diff options
author | Nokis Mavrogiannopoulos | 2007-12-09 11:12:23 +0000 |
---|---|---|
committer | Nokis Mavrogiannopoulos | 2007-12-09 11:12:23 +0000 |
commit | ae5263c379cc43e451102e4c4e193f48fd91df88 (patch) | |
tree | 9b53d1cd7f4240e56b9b47b280ce0f3c782cfac0 /src | |
parent | e2ba0d06fd1edd80ca76bb2279b76944b6e6a901 (diff) |
Do not allow resuming sessions on different servers.
Diffstat (limited to 'src')
-rw-r--r-- | src/gnutls_cache.c | 84 |
1 files changed, 49 insertions, 35 deletions
diff --git a/src/gnutls_cache.c b/src/gnutls_cache.c index 86b843e..b29086b 100644 --- a/src/gnutls_cache.c +++ b/src/gnutls_cache.c | |||
@@ -34,18 +34,16 @@ | |||
34 | 34 | ||
35 | 35 | ||
36 | #define MC_TAG "mod_gnutls:" | 36 | #define MC_TAG "mod_gnutls:" |
37 | #define MC_TAG_LEN \ | 37 | #define MC_TAG_LEN sizeof(MC_TAG) |
38 | (sizeof(MC_TAG)) | ||
39 | #define STR_SESSION_LEN (GNUTLS_SESSION_ID_STRING_LEN + MC_TAG_LEN) | 38 | #define STR_SESSION_LEN (GNUTLS_SESSION_ID_STRING_LEN + MC_TAG_LEN) |
40 | 39 | ||
41 | #if 0 | 40 | char *mgs_session_id2sz(unsigned char *id, int idlen, |
42 | static char *gnutls_session_id2sz(unsigned char *id, int idlen, | ||
43 | char *str, int strsize) | 41 | char *str, int strsize) |
44 | { | 42 | { |
45 | char *cp; | 43 | char *cp; |
46 | int n; | 44 | int n; |
47 | 45 | ||
48 | cp = apr_cpystrn(str, MC_TAG, MC_TAG_LEN); | 46 | cp = str; |
49 | for (n = 0; n < idlen && n < GNUTLS_MAX_SESSION_ID; n++) { | 47 | for (n = 0; n < idlen && n < GNUTLS_MAX_SESSION_ID; n++) { |
50 | apr_snprintf(cp, strsize - (cp-str), "%02X", id[n]); | 48 | apr_snprintf(cp, strsize - (cp-str), "%02X", id[n]); |
51 | cp += 2; | 49 | cp += 2; |
@@ -53,7 +51,27 @@ static char *gnutls_session_id2sz(unsigned char *id, int idlen, | |||
53 | *cp = '\0'; | 51 | *cp = '\0'; |
54 | return str; | 52 | return str; |
55 | } | 53 | } |
56 | #endif | 54 | |
55 | |||
56 | /* Name the Session ID as: | ||
57 | * IP:port.SessionID | ||
58 | * to disallow resuming sessions on different servers | ||
59 | */ | ||
60 | static int mgs_session_id2dbm(conn_rec* c, unsigned char *id, int idlen, | ||
61 | apr_datum_t* dbmkey) | ||
62 | { | ||
63 | char buf[STR_SESSION_LEN]; | ||
64 | char *sz; | ||
65 | |||
66 | sz = mgs_session_id2sz(id, idlen, buf, sizeof(buf)); | ||
67 | if (sz == NULL) | ||
68 | return -1; | ||
69 | |||
70 | dbmkey->dptr = apr_psprintf(c->pool, "%s:%d.%s", c->local_ip, c->base_server->port, sz); | ||
71 | dbmkey->dsize = strlen( dbmkey->dptr); | ||
72 | |||
73 | return 0; | ||
74 | } | ||
57 | 75 | ||
58 | #define CTIME "%b %d %k:%M:%S %Y %Z" | 76 | #define CTIME "%b %d %k:%M:%S %Y %Z" |
59 | char *mgs_time2sz(time_t in_time, char *str, int strsize) | 77 | char *mgs_time2sz(time_t in_time, char *str, int strsize) |
@@ -70,24 +88,23 @@ char *mgs_time2sz(time_t in_time, char *str, int strsize) | |||
70 | return str; | 88 | return str; |
71 | } | 89 | } |
72 | 90 | ||
73 | char *mgs_session_id2sz(unsigned char *id, int idlen, | 91 | #if HAVE_APR_MEMCACHE |
74 | char *str, int strsize) | 92 | /* Name the Session ID as: |
93 | * IP:port.SessionID | ||
94 | * to disallow resuming sessions on different servers | ||
95 | */ | ||
96 | static char* mgs_session_id2mc(conn_rec* c, unsigned char *id, int idlen) | ||
75 | { | 97 | { |
76 | char *cp; | 98 | char buf[STR_SESSION_LEN]; |
77 | int n; | 99 | char *sz; |
78 | 100 | ||
79 | cp = str; | 101 | sz = mgs_session_id2sz(id, idlen, buf, sizeof(buf)); |
80 | for (n = 0; n < idlen && n < GNUTLS_MAX_SESSION_ID; n++) { | 102 | if (sz == NULL) |
81 | apr_snprintf(cp, strsize - (cp-str), "%02X", id[n]); | 103 | return NULL; |
82 | cp += 2; | 104 | |
83 | } | 105 | return apr_psprintf(c->pool, MC_TAG"%s:%d.%s", c->local_ip, c->base_server->port, sz); |
84 | *cp = '\0'; | ||
85 | return str; | ||
86 | } | 106 | } |
87 | 107 | ||
88 | |||
89 | #if HAVE_APR_MEMCACHE | ||
90 | |||
91 | /** | 108 | /** |
92 | * GnuTLS Session Cache using libmemcached | 109 | * GnuTLS Session Cache using libmemcached |
93 | * | 110 | * |
@@ -184,11 +201,10 @@ static int mc_cache_store(void* baton, gnutls_datum_t key, | |||
184 | { | 201 | { |
185 | apr_status_t rv = APR_SUCCESS; | 202 | apr_status_t rv = APR_SUCCESS; |
186 | mgs_handle_t *ctxt = baton; | 203 | mgs_handle_t *ctxt = baton; |
187 | char buf[STR_SESSION_LEN]; | ||
188 | char* strkey = NULL; | 204 | char* strkey = NULL; |
189 | apr_uint32_t timeout; | 205 | apr_uint32_t timeout; |
190 | 206 | ||
191 | strkey = gnutls_session_id2sz(key.data, key.size, buf, sizeof(buf)); | 207 | strkey = mgs_session_id2mc(ctxt->c, key.data, key.size); |
192 | if(!strkey) | 208 | if(!strkey) |
193 | return -1; | 209 | return -1; |
194 | 210 | ||
@@ -211,13 +227,12 @@ static gnutls_datum_t mc_cache_fetch(void* baton, gnutls_datum_t key) | |||
211 | { | 227 | { |
212 | apr_status_t rv = APR_SUCCESS; | 228 | apr_status_t rv = APR_SUCCESS; |
213 | mgs_handle_t *ctxt = baton; | 229 | mgs_handle_t *ctxt = baton; |
214 | char buf[STR_SESSION_LEN]; | ||
215 | char* strkey = NULL; | 230 | char* strkey = NULL; |
216 | char* value; | 231 | char* value; |
217 | apr_size_t value_len; | 232 | apr_size_t value_len; |
218 | gnutls_datum_t data = { NULL, 0 }; | 233 | gnutls_datum_t data = { NULL, 0 }; |
219 | 234 | ||
220 | strkey = gnutls_session_id2sz(key.data, key.size, buf, sizeof(buf)); | 235 | strkey = mgs_session_id2mc(ctxt->c, key.data, key.size); |
221 | if (!strkey) { | 236 | if (!strkey) { |
222 | return data; | 237 | return data; |
223 | } | 238 | } |
@@ -252,10 +267,9 @@ static int mc_cache_delete(void* baton, gnutls_datum_t key) | |||
252 | { | 267 | { |
253 | apr_status_t rv = APR_SUCCESS; | 268 | apr_status_t rv = APR_SUCCESS; |
254 | mgs_handle_t *ctxt = baton; | 269 | mgs_handle_t *ctxt = baton; |
255 | char buf[STR_SESSION_LEN]; | ||
256 | char* strkey = NULL; | 270 | char* strkey = NULL; |
257 | 271 | ||
258 | strkey = gnutls_session_id2sz(key.data, key.size, buf, sizeof(buf)); | 272 | strkey = mgs_session_id2mc(ctxt->c, key.data, key.size); |
259 | if(!strkey) | 273 | if(!strkey) |
260 | return -1; | 274 | return -1; |
261 | 275 | ||
@@ -366,8 +380,8 @@ static gnutls_datum_t dbm_cache_fetch(void* baton, gnutls_datum_t key) | |||
366 | mgs_handle_t *ctxt = baton; | 380 | mgs_handle_t *ctxt = baton; |
367 | apr_status_t rv; | 381 | apr_status_t rv; |
368 | 382 | ||
369 | dbmkey.dptr = (void*)key.data; | 383 | if (mgs_session_id2dbm(ctxt->c, key.data, key.size, &dbmkey) < 0) |
370 | dbmkey.dsize = key.size; | 384 | return data; |
371 | 385 | ||
372 | rv = apr_dbm_open(&dbm, ctxt->sc->cache_config, | 386 | rv = apr_dbm_open(&dbm, ctxt->sc->cache_config, |
373 | APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, ctxt->c->pool); | 387 | APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, ctxt->c->pool); |
@@ -413,9 +427,9 @@ static int dbm_cache_store(void* baton, gnutls_datum_t key, | |||
413 | mgs_handle_t *ctxt = baton; | 427 | mgs_handle_t *ctxt = baton; |
414 | apr_status_t rv; | 428 | apr_status_t rv; |
415 | apr_time_t expiry; | 429 | apr_time_t expiry; |
416 | 430 | ||
417 | dbmkey.dptr = (char *)key.data; | 431 | if (mgs_session_id2dbm(ctxt->c, key.data, key.size, &dbmkey) < 0) |
418 | dbmkey.dsize = key.size; | 432 | return -1; |
419 | 433 | ||
420 | /* create DBM value */ | 434 | /* create DBM value */ |
421 | dbmval.dsize = data.size + sizeof(apr_time_t); | 435 | dbmval.dsize = data.size + sizeof(apr_time_t); |
@@ -467,9 +481,9 @@ static int dbm_cache_delete(void* baton, gnutls_datum_t key) | |||
467 | apr_datum_t dbmkey; | 481 | apr_datum_t dbmkey; |
468 | mgs_handle_t *ctxt = baton; | 482 | mgs_handle_t *ctxt = baton; |
469 | apr_status_t rv; | 483 | apr_status_t rv; |
470 | 484 | ||
471 | dbmkey.dptr = (char *)key.data; | 485 | if (mgs_session_id2dbm(ctxt->c, key.data, key.size, &dbmkey) < 0) |
472 | dbmkey.dsize = key.size; | 486 | return -1; |
473 | 487 | ||
474 | rv = apr_dbm_open(&dbm, ctxt->sc->cache_config, | 488 | rv = apr_dbm_open(&dbm, ctxt->sc->cache_config, |
475 | APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, ctxt->c->pool); | 489 | APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, ctxt->c->pool); |