From bd2ea4ed98ded33324a2683832fbd2ac54b73d7d Mon Sep 17 00:00:00 2001 From: wiz Date: Thu, 5 Apr 2001 14:24:39 +0000 Subject: Standardize patch file names. --- www/w3c-httpd/files/patch-sum | 24 +- www/w3c-httpd/patches/patch-CacheCheckSize | 149 -------- www/w3c-httpd/patches/patch-CacheDirs | 103 ------ www/w3c-httpd/patches/patch-SSL | 534 ----------------------------- www/w3c-httpd/patches/patch-ae | 149 ++++++++ www/w3c-httpd/patches/patch-af | 103 ++++++ www/w3c-httpd/patches/patch-ag | 534 +++++++++++++++++++++++++++++ 7 files changed, 798 insertions(+), 798 deletions(-) delete mode 100644 www/w3c-httpd/patches/patch-CacheCheckSize delete mode 100644 www/w3c-httpd/patches/patch-CacheDirs delete mode 100644 www/w3c-httpd/patches/patch-SSL create mode 100644 www/w3c-httpd/patches/patch-ae create mode 100644 www/w3c-httpd/patches/patch-af create mode 100644 www/w3c-httpd/patches/patch-ag (limited to 'www/w3c-httpd') diff --git a/www/w3c-httpd/files/patch-sum b/www/w3c-httpd/files/patch-sum index 0be33ced705..4d5591cd96b 100644 --- a/www/w3c-httpd/files/patch-sum +++ b/www/w3c-httpd/files/patch-sum @@ -1,13 +1,13 @@ -$NetBSD: patch-sum,v 1.1 1999/07/09 14:23:19 agc Exp $ +$NetBSD: patch-sum,v 1.2 2001/04/05 14:24:39 wiz Exp $ -MD5 (patch-CacheCheckSize) = 83bf08cce493d232765a538c8acbb094 -MD5 (patch-CacheDirs) = b0fe5d39d4c773f9635964a7b86148d6 -MD5 (patch-SSL) = d37389deb25d890d12d8c8e8fc64ac95 -MD5 (patch-aa) = 9238c78cc4571aede74c5481b4aaf474 -MD5 (patch-ab) = 805df2b5b2b8dc359ab5e6f275ff8417 -MD5 (patch-ac) = 01d26d9a5af1e8c260db3389925c2623 -MD5 (patch-ad) = 8a639f0dc35b3075d1cfb83262fd47f8 -MD5 (patch-ba) = 8f9ef3f6095a59628e7e69fa2cf7bb28 -MD5 (patch-bb) = 620375e3cd4b32ff1d5b0700e944a838 -MD5 (patch-bc) = 0723f7953457462f0bd6ae78d141e274 -MD5 (patch-ca) = cb1a912f30b83cc364ef21b3cc961900 +SHA1 (patch-aa) = 44aacb2a600488d5140a9535fc8405b1a3a4150a +SHA1 (patch-ab) = f579e55d5646911b05c2e4d1efd69551fcec4c5f +SHA1 (patch-ac) = eeb2668b956d3aa81d338e22bce6664cc2551c2c +SHA1 (patch-ad) = f7093d13c01683c2296c4b7ffa87b87c01ce3392 +SHA1 (patch-ae) = 1f3521bce0b50d582711f6ab89e51ead3fdf59c2 +SHA1 (patch-af) = a30ea965cffae203c6034c96094f7aeb3c72612a +SHA1 (patch-ag) = e0322379cfcc9de48ea22cf726eceb45d98eb4df +SHA1 (patch-ba) = 9d6fc677a3aecb9dfba8fc46e7de6da8008bc0b1 +SHA1 (patch-bb) = 17e0cf4b86138d6bdd843315ca0aac01357d872a +SHA1 (patch-bc) = cc1d854a61aac394faeaa7be4013459b8b7618fe +SHA1 (patch-ca) = 7a6ad8bf8493aab8d6e9fb4a189493d8d7225996 diff --git a/www/w3c-httpd/patches/patch-CacheCheckSize b/www/w3c-httpd/patches/patch-CacheCheckSize deleted file mode 100644 index f3b6820187c..00000000000 --- a/www/w3c-httpd/patches/patch-CacheCheckSize +++ /dev/null @@ -1,149 +0,0 @@ -$NetBSD: patch-CacheCheckSize,v 1.2 1999/05/09 21:12:32 tron Exp $ - -*** /dev/null Tue Feb 6 11:05:04 1996 ---- README-CACHE_CHECK_SIZE Tue Feb 6 13:27:32 1996 -*************** -*** 0 **** ---- 1,11 ---- -+ Patch to avoid serving truncated files from the cache. -+ -+ Apply the patch, modify WWW/All//Makefile.include (for your model -+ system) and add '-DCACHE_CHECK_SIZE' to CFLAGS. -+ -+ With the patch, the server checks the size of a file in the cache before -+ returning it to the user; if the size is incorrect, the server will -+ refresh the file in the cache. -+ -+ -- -+ -- 19960205, Gertjan van Oosten, gertjan@West.NL, West Consulting bv -*** WWW/Daemon/Implementation/HTCache.c.orig Fri Aug 12 12:36:11 1994 ---- Daemon/Implementation/HTCache.c Mon Feb 5 14:02:11 1996 -*************** -*** 382,387 **** ---- 382,437 ---- - } - - -+ #ifdef CACHE_CHECK_SIZE -+ /* -+ ** Check whether cache file has correct size -+ ** -+ ** On exit: -+ ** return YES -+ ** if size is good -+ ** return NO -+ ** if size is too small or too large -+ ** -+ */ -+ PRIVATE BOOL cache_check_size ARGS2(char *, cfn, -+ struct stat *, stat_info) -+ { -+ char buf[BUF_SIZE+2]; -+ FILE *cf; -+ long cl = 0, pos, size, actual; -+ -+ if (!cfn) -+ return NO; -+ -+ cf = fopen(cfn, "r"); -+ if (!cf) -+ return NO; -+ -+ while (fgets(buf, sizeof(buf), cf)) { -+ if (!buf[0] -+ || (buf[0] == '\n' && !buf[1]) -+ || (buf[0] == '\r' && buf[1] == '\n' && !buf[2])) -+ break; -+ -+ if (!strncasecomp(buf, "content-length:", 15)) -+ sscanf(buf+15, "%ld", &cl); -+ } -+ pos = ftell(cf); -+ fclose(cf); -+ -+ size = stat_info->st_size; -+ -+ actual = size - pos; -+ if (TRACE) { -+ fprintf(stderr,"Cache....... checking \"%s\": content-length %ld =?= %ld\n", -+ cfn,cl,actual); -+ } -+ -+ return (cl == actual ? YES : NO); -+ } -+ #endif /* CACHE_CHECK_SIZE */ -+ -+ - PRIVATE BOOL do_caching ARGS1(char *, url) - { - HTList * cur = cc.no_caching; -*************** -*** 460,465 **** ---- 510,518 ---- - time_t *, expires) - { - struct stat stat_info; -+ #ifdef CACHE_CHECK_SIZE -+ BOOL size_ok; -+ #endif - - if (!url || !cfn || !cf || !if_ms) return CACHE_NO; - *cfn = NULL; -*************** -*** 497,503 **** ---- 550,563 ---- - } - - success = HTCacheInfo_for(*cfn, &ld, &lc, &ex, &mu, &lm); -+ #ifdef CACHE_CHECK_SIZE -+ /* Check whether file in cache has correct size */ -+ size_ok = cache_check_size(*cfn, &stat_info); -+ #endif - if (!success /* no entry */ -+ #ifdef CACHE_CHECK_SIZE -+ || !size_ok /* wrong size */ -+ #endif - || ex - cc.cache_time_margin <= cur_time /* expired */ - || cur_time - lc >= refresh_interval /* time to refresh */ - || in.no_cache_pragma) { /* override cache */ -*************** -*** 507,512 **** ---- 567,576 ---- - if (TRACE) { - if (!success) - fprintf(stderr, "NoEntry..... %s -- expiring\n",*cfn); -+ #ifdef CACHE_CHECK_SIZE -+ else if (!size_ok) -+ fprintf(stderr, "Truncated...... %s -- refresh\n",*cfn); -+ #endif - else if (in.no_cache_pragma) - fprintf(stderr, "Forced...... refresh of %s\n",*cfn); - else if (ex - cc.cache_time_margin <= cur_time) -*************** -*** 527,533 **** ---- 591,601 ---- - if (cc.cache_no_connect) { - CTRACE(stderr, "Standalone.. caching mode but expired\n"); - cache_hit = YES; -+ #ifdef CACHE_CHECK_SIZE -+ return size_ok ? CACHE_IF_MODIFIED : CACHE_CREATE; -+ #else - return CACHE_IF_MODIFIED; -+ #endif - } - - if (!(*cf = do_lock(*cfn))) { -*************** -*** 550,556 **** ---- 618,628 ---- - CTRACE(stderr,"IfModSince.. time: %s", ctime(if_ms)); - - free(backup); -+ #ifdef CACHE_CHECK_SIZE -+ return size_ok ? CACHE_IF_MODIFIED : CACHE_CREATE; -+ #else - return CACHE_IF_MODIFIED; -+ #endif - } - else { - CTRACE(stderr, "Cache....... not expired %s\n", *cfn); diff --git a/www/w3c-httpd/patches/patch-CacheDirs b/www/w3c-httpd/patches/patch-CacheDirs deleted file mode 100644 index 7239daba8b3..00000000000 --- a/www/w3c-httpd/patches/patch-CacheDirs +++ /dev/null @@ -1,103 +0,0 @@ -$NetBSD: patch-CacheDirs,v 1.2 1999/05/09 21:12:33 tron Exp $ - -*** /dev/null Tue Feb 6 11:05:04 1996 ---- README-CACHEDIRS Tue Feb 6 13:03:37 1996 -*************** -*** 0 **** ---- 1,12 ---- -+ Patch to translate directory names in the cache from e.g. -+ /www-cache/http/www.some.where.org/ -+ to -+ /www-cache/http/org/where/some/www/ -+ -+ Note that this can lead to unexpected problems, when you have two URLs -+ like and . -+ [This does happen, e.g. many sites out there have "some.where.org" and -+ "www.some.where.org" point to the same machine.] -+ -+ -- -+ -- 19950915, Gertjan van Oosten, gertjan@West.NL, West Consulting B.V. -*** WWW/Daemon/Implementation/HTCache.c.orig Fri Aug 12 12:36:11 1994 ---- Daemon/Implementation/HTCache.c Fri Sep 15 16:25:33 1995 -*************** -*** 5,16 **** ---- 5,19 ---- - ** AUTHORS: - ** AL Ari Luotonen luotonen@dxcern.cern.ch - ** FM Fote Macrides macrides@sci.wfeb.edu -+ ** GJ Gertjan van Oosten gertjan@West.NL - ** - ** HISTORY: - ** 31 Jan 94 AL Written from scratch on a *very* beautiful - ** Sunday afternoon -- seems like the spring - ** is already coming, yippee! - ** 8 Jul 94 FM Insulate free() from _free structure element. -+ ** 15 Sep 95 GJ Translate host names in cache to (reversed) -+ ** directories. - ** - ** BUGS: - ** -*************** -*** 243,248 **** ---- 246,252 ---- - { - char * access = NULL; - char * host = NULL; -+ char * revhost = NULL; - char * path = NULL; - char * cfn = NULL; - BOOL welcome = NO; -*************** -*** 274,291 **** - *cur = TOLOWER(*cur); - cur++; - } - } - - cfn = (char*)malloc(strlen(cc.cache_root) + - strlen(access) + -! (host ? strlen(host) : 0) + - (path ? strlen(path) : 0) + - (welcome ? strlen(WELCOME_FILE) : 0) + 3); - if (!cfn) outofmem(__FILE__, "cache_file_name"); -! sprintf(cfn, "%s/%s/%s%s%s", cc.cache_root, access, host, path, - (welcome ? WELCOME_FILE : "")); - -! FREE(access); FREE(host); FREE(path); - - /* - ** This checks that the last component is not too long. ---- 278,310 ---- - *cur = TOLOWER(*cur); - cur++; - } -+ /* -+ ** Now transform host name from "www.some.where.org" -+ ** to "org/where/some/www". -+ ** [For nameless hosts, you'd want the IP address -+ ** translated from "10.127.7.254" to "10/127/7/254", -+ ** but that is left as an exercise.] -+ */ -+ revhost = malloc(strlen(host)+1); -+ revhost[0] = '\0'; -+ while (cur = strrchr(host, '.')) { -+ strcat(revhost, cur+1); -+ strcat(revhost, "/"); -+ *cur = '\0'; -+ } -+ strcat(revhost, host); - } - - cfn = (char*)malloc(strlen(cc.cache_root) + - strlen(access) + -! (revhost ? strlen(revhost) : 0) + - (path ? strlen(path) : 0) + - (welcome ? strlen(WELCOME_FILE) : 0) + 3); - if (!cfn) outofmem(__FILE__, "cache_file_name"); -! sprintf(cfn, "%s/%s/%s%s%s", cc.cache_root, access, revhost, path, - (welcome ? WELCOME_FILE : "")); - -! FREE(access); FREE(host); FREE(revhost); FREE(path); - - /* - ** This checks that the last component is not too long. diff --git a/www/w3c-httpd/patches/patch-SSL b/www/w3c-httpd/patches/patch-SSL deleted file mode 100644 index 3088e59963b..00000000000 --- a/www/w3c-httpd/patches/patch-SSL +++ /dev/null @@ -1,534 +0,0 @@ -$NetBSD: patch-SSL,v 1.2 1999/05/09 21:12:33 tron Exp $ - -============================================================================ -README: -============================================================================ - -OVERVIEW - - This SSL tunneling patch for CERN httpd adds support for the - CONNECT method used by SSL enhanced clients to open a secure - tunnel through the proxy. - -THEORY - - The CONNECT method takes - - hostname:port - - as its argument, and the request is in the form of the - HTTP/1.0 request (that is, the string "HTTP/1.0" and the - request headers must follow the request). Example: - - CONNECT home1.netscape.com:443 HTTP/1.0 - - - The response will be either a normal HTTP/1.0 error response - (in case the host is unreachable for one reason or another), - or in case of success: - - HTTP/1.0 200 Connection established - - - after which the connection is open, and the client may start - the SSL handshake. - - This is a superior approach because it allows the HTTP request - headers to be passed, making it possible to do authentication - on the proxy, and allows any other future extension. - -CONFIGURATION - - Because the configuration of CERN httpd is based on URL - patterns, for ease of configuration, the hostname:port - argument in automatically transformed into an internal - representation: - - connect://hostname:port - - connect:// URLs do not exist in real life -- this is just a - notion in the configuration file to make life easier!! - -ENABLING - - SSL tunneling is disabled by default. To enable it for HTTPS - (uses the port 443), add the following line in the - configuration file: - - Pass connect://*:443 - - To enable secure news (SNEWS, uses port 563) tunneling, add - line: - - Pass connect://*:563 - - DO NOT use trailing slashes. DO NOT allow all connect:// - requests, the following is unsafe: - - Pass connect://* - -PROTECTION - - IP address protection should always be used in connection with - SSL tunneling. To create a protection template P which allows - access only for hosts with IP addresses 198.93.*.* and - 198.95.*.*, use the template: - - Protection P { - CONNECT-Mask @(198.93.*.*, 198.95.*.*) - } - - Note that this only declares a template; to actually apply the - protection use the Protect rule, AFTER the Protection - declaration, but BEFORE the Pass rule: - - Protect connect://* P - - Or, to collect them all together: - - Protection P { - CONNECT-Mask @(198.93.*.*, 198.95.*.*) - } - Protect connect://* P - Pass connect://*:443 - Pass connect://*:563 - - The Protection binding to name P may be left out in case it's - only used once, and the protection configuration may be - inlined in place of the protection name in Protect rule: - - Protect connect://* { - CONNECT-Mask @(198.93.*.*, 198.95.*.*) - } - Pass connect://*:443 - Pass connect://*:563 - - For a better insight of the CERN httpd's configuration system, - please refer to the online manual: - - http://www.w3.org/httpd/ - -PROXY AUTHENTICATION - - This patch does not enable proxy authentication. Proxy - authentication is not supported by the CERN proxy. Proxy - authentication uses the status code 407, and headers - Proxy-Authenticate and Proxy-Authorization. - - You MUST NOT try to use the Protect directive to turn on - normal user authentication on (the one that uses the 401 - status code, and WWW-Authenticate and Authorization headers). - That is an incorrect way to do authentication for the proxy, - and causes compatibility and security problems. - -CHAINING PROXIES - - This patch does not enable chaining proxies to do SSL - tunneling. More specifically, the CERN proxy with this patch - IS able to act as the OUTMOST proxy in the chain, but it - doesn't work if it is the inner proxy that has to speak to - another, outer proxy to establish a secure connection through - that. Therefore, a combination such as inner Netscape Proxy - and outer CERN httpd would work, but not vice versa. - -THE NETSCAPE PROXY SERVER - - The Netscape Proxy Server is a commercially supported proxy - server available from Netscape Communications Corporation. In - addition to it's unique, more efficient architecture, it - natively supports proxy authentication, proxy chaining, SSL - tunneling and HTTPS proxying, enabling also clients without - native SSL support to use HTTPS. - -AUTHOR - Ari Luotonen, Netscape Communications Corporation, 1995 - - -DISCLAIMER - - I do not have any official connection to the CERN httpd - development anymore. I have left the CERN WWW project in - summer '94. I do not provide any support for this software or - this patch. For general CERN httpd support, please contact: - - httpd@w3.org - - THIS PATCH IS PROVIDED IN GOOD FAITH, AS IS. I AND NETSCAPE - MAKE NO CLAIMS TO ITS SUITABILITY FOR ANY PARTICULAR PURPOSE, - AND I AND NETSCAPE PROVIDE ABSOLUTELY NO WARRANTY OF ANY KIND - WITH RESPECT TO THIS PATCH OR THIS SOFTWARE. THE ENTIRE RISK - AS TO THE QUALITY AND PERFORMANCE OF THIS SOFTWARE/PATCH IS - WITH THE USER. IN NO EVENT WILL I OR NETSCAPE BE LIABLE TO - ANYONE FOR ANY DAMAGES ARISING OUT THE USE OF THIS - SOFTWARE/PATCH, INCLUDING, WITHOUT LIMITATION, DAMAGES - RESULTING FROM LOST DATA OR LOST PROFITS, OR FOR ANY SPECIAL, - INCIDENTAL OR CONSEQUENTIAL DAMAGES. - - -============================================================================ -PATCH TO WWW COMMON LIBRARY 2.17 AND CERN HTTPD 3.0: -============================================================================ - -*** Library/Implementation/HTAccess.c.orig Thu Sep 29 04:53:28 1994 ---- Library/Implementation/HTAccess.c Tue May 9 13:16:50 1995 -*************** -*** 146,151 **** ---- 146,152 ---- - "SHOWMETHOD", - "LINK", - "UNLINK", -+ "CONNECT", - NULL - }; - -*** Library/Implementation/HTAccess.h.orig Sun Sep 25 07:15:14 1994 ---- Library/Implementation/HTAccess.h Tue May 9 13:15:47 1995 -*************** -*** 60,65 **** ---- 60,66 ---- - METHOD_SHOWMETHOD, - METHOD_LINK, - METHOD_UNLINK, -+ METHOD_CONNECT, - MAX_METHODS - } HTMethod; - /* -*** Daemon/Implementation/HTAAProt.h.orig Sun Sep 25 06:55:47 1994 ---- Daemon/Implementation/HTAAProt.h Mon May 15 21:05:40 1995 -*************** -*** 52,57 **** ---- 52,58 ---- - GroupDef * put_mask; /* - " - (PUT) */ - GroupDef * post_mask; /* - " - (POST) */ - GroupDef * delete_mask; /* - " - (DELETE) */ -+ GroupDef * connect_mask; /* - " - (CONNECT) */ - GroupDef * gen_mask; /* General mask (used when needed but */ - /* other masks not set). */ - HTList * valid_schemes;/* Valid authentication schemes */ -*** Daemon/Implementation/HTAAProt.c.orig Sun Sep 25 11:53:03 1994 ---- Daemon/Implementation/HTAAProt.c Mon May 15 21:18:05 1995 -*************** -*** 356,361 **** ---- 356,373 ---- - } - } /* if "Post-Mask" */ - -+ else if (0==strncasecomp(fieldname, "connect", 7)) { -+ prot->connect_mask = HTAA_parseGroupDef(fp); -+ lex_item=LEX_REC_SEP; /*groupdef parser read this already*/ -+ if (TRACE) { -+ if (prot->connect_mask) { -+ fprintf(stderr, "CONNECT-Mask\n"); -+ HTAA_printGroupDef(prot->connect_mask); -+ } -+ else fprintf(stderr,"SYNTAX ERROR parsing CONNECT-Mask\n"); -+ } -+ } /* if "Connect-Mask" */ -+ - else if (0==strncasecomp(fieldname, "delete", 6)) { - prot->delete_mask = HTAA_parseGroupDef(fp); - lex_item=LEX_REC_SEP; /*groupdef parser read this already*/ -*** Daemon/Implementation/HTAAServ.c.orig Sun Sep 25 06:52:53 1994 ---- Daemon/Implementation/HTAAServ.c Mon May 15 21:06:18 1995 -*************** -*** 208,213 **** ---- 208,215 ---- - mask = prot->post_mask; - else if (!strcmp(method_name, "DELETE")) - mask = prot->delete_mask; -+ else if (!strcmp(method_name, "CONNECT")) -+ mask = prot->connect_mask; - if (!mask) - mask = prot->gen_mask; - } -*** Daemon/Implementation/HTRequest.c.orig Fri Aug 12 03:36:29 1994 ---- Daemon/Implementation/HTRequest.c Mon May 15 21:32:44 1995 -*************** -*** 1006,1011 **** ---- 1006,1028 ---- - } - - /* -+ * SSL tunneling -- make host:port appear as connect://host:port -+ * to make it work better with the configuration system. -+ * Ari Luotonen May 1995 -+ */ -+ if (req->method == METHOD_CONNECT && HTReqArg) { -+ char *tmp = HTReqArg; -+ HTReqArg = NULL; -+ StrAllocCopy(HTReqArg, "connect://"); -+ StrAllocCat(HTReqArg, tmp); -+ free(tmp); -+ if ((tmp = strchr(HTReqArg + 10, ':'))) { -+ for (tmp++; *tmp && isdigit(*tmp); tmp++); -+ *tmp = '\0'; -+ } -+ } -+ -+ /* - ** Check that the third argument actually is a valid - ** client protocol specifier (if it is not we might wait - ** for an eternity for the rest of an HTTP1 request when it -*** Daemon/Implementation/HTDaemon.c.orig Mon Sep 26 07:23:00 1994 ---- Daemon/Implementation/HTDaemon.c Mon Jun 12 15:58:58 1995 -*************** -*** 65,70 **** ---- 65,71 ---- - ** defined via "ServerRoot" in the configuration file. - ** Commented out dead extern declarations. - ** 8 Jul 94 FM Insulate free() from _free structure element. -+ ** May 95 AL SSL tunneling support - */ - - /* (c) CERN WorldWideWeb project 1990-1992. See Copyright.html for details */ -*************** -*** 162,167 **** ---- 163,173 ---- - #include - #include - -+ #if !defined(__osf__) && !defined(AIX) && !defined(_HPUX_SOURCE) && \ -+ !defined(BSDI) && !defined(__linux) -+ #include -+ #endif -+ - #ifndef SIGCLD - #ifdef SIGCHLD - #define SIGCLD SIGCHLD -*************** -*** 376,381 **** ---- 382,602 ---- - - - -+ /* -+ * SSL tunneling support by Ari Luotonen , May 1995 -+ */ -+ -+ -+ #define SSL_PROXY_BUFSIZE 4096 -+ -+ -+ int shove_buffer ARGS4(int, sd, -+ char *, b, -+ int *, i, -+ int *, c) -+ { -+ int n = write(sd, &b[*i], *c); -+ -+ if (n > 0) -+ { -+ *i += n; -+ *c -= n; -+ } -+ else if (n == -1 && (errno == EWOULDBLOCK || errno == EINTR)) -+ { -+ n = 0; -+ } -+ -+ return n; -+ } -+ -+ int drag_buffer ARGS4(int, sd, -+ char *, b, -+ int *, i, -+ int *, c) -+ { -+ int n = read(sd, b, SSL_PROXY_BUFSIZE); -+ -+ *i = *c = 0; -+ -+ if (n > 0) -+ { -+ *c = n; -+ } -+ else if (n == -1 && errno != EWOULDBLOCK && errno != EINTR) -+ { -+ return 0; -+ } -+ return n; -+ } -+ -+ -+ int ssl_proxy_pump ARGS3(int, sd1, -+ int, sd2, -+ char *, initial) -+ { -+ char b1[SSL_PROXY_BUFSIZE]; -+ char b2[SSL_PROXY_BUFSIZE]; -+ int i1=0, i2=0; /* Buffer start index */ -+ int c1=0, c2=0; /* Buffer data counter */ -+ int r1=0, r2=0; /* Socket read ready */ -+ int w1=0, w2=0; /* Socket write ready */ -+ int closed1=0, closed2=0; /* Socket close */ -+ int n_fds = ((sd1 > sd2) ? sd1 : sd2) + 1; -+ fd_set rd_fds, wr_fds; -+ int status; -+ -+ memset(&rd_fds, 0, sizeof(rd_fds)); -+ memset(&wr_fds, 0, sizeof(wr_fds)); -+ -+ if (initial && *initial) { -+ strcpy(b1, initial); -+ c1 = strlen(initial); -+ } -+ -+ while (1) { -+ FD_SET(sd1, &rd_fds); -+ FD_SET(sd2, &rd_fds); -+ FD_SET(sd1, &wr_fds); -+ FD_SET(sd2, &wr_fds); -+ -+ if (!(status = select(n_fds, &rd_fds, &wr_fds, NULL, NULL))) -+ { -+ break; -+ } -+ else if (status == -1) -+ { -+ if (errno == EINTR) -+ continue; -+ else -+ break; -+ } -+ -+ r1 = FD_ISSET(sd1, &rd_fds); -+ r2 = FD_ISSET(sd2, &rd_fds); -+ w1 = FD_ISSET(sd1, &wr_fds); -+ w2 = FD_ISSET(sd2, &wr_fds); -+ -+ if (w1 && c1 > 0) -+ { -+ if (shove_buffer(sd1, b1, &i1, &c1) == -1) -+ closed1 = 1; -+ } -+ if (w2 && c2 > 0) -+ { -+ if (shove_buffer(sd2, b2, &i2, &c2) == -1) -+ closed2 = 1; -+ } -+ if (r1 && !c2) -+ { -+ if (!drag_buffer(sd1, b2, &i2, &c2)) -+ closed1 = 1; -+ } -+ if (r2 && !c1) -+ { -+ if (!drag_buffer(sd2, b1, &i1, &c1)) -+ closed2 = 1; -+ } -+ -+ if (closed1 || closed2) -+ { -+ break; -+ } -+ } -+ -+ NETCLOSE(sd1); -+ NETCLOSE(sd2); -+ -+ return 1; -+ } -+ -+ -+ BOOL ssl_proxy_get_addr ARGS3(char *, arg, -+ char **, host, -+ int *, port) -+ { -+ char *p; -+ -+ if (arg && host && port && !strncmp(arg, "connect://", 10)) { -+ -+ *host = NULL; -+ StrAllocCopy(*host, arg + 10); -+ -+ if ((p = strchr(*host, ':'))) { -+ *p++ = '\0'; -+ if ((*port = atoi(p)) > 0) -+ return YES; -+ } -+ } -+ return NO; -+ } -+ -+ -+ int ssl_proxy_connect ARGS3(HTRequest *, req, -+ char *, host, -+ int, port) -+ { -+ struct sockaddr_in sa; -+ struct hostent *hp; -+ int sd, status, one=1; -+ -+ memset(&sa, 0, sizeof(sa)); -+ sa.sin_family = AF_INET; -+ sa.sin_port = htons(port); -+ -+ if (isdigit(*host)) -+ sa.sin_addr.s_addr = inet_addr(host); -+ else if ((hp = gethostbyname(host))) -+ memcpy(&sa.sin_addr, hp->h_addr, hp->h_length); -+ else { -+ HTLoadError(req, 500, "Unable to locate host"); -+ return -1; -+ } -+ -+ if ((sd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) { -+ HTLoadError(req, 500, "Can't create socket"); -+ return -1; -+ } -+ -+ if ((status = connect(sd, (struct sockaddr *)&sa, sizeof(sa))) == -1) { -+ HTLoadError(req, 500, "Can't connect to host"); -+ return -1; -+ } -+ -+ if ((status = ioctl(sd, FIONBIO, &one)) == -1) { -+ HTLoadError(req, 500, "Can't make socket non-blocking"); -+ return -1; -+ } -+ -+ return sd; -+ } -+ -+ -+ -+ BOOL ssl_proxy_request ARGS2(char *, arg, HTRequest *, req) -+ { -+ char *host = NULL; -+ int port = 0; -+ int sd, one=1; -+ -+ CTRACE(stderr, "Handling CONNECT %s\n", arg); -+ -+ if (!ssl_proxy_get_addr(arg, &host, &port)) { -+ HTLoadError(req, 400, "Bad CONNECT request address"); -+ return NO; -+ } -+ -+ if ((sd = ssl_proxy_connect(req, host, port)) < 0) -+ return NO; -+ -+ if (ioctl(HTSoc, FIONBIO, &one) < -1) { -+ HTLoadError(req, 500, "Can't make client socket non-blocking"); -+ return NO; -+ } -+ -+ ssl_proxy_pump(HTSoc, sd, "HTTP/1.0 200 Connection established\r\n\r\n"); -+ return YES; -+ } - - - #if defined(Mips) -*************** -*** 1832,1837 **** ---- 2053,2062 ---- - } - FREE(cfn); - } -+ else if (req->method==METHOD_CONNECT) { -+ /* SSL tunneling by Ari Luotonen , May 1995 */ -+ ssl_proxy_request(HTReqArg, req); -+ } - else { - /* Normal retrieve with no caching */ - CTRACE(stderr, "No caching.. %s\n", diff --git a/www/w3c-httpd/patches/patch-ae b/www/w3c-httpd/patches/patch-ae new file mode 100644 index 00000000000..2e95f7df3b9 --- /dev/null +++ b/www/w3c-httpd/patches/patch-ae @@ -0,0 +1,149 @@ +$NetBSD: patch-ae,v 1.1 2001/04/05 14:24:40 wiz Exp $ + +*** /dev/null Tue Feb 6 11:05:04 1996 +--- README-CACHE_CHECK_SIZE Tue Feb 6 13:27:32 1996 +*************** +*** 0 **** +--- 1,11 ---- ++ Patch to avoid serving truncated files from the cache. ++ ++ Apply the patch, modify WWW/All//Makefile.include (for your model ++ system) and add '-DCACHE_CHECK_SIZE' to CFLAGS. ++ ++ With the patch, the server checks the size of a file in the cache before ++ returning it to the user; if the size is incorrect, the server will ++ refresh the file in the cache. ++ ++ -- ++ -- 19960205, Gertjan van Oosten, gertjan@West.NL, West Consulting bv +*** WWW/Daemon/Implementation/HTCache.c.orig Fri Aug 12 12:36:11 1994 +--- Daemon/Implementation/HTCache.c Mon Feb 5 14:02:11 1996 +*************** +*** 382,387 **** +--- 382,437 ---- + } + + ++ #ifdef CACHE_CHECK_SIZE ++ /* ++ ** Check whether cache file has correct size ++ ** ++ ** On exit: ++ ** return YES ++ ** if size is good ++ ** return NO ++ ** if size is too small or too large ++ ** ++ */ ++ PRIVATE BOOL cache_check_size ARGS2(char *, cfn, ++ struct stat *, stat_info) ++ { ++ char buf[BUF_SIZE+2]; ++ FILE *cf; ++ long cl = 0, pos, size, actual; ++ ++ if (!cfn) ++ return NO; ++ ++ cf = fopen(cfn, "r"); ++ if (!cf) ++ return NO; ++ ++ while (fgets(buf, sizeof(buf), cf)) { ++ if (!buf[0] ++ || (buf[0] == '\n' && !buf[1]) ++ || (buf[0] == '\r' && buf[1] == '\n' && !buf[2])) ++ break; ++ ++ if (!strncasecomp(buf, "content-length:", 15)) ++ sscanf(buf+15, "%ld", &cl); ++ } ++ pos = ftell(cf); ++ fclose(cf); ++ ++ size = stat_info->st_size; ++ ++ actual = size - pos; ++ if (TRACE) { ++ fprintf(stderr,"Cache....... checking \"%s\": content-length %ld =?= %ld\n", ++ cfn,cl,actual); ++ } ++ ++ return (cl == actual ? YES : NO); ++ } ++ #endif /* CACHE_CHECK_SIZE */ ++ ++ + PRIVATE BOOL do_caching ARGS1(char *, url) + { + HTList * cur = cc.no_caching; +*************** +*** 460,465 **** +--- 510,518 ---- + time_t *, expires) + { + struct stat stat_info; ++ #ifdef CACHE_CHECK_SIZE ++ BOOL size_ok; ++ #endif + + if (!url || !cfn || !cf || !if_ms) return CACHE_NO; + *cfn = NULL; +*************** +*** 497,503 **** +--- 550,563 ---- + } + + success = HTCacheInfo_for(*cfn, &ld, &lc, &ex, &mu, &lm); ++ #ifdef CACHE_CHECK_SIZE ++ /* Check whether file in cache has correct size */ ++ size_ok = cache_check_size(*cfn, &stat_info); ++ #endif + if (!success /* no entry */ ++ #ifdef CACHE_CHECK_SIZE ++ || !size_ok /* wrong size */ ++ #endif + || ex - cc.cache_time_margin <= cur_time /* expired */ + || cur_time - lc >= refresh_interval /* time to refresh */ + || in.no_cache_pragma) { /* override cache */ +*************** +*** 507,512 **** +--- 567,576 ---- + if (TRACE) { + if (!success) + fprintf(stderr, "NoEntry..... %s -- expiring\n",*cfn); ++ #ifdef CACHE_CHECK_SIZE ++ else if (!size_ok) ++ fprintf(stderr, "Truncated...... %s -- refresh\n",*cfn); ++ #endif + else if (in.no_cache_pragma) + fprintf(stderr, "Forced...... refresh of %s\n",*cfn); + else if (ex - cc.cache_time_margin <= cur_time) +*************** +*** 527,533 **** +--- 591,601 ---- + if (cc.cache_no_connect) { + CTRACE(stderr, "Standalone.. caching mode but expired\n"); + cache_hit = YES; ++ #ifdef CACHE_CHECK_SIZE ++ return size_ok ? CACHE_IF_MODIFIED : CACHE_CREATE; ++ #else + return CACHE_IF_MODIFIED; ++ #endif + } + + if (!(*cf = do_lock(*cfn))) { +*************** +*** 550,556 **** +--- 618,628 ---- + CTRACE(stderr,"IfModSince.. time: %s", ctime(if_ms)); + + free(backup); ++ #ifdef CACHE_CHECK_SIZE ++ return size_ok ? CACHE_IF_MODIFIED : CACHE_CREATE; ++ #else + return CACHE_IF_MODIFIED; ++ #endif + } + else { + CTRACE(stderr, "Cache....... not expired %s\n", *cfn); diff --git a/www/w3c-httpd/patches/patch-af b/www/w3c-httpd/patches/patch-af new file mode 100644 index 00000000000..7e0b7923a91 --- /dev/null +++ b/www/w3c-httpd/patches/patch-af @@ -0,0 +1,103 @@ +$NetBSD: patch-af,v 1.1 2001/04/05 14:24:40 wiz Exp $ + +*** /dev/null Tue Feb 6 11:05:04 1996 +--- README-CACHEDIRS Tue Feb 6 13:03:37 1996 +*************** +*** 0 **** +--- 1,12 ---- ++ Patch to translate directory names in the cache from e.g. ++ /www-cache/http/www.some.where.org/ ++ to ++ /www-cache/http/org/where/some/www/ ++ ++ Note that this can lead to unexpected problems, when you have two URLs ++ like and . ++ [This does happen, e.g. many sites out there have "some.where.org" and ++ "www.some.where.org" point to the same machine.] ++ ++ -- ++ -- 19950915, Gertjan van Oosten, gertjan@West.NL, West Consulting B.V. +*** WWW/Daemon/Implementation/HTCache.c.orig Fri Aug 12 12:36:11 1994 +--- Daemon/Implementation/HTCache.c Fri Sep 15 16:25:33 1995 +*************** +*** 5,16 **** +--- 5,19 ---- + ** AUTHORS: + ** AL Ari Luotonen luotonen@dxcern.cern.ch + ** FM Fote Macrides macrides@sci.wfeb.edu ++ ** GJ Gertjan van Oosten gertjan@West.NL + ** + ** HISTORY: + ** 31 Jan 94 AL Written from scratch on a *very* beautiful + ** Sunday afternoon -- seems like the spring + ** is already coming, yippee! + ** 8 Jul 94 FM Insulate free() from _free structure element. ++ ** 15 Sep 95 GJ Translate host names in cache to (reversed) ++ ** directories. + ** + ** BUGS: + ** +*************** +*** 243,248 **** +--- 246,252 ---- + { + char * access = NULL; + char * host = NULL; ++ char * revhost = NULL; + char * path = NULL; + char * cfn = NULL; + BOOL welcome = NO; +*************** +*** 274,291 **** + *cur = TOLOWER(*cur); + cur++; + } + } + + cfn = (char*)malloc(strlen(cc.cache_root) + + strlen(access) + +! (host ? strlen(host) : 0) + + (path ? strlen(path) : 0) + + (welcome ? strlen(WELCOME_FILE) : 0) + 3); + if (!cfn) outofmem(__FILE__, "cache_file_name"); +! sprintf(cfn, "%s/%s/%s%s%s", cc.cache_root, access, host, path, + (welcome ? WELCOME_FILE : "")); + +! FREE(access); FREE(host); FREE(path); + + /* + ** This checks that the last component is not too long. +--- 278,310 ---- + *cur = TOLOWER(*cur); + cur++; + } ++ /* ++ ** Now transform host name from "www.some.where.org" ++ ** to "org/where/some/www". ++ ** [For nameless hosts, you'd want the IP address ++ ** translated from "10.127.7.254" to "10/127/7/254", ++ ** but that is left as an exercise.] ++ */ ++ revhost = malloc(strlen(host)+1); ++ revhost[0] = '\0'; ++ while (cur = strrchr(host, '.')) { ++ strcat(revhost, cur+1); ++ strcat(revhost, "/"); ++ *cur = '\0'; ++ } ++ strcat(revhost, host); + } + + cfn = (char*)malloc(strlen(cc.cache_root) + + strlen(access) + +! (revhost ? strlen(revhost) : 0) + + (path ? strlen(path) : 0) + + (welcome ? strlen(WELCOME_FILE) : 0) + 3); + if (!cfn) outofmem(__FILE__, "cache_file_name"); +! sprintf(cfn, "%s/%s/%s%s%s", cc.cache_root, access, revhost, path, + (welcome ? WELCOME_FILE : "")); + +! FREE(access); FREE(host); FREE(revhost); FREE(path); + + /* + ** This checks that the last component is not too long. diff --git a/www/w3c-httpd/patches/patch-ag b/www/w3c-httpd/patches/patch-ag new file mode 100644 index 00000000000..dbaf13606a4 --- /dev/null +++ b/www/w3c-httpd/patches/patch-ag @@ -0,0 +1,534 @@ +$NetBSD: patch-ag,v 1.1 2001/04/05 14:24:40 wiz Exp $ + +============================================================================ +README: +============================================================================ + +OVERVIEW + + This SSL tunneling patch for CERN httpd adds support for the + CONNECT method used by SSL enhanced clients to open a secure + tunnel through the proxy. + +THEORY + + The CONNECT method takes + + hostname:port + + as its argument, and the request is in the form of the + HTTP/1.0 request (that is, the string "HTTP/1.0" and the + request headers must follow the request). Example: + + CONNECT home1.netscape.com:443 HTTP/1.0 + + + The response will be either a normal HTTP/1.0 error response + (in case the host is unreachable for one reason or another), + or in case of success: + + HTTP/1.0 200 Connection established + + + after which the connection is open, and the client may start + the SSL handshake. + + This is a superior approach because it allows the HTTP request + headers to be passed, making it possible to do authentication + on the proxy, and allows any other future extension. + +CONFIGURATION + + Because the configuration of CERN httpd is based on URL + patterns, for ease of configuration, the hostname:port + argument in automatically transformed into an internal + representation: + + connect://hostname:port + + connect:// URLs do not exist in real life -- this is just a + notion in the configuration file to make life easier!! + +ENABLING + + SSL tunneling is disabled by default. To enable it for HTTPS + (uses the port 443), add the following line in the + configuration file: + + Pass connect://*:443 + + To enable secure news (SNEWS, uses port 563) tunneling, add + line: + + Pass connect://*:563 + + DO NOT use trailing slashes. DO NOT allow all connect:// + requests, the following is unsafe: + + Pass connect://* + +PROTECTION + + IP address protection should always be used in connection with + SSL tunneling. To create a protection template P which allows + access only for hosts with IP addresses 198.93.*.* and + 198.95.*.*, use the template: + + Protection P { + CONNECT-Mask @(198.93.*.*, 198.95.*.*) + } + + Note that this only declares a template; to actually apply the + protection use the Protect rule, AFTER the Protection + declaration, but BEFORE the Pass rule: + + Protect connect://* P + + Or, to collect them all together: + + Protection P { + CONNECT-Mask @(198.93.*.*, 198.95.*.*) + } + Protect connect://* P + Pass connect://*:443 + Pass connect://*:563 + + The Protection binding to name P may be left out in case it's + only used once, and the protection configuration may be + inlined in place of the protection name in Protect rule: + + Protect connect://* { + CONNECT-Mask @(198.93.*.*, 198.95.*.*) + } + Pass connect://*:443 + Pass connect://*:563 + + For a better insight of the CERN httpd's configuration system, + please refer to the online manual: + + http://www.w3.org/httpd/ + +PROXY AUTHENTICATION + + This patch does not enable proxy authentication. Proxy + authentication is not supported by the CERN proxy. Proxy + authentication uses the status code 407, and headers + Proxy-Authenticate and Proxy-Authorization. + + You MUST NOT try to use the Protect directive to turn on + normal user authentication on (the one that uses the 401 + status code, and WWW-Authenticate and Authorization headers). + That is an incorrect way to do authentication for the proxy, + and causes compatibility and security problems. + +CHAINING PROXIES + + This patch does not enable chaining proxies to do SSL + tunneling. More specifically, the CERN proxy with this patch + IS able to act as the OUTMOST proxy in the chain, but it + doesn't work if it is the inner proxy that has to speak to + another, outer proxy to establish a secure connection through + that. Therefore, a combination such as inner Netscape Proxy + and outer CERN httpd would work, but not vice versa. + +THE NETSCAPE PROXY SERVER + + The Netscape Proxy Server is a commercially supported proxy + server available from Netscape Communications Corporation. In + addition to it's unique, more efficient architecture, it + natively supports proxy authentication, proxy chaining, SSL + tunneling and HTTPS proxying, enabling also clients without + native SSL support to use HTTPS. + +AUTHOR + Ari Luotonen, Netscape Communications Corporation, 1995 + + +DISCLAIMER + + I do not have any official connection to the CERN httpd + development anymore. I have left the CERN WWW project in + summer '94. I do not provide any support for this software or + this patch. For general CERN httpd support, please contact: + + httpd@w3.org + + THIS PATCH IS PROVIDED IN GOOD FAITH, AS IS. I AND NETSCAPE + MAKE NO CLAIMS TO ITS SUITABILITY FOR ANY PARTICULAR PURPOSE, + AND I AND NETSCAPE PROVIDE ABSOLUTELY NO WARRANTY OF ANY KIND + WITH RESPECT TO THIS PATCH OR THIS SOFTWARE. THE ENTIRE RISK + AS TO THE QUALITY AND PERFORMANCE OF THIS SOFTWARE/PATCH IS + WITH THE USER. IN NO EVENT WILL I OR NETSCAPE BE LIABLE TO + ANYONE FOR ANY DAMAGES ARISING OUT THE USE OF THIS + SOFTWARE/PATCH, INCLUDING, WITHOUT LIMITATION, DAMAGES + RESULTING FROM LOST DATA OR LOST PROFITS, OR FOR ANY SPECIAL, + INCIDENTAL OR CONSEQUENTIAL DAMAGES. + + +============================================================================ +PATCH TO WWW COMMON LIBRARY 2.17 AND CERN HTTPD 3.0: +============================================================================ + +*** Library/Implementation/HTAccess.c.orig Thu Sep 29 04:53:28 1994 +--- Library/Implementation/HTAccess.c Tue May 9 13:16:50 1995 +*************** +*** 146,151 **** +--- 146,152 ---- + "SHOWMETHOD", + "LINK", + "UNLINK", ++ "CONNECT", + NULL + }; + +*** Library/Implementation/HTAccess.h.orig Sun Sep 25 07:15:14 1994 +--- Library/Implementation/HTAccess.h Tue May 9 13:15:47 1995 +*************** +*** 60,65 **** +--- 60,66 ---- + METHOD_SHOWMETHOD, + METHOD_LINK, + METHOD_UNLINK, ++ METHOD_CONNECT, + MAX_METHODS + } HTMethod; + /* +*** Daemon/Implementation/HTAAProt.h.orig Sun Sep 25 06:55:47 1994 +--- Daemon/Implementation/HTAAProt.h Mon May 15 21:05:40 1995 +*************** +*** 52,57 **** +--- 52,58 ---- + GroupDef * put_mask; /* - " - (PUT) */ + GroupDef * post_mask; /* - " - (POST) */ + GroupDef * delete_mask; /* - " - (DELETE) */ ++ GroupDef * connect_mask; /* - " - (CONNECT) */ + GroupDef * gen_mask; /* General mask (used when needed but */ + /* other masks not set). */ + HTList * valid_schemes;/* Valid authentication schemes */ +*** Daemon/Implementation/HTAAProt.c.orig Sun Sep 25 11:53:03 1994 +--- Daemon/Implementation/HTAAProt.c Mon May 15 21:18:05 1995 +*************** +*** 356,361 **** +--- 356,373 ---- + } + } /* if "Post-Mask" */ + ++ else if (0==strncasecomp(fieldname, "connect", 7)) { ++ prot->connect_mask = HTAA_parseGroupDef(fp); ++ lex_item=LEX_REC_SEP; /*groupdef parser read this already*/ ++ if (TRACE) { ++ if (prot->connect_mask) { ++ fprintf(stderr, "CONNECT-Mask\n"); ++ HTAA_printGroupDef(prot->connect_mask); ++ } ++ else fprintf(stderr,"SYNTAX ERROR parsing CONNECT-Mask\n"); ++ } ++ } /* if "Connect-Mask" */ ++ + else if (0==strncasecomp(fieldname, "delete", 6)) { + prot->delete_mask = HTAA_parseGroupDef(fp); + lex_item=LEX_REC_SEP; /*groupdef parser read this already*/ +*** Daemon/Implementation/HTAAServ.c.orig Sun Sep 25 06:52:53 1994 +--- Daemon/Implementation/HTAAServ.c Mon May 15 21:06:18 1995 +*************** +*** 208,213 **** +--- 208,215 ---- + mask = prot->post_mask; + else if (!strcmp(method_name, "DELETE")) + mask = prot->delete_mask; ++ else if (!strcmp(method_name, "CONNECT")) ++ mask = prot->connect_mask; + if (!mask) + mask = prot->gen_mask; + } +*** Daemon/Implementation/HTRequest.c.orig Fri Aug 12 03:36:29 1994 +--- Daemon/Implementation/HTRequest.c Mon May 15 21:32:44 1995 +*************** +*** 1006,1011 **** +--- 1006,1028 ---- + } + + /* ++ * SSL tunneling -- make host:port appear as connect://host:port ++ * to make it work better with the configuration system. ++ * Ari Luotonen May 1995 ++ */ ++ if (req->method == METHOD_CONNECT && HTReqArg) { ++ char *tmp = HTReqArg; ++ HTReqArg = NULL; ++ StrAllocCopy(HTReqArg, "connect://"); ++ StrAllocCat(HTReqArg, tmp); ++ free(tmp); ++ if ((tmp = strchr(HTReqArg + 10, ':'))) { ++ for (tmp++; *tmp && isdigit(*tmp); tmp++); ++ *tmp = '\0'; ++ } ++ } ++ ++ /* + ** Check that the third argument actually is a valid + ** client protocol specifier (if it is not we might wait + ** for an eternity for the rest of an HTTP1 request when it +*** Daemon/Implementation/HTDaemon.c.orig Mon Sep 26 07:23:00 1994 +--- Daemon/Implementation/HTDaemon.c Mon Jun 12 15:58:58 1995 +*************** +*** 65,70 **** +--- 65,71 ---- + ** defined via "ServerRoot" in the configuration file. + ** Commented out dead extern declarations. + ** 8 Jul 94 FM Insulate free() from _free structure element. ++ ** May 95 AL SSL tunneling support + */ + + /* (c) CERN WorldWideWeb project 1990-1992. See Copyright.html for details */ +*************** +*** 162,167 **** +--- 163,173 ---- + #include + #include + ++ #if !defined(__osf__) && !defined(AIX) && !defined(_HPUX_SOURCE) && \ ++ !defined(BSDI) && !defined(__linux) ++ #include ++ #endif ++ + #ifndef SIGCLD + #ifdef SIGCHLD + #define SIGCLD SIGCHLD +*************** +*** 376,381 **** +--- 382,602 ---- + + + ++ /* ++ * SSL tunneling support by Ari Luotonen , May 1995 ++ */ ++ ++ ++ #define SSL_PROXY_BUFSIZE 4096 ++ ++ ++ int shove_buffer ARGS4(int, sd, ++ char *, b, ++ int *, i, ++ int *, c) ++ { ++ int n = write(sd, &b[*i], *c); ++ ++ if (n > 0) ++ { ++ *i += n; ++ *c -= n; ++ } ++ else if (n == -1 && (errno == EWOULDBLOCK || errno == EINTR)) ++ { ++ n = 0; ++ } ++ ++ return n; ++ } ++ ++ int drag_buffer ARGS4(int, sd, ++ char *, b, ++ int *, i, ++ int *, c) ++ { ++ int n = read(sd, b, SSL_PROXY_BUFSIZE); ++ ++ *i = *c = 0; ++ ++ if (n > 0) ++ { ++ *c = n; ++ } ++ else if (n == -1 && errno != EWOULDBLOCK && errno != EINTR) ++ { ++ return 0; ++ } ++ return n; ++ } ++ ++ ++ int ssl_proxy_pump ARGS3(int, sd1, ++ int, sd2, ++ char *, initial) ++ { ++ char b1[SSL_PROXY_BUFSIZE]; ++ char b2[SSL_PROXY_BUFSIZE]; ++ int i1=0, i2=0; /* Buffer start index */ ++ int c1=0, c2=0; /* Buffer data counter */ ++ int r1=0, r2=0; /* Socket read ready */ ++ int w1=0, w2=0; /* Socket write ready */ ++ int closed1=0, closed2=0; /* Socket close */ ++ int n_fds = ((sd1 > sd2) ? sd1 : sd2) + 1; ++ fd_set rd_fds, wr_fds; ++ int status; ++ ++ memset(&rd_fds, 0, sizeof(rd_fds)); ++ memset(&wr_fds, 0, sizeof(wr_fds)); ++ ++ if (initial && *initial) { ++ strcpy(b1, initial); ++ c1 = strlen(initial); ++ } ++ ++ while (1) { ++ FD_SET(sd1, &rd_fds); ++ FD_SET(sd2, &rd_fds); ++ FD_SET(sd1, &wr_fds); ++ FD_SET(sd2, &wr_fds); ++ ++ if (!(status = select(n_fds, &rd_fds, &wr_fds, NULL, NULL))) ++ { ++ break; ++ } ++ else if (status == -1) ++ { ++ if (errno == EINTR) ++ continue; ++ else ++ break; ++ } ++ ++ r1 = FD_ISSET(sd1, &rd_fds); ++ r2 = FD_ISSET(sd2, &rd_fds); ++ w1 = FD_ISSET(sd1, &wr_fds); ++ w2 = FD_ISSET(sd2, &wr_fds); ++ ++ if (w1 && c1 > 0) ++ { ++ if (shove_buffer(sd1, b1, &i1, &c1) == -1) ++ closed1 = 1; ++ } ++ if (w2 && c2 > 0) ++ { ++ if (shove_buffer(sd2, b2, &i2, &c2) == -1) ++ closed2 = 1; ++ } ++ if (r1 && !c2) ++ { ++ if (!drag_buffer(sd1, b2, &i2, &c2)) ++ closed1 = 1; ++ } ++ if (r2 && !c1) ++ { ++ if (!drag_buffer(sd2, b1, &i1, &c1)) ++ closed2 = 1; ++ } ++ ++ if (closed1 || closed2) ++ { ++ break; ++ } ++ } ++ ++ NETCLOSE(sd1); ++ NETCLOSE(sd2); ++ ++ return 1; ++ } ++ ++ ++ BOOL ssl_proxy_get_addr ARGS3(char *, arg, ++ char **, host, ++ int *, port) ++ { ++ char *p; ++ ++ if (arg && host && port && !strncmp(arg, "connect://", 10)) { ++ ++ *host = NULL; ++ StrAllocCopy(*host, arg + 10); ++ ++ if ((p = strchr(*host, ':'))) { ++ *p++ = '\0'; ++ if ((*port = atoi(p)) > 0) ++ return YES; ++ } ++ } ++ return NO; ++ } ++ ++ ++ int ssl_proxy_connect ARGS3(HTRequest *, req, ++ char *, host, ++ int, port) ++ { ++ struct sockaddr_in sa; ++ struct hostent *hp; ++ int sd, status, one=1; ++ ++ memset(&sa, 0, sizeof(sa)); ++ sa.sin_family = AF_INET; ++ sa.sin_port = htons(port); ++ ++ if (isdigit(*host)) ++ sa.sin_addr.s_addr = inet_addr(host); ++ else if ((hp = gethostbyname(host))) ++ memcpy(&sa.sin_addr, hp->h_addr, hp->h_length); ++ else { ++ HTLoadError(req, 500, "Unable to locate host"); ++ return -1; ++ } ++ ++ if ((sd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) { ++ HTLoadError(req, 500, "Can't create socket"); ++ return -1; ++ } ++ ++ if ((status = connect(sd, (struct sockaddr *)&sa, sizeof(sa))) == -1) { ++ HTLoadError(req, 500, "Can't connect to host"); ++ return -1; ++ } ++ ++ if ((status = ioctl(sd, FIONBIO, &one)) == -1) { ++ HTLoadError(req, 500, "Can't make socket non-blocking"); ++ return -1; ++ } ++ ++ return sd; ++ } ++ ++ ++ ++ BOOL ssl_proxy_request ARGS2(char *, arg, HTRequest *, req) ++ { ++ char *host = NULL; ++ int port = 0; ++ int sd, one=1; ++ ++ CTRACE(stderr, "Handling CONNECT %s\n", arg); ++ ++ if (!ssl_proxy_get_addr(arg, &host, &port)) { ++ HTLoadError(req, 400, "Bad CONNECT request address"); ++ return NO; ++ } ++ ++ if ((sd = ssl_proxy_connect(req, host, port)) < 0) ++ return NO; ++ ++ if (ioctl(HTSoc, FIONBIO, &one) < -1) { ++ HTLoadError(req, 500, "Can't make client socket non-blocking"); ++ return NO; ++ } ++ ++ ssl_proxy_pump(HTSoc, sd, "HTTP/1.0 200 Connection established\r\n\r\n"); ++ return YES; ++ } + + + #if defined(Mips) +*************** +*** 1832,1837 **** +--- 2053,2062 ---- + } + FREE(cfn); + } ++ else if (req->method==METHOD_CONNECT) { ++ /* SSL tunneling by Ari Luotonen , May 1995 */ ++ ssl_proxy_request(HTReqArg, req); ++ } + else { + /* Normal retrieve with no caching */ + CTRACE(stderr, "No caching.. %s\n", -- cgit v1.2.3