mod_nw_ssl.c revision 006e0323d4d432e33ee854c9fbb2de1011aac450
/* Copyright 2001-2004 The Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/*
*
* above and is interfaced through WinSock on NetWare. As you can see in
*
* To load, simply place the module in the modules directory under the main
* apache tree. Then add a "SecureListen" with two arguments. The first
* name as created in ConsoleOne.
*
* Examples:
*
* SecureListen 443 "SSL CertificateIP"
* SecureListen 123.45.67.89:443 mycert
*/
#define WS_SSL
#define MAX_ADDRESS 512
#define MAX_KEY 80
#include "httpd.h"
#include "http_config.h"
#include "http_log.h"
#include "http_protocol.h"
#include "http_core.h"
#include "ap_listen.h"
#include "apr_strings.h"
#include "apr_portable.h"
#include "apr_optional.h"
#ifndef SO_TLS_UNCLEAN_SHUTDOWN
#define SO_TLS_UNCLEAN_SHUTDOWN 0
#endif
/* The ssl_var_lookup() optional function retrieves SSL environment
* variables. */
APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup,
(apr_pool_t *, server_rec *,
conn_rec *, request_rec *,
char *));
/* An optional function which returns non-zero if the given connection
/* The ssl_proxy_enable() and ssl_engine_disable() optional functions
* are used by mod_proxy to enable use of SSL for outgoing
* connections. */
typedef struct NWSSLSrvConfigRec NWSSLSrvConfigRec;
typedef struct seclisten_rec seclisten_rec;
struct seclisten_rec {
int fd;
int used; /* Only used during restart */
int mutual;
char *addr;
int port;
};
struct NWSSLSrvConfigRec {
};
static int numcerts = 0;
#define get_nwssl_cfg(srv) (NWSSLSrvConfigRec *) ap_get_module_config(srv->module_config, &nwssl_module)
static void build_cert_list (apr_pool_t *p)
{
int i;
for (i = 0; i < numcerts; ++i) {
}
}
/*
* Parses a host of the form <address>[:port]
* :port is permitted if 'port' is not NULL
*/
static unsigned long parse_addr(const char *w, unsigned short *ports)
{
unsigned long my_addr;
char *p;
p = strchr(w, ':');
*ports = 0;
}
if (p != NULL)
*p = '\0';
if (strcmp(w, "*") == 0) {
if (p != NULL)
*p = ':';
return htonl(INADDR_ANY);
}
my_addr = apr_inet_addr((char *)w);
if (my_addr != INADDR_NONE) {
if (p != NULL)
*p = ':';
return my_addr;
}
hep = gethostbyname(w);
/* XXX Should be echoing by h_errno the actual failure, no?
* ap_log_error would be good here. Better yet - APRize.
*/
exit(1);
}
exit(1);
}
if (p != NULL)
*p = ':';
}
{
}
}
return -1;
}
{
int s;
int one = 1;
char addr[MAX_ADDRESS];
struct sslserveropts opts;
unsigned int optParam;
int no = 1;
else
/* note that because we're about to slack we don't use psocket */
(LPWSAPROTOCOL_INFO)&SecureProtoInfo, 0, 0);
if (s == INVALID_SOCKET) {
"make_secure_socket: failed to get a socket for %s",
addr);
return -1;
}
if (!mutual) {
"make_secure_socket: for %s, WSAIoctl: "
"(SO_SSL_SET_FLAGS)", addr);
return -1;
}
}
opts.sidtimeout = 0;
opts.sidentries = 0;
"make_secure_socket: for %s, WSAIoctl: "
"(SO_SSL_SET_SERVER)", addr);
return -1;
}
if (mutual) {
"make_secure_socket: for %s, WSAIoctl: "
"(SO_SSL_SET_FLAGS)", addr);
return -1;
}
}
return s;
}
{
int rcode;
struct tlsclientopts sWS2Opts;
struct nwtlsopts sNWTLSOpts;
struct sslserveropts opts;
unsigned long ulFlags;
/* zero out buffers */
/* turn on ssl for the socket */
if (SOCKET_ERROR == rcode)
{
"Error: %d with ioctlsocket(flag SO_TLS_ENABLE)", WSAGetLastError());
return rcode;
}
/* setup the socket for SSL */
if (numcerts) {
}
else {
/* setup the socket for SSL */
}
/* make the IOCTL call */
/* make sure that it was successfull */
if(SOCKET_ERROR == rcode ){
"Error: %d with ioctl (SO_TLS_SET_CLIENT)", WSAGetLastError());
}
return rcode;
}
const char* mutual)
{
unsigned short port;
return err;
return "Missing IP address";
return "Address must end in :<port-number>";
*(ports++) = '\0';
}
else {
}
}
else {
}
if (!port)
return "Port must be numeric";
return NULL;
}
{
/* Remove our secure listener from the listener list */
/* slr is at the head of the list */
break;
}
/* slr is somewhere in between or at the end*/
break;
}
}
return APR_SUCCESS;
}
{
return NULL;
}
{
return OK;
}
{
}
return OK;
}
{
if (lr) {
pconf)) != APR_SUCCESS) {
return HTTP_INTERNAL_SERVER_ERROR;
}
ap_listeners = lr;
}
} else {
return HTTP_INTERNAL_SERVER_ERROR;
}
}
return OK;
}
{
return new;
}
{
return merged;
}
{
char port[8];
int ret = 0;
if (s_secure)
ret = 1;
return ret;
}
static int isSecure (const request_rec *r)
{
}
static int nwssl_hook_Fixup(request_rec *r)
{
int i;
if (!isSecure(r))
return DECLINED;
return DECLINED;
}
static const char *nwssl_hook_http_method (const request_rec *r)
{
if (isSecure(r))
return "https";
return NULL;
}
{
if (isSecure(r))
return DEFAULT_HTTPS_PORT;
return 0;
}
int ssl_proxy_enable(conn_rec *c)
{
return 1;
}
int ssl_engine_disable(conn_rec *c)
{
return 1;
}
static int ssl_is_https(conn_rec *c)
{
return isSecureConn (c->base_server, c);
}
/* This function must remain safe to use for a non-SSL connection. */
{
const char *result;
/*
* When no pool is given try to find one
*/
if (p == NULL) {
if (r != NULL)
p = r->pool;
else if (c != NULL)
p = c->pool;
else
}
/*
* Request dependent stuff
*/
if (r != NULL) {
switch (var[0]) {
case 'H':
case 'h':
/* all other headers from which we are still not know about */
break;
case 'R':
case 'r':
result = ap_http_method(r);
REMOTE_NAME, NULL);
result = ap_get_remote_logname(r);
break;
case 'S':
case 's':
result = ap_get_server_name(r);
break;
default:
result = ap_document_root(r);
result = r->ap_auth_type;
result = r->the_request;
break;
}
}
/*
* Connection stuff
*/
/* XXX-Can't get specific SSL info from NetWare */
/* SSLConnRec *sslconn = myConnConfig(c);
if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
&& sslconn && sslconn->ssl)
result = ssl_var_lookup_ssl(p, c, var+4);*/
if (isSecureConn (s, c))
result = "on";
else
result = "off";
}
}
/*
* Totally independent stuff
*/
/* XXX-Can't get specific SSL info from NetWare */
/*result = ssl_var_lookup_ssl_version(p, var+12);*/
}
}
}
}
}
}
}
}
result = apr_psprintf(p,
}
/* all other env-variables from the parent Apache process */
}
}
result = "";
return (char *)result;
}
static const command_rec nwssl_module_cmds[] =
{
"Optional third parameter of MUTUAL configures the port for mutual authentication."),
"Adds trusted certificates that are used to create secure connections to proxied servers"),
{NULL}
};
static void register_hooks(apr_pool_t *p)
{
}
{
NULL, /* dir config creater */
NULL, /* dir merger --- default is to override */
nwssl_config_server_create, /* server config */
nwssl_config_server_merge, /* merge server config */
nwssl_module_cmds, /* command apr_table_t */
};