dany/ant-http
1
0
Fork 0
mirror of https://github.com/lxsang/ant-http synced 2024-11-18 01:08:21 +01:00
Code Issues Actions Projects Releases Wiki Activity

Allow sandboxing plugin instances
All checks were successful
gitea-sync/ant-http/pipeline/head This commit looks good
Details

Browse Source
This commit is contained in:
DanyLE 2023-01-15 18:21:42 +01:00
parent bd0663ddf7
commit a1acea2441
6 changed files with 563 additions and 556 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
http_server.c
View File

@ -76,11 +76,11 @@ void destroy_config()
freedict(server_config.mimes);
if (server_config.stat_fifo_path)
free(server_config.stat_fifo_path);
if(server_config.plugins)
if (server_config.plugins)
{
for_each_assoc(it, server_config.plugins)
{
freedict((dictionary_t) it->value);
freedict((dictionary_t)it->value);
}
freedict(server_config.plugins);
}
@ -94,7 +94,7 @@ void destroy_config()
{
if (cnf->htdocs != NULL)
free(cnf->htdocs);
if(cnf->plugins)
if (cnf->plugins)
free(cnf->plugins);
if (cnf->sock > 0)
{
@ -114,7 +114,7 @@ static int config_handler(void *conf, const char *section, const char *name,
config_t *pconfig = (config_t *)conf;
regmatch_t regex_matches[2];
char buf[255];
char * tmp;
char *tmp;
struct stat st;
// trim(section, ' ');
// trim(value,' ');
@ -125,7 +125,7 @@ static int config_handler(void *conf, const char *section, const char *name,
if (stat(value, &st) == -1)
mkdirp(value, 0755);
tmp = realpath(value, NULL);
if(!tmp)
if (!tmp)
{
ERROR("Unable to query real path for %s: %s", value, strerror(errno));
}
@ -148,7 +148,7 @@ static int config_handler(void *conf, const char *section, const char *name,
if (stat(value, &st) == -1)
mkdirp(value, 0700);
tmp = realpath(value, NULL);
if(!tmp)
if (!tmp)
{
ERROR("Unable to query real path for %s: %s", value, strerror(errno));
}
@ -171,7 +171,7 @@ static int config_handler(void *conf, const char *section, const char *name,
removeAll(value, 0);
}
tmp = realpath(value, NULL);
if(!tmp)
if (!tmp)
{
ERROR("Unable to query real path for %s: %s", value, strerror(errno));
}
@ -270,7 +270,7 @@ static int config_handler(void *conf, const char *section, const char *name,
mkdirp(value, 0755);
}
p->htdocs = realpath(value, NULL);
if(!p->htdocs)
if (!p->htdocs)
{
ERROR("Unable to query real path for %s: %s", value, strerror(errno));
p->htdocs = strdup(value);
@ -280,7 +280,7 @@ static int config_handler(void *conf, const char *section, const char *name,
LOG("Server root is %s", p->htdocs);
}
}
else if(strcmp(name, "plugins") == 0)
else if (strcmp(name, "plugins") == 0)
{
p->plugins = strdup(value);
}
@ -320,34 +320,34 @@ static void init_plugins()
{
chain_t it, it2;
dictionary_t config;
const char* value;
const char *value;
for_each_assoc(it, server_config.plugins)
{
config = (dictionary_t) it -> value;
if(config)
config = (dictionary_t)it->value;
if (config)
{
for_each_assoc(it2, config)
{
LOG("Plugin %s: [%s] -> [%s]", it->key, it2->key, (char*) it2->value);
if(strncmp(it2->key, "file_type", 9) == 0 && it2->value)
LOG("Plugin %s: [%s] -> [%s]", it->key, it2->key, (char *)it2->value);
if (strncmp(it2->key, "file_type", 9) == 0 && it2->value)
{
char* file_type = strdup((char*) it2->value);
char* token;
char *file_type = strdup((char *)it2->value);
char *token;
char *stringp = file_type;
while((token = strsep(&stringp,",")))
while ((token = strsep(&stringp, ",")))
{
trim(token, ' ');
if(strlen(token) > 0)
if (strlen(token) > 0)
{
dput(server_config.handlers,token, strdup((char*)it->key));
dput(server_config.handlers, token, strdup((char *)it->key));
LOG("Plugin %s: support %s file", it->key, token);
}
}
free(file_type);
}
}
value = (char*)dvalue(config,"autoload");
if( value && (strncmp(value,"1", 1) == 0 || strncmp(value, "true", 3) == 0 ) )
value = (char *)dvalue(config, "autoload");
if (value && (strncmp(value, "1", 1) == 0 || strncmp(value, "true", 3) == 0))
{
// load the plugin
LOG("Plugin %s: autoloading...", it->key);
@ -532,8 +532,7 @@ void *resolve_request(void *data)
char *rqp = NULL;
char *oldrqp = NULL;
rq->client->state = ANTD_CLIENT_RESOLVE_REQUEST;
htdocs(rq, path);
strcat(path, url);
snprintf(path, sizeof(path), "%s/%s", (char *)dvalue(rq->request, "SERVER_WWW_ROOT"), url);
LOG("URL is : %s", url);
LOG("Resource Path is : %s", path);
// if (path[strlen(path) - 1] == '/')
@ -567,8 +566,7 @@ void *resolve_request(void *data)
{
newurl = __s("%s/index.%s", url, it->key);
memset(path, 0, sizeof(path));
htdocs(rq, path);
strcat(path, newurl);
snprintf(path, sizeof(path), "%s/%s", (char *)dvalue(rq->request, "SERVER_WWW_ROOT"), newurl);
if (stat(path, &st) != 0)
{
free(newurl);
@ -669,7 +667,7 @@ int rule_check(const char *k, const char *v, const char *host, const char *_url,
char *tmp, rep[10];
int idx = 0;
memset(rep, 0, 10);
LOG("Verify %s=%s on %s or %s", k, v , url, host);
LOG("Verify %s=%s on %s or %s", k, v, url, host);
// 1 group
if (!host || !(ret = regex_match(k, host, 10, key_matches)))
{
@ -863,11 +861,11 @@ char *apply_rules(dictionary_t rules, const char *host, char *url)
for_each_assoc(it, rules)
{
k = it->key;
if(it->value)
if (it->value)
{
v = (char *)it->value;
// 1 group
if (regex_match("<break>$",v, 0, NULL))
if (regex_match("<break>$", v, 0, NULL))
{
should_break = 1;
}
@ -882,7 +880,7 @@ char *apply_rules(dictionary_t rules, const char *host, char *url)
*query_string = '\0';
query_string++;
}
if(should_break)
if (should_break)
{
i = rules->cap;
LOG("Break rule check as matched found at %s -> %s", k, v);
@ -1718,7 +1716,7 @@ void *execute_plugin(void *data, const char *pname)
port_config_t *pcnf = (port_config_t *)dvalue(server_config.ports, port_s);
// check if plugin is enabled on this port
if(!pcnf->plugins || !regex_match(pattern, pcnf->plugins , 0,NULL))
if (!pcnf->plugins || !regex_match(pattern, pcnf->plugins, 0, NULL))
{
LOG("No plugin matched in [%s] using pattern [%s]", pcnf->plugins, pattern);
antd_error(rq->client, 403, "Access forbidden");
@ -1768,19 +1766,6 @@ dictionary_t mimes_list()
return server_config.mimes;
}
void dbdir(char **dest)
{
*dest = server_config.db_path;
}
void tmpdir(char **dest)
{
*dest = server_config.tmpdir;
}
void plugindir(char **dest)
{
*dest =server_config.plugins_dir;
}
#ifdef USE_ZLIB
int compressable(char *ctype)
{

14
httpd.c
View File

@ -56,7 +56,7 @@ static SSL_CTX *create_context()
}
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
static unsigned char antd_protocols[] = {
//TODO: add support to HTTP/2 protocol: 2,'h', '2',
// TODO: add support to HTTP/2 protocol: 2,'h', '2',
8, 'h', 't', 't', 'p', '/', '1', '.', '1'};
static int alpn_advertise_protos_cb(SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg)
{
@ -88,7 +88,7 @@ static void configure_context(SSL_CTX *ctx)
#else
SSL_CTX_set_tmp_ecdh(ctx, EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
#endif
//SSL_CTX_set_ecdh_auto(ctx, 1);
// SSL_CTX_set_ecdh_auto(ctx, 1);
/* Set some options and the session id.
* SSL_OP_NO_SSLv2: SSLv2 is insecure, disable it.
* SSL_OP_NO_TICKET: We don't want TLS tickets used because this is an SSL server caching example.
@ -108,7 +108,7 @@ static void configure_context(SSL_CTX *ctx)
}
/* Set the key and cert */
/* use the full chain bundle of certificate */
//if (SSL_CTX_use_certificate_file(ctx, server_config->sslcert, SSL_FILETYPE_PEM) <= 0) {
// if (SSL_CTX_use_certificate_file(ctx, server_config->sslcert, SSL_FILETYPE_PEM) <= 0) {
if (SSL_CTX_use_certificate_chain_file(ctx, cnf->sslcert) <= 0)
{
ERROR("Fail to read SSL certificate chain file: %s", cnf->sslcert);
@ -143,7 +143,7 @@ static void stop_serve(int dummy)
closelog();
sigset_t mask;
sigemptyset(&mask);
//Blocks the SIG_IGN signal (by adding SIG_IGN to newMask)
// Blocks the SIG_IGN signal (by adding SIG_IGN to newMask)
sigaddset(&mask, SIGINT);
sigaddset(&mask, SIGPIPE);
sigaddset(&mask, SIGABRT);
@ -201,7 +201,7 @@ static void antd_monitor(port_config_t *pcnf)
LOG("Connect to client IP: %s on port:%d (%d)", client_ip, pcnf->port, client_sock);
// ip address
dput(request->request, "REMOTE_ADDR", (void *)strdup(client_ip));
//LOG("socket: %d\n", client_sock);
// LOG("socket: %d\n", client_sock);
}
// set timeout to socket
@ -338,7 +338,7 @@ int main(int argc, char *argv[])
else
load_config(argv[1]);
// ignore the broken PIPE error when writing
//or reading to/from a closed socked connection
// or reading to/from a closed socked connection
signal(SIGPIPE, SIG_IGN);
signal(SIGABRT, SIG_IGN);
signal(SIGINT, stop_serve);
@ -418,7 +418,7 @@ int main(int argc, char *argv[])
{
if (conf->connection > conf->maxcon)
{
//ERROR("Reach max connection %d", conf->connection);
// ERROR("Reach max connection %d", conf->connection);
timeout.tv_sec = 0;
timeout.tv_usec = 10000; // 5 ms
select(0, NULL, NULL, NULL, &timeout);

22
lib/handle.c
View File

@ -106,28 +106,6 @@ int compressable(char *ctype)
return 0;
}
void htdocs(antd_request_t *rq, char *dest)
{
//dictionary_t xheader = (dictionary_t)dvalue(rq->request, "REQUEST_HEADER");
char *www = (char *)dvalue(rq->request, "SERVER_WWW_ROOT");
if (www)
{
strcpy(dest, www);
}
}
void dbdir(char **dest)
{
UNUSED(dest);
}
void tmpdir(char **dest)
{
UNUSED(dest);
}
void plugindir(char **dest)
{
UNUSED(dest);
}
const char *get_status_str(int stat)
{
switch (stat)

18
lib/handle.h
View File

@ -30,6 +30,8 @@
#define ANTD_PLUGIN_READY 0x0
#define ANTD_PLUGIN_PANNIC 0x1
#define ANTD_PLUGIN_INIT 0x2
#define MAX_PATH_LEN 256
typedef enum
{
@ -108,26 +110,22 @@ typedef struct
typedef struct
{
char name[128];
char* dbpath;
char* tmpdir;
char* pdir;
char name[MAX_PATH_LEN];
char dbpath[MAX_PATH_LEN];
char tmpdir[MAX_PATH_LEN];
char pdir[MAX_PATH_LEN];
dictionary_t config;
int raw_body;
int status;
} plugin_header_t;
int __attribute__((weak)) require_plugin(const char *);
void __attribute__((weak)) htdocs(antd_request_t *rq, char *dest);
void __attribute__((weak)) dbdir(char **dest);
void __attribute__((weak)) tmpdir(char **dest);
void __attribute__((weak)) plugindir(char **dest);
int __attribute__((weak)) compressable(char *ctype);
void set_nonblock(int socket);
//void set_block(int socket);
int __attribute__((weak)) compressable(char *ctype);
void antd_send_header(void *, antd_response_header_t *);
const char *get_status_str(int stat);
int __t(void *, const char *, ...);

9
lib/plugin.h
View File

@ -40,13 +40,8 @@ STATIC PART, should be included in any plugin
static plugin_header_t __plugin__;
// private function
void __init_plugin__(const char* pl, dictionary_t* conf){
strcpy(__plugin__.name,pl);
dbdir(&__plugin__.dbpath);
plugindir(&__plugin__.pdir);
tmpdir(&__plugin__.tmpdir);
__plugin__.config = conf;
__plugin__.raw_body = 0;
void __init_plugin__(plugin_header_t* pl, dictionary_t* conf){
(void) memcpy(&__plugin__, pl, sizeof(plugin_header_t));
__plugin__.status = ANTD_PLUGIN_READY;
init();
};

165
plugin_manager.c
View File

@ -1,12 +1,15 @@
#include <dlfcn.h>
#include <string.h>
#include <fcntl.h>
#include <errno.h>
#include <sys/sendfile.h>
#include <unistd.h>
#include "plugin_manager.h"
#include "lib/utils.h"
#include "lib/handle.h"
#include "http_server.h"
static void unload_plugin_by_name(const char*);
static void * plugin_from_file(char* name, dictionary_t conf);
static void unload_plugin_by_name(const char *);
static void *plugin_from_file(char *name, char *path, dictionary_t conf);
/**
* Plugin table to store the loaded plugin
@ -27,12 +30,6 @@ struct plugin_entry *plugin_lookup(char *s)
return NULL; /* not found */
}
int require_plugin(const char* name)
{
struct plugin_entry* ptr = plugin_load((char*)name, NULL);
return ptr != NULL;
}
/**
* Load a plugin to the plugin table
* Only load when not available in the plugin table
@ -40,41 +37,88 @@ int require_plugin(const char* name)
* @param config: plugin configuration
* @return pointer to the loaded plugin
*/
struct plugin_entry *plugin_load(char *name, dictionary_t config)
struct plugin_entry *plugin_load(char *name, dictionary_t pconf)
{
char* pname = NULL;
char *pname = NULL;
char path[BUFFLEN];
struct plugin_entry *np;
unsigned hashval;
plugin_header_t *(*metafn)();
plugin_header_t *meta = NULL;
char* error;
if(config)
config_t *sconf = config();
int fromfd, tofd;
char *error;
struct stat st;
int is_tmp = 0;
if (pconf)
{
pname = dvalue(config, "name");
pname = dvalue(pconf, "name");
}
if(!pname)
{
pname = name;
}
if ((np = plugin_lookup(name)) == NULL) { /* not found */
LOG("Loading plugin: %s -> %s", name, pname);
np = (struct plugin_entry *) malloc(sizeof(*np));
if ((np = plugin_lookup(name)) == NULL)
{ /* not found */
LOG("Loading plugin: %s...", name);
np = (struct plugin_entry *)malloc(sizeof(*np));
if (np == NULL || name == NULL)
{
if(np) free(np);
if (np)
free(np);
return NULL;
}
np->pname = strdup(name);
if ((np->handle = plugin_from_file(pname,config)) == NULL)
(void)snprintf(path, sizeof(path), "%s/%s%s", sconf->plugins_dir, name, sconf->plugins_ext);
if (pname && strcmp(name, pname) != 0)
{
if(np->pname) free(np->pname);
if(np) free(np);
// copy plugin file to tmpdir
(void)snprintf(path, sizeof(path), "%s/%s%s", sconf->plugins_dir, pname, sconf->plugins_ext);
LOG("Original plugin file: %s", path);
if ((fromfd = open(path, O_RDONLY)) < 0)
{
ERROR("Unable to open file for reading %s: %s", path, strerror(errno));
return NULL;
}
hashval = hash(name,HASHSIZE);
if (stat(path, &st) != 0)
{
close(fromfd);
ERROR("Unable to get file stat %s: %s", path, strerror(errno));
return NULL;
}
(void)snprintf(path, sizeof(path), "%s/%s%s", sconf->tmpdir, name, sconf->plugins_ext);
LOG("TMP plugin file: %s", path);
if ((tofd = open(path, O_WRONLY | O_CREAT, 0600)) < 0)
{
close(fromfd);
ERROR("Unable open file for reading %s: %s", path, strerror(errno));
return NULL;
}
if (sendfile(tofd, fromfd, NULL, st.st_size) != st.st_size)
{
close(fromfd);
close(tofd);
ERROR("Unable to copy file: %s", strerror(errno));
return NULL;
}
is_tmp = 1;
}
np->pname = strdup(name);
np->handle = plugin_from_file(name, path, pconf);
if (is_tmp)
{
(void)remove(path);
}
if (np->handle == NULL)
{
if (np->pname)
free(np->pname);
if (np)
free(np);
return NULL;
}
hashval = hash(name, HASHSIZE);
np->next = plugin_table[hashval];
plugin_table[hashval] = np;
} else /* already there */
}
else /* already there */
{
LOG("The plugin %s id already loaded", name);
}
@ -90,7 +134,7 @@ struct plugin_entry *plugin_load(char *name, dictionary_t config)
}
meta = metafn();
LOG("PLugin status: [%s] %d", name, meta->status);
if(!meta || meta->status != ANTD_PLUGIN_READY)
if (!meta || meta->status != ANTD_PLUGIN_READY)
{
ERROR("Plugin is not ready or error: [%s].", name);
unload_plugin_by_name(name);
@ -104,73 +148,81 @@ struct plugin_entry *plugin_load(char *name, dictionary_t config)
* @param name Name of the plugin
* @return
*/
static void * plugin_from_file(char* name, dictionary_t conf)
static void *plugin_from_file(char *name, char *path, dictionary_t conf)
{
void *lib_handle;
char* error;
char* path = __s("%s/%s%s",config()->plugins_dir,name,config()->plugins_ext);
void (*fn)(const char*, dictionary_t);
lib_handle = dlopen(path, RTLD_LAZY);
char *error;
config_t *cnf = config();
void (*fn)(plugin_header_t *, dictionary_t);
lib_handle = dlopen(path, RTLD_LAZY | RTLD_LOCAL /*| RTLD_NODELETE*/);
if (!lib_handle)
{
ERROR("Cannot load plugin '%s' : '%s'",name,dlerror());
if(path)
free(path);
ERROR("Cannot load plugin '%s' : '%s'", name, dlerror());
return NULL;
}
// set database path
fn = (void (*)(const char*, dictionary_t))dlsym(lib_handle, "__init_plugin__");
fn = (void (*)(plugin_header_t *, dictionary_t))dlsym(lib_handle, "__init_plugin__");
if ((error = dlerror()) != NULL)
ERROR("Problem when finding plugin init function for %s : %s", name,error);
ERROR("Problem when finding plugin init function for %s : %s", name, error);
else
(*fn)(name, conf);
if(path)
free(path);
{
plugin_header_t header;
strncpy(header.name, name, MAX_PATH_LEN - 1);
strncpy(header.dbpath, cnf->db_path, MAX_PATH_LEN - 1);
strncpy(header.tmpdir, cnf->tmpdir, MAX_PATH_LEN - 1);
strncpy(header.pdir, cnf->plugins_dir, MAX_PATH_LEN - 1);
header.config = conf;
header.raw_body = 0;
header.status = ANTD_PLUGIN_INIT;
(*fn)(&header, conf);
}
// trick libc that we close this lib, but it is not realy deleted
return lib_handle;
}
void unload_plugin(struct plugin_entry* np)
void unload_plugin(struct plugin_entry *np)
{
char* error;
char *error;
void (*fn)() = NULL;
// find and execute the exit function
fn = (void(*)()) dlsym(np->handle, "__release__");
fn = (void (*)())dlsym(np->handle, "__release__");
if ((error = dlerror()) != NULL)
{
ERROR("Cant not release plugin %s : %s", np->pname,error);
ERROR("Cant not release plugin %s : %s", np->pname, error);
}
if(fn)
if (fn)
{
(*fn)();
}
dlclose(np->handle);
//free((void *) np->handle);
if(np->pname)
free((void *) np->pname);
// free((void *) np->handle);
if (np->pname)
free((void *)np->pname);
}
/*
Unload a plugin by its name
*/
void unload_plugin_by_name(const char* name)
void unload_plugin_by_name(const char *name)
{
struct plugin_entry *np;
int hasval = hash(name, HASHSIZE);
np = plugin_table[hasval];
if(strcmp(np->pname,name) == 0)
if (strcmp(np->pname, name) == 0)
{
unload_plugin(np);
plugin_table[hasval] = np->next;
}
else
{
for (np = plugin_table[hasval] ; np != NULL; np = np->next)
for (np = plugin_table[hasval]; np != NULL; np = np->next)
{
if (np->next != NULL && strcmp(name, np->next->pname) == 0)
{
break;
}
}
if(np == NULL) return; // the plugin is is not loaded
if (np == NULL)
return; // the plugin is is not loaded
unload_plugin(np->next);
np->next = np->next->next;
}
@ -181,12 +233,12 @@ void unload_plugin_by_name(const char* name)
void unload_all_plugin()
{
LOG("Unload all plugins");
for(int i=0;i<HASHSIZE;i++)
for (int i = 0; i < HASHSIZE; i++)
{
struct plugin_entry **np, *curr;
np = &plugin_table[i];
while((curr = *np) != NULL)
while ((curr = *np) != NULL)
{
(*np) = (*np)->next;
unload_plugin(curr);
@ -196,4 +248,3 @@ void unload_all_plugin()
}
exit(0);
}