yymsp[-2].minor);
yy_destructor(9,&yymsp[0].minor);
break;
case 20:
#line 289 "./configparser.y"
{
if (buffer_is_empty(yymsp[0].minor.yy41->key) ||
NULL == array_get_element(yymsp[-2].minor.yy40, yymsp[0].minor.yy41->key->ptr)) {
array_insert_unique(yymsp[-2].minor.yy40, yymsp[0].minor.yy41);
yymsp[0].minor.yy41 = NULL;
} else {
fprintf(stderr, "Duplicate array-key: %s\n",
yymsp[0].minor.yy41->key->ptr);
ctx->ok = 0;
yymsp[0].minor.yy41->free(yymsp[0].minor.yy41);
yymsp[0].minor.yy41 = NULL;
}
yygotominor.yy40 = yymsp[-2].minor.yy40;
yymsp[-2].minor.yy40 = NULL;
}
#line 1040 "configparser.c"
yy_destructor(10,&yymsp[-1].minor);
break;
case 21:
#line 306 "./configparser.y"
{
yygotominor.yy40 = yymsp[-1].minor.yy40;
yymsp[-1].minor.yy40 = NULL;
}
#line 1049 "configparser.c"
yy_destructor(10,&yymsp[0].minor);
break;
case 22:
#line 311 "./configparser.y"
{
yygotominor.yy40 = array_init();
array_insert_unique(yygotominor.yy40, yymsp[0].minor.yy41);
yymsp[0].minor.yy41 = NULL;
}
#line 1059 "configparser.c"
break;
case 23:
#line 317 "./configparser.y"
{
yygotominor.yy41 = yymsp[0].minor.yy41;
yymsp[0].minor.yy41 = NULL;
}
#line 1067 "configparser.c"
break;
case 24:
#line 321 "./configparser.y"
{
buffer_copy_string_buffer(yymsp[0].minor.yy41->key, yymsp[-2].minor.yy43);
buffer_free(yymsp[-2].minor.yy43);
yymsp[-2].minor.yy43 = NULL;
yygotominor.yy41 = yymsp[0].minor.yy41;
yymsp[0].minor.yy41 = NULL;
}
#line 1079 "configparser.c"
yy_destructor(11,&yymsp[-1].minor);
break;
case 25:
yy_destructor(1,&yymsp[0].minor);
break;
case 26:
break;
case 27:
#line 333 "./configparser.y"
{
data_config *dc;
dc = (data_config *)array_get_element(ctx->srv->config_context, "global");
assert(dc);
configparser_push(ctx, dc, 0);
}
#line 1095 "configparser.c"
yy_destructor(12,&yymsp[0].minor);
break;
case 28:
#line 340 "./configparser.y"
{
data_config *cur;
cur = ctx->current;
configparser_pop(ctx);
assert(cur && ctx->current);
yygotominor.yy78 = cur;
}
#line 1110 "configparser.c"
/* No destructor defined for globalstart */
yy_destructor(13,&yymsp[-2].minor);
/* No destructor defined for metalines */
yy_destructor(14,&yymsp[0].minor);
break;
case 29:
#line 351 "./configparser.y"
{
assert(yymsp[-3].minor.yy78->context_ndx < yymsp[0].minor.yy78->context_ndx);
yymsp[0].minor.yy78->prev = yymsp[-3].minor.yy78;
yymsp[-3].minor.yy78->next = yymsp[0].minor.yy78;
yygotominor.yy78 = yymsp[0].minor.yy78;
yymsp[-3].minor.yy78 = NULL;
yymsp[0].minor.yy78 = NULL;
}
#line 1126 "configparser.c"
/* No destructor defined for eols */
yy_destructor(15,&yymsp[-1].minor);
break;
case 30:
#line 360 "./configparser.y"
{
yygotominor.yy78 = yymsp[0].minor.yy78;
yymsp[0].minor.yy78 = NULL;
}
#line 1136 "configparser.c"
break;
case 31:
#line 365 "./configparser.y"
{
data_config *cur;
cur = ctx->current;
configparser_pop(ctx);
assert(cur && ctx->current);
yygotominor.yy78 = cur;
}
#line 1150 "configparser.c"
/* No destructor defined for context */
yy_destructor(13,&yymsp[-2].minor);
/* No destructor defined for metalines */
yy_destructor(14,&yymsp[0].minor);
break;
case 32:
#line 376 "./configparser.y"
{
data_config *dc;
buffer *b, *rvalue, *op;
if (ctx->ok && yymsp[0].minor.yy41->type != TYPE_STRING) {
fprintf(stderr, "rvalue must be string");
ctx->ok = 0;
}
switch(yymsp[-1].minor.yy27) {
case CONFIG_COND_NE:
op = buffer_init_string("!=");
break;
case CONFIG_COND_EQ:
op = buffer_init_string("==");
break;
case CONFIG_COND_NOMATCH:
op = buffer_init_string("!~");
break;
case CONFIG_COND_MATCH:
op = buffer_init_string("=~");
break;
default:
assert(0);
return;
}
b = buffer_init();
buffer_copy_string_buffer(b, ctx->current->key);
buffer_append_string(b, "/");
buffer_append_string_buffer(b, yymsp[-5].minor.yy0);
buffer_append_string_buffer(b, yymsp[-3].minor.yy43);
buffer_append_string_buffer(b, op);
rvalue = ((data_string*)yymsp[0].minor.yy41)->value;
buffer_append_string_buffer(b, rvalue);
if (NULL != (dc = (data_config *)array_get_element(ctx->all_configs, b->ptr))) {
configparser_push(ctx, dc, 0);
} else {
struct {
comp_key_t comp;
char *comp_key;
size_t len;
} comps[] = {
{ COMP_SERVER_SOCKET, CONST_STR_LEN("SERVER[\"socket\"]" ) },
{ COMP_HTTP_URL, CONST_STR_LEN("HTTP[\"url\"]" ) },
{ COMP_HTTP_HOST, CONST_STR_LEN("HTTP[\"host\"]" ) },
{ COMP_HTTP_REFERER, CONST_STR_LEN("HTTP[\"referer\"]" ) },
{ COMP_HTTP_USER_AGENT, CONST_STR_LEN("HTTP[\"useragent\"]" ) },
{ COMP_HTTP_USER_AGENT, CONST_STR_LEN("HTTP[\"user-agent\"]" ) },
{ COMP_HTTP_COOKIE, CONST_STR_LEN("HTTP[\"cookie\"]" ) },
{ COMP_HTTP_REMOTE_IP, CONST_STR_LEN("HTTP[\"remoteip\"]" ) },
{ COMP_HTTP_REMOTE_IP, CONST_STR_LEN("HTTP[\"remote-ip\"]" ) },
{ COMP_HTTP_QUERY_STRING, CONST_STR_LEN("HTTP[\"querystring\"]") },
{ COMP_HTTP_QUERY_STRING, CONST_STR_LEN("HTTP[\"query-string\"]") },
{ COMP_HTTP_REQUEST_METHOD, CONST_STR_LEN("HTTP[\"request-method\"]") },
{ COMP_HTTP_SCHEME, CONST_STR_LEN("HTTP[\"scheme\"]" ) },
{ COMP_UNSET, NULL, 0 },
};
size_t i;
dc = data_config_init();
buffer_copy_string_buffer(dc->key, b);
buffer_copy_string_buffer(dc->op, op);
buffer_copy_string_buffer(dc->comp_key, yymsp[-5].minor.yy0);
buffer_append_string_len(dc->comp_key, CONST_STR_LEN("[\""));
buffer_append_string_buffer(dc->comp_key, yymsp[-3].minor.yy43);
buffer_append_string_len(dc->comp_key, CONST_STR_LEN("\"]"));
dc->cond = yymsp[-1].minor.yy27;
for (i = 0; comps[i].comp_key; i ++) {
if (buffer_is_equal_string(
dc->comp_key, comps[i].comp_key, comps[i].len)) {
dc->comp = comps[i].comp;
break;
}
}
if (COMP_UNSET == dc->comp) {
fprintf(stderr, "error comp_key %s", dc->comp_key->ptr);
ctx->ok = 0;
}
switch(yymsp[-1].minor.yy27) {
case CONFIG_COND_NE:
case CONFIG_COND_EQ:
dc->string = buffer_init_buffer(rvalue);
break;
case CONFIG_COND_NOMATCH:
case CONFIG_COND_MATCH: {
#ifdef HAVE_PCRE_H
const char *errptr;
int erroff;
if (NULL == (dc->regex =
pcre_compile(rvalue->ptr, 0, &errptr, &erroff, NULL))) {
dc->string = buffer_init_string(errptr);
dc->cond = CONFIG_COND_UNSET;
fprintf(stderr, "parsing regex failed: %s -> %s at offset %d\n",
rvalue->ptr, errptr, erroff);
ctx->ok = 0;
} else if (NULL == (dc->regex_study =
pcre_study(dc->regex, 0, &errptr)) &&
errptr != NULL) {
fprintf(stderr, "studying regex failed: %s -> %s\n",
rvalue->ptr, errptr);
ctx->ok = 0;
} else {
dc->string = buffer_init_buffer(rvalue);
}
#else
fprintf(stderr, "can't handle '$%s[%s] =~ ...' as you compiled without pcre support. \n"
"(perhaps just a missing pcre-devel package ?) \n",
yymsp[-5].minor.yy0->ptr, yymsp[-3].minor.yy43->ptr);
ctx->ok = 0;
#endif
break;
}
default:
fprintf(stderr, "unknown condition for $%s[%s]\n",
yymsp[-5].minor.yy0->ptr, yymsp[-3].minor.yy43->ptr);
ctx->ok = 0;
break;
}
configparser_push(ctx, dc, 1);
}
buffer_free(b);
buffer_free(op);
buffer_free(yymsp[-5].minor.yy0);
yymsp[-5].minor.yy0 = NULL;
buffer_free(yymsp[-3].minor.yy43);
yymsp[-3].minor.yy43 = NULL;
yymsp[0].minor.yy41->free(yymsp[0].minor.yy41);
yymsp[0].minor.yy41 = NULL;
}
#line 1298 "configparser.c"
yy_destructor(16,&yymsp[-6].minor);
yy_destructor(18,&yymsp[-4].minor);
yy_destructor(19,&yymsp[-2].minor);
break;
case 33:
#line 516 "./configparser.y"
{
yygotominor.yy27 = CONFIG_COND_EQ;
}
#line 1308 "configparser.c"
yy_destructor(20,&yymsp[0].minor);
break;
case 34:
#line 519 "./configparser.y"
{
yygotominor.yy27 = CONFIG_COND_MATCH;
}
#line 1316 "configparser.c"
yy_destructor(21,&yymsp[0].minor);
break;
case 35:
#line 522 "./configparser.y"
{
yygotominor.yy27 = CONFIG_COND_NE;
}
#line 1324 "configparser.c"
yy_destructor(22,&yymsp[0].minor);
break;
case 36:
#line 525 "./configparser.y"
{
yygotominor.yy27 = CONFIG_COND_NOMATCH;
}
#line 1332 "configparser.c"
yy_destructor(23,&yymsp[0].minor);
break;
case 37:
#line 529 "./configparser.y"
{
yygotominor.yy43 = NULL;
if (ctx->ok) {
if (yymsp[0].minor.yy41->type == TYPE_STRING) {
yygotominor.yy43 = buffer_init_buffer(((data_string*)yymsp[0].minor.yy41)->value);
} else if (yymsp[0].minor.yy41->type == TYPE_INTEGER) {
yygotominor.yy43 = buffer_init();
buffer_copy_long(yygotominor.yy43, ((data_integer *)yymsp[0].minor.yy41)->value);
} else {
fprintf(stderr, "operand must be string");
ctx->ok = 0;
}
}
yymsp[0].minor.yy41->free(yymsp[0].minor.yy41);
yymsp[0].minor.yy41 = NULL;
}
#line 1353 "configparser.c"
break;
case 38:
#line 546 "./configparser.y"
{
if (ctx->ok) {
if (0 != config_parse_file(ctx->srv, ctx, yymsp[0].minor.yy43->ptr)) {
ctx->ok = 0;
}
buffer_free(yymsp[0].minor.yy43);
yymsp[0].minor.yy43 = NULL;
}
}
#line 1366 "configparser.c"
yy_destructor(24,&yymsp[-1].minor);
break;
case 39:
#line 556 "./configparser.y"
{
if (ctx->ok) {
if (0 != config_parse_cmd(ctx->srv, ctx, yymsp[0].minor.yy43->ptr)) {
ctx->ok = 0;
}
buffer_free(yymsp[0].minor.yy43);
yymsp[0].minor.yy43 = NULL;
}
}
#line 1380 "configparser.c"
yy_destructor(25,&yymsp[-1].minor);
break;
};
yygoto = yyRuleInfo[yyruleno].lhs;
yysize = yyRuleInfo[yyruleno].nrhs;
yypParser->yyidx -= yysize;
yyact = yy_find_reduce_action(yypParser,yygoto);
if( yyact < YYNSTATE ){
yy_shift(yypParser,yyact,yygoto,&yygotominor);
}else if( yyact == YYNSTATE + YYNRULE + 1 ){
yy_accept(yypParser);
}
}
static handler_t mod_authn_gssapi_basic(server *srv, connection *con, void *p_d, const http_auth_require_t *require, const buffer *username, const char *pw)
{
krb5_context kcontext = NULL;
krb5_keytab keytab = NULL;
krb5_principal s_princ = NULL;
krb5_principal c_princ = NULL;
krb5_creds c_creds;
krb5_ccache c_ccache = NULL;
krb5_ccache ret_ccache = NULL;
krb5_error_code code;
int ret;
buffer *sprinc;
buffer *user_at_realm = NULL;
plugin_data * const p = (plugin_data *)p_d;
if (*pw == '\0') {
log_error_write(srv, __FILE__, __LINE__, "s", "Empty passwords are not accepted");
return mod_authn_gssapi_send_401_unauthorized_basic(srv, con);
}
mod_authn_gssapi_patch_connection(srv, con, p);
code = krb5_init_context(&kcontext);
if (code) {
log_error_write(srv, __FILE__, __LINE__, "sd", "krb5_init_context():", code);
return mod_authn_gssapi_send_401_unauthorized_basic(srv, con); /*(well, should be 500)*/
}
code = krb5_kt_resolve(kcontext, p->conf.auth_gssapi_keytab->ptr, &keytab);
if (code) {
log_error_write(srv, __FILE__, __LINE__, "sdb", "krb5_kt_resolve():", code, p->conf.auth_gssapi_keytab);
return mod_authn_gssapi_send_401_unauthorized_basic(srv, con); /*(well, should be 500)*/
}
sprinc = buffer_init_buffer(p->conf.auth_gssapi_principal);
if (strchr(sprinc->ptr, '/') == NULL) {
/*(copy HTTP Host, omitting port if port is present)*/
/* ??? Should con->server_name be used if http_host not present?
* ??? What if con->server_name is not set?
* ??? Will this work below if IPv6 provided in Host? probably not */
if (!buffer_is_empty(con->request.http_host)) {
buffer_append_string(sprinc, "/");
buffer_append_string_len(sprinc, con->request.http_host->ptr, strcspn(con->request.http_host->ptr, ":"));
}
}
/*(init c_creds before anything which might krb5_free_cred_contents())*/
memset(&c_creds, 0, sizeof(c_creds));
ret = krb5_parse_name(kcontext, sprinc->ptr, &s_princ);
if (ret) {
mod_authn_gssapi_log_krb5_error(srv, __FILE__, __LINE__, "krb5_parse_name", sprinc->ptr, kcontext, ret);
ret = -1;
goto end;
}
if (strchr(username->ptr, '@') == NULL) {
user_at_realm = buffer_init_buffer(username);
BUFFER_APPEND_STRING_CONST(user_at_realm, "@");
buffer_append_string_buffer(user_at_realm, require->realm);
}
ret = krb5_parse_name(kcontext, (user_at_realm ? user_at_realm->ptr : username->ptr), &c_princ);
if (ret) {
mod_authn_gssapi_log_krb5_error(srv, __FILE__, __LINE__, "krb5_parse_name", (user_at_realm ? user_at_realm->ptr : username->ptr), kcontext, ret);
if (user_at_realm) buffer_free(user_at_realm);
ret = -1;
goto end;
}
if (user_at_realm) buffer_free(user_at_realm);
/* XXX: if the qualified username with @realm should be in REMOTE_USER,
* then http_auth_backend_t basic interface needs to change to pass
* modifiable buffer *username, but note that const char *pw follows
* in the truncated buffer *username, so pw would need to be copied
* before modifying buffer *username */
/*
* char *name = NULL;
* ret = krb5_unparse_name(kcontext, c_princ, &name);
* if (ret == 0) {
* log_error_write(srv, __FILE__, __LINE__, "sbss", "Trying to get TGT for user:"******"password:"******"krb5_get_init_creds_password", NULL, kcontext, ret);
goto end;
}
ret = mod_authn_gssapi_verify_krb5_init_creds(srv, kcontext, &c_creds, s_princ, keytab);
if (ret) {
mod_authn_gssapi_log_krb5_error(srv, __FILE__, __LINE__, "mod_authn_gssapi_verify_krb5_init_creds", NULL, kcontext, ret);
goto end;
}
ret = krb5_cc_resolve(kcontext, "MEMORY:", &ret_ccache);
if (ret) {
mod_authn_gssapi_log_krb5_error(srv, __FILE__, __LINE__, "krb5_cc_resolve", NULL, kcontext, ret);
goto end;
}
ret = krb5_cc_initialize(kcontext, ret_ccache, c_princ);
if (ret) {
mod_authn_gssapi_log_krb5_error(srv, __FILE__, __LINE__, "krb5_cc_initialize", NULL, kcontext, ret);
goto end;
}
ret = krb5_cc_store_cred(kcontext, ret_ccache, &c_creds);
if (ret) {
mod_authn_gssapi_log_krb5_error(srv, __FILE__, __LINE__, "krb5_cc_store_cred", NULL, kcontext, ret);
goto end;
}
c_ccache = ret_ccache;
ret_ccache = NULL;
end:
krb5_free_cred_contents(kcontext, &c_creds);
if (ret_ccache)
krb5_cc_destroy(kcontext, ret_ccache);
if (!ret && c_ccache && (ret = mod_authn_gssapi_store_krb5_creds(srv, con, p, kcontext, c_ccache))) {
log_error_write(srv, __FILE__, __LINE__, "sb", "mod_authn_gssapi_store_krb5_creds failed for", username);
}
buffer_free(sprinc);
if (c_princ)
krb5_free_principal(kcontext, c_princ);
if (s_princ)
krb5_free_principal(kcontext, s_princ);
if (c_ccache)
krb5_cc_destroy(kcontext, c_ccache);
if (keytab)
krb5_kt_close(kcontext, keytab);
krb5_free_context(kcontext);
if (0 == ret && http_auth_match_rules(require,username->ptr,NULL,NULL)){
return HANDLER_GO_ON;
}
else {
/* ret == KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN or no authz rules match */
log_error_write(srv, __FILE__, __LINE__, "sbsBsB", "password doesn't match for", con->uri.path, "username:"******", IP:", con->dst_addr_buf);
return mod_authn_gssapi_send_401_unauthorized_basic(srv, con);
}
}
static handler_t mod_authn_gssapi_check_spnego(server *srv, connection *con, plugin_data *p, const http_auth_require_t *require, const char *realm_str)
{
OM_uint32 st_major, st_minor, acc_flags;
gss_buffer_desc token_s = GSS_C_EMPTY_BUFFER;
gss_buffer_desc token_in = GSS_C_EMPTY_BUFFER;
gss_buffer_desc token_out = GSS_C_EMPTY_BUFFER;
gss_cred_id_t server_cred = GSS_C_NO_CREDENTIAL;
gss_cred_id_t client_cred = GSS_C_NO_CREDENTIAL;
gss_ctx_id_t context = GSS_C_NO_CONTEXT;
gss_name_t server_name = GSS_C_NO_NAME;
gss_name_t client_name = GSS_C_NO_NAME;
buffer *sprinc;
int ret = 0;
buffer *t_in = buffer_init();
if (!buffer_append_base64_decode(t_in, realm_str, strlen(realm_str), BASE64_STANDARD)) {
log_error_write(srv, __FILE__, __LINE__, "ss", "decoding GSSAPI authentication header failed", realm_str);
buffer_free(t_in);
return mod_authn_gssapi_send_400_bad_request(srv, con);
}
mod_authn_gssapi_patch_connection(srv, con, p);
{
/* ??? Should code = krb5_kt_resolve(kcontext, p->conf.auth_gssapi_keytab->ptr, &keytab);
* be used, instead of putenv() of KRB5_KTNAME=...? See mod_authn_gssapi_basic() */
/* ??? Should KRB5_KTNAME go into con->environment instead ??? */
/* ??? Should KRB5_KTNAME be added to mod_authn_gssapi_basic(), too? */
buffer ktname;
memset(&ktname, 0, sizeof(ktname));
buffer_copy_string(&ktname, "KRB5_KTNAME=");
buffer_append_string_buffer(&ktname, p->conf.auth_gssapi_keytab);
putenv(ktname.ptr);
/* ktname.ptr becomes part of the environment, do not free */
}
sprinc = buffer_init_buffer(p->conf.auth_gssapi_principal);
if (strchr(sprinc->ptr, '/') == NULL) {
/*(copy HTTP Host, omitting port if port is present)*/
/* ??? Should con->server_name be used if http_host not present?
* ??? What if con->server_name is not set?
* ??? Will this work below if IPv6 provided in Host? probably not */
if (!buffer_is_empty(con->request.http_host)) {
buffer_append_string(sprinc, "/");
buffer_append_string_len(sprinc, con->request.http_host->ptr, strcspn(con->request.http_host->ptr, ":"));
}
}
if (strchr(sprinc->ptr, '@') == NULL) {
buffer_append_string(sprinc, "@");
buffer_append_string_buffer(sprinc, require->realm);
}
/*#define GSS_C_NT_USER_NAME gss_nt_user_name*/
/*#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name*/
#define GSS_KRB5_NT_PRINCIPAL_NAME gss_nt_krb5_name
token_s.value = sprinc->ptr;
token_s.length = buffer_string_length(sprinc);
st_major = gss_import_name(&st_minor, &token_s, (gss_OID) GSS_KRB5_NT_PRINCIPAL_NAME, &server_name);
if (GSS_ERROR(st_major)) {
mod_authn_gssapi_log_gss_error(srv, __FILE__, __LINE__, "gss_import_name", NULL, st_major, st_minor);
goto end;
}
memset(&token_s, 0, sizeof(token_s));
st_major = gss_display_name(&st_minor, server_name, &token_s, NULL);
if (GSS_ERROR(st_major)) {
mod_authn_gssapi_log_gss_error(srv, __FILE__, __LINE__, "gss_display_name", NULL, st_major, st_minor);
goto end;
}
/* acquire server's own credentials */
st_major = gss_acquire_cred(&st_minor, server_name, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, GSS_C_ACCEPT, &server_cred, NULL, NULL);
if (GSS_ERROR(st_major)) {
mod_authn_gssapi_log_gss_error(srv, __FILE__, __LINE__, "gss_acquire_cred", sprinc->ptr, st_major, st_minor);
goto end;
}
/* accept the user's context */
token_in.length = buffer_string_length(t_in);
token_in.value = t_in->ptr;
st_major = gss_accept_sec_context(&st_minor, &context, server_cred, &token_in, GSS_C_NO_CHANNEL_BINDINGS,
&client_name, NULL, &token_out, &acc_flags, NULL, &client_cred);
if (GSS_ERROR(st_major)) {
mod_authn_gssapi_log_gss_error(srv, __FILE__, __LINE__, "gss_accept_sec_context", NULL, st_major, st_minor);
goto end;
}
/* fetch the username */
st_major = gss_display_name(&st_minor, client_name, &token_out, NULL);
if (GSS_ERROR(st_major)) {
mod_authn_gssapi_log_gss_error(srv, __FILE__, __LINE__, "gss_display_name", NULL, st_major, st_minor);
goto end;
}
if (!(acc_flags & GSS_C_CONF_FLAG)) {
log_error_write(srv, __FILE__, __LINE__, "ss", "No confidentiality for user:"******"ss", "Unable to delegate credentials for user:"******"GSSAPI"));
end:
buffer_free(t_in);
buffer_free(sprinc);
if (context != GSS_C_NO_CONTEXT)
gss_delete_sec_context(&st_minor, &context, GSS_C_NO_BUFFER);
if (client_cred != GSS_C_NO_CREDENTIAL)
gss_release_cred(&st_minor, &client_cred);
if (server_cred != GSS_C_NO_CREDENTIAL)
gss_release_cred(&st_minor, &server_cred);
if (client_name != GSS_C_NO_NAME)
gss_release_name(&st_minor, &client_name);
if (server_name != GSS_C_NO_NAME)
gss_release_name(&st_minor, &server_name);
if (token_s.length)
gss_release_buffer(&st_minor, &token_s);
/* if (token_in.length)
* gss_release_buffer(&st_minor, &token_in); */
if (token_out.length)
gss_release_buffer(&st_minor, &token_out);
return ret ? HANDLER_GO_ON : mod_authn_gssapi_send_401_unauthorized_negotiate(srv, con);
}
