CVS commit: src/libexec/httpd

Sat, 11 Jul 2020 01:11:07 -0700 

Module Name:    src
Committed By:   jruoho
Date:           Sat Jul 11 08:10:52 UTC 2020

Modified Files:
        src/libexec/httpd: Makefile auth-bozo.c bozohttpd.8 bozohttpd.c
            bozohttpd.h

Log Message:
Add blocklistd(8) support.


To generate a diff of this commit:
cvs rdiff -u -r1.28 -r1.29 src/libexec/httpd/Makefile
cvs rdiff -u -r1.24 -r1.25 src/libexec/httpd/auth-bozo.c
cvs rdiff -u -r1.80 -r1.81 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.115 -r1.116 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.61 -r1.62 src/libexec/httpd/bozohttpd.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/libexec/httpd/Makefile
diff -u src/libexec/httpd/Makefile:1.28 src/libexec/httpd/Makefile:1.29
--- src/libexec/httpd/Makefile:1.28	Thu Jan 17 07:39:00 2019
+++ src/libexec/httpd/Makefile	Sat Jul 11 08:10:52 2020
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.28 2019/01/17 07:39:00 mrg Exp $
+#	$NetBSD: Makefile,v 1.29 2020/07/11 08:10:52 jruoho Exp $
 #
 #	$eterna: Makefile,v 1.30 2010/07/11 00:34:27 mrg Exp $
 #
@@ -14,6 +14,7 @@
 #	NO_SSL_SUPPORT		/* don't support ssl (https) */
 #	DO_HTPASSWD		/* support .htpasswd files */
 #	NO_LUA_SUPPORT		/* don't support Lua for dynamic content */
+#	NO_BLOCKLIST_SUPPORT	/* don't support blocklist */
 #
 # other system specific defines:
 #	HAVE_NBUTIL_H		/* netbsd compat is in <nbutil.h>
@@ -32,8 +33,8 @@ SRCS=	bozohttpd.c ssl-bozo.c auth-bozo.c
 	tilde-luzah-bozo.c dir-index-bozo.c content-bozo.c lua-bozo.c
 SRCS+=	main.c
 
-LDADD=	-lcrypt -llua -lm
-DPADD=	${LIBCRYPT} ${LIBLUA} ${LIBM}
+LDADD=	-lblocklist -lcrypt -llua -lm
+DPADD=	${LIBBLOCKLIST} ${LIBCRYPT} ${LIBLUA} ${LIBM}
 
 WARNS?=	4
 

Index: src/libexec/httpd/auth-bozo.c
diff -u src/libexec/httpd/auth-bozo.c:1.24 src/libexec/httpd/auth-bozo.c:1.25
--- src/libexec/httpd/auth-bozo.c:1.24	Thu Feb 28 08:28:21 2019
+++ src/libexec/httpd/auth-bozo.c	Sat Jul 11 08:10:52 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth-bozo.c,v 1.24 2019/02/28 08:28:21 mrg Exp $	*/
+/*	$NetBSD: auth-bozo.c,v 1.25 2020/07/11 08:10:52 jruoho Exp $	*/
 
 /*	$eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -105,6 +105,11 @@ bozo_auth_check(bozo_httpreq_t *request,
 					pass) != 0)
 				break;
 			fclose(fp);
+
+#ifndef NO_BLOCKLIST_SUPPORT
+			pfilter_notify(BLOCKLIST_AUTH_OK, 200);
+#endif /* !NO_BLOCKLIST_SUPPORT */
+
 			return 0;
 		}
 	}

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.80 src/libexec/httpd/bozohttpd.8:1.81
--- src/libexec/httpd/bozohttpd.8:1.80	Mon Jul  6 23:31:36 2020
+++ src/libexec/httpd/bozohttpd.8	Sat Jul 11 08:10:52 2020
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.80 2020/07/06 23:31:36 jmcneill Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.81 2020/07/11 08:10:52 jruoho Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd July 6, 2020
+.Dd July 11, 2020
 .Dt BOZOHTTPD 8
 .Os
 .Sh NAME
@@ -454,6 +454,45 @@ with
 on the compiler command line to enable this support.
 It may require linking with the crypt library, using
 .Dq -lcrypt .
+.Ss BLOCKLIST SUPPORT
+On NetBSD,
+.Nm
+supports
+.Xr blocklistd 8
+by default.
+The support can be disabled with the
+.Dq -DNO_BLOCKLIST_SUPPORT
+compilation option.
+.Pp
+Upon occurrence,
+.Nm
+reports three HTTP status codes to
+.Xr blocklistd 8
+as failures:
+.Em 401
+(``Unauthorized'') ,
+.Em 403
+(``Forbidden'') ,
+and
+.Em 500
+(``Internal Server Error'') .
+Of these,
+.Em 401
+is the one received upon authorization failure with the
+HTTP Basic Authorization mechanism.
+A successful authorization decreases the counter kept by
+.Xr blocklistd 8 .
+.Pp
+Note that the implementation of the HTTP Basic Authorization mechanism
+uses a redirection; a status code
+.Em 401
+is always initially received.
+Therefore, a single authorization failure of
+.Pa .htpasswd
+is reported as two failures to
+.Xr blocklistd 8 ,
+but no failures are recorded upon successful authorization
+due to the decrease of the failure counter.
 .Ss SSL SUPPORT
 .Nm
 has support for TLSv1.1 and TLSv1.2 protocols that are included by

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.115 src/libexec/httpd/bozohttpd.c:1.116
--- src/libexec/httpd/bozohttpd.c:1.115	Mon Jul  6 23:31:36 2020
+++ src/libexec/httpd/bozohttpd.c	Sat Jul 11 08:10:52 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.115 2020/07/06 23:31:36 jmcneill Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.116 2020/07/11 08:10:52 jruoho Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -2133,6 +2133,7 @@ static struct errors_map {
 	const char *shortmsg;		/* short version of message */
 	const char *longmsg;		/* long version of message */
 } errors_map[] = {
+	{ 200,	"200 OK",		"The request was valid", },
 	{ 400,	"400 Bad Request",	"The request was not valid", },
 	{ 401,	"401 Unauthorized",	"No authorization", },
 	{ 403,	"403 Forbidden",	"Access to this item has been denied",},
@@ -2170,6 +2171,23 @@ http_errors_long(int code)
 	return (help);
 }
 
+#ifndef NO_BLOCKLIST_SUPPORT
+static struct blocklist *blstate;
+
+void
+pfilter_notify(const int what, const int code)
+{
+
+	if (blstate == NULL)
+		blstate = blocklist_open();
+
+	if (blstate == NULL)
+		return;
+
+	(void)blocklist_r(blstate, what, 0, http_errors_short(code));
+}
+#endif /* !NO_BLOCKLIST_SUPPORT */
+
 /* the follow functions and variables are used in handling HTTP errors */
 /* ARGSUSED */
 int
@@ -2272,6 +2290,20 @@ bozo_http_error(bozohttpd_t *httpd, int 
 		bozo_printf(httpd, "%s", httpd->errorbuf);
 	bozo_flush(httpd, stdout);
 
+#ifndef NO_BLOCKLIST_SUPPORT
+	switch(code) {
+
+	case 401:
+		pfilter_notify(BLOCKLIST_AUTH_FAIL, code);
+		break;
+
+	case 403: /* FALLTHROUGH */
+	case 500:
+		pfilter_notify(BLOCKLIST_ABUSIVE_BEHAVIOR, code);
+		break;
+	}
+#endif /* !NO_BLOCKLIST_SUPPORT */
+
 	return code;
 }
 

Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.61 src/libexec/httpd/bozohttpd.h:1.62
--- src/libexec/httpd/bozohttpd.h:1.61	Mon Jul  6 23:31:36 2020
+++ src/libexec/httpd/bozohttpd.h	Sat Jul 11 08:10:52 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.h,v 1.61 2020/07/06 23:31:36 jmcneill Exp $	*/
+/*	$NetBSD: bozohttpd.h,v 1.62 2020/07/11 08:10:52 jruoho Exp $	*/
 
 /*	$eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -35,6 +35,7 @@
 #include "netbsd_queue.h"
 
 #include <stdbool.h>
+#include <stdio.h>
 #include <signal.h>
 
 #include <sys/stat.h>
@@ -42,7 +43,11 @@
 #ifndef NO_LUA_SUPPORT
 #include <lua.h>
 #endif
-#include <stdio.h>
+
+#ifndef NO_BLOCKLIST_SUPPORT
+#include <blocklist.h>
+void pfilter_notify(const int, const int);
+#endif
 
 /* QNX provides a lot of NetBSD things in nbutil.h */
 #ifdef HAVE_NBUTIL_H

Reply via email to