mirror of
https://github.com/apache/httpd.git
synced 2025-08-01 16:41:19 +00:00
aa062c60f3
* include/ap_socache.h (ap_socache_provider_t::store): Take a pool. (ap_socache_provider_t::retrieve): Guarantee APR_NOTFOUND for a "not found" result. (ap_socache_provider_t::remove): Return an apr_status_t. * modules/cache/mod_socache_dc.c, modules/cache/mod_socache_dbm.c, modules/cache/mod_socache_shmcb, modules/cache/mod_socache_memcache.c: Adjust accordingly. * modules/ssl/ssl_scache.c (ssl_scache_store): Pass pool to sesscache->store. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@726059 13f79535-47bb-0310-9956-ffa450edef68
524 lines
17 KiB
C
524 lines
17 KiB
C
/* Licensed to the Apache Software Foundation (ASF) under one or more
|
|
* contributor license agreements. See the NOTICE file distributed with
|
|
* this work for additional information regarding copyright ownership.
|
|
* The ASF licenses this file to You under the Apache License, Version 2.0
|
|
* (the "License"); you may not use this file except in compliance with
|
|
* the License. You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#include "httpd.h"
|
|
#include "http_log.h"
|
|
#include "http_request.h"
|
|
#include "http_protocol.h"
|
|
#include "http_config.h"
|
|
#include "mpm_common.h"
|
|
|
|
#include "apr.h"
|
|
#include "apr_strings.h"
|
|
#include "apr_time.h"
|
|
#define APR_WANT_STRFUNC
|
|
#include "apr_want.h"
|
|
#include "apr_dbm.h"
|
|
|
|
#if APR_HAVE_UNISTD_H
|
|
#include <unistd.h>
|
|
#endif
|
|
|
|
#include "ap_socache.h"
|
|
|
|
#if AP_NEED_SET_MUTEX_PERMS
|
|
#include "unixd.h"
|
|
#endif
|
|
|
|
/* Use of the context structure must be thread-safe after the initial
|
|
* create/init; callers must hold the mutex. */
|
|
struct ap_socache_instance_t {
|
|
const char *data_file;
|
|
/* Pool must only be used with the mutex held. */
|
|
apr_pool_t *pool;
|
|
time_t last_expiry;
|
|
time_t expiry_interval;
|
|
};
|
|
|
|
/**
|
|
* Support for DBM library
|
|
*/
|
|
#define SSL_DBM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
|
|
|
|
#define DEFAULT_DBM_PREFIX DEFAULT_REL_RUNTIMEDIR "/socache-dbm-"
|
|
|
|
/* ### this should use apr_dbm_usednames. */
|
|
#if !defined(SSL_DBM_FILE_SUFFIX_DIR) && !defined(SSL_DBM_FILE_SUFFIX_PAG)
|
|
#if defined(DBM_SUFFIX)
|
|
#define SSL_DBM_FILE_SUFFIX_DIR DBM_SUFFIX
|
|
#define SSL_DBM_FILE_SUFFIX_PAG DBM_SUFFIX
|
|
#elif defined(__FreeBSD__) || (defined(DB_LOCK) && defined(DB_SHMEM))
|
|
#define SSL_DBM_FILE_SUFFIX_DIR ".db"
|
|
#define SSL_DBM_FILE_SUFFIX_PAG ".db"
|
|
#else
|
|
#define SSL_DBM_FILE_SUFFIX_DIR ".dir"
|
|
#define SSL_DBM_FILE_SUFFIX_PAG ".pag"
|
|
#endif
|
|
#endif
|
|
|
|
static void socache_dbm_expire(ap_socache_instance_t *ctx, server_rec *s);
|
|
|
|
static apr_status_t socache_dbm_remove(ap_socache_instance_t *ctx,
|
|
server_rec *s, const unsigned char *id,
|
|
unsigned int idlen, apr_pool_t *p);
|
|
|
|
static const char *socache_dbm_create(ap_socache_instance_t **context,
|
|
const char *arg,
|
|
apr_pool_t *tmp, apr_pool_t *p)
|
|
{
|
|
ap_socache_instance_t *ctx;
|
|
|
|
*context = ctx = apr_pcalloc(p, sizeof *ctx);
|
|
|
|
if (arg && *arg) {
|
|
ctx->data_file = ap_server_root_relative(p, arg);
|
|
if (!ctx->data_file) {
|
|
return apr_psprintf(tmp, "Invalid cache file path %s", arg);
|
|
}
|
|
}
|
|
|
|
apr_pool_create(&ctx->pool, p);
|
|
|
|
return NULL;
|
|
}
|
|
|
|
static apr_status_t socache_dbm_init(ap_socache_instance_t *ctx,
|
|
const char *namespace,
|
|
const struct ap_socache_hints *hints,
|
|
server_rec *s, apr_pool_t *p)
|
|
{
|
|
apr_dbm_t *dbm;
|
|
apr_status_t rv;
|
|
|
|
/* for the DBM we need the data file */
|
|
if (ctx->data_file == NULL) {
|
|
const char *path = apr_pstrcat(p, DEFAULT_DBM_PREFIX, namespace,
|
|
NULL);
|
|
|
|
ctx->data_file = ap_server_root_relative(p, path);
|
|
|
|
if (ctx->data_file == NULL) {
|
|
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
|
|
"could not use default path '%s' for DBM socache",
|
|
path);
|
|
return APR_EINVAL;
|
|
}
|
|
}
|
|
|
|
/* open it once to create it and to make sure it _can_ be created */
|
|
apr_pool_clear(ctx->pool);
|
|
|
|
if ((rv = apr_dbm_open(&dbm, ctx->data_file,
|
|
APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, ctx->pool)) != APR_SUCCESS) {
|
|
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
|
|
"Cannot create SSLSessionCache DBM file `%s'",
|
|
ctx->data_file);
|
|
return rv;
|
|
}
|
|
apr_dbm_close(dbm);
|
|
|
|
ctx->expiry_interval = (hints && hints->expiry_interval
|
|
? hints->expiry_interval : 30);
|
|
|
|
#if AP_NEED_SET_MUTEX_PERMS
|
|
/*
|
|
* We have to make sure the Apache child processes have access to
|
|
* the DBM file. But because there are brain-dead platforms where we
|
|
* cannot exactly determine the suffixes we try all possibilities.
|
|
*/
|
|
if (geteuid() == 0 /* is superuser */) {
|
|
chown(ctx->data_file, ap_unixd_config.user_id, -1 /* no gid change */);
|
|
if (chown(apr_pstrcat(p, ctx->data_file, SSL_DBM_FILE_SUFFIX_DIR, NULL),
|
|
ap_unixd_config.user_id, -1) == -1) {
|
|
if (chown(apr_pstrcat(p, ctx->data_file, ".db", NULL),
|
|
ap_unixd_config.user_id, -1) == -1)
|
|
chown(apr_pstrcat(p, ctx->data_file, ".dir", NULL),
|
|
ap_unixd_config.user_id, -1);
|
|
}
|
|
if (chown(apr_pstrcat(p, ctx->data_file, SSL_DBM_FILE_SUFFIX_PAG, NULL),
|
|
ap_unixd_config.user_id, -1) == -1) {
|
|
if (chown(apr_pstrcat(p, ctx->data_file, ".db", NULL),
|
|
ap_unixd_config.user_id, -1) == -1)
|
|
chown(apr_pstrcat(p, ctx->data_file, ".pag", NULL),
|
|
ap_unixd_config.user_id, -1);
|
|
}
|
|
}
|
|
#endif
|
|
socache_dbm_expire(ctx, s);
|
|
|
|
return APR_SUCCESS;
|
|
}
|
|
|
|
static void socache_dbm_kill(ap_socache_instance_t *ctx, server_rec *s)
|
|
{
|
|
/* the correct way */
|
|
unlink(apr_pstrcat(ctx->pool, ctx->data_file, SSL_DBM_FILE_SUFFIX_DIR, NULL));
|
|
unlink(apr_pstrcat(ctx->pool, ctx->data_file, SSL_DBM_FILE_SUFFIX_PAG, NULL));
|
|
/* the additional ways to be sure */
|
|
unlink(apr_pstrcat(ctx->pool, ctx->data_file, ".dir", NULL));
|
|
unlink(apr_pstrcat(ctx->pool, ctx->data_file, ".pag", NULL));
|
|
unlink(apr_pstrcat(ctx->pool, ctx->data_file, ".db", NULL));
|
|
unlink(ctx->data_file);
|
|
|
|
return;
|
|
}
|
|
|
|
static apr_status_t socache_dbm_store(ap_socache_instance_t *ctx,
|
|
server_rec *s, const unsigned char *id,
|
|
unsigned int idlen, time_t expiry,
|
|
unsigned char *ucaData,
|
|
unsigned int nData, apr_pool_t *pool)
|
|
{
|
|
apr_dbm_t *dbm;
|
|
apr_datum_t dbmkey;
|
|
apr_datum_t dbmval;
|
|
apr_status_t rv;
|
|
|
|
/* be careful: do not try to store too much bytes in a DBM file! */
|
|
#ifdef PAIRMAX
|
|
if ((idlen + nData) >= PAIRMAX) {
|
|
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
|
|
"data size too large for DBM session cache: %d >= %d",
|
|
(idlen + nData), PAIRMAX);
|
|
return APR_ENOSPC;
|
|
}
|
|
#else
|
|
if ((idlen + nData) >= 950 /* at least less than approx. 1KB */) {
|
|
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
|
|
"data size too large for DBM session cache: %d >= %d",
|
|
(idlen + nData), 950);
|
|
return APR_ENOSPC;
|
|
}
|
|
#endif
|
|
|
|
/* create DBM key */
|
|
dbmkey.dptr = (char *)id;
|
|
dbmkey.dsize = idlen;
|
|
|
|
/* create DBM value */
|
|
dbmval.dsize = sizeof(time_t) + nData;
|
|
dbmval.dptr = (char *)malloc(dbmval.dsize);
|
|
if (dbmval.dptr == NULL) {
|
|
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
|
|
"malloc error creating DBM value");
|
|
return APR_ENOMEM;
|
|
}
|
|
memcpy((char *)dbmval.dptr, &expiry, sizeof(time_t));
|
|
memcpy((char *)dbmval.dptr+sizeof(time_t), ucaData, nData);
|
|
|
|
/* and store it to the DBM file */
|
|
apr_pool_clear(ctx->pool);
|
|
|
|
if ((rv = apr_dbm_open(&dbm, ctx->data_file,
|
|
APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, ctx->pool)) != APR_SUCCESS) {
|
|
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
|
|
"Cannot open SSLSessionCache DBM file `%s' for writing "
|
|
"(store)",
|
|
ctx->data_file);
|
|
free(dbmval.dptr);
|
|
return rv;
|
|
}
|
|
if ((rv = apr_dbm_store(dbm, dbmkey, dbmval)) != APR_SUCCESS) {
|
|
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
|
|
"Cannot store SSL session to DBM file `%s'",
|
|
ctx->data_file);
|
|
apr_dbm_close(dbm);
|
|
free(dbmval.dptr);
|
|
return rv;
|
|
}
|
|
apr_dbm_close(dbm);
|
|
|
|
/* free temporary buffers */
|
|
free(dbmval.dptr);
|
|
|
|
/* allow the regular expiring to occur */
|
|
socache_dbm_expire(ctx, s);
|
|
|
|
return APR_SUCCESS;
|
|
}
|
|
|
|
static apr_status_t socache_dbm_retrieve(ap_socache_instance_t *ctx, server_rec *s,
|
|
const unsigned char *id, unsigned int idlen,
|
|
unsigned char *dest, unsigned int *destlen,
|
|
apr_pool_t *p)
|
|
{
|
|
apr_dbm_t *dbm;
|
|
apr_datum_t dbmkey;
|
|
apr_datum_t dbmval;
|
|
unsigned int nData;
|
|
time_t expiry;
|
|
time_t now;
|
|
apr_status_t rc;
|
|
|
|
/* allow the regular expiring to occur */
|
|
socache_dbm_expire(ctx, s);
|
|
|
|
/* create DBM key and values */
|
|
dbmkey.dptr = (char *)id;
|
|
dbmkey.dsize = idlen;
|
|
|
|
/* and fetch it from the DBM file
|
|
* XXX: Should we open the dbm against r->pool so the cleanup will
|
|
* do the apr_dbm_close? This would make the code a bit cleaner.
|
|
*/
|
|
apr_pool_clear(ctx->pool);
|
|
if ((rc = apr_dbm_open(&dbm, ctx->data_file, APR_DBM_RWCREATE,
|
|
SSL_DBM_FILE_MODE, ctx->pool)) != APR_SUCCESS) {
|
|
ap_log_error(APLOG_MARK, APLOG_ERR, rc, s,
|
|
"Cannot open SSLSessionCache DBM file `%s' for reading "
|
|
"(fetch)",
|
|
ctx->data_file);
|
|
return rc;
|
|
}
|
|
rc = apr_dbm_fetch(dbm, dbmkey, &dbmval);
|
|
if (rc != APR_SUCCESS) {
|
|
apr_dbm_close(dbm);
|
|
return rc;
|
|
}
|
|
if (dbmval.dptr == NULL || dbmval.dsize <= sizeof(time_t)) {
|
|
apr_dbm_close(dbm);
|
|
return APR_EGENERAL;
|
|
}
|
|
|
|
/* parse resulting data */
|
|
nData = dbmval.dsize-sizeof(time_t);
|
|
if (nData > *destlen) {
|
|
apr_dbm_close(dbm);
|
|
return APR_ENOSPC;
|
|
}
|
|
|
|
*destlen = nData;
|
|
memcpy(&expiry, dbmval.dptr, sizeof(time_t));
|
|
memcpy(dest, (char *)dbmval.dptr + sizeof(time_t), nData);
|
|
|
|
apr_dbm_close(dbm);
|
|
|
|
/* make sure the stuff is still not expired */
|
|
now = time(NULL);
|
|
if (expiry <= now) {
|
|
socache_dbm_remove(ctx, s, id, idlen, p);
|
|
return APR_NOTFOUND;
|
|
}
|
|
|
|
return APR_SUCCESS;
|
|
}
|
|
|
|
static apr_status_t socache_dbm_remove(ap_socache_instance_t *ctx,
|
|
server_rec *s, const unsigned char *id,
|
|
unsigned int idlen, apr_pool_t *p)
|
|
{
|
|
apr_dbm_t *dbm;
|
|
apr_datum_t dbmkey;
|
|
apr_status_t rv;
|
|
|
|
/* create DBM key and values */
|
|
dbmkey.dptr = (char *)id;
|
|
dbmkey.dsize = idlen;
|
|
|
|
/* and delete it from the DBM file */
|
|
apr_pool_clear(ctx->pool);
|
|
|
|
if ((rv = apr_dbm_open(&dbm, ctx->data_file, APR_DBM_RWCREATE,
|
|
SSL_DBM_FILE_MODE, ctx->pool)) != APR_SUCCESS) {
|
|
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
|
|
"Cannot open SSLSessionCache DBM file `%s' for writing "
|
|
"(delete)",
|
|
ctx->data_file);
|
|
return rv;
|
|
}
|
|
apr_dbm_delete(dbm, dbmkey);
|
|
apr_dbm_close(dbm);
|
|
|
|
return APR_SUCCESS;
|
|
}
|
|
|
|
static void socache_dbm_expire(ap_socache_instance_t *ctx, server_rec *s)
|
|
{
|
|
apr_dbm_t *dbm;
|
|
apr_datum_t dbmkey;
|
|
apr_datum_t dbmval;
|
|
time_t tExpiresAt;
|
|
int nElements = 0;
|
|
int nDeleted = 0;
|
|
int bDelete;
|
|
apr_datum_t *keylist;
|
|
int keyidx;
|
|
int i;
|
|
time_t tNow;
|
|
apr_status_t rv;
|
|
|
|
/*
|
|
* make sure the expiration for still not-accessed session
|
|
* cache entries is done only from time to time
|
|
*/
|
|
tNow = time(NULL);
|
|
|
|
if (tNow < ctx->last_expiry + ctx->expiry_interval) {
|
|
return;
|
|
}
|
|
|
|
ctx->last_expiry = tNow;
|
|
|
|
/*
|
|
* Here we have to be very carefully: Not all DBM libraries are
|
|
* smart enough to allow one to iterate over the elements and at the
|
|
* same time delete expired ones. Some of them get totally crazy
|
|
* while others have no problems. So we have to do it the slower but
|
|
* more safe way: we first iterate over all elements and remember
|
|
* those which have to be expired. Then in a second pass we delete
|
|
* all those expired elements. Additionally we reopen the DBM file
|
|
* to be really safe in state.
|
|
*/
|
|
|
|
#define KEYMAX 1024
|
|
|
|
for (;;) {
|
|
/* allocate the key array in a memory sub pool */
|
|
apr_pool_clear(ctx->pool);
|
|
|
|
if ((keylist = apr_palloc(ctx->pool, sizeof(dbmkey)*KEYMAX)) == NULL) {
|
|
break;
|
|
}
|
|
|
|
/* pass 1: scan DBM database */
|
|
keyidx = 0;
|
|
if ((rv = apr_dbm_open(&dbm, ctx->data_file, APR_DBM_RWCREATE,
|
|
SSL_DBM_FILE_MODE, ctx->pool)) != APR_SUCCESS) {
|
|
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
|
|
"Cannot open SSLSessionCache DBM file `%s' for "
|
|
"scanning",
|
|
ctx->data_file);
|
|
break;
|
|
}
|
|
apr_dbm_firstkey(dbm, &dbmkey);
|
|
while (dbmkey.dptr != NULL) {
|
|
nElements++;
|
|
bDelete = FALSE;
|
|
apr_dbm_fetch(dbm, dbmkey, &dbmval);
|
|
if (dbmval.dsize <= sizeof(time_t) || dbmval.dptr == NULL)
|
|
bDelete = TRUE;
|
|
else {
|
|
memcpy(&tExpiresAt, dbmval.dptr, sizeof(time_t));
|
|
if (tExpiresAt <= tNow)
|
|
bDelete = TRUE;
|
|
}
|
|
if (bDelete) {
|
|
if ((keylist[keyidx].dptr = apr_pmemdup(ctx->pool, dbmkey.dptr, dbmkey.dsize)) != NULL) {
|
|
keylist[keyidx].dsize = dbmkey.dsize;
|
|
keyidx++;
|
|
if (keyidx == KEYMAX)
|
|
break;
|
|
}
|
|
}
|
|
apr_dbm_nextkey(dbm, &dbmkey);
|
|
}
|
|
apr_dbm_close(dbm);
|
|
|
|
/* pass 2: delete expired elements */
|
|
if (apr_dbm_open(&dbm, ctx->data_file, APR_DBM_RWCREATE,
|
|
SSL_DBM_FILE_MODE, ctx->pool) != APR_SUCCESS) {
|
|
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
|
|
"Cannot re-open SSLSessionCache DBM file `%s' for "
|
|
"expiring",
|
|
ctx->data_file);
|
|
break;
|
|
}
|
|
for (i = 0; i < keyidx; i++) {
|
|
apr_dbm_delete(dbm, keylist[i]);
|
|
nDeleted++;
|
|
}
|
|
apr_dbm_close(dbm);
|
|
|
|
if (keyidx < KEYMAX)
|
|
break;
|
|
}
|
|
|
|
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
|
|
"Inter-Process Session Cache (DBM) Expiry: "
|
|
"old: %d, new: %d, removed: %d",
|
|
nElements, nElements-nDeleted, nDeleted);
|
|
}
|
|
|
|
static void socache_dbm_status(ap_socache_instance_t *ctx, request_rec *r,
|
|
int flags)
|
|
{
|
|
apr_dbm_t *dbm;
|
|
apr_datum_t dbmkey;
|
|
apr_datum_t dbmval;
|
|
int nElem;
|
|
int nSize;
|
|
int nAverage;
|
|
apr_status_t rv;
|
|
|
|
nElem = 0;
|
|
nSize = 0;
|
|
|
|
apr_pool_clear(ctx->pool);
|
|
if ((rv = apr_dbm_open(&dbm, ctx->data_file, APR_DBM_RWCREATE,
|
|
SSL_DBM_FILE_MODE, ctx->pool)) != APR_SUCCESS) {
|
|
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
|
|
"Cannot open SSLSessionCache DBM file `%s' for status "
|
|
"retrival",
|
|
ctx->data_file);
|
|
return;
|
|
}
|
|
/*
|
|
* XXX - Check the return value of apr_dbm_firstkey, apr_dbm_fetch - TBD
|
|
*/
|
|
apr_dbm_firstkey(dbm, &dbmkey);
|
|
for ( ; dbmkey.dptr != NULL; apr_dbm_nextkey(dbm, &dbmkey)) {
|
|
apr_dbm_fetch(dbm, dbmkey, &dbmval);
|
|
if (dbmval.dptr == NULL)
|
|
continue;
|
|
nElem += 1;
|
|
nSize += dbmval.dsize;
|
|
}
|
|
apr_dbm_close(dbm);
|
|
if (nSize > 0 && nElem > 0)
|
|
nAverage = nSize / nElem;
|
|
else
|
|
nAverage = 0;
|
|
ap_rprintf(r, "cache type: <b>DBM</b>, maximum size: <b>unlimited</b><br>");
|
|
ap_rprintf(r, "current sessions: <b>%d</b>, current size: <b>%d</b> bytes<br>", nElem, nSize);
|
|
ap_rprintf(r, "average session size: <b>%d</b> bytes<br>", nAverage);
|
|
return;
|
|
}
|
|
|
|
static const ap_socache_provider_t socache_dbm = {
|
|
"dbm",
|
|
AP_SOCACHE_FLAG_NOTMPSAFE,
|
|
socache_dbm_create,
|
|
socache_dbm_init,
|
|
socache_dbm_kill,
|
|
socache_dbm_store,
|
|
socache_dbm_retrieve,
|
|
socache_dbm_remove,
|
|
socache_dbm_status
|
|
};
|
|
|
|
static void register_hooks(apr_pool_t *p)
|
|
{
|
|
ap_register_provider(p, AP_SOCACHE_PROVIDER_GROUP, "dbm",
|
|
AP_SOCACHE_PROVIDER_VERSION,
|
|
&socache_dbm);
|
|
}
|
|
|
|
module AP_MODULE_DECLARE_DATA socache_dbm_module = {
|
|
STANDARD20_MODULE_STUFF,
|
|
NULL, NULL, NULL, NULL, NULL,
|
|
register_hooks
|
|
};
|