in_ioctl: one case per ioctl
We can finally get rid of one switch in both, in_ioctl() and
in_ioctl_change_ifaddr(). With this diff we have one case per ioctl,
each case dealing with an ioctl starts with a privilege check before any
global data is modified and the code paths are now straightforward.
One thing that I don't particularly like is that the diff introduces
some code duplication for allocating and initializing the ia in
SIOCSIFADDR and SIOCAIFADDR. I tried a few things to avoid it in this
diff, but it always resulted in tangled code paths, so a bit counter to
the purpose of the whole exercise. I intend to revisit this point later.
Index: sys/netinet/in.c
===
RCS file: /var/cvs/src/sys/netinet/in.c,v
retrieving revision 1.153
diff -u -p -r1.153 in.c
--- sys/netinet/in.c28 May 2018 10:46:46 - 1.153
+++ sys/netinet/in.c29 May 2018 04:55:24 -
@@ -248,33 +248,28 @@ in_ioctl(u_long cmd, caddr_t data, struc
}
}
+ if (ia && satosin(>ifr_addr)->sin_addr.s_addr) {
+ for (; ifa != NULL; ifa = TAILQ_NEXT(ifa, ifa_list)) {
+ if ((ifa->ifa_addr->sa_family == AF_INET) &&
+ ifatoia(ifa)->ia_addr.sin_addr.s_addr ==
+ satosin(>ifr_addr)->sin_addr.s_addr) {
+ ia = ifatoia(ifa);
+ break;
+ }
+ }
+ }
+ if (ia == NULL) {
+ NET_UNLOCK();
+ return (EADDRNOTAVAIL);
+ }
+
switch (cmd) {
- case SIOCSIFNETMASK:
case SIOCSIFDSTADDR:
- case SIOCSIFBRDADDR:
if (!privileged) {
error = EPERM;
- goto err;
+ break;
}
- if (ia && satosin(>ifr_addr)->sin_addr.s_addr) {
- for (; ifa != NULL; ifa = TAILQ_NEXT(ifa, ifa_list)) {
- if ((ifa->ifa_addr->sa_family == AF_INET) &&
- ifatoia(ifa)->ia_addr.sin_addr.s_addr ==
- satosin(>ifr_addr)->sin_addr.s_addr) {
- ia = ifatoia(ifa);
- break;
- }
- }
- }
- if (ia == NULL) {
- error = EADDRNOTAVAIL;
- goto err;
- }
- break;
- }
- switch (cmd) {
- case SIOCSIFDSTADDR:
if ((ifp->if_flags & IFF_POINTOPOINT) == 0) {
error = EINVAL;
break;
@@ -291,6 +286,11 @@ in_ioctl(u_long cmd, caddr_t data, struc
break;
case SIOCSIFBRDADDR:
+ if (!privileged) {
+ error = EPERM;
+ break;
+ }
+
if ((ifp->if_flags & IFF_BROADCAST) == 0) {
error = EINVAL;
break;
@@ -299,12 +299,16 @@ in_ioctl(u_long cmd, caddr_t data, struc
break;
case SIOCSIFNETMASK:
+ if (!privileged) {
+ error = EPERM;
+ break;
+ }
+
ia->ia_netmask = ia->ia_sockmask.sin_addr.s_addr =
ifra->ifra_addr.sin_addr.s_addr;
break;
}
-err:
NET_UNLOCK();
return (error);
}
@@ -329,27 +333,21 @@ in_ioctl_change_ifaddr(u_long cmd, caddr
}
}
- switch (cmd) {
- case SIOCAIFADDR:
- case SIOCDIFADDR:
- if (ifra->ifra_addr.sin_family == AF_INET) {
- for (; ifa != NULL; ifa = TAILQ_NEXT(ifa, ifa_list)) {
- if ((ifa->ifa_addr->sa_family == AF_INET) &&
- ifatoia(ifa)->ia_addr.sin_addr.s_addr ==
- ifra->ifra_addr.sin_addr.s_addr)
- break;
- }
- ia = ifatoia(ifa);
- }
- if (cmd == SIOCDIFADDR && ia == NULL) {
- error = EADDRNOTAVAIL;
- goto err;
+ if (ifra->ifra_addr.sin_family == AF_INET) {
+ for (; ifa != NULL; ifa = TAILQ_NEXT(ifa, ifa_list)) {
+ if ((ifa->ifa_addr->sa_family == AF_INET) &&
+ ifatoia(ifa)->ia_addr.sin_addr.s_addr ==
+ ifra->ifra_addr.sin_addr.s_addr)
+ break;
}
- /* FALLTHROUGH */
+ ia = ifatoia(ifa);
+ }
+
+ switch (cmd) {
case SIOCSIFADDR:
if (!privileged) {
error = EPERM;
-
const for OPENSSL_uni2asc, EVP_PKEY_size and X509_NAME_get_index_by_{OBJ,NID}
Of these four functions, only OPENSSL_uni2asc() has const in OpenSSL.
jsing suggested that we could add const to the the name arguments of
X509_NAME_get_index_by_{OBJ,NID}() when I touched some functions nearby.
Lastly, the change to EVP_PKEY_size() will be needed in an upcoming
diff. Note that the pkey_size() callback (in asn1/asn1_locl.h:94) has
const since it was imported nine years ago.
These all went through a bulk build by sthen. No fallout since we only
have contravariant const additions.
Index: lib/libcrypto/evp/evp.h
===
RCS file: /var/cvs/src/lib/libcrypto/evp/evp.h,v
retrieving revision 1.63
diff -u -p -r1.63 evp.h
--- lib/libcrypto/evp/evp.h 13 May 2018 06:40:55 - 1.63
+++ lib/libcrypto/evp/evp.h 30 May 2018 00:44:54 -
@@ -868,7 +868,7 @@ int EVP_PKEY_type(int type);
int EVP_PKEY_id(const EVP_PKEY *pkey);
int EVP_PKEY_base_id(const EVP_PKEY *pkey);
int EVP_PKEY_bits(const EVP_PKEY *pkey);
-int EVP_PKEY_size(EVP_PKEY *pkey);
+int EVP_PKEY_size(const EVP_PKEY *pkey);
int EVP_PKEY_set_type(EVP_PKEY *pkey, int type);
int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
Index: lib/libcrypto/evp/p_lib.c
===
RCS file: /var/cvs/src/lib/libcrypto/evp/p_lib.c,v
retrieving revision 1.23
diff -u -p -r1.23 p_lib.c
--- lib/libcrypto/evp/p_lib.c 13 May 2018 06:38:46 - 1.23
+++ lib/libcrypto/evp/p_lib.c 30 May 2018 00:44:54 -
@@ -93,7 +93,7 @@ EVP_PKEY_bits(const EVP_PKEY *pkey)
}
int
-EVP_PKEY_size(EVP_PKEY *pkey)
+EVP_PKEY_size(const EVP_PKEY *pkey)
{
if (pkey && pkey->ameth && pkey->ameth->pkey_size)
return pkey->ameth->pkey_size(pkey);
Index: lib/libcrypto/pkcs12/p12_utl.c
===
RCS file: /var/cvs/src/lib/libcrypto/pkcs12/p12_utl.c,v
retrieving revision 1.15
diff -u -p -r1.15 p12_utl.c
--- lib/libcrypto/pkcs12/p12_utl.c 30 Dec 2016 15:34:35 - 1.15
+++ lib/libcrypto/pkcs12/p12_utl.c 30 May 2018 00:38:13 -
@@ -100,7 +100,7 @@ OPENSSL_asc2uni(const char *asc, int asc
}
char *
-OPENSSL_uni2asc(unsigned char *uni, int unilen)
+OPENSSL_uni2asc(const unsigned char *uni, int unilen)
{
size_t asclen, u16len, i;
char *asctmp;
Index: lib/libcrypto/pkcs12/pkcs12.h
===
RCS file: /var/cvs/src/lib/libcrypto/pkcs12/pkcs12.h,v
retrieving revision 1.23
diff -u -p -r1.23 pkcs12.h
--- lib/libcrypto/pkcs12/pkcs12.h 13 May 2018 14:28:14 - 1.23
+++ lib/libcrypto/pkcs12/pkcs12.h 30 May 2018 00:38:13 -
@@ -237,7 +237,7 @@ int PKCS12_setup_mac(PKCS12 *p12, int it
int saltlen, const EVP_MD *md_type);
unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
unsigned char **uni, int *unilen);
-char *OPENSSL_uni2asc(unsigned char *uni, int unilen);
+char *OPENSSL_uni2asc(const unsigned char *uni, int unilen);
PKCS12 *PKCS12_new(void);
void PKCS12_free(PKCS12 *a);
Index: lib/libcrypto/x509/x509.h
===
RCS file: /var/cvs/src/lib/libcrypto/x509/x509.h,v
retrieving revision 1.67
diff -u -p -r1.67 x509.h
--- lib/libcrypto/x509/x509.h 19 May 2018 10:58:08 - 1.67
+++ lib/libcrypto/x509/x509.h 30 May 2018 00:44:38 -
@@ -1100,8 +1100,9 @@ int X509_NAME_get_text_by_OBJ(X509_NAME
/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use
* lastpos, search after that position on. */
-intX509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
-intX509_NAME_get_index_by_OBJ(X509_NAME *name,
+intX509_NAME_get_index_by_NID(const X509_NAME *name, int nid,
+ int lastpos);
+intX509_NAME_get_index_by_OBJ(const X509_NAME *name,
const ASN1_OBJECT *obj, int lastpos);
X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc);
X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
Index: lib/libcrypto/x509/x509name.c
===
RCS file: /var/cvs/src/lib/libcrypto/x509/x509name.c,v
retrieving revision 1.25
diff -u -p -r1.25 x509name.c
--- lib/libcrypto/x509/x509name.c 19 May 2018 10:58:08 - 1.25
+++ lib/libcrypto/x509/x509name.c 30 May 2018 00:44:38 -
@@ -107,7 +107,7 @@ X509_NAME_entry_count(const X509_NAME *n
}
int
-X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
+X509_NAME_get_index_by_NID(const X509_NAME *name, int nid, int lastpos)
{
ASN1_OBJECT *obj;
@@ -119,7 +119,8 @@ X509_NAME_get_index_by_NID(X509_NAME *na
/* NOTE: you should be passsing -1, not 0 as lastpos */
int
-X509_NAME_get_index_by_OBJ(X509_NAME *name,
Re: httpd 2/3: rename "root strip" to "request strip"
On Wed, May 30, 2018 at 12:32:12AM +0200, Reyk Floeter wrote:
> Hi,
>
> this diff applies on top of the previous one.
>
> Rename "root strip" to "request strip"
>
> The root strip option name was semantically incorrect as it does not
> strip the root but the request path. This is a grammar change and it
> also needs a heads up and a change in other documentation (such as
> acme-client(1)).
>
This is the related documentation diff for the tree. Sorry for the
inconvenience, but it is better for the correctness of the grammar.
Reyk
Index: etc/examples/httpd.conf
===
RCS file: /cvs/src/etc/examples/httpd.conf,v
retrieving revision 1.19
diff -u -p -u -p -r1.19 httpd.conf
--- etc/examples/httpd.conf 11 Apr 2018 15:51:50 - 1.19
+++ etc/examples/httpd.conf 29 May 2018 22:44:24 -
@@ -4,7 +4,7 @@ server "example.com" {
listen on * port 80
location "/.well-known/acme-challenge/*" {
root "/acme"
- root strip 2
+ request strip 2
}
location * {
block return 302 "https://$HTTP_HOST$REQUEST_URI;
@@ -22,6 +22,6 @@ server "example.com" {
}
location "/.well-known/acme-challenge/*" {
root "/acme"
- root strip 2
+ request strip 2
}
}
Index: usr.sbin/acme-client/acme-client.1
===
RCS file: /cvs/src/usr.sbin/acme-client/acme-client.1,v
retrieving revision 1.23
diff -u -p -u -p -r1.23 acme-client.1
--- usr.sbin/acme-client/acme-client.1 17 Oct 2017 22:47:58 - 1.23
+++ usr.sbin/acme-client/acme-client.1 29 May 2018 22:44:24 -
@@ -83,7 +83,7 @@ which will properly map response challen
.Bd -literal -offset indent
location "/.well-known/acme-challenge/*" {
root "/acme"
- root strip 2
+ request strip 2
}
.Ed
.Sh FILES
Index: usr.sbin/acme-client/acme-client.conf.5
===
RCS file: /cvs/src/usr.sbin/acme-client/acme-client.conf.5,v
retrieving revision 1.11
diff -u -p -u -p -r1.11 acme-client.conf.5
--- usr.sbin/acme-client/acme-client.conf.5 27 Nov 2017 01:58:52 -
1.11
+++ usr.sbin/acme-client/acme-client.conf.5 29 May 2018 22:44:24 -
@@ -169,7 +169,7 @@ server "example.com" {
tls key "/etc/ssl/private/example.com.key"
location "/.well-known/acme-challenge/*" {
root "/acme"
-root strip 2
+request strip 2
}
root "/htdocs"
}
Index: regress/usr.sbin/acme-client/httpd.conf
===
RCS file: /cvs/src/regress/usr.sbin/acme-client/httpd.conf,v
retrieving revision 1.1
diff -u -p -u -p -r1.1 httpd.conf
--- regress/usr.sbin/acme-client/httpd.conf 25 Jun 2017 21:33:23 -
1.1
+++ regress/usr.sbin/acme-client/httpd.conf 29 May 2018 22:44:24 -
@@ -3,6 +3,6 @@ server "default" {
listen on "*" port 80
location "/.well-known/acme-challenge/*" {
root "/acme"
- root strip 2
+ request strip 2
}
}
httpd 3/3: request rewrite
Hi,
as mentioned in the big diff before, this implements rewrites. This
diff applies on top of the previous ones.
Implement the "request rewrite" option for internal rewrites.
For example:
location match "/page/(%d+)/.*" {
request rewrite "/static/index.php?id=%1&$QUERY_STRING"
}
Please note that httpd uses patterns(7) and not regex.
OK?
Reyk
diff --git usr.sbin/httpd/config.c usr.sbin/httpd/config.c
index 42ff4a4..7d48b12 100644
--- usr.sbin/httpd/config.c
+++ usr.sbin/httpd/config.c
@@ -476,6 +476,13 @@ config_getserver_config(struct httpd *env, struct server
*srv,
>default_type, sizeof(struct media_type));
}
+ f = SRVFLAG_PATH_REWRITE|SRVFLAG_NO_PATH_REWRITE;
+ if ((srv_conf->flags & f) == 0) {
+ srv_conf->flags |= parent->flags & f;
+ (void)strlcpy(srv_conf->path, parent->path,
+ sizeof(srv_conf->path));
+ }
+
f = SRVFLAG_SERVER_HSTS;
srv_conf->flags |= parent->flags & f;
srv_conf->hsts_max_age = parent->hsts_max_age;
diff --git usr.sbin/httpd/httpd.conf.5 usr.sbin/httpd/httpd.conf.5
index 2a71c8d..0f98a30 100644
--- usr.sbin/httpd/httpd.conf.5
+++ usr.sbin/httpd/httpd.conf.5
@@ -198,6 +198,8 @@ argument can be used with return codes in the 3xx range to
send a
.Sq Location:
header for redirection to a specified URI.
.Pp
+It is possible to rewrite the request to redirect it to a different
+external location.
The
.Ar uri
may contain predefined macros that will be expanded at runtime:
@@ -396,10 +398,10 @@ the
using pattern matching instead of shell globbing rules,
see
.Xr patterns 7 .
-The pattern may contain captures that can be used in the
-.Ar uri
-of an enclosed
+The pattern may contain captures that can be used in an enclosed
.Ic block return
+or
+.Ic request rewrite
option.
.It Oo Ic no Oc Ic log Op Ar option
Set the specified logging options.
@@ -462,6 +464,19 @@ in a location.
Configure the options for the request path.
Valid options are:
.Bl -tag -width Ds
+.It Oo Ic no Oc Ic rewrite Ar path
+Enable or disable rewriting of the request.
+Unlike the redirection with
+.Ic block return ,
+this will change the request path internally before
+.Nm httpd
+makes a final decision about the matching location.
+The
+.Ar path
+argument may contain predefined macros that will be expanded at runtime.
+See the
+.Ic block return
+option for the list of supported macros.
.It Ic strip Ar number
Strip
.Ar number
@@ -723,6 +738,17 @@ server "www.example.com" {
listen on 10.0.0.1 port 80
}
.Ed
+The request can also be rewritten with the
+.Ic request rewrite
+directive:
+.Bd -literal -offset indent
+server "example.com" {
+ listen on * port 80
+ location match "/old/(.*)" {
+ request rewrite "/new/%1"
+ }
+}
+.Ed
.Sh SEE ALSO
.Xr htpasswd 1 ,
.Xr patterns 7 ,
diff --git usr.sbin/httpd/httpd.h usr.sbin/httpd/httpd.h
index aff1a6c..ce3c24b 100644
--- usr.sbin/httpd/httpd.h
+++ usr.sbin/httpd/httpd.h
@@ -398,13 +398,15 @@ SPLAY_HEAD(client_tree, client);
#define SRVFLAG_SERVER_MATCH 0x0020
#define SRVFLAG_SERVER_HSTS0x0040
#define SRVFLAG_DEFAULT_TYPE 0x0080
+#define SRVFLAG_PATH_REWRITE 0x0100
+#define SRVFLAG_NO_PATH_REWRITE0x0200
#define SRVFLAG_BITS \
"\10\01INDEX\02NO_INDEX\03AUTO_INDEX\04NO_AUTO_INDEX" \
"\05ROOT\06LOCATION\07FCGI\10NO_FCGI\11LOG\12NO_LOG\13SOCKET" \
"\14SYSLOG\15NO_SYSLOG\16TLS\17ACCESS_LOG\20ERROR_LOG" \
"\21AUTH\22NO_AUTH\23BLOCK\24NO_BLOCK\25LOCATION_MATCH" \
- "\26SERVER_MATCH\27SERVER_HSTS\30DEFAULT_TYPE"
+ "\26SERVER_MATCH\27SERVER_HSTS\30DEFAULT_TYPE\31PATH\32NO_PATH"
#define TCPFLAG_NODELAY0x01
#define TCPFLAG_NNODELAY 0x02
@@ -470,8 +472,9 @@ struct server_config {
uint32_t parent_id;
char name[HOST_NAME_MAX+1];
char location[HTTPD_LOCATION_MAX];
- char index[PATH_MAX];
char root[PATH_MAX];
+ char path[PATH_MAX];
+ char index[PATH_MAX];
char socket[PATH_MAX];
char accesslog[PATH_MAX];
char errorlog[PATH_MAX];
diff --git usr.sbin/httpd/parse.y usr.sbin/httpd/parse.y
index 5766e96..a19bd64 100644
--- usr.sbin/httpd/parse.y
+++ usr.sbin/httpd/parse.y
@@ -134,7 +134,7 @@ typedef struct {
%token LISTEN LOCATION LOG LOGDIR MATCH MAXIMUM NO NODELAY OCSP ON PORT PREFORK
%token PROTOCOLS REQUESTS ROOT SACK SERVER SOCKET STRIP STYLE SYSLOG TCP TICKET
%token TIMEOUT TLS TYPE TYPES HSTS MAXAGE SUBDOMAINS
httpd 2/3: rename "root strip" to "request strip"
Hi,
this diff applies on top of the previous one.
Rename "root strip" to "request strip"
The root strip option name was semantically incorrect as it does not
strip the root but the request path. This is a grammar change and it
also needs a heads up and a change in other documentation (such as
acme-client(1)).
OK?
Reyk
diff --git usr.sbin/httpd/httpd.conf.5 usr.sbin/httpd/httpd.conf.5
index 9c7efbc..2a71c8d 100644
--- usr.sbin/httpd/httpd.conf.5
+++ usr.sbin/httpd/httpd.conf.5
@@ -458,12 +458,18 @@ instead of the log files.
Disable any previous
.Ic block
in a location.
-.It Ic root Ar option
-Configure the document root and options for the request path.
+.It Ic request Ar option
+Configure the options for the request path.
Valid options are:
.Bl -tag -width Ds
-.It Ar directory
-Set the document root of the server.
+.It Ic strip Ar number
+Strip
+.Ar number
+path components from the beginning of the request path before looking
+up the stripped-down path at the document root.
+.El
+.It Ic root Ar directory
+Configure the document root of the server.
The
.Ar directory
is a pathname within the
diff --git usr.sbin/httpd/parse.y usr.sbin/httpd/parse.y
index 2cdfab5..5766e96 100644
--- usr.sbin/httpd/parse.y
+++ usr.sbin/httpd/parse.y
@@ -486,6 +486,7 @@ serveroptsl : LISTEN ON STRING opttls port {
YYERROR;
}
}
+ | request
| root
| directory
| logformat
@@ -804,7 +805,17 @@ rootflags : STRING{
free($1);
srv->srv_conf.flags |= SRVFLAG_ROOT;
}
- | STRIP NUMBER {
+ ;
+
+request: REQUEST requestflags
+ | REQUEST '{' optnl requestflags_l '}'
+ ;
+
+requestflags_l : requestflags optcommanl requestflags_l
+ | requestflags optnl
+ ;
+
+requestflags : STRIP NUMBER {
if ($2 < 0 || $2 > INT_MAX) {
yyerror("invalid strip number");
YYERROR;
httpd 1/3: don't encode the query string twice
Hi,
the first diff fixes a bug that I found with the work on rewrites.
The http_query is already url_encoded; don't encode it twice.
This fixes a bug in the macros and log file handler that
double-encoded the query. This does not change FCGI as it was already
handling the query correctly.
OK?
Reyk
diff --git usr.sbin/httpd/httpd.conf.5 usr.sbin/httpd/httpd.conf.5
index df4ea10..9c7efbc 100644
--- usr.sbin/httpd/httpd.conf.5
+++ usr.sbin/httpd/httpd.conf.5
@@ -206,7 +206,7 @@ may contain predefined macros that will be expanded at
runtime:
.It Ic $DOCUMENT_URI
The request path.
.It Ic $QUERY_STRING
-The optional query string of the request.
+The URL encoded query string of the request.
.It Ic $REMOTE_ADDR
The IP address of the connected client.
.It Ic $REMOTE_PORT
@@ -218,7 +218,7 @@ The request path and optional query string.
.It Ic $SERVER_ADDR
The configured IP address of the server.
.It Ic $SERVER_PORT
-The configured TCP server port of the server.
+The configured TCP port of the server.
.It Ic $SERVER_NAME
The name of the server.
.It Ic $HTTP_HOST
diff --git usr.sbin/httpd/server_http.c usr.sbin/httpd/server_http.c
index c4c0240..5a8fc43 100644
--- usr.sbin/httpd/server_http.c
+++ usr.sbin/httpd/server_http.c
@@ -1023,7 +1023,7 @@ server_expand_http(struct client *clt, const char *val,
char *buf,
{
struct http_descriptor *desc = clt->clt_descreq;
struct server_config*srv_conf = clt->clt_srv_conf;
- char ibuf[128], *str, *path, *query;
+ char ibuf[128], *str, *path;
const char *errstr = NULL, *p;
size_t size;
int n, ret;
@@ -1067,10 +1067,8 @@ server_expand_http(struct client *clt, const char *val,
char *buf,
if (desc->http_query == NULL) {
ret = expand_string(buf, len, "$QUERY_STRING", "");
} else {
- if ((query = url_encode(desc->http_query)) == NULL)
- return (NULL);
- ret = expand_string(buf, len, "$QUERY_STRING", query);
- free(query);
+ ret = expand_string(buf, len, "$QUERY_STRING",
+ desc->http_query);
}
if (ret != 0)
return (NULL);
@@ -1119,13 +1117,8 @@ server_expand_http(struct client *clt, const char *val,
char *buf,
if (desc->http_query == NULL) {
str = path;
} else {
- if ((query = url_encode(desc->http_query)) == NULL) {
- free(path);
- return (NULL);
- }
- ret = asprintf(, "%s?%s", path, query);
+ ret = asprintf(, "%s?%s", path, desc->http_query);
free(path);
- free(query);
if (ret == -1)
return (NULL);
}
@@ -1591,7 +1584,6 @@ server_log_http(struct client *clt, unsigned int code,
size_t len)
int ret = -1;
char*user = NULL;
char*path = NULL;
- char*query = NULL;
char*version = NULL;
char*referrer_v = NULL;
char*agent_v = NULL;
@@ -1635,9 +1627,6 @@ server_log_http(struct client *clt, unsigned int code,
size_t len)
if (desc->http_path &&
(path = url_encode(desc->http_path)) == NULL)
goto done;
- if (desc->http_query &&
- (query = url_encode(desc->http_query)) == NULL)
- goto done;
ret = evbuffer_add_printf(clt->clt_log,
"%s %s - %s [%s] \"%s %s%s%s%s%s\" %03d %zu\n",
@@ -1646,7 +1635,7 @@ server_log_http(struct client *clt, unsigned int code,
size_t len)
server_httpmethod_byid(desc->http_method),
desc->http_path == NULL ? "" : path,
desc->http_query == NULL ? "" : "?",
- desc->http_query == NULL ? "" : query,
+ desc->http_query == NULL ? "" : desc->http_query,
desc->http_version == NULL ? "" : " ",
desc->http_version == NULL ? "" : version,
code, len);
@@ -1679,9 +1668,6 @@ server_log_http(struct client *clt, unsigned int code,
size_t len)
if (desc->http_path &&
(path = url_encode(desc->http_path)) == NULL)
goto done;
- if (desc->http_query &&
- (query = url_encode(desc->http_query)) == NULL)
- goto done;
if
Re: httpd request rewrite
On Tue, May 29, 2018 at 10:00:22PM +0200, Hiltjo Posthuma wrote:
> On Tue, May 29, 2018 at 06:48:31PM +0200, Reyk Floeter wrote:
> > Hi,
> >
> > it's about time.
> >
> > server "default" {
> > listen on * port 80
> > location match "/de/(.*)" {
> > request rewrite "/ch/%1"
> > }
> > }
> >
> > You can also you the macros as in the "block return" external
> > redirects. So maybe something like:
> >
> > server "default" {
> > listen on * port 80
> > location match "/(.*)" {
> > request rewrite "/$HTTP_HOST/%1"
> > }
> > }
> >
>
> The syntax looks clear in my opinion.
>
> Would it be a good idea in your opinion to have request path rewriting in
> relayd also? For example to rewrite the request path for the (internal)
> application?
>
> For example for the url: "http://somesite.org/gopherproxy; to rewrite the path
> "/gopherproxy" to "/" for the application?
>
> in Nginx my current rule is like:
>
> location /gopherproxy/ {
> rewrite/gopherproxy/(.*) /$1 break;
>
> proxy_pass http://127.0.0.1:6969/;
> proxy_set_header Host $host;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_pass_header Server;
> }
>
> I have read the man page and relayd source-code, but have not found a way to
> replace part of the pattern in the path (only a fixed string with "set").
>
Well, maybe. relayd is related but a different topic. The filters
are still on my list.
Reyk
> > Tests? OK?
> >
> > Please note that this diff intentionally breaks the "root strip"
> > option because it changes the grammar to "request strip". "root
> > strip" was semantically wrong but we didn't have a better place to put
> > it. An current.html entry can be made for the required grammar change.
> >
> > Reyk
> >
> > Index: usr.sbin/httpd/config.c
> > ===
> > RCS file: /cvs/src/usr.sbin/httpd/config.c,v
> > retrieving revision 1.54
> > diff -u -p -u -p -r1.54 config.c
> > --- usr.sbin/httpd/config.c 19 May 2018 13:56:56 - 1.54
> > +++ usr.sbin/httpd/config.c 29 May 2018 16:35:29 -
> > @@ -476,6 +476,13 @@ config_getserver_config(struct httpd *en
> > >default_type, sizeof(struct media_type));
> > }
> >
> > + f = SRVFLAG_PATH_REWRITE|SRVFLAG_NO_PATH_REWRITE;
> > + if ((srv_conf->flags & f) == 0) {
> > + srv_conf->flags |= parent->flags & f;
> > + (void)strlcpy(srv_conf->path, parent->path,
> > + sizeof(srv_conf->path));
> > + }
> > +
> > f = SRVFLAG_SERVER_HSTS;
> > srv_conf->flags |= parent->flags & f;
> > srv_conf->hsts_max_age = parent->hsts_max_age;
> > Index: usr.sbin/httpd/httpd.conf.5
> > ===
> > RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
> > retrieving revision 1.95
> > diff -u -p -u -p -r1.95 httpd.conf.5
> > --- usr.sbin/httpd/httpd.conf.5 23 May 2018 19:02:50 - 1.95
> > +++ usr.sbin/httpd/httpd.conf.5 29 May 2018 16:35:29 -
> > @@ -198,6 +198,8 @@ argument can be used with return codes i
> > .Sq Location:
> > header for redirection to a specified URI.
> > .Pp
> > +It is possible to rewrite the request to redirect it to a different
> > +external location.
> > The
> > .Ar uri
> > may contain predefined macros that will be expanded at runtime:
> > @@ -396,10 +398,10 @@ the
> > using pattern matching instead of shell globbing rules,
> > see
> > .Xr patterns 7 .
> > -The pattern may contain captures that can be used in the
> > -.Ar uri
> > -of an enclosed
> > +The pattern may contain captures that can be used in an enclosed
> > .Ic block return
> > +or
> > +.Ic request rewrite
> > option.
> > .It Oo Ic no Oc Ic log Op Ar option
> > Set the specified logging options.
> > @@ -458,12 +460,31 @@ instead of the log files.
> > Disable any previous
> > .Ic block
> > in a location.
> > -.It Ic root Ar option
> > -Configure the document root and options for the request path.
> > +.It Ic request Ar option
> > +Configure the options for the request path.
> > Valid options are:
> > .Bl -tag -width Ds
> > -.It Ar directory
> > -Set the document root of the server.
> > +.It Oo Ic no Oc Ic rewrite Ar path
> > +Enable or disable rewriting of the request.
> > +Unlike the redirection with
> > +.Ic block return ,
> > +this will change the request path internally before
> > +.Nm httpd
> > +makes a final decision about the matching location.
> > +The
> > +.Ar path
> > +argument may contain predefined macros that will be expanded at runtime.
> > +See the
> > +.Ic block return
> > +option for the list of supported macros.
> > +.It Ic strip Ar number
> > +Strip
> > +.Ar number
>
Re: httpd request rewrite
On Tue, May 29, 2018 at 06:48:31PM +0200, Reyk Floeter wrote:
> it's about time.
>
> server "default" {
> listen on * port 80
> location match "/de/(.*)" {
> request rewrite "/ch/%1"
> }
> }
>
> Tests? OK?
>
I didn't handle the query in my previous diff. For example, a very
typical rewrite to handle a slug:
location match "/page/(%d+)/.*" {
request rewrite "/static/index.php?id=%1"
}
The new diff below became very large, I will split it into 3 and resend them.
Reyk
Index: usr.sbin/httpd/config.c
===
RCS file: /cvs/src/usr.sbin/httpd/config.c,v
retrieving revision 1.54
diff -u -p -u -p -r1.54 config.c
--- usr.sbin/httpd/config.c 19 May 2018 13:56:56 - 1.54
+++ usr.sbin/httpd/config.c 29 May 2018 21:41:55 -
@@ -476,6 +476,13 @@ config_getserver_config(struct httpd *en
>default_type, sizeof(struct media_type));
}
+ f = SRVFLAG_PATH_REWRITE|SRVFLAG_NO_PATH_REWRITE;
+ if ((srv_conf->flags & f) == 0) {
+ srv_conf->flags |= parent->flags & f;
+ (void)strlcpy(srv_conf->path, parent->path,
+ sizeof(srv_conf->path));
+ }
+
f = SRVFLAG_SERVER_HSTS;
srv_conf->flags |= parent->flags & f;
srv_conf->hsts_max_age = parent->hsts_max_age;
Index: usr.sbin/httpd/httpd.conf.5
===
RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
retrieving revision 1.95
diff -u -p -u -p -r1.95 httpd.conf.5
--- usr.sbin/httpd/httpd.conf.5 23 May 2018 19:02:50 - 1.95
+++ usr.sbin/httpd/httpd.conf.5 29 May 2018 21:41:55 -
@@ -198,6 +198,8 @@ argument can be used with return codes i
.Sq Location:
header for redirection to a specified URI.
.Pp
+It is possible to rewrite the request to redirect it to a different
+external location.
The
.Ar uri
may contain predefined macros that will be expanded at runtime:
@@ -206,7 +208,7 @@ may contain predefined macros that will
.It Ic $DOCUMENT_URI
The request path.
.It Ic $QUERY_STRING
-The optional query string of the request.
+The URL encoded query string of the request.
.It Ic $REMOTE_ADDR
The IP address of the connected client.
.It Ic $REMOTE_PORT
@@ -218,7 +220,7 @@ The request path and optional query stri
.It Ic $SERVER_ADDR
The configured IP address of the server.
.It Ic $SERVER_PORT
-The configured TCP server port of the server.
+The configured TCP port of the server.
.It Ic $SERVER_NAME
The name of the server.
.It Ic $HTTP_HOST
@@ -396,10 +398,10 @@ the
using pattern matching instead of shell globbing rules,
see
.Xr patterns 7 .
-The pattern may contain captures that can be used in the
-.Ar uri
-of an enclosed
+The pattern may contain captures that can be used in an enclosed
.Ic block return
+or
+.Ic request rewrite
option.
.It Oo Ic no Oc Ic log Op Ar option
Set the specified logging options.
@@ -458,12 +460,31 @@ instead of the log files.
Disable any previous
.Ic block
in a location.
-.It Ic root Ar option
-Configure the document root and options for the request path.
+.It Ic request Ar option
+Configure the options for the request path.
Valid options are:
.Bl -tag -width Ds
-.It Ar directory
-Set the document root of the server.
+.It Oo Ic no Oc Ic rewrite Ar path
+Enable or disable rewriting of the request.
+Unlike the redirection with
+.Ic block return ,
+this will change the request path internally before
+.Nm httpd
+makes a final decision about the matching location.
+The
+.Ar path
+argument may contain predefined macros that will be expanded at runtime.
+See the
+.Ic block return
+option for the list of supported macros.
+.It Ic strip Ar number
+Strip
+.Ar number
+path components from the beginning of the request path before looking
+up the stripped-down path at the document root.
+.El
+.It Ic root Ar directory
+Configure the document root of the server.
The
.Ar directory
is a pathname within the
@@ -472,12 +493,6 @@ root directory of
.Nm httpd .
If not specified, it defaults to
.Pa /htdocs .
-.It Ic strip Ar number
-Strip
-.Ar number
-path components from the beginning of the request path before looking
-up the stripped-down path at the document root.
-.El
.It Ic tcp Ar option
Enable or disable the specified TCP/IP options; see
.Xr tcp 4
@@ -715,6 +730,17 @@ server "example.com" {
server "www.example.com" {
listen on 10.0.0.1 port 80
+}
+.Ed
+The request can also be rewritten with the
+.Ic request rewrite
+directive:
+.Bd -literal -offset indent
+server "example.com" {
+ listen on * port 80
+ location match "/old/(.*)" {
+ request rewrite "/new/%1"
+ }
}
.Ed
.Sh SEE ALSO
Index: usr.sbin/httpd/httpd.h
Re: errors in usage.c - libusbhid
Sorry for the spamming.
After some research and finding that my fix for issue nr: 2 (
hid_usage_in_page() )
will break the functionality inside /usr.bin/usbhidaction/usbhidaction.c
https://goo.gl/1cWFtR (link to usbhidaction.c)
I now change my patch to only include a fix for issue nr: 1
More details is described in the previous mail
Index: usage.c
===
RCS file: /cvs/src/lib/libusbhid/usage.c,v
retrieving revision 1.16
diff -u -p -r1.16 usage.c
--- usage.c 8 Oct 2014 04:49:36 - 1.16
+++ usage.c 29 May 2018 19:45:25 -
@@ -265,8 +265,9 @@ int
hid_parse_usage_in_page(const char *name)
{
const char *sep;
+ const char *usage_sep;
unsigned int l;
- int k, j;
+ int k, j, us, parsed_usage;
sep = strchr(name, ':');
if (sep == NULL)
@@ -278,9 +279,19 @@ hid_parse_usage_in_page(const char *name
return -1;
found:
sep++;
- for (j = 0; j < pages[k].pagesize; j++)
+ for (j = 0; j < pages[k].pagesize; j++) {
+ us = pages[k].page_contents[j].usage;
+ if (us == -1) {
+ usage_sep = strchr(sep, '_');
+ if (usage_sep == NULL)
+ return -1;
+ if (sscanf(usage_sep, "_%d", _usage))
+ return (pages[k].usage << 16) |
+ parsed_usage;
+ }
if (strcmp(pages[k].page_contents[j].name, sep) == 0)
return (pages[k].usage << 16) |
pages[k].page_contents[j].usage;
+ }
return -1;
}
comments? ok?
2018-05-28 13:01 GMT+02:00 David Bern :
> I was suggested off list to give an explanation on what the patch does.
>
> So please, tell me if I need to clarify more, or make further changes to
> the code.
>
> The patch tries to fix two things.
> 1. Changes in hid_parse_usage_in_page() fixes problems in parsing usages
> defined as: * Button %d
>
> hid_parse_usage_in_page():
> Previously - With input "Button:Button_1" returns -1
> Now - With input "Button:Button_1" returns 589825
>
> In the scenario of parsing Button:Button_1 we will not find a usage name
> matching that string. For example Button:Button_1 is defined as
> Button %d in the table.
>
> We are still able to calculate the proper usage number in the same way we
> are
> able to calculate the proper usage name in hid_usage_in_page().
>
> The first step is to identify if usage name is shortened. If it is,
> usage will hold a value of -1. Then I try to locate a separator char in
> the name as "_".
> If a separator char is found I use it to read the value as "_%d" to get
> the
> corresponding usage number
>
> >+ us = pages[k].page_contents[j].usage;
> >+ if (us == -1) {
> >+ usage_sep = strchr(sep, '_');
> >+ if (usage_sep == NULL)
> >+ return -1;
> >+ if (sscanf(usage_sep, "_%d", _usage))
> >+ return (pages[k].usage << 16) |
> >+ parsed_usage;
>
>
> 2. The text-string that is returned by hid_usage_in_page() misses page
> information.
> So the changes made in hid_usage_in_page() is to make it the inverse of
> hid_parse_usage_in_page()
>
> In details what the code previously did and now does.
>
> hid_usage_in_page():
> Previously - With input 589825 returns Button_1
> Now - With input 589825 returns Button:Button_1
>
>
> The change just adds a pages[k].name to the string, a format that
> hid_parse_usage_in_page() expects it to have.
> I make formatting in two steps when us == -1 which it is when usage is
> shortened
> as for example: * Button %d.
>
> >+ snprintf(fmt, sizeof fmt,
> >+ "%%s:%s", pages[k].page_contents[j].name);
> >+ snprintf(b, sizeof b, fmt, pages[k].name, i);
>
> The first step is to create a format string that will result in something
> like
> "%s:Button_%d".
> The last step I use the fmt-string to create a complete string that will
> result in
> "Button:Button_1"
>
>
>
>
> 2018-05-24 18:44 GMT+02:00 David Bern :
>
>> While I was waiting for comments and feedback I came up with some
>> improvements.
>> The "logic" is still the same, but the execution is hopefully more sane.
>>
>> Index: usage.c
>> ===
>> RCS file: /cvs/src/lib/libusbhid/usage.c,v
>> retrieving revision 1.16
>> diff -u -p -r1.16 usage.c
>> --- usage.c 8 Oct 2014 04:49:36 - 1.16
>> +++ usage.c 24 May 2018 16:37:54 -
>> @@ -224,6 +224,7 @@ hid_usage_in_page(unsigned int u)
>> {
>> int i = HID_USAGE(u), j, k, us;
>> int page = HID_PAGE(u);
>> + char fmt[100];
>> static char
Re: httpd request rewrite
On Tue, May 29, 2018 at 06:48:31PM +0200, Reyk Floeter wrote:
> Hi,
>
> it's about time.
>
> server "default" {
> listen on * port 80
> location match "/de/(.*)" {
> request rewrite "/ch/%1"
> }
> }
>
> You can also you the macros as in the "block return" external
> redirects. So maybe something like:
>
> server "default" {
> listen on * port 80
> location match "/(.*)" {
> request rewrite "/$HTTP_HOST/%1"
> }
> }
>
The syntax looks clear in my opinion.
Would it be a good idea in your opinion to have request path rewriting in
relayd also? For example to rewrite the request path for the (internal)
application?
For example for the url: "http://somesite.org/gopherproxy; to rewrite the path
"/gopherproxy" to "/" for the application?
in Nginx my current rule is like:
location /gopherproxy/ {
rewrite/gopherproxy/(.*) /$1 break;
proxy_pass http://127.0.0.1:6969/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header Server;
}
I have read the man page and relayd source-code, but have not found a way to
replace part of the pattern in the path (only a fixed string with "set").
> Tests? OK?
>
> Please note that this diff intentionally breaks the "root strip"
> option because it changes the grammar to "request strip". "root
> strip" was semantically wrong but we didn't have a better place to put
> it. An current.html entry can be made for the required grammar change.
>
> Reyk
>
> Index: usr.sbin/httpd/config.c
> ===
> RCS file: /cvs/src/usr.sbin/httpd/config.c,v
> retrieving revision 1.54
> diff -u -p -u -p -r1.54 config.c
> --- usr.sbin/httpd/config.c 19 May 2018 13:56:56 - 1.54
> +++ usr.sbin/httpd/config.c 29 May 2018 16:35:29 -
> @@ -476,6 +476,13 @@ config_getserver_config(struct httpd *en
> >default_type, sizeof(struct media_type));
> }
>
> + f = SRVFLAG_PATH_REWRITE|SRVFLAG_NO_PATH_REWRITE;
> + if ((srv_conf->flags & f) == 0) {
> + srv_conf->flags |= parent->flags & f;
> + (void)strlcpy(srv_conf->path, parent->path,
> + sizeof(srv_conf->path));
> + }
> +
> f = SRVFLAG_SERVER_HSTS;
> srv_conf->flags |= parent->flags & f;
> srv_conf->hsts_max_age = parent->hsts_max_age;
> Index: usr.sbin/httpd/httpd.conf.5
> ===
> RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
> retrieving revision 1.95
> diff -u -p -u -p -r1.95 httpd.conf.5
> --- usr.sbin/httpd/httpd.conf.5 23 May 2018 19:02:50 - 1.95
> +++ usr.sbin/httpd/httpd.conf.5 29 May 2018 16:35:29 -
> @@ -198,6 +198,8 @@ argument can be used with return codes i
> .Sq Location:
> header for redirection to a specified URI.
> .Pp
> +It is possible to rewrite the request to redirect it to a different
> +external location.
> The
> .Ar uri
> may contain predefined macros that will be expanded at runtime:
> @@ -396,10 +398,10 @@ the
> using pattern matching instead of shell globbing rules,
> see
> .Xr patterns 7 .
> -The pattern may contain captures that can be used in the
> -.Ar uri
> -of an enclosed
> +The pattern may contain captures that can be used in an enclosed
> .Ic block return
> +or
> +.Ic request rewrite
> option.
> .It Oo Ic no Oc Ic log Op Ar option
> Set the specified logging options.
> @@ -458,12 +460,31 @@ instead of the log files.
> Disable any previous
> .Ic block
> in a location.
> -.It Ic root Ar option
> -Configure the document root and options for the request path.
> +.It Ic request Ar option
> +Configure the options for the request path.
> Valid options are:
> .Bl -tag -width Ds
> -.It Ar directory
> -Set the document root of the server.
> +.It Oo Ic no Oc Ic rewrite Ar path
> +Enable or disable rewriting of the request.
> +Unlike the redirection with
> +.Ic block return ,
> +this will change the request path internally before
> +.Nm httpd
> +makes a final decision about the matching location.
> +The
> +.Ar path
> +argument may contain predefined macros that will be expanded at runtime.
> +See the
> +.Ic block return
> +option for the list of supported macros.
> +.It Ic strip Ar number
> +Strip
> +.Ar number
> +path components from the beginning of the request path before looking
> +up the stripped-down path at the document root.
> +.El
> +.It Ic root Ar directory
> +Configure the document root of the server.
> The
> .Ar directory
> is a pathname within the
> @@ -472,12 +493,6 @@ root directory of
> .Nm httpd .
> If not specified, it defaults to
> .Pa /htdocs .
Add sizes for free() for octeon
Hi tech@,
Add sizes for free() for octeon.
Comments? OK?
Index: sys/arch/octeon/dev/amdcf.c
===
RCS file: /cvs/src/sys/arch/octeon/dev/amdcf.c,v
retrieving revision 1.5
diff -u -p -r1.5 amdcf.c
--- sys/arch/octeon/dev/amdcf.c 30 Dec 2017 23:08:29 - 1.5
+++ sys/arch/octeon/dev/amdcf.c 30 Apr 2018 21:40:24 -
@@ -495,7 +495,7 @@ amdcfioctl(dev_t dev, u_long xfer, caddr
lp = malloc(sizeof(*lp), M_TEMP, M_WAITOK);
amdcfgetdisklabel(dev, sc, lp, 0);
bcopy(lp, sc->sc_dk.dk_label, sizeof(*lp));
- free(lp, M_TEMP, 0);
+ free(lp, M_TEMP, sizeof(*lp));
goto exit;
case DIOCGPDINFO:
Index: sys/arch/octeon/dev/octcf.c
===
RCS file: /cvs/src/sys/arch/octeon/dev/octcf.c,v
retrieving revision 1.31
diff -u -p -r1.31 octcf.c
--- sys/arch/octeon/dev/octcf.c 30 Dec 2017 23:08:29 - 1.31
+++ sys/arch/octeon/dev/octcf.c 30 Apr 2018 21:40:24 -
@@ -563,7 +563,7 @@ octcfioctl(dev_t dev, u_long xfer, caddr
lp = malloc(sizeof(*lp), M_TEMP, M_WAITOK);
octcfgetdisklabel(dev, wd, lp, 0);
bcopy(lp, wd->sc_dk.dk_label, sizeof(*lp));
- free(lp, M_TEMP, 0);
+ free(lp, M_TEMP, sizeof(*lp));
goto exit;
case DIOCGPDINFO:
@@ -788,7 +788,7 @@ octcf_get_params(struct octcf_softc *wd,
if (error != 0) {
printf("%s: identify failed: %d\n", __func__, error);
- free(tb, M_DEVBUF, 0);
+ free(tb, M_DEVBUF, ATAPARAMS_SIZE);
return CMD_ERR;
} else {
/*
@@ -818,7 +818,7 @@ octcf_get_params(struct octcf_softc *wd,
params->atap_model[1] == 'E') ||
(params->atap_model[0] == 'F' &&
params->atap_model[1] == 'X'))) {
- free(tb, M_DEVBUF, 0);
+ free(tb, M_DEVBUF, ATAPARAMS_SIZE);
return CMD_OK;
}
for (i = 0; i < sizeof(params->atap_model); i += 2) {
@@ -834,7 +834,7 @@ octcf_get_params(struct octcf_softc *wd,
*p = swap16(*p);
}
- free(tb, M_DEVBUF, 0);
+ free(tb, M_DEVBUF, ATAPARAMS_SIZE);
return CMD_OK;
}
}
httpd request rewrite
Hi,
it's about time.
server "default" {
listen on * port 80
location match "/de/(.*)" {
request rewrite "/ch/%1"
}
}
You can also you the macros as in the "block return" external
redirects. So maybe something like:
server "default" {
listen on * port 80
location match "/(.*)" {
request rewrite "/$HTTP_HOST/%1"
}
}
Tests? OK?
Please note that this diff intentionally breaks the "root strip"
option because it changes the grammar to "request strip". "root
strip" was semantically wrong but we didn't have a better place to put
it. An current.html entry can be made for the required grammar change.
Reyk
Index: usr.sbin/httpd/config.c
===
RCS file: /cvs/src/usr.sbin/httpd/config.c,v
retrieving revision 1.54
diff -u -p -u -p -r1.54 config.c
--- usr.sbin/httpd/config.c 19 May 2018 13:56:56 - 1.54
+++ usr.sbin/httpd/config.c 29 May 2018 16:35:29 -
@@ -476,6 +476,13 @@ config_getserver_config(struct httpd *en
>default_type, sizeof(struct media_type));
}
+ f = SRVFLAG_PATH_REWRITE|SRVFLAG_NO_PATH_REWRITE;
+ if ((srv_conf->flags & f) == 0) {
+ srv_conf->flags |= parent->flags & f;
+ (void)strlcpy(srv_conf->path, parent->path,
+ sizeof(srv_conf->path));
+ }
+
f = SRVFLAG_SERVER_HSTS;
srv_conf->flags |= parent->flags & f;
srv_conf->hsts_max_age = parent->hsts_max_age;
Index: usr.sbin/httpd/httpd.conf.5
===
RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
retrieving revision 1.95
diff -u -p -u -p -r1.95 httpd.conf.5
--- usr.sbin/httpd/httpd.conf.5 23 May 2018 19:02:50 - 1.95
+++ usr.sbin/httpd/httpd.conf.5 29 May 2018 16:35:29 -
@@ -198,6 +198,8 @@ argument can be used with return codes i
.Sq Location:
header for redirection to a specified URI.
.Pp
+It is possible to rewrite the request to redirect it to a different
+external location.
The
.Ar uri
may contain predefined macros that will be expanded at runtime:
@@ -396,10 +398,10 @@ the
using pattern matching instead of shell globbing rules,
see
.Xr patterns 7 .
-The pattern may contain captures that can be used in the
-.Ar uri
-of an enclosed
+The pattern may contain captures that can be used in an enclosed
.Ic block return
+or
+.Ic request rewrite
option.
.It Oo Ic no Oc Ic log Op Ar option
Set the specified logging options.
@@ -458,12 +460,31 @@ instead of the log files.
Disable any previous
.Ic block
in a location.
-.It Ic root Ar option
-Configure the document root and options for the request path.
+.It Ic request Ar option
+Configure the options for the request path.
Valid options are:
.Bl -tag -width Ds
-.It Ar directory
-Set the document root of the server.
+.It Oo Ic no Oc Ic rewrite Ar path
+Enable or disable rewriting of the request.
+Unlike the redirection with
+.Ic block return ,
+this will change the request path internally before
+.Nm httpd
+makes a final decision about the matching location.
+The
+.Ar path
+argument may contain predefined macros that will be expanded at runtime.
+See the
+.Ic block return
+option for the list of supported macros.
+.It Ic strip Ar number
+Strip
+.Ar number
+path components from the beginning of the request path before looking
+up the stripped-down path at the document root.
+.El
+.It Ic root Ar directory
+Configure the document root of the server.
The
.Ar directory
is a pathname within the
@@ -472,12 +493,6 @@ root directory of
.Nm httpd .
If not specified, it defaults to
.Pa /htdocs .
-.It Ic strip Ar number
-Strip
-.Ar number
-path components from the beginning of the request path before looking
-up the stripped-down path at the document root.
-.El
.It Ic tcp Ar option
Enable or disable the specified TCP/IP options; see
.Xr tcp 4
@@ -715,6 +730,17 @@ server "example.com" {
server "www.example.com" {
listen on 10.0.0.1 port 80
+}
+.Ed
+The request can also be rewritten with the
+.Ic request rewrite
+directive:
+.Bd -literal -offset indent
+server "example.com" {
+ listen on * port 80
+ location match "/old/(.*)" {
+ request rewrite "/new/%1"
+ }
}
.Ed
.Sh SEE ALSO
Index: usr.sbin/httpd/httpd.h
===
RCS file: /cvs/src/usr.sbin/httpd/httpd.h,v
retrieving revision 1.137
diff -u -p -u -p -r1.137 httpd.h
--- usr.sbin/httpd/httpd.h 19 May 2018 13:56:56 - 1.137
+++ usr.sbin/httpd/httpd.h 29 May 2018 16:35:30 -
@@ -398,13 +398,15 @@ SPLAY_HEAD(client_tree, client);
#define SRVFLAG_SERVER_MATCH 0x0020
#define
Some tweaks for the VIA PadLock driver
Hi tech@,
Return error values directly where appropriate, instead of using the err
variable.
While there, remove TODO about bitching. We haven't felt the need to bitch
since the driver was commited, and we do not bitch in aesni_setup() either.
Comments? OK?
Index: sys/arch/amd64/amd64/via.c
===
RCS file: /cvs/src/sys/arch/amd64/amd64/via.c,v
retrieving revision 1.29
diff -u -p -r1.29 via.c
--- sys/arch/amd64/amd64/via.c 28 Apr 2018 15:44:59 - 1.29
+++ sys/arch/amd64/amd64/via.c 29 May 2018 15:34:03 -
@@ -87,7 +87,7 @@ viac3_crypto_setup(void)
vc3_sc = malloc(sizeof(*vc3_sc), M_DEVBUF, M_NOWAIT|M_ZERO);
if (vc3_sc == NULL)
- return; /* YYY bitch? */
+ return;
bzero(algs, sizeof(algs));
algs[CRYPTO_AES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
@@ -102,7 +102,7 @@ viac3_crypto_setup(void)
vc3_sc->sc_cid = crypto_get_driverid(0);
if (vc3_sc->sc_cid < 0) {
free(vc3_sc, M_DEVBUF, sizeof(*vc3_sc));
- return; /* YYY bitch? */
+ return;
}
crypto_register(vc3_sc->sc_cid, algs, viac3_crypto_newsession,
@@ -340,16 +340,12 @@ viac3_crypto_encdec(struct cryptop *crp,
u_int32_t *key;
int err = 0;
- if ((crd->crd_len % 16) != 0) {
- err = EINVAL;
- return (err);
- }
+ if ((crd->crd_len % 16) != 0)
+ return (EINVAL);
sc->op_buf = malloc(crd->crd_len, M_DEVBUF, M_NOWAIT);
- if (sc->op_buf == NULL) {
- err = ENOMEM;
- return (err);
- }
+ if (sc->op_buf == NULL)
+ return (ENOMEM);
if (crd->crd_flags & CRD_F_ENCRYPT) {
sc->op_cw[0] = ses->ses_cw0 | C3_CRYPT_CWLO_ENCRYPT;
Index: sys/arch/i386/i386/via.c
===
RCS file: /cvs/src/sys/arch/i386/i386/via.c,v
retrieving revision 1.43
diff -u -p -r1.43 via.c
--- sys/arch/i386/i386/via.c28 Apr 2018 15:44:59 - 1.43
+++ sys/arch/i386/i386/via.c29 May 2018 15:34:03 -
@@ -88,7 +88,7 @@ viac3_crypto_setup(void)
vc3_sc = malloc(sizeof(*vc3_sc), M_DEVBUF, M_NOWAIT|M_ZERO);
if (vc3_sc == NULL)
- return; /* YYY bitch? */
+ return;
bzero(algs, sizeof(algs));
algs[CRYPTO_AES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
@@ -103,7 +103,7 @@ viac3_crypto_setup(void)
vc3_sc->sc_cid = crypto_get_driverid(0);
if (vc3_sc->sc_cid < 0) {
free(vc3_sc, M_DEVBUF, sizeof(*vc3_sc));
- return; /* YYY bitch? */
+ return;
}
crypto_register(vc3_sc->sc_cid, algs, viac3_crypto_newsession,
@@ -341,16 +341,12 @@ viac3_crypto_encdec(struct cryptop *crp,
u_int32_t *key;
int err = 0;
- if ((crd->crd_len % 16) != 0) {
- err = EINVAL;
- return (err);
- }
+ if ((crd->crd_len % 16) != 0)
+ return (EINVAL);
sc->op_buf = malloc(crd->crd_len, M_DEVBUF, M_NOWAIT);
- if (sc->op_buf == NULL) {
- err = ENOMEM;
- return (err);
- }
+ if (sc->op_buf == NULL)
+ return (ENOMEM);
if (crd->crd_flags & CRD_F_ENCRYPT) {
sc->op_cw[0] = ses->ses_cw0 | C3_CRYPT_CWLO_ENCRYPT;
ssh: xmss vs sphincs
Hi, Sorry if this is a more "misc-list" topic, but according to Cryptography Services[1] team: "SPHINCS[2] is the more recent one (vs XMSS), combining a good numbers of advances in the field and even more! Bringing the statelessness we were all waiting for." Would SPHINCS be not a better choice then XMSS? [1] https://cryptoservices.github.io/quantum/2015/12/08/XMSS-and-SPHINCS.html [2] https://sphincs.cr.yp.to/index.html Best regards, Daniel
Re: [Patch] mg(1): Experimental UTF-8 support
On Tue, May 29, 2018 at 03:33:08PM +0200, Henning Brauer wrote: > Hi, > > very welcome! > > I have applied the diff and don't notice immediate breakage. Pls poke You didn't notice cursor movement bugs? o_O Well, I'm giving example: авыавыавы To move from start to end of that word, you have to press M-f 3 times. Also you might notice you have to press C-f twice to move one character forward. https://github.com/hboetes/mg/commits/display-wide-characters There are new commits, I'll test them later and send a new diff, so I hope mg is ready to support UTF-8, yeah <3 > me in a few days to give an ok (and hope same brave soul takes > committing on his plate) assuming I don't run into trouble. > > ciao > > Henning >
Add sizes for free() in cryptosoft.c
Hi tech@,
Add sizes for free() in cryptosoft.c.
Comments? OK?
Index: sys/crypto/cryptosoft.c
===
RCS file: /cvs/src/sys/crypto/cryptosoft.c,v
retrieving revision 1.83
diff -u -p -r1.83 cryptosoft.c
--- sys/crypto/cryptosoft.c 2 May 2017 11:44:32 - 1.83
+++ sys/crypto/cryptosoft.c 29 May 2018 11:13:13 -
@@ -971,7 +971,8 @@ swcr_freesession(u_int64_t tid)
if (swd->sw_kschedule) {
explicit_bzero(swd->sw_kschedule, txf->ctxsize);
- free(swd->sw_kschedule, M_CRYPTO_DATA, 0);
+ free(swd->sw_kschedule, M_CRYPTO_DATA,
+ txf->ctxsize);
}
break;
@@ -985,11 +986,11 @@ swcr_freesession(u_int64_t tid)
if (swd->sw_ictx) {
explicit_bzero(swd->sw_ictx, axf->ctxsize);
- free(swd->sw_ictx, M_CRYPTO_DATA, 0);
+ free(swd->sw_ictx, M_CRYPTO_DATA, axf->ctxsize);
}
if (swd->sw_octx) {
explicit_bzero(swd->sw_octx, axf->ctxsize);
- free(swd->sw_octx, M_CRYPTO_DATA, 0);
+ free(swd->sw_octx, M_CRYPTO_DATA, axf->ctxsize);
}
break;
@@ -1001,12 +1002,12 @@ swcr_freesession(u_int64_t tid)
if (swd->sw_ictx) {
explicit_bzero(swd->sw_ictx, axf->ctxsize);
- free(swd->sw_ictx, M_CRYPTO_DATA, 0);
+ free(swd->sw_ictx, M_CRYPTO_DATA, axf->ctxsize);
}
break;
}
- free(swd, M_CRYPTO_DATA, 0);
+ free(swd, M_CRYPTO_DATA, sizeof(*swd));
}
return 0;
}
Re: FreeBSD tabs(1) ported to OpenBSD
Minor note: instead of including compilation instructions to code, is not it better to use bsd make system? Following Makefile does the trick: PROG=tabs LDADD+=-lncursesw .include With it you can "make" and "make install" your app. -- Sent from: http://openbsd-archive.7691.n7.nabble.com/openbsd-dev-tech-f151936.html
Re: add const to the return value of BIO_s_file()
ok bcook@
On Mon, May 28, 2018 at 3:23 PM, Theo Buehler wrote:
> This is the first trivial part of the last batch of diffs catching up
> with OpenSSL's const additions.
>
> As usual, sthen kindly ran the whole diff through a ports bulk build.
>
> Only this small change caused some fallout, namely devel/ptlib.
> Of course, I'll commit a fix for the port at the same time as this diff.
>
> Index: lib/libcrypto/bio/bio.h
> ===
> RCS file: /var/cvs/src/lib/libcrypto/bio/bio.h,v
> retrieving revision 1.43
> diff -u -p -r1.43 bio.h
> --- lib/libcrypto/bio/bio.h 12 May 2018 18:51:59 - 1.43
> +++ lib/libcrypto/bio/bio.h 28 May 2018 20:07:41 -
> @@ -597,7 +597,7 @@ BIO_asn1_get_suffix(BIO *b, asn1_ps_func
> asn1_ps_func **psuffix_free);
>
> int BIO_get_new_index(void);
> -BIO_METHOD *BIO_s_file(void );
> +const BIO_METHOD *BIO_s_file(void);
> BIO *BIO_new_file(const char *filename, const char *mode);
> BIO *BIO_new_fp(FILE *stream, int close_flag);
> # define BIO_s_file_internal BIO_s_file
> Index: lib/libcrypto/bio/bss_file.c
> ===
> RCS file: /var/cvs/src/lib/libcrypto/bio/bss_file.c,v
> retrieving revision 1.32
> diff -u -p -r1.32 bss_file.c
> --- lib/libcrypto/bio/bss_file.c29 Jan 2017 17:49:22 -
> 1.32
> +++ lib/libcrypto/bio/bss_file.c28 May 2018 20:07:41 -
> @@ -98,7 +98,7 @@ static long file_ctrl(BIO *h, int cmd, l
> static int file_new(BIO *h);
> static int file_free(BIO *data);
>
> -static BIO_METHOD methods_filep = {
> +static const BIO_METHOD methods_filep = {
> .type = BIO_TYPE_FILE,
> .name = "FILE pointer",
> .bwrite = file_write,
> @@ -148,7 +148,7 @@ BIO_new_fp(FILE *stream, int close_flag)
> return (ret);
> }
>
> -BIO_METHOD *
> +const BIO_METHOD *
> BIO_s_file(void)
> {
> return (_filep);
>
Re: Libressl question
On Mon, Feb 12, 2018 at 09:27:16AM -0600, ed...@pettijohn-web.com wrote: > Has there been any discussion of packaging libtls separately from libressl > for portable use? With my limited skills I was able to write a program to > talk to smtpd and starttls using nothing but the manuals. I seriously doubt I > could have done so with the gnu tls library. This really shows how well it is > written as far as the code involved, but also the quality of the manuals. I > only had one hickup and if I can think of a way to word it better I'll send a > patch for that manual. > > Thanks, > > Edgar Hi Edgar, I had a working version a couple of years ago against OpenSSL. There were a few challenges even with a closely-related library: 1. libtls can and does reply on LibreSSL-specific features in the core library, e.g. for privilege separation. These would either need to be ported into OpenSSL or a compatibility interface provided in addition to the libtls interface. 2. Which version of the OpenSSL API / ABI to support? Now that OpenSSL is incompatible between 1.1 and 1.0, even more workarounds may be needed. 3. The libtls API is usually defined in terms of the LibreSSL version it ships with, and changed somewhat quickly. Would libtls-standalone be shipped as part of the target library? How would we sync API / ABI changes between them. You could probably port libtls to have a gnutls backend, though you may have to implement more lower-level changes in gnutls as well to support some of the features. The longer-term support, release, and fragmentation issues also remain.
Re: Change CMakeLists.txt in LibreSSL to use target_include_directores
On Thu, May 24, 2018 at 10:10:58AM +, Cameron Palmer wrote: > It is beneficial for projects that depend on LibreSSL libraries and are built > with CMake to use target_link_libraries and automatically receive the PUBLIC > or INTERFACE headers without needing to specify include_directories. This > patch changes the project to use target_include_directories and header > scoping. > Makes sense. I made some minor fixes and committed to master.
Re: IPL_VM for `f_mtx'
On 29/05/18(Tue) 10:00, Mathieu - wrote: > Mark Kettenis wrote: > > > Date: Mon, 28 May 2018 12:24:22 +0200 > > > From: Mathieu - > > > > > > Mark Kettenis wrote: > > > > > Date: Mon, 28 May 2018 11:23:47 +0200 > > > > > From: Martin Pieuchot > > > > > > > > > > As found by tb@ and visa@, `f_mtx' need to block interrupts as long as > > > > > it can be taken w/ and w/o the KERNEL_LOCK(). Otherwise a deadlock is > > > > > possible if an interrupt tries to grab the KERNEL_LOCK(). > > > > > > > > > > I'm not switching to a rwlock because code paths are short, I don't > > > > > want to introduce new sleeping points and in the long run we should > > > > > be using SRPs or atomic operations for reference counts. > > > > > > > > > > ok? > > > > > > > > I suppose IPL_VM is the most sensible default for mutexes that need to > > > > block all interrupts that might need the kernel lock. > > > > > > > > ok kettenis@ > > > > > > > > > Hello, > > > > > > Wouldn't IPL_MPFLOOR be more appropriate? After all mutexes are already > > > raising the ipl level to IPL_MPFLOOR (expect for IPL_NONE and above). > > > > The problem is that IPL_MPFLOOR doesn't exist on all platforms. Maybe > > it should... > > Ah yeah right, my bad, my grep-foo isn't up to par it seems. Landisk > tricked me by using the MI mutex implementation. Then go ahead and submit a diff (in a new thread)! You seem to understand quite well our code, time to contribute 8) We always need more kernel hackers!
Re: IPL_VM for `f_mtx'
Mark Kettenis wrote: > > Date: Mon, 28 May 2018 12:24:22 +0200 > > From: Mathieu - > > > > Mark Kettenis wrote: > > > > Date: Mon, 28 May 2018 11:23:47 +0200 > > > > From: Martin Pieuchot > > > > > > > > As found by tb@ and visa@, `f_mtx' need to block interrupts as long as > > > > it can be taken w/ and w/o the KERNEL_LOCK(). Otherwise a deadlock is > > > > possible if an interrupt tries to grab the KERNEL_LOCK(). > > > > > > > > I'm not switching to a rwlock because code paths are short, I don't > > > > want to introduce new sleeping points and in the long run we should > > > > be using SRPs or atomic operations for reference counts. > > > > > > > > ok? > > > > > > I suppose IPL_VM is the most sensible default for mutexes that need to > > > block all interrupts that might need the kernel lock. > > > > > > ok kettenis@ > > > > > > Hello, > > > > Wouldn't IPL_MPFLOOR be more appropriate? After all mutexes are already > > raising the ipl level to IPL_MPFLOOR (expect for IPL_NONE and above). > > The problem is that IPL_MPFLOOR doesn't exist on all platforms. Maybe > it should... Ah yeah right, my bad, my grep-foo isn't up to par it seems. Landisk tricked me by using the MI mutex implementation. Mathieu-
