diff options
| author | Sergey Poznyakoff <gray@gnu.org.ua> | 2016-01-24 17:41:38 +0200 |
|---|---|---|
| committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2016-01-24 17:41:38 +0200 |
| commit | 8c67fbd51faa3c175fef8160e187c4ac6b123fb6 (patch) | |
| tree | 5805ebc16b20aadc29798a6dadfefa8d48e298da | |
| parent | eb80640a4753350f000cbe0ee49f5a6a2bd5bc75 (diff) | |
| download | vmod-basicauth-8c67fbd51faa3c175fef8160e187c4ac6b123fb6.tar.gz vmod-basicauth-8c67fbd51faa3c175fef8160e187c4ac6b123fb6.tar.bz2 | |
Use thread-specific storage for crypt_r data.varnish-4.0
* src/vmod_basicauth.c (thread_once, thread_key): New statics.
(init_function): Initialize thread_once.
(getpriv): New function.
(crypt_match): Take two parameters. Retrieve crypt_r data from the
thread-specific storage.
(plain_match, apr_match, sha1_match): Remove the pd parameter.
(match): Likewise.
(vmod_match): Change declaration.
* src/vmod_basicauth.vcc (match): Remove PRIV_VCL.
| -rw-r--r-- | src/vmod_basicauth.c | 49 | ||||
| -rw-r--r-- | src/vmod_basicauth.vcc | 2 |
2 files changed, 35 insertions, 16 deletions
diff --git a/src/vmod_basicauth.c b/src/vmod_basicauth.c index 9dc99c3..76dbbf3 100644 --- a/src/vmod_basicauth.c +++ b/src/vmod_basicauth.c | |||
| @@ -84,39 +84,58 @@ base64_decode(const unsigned char *input, size_t input_len, | |||
| 84 | } while (input_len > 0); | 84 | } while (input_len > 0); |
| 85 | return out - output; | 85 | return out - output; |
| 86 | } | 86 | } |
| 87 | |||
| 88 | static pthread_once_t thread_once = PTHREAD_ONCE_INIT; | ||
| 89 | static pthread_key_t thread_key; | ||
| 87 | 90 | ||
| 88 | struct priv_data { | 91 | struct priv_data { |
| 89 | struct crypt_data cdat; | 92 | struct crypt_data cdat; |
| 90 | }; | 93 | }; |
| 91 | 94 | ||
| 95 | static void | ||
| 96 | make_key() | ||
| 97 | { | ||
| 98 | pthread_key_create(&thread_key, free); | ||
| 99 | } | ||
| 100 | |||
| 101 | |||
| 92 | int | 102 | int |
| 93 | init_function(struct vmod_priv *priv, const struct VCL_conf *conf) | 103 | init_function(struct vmod_priv *priv, const struct VCL_conf *conf) |
| 94 | { | 104 | { |
| 95 | struct priv_data *p = malloc(sizeof(*p)); | 105 | pthread_once(&thread_once, make_key); |
| 106 | } | ||
| 107 | |||
| 108 | static struct priv_data * | ||
| 109 | getpriv(void) | ||
| 110 | { | ||
| 111 | struct priv_data *p = pthread_getspecific(thread_key); | ||
| 96 | 112 | ||
| 97 | p->cdat.initialized = 0; | 113 | if (!p) { |
| 98 | priv->priv = p; | 114 | p = malloc(sizeof(*p)); |
| 99 | priv->free = free; | 115 | p->cdat.initialized = 0; |
| 100 | 116 | if (pthread_setspecific(thread_key, p)) | |
| 101 | return 0; | 117 | abort(); |
| 118 | } | ||
| 119 | return p; | ||
| 102 | } | 120 | } |
| 103 | 121 | ||
| 104 | /* Matchers */ | 122 | /* Matchers */ |
| 105 | 123 | ||
| 106 | static int | 124 | static int |
| 107 | crypt_match(const char *pass, const char *hash, struct priv_data *pd) | 125 | crypt_match(const char *pass, const char *hash) |
| 108 | { | 126 | { |
| 127 | struct priv_data *pd = getpriv(); | ||
| 109 | return strcmp(crypt_r(pass, hash, &pd->cdat), hash); | 128 | return strcmp(crypt_r(pass, hash, &pd->cdat), hash); |
| 110 | } | 129 | } |
| 111 | 130 | ||
| 112 | static int | 131 | static int |
| 113 | plain_match(const char *pass, const char *hash, struct priv_data *pd) | 132 | plain_match(const char *pass, const char *hash) |
| 114 | { | 133 | { |
| 115 | return strcmp(pass, hash); | 134 | return strcmp(pass, hash); |
| 116 | } | 135 | } |
| 117 | 136 | ||
| 118 | static int | 137 | static int |
| 119 | apr_match(const char *pass, const char *hash, struct priv_data *pd) | 138 | apr_match(const char *pass, const char *hash) |
| 120 | { | 139 | { |
| 121 | unsigned char buf[120]; | 140 | unsigned char buf[120]; |
| 122 | return strcmp(apr_md5_encode(pass, hash, buf, sizeof(buf)), hash); | 141 | return strcmp(apr_md5_encode(pass, hash, buf, sizeof(buf)), hash); |
| @@ -125,7 +144,7 @@ apr_match(const char *pass, const char *hash, struct priv_data *pd) | |||
| 125 | #define SHA1_DIGEST_SIZE 20 | 144 | #define SHA1_DIGEST_SIZE 20 |
| 126 | 145 | ||
| 127 | static int | 146 | static int |
| 128 | sha1_match(const char *pass, const char *hash, struct priv_data *pd) | 147 | sha1_match(const char *pass, const char *hash) |
| 129 | { | 148 | { |
| 130 | char hashbuf[SHA1_DIGEST_SIZE], resbuf[SHA1_DIGEST_SIZE]; | 149 | char hashbuf[SHA1_DIGEST_SIZE], resbuf[SHA1_DIGEST_SIZE]; |
| 131 | int n; | 150 | int n; |
| @@ -149,7 +168,7 @@ sha1_match(const char *pass, const char *hash, struct priv_data *pd) | |||
| 149 | struct matcher { | 168 | struct matcher { |
| 150 | char *cm_pfx; | 169 | char *cm_pfx; |
| 151 | size_t cm_len; | 170 | size_t cm_len; |
| 152 | int (*cm_match)(const char *, const char *, struct priv_data *); | 171 | int (*cm_match)(const char *, const char *); |
| 153 | }; | 172 | }; |
| 154 | 173 | ||
| 155 | static struct matcher match_tab[] = { | 174 | static struct matcher match_tab[] = { |
| @@ -162,7 +181,7 @@ static struct matcher match_tab[] = { | |||
| 162 | }; | 181 | }; |
| 163 | 182 | ||
| 164 | static int | 183 | static int |
| 165 | match(const char *pass, const char *hash, struct priv_data *pd) | 184 | match(const char *pass, const char *hash) |
| 166 | { | 185 | { |
| 167 | struct matcher *p; | 186 | struct matcher *p; |
| 168 | size_t plen = strlen(hash); | 187 | size_t plen = strlen(hash); |
| @@ -170,7 +189,7 @@ match(const char *pass, const char *hash, struct priv_data *pd) | |||
| 170 | for (p = match_tab; p->cm_match; p++) { | 189 | for (p = match_tab; p->cm_match; p++) { |
| 171 | if (p->cm_len < plen && | 190 | if (p->cm_len < plen && |
| 172 | memcmp(p->cm_pfx, hash, p->cm_len) == 0 && | 191 | memcmp(p->cm_pfx, hash, p->cm_len) == 0 && |
| 173 | p->cm_match(pass, hash, pd) == 0) | 192 | p->cm_match(pass, hash) == 0) |
| 174 | return 0; | 193 | return 0; |
| 175 | } | 194 | } |
| 176 | return 1; | 195 | return 1; |
| @@ -180,7 +199,7 @@ match(const char *pass, const char *hash, struct priv_data *pd) | |||
| 180 | #define BASICLEN (sizeof(BASICPREF)-1) | 199 | #define BASICLEN (sizeof(BASICPREF)-1) |
| 181 | 200 | ||
| 182 | VCL_BOOL | 201 | VCL_BOOL |
| 183 | vmod_match(MOD_CTX sp, struct vmod_priv *priv, VCL_STRING file, VCL_STRING s) | 202 | vmod_match(MOD_CTX sp, VCL_STRING file, VCL_STRING s) |
| 184 | { | 203 | { |
| 185 | char buf[1024]; | 204 | char buf[1024]; |
| 186 | char lbuf[1024]; | 205 | char lbuf[1024]; |
| @@ -237,7 +256,7 @@ vmod_match(MOD_CTX sp, struct vmod_priv *priv, VCL_STRING file, VCL_STRING s) | |||
| 237 | *q++ = 0; | 256 | *q++ = 0; |
| 238 | if (strcmp(p, buf)) | 257 | if (strcmp(p, buf)) |
| 239 | continue; | 258 | continue; |
| 240 | rc = match(pass, q, priv->priv) == 0; | 259 | rc = match(pass, q) == 0; |
| 241 | // syslog(LOG_AUTHPRIV|LOG_DEBUG, "user=%s, rc=%d",p,rc); | 260 | // syslog(LOG_AUTHPRIV|LOG_DEBUG, "user=%s, rc=%d",p,rc); |
| 242 | break; | 261 | break; |
| 243 | } | 262 | } |
diff --git a/src/vmod_basicauth.vcc b/src/vmod_basicauth.vcc index cda0d66..bebc1a2 100644 --- a/src/vmod_basicauth.vcc +++ b/src/vmod_basicauth.vcc | |||
| @@ -30,7 +30,7 @@ Four kinds of password hashes are supported: Apache MD5, crypt, SHA1, | |||
| 30 | and plaintext. | 30 | and plaintext. |
| 31 | 31 | ||
| 32 | $Init init_function | 32 | $Init init_function |
| 33 | $Function BOOL match(PRIV_VCL, STRING, STRING) | 33 | $Function BOOL match(STRING, STRING) |
| 34 | 34 | ||
| 35 | Description | 35 | Description |
| 36 | The **match** function returns **TRUE** or **FALSE** depending on whether | 36 | The **match** function returns **TRUE** or **FALSE** depending on whether |