Module Name: src Committed By: jruoho Date: Sat Jul 11 08:10:52 UTC 2020
Modified Files: src/libexec/httpd: Makefile auth-bozo.c bozohttpd.8 bozohttpd.c bozohttpd.h Log Message: Add blocklistd(8) support. To generate a diff of this commit: cvs rdiff -u -r1.28 -r1.29 src/libexec/httpd/Makefile cvs rdiff -u -r1.24 -r1.25 src/libexec/httpd/auth-bozo.c cvs rdiff -u -r1.80 -r1.81 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.115 -r1.116 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.61 -r1.62 src/libexec/httpd/bozohttpd.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/libexec/httpd/Makefile diff -u src/libexec/httpd/Makefile:1.28 src/libexec/httpd/Makefile:1.29 --- src/libexec/httpd/Makefile:1.28 Thu Jan 17 07:39:00 2019 +++ src/libexec/httpd/Makefile Sat Jul 11 08:10:52 2020 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.28 2019/01/17 07:39:00 mrg Exp $ +# $NetBSD: Makefile,v 1.29 2020/07/11 08:10:52 jruoho Exp $ # # $eterna: Makefile,v 1.30 2010/07/11 00:34:27 mrg Exp $ # @@ -14,6 +14,7 @@ # NO_SSL_SUPPORT /* don't support ssl (https) */ # DO_HTPASSWD /* support .htpasswd files */ # NO_LUA_SUPPORT /* don't support Lua for dynamic content */ +# NO_BLOCKLIST_SUPPORT /* don't support blocklist */ # # other system specific defines: # HAVE_NBUTIL_H /* netbsd compat is in <nbutil.h> @@ -32,8 +33,8 @@ SRCS= bozohttpd.c ssl-bozo.c auth-bozo.c tilde-luzah-bozo.c dir-index-bozo.c content-bozo.c lua-bozo.c SRCS+= main.c -LDADD= -lcrypt -llua -lm -DPADD= ${LIBCRYPT} ${LIBLUA} ${LIBM} +LDADD= -lblocklist -lcrypt -llua -lm +DPADD= ${LIBBLOCKLIST} ${LIBCRYPT} ${LIBLUA} ${LIBM} WARNS?= 4 Index: src/libexec/httpd/auth-bozo.c diff -u src/libexec/httpd/auth-bozo.c:1.24 src/libexec/httpd/auth-bozo.c:1.25 --- src/libexec/httpd/auth-bozo.c:1.24 Thu Feb 28 08:28:21 2019 +++ src/libexec/httpd/auth-bozo.c Sat Jul 11 08:10:52 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: auth-bozo.c,v 1.24 2019/02/28 08:28:21 mrg Exp $ */ +/* $NetBSD: auth-bozo.c,v 1.25 2020/07/11 08:10:52 jruoho Exp $ */ /* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */ @@ -105,6 +105,11 @@ bozo_auth_check(bozo_httpreq_t *request, pass) != 0) break; fclose(fp); + +#ifndef NO_BLOCKLIST_SUPPORT + pfilter_notify(BLOCKLIST_AUTH_OK, 200); +#endif /* !NO_BLOCKLIST_SUPPORT */ + return 0; } } Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.80 src/libexec/httpd/bozohttpd.8:1.81 --- src/libexec/httpd/bozohttpd.8:1.80 Mon Jul 6 23:31:36 2020 +++ src/libexec/httpd/bozohttpd.8 Sat Jul 11 08:10:52 2020 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.80 2020/07/06 23:31:36 jmcneill Exp $ +.\" $NetBSD: bozohttpd.8,v 1.81 2020/07/11 08:10:52 jruoho Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd July 6, 2020 +.Dd July 11, 2020 .Dt BOZOHTTPD 8 .Os .Sh NAME @@ -454,6 +454,45 @@ with on the compiler command line to enable this support. It may require linking with the crypt library, using .Dq -lcrypt . +.Ss BLOCKLIST SUPPORT +On NetBSD, +.Nm +supports +.Xr blocklistd 8 +by default. +The support can be disabled with the +.Dq -DNO_BLOCKLIST_SUPPORT +compilation option. +.Pp +Upon occurrence, +.Nm +reports three HTTP status codes to +.Xr blocklistd 8 +as failures: +.Em 401 +(``Unauthorized'') , +.Em 403 +(``Forbidden'') , +and +.Em 500 +(``Internal Server Error'') . +Of these, +.Em 401 +is the one received upon authorization failure with the +HTTP Basic Authorization mechanism. +A successful authorization decreases the counter kept by +.Xr blocklistd 8 . +.Pp +Note that the implementation of the HTTP Basic Authorization mechanism +uses a redirection; a status code +.Em 401 +is always initially received. +Therefore, a single authorization failure of +.Pa .htpasswd +is reported as two failures to +.Xr blocklistd 8 , +but no failures are recorded upon successful authorization +due to the decrease of the failure counter. .Ss SSL SUPPORT .Nm has support for TLSv1.1 and TLSv1.2 protocols that are included by Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.115 src/libexec/httpd/bozohttpd.c:1.116 --- src/libexec/httpd/bozohttpd.c:1.115 Mon Jul 6 23:31:36 2020 +++ src/libexec/httpd/bozohttpd.c Sat Jul 11 08:10:52 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.115 2020/07/06 23:31:36 jmcneill Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.116 2020/07/11 08:10:52 jruoho Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -2133,6 +2133,7 @@ static struct errors_map { const char *shortmsg; /* short version of message */ const char *longmsg; /* long version of message */ } errors_map[] = { + { 200, "200 OK", "The request was valid", }, { 400, "400 Bad Request", "The request was not valid", }, { 401, "401 Unauthorized", "No authorization", }, { 403, "403 Forbidden", "Access to this item has been denied",}, @@ -2170,6 +2171,23 @@ http_errors_long(int code) return (help); } +#ifndef NO_BLOCKLIST_SUPPORT +static struct blocklist *blstate; + +void +pfilter_notify(const int what, const int code) +{ + + if (blstate == NULL) + blstate = blocklist_open(); + + if (blstate == NULL) + return; + + (void)blocklist_r(blstate, what, 0, http_errors_short(code)); +} +#endif /* !NO_BLOCKLIST_SUPPORT */ + /* the follow functions and variables are used in handling HTTP errors */ /* ARGSUSED */ int @@ -2272,6 +2290,20 @@ bozo_http_error(bozohttpd_t *httpd, int bozo_printf(httpd, "%s", httpd->errorbuf); bozo_flush(httpd, stdout); +#ifndef NO_BLOCKLIST_SUPPORT + switch(code) { + + case 401: + pfilter_notify(BLOCKLIST_AUTH_FAIL, code); + break; + + case 403: /* FALLTHROUGH */ + case 500: + pfilter_notify(BLOCKLIST_ABUSIVE_BEHAVIOR, code); + break; + } +#endif /* !NO_BLOCKLIST_SUPPORT */ + return code; } Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.61 src/libexec/httpd/bozohttpd.h:1.62 --- src/libexec/httpd/bozohttpd.h:1.61 Mon Jul 6 23:31:36 2020 +++ src/libexec/httpd/bozohttpd.h Sat Jul 11 08:10:52 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.h,v 1.61 2020/07/06 23:31:36 jmcneill Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.62 2020/07/11 08:10:52 jruoho Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ @@ -35,6 +35,7 @@ #include "netbsd_queue.h" #include <stdbool.h> +#include <stdio.h> #include <signal.h> #include <sys/stat.h> @@ -42,7 +43,11 @@ #ifndef NO_LUA_SUPPORT #include <lua.h> #endif -#include <stdio.h> + +#ifndef NO_BLOCKLIST_SUPPORT +#include <blocklist.h> +void pfilter_notify(const int, const int); +#endif /* QNX provides a lot of NetBSD things in nbutil.h */ #ifdef HAVE_NBUTIL_H