httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pque...@apache.org
Subject svn commit: r645594 [26/28] - in /httpd/sandbox/amsterdam/d: ./ build/ docs/conf/ docs/conf/extra/ docs/man/ docs/manual/ docs/manual/developer/ docs/manual/faq/ docs/manual/howto/ docs/manual/misc/ docs/manual/mod/ docs/manual/platform/ docs/manual/pr...
Date Mon, 07 Apr 2008 16:31:24 GMT
Modified: httpd/sandbox/amsterdam/d/modules/ssl/ssl_scache.c
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/ssl/ssl_scache.c?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/modules/ssl/ssl_scache.c (original)
+++ httpd/sandbox/amsterdam/d/modules/ssl/ssl_scache.c Mon Apr  7 09:28:58 2008
@@ -40,60 +40,47 @@
 void ssl_scache_init(server_rec *s, apr_pool_t *p)
 {
     SSLModConfigRec *mc = myModConfig(s);
+    apr_status_t rv;
+    void *data;
+    const char *userdata_key = "ssl_scache_init";
+    
+    /* The very first invocation of this function will be the
+     * post_config invocation during server startup; do nothing for
+     * this first (and only the first) time through, since the pool
+     * will be immediately cleared anyway.  For every subsequent
+     * invocation, initialize the configured cache. */
+    apr_pool_userdata_get(&data, userdata_key, s->process->pool);
+    if (!data) {
+        apr_pool_userdata_set((const void *)1, userdata_key,
+                              apr_pool_cleanup_null, s->process->pool);
+        return;
+    }
 
     /*
      * Warn the user that he should use the session cache.
      * But we can operate without it, of course.
      */
-    if (mc->nSessionCacheMode == SSL_SCMODE_UNSET) {
+    if (mc->sesscache == NULL) {
         ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
                      "Init: Session Cache is not configured "
                      "[hint: SSLSessionCache]");
-        mc->nSessionCacheMode = SSL_SCMODE_NONE;
         return;
     }
 
-    if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
-        ssl_scache_dbm_init(s, p);
-#ifdef HAVE_DISTCACHE
-    else if (mc->nSessionCacheMode == SSL_SCMODE_DC)
-        ssl_scache_dc_init(s, p);
-#endif
-#ifdef HAVE_SSL_CACHE_MEMCACHE
-    else if (mc->nSessionCacheMode == SSL_SCMODE_MC)
-        ssl_scache_mc_init(s, p);
-#endif
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB) {
-        void *data;
-        const char *userdata_key = "ssl_scache_init";
-
-        apr_pool_userdata_get(&data, userdata_key, s->process->pool);
-        if (!data) {
-            apr_pool_userdata_set((const void *)1, userdata_key,
-                                  apr_pool_cleanup_null, s->process->pool);
-            return;
-        }
-        ssl_scache_shmcb_init(s, p);
+    rv = mc->sesscache->init(mc->sesscache_context, s, p);
+    if (rv) {
+        /* ABORT ABORT etc. */
+        ssl_die();
     }
 }
 
 void ssl_scache_kill(server_rec *s)
 {
     SSLModConfigRec *mc = myModConfig(s);
-
-    if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
-        ssl_scache_dbm_kill(s);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
-        ssl_scache_shmcb_kill(s);
-#ifdef HAVE_DISTCACHE
-    else if (mc->nSessionCacheMode == SSL_SCMODE_DC)
-        ssl_scache_dc_kill(s);
-#endif
-#ifdef HAVE_SSL_CACHE_MEMCACHE
-    else if (mc->nSessionCacheMode == SSL_SCMODE_MC)
-        ssl_scache_mc_kill(s);
-#endif
-    return;
+    
+    if (mc->sesscache) {
+        mc->sesscache->destroy(mc->sesscache_context, s);
+    }
 }
 
 BOOL ssl_scache_store(server_rec *s, UCHAR *id, int idlen,
@@ -101,42 +88,62 @@
                       apr_pool_t *p)
 {
     SSLModConfigRec *mc = myModConfig(s);
-    BOOL rv = FALSE;
+    unsigned char encoded[SSL_SESSION_MAX_DER], *ptr;
+    unsigned int len;
+    apr_status_t rv;
+
+    /* Serialise the session. */
+    len = i2d_SSL_SESSION(sess, NULL);
+    if (len > sizeof encoded) {
+        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+                     "session is too big (%u bytes)", len);
+        return FALSE;
+    }
+
+    ptr = encoded;
+    len = i2d_SSL_SESSION(sess, &ptr);
 
-    if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
-        rv = ssl_scache_dbm_store(s, id, idlen, expiry, sess, p);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
-        rv = ssl_scache_shmcb_store(s, id, idlen, expiry, sess);
-#ifdef HAVE_DISTCACHE
-    else if (mc->nSessionCacheMode == SSL_SCMODE_DC)
-        rv = ssl_scache_dc_store(s, id, idlen, expiry, sess);
-#endif
-#ifdef HAVE_SSL_CACHE_MEMCACHE
-    else if (mc->nSessionCacheMode == SSL_SCMODE_MC)
-        rv = ssl_scache_mc_store(s, id, idlen, expiry, sess);
-#endif
-    return rv;
+    if (mc->sesscache->flags & MODSSL_SESSCACHE_FLAG_NOTMPSAFE) {
+        ssl_mutex_on(s);
+    }
+    
+    rv = mc->sesscache->store(mc->sesscache_context, s, id, idlen, 
+                              expiry, encoded, len);
+
+    if (mc->sesscache->flags & MODSSL_SESSCACHE_FLAG_NOTMPSAFE) {
+        ssl_mutex_off(s);
+    }
+
+    return rv == APR_SUCCESS ? TRUE : FALSE;
 }
 
 SSL_SESSION *ssl_scache_retrieve(server_rec *s, UCHAR *id, int idlen,
                                  apr_pool_t *p)
 {
     SSLModConfigRec *mc = myModConfig(s);
-    SSL_SESSION *sess = NULL;
+    unsigned char dest[SSL_SESSION_MAX_DER];
+    unsigned int destlen = SSL_SESSION_MAX_DER;
+    MODSSL_D2I_SSL_SESSION_CONST unsigned char *ptr;
+    apr_status_t rv;
+
+    if (mc->sesscache->flags & MODSSL_SESSCACHE_FLAG_NOTMPSAFE) {
+        ssl_mutex_on(s);
+    }
+
+    rv = mc->sesscache->retrieve(mc->sesscache_context, s, id, idlen, 
+                                 dest, &destlen, p);
 
-    if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
-        sess = ssl_scache_dbm_retrieve(s, id, idlen, p);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
-        sess = ssl_scache_shmcb_retrieve(s, id, idlen);
-#ifdef HAVE_DISTCACHE
-    else if (mc->nSessionCacheMode == SSL_SCMODE_DC)
-        sess = ssl_scache_dc_retrieve(s, id, idlen);
-#endif
-#ifdef HAVE_SSL_CACHE_MEMCACHE
-    else if (mc->nSessionCacheMode == SSL_SCMODE_MC)
-        sess = ssl_scache_mc_retrieve(s, id, idlen, p);
-#endif
-    return sess;
+    if (mc->sesscache->flags & MODSSL_SESSCACHE_FLAG_NOTMPSAFE) {
+        ssl_mutex_off(s);
+    }
+
+    if (rv != APR_SUCCESS) {
+        return NULL;
+    }
+
+    ptr = dest;
+
+    return d2i_SSL_SESSION(NULL, &ptr, destlen);
 }
 
 void ssl_scache_remove(server_rec *s, UCHAR *id, int idlen,
@@ -144,19 +151,15 @@
 {
     SSLModConfigRec *mc = myModConfig(s);
 
-    if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
-        ssl_scache_dbm_remove(s, id, idlen, p);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
-        ssl_scache_shmcb_remove(s, id, idlen);
-#ifdef HAVE_DISTCACHE
-    else if (mc->nSessionCacheMode == SSL_SCMODE_DC)
-        ssl_scache_dc_remove(s, id, idlen);
-#endif
-#ifdef HAVE_SSL_CACHE_MEMCACHE
-    else if (mc->nSessionCacheMode == SSL_SCMODE_MC)
-        ssl_scache_mc_remove(s, id, idlen);
-#endif
-    return;
+    if (mc->sesscache->flags & MODSSL_SESSCACHE_FLAG_NOTMPSAFE) {
+        ssl_mutex_on(s);
+    }
+
+    mc->sesscache->delete(mc->sesscache_context, s, id, idlen, p);
+
+    if (mc->sesscache->flags & MODSSL_SESSCACHE_FLAG_NOTMPSAFE) {
+        ssl_mutex_off(s);
+    }
 }
 
 /*  _________________________________________________________________
@@ -166,9 +169,9 @@
 */
 static int ssl_ext_status_hook(request_rec *r, int flags)
 {
-    SSLSrvConfigRec *sc = mySrvConfig(r->server);
+    SSLModConfigRec *mc = myModConfig(r->server);
 
-    if (sc == NULL || flags & AP_STATUS_SHORT)
+    if (mc == NULL || flags & AP_STATUS_SHORT || mc->sesscache == NULL)
         return OK;
 
     ap_rputs("<hr>\n", r);
@@ -178,18 +181,15 @@
     ap_rputs("</td></tr>\n", r);
     ap_rputs("<tr><td bgcolor=\"#ffffff\">\n", r);
 
-    if (sc->mc->nSessionCacheMode == SSL_SCMODE_DBM)
-        ssl_scache_dbm_status(r, flags, r->pool);
-    else if (sc->mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
-        ssl_scache_shmcb_status(r, flags, r->pool);
-#ifdef HAVE_DISTCACHE
-    else if (sc->mc->nSessionCacheMode == SSL_SCMODE_DC)
-        ssl_scache_dc_status(r, flags, r->pool);
-#endif
-#ifdef HAVE_SSL_CACHE_MEMCACHE
-    else if (sc->mc->nSessionCacheMode == SSL_SCMODE_MC)
-        ssl_scache_mc_status(r, flags, r->pool);
-#endif
+    if (mc->sesscache->flags & MODSSL_SESSCACHE_FLAG_NOTMPSAFE) {
+        ssl_mutex_on(r->server);
+    }
+
+    mc->sesscache->status(mc->sesscache_context, r, flags);
+
+    if (mc->sesscache->flags & MODSSL_SESSCACHE_FLAG_NOTMPSAFE) {
+        ssl_mutex_off(r->server);
+    }
 
     ap_rputs("</td></tr>\n", r);
     ap_rputs("</table>\n", r);

Modified: httpd/sandbox/amsterdam/d/modules/ssl/ssl_scache_dbm.c
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/ssl/ssl_scache_dbm.c?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/modules/ssl/ssl_scache_dbm.c (original)
+++ httpd/sandbox/amsterdam/d/modules/ssl/ssl_scache_dbm.c Mon Apr  7 09:28:58 2008
@@ -26,30 +26,60 @@
 
 #include "ssl_private.h"
 
-static void ssl_scache_dbm_expire(server_rec *s);
+/* Use of the context structure must be thread-safe after the initial
+ * create/init; callers must hold the mutex. */
+struct context {
+    const char *data_file;
+    /* Pool must only be used with the mutex held. */
+    apr_pool_t *pool;
+    time_t last_expiry;
+};
+
+static void ssl_scache_dbm_expire(struct context *ctx, server_rec *s);
+
+static void ssl_scache_dbm_remove(void *context, server_rec *s,
+                                  const unsigned char *id, unsigned int idlen,
+                                  apr_pool_t *p);
 
-void ssl_scache_dbm_init(server_rec *s, apr_pool_t *p)
+static const char *ssl_scache_dbm_create(void **context, const char *arg, 
+                                         apr_pool_t *tmp, apr_pool_t *p)
 {
-    SSLModConfigRec *mc = myModConfig(s);
+    struct context *ctx;
+
+    *context = ctx = apr_pcalloc(p, sizeof *ctx);
+
+    ctx->data_file = ap_server_root_relative(p, arg);
+    if (!ctx->data_file) {
+        return apr_psprintf(tmp, "Invalid cache file path %s", arg);
+    }
+    
+    apr_pool_create(&ctx->pool, p);
+
+    return NULL;
+}
+
+static apr_status_t ssl_scache_dbm_init(void *context, server_rec *s, apr_pool_t *p)
+{
+    struct context *ctx = context;
     apr_dbm_t *dbm;
     apr_status_t rv;
 
     /* for the DBM we need the data file */
-    if (mc->szSessionCacheDataFile == NULL) {
+    if (ctx->data_file == NULL) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                      "SSLSessionCache required");
-        ssl_die();
+        return APR_EINVAL;
     }
 
     /* open it once to create it and to make sure it _can_ be created */
-    ssl_mutex_on(s);
-    if ((rv = apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
-            APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool)) != APR_SUCCESS) {
+    apr_pool_clear(ctx->pool);
+
+    if ((rv = apr_dbm_open(&dbm, ctx->data_file,
+            APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, ctx->pool)) != APR_SUCCESS) {
         ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
                      "Cannot create SSLSessionCache DBM file `%s'",
-                     mc->szSessionCacheDataFile);
-        ssl_mutex_off(s);
-        return;
+                     ctx->data_file);
+        return rv;
     }
     apr_dbm_close(dbm);
 
@@ -60,86 +90,69 @@
      * cannot exactly determine the suffixes we try all possibilities.
      */
     if (geteuid() == 0 /* is superuser */) {
-        chown(mc->szSessionCacheDataFile, unixd_config.user_id, -1 /* no gid change */);
-        if (chown(apr_pstrcat(p, mc->szSessionCacheDataFile, SSL_DBM_FILE_SUFFIX_DIR, NULL),
+        chown(ctx->data_file, unixd_config.user_id, -1 /* no gid change */);
+        if (chown(apr_pstrcat(p, ctx->data_file, SSL_DBM_FILE_SUFFIX_DIR, NULL),
                   unixd_config.user_id, -1) == -1) {
-            if (chown(apr_pstrcat(p, mc->szSessionCacheDataFile, ".db", NULL),
+            if (chown(apr_pstrcat(p, ctx->data_file, ".db", NULL),
                       unixd_config.user_id, -1) == -1)
-                chown(apr_pstrcat(p, mc->szSessionCacheDataFile, ".dir", NULL),
+                chown(apr_pstrcat(p, ctx->data_file, ".dir", NULL),
                       unixd_config.user_id, -1);
         }
-        if (chown(apr_pstrcat(p, mc->szSessionCacheDataFile, SSL_DBM_FILE_SUFFIX_PAG, NULL),
+        if (chown(apr_pstrcat(p, ctx->data_file, SSL_DBM_FILE_SUFFIX_PAG, NULL),
                   unixd_config.user_id, -1) == -1) {
-            if (chown(apr_pstrcat(p, mc->szSessionCacheDataFile, ".db", NULL),
+            if (chown(apr_pstrcat(p, ctx->data_file, ".db", NULL),
                       unixd_config.user_id, -1) == -1)
-                chown(apr_pstrcat(p, mc->szSessionCacheDataFile, ".pag", NULL),
+                chown(apr_pstrcat(p, ctx->data_file, ".pag", NULL),
                       unixd_config.user_id, -1);
         }
     }
 #endif
-    ssl_mutex_off(s);
-    ssl_scache_dbm_expire(s);
-    return;
+    ssl_scache_dbm_expire(ctx, s);
+
+    return APR_SUCCESS;
 }
 
-void ssl_scache_dbm_kill(server_rec *s)
+static void ssl_scache_dbm_kill(void *context, server_rec *s)
 {
-    SSLModConfigRec *mc = myModConfig(s);
-    apr_pool_t *p;
+    struct context *ctx = context;
+
+    /* the correct way */
+    unlink(apr_pstrcat(ctx->pool, ctx->data_file, SSL_DBM_FILE_SUFFIX_DIR, NULL));
+    unlink(apr_pstrcat(ctx->pool, ctx->data_file, SSL_DBM_FILE_SUFFIX_PAG, NULL));
+    /* the additional ways to be sure */
+    unlink(apr_pstrcat(ctx->pool, ctx->data_file, ".dir", NULL));
+    unlink(apr_pstrcat(ctx->pool, ctx->data_file, ".pag", NULL));
+    unlink(apr_pstrcat(ctx->pool, ctx->data_file, ".db", NULL));
+    unlink(ctx->data_file);
 
-    apr_pool_create_ex(&p, mc->pPool, NULL, NULL);
-    if (p != NULL) {
-        /* the correct way */
-        unlink(apr_pstrcat(p, mc->szSessionCacheDataFile, SSL_DBM_FILE_SUFFIX_DIR, NULL));
-        unlink(apr_pstrcat(p, mc->szSessionCacheDataFile, SSL_DBM_FILE_SUFFIX_PAG, NULL));
-        /* the additional ways to be sure */
-        unlink(apr_pstrcat(p, mc->szSessionCacheDataFile, ".dir", NULL));
-        unlink(apr_pstrcat(p, mc->szSessionCacheDataFile, ".pag", NULL));
-        unlink(apr_pstrcat(p, mc->szSessionCacheDataFile, ".db", NULL));
-        unlink(mc->szSessionCacheDataFile);
-        apr_pool_destroy(p);
-    }
     return;
 }
 
-BOOL ssl_scache_dbm_store(server_rec *s, UCHAR *id, int idlen,
-                          time_t expiry, SSL_SESSION *sess,
-                          apr_pool_t *p)
+static apr_status_t ssl_scache_dbm_store(void *context, server_rec *s, 
+                                         const unsigned char *id, unsigned int idlen,
+                                         time_t expiry, 
+                                         unsigned char *ucaData, unsigned int nData)
 {
-    SSLModConfigRec *mc = myModConfig(s);
+    struct context *ctx = context;
     apr_dbm_t *dbm;
     apr_datum_t dbmkey;
     apr_datum_t dbmval;
-    UCHAR ucaData[SSL_SESSION_MAX_DER];
-    int nData;
-    UCHAR *ucp;
     apr_status_t rv;
 
-    /* streamline session data */
-    if ((nData = i2d_SSL_SESSION(sess, NULL)) > sizeof(ucaData)) {
-        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-                     "streamline session data size too large: %d > "
-                     "%" APR_SIZE_T_FMT,
-                     nData, sizeof(ucaData));
-        return FALSE;
-    }
-    ucp = ucaData;
-    i2d_SSL_SESSION(sess, &ucp);
-
     /* be careful: do not try to store too much bytes in a DBM file! */
 #ifdef PAIRMAX
     if ((idlen + nData) >= PAIRMAX) {
         ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                  "data size too large for DBM session cache: %d >= %d",
                  (idlen + nData), PAIRMAX);
-        return FALSE;
+        return APR_ENOSPC;
     }
 #else
     if ((idlen + nData) >= 950 /* at least less than approx. 1KB */) {
         ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                  "data size too large for DBM session cache: %d >= %d",
                  (idlen + nData), 950);
-        return FALSE;
+        return APR_ENOSPC;
     }
 #endif
 
@@ -153,60 +166,58 @@
     if (dbmval.dptr == NULL) {
         ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                  "malloc error creating DBM value");
-        return FALSE;
+        return APR_ENOMEM;
     }
     memcpy((char *)dbmval.dptr, &expiry, sizeof(time_t));
     memcpy((char *)dbmval.dptr+sizeof(time_t), ucaData, nData);
 
     /* and store it to the DBM file */
-    ssl_mutex_on(s);
-    if ((rv = apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
-            APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, p)) != APR_SUCCESS) {
+    apr_pool_clear(ctx->pool);
+
+    if ((rv = apr_dbm_open(&dbm, ctx->data_file,
+                           APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, ctx->pool)) != APR_SUCCESS) {
         ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
                      "Cannot open SSLSessionCache DBM file `%s' for writing "
                      "(store)",
-                     mc->szSessionCacheDataFile);
-        ssl_mutex_off(s);
+                     ctx->data_file);
         free(dbmval.dptr);
-        return FALSE;
+        return rv;
     }
     if ((rv = apr_dbm_store(dbm, dbmkey, dbmval)) != APR_SUCCESS) {
         ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
                      "Cannot store SSL session to DBM file `%s'",
-                     mc->szSessionCacheDataFile);
+                     ctx->data_file);
         apr_dbm_close(dbm);
-        ssl_mutex_off(s);
         free(dbmval.dptr);
-        return FALSE;
+        return rv;
     }
     apr_dbm_close(dbm);
-    ssl_mutex_off(s);
 
     /* free temporary buffers */
     free(dbmval.dptr);
 
     /* allow the regular expiring to occur */
-    ssl_scache_dbm_expire(s);
+    ssl_scache_dbm_expire(ctx, s);
 
-    return TRUE;
+    return APR_SUCCESS;
 }
 
-SSL_SESSION *ssl_scache_dbm_retrieve(server_rec *s, UCHAR *id, int idlen,
-                                     apr_pool_t *p)
+static apr_status_t ssl_scache_dbm_retrieve(void *context, server_rec *s, 
+                                            const unsigned char *id, unsigned int idlen,
+                                            unsigned char *dest, unsigned int *destlen,
+                                            apr_pool_t *p)
 {
-    SSLModConfigRec *mc = myModConfig(s);
+    struct context *ctx = context;
     apr_dbm_t *dbm;
     apr_datum_t dbmkey;
     apr_datum_t dbmval;
-    SSL_SESSION *sess = NULL;
-    MODSSL_D2I_SSL_SESSION_CONST unsigned char *ucpData;
-    int nData;
+    unsigned int nData;
     time_t expiry;
     time_t now;
     apr_status_t rc;
 
     /* allow the regular expiring to occur */
-    ssl_scache_dbm_expire(s);
+    ssl_scache_dbm_expire(ctx, s);
 
     /* create DBM key and values */
     dbmkey.dptr  = (char *)id;
@@ -216,61 +227,53 @@
      * XXX: Should we open the dbm against r->pool so the cleanup will
      * do the apr_dbm_close? This would make the code a bit cleaner.
      */
-    ssl_mutex_on(s);
-    if ((rc = apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
-            APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, p)) != APR_SUCCESS) {
+    apr_pool_clear(ctx->pool);
+    if ((rc = apr_dbm_open(&dbm, ctx->data_file, APR_DBM_RWCREATE, 
+                           SSL_DBM_FILE_MODE, ctx->pool)) != APR_SUCCESS) {
         ap_log_error(APLOG_MARK, APLOG_ERR, rc, s,
                      "Cannot open SSLSessionCache DBM file `%s' for reading "
                      "(fetch)",
-                     mc->szSessionCacheDataFile);
-        ssl_mutex_off(s);
-        return NULL;
+                     ctx->data_file);
+        return rc;
     }
     rc = apr_dbm_fetch(dbm, dbmkey, &dbmval);
     if (rc != APR_SUCCESS) {
         apr_dbm_close(dbm);
-        ssl_mutex_off(s);
-        return NULL;
+        return rc;
     }
     if (dbmval.dptr == NULL || dbmval.dsize <= sizeof(time_t)) {
         apr_dbm_close(dbm);
-        ssl_mutex_off(s);
-        return NULL;
+        return rc;
     }
 
     /* parse resulting data */
     nData = dbmval.dsize-sizeof(time_t);
-    ucpData = malloc(nData);
-    if (ucpData == NULL) {
+    if (nData > *destlen) {
         apr_dbm_close(dbm);
-        ssl_mutex_off(s);
-        return NULL;
-    }
-    /* Cast needed, ucpData may be const */
-    memcpy((unsigned char *)ucpData,
-           (char *)dbmval.dptr + sizeof(time_t), nData);
+        return APR_ENOSPC;
+    }    
+
+    *destlen = nData;
     memcpy(&expiry, dbmval.dptr, sizeof(time_t));
+    memcpy(dest, (char *)dbmval.dptr + sizeof(time_t), nData);
 
     apr_dbm_close(dbm);
-    ssl_mutex_off(s);
 
     /* make sure the stuff is still not expired */
     now = time(NULL);
     if (expiry <= now) {
-        ssl_scache_dbm_remove(s, id, idlen, p);
-        return NULL;
+        ssl_scache_dbm_remove(context, s, id, idlen, p);
+        return APR_EGENERAL;
     }
 
-    /* unstreamed SSL_SESSION */
-    sess = d2i_SSL_SESSION(NULL, &ucpData, nData);
-
-    return sess;
+    return APR_SUCCESS;
 }
 
-void ssl_scache_dbm_remove(server_rec *s, UCHAR *id, int idlen,
-                           apr_pool_t *p)
+static void ssl_scache_dbm_remove(void *context, server_rec *s, 
+                                  const unsigned char *id, unsigned int idlen,
+                                  apr_pool_t *p)
 {
-    SSLModConfigRec *mc = myModConfig(s);
+    struct context *ctx = context;
     apr_dbm_t *dbm;
     apr_datum_t dbmkey;
     apr_status_t rv;
@@ -280,32 +283,28 @@
     dbmkey.dsize = idlen;
 
     /* and delete it from the DBM file */
-    ssl_mutex_on(s);
-    if ((rv = apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
-            APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, p)) != APR_SUCCESS) {
+    apr_pool_clear(ctx->pool);
+
+    if ((rv = apr_dbm_open(&dbm, ctx->data_file, APR_DBM_RWCREATE, 
+                           SSL_DBM_FILE_MODE, ctx->pool)) != APR_SUCCESS) {
         ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
                      "Cannot open SSLSessionCache DBM file `%s' for writing "
                      "(delete)",
-                     mc->szSessionCacheDataFile);
-        ssl_mutex_off(s);
+                     ctx->data_file);
         return;
     }
     apr_dbm_delete(dbm, dbmkey);
     apr_dbm_close(dbm);
-    ssl_mutex_off(s);
 
     return;
 }
 
-static void ssl_scache_dbm_expire(server_rec *s)
+static void ssl_scache_dbm_expire(struct context *ctx, server_rec *s)
 {
-    SSLModConfigRec *mc = myModConfig(s);
     SSLSrvConfigRec *sc = mySrvConfig(s);
-    static time_t tLast = 0;
     apr_dbm_t *dbm;
     apr_datum_t dbmkey;
     apr_datum_t dbmval;
-    apr_pool_t *p;
     time_t tExpiresAt;
     int nElements = 0;
     int nDeleted = 0;
@@ -321,9 +320,12 @@
      * cache entries is done only from time to time
      */
     tNow = time(NULL);
-    if (tNow < tLast+sc->session_cache_timeout)
+
+    if (tNow < ctx->last_expiry + sc->session_cache_timeout) {
         return;
-    tLast = tNow;
+    }
+
+    ctx->last_expiry = tNow;
 
     /*
      * Here we have to be very carefully: Not all DBM libraries are
@@ -338,27 +340,22 @@
 
 #define KEYMAX 1024
 
-    ssl_mutex_on(s);
     for (;;) {
         /* allocate the key array in a memory sub pool */
-        apr_pool_create_ex(&p, mc->pPool, NULL, NULL);
-        if (p == NULL)
-            break;
-        if ((keylist = apr_palloc(p, sizeof(dbmkey)*KEYMAX)) == NULL) {
-            apr_pool_destroy(p);
+        apr_pool_clear(ctx->pool);
+
+        if ((keylist = apr_palloc(ctx->pool, sizeof(dbmkey)*KEYMAX)) == NULL) {
             break;
         }
 
         /* pass 1: scan DBM database */
         keyidx = 0;
-        if ((rv = apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
-                               APR_DBM_RWCREATE,SSL_DBM_FILE_MODE,
-                               p)) != APR_SUCCESS) {
+        if ((rv = apr_dbm_open(&dbm, ctx->data_file, APR_DBM_RWCREATE,
+                               SSL_DBM_FILE_MODE, ctx->pool)) != APR_SUCCESS) {
             ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
                          "Cannot open SSLSessionCache DBM file `%s' for "
                          "scanning",
-                         mc->szSessionCacheDataFile);
-            apr_pool_destroy(p);
+                         ctx->data_file);
             break;
         }
         apr_dbm_firstkey(dbm, &dbmkey);
@@ -374,7 +371,7 @@
                     bDelete = TRUE;
             }
             if (bDelete) {
-                if ((keylist[keyidx].dptr = apr_pmemdup(p, dbmkey.dptr, dbmkey.dsize)) != NULL) {
+                if ((keylist[keyidx].dptr = apr_pmemdup(ctx->pool, dbmkey.dptr, dbmkey.dsize)) != NULL) {
                     keylist[keyidx].dsize = dbmkey.dsize;
                     keyidx++;
                     if (keyidx == KEYMAX)
@@ -386,13 +383,12 @@
         apr_dbm_close(dbm);
 
         /* pass 2: delete expired elements */
-        if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
-                APR_DBM_RWCREATE,SSL_DBM_FILE_MODE, p) != APR_SUCCESS) {
+        if (apr_dbm_open(&dbm, ctx->data_file, APR_DBM_RWCREATE,
+                         SSL_DBM_FILE_MODE, ctx->pool) != APR_SUCCESS) {
             ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
                          "Cannot re-open SSLSessionCache DBM file `%s' for "
                          "expiring",
-                         mc->szSessionCacheDataFile);
-            apr_pool_destroy(p);
+                         ctx->data_file);
             break;
         }
         for (i = 0; i < keyidx; i++) {
@@ -401,24 +397,19 @@
         }
         apr_dbm_close(dbm);
 
-        /* destroy temporary pool */
-        apr_pool_destroy(p);
-
         if (keyidx < KEYMAX)
             break;
     }
-    ssl_mutex_off(s);
 
     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                  "Inter-Process Session Cache (DBM) Expiry: "
                  "old: %d, new: %d, removed: %d",
                  nElements, nElements-nDeleted, nDeleted);
-    return;
 }
 
-void ssl_scache_dbm_status(request_rec *r, int flags, apr_pool_t *p)
+static void ssl_scache_dbm_status(void *context, request_rec *r, int flags)
 {
-    SSLModConfigRec *mc = myModConfig(r->server);
+    struct context *ctx = context;
     apr_dbm_t *dbm;
     apr_datum_t dbmkey;
     apr_datum_t dbmval;
@@ -429,18 +420,14 @@
 
     nElem = 0;
     nSize = 0;
-    ssl_mutex_on(r->server);
-    /*
-     * XXX - Check what pool is to be used - TBD
-     */
-    if ((rv = apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
-                               APR_DBM_RWCREATE, SSL_DBM_FILE_MODE,
-                           mc->pPool)) != APR_SUCCESS) {
+
+    apr_pool_clear(ctx->pool);
+    if ((rv = apr_dbm_open(&dbm, ctx->data_file, APR_DBM_RWCREATE, 
+                           SSL_DBM_FILE_MODE, ctx->pool)) != APR_SUCCESS) {
         ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
                      "Cannot open SSLSessionCache DBM file `%s' for status "
                      "retrival",
-                     mc->szSessionCacheDataFile);
-        ssl_mutex_off(r->server);
+                     ctx->data_file);
         return;
     }
     /*
@@ -455,7 +442,6 @@
         nSize += dbmval.dsize;
     }
     apr_dbm_close(dbm);
-    ssl_mutex_off(r->server);
     if (nSize > 0 && nElem > 0)
         nAverage = nSize / nElem;
     else
@@ -466,3 +452,14 @@
     return;
 }
 
+const modssl_sesscache_provider modssl_sesscache_dbm = {
+    "dbm",
+    MODSSL_SESSCACHE_FLAG_NOTMPSAFE,
+    ssl_scache_dbm_create,
+    ssl_scache_dbm_init,
+    ssl_scache_dbm_kill,
+    ssl_scache_dbm_store,
+    ssl_scache_dbm_retrieve,
+    ssl_scache_dbm_remove,
+    ssl_scache_dbm_status
+};

Modified: httpd/sandbox/amsterdam/d/modules/ssl/ssl_scache_dc.c
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/ssl/ssl_scache_dc.c?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/modules/ssl/ssl_scache_dc.c (original)
+++ httpd/sandbox/amsterdam/d/modules/ssl/ssl_scache_dc.c Mon Apr  7 09:28:58 2008
@@ -48,17 +48,29 @@
 **
 */
 
-void ssl_scache_dc_init(server_rec *s, apr_pool_t *p)
+struct context {
+    /* Configured target server: */
+    const char *target;
+    /* distcache client context: */
+    DC_CTX *dc;
+};
+
+static const char *ssl_scache_dc_create(void **context, const char *arg, 
+                                        apr_pool_t *tmp, apr_pool_t *p)
 {
-    DC_CTX *ctx;
-    SSLModConfigRec *mc = myModConfig(s);
-    /*
-     * Create a session context
-     */
-    if (mc->szSessionCacheDataFile == NULL) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "SSLSessionCache required");
-        ssl_die();
-    }
+    struct context *ctx;
+
+    ctx = *context = apr_palloc(p, sizeof *ctx);
+    
+    ctx->target = apr_pstrdup(p, arg);
+
+    return NULL;
+}
+
+static apr_status_t ssl_scache_dc_init(void *context, server_rec *s, apr_pool_t *p)
+{
+    struct context *ctx = ctx;
+
 #if 0
     /* If a "persistent connection" mode of operation is preferred, you *must*
      * also use the PIDCHECK flag to ensure fork()'d processes don't interlace
@@ -75,103 +87,102 @@
      * performance/stability danger of file-descriptor bloatage. */
 #define SESSION_CTX_FLAGS        0
 #endif
-    ctx = DC_CTX_new(mc->szSessionCacheDataFile, SESSION_CTX_FLAGS);
-    if (!ctx) {
+    ctx->dc = DC_CTX_new(ctx->target, SESSION_CTX_FLAGS);
+    if (!ctx->dc) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "distributed scache failed to obtain context");
-        ssl_die();
+        return APR_EGENERAL;
     }
     ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "distributed scache context initialised");
-    /*
-     * Success ...
-     */
-    mc->tSessionCacheDataTable = ctx;
-    return;
+
+    return APR_SUCCESS;
 }
 
-void ssl_scache_dc_kill(server_rec *s)
+static void ssl_scache_dc_kill(void *context, server_rec *s)
 {
-    SSLModConfigRec *mc = myModConfig(s);
+    struct context *ctx = context;
 
-    if (mc->tSessionCacheDataTable)
-        DC_CTX_free(mc->tSessionCacheDataTable);
-    mc->tSessionCacheDataTable = NULL;
+    if (ctx && ctx->dc) {
+        DC_CTX_free(ctx->dc);
+        ctx->dc = NULL;
+    }
 }
 
-BOOL ssl_scache_dc_store(server_rec *s, UCHAR *id, int idlen,
-                           time_t timeout, SSL_SESSION * pSession)
+static apr_status_t ssl_scache_dc_store(void *context, server_rec *s, 
+                                        const unsigned char *id, unsigned int idlen,
+                                        time_t timeout,
+                                        unsigned char *der, unsigned int der_len)
 {
-    unsigned char der[SSL_SESSION_MAX_DER];
-    int der_len;
-    unsigned char *pder = der;
-    SSLModConfigRec *mc = myModConfig(s);
-    DC_CTX *ctx = mc->tSessionCacheDataTable;
+    struct context *ctx = context;
 
-    /* Serialise the SSL_SESSION object */
-    if ((der_len = i2d_SSL_SESSION(pSession, NULL)) > SSL_SESSION_MAX_DER)
-        return FALSE;
-    i2d_SSL_SESSION(pSession, &pder);
     /* !@#$%^ - why do we deal with *absolute* time anyway??? */
     timeout -= time(NULL);
     /* Send the serialised session to the distributed cache context */
-    if (!DC_CTX_add_session(ctx, id, idlen, der, der_len,
+    if (!DC_CTX_add_session(ctx->dc, id, idlen, der, der_len,
                             (unsigned long)timeout * 1000)) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "distributed scache 'add_session' failed");
-        return FALSE;
+        return APR_EGENERAL;
     }
     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "distributed scache 'add_session' successful");
-    return TRUE;
+    return APR_SUCCESS;
 }
 
-SSL_SESSION *ssl_scache_dc_retrieve(server_rec *s, UCHAR *id, int idlen)
+static apr_status_t ssl_scache_dc_retrieve(void *context, server_rec *s, 
+                                           const unsigned char *id, unsigned int idlen,
+                                           unsigned char *dest, unsigned int *destlen,
+                                           apr_pool_t *p)
 {
-    unsigned char der[SSL_SESSION_MAX_DER];
-    unsigned int der_len;
-    SSL_SESSION *pSession;
-    MODSSL_D2I_SSL_SESSION_CONST unsigned char *pder = der;
-    SSLModConfigRec *mc = myModConfig(s);
-    DC_CTX *ctx = mc->tSessionCacheDataTable;
+    unsigned int data_len;
+    struct context *ctx = context;
 
     /* Retrieve any corresponding session from the distributed cache context */
-    if (!DC_CTX_get_session(ctx, id, idlen, der, SSL_SESSION_MAX_DER,
-                            &der_len)) {
+    if (!DC_CTX_get_session(ctx->dc, id, idlen, dest, *destlen, &data_len)) {
         ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "distributed scache 'get_session' MISS");
-        return NULL;
+        return APR_EGENERAL;
     }
-    if (der_len > SSL_SESSION_MAX_DER) {
+    if (data_len > *destlen) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "distributed scache 'get_session' OVERFLOW");
-        return NULL;
-    }
-    pSession = d2i_SSL_SESSION(NULL, &pder, der_len);
-    if (!pSession) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "distributed scache 'get_session' CORRUPT");
-        return NULL;
+        return APR_ENOSPC;
     }
+    *destlen = data_len;
     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "distributed scache 'get_session' HIT");
-    return pSession;
+    return APR_SUCCESS;
 }
 
-void ssl_scache_dc_remove(server_rec *s, UCHAR *id, int idlen)
+static void ssl_scache_dc_remove(void *context, server_rec *s, 
+                                 const unsigned char *id, unsigned int idlen, 
+                                 apr_pool_t *p)
 {
-    SSLModConfigRec *mc = myModConfig(s);
-    DC_CTX *ctx = mc->tSessionCacheDataTable;
+    struct context *ctx = context;
 
     /* Remove any corresponding session from the distributed cache context */
-    if (!DC_CTX_remove_session(ctx, id, idlen)) {
+    if (!DC_CTX_remove_session(ctx->dc, id, idlen)) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "distributed scache 'remove_session' MISS");
     } else {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "distributed scache 'remove_session' HIT");
     }
 }
 
-void ssl_scache_dc_status(request_rec *r, int flags, apr_pool_t *pool)
+static void ssl_scache_dc_status(void *context, request_rec *r, int flags)
 {
-    SSLModConfigRec *mc = myModConfig(r->server);
+    struct context *ctx = context;
 
     ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
                   "distributed scache 'ssl_scache_dc_status'");
     ap_rprintf(r, "cache type: <b>DC (Distributed Cache)</b>, "
-               " target: <b>%s</b><br>", mc->szSessionCacheDataFile);
+               " target: <b>%s</b><br>", ctx->target);
 }
+
+const modssl_sesscache_provider modssl_sesscache_dc = {
+    "distcache",
+    0,
+    ssl_scache_dc_create,
+    ssl_scache_dc_init,
+    ssl_scache_dc_kill,
+    ssl_scache_dc_store,
+    ssl_scache_dc_retrieve,
+    ssl_scache_dc_remove,
+    ssl_scache_dc_status
+};
 
 #endif
 

Modified: httpd/sandbox/amsterdam/d/modules/ssl/ssl_scache_memcache.c
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/ssl/ssl_scache_memcache.c?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/modules/ssl/ssl_scache_memcache.c (original)
+++ httpd/sandbox/amsterdam/d/modules/ssl/ssl_scache_memcache.c Mon Apr  7 09:28:58 2008
@@ -44,8 +44,6 @@
 
 
 /* The underlying apr_memcache system is thread safe.. */
-static apr_memcache_t *memctxt;
-
 #define MC_TAG "mod_ssl:"
 #define MC_TAG_LEN \
     (sizeof(MC_TAG))
@@ -69,8 +67,24 @@
 #define MC_DEFAULT_SERVER_TTL 600
 #endif
 
+struct context {
+    const char *servers;
+    apr_memcache_t *mc;
+};
 
-void ssl_scache_mc_init(server_rec *s, apr_pool_t *p)
+static const char *ssl_scache_mc_create(void **context, const char *arg, 
+                                        apr_pool_t *tmp, apr_pool_t *p)
+{
+    struct context *ctx;
+    
+    *context = ctx = apr_palloc(p, sizeof *ctx);
+
+    ctx->servers = apr_pstrdup(p, arg);
+
+    return NULL;
+}
+
+static apr_status_t ssl_scache_mc_init(void *context, server_rec *s, apr_pool_t *p)
 {
     apr_status_t rv;
     int thread_limit = 0;
@@ -78,33 +92,28 @@
     char *cache_config;
     char *split;
     char *tok;
-    SSLModConfigRec *mc = myModConfig(s);
+    struct context *ctx = context;
 
     ap_mpm_query(AP_MPMQ_HARD_LIMIT_THREADS, &thread_limit);
 
-    if (mc->szSessionCacheDataFile == NULL) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "SSLSessionCache required");
-        ssl_die();
-    }
-
     /* Find all the servers in the first run to get a total count */
-    cache_config = apr_pstrdup(p, mc->szSessionCacheDataFile);
+    cache_config = apr_pstrdup(p, ctx->servers);
     split = apr_strtok(cache_config, ",", &tok);
     while (split) {
         nservers++;
         split = apr_strtok(NULL,",", &tok);
     }
 
-    rv = apr_memcache_create(p, nservers, 0, &memctxt);
+    rv = apr_memcache_create(p, nservers, 0, &ctx->mc);
     if (rv != APR_SUCCESS) {
         ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
                      "SSLSessionCache: Failed to create Memcache Object of '%d' size.", 
                      nservers);
-        ssl_die();
+        return rv;
     }
 
     /* Now add each server to the memcache */
-    cache_config = apr_pstrdup(p, mc->szSessionCacheDataFile);
+    cache_config = apr_pstrdup(p, ctx->servers);
     split = apr_strtok(cache_config, ",", &tok);
     while (split) {
         apr_memcache_server_t *st;
@@ -116,14 +125,14 @@
         if (rv != APR_SUCCESS) {
             ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
                          "SSLSessionCache: Failed to Parse Server: '%s'", split);
-            ssl_die();
+            return rv;
         }
 
         if (host_str == NULL) {
             ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
                          "SSLSessionCache: Failed to Parse Server, "
                          "no hostname specified: '%s'", split);
-            ssl_die();
+            return APR_EINVAL;
         }
 
         if (port == 0) {
@@ -141,30 +150,30 @@
             ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
                          "SSLSessionCache: Failed to Create Server: %s:%d", 
                          host_str, port);
-            ssl_die();
+            return rv;
         }
 
-        rv = apr_memcache_add_server(memctxt, st);
+        rv = apr_memcache_add_server(ctx->mc, st);
         if (rv != APR_SUCCESS) {
             ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
                          "SSLSessionCache: Failed to Add Server: %s:%d", 
                          host_str, port);
-            ssl_die();
+            return rv;
         }
 
         split = apr_strtok(NULL,",", &tok);
     }
 
-    return;
+    return APR_SUCCESS;
 }
 
-void ssl_scache_mc_kill(server_rec *s)
+static void ssl_scache_mc_kill(void *context, server_rec *s)
 {
-
+    /* noop. */
 }
 
-static char *mc_session_id2sz(unsigned char *id, int idlen,
-                               char *str, int strsize)
+static char *mc_session_id2sz(const unsigned char *id, unsigned int idlen,
+                              char *str, int strsize)
 {
     char *cp;
     int n;
@@ -172,7 +181,7 @@
 
     cp = apr_cpystrn(str, MC_TAG, MC_TAG_LEN);
     for (n = 0; n < idlen && n < maxlen; n++) {
-        apr_snprintf(cp, 2, "%02X", id[n]);
+        apr_snprintf(cp, 3, "%02X", (unsigned) id[n]);
         cp += 2;
     }
 
@@ -181,102 +190,82 @@
     return str;
 }
 
-BOOL ssl_scache_mc_store(server_rec *s, UCHAR *id, int idlen,
-                           time_t timeout, SSL_SESSION *pSession)
+static apr_status_t ssl_scache_mc_store(void *context, server_rec *s, 
+                                        const unsigned char *id, unsigned int idlen,
+                                        time_t timeout,
+                                        unsigned char *ucaData, unsigned int nData)
 {
+    struct context *ctx = context;
     char buf[MC_KEY_LEN];
     char *strkey = NULL;
-    UCHAR ucaData[SSL_SESSION_MAX_DER];
-    UCHAR *ucp;
-    int nData;
     apr_status_t rv;
 
-    /* streamline session data */
-    if ((nData = i2d_SSL_SESSION(pSession, NULL)) > sizeof(ucaData)) {
-        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-                     "scache_mc: streamline session data size too large: %d > "
-                     "%" APR_SIZE_T_FMT,
-                     nData, sizeof(ucaData));
-        return FALSE;
-    }
-
-    ucp = ucaData;
-    i2d_SSL_SESSION(pSession, &ucp);
-
     strkey = mc_session_id2sz(id, idlen, buf, sizeof(buf));
     if(!strkey) {
         ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "scache_mc: Key generation borked.");
-        return FALSE;
+        return APR_EGENERAL;
     }
 
-    rv = apr_memcache_set(memctxt, strkey, (char*)ucaData, nData, timeout, 0);
+    rv = apr_memcache_set(ctx->mc, strkey, (char*)ucaData, nData, timeout, 0);
 
     if (rv != APR_SUCCESS) {
         ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
                      "scache_mc: error setting key '%s' "
                      "with %d bytes of data", strkey, nData);
-        return FALSE;
+        return rv;
     }
 
-    return TRUE;
+    return APR_SUCCESS;
 }
 
-SSL_SESSION *ssl_scache_mc_retrieve(server_rec *s, UCHAR *id, int idlen,
-                                    apr_pool_t *p)
+static apr_status_t ssl_scache_mc_retrieve(void *context, server_rec *s, 
+                                           const unsigned char *id, unsigned int idlen,
+                                           unsigned char *dest, unsigned int *destlen,
+                                           apr_pool_t *p)
 {
-    SSL_SESSION *pSession;
-    MODSSL_D2I_SSL_SESSION_CONST unsigned char *pder;
+    struct context *ctx = context;
     apr_size_t der_len;
-    SSLModConfigRec *mc = myModConfig(s);
-    char buf[MC_KEY_LEN];
-    char* strkey = NULL;
+    char buf[MC_KEY_LEN], *der;
+    char *strkey = NULL;
     apr_status_t rv;
 
     strkey = mc_session_id2sz(id, idlen, buf, sizeof(buf));
 
-    if(!strkey) {
+    if (!strkey) {
         ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                      "scache_mc: Key generation borked.");
-        return NULL;
+        return APR_EGENERAL;
     }
 
-    rv = apr_memcache_getp(memctxt,  p, strkey,
-                           (char**)&pder, &der_len, NULL);
+    /* ### this could do with a subpool, but _getp looks like it will
+     * eat memory like it's going out of fashion anyway. */
 
-    if (rv == APR_NOTFOUND) {
-        /* ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-                       "scache_mc: 'get_session' MISS"); */
-        return NULL;
-    }
-
-    if (rv != APR_SUCCESS) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
-                     "scache_mc: 'get_session' FAIL");
-        return NULL;
+    rv = apr_memcache_getp(ctx->mc, p, strkey,
+                           &der, &der_len, NULL);
+    if (rv) {
+        if (rv != APR_NOTFOUND) {
+            ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+                         "scache_mc: 'get_session' FAIL");
+        }
+        return rv;
     }
-
-    if (der_len > SSL_SESSION_MAX_DER) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+    else if (der_len > *destlen) {
+        ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
                      "scache_mc: 'get_session' OVERFLOW");
-        return NULL;
-    }
-
-    pSession = d2i_SSL_SESSION(NULL, &pder, der_len);
-
-    if (!pSession) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
-                     "scache_mc: 'get_session' CORRUPT");
-        return NULL;
-    }
+        return rv;
+    }    
 
-    /* ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-        "scache_mc: 'get_session' HIT"); */
+    memcpy(dest, der, der_len);
+    *destlen = der_len;
 
-    return pSession;
+    return APR_SUCCESS;
 }
 
-void ssl_scache_mc_remove(server_rec *s, UCHAR *id, int idlen)
+static void ssl_scache_mc_remove(void *context, server_rec *s, 
+                                 const unsigned char *id, unsigned int idlen,
+                                 apr_pool_t *p)
 {
+    struct context *ctx = context;
     char buf[MC_KEY_LEN];
     char* strkey = NULL;
     apr_status_t rv;
@@ -287,7 +276,7 @@
         return;
     }
 
-    rv = apr_memcache_delete(memctxt, strkey, 0);
+    rv = apr_memcache_delete(ctx->mc, strkey, 0);
 
     if (rv != APR_SUCCESS) {
         ap_log_error(APLOG_MARK, APLOG_DEBUG, rv, s,
@@ -297,10 +286,21 @@
     }
 }
 
-void ssl_scache_mc_status(request_rec *r, int flags, apr_pool_t *pool)
+static void ssl_scache_mc_status(void *context, request_rec *r, int flags)
 {
     /* SSLModConfigRec *mc = myModConfig(r->server); */
     /* TODO: Make a mod_status handler. meh. */
 }
 
+const modssl_sesscache_provider modssl_sesscache_mc = {
+    "memcache",
+    0,
+    ssl_scache_mc_create,
+    ssl_scache_mc_init,
+    ssl_scache_mc_kill,
+    ssl_scache_mc_store,
+    ssl_scache_mc_retrieve,
+    ssl_scache_mc_remove,
+    ssl_scache_mc_status
+};
 #endif

Modified: httpd/sandbox/amsterdam/d/modules/ssl/ssl_scache_shmcb.c
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/ssl/ssl_scache_shmcb.c?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/modules/ssl/ssl_scache_shmcb.c (original)
+++ httpd/sandbox/amsterdam/d/modules/ssl/ssl_scache_shmcb.c Mon Apr  7 09:28:58 2008
@@ -80,12 +80,61 @@
     unsigned int data_pos;
     /* size (most logic ignores this, we keep it only to minimise memcpy) */
     unsigned int data_used;
-    /* Optimisation to prevent ASN decoding unless a match is likely */
-    unsigned char s_id2;
+    /* length of the used data which contains the id */
+    unsigned int id_len;
     /* Used to mark explicitly-removed sessions */
     unsigned char removed;
 } SHMCBIndex;
 
+struct context {
+    const char *data_file;
+    apr_size_t shm_size;
+    apr_shm_t *shm;
+    SHMCBHeader *header;
+};
+
+/* The SHM data segment is of fixed size and stores data as follows.
+ *
+ *   [ SHMCBHeader | Subcaches ]
+ *
+ * The SHMCBHeader header structure stores metadata concerning the
+ * cache and the contained subcaches.
+ *
+ * Subcaches is a hash table of header->subcache_num SHMCBSubcache
+ * structures.  The hash table is indexed by SHMCB_MASK(id). Each
+ * SHMCBSubcache structure has a fixed size (header->subcache_size),
+ * which is determined at creation time, and looks like the following:
+ *
+ *   [ SHMCBSubcache | Indexes | Data ]
+ *
+ * Each subcache is prefixed by the SHMCBSubcache structure.
+ *
+ * The subcache's "Data" segment is a single cyclic data buffer, of
+ * total size header->subcache_data_size; data inside is referenced
+ * using byte offsets. The offset marking the beginning of the cyclic
+ * buffer is subcache->data_pos the buffer's length is
+ * subcache->data_used.
+ *
+ * "Indexes" is an array of header->index_num SHMCBIndex structures,
+ * which is used as a cyclic queue; subcache->idx_pos gives the array
+ * index of the first in use, subcache->idx_used gives the number in
+ * use.  Both ->idx_* values have a range of [0, header->index_num)
+ *
+ * Each in-use SHMCBIndex structure represents a single SSL session.
+ * The ID and data segment are stored consecutively in the subcache's
+ * cyclic data buffer.  The "Data" segment can thus be seen to 
+ * look like this, for example
+ *
+ * offset:  [ 0     1     2     3     4     5     6    ...
+ * contents:[ ID1   Data1       ID2   Data2       ID3  ...
+ *
+ * where the corresponding indices would look like:
+ *
+ * idx1 = { data_pos = 0, data_used = 3, id_len = 1, ...}
+ * idx2 = { data_pos = 3, data_used = 3, id_len = 1, ...}
+ * ...
+ */
+
 /* This macro takes a pointer to the header and a zero-based index and returns
  * a pointer to the corresponding subcache. */
 #define SHMCB_SUBCACHE(pHeader, num) \
@@ -129,7 +178,7 @@
 
 /* A "normal-to-cyclic" memcpy. */
 static void shmcb_cyclic_ntoc_memcpy(unsigned int buf_size, unsigned char *data,
-                                     unsigned int dest_offset, unsigned char *src,
+                                     unsigned int dest_offset, const unsigned char *src,
                                      unsigned int src_len)
 {
     if (dest_offset + src_len < buf_size)
@@ -145,7 +194,7 @@
 
 /* A "cyclic-to-normal" memcpy. */
 static void shmcb_cyclic_cton_memcpy(unsigned int buf_size, unsigned char *dest,
-                                     unsigned char *data, unsigned int src_offset,
+                                     const unsigned char *data, unsigned int src_offset,
                                      unsigned int src_len)
 {
     if (src_offset + src_len < buf_size)
@@ -159,65 +208,133 @@
     }
 }
 
+/* A memcmp against a cyclic data buffer.  Compares SRC of length
+ * SRC_LEN against the contents of cyclic buffer DATA (which is of
+ * size BUF_SIZE), starting at offset DEST_OFFSET. Got that?  Good. */
+static int shmcb_cyclic_memcmp(unsigned int buf_size, unsigned char *data,
+                               unsigned int dest_offset, 
+                               const unsigned char *src,
+                               unsigned int src_len)
+{
+    if (dest_offset + src_len < buf_size)
+        /* It be compared all in one go */
+        return memcmp(data + dest_offset, src, src_len);
+    else {
+        /* Compare the two splits */
+        int diff;
+        
+        diff = memcmp(data + dest_offset, src, buf_size - dest_offset);
+        if (diff) {
+            return diff;
+        }
+        return memcmp(data, src + buf_size - dest_offset,
+                      src_len + dest_offset - buf_size);
+    }
+}
+
+
 /* Prototypes for low-level subcache operations */
 static void shmcb_subcache_expire(server_rec *, SHMCBHeader *, SHMCBSubcache *);
-static BOOL shmcb_subcache_store(server_rec *, SHMCBHeader *, SHMCBSubcache *,
-                                 UCHAR *, unsigned int, UCHAR *, time_t);
-static SSL_SESSION *shmcb_subcache_retrieve(server_rec *, SHMCBHeader *, SHMCBSubcache *,
-                                            UCHAR *, unsigned int);
-static BOOL shmcb_subcache_remove(server_rec *, SHMCBHeader *, SHMCBSubcache *,
-                                 UCHAR *, unsigned int);
+/* Returns zero on success, non-zero on failure. */   
+static int shmcb_subcache_store(server_rec *s, SHMCBHeader *header,
+                                SHMCBSubcache *subcache, 
+                                unsigned char *data, unsigned int data_len,
+                                const unsigned char *id, unsigned int id_len,
+                                time_t expiry);
+/* Returns zero on success, non-zero on failure. */   
+static int shmcb_subcache_retrieve(server_rec *, SHMCBHeader *, SHMCBSubcache *,
+                                   const unsigned char *id, unsigned int idlen,
+                                   unsigned char *data, unsigned int *datalen);
+/* Returns zero on success, non-zero on failure. */   
+static int shmcb_subcache_remove(server_rec *, SHMCBHeader *, SHMCBSubcache *,
+                                 const unsigned char *, unsigned int);
 
 /*
  * High-Level "handlers" as per ssl_scache.c
  * subcache internals are deferred to shmcb_subcache_*** functions lower down
  */
 
-void ssl_scache_shmcb_init(server_rec *s, apr_pool_t *p)
+static const char *ssl_scache_shmcb_create(void **context, const char *arg, 
+                                           apr_pool_t *tmp, apr_pool_t *p)
+{
+    struct context *ctx;
+    char *path, *cp, *cp2;
+
+    /* Allocate the context. */
+    *context = ctx = apr_pcalloc(p, sizeof *ctx);
+    
+    ctx->data_file = path = ap_server_root_relative(p, arg);
+    ctx->shm_size  = 1024*512; /* 512KB */
+
+    cp = strchr(path, '(');
+    if (cp) {
+        *cp++ = NUL;
+
+        if (!(cp2 = strchr(cp, ')'))) {
+            return "Invalid argument: no closing parenthesis";
+        }
+            
+        *cp2 = NUL;
+        
+        ctx->shm_size = atoi(cp);
+        
+        if (ctx->shm_size < 8192) {
+            return "Invalid argument: size has to be >= 8192 bytes";
+            
+        }
+        
+        if (ctx->shm_size >= APR_SHM_MAXSIZE) {
+            return apr_psprintf(tmp,
+                                "Invalid argument: size has "
+                                "to be < %d bytes on this platform", 
+                                APR_SHM_MAXSIZE);
+            
+        }
+    }
+
+    return NULL;
+}
+
+static apr_status_t ssl_scache_shmcb_init(void *context, server_rec *s, apr_pool_t *p)
 {
-    SSLModConfigRec *mc = myModConfig(s);
     void *shm_segment;
     apr_size_t shm_segsize;
     apr_status_t rv;
     SHMCBHeader *header;
     unsigned int num_subcache, num_idx, loop;
+    struct context *ctx = context;
 
     /* Create shared memory segment */
-    if (mc->szSessionCacheDataFile == NULL) {
+    if (ctx->data_file == NULL) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                      "SSLSessionCache required");
-        ssl_die();
+        return APR_EINVAL;
     }
 
     /* Use anonymous shm by default, fall back on name-based. */
-    rv = apr_shm_create(&(mc->pSessionCacheDataMM), 
-                        mc->nSessionCacheDataSize, 
-                        NULL, mc->pPool);
+    rv = apr_shm_create(&ctx->shm, ctx->shm_size, NULL, p);
     if (APR_STATUS_IS_ENOTIMPL(rv)) {
         /* For a name-based segment, remove it first in case of a
          * previous unclean shutdown. */
-        apr_shm_remove(mc->szSessionCacheDataFile, mc->pPool);
+        apr_shm_remove(ctx->data_file, p);
 
-        rv = apr_shm_create(&(mc->pSessionCacheDataMM),
-                            mc->nSessionCacheDataSize,
-                            mc->szSessionCacheDataFile,
-                            mc->pPool);
+        rv = apr_shm_create(&ctx->shm, ctx->shm_size, ctx->data_file, p);
     }
 
     if (rv != APR_SUCCESS) {
         ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
                      "could not allocate shared memory for shmcb "
                      "session cache");
-        ssl_die();
+        return rv;
     }
 
-    shm_segment = apr_shm_baseaddr_get(mc->pSessionCacheDataMM);
-    shm_segsize = apr_shm_size_get(mc->pSessionCacheDataMM);
+    shm_segment = apr_shm_baseaddr_get(ctx->shm);
+    shm_segsize = apr_shm_size_get(ctx->shm);
     if (shm_segsize < (5 * sizeof(SHMCBHeader))) {
         /* the segment is ridiculously small, bail out */
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                      "shared memory segment too small");
-        ssl_die();
+        return APR_ENOSPC;
     }
     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                  "shmcb_init allocated %" APR_SIZE_T_FMT
@@ -228,12 +345,13 @@
     /* Select the number of subcaches to create and how many indexes each
      * should contain based on the size of the memory (the header has already
      * been subtracted). Typical non-client-auth sslv3/tlsv1 sessions are
-     * around 150 bytes, so erring to division by 120 helps ensure we would
-     * exhaust data storage before index storage (except sslv2, where it's
-     * *slightly* the other way). From there, we select the number of subcaches
-     * to be a power of two, such that the number of indexes per subcache at
-     * least twice the number of subcaches. */
-    num_idx = (shm_segsize) / 120;
+     * around 180 bytes (148 bytes data and 32 bytes for the id), so
+     * erring to division by 150 helps ensure we would exhaust data
+     * storage before index storage (except sslv2, where it's
+     * *slightly* the other way). From there, we select the number of
+     * subcaches to be a power of two, such that the number of indexes
+     * per subcache at least twice the number of subcaches. */
+    num_idx = (shm_segsize) / 150;
     num_subcache = 256;
     while ((num_idx / num_subcache) < (2 * num_subcache))
         num_subcache /= 2;
@@ -247,10 +365,10 @@
         /* we're still too small, bail out */
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                      "shared memory segment too small");
-        ssl_die();
+        return APR_ENOSPC;
     }
     /* OK, we're sorted */
-    header = shm_segment;
+    ctx->header = header = shm_segment;
     header->stat_stores = 0;
     header->stat_expiries = 0;
     header->stat_scrolled = 0;
@@ -293,108 +411,92 @@
     ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
                  "Shared memory session cache initialised");
     /* Success ... */
-    mc->tSessionCacheDataTable = shm_segment;
+
+    return APR_SUCCESS;
 }
 
-void ssl_scache_shmcb_kill(server_rec *s)
+static void ssl_scache_shmcb_kill(void *context, server_rec *s)
 {
-    SSLModConfigRec *mc = myModConfig(s);
+    struct context *ctx = context;
 
-    if (mc->pSessionCacheDataMM != NULL) {
-        apr_shm_destroy(mc->pSessionCacheDataMM);
-        mc->pSessionCacheDataMM = NULL;
+    if (ctx && ctx->shm) {
+        apr_shm_destroy(ctx->shm);
+        ctx->shm = NULL;
     }
-    return;
 }
 
-BOOL ssl_scache_shmcb_store(server_rec *s, UCHAR *id, int idlen,
-                           time_t timeout, SSL_SESSION * pSession)
+static apr_status_t ssl_scache_shmcb_store(void *context, server_rec *s, 
+                                           const unsigned char *id, unsigned int idlen,
+                                           time_t timeout, 
+                                           unsigned char *encoded,
+                                           unsigned int len_encoded)
 {
-    SSLModConfigRec *mc = myModConfig(s);
-    BOOL to_return = FALSE;
-    unsigned char encoded[SSL_SESSION_MAX_DER];
-    unsigned char *ptr_encoded;
-    unsigned int len_encoded;
-    SHMCBHeader *header = mc->tSessionCacheDataTable;
+    struct context *ctx = context;
+    SHMCBHeader *header = ctx->header;
     SHMCBSubcache *subcache = SHMCB_MASK(header, id);
 
-    ssl_mutex_on(s);
     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                  "ssl_scache_shmcb_store (0x%02x -> subcache %d)",
                  SHMCB_MASK_DBG(header, id));
     if (idlen < 4) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "unusably short session_id provided "
                 "(%u bytes)", idlen);
-        goto done;
-    }
-    /* Serialise the session. */
-    len_encoded = i2d_SSL_SESSION(pSession, NULL);
-    if (len_encoded > SSL_SESSION_MAX_DER) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
-                     "session is too big (%u bytes)", len_encoded);
-        goto done;
+        return APR_EINVAL;
     }
-    ptr_encoded = encoded;
-    len_encoded = i2d_SSL_SESSION(pSession, &ptr_encoded);
-    if (!shmcb_subcache_store(s, header, subcache, encoded,
-                              len_encoded, id, timeout)) {
+    if (shmcb_subcache_store(s, header, subcache, encoded,
+                             len_encoded, id, idlen, timeout)) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                      "can't store a session!");
-        goto done;
+        return APR_ENOSPC;
     }
     header->stat_stores++;
-    to_return = TRUE;
     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                  "leaving ssl_scache_shmcb_store successfully");
-done:
-    ssl_mutex_off(s);
-    return to_return;
+    return APR_SUCCESS;
 }
 
-SSL_SESSION *ssl_scache_shmcb_retrieve(server_rec *s, UCHAR *id, int idlen)
+static apr_status_t ssl_scache_shmcb_retrieve(void *context, server_rec *s, 
+                                              const unsigned char *id, unsigned int idlen,
+                                              unsigned char *dest, unsigned int *destlen,
+                                              apr_pool_t *p)
 {
-    SSLModConfigRec *mc = myModConfig(s);
-    SSL_SESSION *pSession = NULL;
-    SHMCBHeader *header = mc->tSessionCacheDataTable;
+    struct context *ctx = context;
+    SHMCBHeader *header = ctx->header;
     SHMCBSubcache *subcache = SHMCB_MASK(header, id);
+    int rv;
 
-    ssl_mutex_on(s);
     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                  "ssl_scache_shmcb_retrieve (0x%02x -> subcache %d)",
                  SHMCB_MASK_DBG(header, id));
-    if (idlen < 4) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "unusably short session_id provided "
-                "(%u bytes)", idlen);
-        goto done;
-    }
-    /* Get the session corresponding to the session_id or NULL if it doesn't
-     * exist (or is flagged as "removed"). */
-    pSession = shmcb_subcache_retrieve(s, header, subcache, id, idlen);
-    if (pSession)
+
+    /* Get the session corresponding to the session_id, if it exists. */
+    rv = shmcb_subcache_retrieve(s, header, subcache, id, idlen,
+                                 dest, destlen);
+    if (rv == 0)
         header->stat_retrieves_hit++;
     else
         header->stat_retrieves_miss++;
     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                  "leaving ssl_scache_shmcb_retrieve successfully");
-done:
-    ssl_mutex_off(s);
-    return pSession;
+
+    return rv == 0 ? APR_SUCCESS : APR_EGENERAL;
 }
 
-void ssl_scache_shmcb_remove(server_rec *s, UCHAR *id, int idlen)
+static void ssl_scache_shmcb_remove(void *context, server_rec *s, 
+                                    const unsigned char *id, unsigned int idlen,
+                                    apr_pool_t *p)
 {
-    SSLModConfigRec *mc = myModConfig(s);
-    SHMCBHeader *header = mc->tSessionCacheDataTable;
+    struct context *ctx = context;
+    SHMCBHeader *header = ctx->header;
     SHMCBSubcache *subcache = SHMCB_MASK(header, id);
 
-    ssl_mutex_on(s);
     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                  "ssl_scache_shmcb_remove (0x%02x -> subcache %d)",
                  SHMCB_MASK_DBG(header, id));
     if (idlen < 4) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "unusably short session_id provided "
                 "(%u bytes)", idlen);
-        goto done;
+        return;
     }
     if (shmcb_subcache_remove(s, header, subcache, id, idlen))
         header->stat_removes_hit++;
@@ -402,16 +504,13 @@
         header->stat_removes_miss++;
     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                  "leaving ssl_scache_shmcb_remove successfully");
-done:
-    ssl_mutex_off(s);
 }
 
-void ssl_scache_shmcb_status(request_rec *r, int flags, apr_pool_t *p)
+static void ssl_scache_shmcb_status(void *context, request_rec *r, int flags)
 {
     server_rec *s = r->server;
-    SSLModConfigRec *mc = myModConfig(s);
-    void *shm_segment = apr_shm_baseaddr_get(mc->pSessionCacheDataMM);
-    SHMCBHeader *header = shm_segment;
+    struct context *ctx = context;
+    SHMCBHeader *header = ctx->header;
     unsigned int loop, total = 0, cache_total = 0, non_empty_subcaches = 0;
     time_t idx_expiry, min_expiry = 0, max_expiry = 0, average_expiry = 0;
     time_t now = time(NULL);
@@ -422,7 +521,6 @@
     /* Perform the iteration inside the mutex to avoid corruption or invalid
      * pointer arithmetic. The rest of our logic uses read-only header data so
      * doesn't need the lock. */
-    ssl_mutex_on(s);
     /* Iterate over the subcaches */
     for (loop = 0; loop < header->subcache_num; loop++) {
         SHMCBSubcache *subcache = SHMCB_SUBCACHE(header, loop);
@@ -441,15 +539,14 @@
                 min_expiry = ((idx_expiry < min_expiry) ? idx_expiry : min_expiry);
         }
     }
-    ssl_mutex_off(s);
     index_pct = (100 * total) / (header->index_num *
                                  header->subcache_num);
     cache_pct = (100 * cache_total) / (header->subcache_data_size *
                                        header->subcache_num);
     /* Generate HTML */
-    ap_rprintf(r, "cache type: <b>SHMCB</b>, shared memory: <b>%d</b> "
+    ap_rprintf(r, "cache type: <b>SHMCB</b>, shared memory: <b>%" APR_SIZE_T_FMT "</b> "
                "bytes, current sessions: <b>%d</b><br>",
-               mc->nSessionCacheDataSize, total);
+               ctx->shm_size, total);
     ap_rprintf(r, "subcaches: <b>%d</b>, indexes per subcache: <b>%d</b><br>",
                header->subcache_num, header->index_num);
     if (non_empty_subcaches) {
@@ -527,27 +624,29 @@
                  "we now have %u sessions", subcache->idx_used);
 }
 
-static BOOL shmcb_subcache_store(server_rec *s, SHMCBHeader *header,
-                                 SHMCBSubcache *subcache, 
-                                 UCHAR *data, unsigned int data_len,
-                                 UCHAR *id, time_t expiry)
+static int shmcb_subcache_store(server_rec *s, SHMCBHeader *header,
+                                SHMCBSubcache *subcache, 
+                                unsigned char *data, unsigned int data_len,
+                                const unsigned char *id, unsigned int id_len,
+                                time_t expiry)
 {
-    unsigned int new_offset, new_idx;
+    unsigned int data_offset, new_idx, id_offset;
     SHMCBIndex *idx;
+    unsigned int total_len = id_len + data_len;
 
     /* Sanity check the input */
-    if ((data_len > header->subcache_data_size) || (data_len > SSL_SESSION_MAX_DER)) {
+    if (total_len > header->subcache_data_size) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                      "inserting session larger (%d) than subcache data area (%d)",
-                     data_len, header->subcache_data_size);
-        return FALSE;
+                     total_len, header->subcache_data_size);
+        return -1;
     }
 
     /* If there are entries to expire, ditch them first. */
     shmcb_subcache_expire(s, header, subcache);
 
     /* Loop until there is enough space to insert */
-    if (header->subcache_data_size - subcache->data_used < data_len
+    if (header->subcache_data_size - subcache->data_used < total_len
         || subcache->idx_used == header->index_num) {
         unsigned int loop = 0;
 
@@ -577,7 +676,7 @@
             /* Loop admin */
             idx = idx2;
             loop++;
-        } while (header->subcache_data_size - subcache->data_used < data_len);
+        } while (header->subcache_data_size - subcache->data_used < total_len);
 
         ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                      "finished force-expire, subcache: idx_used=%d, "
@@ -594,11 +693,18 @@
      * would make this stuff *MUCH* more efficient. Mind you, it's very
      * efficient right now because I'm ignoring this problem!!!
      */
+    /* Insert the id */
+    id_offset = SHMCB_CYCLIC_INCREMENT(subcache->data_pos, subcache->data_used,
+                                       header->subcache_data_size);
+    shmcb_cyclic_ntoc_memcpy(header->subcache_data_size,
+                             SHMCB_DATA(header, subcache), id_offset,
+                             id, id_len);
+    subcache->data_used += id_len;
     /* Insert the data */
-    new_offset = SHMCB_CYCLIC_INCREMENT(subcache->data_pos, subcache->data_used,
-                                        header->subcache_data_size);
+    data_offset = SHMCB_CYCLIC_INCREMENT(subcache->data_pos, subcache->data_used,
+                                         header->subcache_data_size);
     shmcb_cyclic_ntoc_memcpy(header->subcache_data_size,
-                             SHMCB_DATA(header, subcache), new_offset,
+                             SHMCB_DATA(header, subcache), data_offset,
                              data, data_len);
     subcache->data_used += data_len;
     /* Insert the index */
@@ -606,24 +712,26 @@
                                      header->index_num);
     idx = SHMCB_INDEX(subcache, new_idx);
     idx->expires = expiry;
-    idx->data_pos = new_offset;
-    idx->data_used = data_len;
-    idx->s_id2 = id[1];
+    idx->data_pos = id_offset;
+    idx->data_used = total_len;
+    idx->id_len = id_len;
     idx->removed = 0;
     subcache->idx_used++;
     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-                 "insert happened at idx=%d, data=%d", new_idx, new_offset);
+                 "insert happened at idx=%d, data=(%u:%u)", new_idx, 
+                 id_offset, data_offset);
     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                  "finished insert, subcache: idx_pos/idx_used=%d/%d, "
                  "data_pos/data_used=%d/%d",
                  subcache->idx_pos, subcache->idx_used,
                  subcache->data_pos, subcache->data_used);
-    return TRUE;
+    return 0;
 }
 
-static SSL_SESSION *shmcb_subcache_retrieve(server_rec *s, SHMCBHeader *header,
-                                            SHMCBSubcache *subcache, UCHAR *id,
-                                            unsigned int idlen)
+static int shmcb_subcache_retrieve(server_rec *s, SHMCBHeader *header,
+                                   SHMCBSubcache *subcache, 
+                                   const unsigned char *id, unsigned int idlen,
+                                   unsigned char *dest, unsigned int *destlen)
 {
     unsigned int pos;
     unsigned int loop = 0;
@@ -635,39 +743,32 @@
     while (loop < subcache->idx_used) {
         SHMCBIndex *idx = SHMCB_INDEX(subcache, pos);
 
-        /* Only consider 'idx' if;
-         * (a) the s_id2 byte matches
-         * (b) the "removed" flag isn't set.
-         */
-        if ((idx->s_id2 == id[1]) && !idx->removed) {
-            SSL_SESSION *pSession;
-            unsigned char *s_id;
-            unsigned int s_idlen;
-            unsigned char tempasn[SSL_SESSION_MAX_DER];
-            MODSSL_D2I_SSL_SESSION_CONST unsigned char *ptr = tempasn;
-
+        /* Only consider 'idx' if the id matches, and the "removed"
+         * flag isn't set; check the data length too to avoid a buffer
+         * overflow in case of corruption, which should be impossible,
+         * but it's cheap to be safe. */
+        if (!idx->removed
+            && idx->id_len == idlen && (idx->data_used - idx->id_len) < *destlen
+            && shmcb_cyclic_memcmp(header->subcache_data_size,
+                                   SHMCB_DATA(header, subcache),
+                                   idx->data_pos, id, idx->id_len) == 0) {
+            unsigned int data_offset;
             ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-                         "possible match at idx=%d, data=%d", pos, idx->data_pos);
-            /* Copy the data */
+                         "match at idx=%d, data=%d", pos, idx->data_pos);
+
+            /* Find the offset of the data segment, after the id */
+            data_offset = SHMCB_CYCLIC_INCREMENT(idx->data_pos, 
+                                                 idx->id_len,
+                                                 header->subcache_data_size);
+
+            *destlen = idx->data_used - idx->id_len;
+
+            /* Copy out the data */
             shmcb_cyclic_cton_memcpy(header->subcache_data_size,
-                                     tempasn, SHMCB_DATA(header, subcache),
-                                     idx->data_pos, idx->data_used);
-            /* Decode the session */
-            pSession = d2i_SSL_SESSION(NULL, &ptr, idx->data_used);
-            if (!pSession) {
-                ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
-                             "shmcb_subcache_retrieve internal error");
-                return NULL;
-            }
-            s_id = SSL_SESSION_get_session_id(pSession);
-            s_idlen = SSL_SESSION_get_session_id_length(pSession);
-            if (s_idlen == idlen && memcmp(s_id, id, idlen) == 0) {
-                /* Found the matching session */
-                ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-                             "shmcb_subcache_retrieve returning matching session");
-                return pSession;
-            }
-            SSL_SESSION_free(pSession);
+                                     dest, SHMCB_DATA(header, subcache),
+                                     data_offset, *destlen);
+
+            return 0;
         }
         /* Increment */
         loop++;
@@ -676,16 +777,16 @@
 
     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                  "shmcb_subcache_retrieve found no match");
-    return NULL;
+    return -1;
+
 }
 
-static BOOL shmcb_subcache_remove(server_rec *s, SHMCBHeader *header,
-                                  SHMCBSubcache *subcache,
-                                  UCHAR *id, unsigned int idlen)
+static int shmcb_subcache_remove(server_rec *s, SHMCBHeader *header,
+                                 SHMCBSubcache *subcache,
+                                 const unsigned char *id, unsigned int idlen)
 {
     unsigned int pos;
     unsigned int loop = 0;
-    BOOL to_return = FALSE;
 
     /* Unlike the others, we don't do an expire-run first. This is to keep
      * consistent statistics where a "remove" operation may actually be the
@@ -694,45 +795,39 @@
      * intended session was in fact removed by an expiry run. */
 
     pos = subcache->idx_pos;
-    while (!to_return && (loop < subcache->idx_used)) {
+    while (loop < subcache->idx_used) {
         SHMCBIndex *idx = SHMCB_INDEX(subcache, pos);
-        /* Only consider 'idx' if the s_id2 byte matches and it's not already
-         * removed - easiest way to avoid costly ASN decodings. */
-        if ((idx->s_id2 == id[1]) && !idx->removed) {
-            SSL_SESSION *pSession;
-            unsigned char *s_id;
-            unsigned int s_idlen;
-            unsigned char tempasn[SSL_SESSION_MAX_DER];
-            MODSSL_D2I_SSL_SESSION_CONST unsigned char *ptr = tempasn;
 
+        /* Only consider 'idx' if the id matches, and the "removed"
+         * flag isn't set. */
+        if (!idx->removed && idx->id_len == idlen
+            && shmcb_cyclic_memcmp(header->subcache_data_size,
+                                   SHMCB_DATA(header, subcache),
+                                   idx->data_pos, id, idx->id_len) == 0) {
             ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                          "possible match at idx=%d, data=%d", pos, idx->data_pos);
-            /* Copy the data */
-            shmcb_cyclic_cton_memcpy(header->subcache_data_size,
-                                     tempasn, SHMCB_DATA(header, subcache),
-                                     idx->data_pos, idx->data_used);
-            /* Decode the session */
-            pSession = d2i_SSL_SESSION(NULL, &ptr, idx->data_used);
-            if (!pSession) {
-                ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
-                             "shmcb_subcache_remove internal error");
-                return FALSE;
-            }
-            s_id = SSL_SESSION_get_session_id(pSession);
-            s_idlen = SSL_SESSION_get_session_id_length(pSession);
-            if (s_idlen == idlen && memcmp(s_id, id, idlen) == 0) {
-                /* Found the matching session, remove it quietly. */
-                idx->removed = 1;
-                to_return = TRUE;
-                ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+            /* Found the matching session, remove it quietly. */
+            idx->removed = 1;
+            ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                              "shmcb_subcache_remove removing matching session");
-            }
-            SSL_SESSION_free(pSession);
+            return 0;
         }
         /* Increment */
         loop++;
         pos = SHMCB_CYCLIC_INCREMENT(pos, 1, header->index_num);
     }
 
-    return to_return;
+    return -1; /* failure */
 }
+
+const modssl_sesscache_provider modssl_sesscache_shmcb = {
+    "shmcb",
+    MODSSL_SESSCACHE_FLAG_NOTMPSAFE,
+    ssl_scache_shmcb_create,
+    ssl_scache_shmcb_init,
+    ssl_scache_shmcb_kill,
+    ssl_scache_shmcb_store,
+    ssl_scache_shmcb_retrieve,
+    ssl_scache_shmcb_remove,
+    ssl_scache_shmcb_status
+};

Modified: httpd/sandbox/amsterdam/d/modules/ssl/ssl_toolkit_compat.h
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/ssl/ssl_toolkit_compat.h?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/modules/ssl/ssl_toolkit_compat.h (original)
+++ httpd/sandbox/amsterdam/d/modules/ssl/ssl_toolkit_compat.h Mon Apr  7 09:28:58 2008
@@ -38,6 +38,12 @@
 #include <openssl/evp.h>
 #include <openssl/rand.h>
 #include <openssl/x509v3.h>
+
+#ifdef HAVE_OCSP
+#include <openssl/x509_vfy.h>
+#include <openssl/ocsp.h>
+#endif
+
 /** Avoid tripping over an engine build installed globally and detected
  * when the user points at an explicit non-engine flavor of OpenSSL
  */
@@ -105,6 +111,12 @@
 # define MODSSL_D2I_X509_CONST
 #endif
 
+#if (OPENSSL_VERSION_NUMBER >= 0x00909000)
+# define MODSSL_SSL_METHOD_CONST const
+#else
+# define MODSSL_SSL_METHOD_CONST
+#endif
+
 #define modssl_X509_verify_cert X509_verify_cert
 
 typedef int (modssl_read_bio_cb_fn)(char*,int,int,void*);
@@ -256,6 +268,12 @@
 
 #ifndef SSL_SESS_CACHE_NO_INTERNAL
 #define SSL_SESS_CACHE_NO_INTERNAL  SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
+#endif
+
+#ifndef OPENSSL_NO_TLSEXT
+#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
+#define OPENSSL_NO_TLSEXT
+#endif
 #endif
 
 #endif /* SSL_TOOLKIT_COMPAT_H */

Modified: httpd/sandbox/amsterdam/d/os/netware/modules.c
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/os/netware/modules.c?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/os/netware/modules.c (original)
+++ httpd/sandbox/amsterdam/d/os/netware/modules.c Mon Apr  7 09:28:58 2008
@@ -19,7 +19,7 @@
  * the core server
  */
 
-#define CORE_PRIVATE
+
 #include "httpd.h"
 #include "http_config.h"
 

Modified: httpd/sandbox/amsterdam/d/os/unix/unixd.c
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/os/unix/unixd.c?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/os/unix/unixd.c (original)
+++ httpd/sandbox/amsterdam/d/os/unix/unixd.c Mon Apr  7 09:28:58 2008
@@ -15,7 +15,6 @@
  */
 
 #include "ap_config.h"
-#define CORE_PRIVATE
 #include "httpd.h"
 #include "http_config.h"
 #include "http_main.h"
@@ -117,6 +116,30 @@
     if (set_group_privs()) {
         return -1;
     }
+
+    if (NULL != unixd_config.chroot_dir) {
+        if (geteuid()) {
+            ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,
+                         "Cannot chroot when not started as root");
+            return -1;
+        }
+        if (chdir(unixd_config.chroot_dir) != 0) {
+            ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,
+                         "Can't chdir to %s", unixd_config.chroot_dir);
+            return -1;
+        }
+        if (chroot(unixd_config.chroot_dir) != 0) {
+            ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,
+                         "Can't chroot to %s", unixd_config.chroot_dir);
+            return -1;
+        }
+        if (chdir("/") != 0) {
+            ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,
+                         "Can't chdir to new root");
+            return -1;
+        }
+    }
+
 #ifdef MPE
     /* Only try to switch if we're running as MANAGER.SYS */
     if (geteuid() == 1 && unixd_config.user_id > 1) {
@@ -198,6 +221,20 @@
 
     return NULL;
 }
+AP_DECLARE(const char *) unixd_set_chroot_dir(cmd_parms *cmd, void *dummy,
+                                              const char *arg)
+{
+    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+    if (err != NULL) {
+        return err;
+    }
+    if (!ap_is_directory(cmd->pool, arg)) {
+        return "ChrootDir must be a valid directory";
+    }
+
+    unixd_config.chroot_dir = arg;
+    return NULL;
+}
 
 AP_DECLARE(void) unixd_pre_config(apr_pool_t *ptemp)
 {
@@ -206,6 +243,8 @@
     unixd_config.user_name = DEFAULT_USER;
     unixd_config.user_id = ap_uname2id(DEFAULT_USER);
     unixd_config.group_id = ap_gname2id(DEFAULT_GROUP);
+    
+    unixd_config.chroot_dir = NULL; /* none */
 
     /* Check for suexec */
     unixd_config.suexec_enabled = 0;

Modified: httpd/sandbox/amsterdam/d/os/unix/unixd.h
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/os/unix/unixd.h?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/os/unix/unixd.h (original)
+++ httpd/sandbox/amsterdam/d/os/unix/unixd.h Mon Apr  7 09:28:58 2008
@@ -76,6 +76,7 @@
     uid_t user_id;
     gid_t group_id;
     int suexec_enabled;
+    const char *chroot_dir;
 } unixd_config_rec;
 AP_DECLARE_DATA extern unixd_config_rec unixd_config;
 
@@ -85,6 +86,9 @@
                                         const char *arg);
 AP_DECLARE(const char *) unixd_set_group(cmd_parms *cmd, void *dummy, 
                                          const char *arg);
+AP_DECLARE(const char *) unixd_set_chroot_dir(cmd_parms *cmd, void *dummy, 
+                                              const char *arg);
+					 
 #if defined(RLIMIT_CPU) || defined(RLIMIT_DATA) || defined(RLIMIT_VMEM) || defined(RLIMIT_NPROC) || defined(RLIMIT_AS)
 AP_DECLARE(void) unixd_set_rlimit(cmd_parms *cmd, struct rlimit **plimit,
                            const char *arg, const char * arg2, int type);
@@ -115,7 +119,9 @@
 AP_INIT_TAKE1("User", unixd_set_user, NULL, RSRC_CONF, \
   "Effective user id for this server"), \
 AP_INIT_TAKE1("Group", unixd_set_group, NULL, RSRC_CONF, \
-  "Effective group id for this server")
+  "Effective group id for this server"), \
+AP_INIT_TAKE1("ChrootDir", unixd_set_chroot_dir, NULL, RSRC_CONF, \
+    "The directory to chroot(2) into")
 
 #ifdef __cplusplus
 }

Modified: httpd/sandbox/amsterdam/d/os/win32/BaseAddr.ref
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/os/win32/BaseAddr.ref?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/os/win32/BaseAddr.ref (original)
+++ httpd/sandbox/amsterdam/d/os/win32/BaseAddr.ref Mon Apr  7 09:28:58 2008
@@ -79,7 +79,7 @@
 mod_authn_core.so       0x6F9C0000    0x00010000
 mod_authz_dbd.so        0x6F9B0000    0x00010000
 mod_authz_owner.so      0x6F9A0000    0x00010000
-mod_example.so          0x6F990000    0x00010000
+mod_example_hooks.so    0x6F990000    0x00010000
 mod_case_filter.so      0x6F980000    0x00010000
 mod_case_filter_in.so   0x6F970000    0x00010000
 mod_substitute.so       0x6F960000    0x00010000

Modified: httpd/sandbox/amsterdam/d/os/win32/modules.c
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/os/win32/modules.c?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/os/win32/modules.c (original)
+++ httpd/sandbox/amsterdam/d/os/win32/modules.c Mon Apr  7 09:28:58 2008
@@ -19,7 +19,6 @@
  * the core server
  */
 
-#define CORE_PRIVATE
 #include "httpd.h"
 #include "http_config.h"
 

Modified: httpd/sandbox/amsterdam/d/server/Makefile.in
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/server/Makefile.in?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/server/Makefile.in (original)
+++ httpd/sandbox/amsterdam/d/server/Makefile.in Mon Apr  7 09:28:58 2008
@@ -11,8 +11,8 @@
 	config.c log.c main.c vhost.c util.c \
 	util_script.c util_md5.c util_cfgtree.c util_ebcdic.c util_time.c \
 	connection.c listen.c util_mutex.c \
-	mpm_common.c util_charset.c util_debug.c util_xml.c \
-	util_filter.c util_pcre.c exports.c \
+	mpm_common.c util_charset.c util_cookies.c util_debug.c util_xml.c \
+	util_expr.c util_filter.c util_pcre.c exports.c \
 	scoreboard.c error_bucket.c protocol.c core.c request.c provider.c \
 	eoc_bucket.c eor_bucket.c core_filters.c
 

Modified: httpd/sandbox/amsterdam/d/server/config.c
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/server/config.c?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/server/config.c (original)
+++ httpd/sandbox/amsterdam/d/server/config.c Mon Apr  7 09:28:58 2008
@@ -39,8 +39,6 @@
 #define APR_WANT_STRFUNC
 #include "apr_want.h"
 
-#define CORE_PRIVATE
-
 #include "ap_config.h"
 #include "httpd.h"
 #include "http_config.h"

Modified: httpd/sandbox/amsterdam/d/server/connection.c
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/server/connection.c?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/server/connection.c (original)
+++ httpd/sandbox/amsterdam/d/server/connection.c Mon Apr  7 09:28:58 2008
@@ -17,7 +17,6 @@
 #include "apr.h"
 #include "apr_strings.h"
 
-#define CORE_PRIVATE
 #include "ap_config.h"
 #include "httpd.h"
 #include "http_connection.h"



Mime
View raw message