diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2016-01-24 17:41:38 +0200 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2016-01-24 17:41:38 +0200 |
commit | 8c67fbd51faa3c175fef8160e187c4ac6b123fb6 (patch) | |
tree | 5805ebc16b20aadc29798a6dadfefa8d48e298da | |
parent | eb80640a4753350f000cbe0ee49f5a6a2bd5bc75 (diff) | |
download | vmod-basicauth-8c67fbd51faa3c175fef8160e187c4ac6b123fb6.tar.gz vmod-basicauth-8c67fbd51faa3c175fef8160e187c4ac6b123fb6.tar.bz2 |
Use thread-specific storage for crypt_r data.varnish-4.0
* src/vmod_basicauth.c (thread_once, thread_key): New statics.
(init_function): Initialize thread_once.
(getpriv): New function.
(crypt_match): Take two parameters. Retrieve crypt_r data from the
thread-specific storage.
(plain_match, apr_match, sha1_match): Remove the pd parameter.
(match): Likewise.
(vmod_match): Change declaration.
* src/vmod_basicauth.vcc (match): Remove PRIV_VCL.
-rw-r--r-- | src/vmod_basicauth.c | 49 | ||||
-rw-r--r-- | src/vmod_basicauth.vcc | 2 |
2 files changed, 35 insertions, 16 deletions
diff --git a/src/vmod_basicauth.c b/src/vmod_basicauth.c index 9dc99c3..76dbbf3 100644 --- a/src/vmod_basicauth.c +++ b/src/vmod_basicauth.c | |||
@@ -84,39 +84,58 @@ base64_decode(const unsigned char *input, size_t input_len, | |||
84 | } while (input_len > 0); | 84 | } while (input_len > 0); |
85 | return out - output; | 85 | return out - output; |
86 | } | 86 | } |
87 | |||
88 | static pthread_once_t thread_once = PTHREAD_ONCE_INIT; | ||
89 | static pthread_key_t thread_key; | ||
87 | 90 | ||
88 | struct priv_data { | 91 | struct priv_data { |
89 | struct crypt_data cdat; | 92 | struct crypt_data cdat; |
90 | }; | 93 | }; |
91 | 94 | ||
95 | static void | ||
96 | make_key() | ||
97 | { | ||
98 | pthread_key_create(&thread_key, free); | ||
99 | } | ||
100 | |||
101 | |||
92 | int | 102 | int |
93 | init_function(struct vmod_priv *priv, const struct VCL_conf *conf) | 103 | init_function(struct vmod_priv *priv, const struct VCL_conf *conf) |
94 | { | 104 | { |
95 | struct priv_data *p = malloc(sizeof(*p)); | 105 | pthread_once(&thread_once, make_key); |
106 | } | ||
107 | |||
108 | static struct priv_data * | ||
109 | getpriv(void) | ||
110 | { | ||
111 | struct priv_data *p = pthread_getspecific(thread_key); | ||
96 | 112 | ||
97 | p->cdat.initialized = 0; | 113 | if (!p) { |
98 | priv->priv = p; | 114 | p = malloc(sizeof(*p)); |
99 | priv->free = free; | 115 | p->cdat.initialized = 0; |
100 | 116 | if (pthread_setspecific(thread_key, p)) | |
101 | return 0; | 117 | abort(); |
118 | } | ||
119 | return p; | ||
102 | } | 120 | } |
103 | 121 | ||
104 | /* Matchers */ | 122 | /* Matchers */ |
105 | 123 | ||
106 | static int | 124 | static int |
107 | crypt_match(const char *pass, const char *hash, struct priv_data *pd) | 125 | crypt_match(const char *pass, const char *hash) |
108 | { | 126 | { |
127 | struct priv_data *pd = getpriv(); | ||
109 | return strcmp(crypt_r(pass, hash, &pd->cdat), hash); | 128 | return strcmp(crypt_r(pass, hash, &pd->cdat), hash); |
110 | } | 129 | } |
111 | 130 | ||
112 | static int | 131 | static int |
113 | plain_match(const char *pass, const char *hash, struct priv_data *pd) | 132 | plain_match(const char *pass, const char *hash) |
114 | { | 133 | { |
115 | return strcmp(pass, hash); | 134 | return strcmp(pass, hash); |
116 | } | 135 | } |
117 | 136 | ||
118 | static int | 137 | static int |
119 | apr_match(const char *pass, const char *hash, struct priv_data *pd) | 138 | apr_match(const char *pass, const char *hash) |
120 | { | 139 | { |
121 | unsigned char buf[120]; | 140 | unsigned char buf[120]; |
122 | return strcmp(apr_md5_encode(pass, hash, buf, sizeof(buf)), hash); | 141 | return strcmp(apr_md5_encode(pass, hash, buf, sizeof(buf)), hash); |
@@ -125,7 +144,7 @@ apr_match(const char *pass, const char *hash, struct priv_data *pd) | |||
125 | #define SHA1_DIGEST_SIZE 20 | 144 | #define SHA1_DIGEST_SIZE 20 |
126 | 145 | ||
127 | static int | 146 | static int |
128 | sha1_match(const char *pass, const char *hash, struct priv_data *pd) | 147 | sha1_match(const char *pass, const char *hash) |
129 | { | 148 | { |
130 | char hashbuf[SHA1_DIGEST_SIZE], resbuf[SHA1_DIGEST_SIZE]; | 149 | char hashbuf[SHA1_DIGEST_SIZE], resbuf[SHA1_DIGEST_SIZE]; |
131 | int n; | 150 | int n; |
@@ -149,7 +168,7 @@ sha1_match(const char *pass, const char *hash, struct priv_data *pd) | |||
149 | struct matcher { | 168 | struct matcher { |
150 | char *cm_pfx; | 169 | char *cm_pfx; |
151 | size_t cm_len; | 170 | size_t cm_len; |
152 | int (*cm_match)(const char *, const char *, struct priv_data *); | 171 | int (*cm_match)(const char *, const char *); |
153 | }; | 172 | }; |
154 | 173 | ||
155 | static struct matcher match_tab[] = { | 174 | static struct matcher match_tab[] = { |
@@ -162,7 +181,7 @@ static struct matcher match_tab[] = { | |||
162 | }; | 181 | }; |
163 | 182 | ||
164 | static int | 183 | static int |
165 | match(const char *pass, const char *hash, struct priv_data *pd) | 184 | match(const char *pass, const char *hash) |
166 | { | 185 | { |
167 | struct matcher *p; | 186 | struct matcher *p; |
168 | size_t plen = strlen(hash); | 187 | size_t plen = strlen(hash); |
@@ -170,7 +189,7 @@ match(const char *pass, const char *hash, struct priv_data *pd) | |||
170 | for (p = match_tab; p->cm_match; p++) { | 189 | for (p = match_tab; p->cm_match; p++) { |
171 | if (p->cm_len < plen && | 190 | if (p->cm_len < plen && |
172 | memcmp(p->cm_pfx, hash, p->cm_len) == 0 && | 191 | memcmp(p->cm_pfx, hash, p->cm_len) == 0 && |
173 | p->cm_match(pass, hash, pd) == 0) | 192 | p->cm_match(pass, hash) == 0) |
174 | return 0; | 193 | return 0; |
175 | } | 194 | } |
176 | return 1; | 195 | return 1; |
@@ -180,7 +199,7 @@ match(const char *pass, const char *hash, struct priv_data *pd) | |||
180 | #define BASICLEN (sizeof(BASICPREF)-1) | 199 | #define BASICLEN (sizeof(BASICPREF)-1) |
181 | 200 | ||
182 | VCL_BOOL | 201 | VCL_BOOL |
183 | vmod_match(MOD_CTX sp, struct vmod_priv *priv, VCL_STRING file, VCL_STRING s) | 202 | vmod_match(MOD_CTX sp, VCL_STRING file, VCL_STRING s) |
184 | { | 203 | { |
185 | char buf[1024]; | 204 | char buf[1024]; |
186 | char lbuf[1024]; | 205 | char lbuf[1024]; |
@@ -237,7 +256,7 @@ vmod_match(MOD_CTX sp, struct vmod_priv *priv, VCL_STRING file, VCL_STRING s) | |||
237 | *q++ = 0; | 256 | *q++ = 0; |
238 | if (strcmp(p, buf)) | 257 | if (strcmp(p, buf)) |
239 | continue; | 258 | continue; |
240 | rc = match(pass, q, priv->priv) == 0; | 259 | rc = match(pass, q) == 0; |
241 | // syslog(LOG_AUTHPRIV|LOG_DEBUG, "user=%s, rc=%d",p,rc); | 260 | // syslog(LOG_AUTHPRIV|LOG_DEBUG, "user=%s, rc=%d",p,rc); |
242 | break; | 261 | break; |
243 | } | 262 | } |
diff --git a/src/vmod_basicauth.vcc b/src/vmod_basicauth.vcc index cda0d66..bebc1a2 100644 --- a/src/vmod_basicauth.vcc +++ b/src/vmod_basicauth.vcc | |||
@@ -30,7 +30,7 @@ Four kinds of password hashes are supported: Apache MD5, crypt, SHA1, | |||
30 | and plaintext. | 30 | and plaintext. |
31 | 31 | ||
32 | $Init init_function | 32 | $Init init_function |
33 | $Function BOOL match(PRIV_VCL, STRING, STRING) | 33 | $Function BOOL match(STRING, STRING) |
34 | 34 | ||
35 | Description | 35 | Description |
36 | The **match** function returns **TRUE** or **FALSE** depending on whether | 36 | The **match** function returns **TRUE** or **FALSE** depending on whether |