~hww3/caudium

478ede2aed39dc8d4514b860c9f732a1f095db52 — William Welliver 3 years ago f964fbc
beginning of support for SNI virtual hosting
M server/base_server/config/low_describers.pike => server/base_server/config/low_describers.pike +58 -31
@@ 92,6 92,10 @@ string describe_type(int type, mixed flag)
      return "(Commaseparated list of integers)";
    break;

   case TYPE_SSL_CONFIG:
    if(!flag)
       return "This is an SSL configuration.";
    break;

   case TYPE_PORTS:
    if(!flag)


@@ 186,7 190,8 @@ string describe_variable_as_text(array var, int|void verbose)
    
   case TYPE_PASSWORD:
    return "****";
    

   case TYPE_SSL_CONFIG:    
   case TYPE_STRING:
   case TYPE_LOCATION:
   case TYPE_FILE:


@@ 373,36 378,8 @@ string encode_one_port(array port, int id)
    "</tr>\n";
  switch(lower_case(port[1]))
  {
   case "ssl3":
    string cf, kf, cc, cca, cci;
    sscanf(port[3], "%*scert-file %s\n", cf);
    sscanf(port[3], "%*skey-file %s\n", kf);
    sscanf(port[3], "%*sclient-cert-request %s\n", cc);
    sscanf(port[3], "%*sclient-cert-authorities %s\n", cca);
   sscanf(port[3], "%*sclient-cert-issuers %s\n", cci);

    res += ("<tr><td colspan=3>"
	    "<table width=100% cellspacing=0  border=0 bgcolor=#f0f0ff>\n"
	    "<tr width=100%><td colspan=2 width=100%><b>SSL Options</b></td></tr>\n");
    res += ("<tr><td>Certificate file(s):<br>(A comma-separated list of files)</td> <td><input size=30,1 "
	    "name=cert_"+id+" value="+Caudium.html_encode_tag_value(cf||"")+
	    "></td></tr>\n"
	    "<tr><td>Key file: (OPTIONAL)<br>(A comma-separated list of files)</td><td><input size=30,1 "
	    "name=key_"+id+"  value="+Caudium.html_encode_tag_value(kf||"")+
	    "></td></tr>\n");
    string ccrw = "";
    foreach(({"no", "request", "require"});; string opt)
      ccrw +=("<option value=\"" + opt + "\" " + ((cc == opt)?"SELECTED=\"1\"":"") + ">" + opt + "</option>");
    res += ("<tr><td>Client Certificate Request: (OPTIONAL)</td><td><select "
	    "name=cc_"+id+">" + ccrw + "</select></td></tr>\n");
	res += ("<tr><td>Accept client certificates from the following authorities(s):<br>(A comma-separated list of files)</td> <td><input size=30,1 "
		    "name=auth_"+id+" value="+Caudium.html_encode_tag_value(cca||"")+
		    "></td></tr>\n");
	res += ("<tr><td>Trust certificates only if signed by this CA issuer chain:<br>(A comma-separated list of files)</td> <td><input size=30,1 "
		    "name=cci_"+id+" value="+Caudium.html_encode_tag_value(cci||"")+
		    "></td></tr>\n");

    res += "</table></td></tr>\n";
    case "ssl3":
      res += encode_ssl_config(port[3], id);
    break;
#if 0
   case "smtp":


@@ 468,6 445,48 @@ string encode_ports(array from)
  return res+"</table>";
}

string encode_ssl_field(mixed id, string field) {
  if(intp(id)) return field + "_" + id;
  else return id + "_" + field;
} 

//! 
string encode_ssl_config(string from, mixed id) 
{
    string res = "";
    string cf, kf, cc, cca, cci;
    sscanf(from, "%*scert-file %s\n", cf);
    sscanf(from, "%*skey-file %s\n", kf);
    sscanf(from, "%*sclient-cert-request %s\n", cc);
    sscanf(from, "%*sclient-cert-authorities %s\n", cca);
   sscanf(from, "%*sclient-cert-issuers %s\n", cci);

    res += ("<tr><td colspan=3>"
            "<table width=100% cellspacing=0  border=0 bgcolor=#f0f0ff>\n"
            "<tr width=100%><td colspan=2 width=100%><b>SSL Options</b></td></tr>\n");
    res += ("<tr><td>Certificate file(s):<br>(A comma-separated list of files)</td> <td><input size=30,1 "
            "name=\"" + encode_ssl_field(id, "cert") + "\" value="+Caudium.html_encode_tag_value(cf||"")+
            "></td></tr>\n"
            "<tr><td>Key file: (OPTIONAL)<br>(A comma-separated list of files)</td><td><input size=30,1 "
            "name=\"" + encode_ssl_field(id, "key") +"\" value="+Caudium.html_encode_tag_value(kf||"")+
            "></td></tr>\n");
    string ccrw = "";
    foreach(({"no", "request", "require"});; string opt)
      ccrw +=("<option value=\"" + opt + "\" " + ((cc == opt)?"SELECTED=\"1\"":"") + ">" + opt + "</option>");
    res += ("<tr><td>Client Certificate Request: (OPTIONAL)</td><td><select "
            "name=\"" + encode_ssl_field(id, "cc") + "\">" + ccrw + "</select></td></tr>\n");
        res += ("<tr><td>Accept client certificates from the following authorities(s):<br>(A comma-separated list of files)</td> <td><input size=30,1 "
                    "name=\"" + encode_ssl_field(id, "auth") + "\" value="+Caudium.html_encode_tag_value(cca||"")+
                    "></td></tr>\n");
        res += ("<tr><td>Trust certificates only if signed by this CA issuer chain:<br>(A comma-separated list of files)</td> <td><input size=30,1 "
                    "name=\"" + encode_ssl_field(id, "cci") + "\" value="+Caudium.html_encode_tag_value(cci||"")+
                    "></td></tr>\n");

    res += "</table></td></tr>\n"; 

    return res;
}

//!
int module_wanted(mapping mod_info, object module, function check)
{


@@ 555,6 574,14 @@ string describe_variable_low(array var, mixed path, int really_short,
    res += "</select><input type=submit value=Ok>";
    break;

   case TYPE_SSL_CONFIG:
    res += "<table>";

    res = encode_ssl_config(var[VAR_VALUE] || "", path);
    res += "<input type=submit value=Ok>";
    res += "</table>";
    break;

   case TYPE_STRING:
    res=input(path, var[VAR_VALUE], 30)+"<input type=submit value=Ok>";
    break;

M server/base_server/configuration.pike => server/base_server/configuration.pike +3 -1
@@ 3860,7 3860,9 @@ void create(string config)
         TYPE_TEXT_FIELD|VAR_MORE,
         "This text will be visible in the configuration interface, it "
         " can be quite useful to use as a memory helper.");
  
  defvar("sni_tls_config", "", "SNI TLS Configuration",
         TYPE_SSL_CONFIG,
         "Configuration for TLS-SNI based virtual hosting."); 
  defvar("name", "", "Virtual server name",
         TYPE_STRING|VAR_MORE,
         "This is the name that will be used in the configuration "

M server/base_server/mainconfig.pike => server/base_server/mainconfig.pike +32 -11
@@ 477,6 477,30 @@ object find_module(string name, object in)
}

//!
string parse_ssl_config(mixed path, mapping allvars) {
   string args = "";
   string k;

   k = encode_ssl_field(path, "key");
   if(allvars[k] && strlen(allvars[k]))
      args += "key-file "+allvars[k]+"\n";
   k = encode_ssl_field(path, "cert");
   if(allvars[k] && strlen(allvars[k]))
      args += "cert-file "+ allvars[k]+"\n";
   k = encode_ssl_field(path, "cc"); 
   if(allvars[k] && strlen(allvars[k]))
      args += "client-cert-request "+allvars[k]+"\n";
   k = encode_ssl_field(path, "auth");
   if(allvars[k] && strlen(allvars[k]))
      args += "client-cert-authorities "+allvars[k]+"\n";
   k = encode_ssl_field(path, "cci");
   if(allvars[k] && strlen(allvars[k]))
     args += "client-cert-issuers "+allvars[k]+"\n";

   return args;
}

//!
mixed decode_form_result(string var, int type, object node, mapping allvars)
{
  mixed tmp;


@@ 524,17 548,7 @@ mixed decode_form_result(string var, int type, object node, mapping allvars)
            op[i][1] = allvars["protocol_"+i]||op[i][1];
            op[i][2] = allvars["ip_number_"+i]||op[i][2];
            string args = "";
       
            if(allvars["key_"+i] && strlen(allvars["key_"+i]))
              args += "key-file "+allvars["key_"+i]+"\n";
            if(allvars["cert_"+i] && strlen(allvars["cert_"+i]))
              args += "cert-file "+allvars["cert_"+i]+"\n";
            if(allvars["cc_"+i] && strlen(allvars["cc_"+i]))
              args += "client-cert-request "+allvars["cc_"+i]+"\n";
            if(allvars["auth_"+i] && strlen(allvars["auth_"+i]))
              args += "client-cert-authorities "+allvars["auth_"+i]+"\n";
            if(allvars["cci_"+i] && strlen(allvars["cci_"+i]))
              args += "client-cert-issuers "+allvars["cci_"+i]+"\n";
            args = parse_ssl_config(i, allvars);
       
            if(strlen(args))
              op[i][3] = args;


@@ 544,6 558,13 @@ mixed decode_form_result(string var, int type, object node, mapping allvars)
        }
        return op  - ({ 0 });

      case TYPE_SSL_CONFIG:
           string args = "";
           string path = node->path(1);

           args = parse_ssl_config(path, allvars);
        return args;

      case TYPE_DIR_LIST:
        array foo;
        foo=Array.map((var-" ")/",", lambda(string var, object node) {

M server/etc/include/module.h => server/etc/include/module.h +1 -0
@@ 40,6 40,7 @@

#define TYPE_EXISTING_FILE   22

#define TYPE_SSL_CONFIG	25

/* Variable indexes */
#define VAR_VALUE           0