| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
_WIN32 __declspec(dllexport) on mod_*_plugin_init()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
_WIN32 is sufficiently different -- *different*; not better -- that
isolating _WIN32 code is clearer than #ifdef _WIN32 in almost every
func in fdevent.c
_WIN32-specific fdevent_socket_* funcs
_WIN32 SOCKET fds must be closed with closesocket(), not close()
_WIN32 HANDLE_FLAG_INHERIT for FD_CLOEXEC
_WIN32 use _sopen_s() without _O_TEMPORARY
Use _sopen_s() without _O_TEMPORARY in fdevent_mkostemp().
_O_TEMPORARY would remove file once last handle to file is closed.
Temporary files in chunkqueue may be closed for large request/response
_WIN32 fdevent_rename() using MoveFileExA
_WIN32 rename() fails if the target file already exists.
Alternatives are MoveFileExA() or ReplaceFileA().
Both of the above fail if either oldfile or newfile are open, so
- not atomic
- may fail sporadically
|
|
|
|
|
| |
employ ck_calloc(), ck_malloc() shared code to slightly reduce code size
(centralize the ck_assert() to check that memory allocation succeeded)
|
| |
|
|
|
|
|
|
|
|
| |
(thx devnexen)
x-ref:
"netbsd meson build fix"
https://redmine.lighttpd.net/issues/3133
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RFC7616 HTTP Digest username* and userhash support (if configured)
userhash support must be configured to enable:
auth.require = ( "/" => ( "userhash" => "enable", ... ) )
and one of
auth.backend = "htdigest" # mod_authn_file
or
auth.backend = "dbi" # mod_authn_dbi
and appropriate modification to add userhash into htdigest or db table
along with adding "sql-userhash" => "..." SQL query for mod_authn_dbi
Note: open issue with curl preventing userhash from working with curl:
https://github.com/curl/curl/pull/8066
|
|
|
|
|
|
|
|
|
|
|
|
| |
crypt() static output buffer is cleared upon next call to crypt(),
but clear output buffer anyway since next call to crypt() might be
much later. Only clear crypt() output if length >= 13, since if
there is an error in crypt(), 'man crypt' warns:
"Some implementations of crypt, upon error, return an invalid hash that
is stored in a read-only location or only initialized once, which means
that it is only safe to erase the buffer pointed to by the crypt return
value if an error did not occur."
|
|
|
|
|
|
|
| |
dbi_conn_escape_string_copy() requires '\0'-terminated string.
While that is currently the case for strings in http_auth_info_t,
that will soon change, so consumers must use ai->username with ai->ulen,
and ai->realm with ai->rlen
|
|
|
|
|
|
|
|
|
|
|
|
| |
reduce code duplication
make it easier to add new algos
mod_authn_file:
- leverage r->tmp_buf instead of temporary allocating buffer_init()
- mod_authn_file_htpasswd_basic()
- compare binary SHA1 (shorter) rather than base64 (longer)
- split crypt() from mod_authn_file_htpasswd_basic() to separate func
- apr_md5_encode() modifications for slightly better performance
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit is a large set of code changes and results in removal of
hundreds, perhaps thousands, of CPU instructions, a portion of which
are on hot code paths.
Most (buffer *) used by lighttpd are not NULL, especially since buffers
were inlined into numerous larger structs such as request_st and chunk.
In the small number of instances where that is not the case, a NULL
check is often performed earlier in a function where that buffer is
later used with a buffer_* func. In the handful of cases that remained,
a NULL check was added, e.g. with r->http_host and r->conf.server_tag.
- check for empty strings at config time and set value to NULL if blank
string will be ignored at runtime; at runtime, simple pointer check
for NULL can be used to check for a value that has been set and is not
blank ("")
- use buffer_is_blank() instead of buffer_string_is_empty(),
and use buffer_is_unset() instead of buffer_is_empty(),
where buffer is known not to be NULL so that NULL check can be skipped
- use buffer_clen() instead of buffer_string_length() when buffer is
known not to be NULL (to avoid NULL check at runtime)
- use buffer_truncate() instead of buffer_string_set_length() to
truncate string, and use buffer_extend() to extend
Examples where buffer known not to be NULL:
- cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL
(though we might set it to NULL if buffer_is_blank(cpv->v.b))
- address of buffer is arg (&foo)
(compiler optimizer detects this in most, but not all, cases)
- buffer is checked for NULL earlier in func
- buffer is accessed in same scope without a NULL check (e.g. b->ptr)
internal behavior change:
callers must not pass a NULL buffer to some funcs.
- buffer_init_buffer() requires non-null args
- buffer_copy_buffer() requires non-null args
- buffer_append_string_buffer() requires non-null args
- buffer_string_space() requires non-null arg
|
|
|
|
| |
rename http_auth.[ch] -> mod_auth_api.[ch]
|
|
|
|
|
| |
move http_auth.c:http_auth_digest_hex2bin() to buffer.c:li_hex2bin()
for reuse, e.g. for use by mod_secdownload, which is not mod_auth*
|
| |
|
|
|
|
|
| |
http_auth_const_time_memeq_pad() -> ck_memeq_const_time()
http_auth_const_time_memeq() -> ck_memeq_const_time_fixed_len()
|
|
|
|
| |
The sqlite3 option is "sqlite3_dbdir"
|
| |
|
|
|