1 files changed, 307 insertions, 0 deletions
diff --git a/src/gnutls_io.c b/src/gnutls_io.c
new file mode 100644
index 0000000..6b0a15b
--- /dev/null
+++ b/src/gnutls_io.c
@@ -0,0 +1,307 @@
+/* ====================================================================
+ *  Copyright 2004 Paul Querna
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+#include "mod_gnutls.h"
+/**
+ * Describe how the GnuTLS Filter system works here 
+ *  - It is basicly the same as what mod_ssl uses in that respect.
+ */
+apr_status_t mod_gnutls_filter_input(ap_filter_t * f,
+                                     apr_bucket_brigade * bb,
+                                     ap_input_mode_t mode,
+                                     apr_read_type_e block,
+                                     apr_off_t readbytes)
+{
+    apr_bucket* b;
+    apr_status_t status = APR_SUCCESS;
+    gnutls_handle_t *ctxt = (gnutls_handle_t *) f->ctx;
+    if (f->c->aborted) {
+        apr_bucket *bucket = apr_bucket_eos_create(f->c->bucket_alloc);
+        APR_BRIGADE_INSERT_TAIL(bb, bucket);
+        return APR_ECONNABORTED;
+    }
+#if 0
+    for (b = APR_BRIGADE_FIRST(bb);
+         b != APR_BRIGADE_SENTINEL(bb); b = APR_BUCKET_NEXT(b)) {
+        if (APR_BUCKET_IS_EOS(b)) {
+            /* end of connection */
+        }
+        else if (apr_bucket_read(b, &buf, &bytes, APR_BLOCK_READ)
+                 == APR_SUCCESS) {
+            /* more data */
+        }
+    }
+#endif
+    return status;
+}
+#define GNUTLS_HANDSHAKE_ATTEMPTS 10
+apr_status_t mod_gnutls_filter_output(ap_filter_t * f,
+                                      apr_bucket_brigade * bb)
+{
+    int ret, i;
+    const char *buf = 0;
+    apr_size_t bytes = 0;
+    gnutls_handle_t *ctxt = (gnutls_handle_t *) f->ctx;
+    apr_status_t status = APR_SUCCESS;
+    apr_read_type_e rblock = APR_NONBLOCK_READ;
+    if (f->c->aborted) {
+        apr_brigade_cleanup(bb);
+        return APR_ECONNABORTED;
+    }
+    if (ctxt->status == 0) {
+        for (i = GNUTLS_HANDSHAKE_ATTEMPTS; i > 0; i--) {
+            ret = gnutls_handshake(ctxt->session);
+            if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN) {
+                continue;
+            }
+            if (ret < 0) {
+                if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
+                    || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) {
+                    ret = gnutls_alert_get(ctxt->session);
+                    ap_log_error(APLOG_MARK, APLOG_ERR, 0, f->c->base_server,
+                                 "GnuTLS: Hanshake Alert (%d) '%s'.\n", ret,
+                                 gnutls_alert_get_name(ret));
+                }
+                if (gnutls_error_is_fatal(ret) != 0) {
+                    gnutls_deinit(ctxt->session);
+                    ap_log_error(APLOG_MARK, APLOG_ERR, 0, f->c->base_server,
+                                 "GnuTLS: Handshake Failed (%d) '%s'", ret,
+                                 gnutls_strerror(ret));
+                    ctxt->status = -1;
+                    break;
+                }
+            }
+            else {
+                ctxt->status = 1;
+                break;          /* all done with the handshake */
+            }
+        }
+    }
+    if (ctxt->status < 0) {
+        return ap_pass_brigade(f->next, bb);
+    }
+    while (!APR_BRIGADE_EMPTY(bb)) {
+        apr_bucket *bucket = APR_BRIGADE_FIRST(bb);
+        if (APR_BUCKET_IS_EOS(bucket) || APR_BUCKET_IS_FLUSH(bucket)) {
+            /** TODO: GnuTLS doesn't have a special flush method? **/
+            if ((status = ap_pass_brigade(f->next, bb)) != APR_SUCCESS) {
+                return status;
+            }
+            break;
+        }
+        else if (AP_BUCKET_IS_EOC(bucket)) {
+            gnutls_bye(ctxt->session, GNUTLS_SHUT_WR);
+            if ((status = ap_pass_brigade(f->next, bb)) != APR_SUCCESS) {
+                return status;
+            }
+            break;
+        }
+        else {
+            /* filter output */
+            const char *data;
+            apr_size_t len;
+            status = apr_bucket_read(bucket, &data, &len, rblock);
+            if (APR_STATUS_IS_EAGAIN(status)) {
+                rblock = APR_BLOCK_READ;
+                continue;       /* and try again with a blocking read. */
+            }
+            rblock = APR_NONBLOCK_READ;
+            if (!APR_STATUS_IS_EOF(status) && (status != APR_SUCCESS)) {
+                break;
+            }
+            ret = gnutls_record_send(ctxt->session, data, len);
+            if (ret < 0) {
+                /* error sending output */
+            }
+            else if ((apr_size_t) ret != len) {
+                /* not all of the data was sent. */
+                /* mod_ssl basicly errors out here.. this doesn't seem right? */
+            }
+            else {
+                /* send complete */
+            }
+            apr_bucket_delete(bucket);
+            if (status != APR_SUCCESS) {
+                break;
+            }
+        }
+    }
+    return status;
+}
+/**
+ * From mod_ssl / ssl_engine_io.c
+ * This function will read from a brigade and discard the read buckets as it
+ * proceeds.  It will read at most *len bytes.
+ */
+static apr_status_t brigade_consume(apr_bucket_brigade * bb,
+                                    apr_read_type_e block,
+                                    char *c, apr_size_t * len)
+{
+    apr_size_t actual = 0;
+    apr_status_t status = APR_SUCCESS;
+    while (!APR_BRIGADE_EMPTY(bb)) {
+        apr_bucket *b = APR_BRIGADE_FIRST(bb);
+        const char *str;
+        apr_size_t str_len;
+        apr_size_t consume;
+        /* Justin points out this is an http-ism that might
+         * not fit if brigade_consume is added to APR.  Perhaps
+         * apr_bucket_read(eos_bucket) should return APR_EOF?
+         * Then this becomes mainline instead of a one-off.
+         */
+        if (APR_BUCKET_IS_EOS(b)) {
+            status = APR_EOF;
+            break;
+        }
+        /* The reason I'm not offering brigade_consume yet
+         * across to apr-util is that the following call
+         * illustrates how borked that API really is.  For
+         * this sort of case (caller provided buffer) it
+         * would be much more trivial for apr_bucket_consume
+         * to do all the work that follows, based on the
+         * particular characteristics of the bucket we are
+         * consuming here.
+         */
+        status = apr_bucket_read(b, &str, &str_len, block);
+        if (status != APR_SUCCESS) {
+            if (APR_STATUS_IS_EOF(status)) {
+                /* This stream bucket was consumed */
+                apr_bucket_delete(b);
+                continue;
+            }
+            break;
+        }
+        if (str_len > 0) {
+            /* Do not block once some data has been consumed */
+            block = APR_NONBLOCK_READ;
+            /* Assure we don't overflow. */
+            consume = (str_len + actual > *len) ? *len - actual : str_len;
+            memcpy(c, str, consume);
+            c += consume;
+            actual += consume;
+            if (consume >= b->length) {
+                /* This physical bucket was consumed */
+                apr_bucket_delete(b);
+            }
+            else {
+                /* Only part of this physical bucket was consumed */
+                b->start += consume;
+                b->length -= consume;
+            }
+        }
+        else if (b->length == 0) {
+            apr_bucket_delete(b);
+        }
+        /* This could probably be actual == *len, but be safe from stray
+         * photons. */
+        if (actual >= *len) {
+            break;
+        }
+    }
+    *len = actual;
+    return status;
+}
+ssize_t mod_gnutls_transport_read(gnutls_transport_ptr_t ptr,
+                                  void *buffer, size_t len)
+{
+    gnutls_handle_t *ctxt = ptr;
+    apr_status_t rc;
+    apr_size_t in = len;
+    /* If Len = 0, we don't do anything. */
+    if (!len)
+        return 0;
+    if (APR_BRIGADE_EMPTY(ctxt->input_bb)) {
+        rc = ap_get_brigade(ctxt->input_filter->next, ctxt->input_bb,
+                            AP_MODE_READBYTES, ctxt->input_block, in);
+        /* Not a problem, there was simply no data ready yet.
+         */
+        if (APR_STATUS_IS_EAGAIN(rc) || APR_STATUS_IS_EINTR(rc)
+            || (rc == APR_SUCCESS && APR_BRIGADE_EMPTY(ctxt->input_bb))) {
+            return 0;
+        }
+        if (rc != APR_SUCCESS) {
+            /* Unexpected errors discard the brigade */
+            apr_brigade_cleanup(ctxt->input_bb);
+            ctxt->input_bb = NULL;
+            return -1;
+        }
+    }
+//    brigade_consume(ctxt->input_bb, ctxt->input_block, buffer, &len);
+    ap_get_brigade(ctxt->input_filter->next, ctxt->input_bb,
+                   AP_MODE_READBYTES, ctxt->input_block, len);
+    return len;
+}
+ssize_t mod_gnutls_transport_write(gnutls_transport_ptr_t ptr,
+                                   const void *buffer, size_t len)
+{
+    gnutls_handle_t *ctxt = ptr;
+//    apr_bucket *bucket = apr_bucket_transient_create(in, inl,
+//                                                     outctx->bb->
+//                                                     bucket_alloc);
+    //  outctx->length += inl;
+    //APR_BRIGADE_INSERT_TAIL(outctx->bb, bucket);
+    return 0;
+}

diff --git a/src/gnutls_io.c b/src/gnutls_io.c new file mode 100644 index 0000000..6b0a15b --- /dev/null +++ b/src/gnutls_io.c
@@ -0,0 +1,307 @@
	1	/* ====================================================================
	2	* Copyright 2004 Paul Querna
	3	*
	4	* Licensed under the Apache License, Version 2.0 (the "License");
	5	* you may not use this file except in compliance with the License.
	6	* You may obtain a copy of the License at
	7	*
	8	* http://www.apache.org/licenses/LICENSE-2.0
	9	*
	10	* Unless required by applicable law or agreed to in writing, software
	11	* distributed under the License is distributed on an "AS IS" BASIS,
	12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	13	* See the License for the specific language governing permissions and
	14	* limitations under the License.
	15	*
	16	*/
	17
	18	#include "mod_gnutls.h"
	19
	20	/**
	21	* Describe how the GnuTLS Filter system works here
	22	* - It is basicly the same as what mod_ssl uses in that respect.
	23	*/
	24
	25	apr_status_t mod_gnutls_filter_input(ap_filter_t * f,
	26	apr_bucket_brigade * bb,
	27	ap_input_mode_t mode,
	28	apr_read_type_e block,
	29	apr_off_t readbytes)
	30	{
	31	apr_bucket* b;
	32	apr_status_t status = APR_SUCCESS;
	33	gnutls_handle_t ctxt = (gnutls_handle_t ) f->ctx;
	34
	35	if (f->c->aborted) {
	36	apr_bucket *bucket = apr_bucket_eos_create(f->c->bucket_alloc);
	37	APR_BRIGADE_INSERT_TAIL(bb, bucket);
	38	return APR_ECONNABORTED;
	39	}
	40
	41	#if 0
	42	for (b = APR_BRIGADE_FIRST(bb);
	43	b != APR_BRIGADE_SENTINEL(bb); b = APR_BUCKET_NEXT(b)) {
	44	if (APR_BUCKET_IS_EOS(b)) {
	45	/* end of connection */
	46	}
	47	else if (apr_bucket_read(b, &buf, &bytes, APR_BLOCK_READ)
	48	== APR_SUCCESS) {
	49	/* more data */
	50	}
	51	}
	52	#endif
	53	return status;
	54	}
	55
	56	#define GNUTLS_HANDSHAKE_ATTEMPTS 10
	57
	58	apr_status_t mod_gnutls_filter_output(ap_filter_t * f,
	59	apr_bucket_brigade * bb)
	60	{
	61	int ret, i;
	62	const char *buf = 0;
	63	apr_size_t bytes = 0;
	64	gnutls_handle_t ctxt = (gnutls_handle_t ) f->ctx;
	65	apr_status_t status = APR_SUCCESS;
	66	apr_read_type_e rblock = APR_NONBLOCK_READ;
	67
	68	if (f->c->aborted) {
	69	apr_brigade_cleanup(bb);
	70	return APR_ECONNABORTED;
	71	}
	72
	73	if (ctxt->status == 0) {
	74	for (i = GNUTLS_HANDSHAKE_ATTEMPTS; i > 0; i--) {
	75	ret = gnutls_handshake(ctxt->session);
	76
	77	if (ret == GNUTLS_E_INTERRUPTED \|\| ret == GNUTLS_E_AGAIN) {
	78	continue;
	79	}
	80
	81	if (ret < 0) {
	82	if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
	83	\|\| ret == GNUTLS_E_FATAL_ALERT_RECEIVED) {
	84	ret = gnutls_alert_get(ctxt->session);
	85	ap_log_error(APLOG_MARK, APLOG_ERR, 0, f->c->base_server,
	86	"GnuTLS: Hanshake Alert (%d) '%s'.\n", ret,
	87	gnutls_alert_get_name(ret));
	88	}
	89
	90	if (gnutls_error_is_fatal(ret) != 0) {
	91	gnutls_deinit(ctxt->session);
	92	ap_log_error(APLOG_MARK, APLOG_ERR, 0, f->c->base_server,
	93	"GnuTLS: Handshake Failed (%d) '%s'", ret,
	94	gnutls_strerror(ret));
	95	ctxt->status = -1;
	96	break;
	97	}
	98	}
	99	else {
	100	ctxt->status = 1;
	101	break; /* all done with the handshake */
	102	}
	103	}
	104	}
	105
	106	if (ctxt->status < 0) {
	107	return ap_pass_brigade(f->next, bb);
	108	}
	109
	110	while (!APR_BRIGADE_EMPTY(bb)) {
	111	apr_bucket *bucket = APR_BRIGADE_FIRST(bb);
	112	if (APR_BUCKET_IS_EOS(bucket) \|\| APR_BUCKET_IS_FLUSH(bucket)) {
	113	/ TODO: GnuTLS doesn't have a special flush method? /
	114	if ((status = ap_pass_brigade(f->next, bb)) != APR_SUCCESS) {
	115	return status;
	116	}
	117	break;
	118	}
	119	else if (AP_BUCKET_IS_EOC(bucket)) {
	120	gnutls_bye(ctxt->session, GNUTLS_SHUT_WR);
	121
	122	if ((status = ap_pass_brigade(f->next, bb)) != APR_SUCCESS) {
	123	return status;
	124	}
	125	break;
	126	}
	127	else {
	128	/* filter output */
	129	const char *data;
	130	apr_size_t len;
	131
	132	status = apr_bucket_read(bucket, &data, &len, rblock);
	133
	134	if (APR_STATUS_IS_EAGAIN(status)) {
	135	rblock = APR_BLOCK_READ;
	136	continue; /* and try again with a blocking read. */
	137	}
	138
	139	rblock = APR_NONBLOCK_READ;
	140
	141	if (!APR_STATUS_IS_EOF(status) && (status != APR_SUCCESS)) {
	142	break;
	143	}
	144
	145	ret = gnutls_record_send(ctxt->session, data, len);
	146	if (ret < 0) {
	147	/* error sending output */
	148	}
	149	else if ((apr_size_t) ret != len) {
	150	/* not all of the data was sent. */
	151	/* mod_ssl basicly errors out here.. this doesn't seem right? */
	152	}
	153	else {
	154	/* send complete */
	155
	156	}
	157
	158	apr_bucket_delete(bucket);
	159
	160	if (status != APR_SUCCESS) {
	161	break;
	162	}
	163
	164	}
	165	}
	166
	167	return status;
	168	}
	169
	170	/**
	171	* From mod_ssl / ssl_engine_io.c
	172	* This function will read from a brigade and discard the read buckets as it
	173	* proceeds. It will read at most *len bytes.
	174	*/
	175	static apr_status_t brigade_consume(apr_bucket_brigade * bb,
	176	apr_read_type_e block,
	177	char c, apr_size_t len)
	178	{
	179	apr_size_t actual = 0;
	180	apr_status_t status = APR_SUCCESS;
	181
	182	while (!APR_BRIGADE_EMPTY(bb)) {
	183	apr_bucket *b = APR_BRIGADE_FIRST(bb);
	184	const char *str;
	185	apr_size_t str_len;
	186	apr_size_t consume;
	187
	188	/* Justin points out this is an http-ism that might
	189	* not fit if brigade_consume is added to APR. Perhaps
	190	* apr_bucket_read(eos_bucket) should return APR_EOF?
	191	* Then this becomes mainline instead of a one-off.
	192	*/
	193	if (APR_BUCKET_IS_EOS(b)) {
	194	status = APR_EOF;
	195	break;
	196	}
	197
	198	/* The reason I'm not offering brigade_consume yet
	199	* across to apr-util is that the following call
	200	* illustrates how borked that API really is. For
	201	* this sort of case (caller provided buffer) it
	202	* would be much more trivial for apr_bucket_consume
	203	* to do all the work that follows, based on the
	204	* particular characteristics of the bucket we are
	205	* consuming here.
	206	*/
	207	status = apr_bucket_read(b, &str, &str_len, block);
	208
	209	if (status != APR_SUCCESS) {
	210	if (APR_STATUS_IS_EOF(status)) {
	211	/* This stream bucket was consumed */
	212	apr_bucket_delete(b);
	213	continue;
	214	}
	215	break;
	216	}
	217
	218	if (str_len > 0) {
	219	/* Do not block once some data has been consumed */
	220	block = APR_NONBLOCK_READ;
	221
	222	/* Assure we don't overflow. */
	223	consume = (str_len + actual > len) ? len - actual : str_len;
	224
	225	memcpy(c, str, consume);
	226
	227	c += consume;
	228	actual += consume;
	229
	230	if (consume >= b->length) {
	231	/* This physical bucket was consumed */
	232	apr_bucket_delete(b);
	233	}
	234	else {
	235	/* Only part of this physical bucket was consumed */
	236	b->start += consume;
	237	b->length -= consume;
	238	}
	239	}
	240	else if (b->length == 0) {
	241	apr_bucket_delete(b);
	242	}
	243
	244	/* This could probably be actual == *len, but be safe from stray
	245	* photons. */
	246	if (actual >= *len) {
	247	break;
	248	}
	249	}
	250
	251	*len = actual;
	252	return status;
	253	}
	254
	255
	256	ssize_t mod_gnutls_transport_read(gnutls_transport_ptr_t ptr,
	257	void *buffer, size_t len)
	258	{
	259	gnutls_handle_t *ctxt = ptr;
	260	apr_status_t rc;
	261	apr_size_t in = len;
	262	/* If Len = 0, we don't do anything. */
	263	if (!len)
	264	return 0;
	265
	266	if (APR_BRIGADE_EMPTY(ctxt->input_bb)) {
	267
	268	rc = ap_get_brigade(ctxt->input_filter->next, ctxt->input_bb,
	269	AP_MODE_READBYTES, ctxt->input_block, in);
	270
	271	/* Not a problem, there was simply no data ready yet.
	272	*/
	273	if (APR_STATUS_IS_EAGAIN(rc) \|\| APR_STATUS_IS_EINTR(rc)
	274	\|\| (rc == APR_SUCCESS && APR_BRIGADE_EMPTY(ctxt->input_bb))) {
	275	return 0;
	276	}
	277
	278	if (rc != APR_SUCCESS) {
	279	/* Unexpected errors discard the brigade */
	280	apr_brigade_cleanup(ctxt->input_bb);
	281	ctxt->input_bb = NULL;
	282	return -1;
	283	}
	284	}
	285
	286	// brigade_consume(ctxt->input_bb, ctxt->input_block, buffer, &len);
	287
	288
	289	ap_get_brigade(ctxt->input_filter->next, ctxt->input_bb,
	290	AP_MODE_READBYTES, ctxt->input_block, len);
	291
	292	return len;
	293	}
	294
	295	ssize_t mod_gnutls_transport_write(gnutls_transport_ptr_t ptr,
	296	const void *buffer, size_t len)
	297	{
	298	gnutls_handle_t *ctxt = ptr;
	299
	300	// apr_bucket *bucket = apr_bucket_transient_create(in, inl,
	301	// outctx->bb->
	302	// bucket_alloc);
	303
	304	// outctx->length += inl;
	305	//APR_BRIGADE_INSERT_TAIL(outctx->bb, bucket);
	306	return 0;
	307	}