diff options
| author | Arno Töll <arno@debian.org> | 2012-11-21 23:03:42 +0100 |
|---|---|---|
| committer | Arno Töll <arno@debian.org> | 2012-11-21 23:03:42 +0100 |
| commit | 1b24d86e6b2179692e60091dec59f797cd308b9e (patch) | |
| tree | c5502d40d82fdef69ab9c1e4ed69904fefea9ac1 /src/mod_secure_download.c | |
| parent | 6a6df8dc258631c6eaccb03bf08845241f6dfa4a (diff) | |
| download | lighttpd-1b24d86e6b2179692e60091dec59f797cd308b9e.tar.gz | |
Imported Upstream version 1.4.13upstream/1.4.13
Diffstat (limited to 'src/mod_secure_download.c')
| -rw-r--r-- | src/mod_secure_download.c | 138 |
1 files changed, 69 insertions, 69 deletions
diff --git a/src/mod_secure_download.c b/src/mod_secure_download.c index 1ea5a50..08a0554 100644 --- a/src/mod_secure_download.c +++ b/src/mod_secure_download.c @@ -25,7 +25,7 @@ typedef char HASHHEX[HASHHEXLEN+1]; #ifdef USE_OPENSSL #define IN const #else -#define IN +#define IN #endif #define OUT @@ -36,28 +36,28 @@ typedef struct { buffer *doc_root; buffer *secret; buffer *uri_prefix; - + unsigned short timeout; } plugin_config; typedef struct { PLUGIN_DATA; - + buffer *md5; - + plugin_config **config_storage; - - plugin_config conf; + + plugin_config conf; } plugin_data; /* init the plugin data */ INIT_FUNC(mod_secdownload_init) { plugin_data *p; - + p = calloc(1, sizeof(*p)); - + p->md5 = buffer_init(); - + return p; } @@ -65,27 +65,27 @@ INIT_FUNC(mod_secdownload_init) { FREE_FUNC(mod_secdownload_free) { plugin_data *p = p_d; UNUSED(srv); - + if (!p) return HANDLER_GO_ON; - + if (p->config_storage) { size_t i; for (i = 0; i < srv->config_context->used; i++) { plugin_config *s = p->config_storage[i]; - + buffer_free(s->secret); buffer_free(s->doc_root); buffer_free(s->uri_prefix); - + free(s); } free(p->config_storage); } - + buffer_free(p->md5); - + free(p); - + return HANDLER_GO_ON; } @@ -94,65 +94,65 @@ FREE_FUNC(mod_secdownload_free) { SETDEFAULTS_FUNC(mod_secdownload_set_defaults) { plugin_data *p = p_d; size_t i = 0; - - config_values_t cv[] = { + + config_values_t cv[] = { { "secdownload.secret", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 0 */ { "secdownload.document-root", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 1 */ { "secdownload.uri-prefix", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 2 */ { "secdownload.timeout", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 3 */ { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET } }; - + if (!p) return HANDLER_ERROR; - + p->config_storage = calloc(1, srv->config_context->used * sizeof(specific_config *)); - + for (i = 0; i < srv->config_context->used; i++) { plugin_config *s; - + s = calloc(1, sizeof(plugin_config)); s->secret = buffer_init(); s->doc_root = buffer_init(); s->uri_prefix = buffer_init(); s->timeout = 60; - + cv[0].destination = s->secret; cv[1].destination = s->doc_root; cv[2].destination = s->uri_prefix; cv[3].destination = &(s->timeout); - + p->config_storage[i] = s; - + if (0 != config_insert_values_global(srv, ((data_config *)srv->config_context->data[i])->value, cv)) { return HANDLER_ERROR; } } - + return HANDLER_GO_ON; } /** * checks if the supplied string is a MD5 string - * + * * @param str a possible MD5 string * @return if the supplied string is a valid MD5 string 1 is returned otherwise 0 */ int is_hex_len(const char *str, size_t len) { size_t i; - + if (NULL == str) return 0; - + for (i = 0; i < len && *str; i++, str++) { /* illegal characters */ if (!((*str >= '0' && *str <= '9') || (*str >= 'a' && *str <= 'f') || - (*str >= 'A' && *str <= 'F')) + (*str >= 'A' && *str <= 'F')) ) { return 0; } } - + return i == len; } @@ -161,24 +161,24 @@ int is_hex_len(const char *str, size_t len) { static int mod_secdownload_patch_connection(server *srv, connection *con, plugin_data *p) { size_t i, j; plugin_config *s = p->config_storage[0]; - + PATCH(secret); PATCH(doc_root); PATCH(uri_prefix); PATCH(timeout); - + /* skip the first, the global context */ for (i = 1; i < srv->config_context->used; i++) { data_config *dc = (data_config *)srv->config_context->data[i]; s = p->config_storage[i]; - + /* condition didn't match */ if (!config_check_cond(srv, con, dc)) continue; - + /* merge config */ for (j = 0; j < dc->value->used; j++) { data_unset *du = dc->value->data[j]; - + if (buffer_is_equal_string(du->key, CONST_STR_LEN("secdownload.secret"))) { PATCH(secret); } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("secdownload.document-root"))) { @@ -190,7 +190,7 @@ static int mod_secdownload_patch_connection(server *srv, connection *con, plugin } } } - + return 0; } #undef PATCH @@ -203,88 +203,88 @@ URIHANDLER_FUNC(mod_secdownload_uri_handler) { const char *rel_uri, *ts_str, *md5_str; time_t ts = 0; size_t i; - + if (con->uri.path->used == 0) return HANDLER_GO_ON; - + mod_secdownload_patch_connection(srv, con, p); if (buffer_is_empty(p->conf.uri_prefix)) return HANDLER_GO_ON; - + if (buffer_is_empty(p->conf.secret)) { log_error_write(srv, __FILE__, __LINE__, "s", "secdownload.secret has to be set"); return HANDLER_ERROR; } - + if (buffer_is_empty(p->conf.doc_root)) { log_error_write(srv, __FILE__, __LINE__, "s", "secdownload.document-root has to be set"); return HANDLER_ERROR; } - - /* + + /* * /<uri-prefix>[a-f0-9]{32}/[a-f0-9]{8}/<rel-path> */ - + if (0 != strncmp(con->uri.path->ptr, p->conf.uri_prefix->ptr, p->conf.uri_prefix->used - 1)) return HANDLER_GO_ON; - + md5_str = con->uri.path->ptr + p->conf.uri_prefix->used - 1; - + if (!is_hex_len(md5_str, 32)) return HANDLER_GO_ON; if (*(md5_str + 32) != '/') return HANDLER_GO_ON; - + ts_str = md5_str + 32 + 1; - + if (!is_hex_len(ts_str, 8)) return HANDLER_GO_ON; if (*(ts_str + 8) != '/') return HANDLER_GO_ON; - + for (i = 0; i < 8; i++) { ts = (ts << 4) + hex2int(*(ts_str + i)); } - + /* timed-out */ - if (srv->cur_ts - ts > p->conf.timeout || + if (srv->cur_ts - ts > p->conf.timeout || srv->cur_ts - ts < -p->conf.timeout) { con->http_status = 408; - + return HANDLER_FINISHED; } - + rel_uri = ts_str + 8; - - /* checking MD5 - * + + /* checking MD5 + * * <secret><rel-path><timestamp-hex> */ - + buffer_copy_string_buffer(p->md5, p->conf.secret); buffer_append_string(p->md5, rel_uri); buffer_append_string_len(p->md5, ts_str, 8); - + MD5_Init(&Md5Ctx); MD5_Update(&Md5Ctx, (unsigned char *)p->md5->ptr, p->md5->used - 1); MD5_Final(HA1, &Md5Ctx); - + buffer_copy_string_hex(p->md5, (char *)HA1, 16); - + if (0 != strncmp(md5_str, p->md5->ptr, 32)) { con->http_status = 403; - - log_error_write(srv, __FILE__, __LINE__, "sss", + + log_error_write(srv, __FILE__, __LINE__, "sss", "md5 invalid:", md5_str, p->md5->ptr); - + return HANDLER_FINISHED; } - + /* starting with the last / we should have relative-path to the docroot */ - + buffer_copy_string_buffer(con->physical.doc_root, p->conf.doc_root); buffer_copy_string(con->physical.rel_path, rel_uri); buffer_copy_string_buffer(con->physical.path, con->physical.doc_root); buffer_append_string_buffer(con->physical.path, con->physical.rel_path); - + return HANDLER_GO_ON; } @@ -293,13 +293,13 @@ URIHANDLER_FUNC(mod_secdownload_uri_handler) { int mod_secdownload_plugin_init(plugin *p) { p->version = LIGHTTPD_VERSION_ID; p->name = buffer_init_string("secdownload"); - + p->init = mod_secdownload_init; p->handle_physical = mod_secdownload_uri_handler; p->set_defaults = mod_secdownload_set_defaults; p->cleanup = mod_secdownload_free; - + p->data = NULL; - + return 0; } |