1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 #include "http_request.h"
20 #include "http_protocol.h"
21 #include "http_config.h"
22 #include "mpm_common.h"
25 #include "apr_strings.h"
27 #define APR_WANT_STRFUNC
35 #include "ap_socache.h"
37 #if AP_NEED_SET_MUTEX_PERMS
41 /* Use of the context structure must be thread-safe after the initial
42 * create/init; callers must hold the mutex. */
43 struct ap_socache_instance_t {
44 const char *data_file;
45 /* Pool must only be used with the mutex held. */
48 time_t expiry_interval;
52 * Support for DBM library
54 #define SSL_DBM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
56 /* ### this should use apr_dbm_usednames. */
57 #if !defined(SSL_DBM_FILE_SUFFIX_DIR) && !defined(SSL_DBM_FILE_SUFFIX_PAG)
58 #if defined(DBM_SUFFIX)
59 #define SSL_DBM_FILE_SUFFIX_DIR DBM_SUFFIX
60 #define SSL_DBM_FILE_SUFFIX_PAG DBM_SUFFIX
61 #elif defined(__FreeBSD__) || (defined(DB_LOCK) && defined(DB_SHMEM))
62 #define SSL_DBM_FILE_SUFFIX_DIR ".db"
63 #define SSL_DBM_FILE_SUFFIX_PAG ".db"
65 #define SSL_DBM_FILE_SUFFIX_DIR ".dir"
66 #define SSL_DBM_FILE_SUFFIX_PAG ".pag"
70 static void socache_dbm_expire(ap_socache_instance_t *ctx, server_rec *s);
72 static void socache_dbm_remove(ap_socache_instance_t *ctx, server_rec *s,
73 const unsigned char *id, unsigned int idlen,
76 static const char *socache_dbm_create(ap_socache_instance_t **context,
78 apr_pool_t *tmp, apr_pool_t *p)
80 ap_socache_instance_t *ctx;
82 *context = ctx = apr_pcalloc(p, sizeof *ctx);
84 ctx->data_file = ap_server_root_relative(p, arg);
85 if (!ctx->data_file) {
86 return apr_psprintf(tmp, "Invalid cache file path %s", arg);
89 apr_pool_create(&ctx->pool, p);
94 static apr_status_t socache_dbm_init(ap_socache_instance_t *ctx,
95 const char *namespace,
96 const struct ap_socache_hints *hints,
97 server_rec *s, apr_pool_t *p)
102 /* for the DBM we need the data file */
103 if (ctx->data_file == NULL) {
104 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
105 "SSLSessionCache required");
109 /* open it once to create it and to make sure it _can_ be created */
110 apr_pool_clear(ctx->pool);
112 if ((rv = apr_dbm_open(&dbm, ctx->data_file,
113 APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, ctx->pool)) != APR_SUCCESS) {
114 ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
115 "Cannot create SSLSessionCache DBM file `%s'",
121 ctx->expiry_interval = (hints && hints->expiry_interval
122 ? hints->expiry_interval : 30);
124 #if AP_NEED_SET_MUTEX_PERMS
126 * We have to make sure the Apache child processes have access to
127 * the DBM file. But because there are brain-dead platforms where we
128 * cannot exactly determine the suffixes we try all possibilities.
130 if (geteuid() == 0 /* is superuser */) {
131 chown(ctx->data_file, unixd_config.user_id, -1 /* no gid change */);
132 if (chown(apr_pstrcat(p, ctx->data_file, SSL_DBM_FILE_SUFFIX_DIR, NULL),
133 unixd_config.user_id, -1) == -1) {
134 if (chown(apr_pstrcat(p, ctx->data_file, ".db", NULL),
135 unixd_config.user_id, -1) == -1)
136 chown(apr_pstrcat(p, ctx->data_file, ".dir", NULL),
137 unixd_config.user_id, -1);
139 if (chown(apr_pstrcat(p, ctx->data_file, SSL_DBM_FILE_SUFFIX_PAG, NULL),
140 unixd_config.user_id, -1) == -1) {
141 if (chown(apr_pstrcat(p, ctx->data_file, ".db", NULL),
142 unixd_config.user_id, -1) == -1)
143 chown(apr_pstrcat(p, ctx->data_file, ".pag", NULL),
144 unixd_config.user_id, -1);
148 socache_dbm_expire(ctx, s);
153 static void socache_dbm_kill(ap_socache_instance_t *ctx, server_rec *s)
155 /* the correct way */
156 unlink(apr_pstrcat(ctx->pool, ctx->data_file, SSL_DBM_FILE_SUFFIX_DIR, NULL));
157 unlink(apr_pstrcat(ctx->pool, ctx->data_file, SSL_DBM_FILE_SUFFIX_PAG, NULL));
158 /* the additional ways to be sure */
159 unlink(apr_pstrcat(ctx->pool, ctx->data_file, ".dir", NULL));
160 unlink(apr_pstrcat(ctx->pool, ctx->data_file, ".pag", NULL));
161 unlink(apr_pstrcat(ctx->pool, ctx->data_file, ".db", NULL));
162 unlink(ctx->data_file);
167 static apr_status_t socache_dbm_store(ap_socache_instance_t *ctx, server_rec *s,
168 const unsigned char *id, unsigned int idlen,
169 time_t expiry, unsigned char *ucaData,
177 /* be careful: do not try to store too much bytes in a DBM file! */
179 if ((idlen + nData) >= PAIRMAX) {
180 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
181 "data size too large for DBM session cache: %d >= %d",
182 (idlen + nData), PAIRMAX);
186 if ((idlen + nData) >= 950 /* at least less than approx. 1KB */) {
187 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
188 "data size too large for DBM session cache: %d >= %d",
189 (idlen + nData), 950);
195 dbmkey.dptr = (char *)id;
196 dbmkey.dsize = idlen;
198 /* create DBM value */
199 dbmval.dsize = sizeof(time_t) + nData;
200 dbmval.dptr = (char *)malloc(dbmval.dsize);
201 if (dbmval.dptr == NULL) {
202 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
203 "malloc error creating DBM value");
206 memcpy((char *)dbmval.dptr, &expiry, sizeof(time_t));
207 memcpy((char *)dbmval.dptr+sizeof(time_t), ucaData, nData);
209 /* and store it to the DBM file */
210 apr_pool_clear(ctx->pool);
212 if ((rv = apr_dbm_open(&dbm, ctx->data_file,
213 APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, ctx->pool)) != APR_SUCCESS) {
214 ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
215 "Cannot open SSLSessionCache DBM file `%s' for writing "
221 if ((rv = apr_dbm_store(dbm, dbmkey, dbmval)) != APR_SUCCESS) {
222 ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
223 "Cannot store SSL session to DBM file `%s'",
231 /* free temporary buffers */
234 /* allow the regular expiring to occur */
235 socache_dbm_expire(ctx, s);
240 static apr_status_t socache_dbm_retrieve(ap_socache_instance_t *ctx, server_rec *s,
241 const unsigned char *id, unsigned int idlen,
242 unsigned char *dest, unsigned int *destlen,
253 /* allow the regular expiring to occur */
254 socache_dbm_expire(ctx, s);
256 /* create DBM key and values */
257 dbmkey.dptr = (char *)id;
258 dbmkey.dsize = idlen;
260 /* and fetch it from the DBM file
261 * XXX: Should we open the dbm against r->pool so the cleanup will
262 * do the apr_dbm_close? This would make the code a bit cleaner.
264 apr_pool_clear(ctx->pool);
265 if ((rc = apr_dbm_open(&dbm, ctx->data_file, APR_DBM_RWCREATE,
266 SSL_DBM_FILE_MODE, ctx->pool)) != APR_SUCCESS) {
267 ap_log_error(APLOG_MARK, APLOG_ERR, rc, s,
268 "Cannot open SSLSessionCache DBM file `%s' for reading "
273 rc = apr_dbm_fetch(dbm, dbmkey, &dbmval);
274 if (rc != APR_SUCCESS) {
278 if (dbmval.dptr == NULL || dbmval.dsize <= sizeof(time_t)) {
283 /* parse resulting data */
284 nData = dbmval.dsize-sizeof(time_t);
285 if (nData > *destlen) {
291 memcpy(&expiry, dbmval.dptr, sizeof(time_t));
292 memcpy(dest, (char *)dbmval.dptr + sizeof(time_t), nData);
296 /* make sure the stuff is still not expired */
299 socache_dbm_remove(ctx, s, id, idlen, p);
306 static void socache_dbm_remove(ap_socache_instance_t *ctx, server_rec *s,
307 const unsigned char *id, unsigned int idlen,
314 /* create DBM key and values */
315 dbmkey.dptr = (char *)id;
316 dbmkey.dsize = idlen;
318 /* and delete it from the DBM file */
319 apr_pool_clear(ctx->pool);
321 if ((rv = apr_dbm_open(&dbm, ctx->data_file, APR_DBM_RWCREATE,
322 SSL_DBM_FILE_MODE, ctx->pool)) != APR_SUCCESS) {
323 ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
324 "Cannot open SSLSessionCache DBM file `%s' for writing "
329 apr_dbm_delete(dbm, dbmkey);
335 static void socache_dbm_expire(ap_socache_instance_t *ctx, server_rec *s)
344 apr_datum_t *keylist;
351 * make sure the expiration for still not-accessed session
352 * cache entries is done only from time to time
356 if (tNow < ctx->last_expiry + ctx->expiry_interval) {
360 ctx->last_expiry = tNow;
363 * Here we have to be very carefully: Not all DBM libraries are
364 * smart enough to allow one to iterate over the elements and at the
365 * same time delete expired ones. Some of them get totally crazy
366 * while others have no problems. So we have to do it the slower but
367 * more safe way: we first iterate over all elements and remember
368 * those which have to be expired. Then in a second pass we delete
369 * all those expired elements. Additionally we reopen the DBM file
370 * to be really safe in state.
376 /* allocate the key array in a memory sub pool */
377 apr_pool_clear(ctx->pool);
379 if ((keylist = apr_palloc(ctx->pool, sizeof(dbmkey)*KEYMAX)) == NULL) {
383 /* pass 1: scan DBM database */
385 if ((rv = apr_dbm_open(&dbm, ctx->data_file, APR_DBM_RWCREATE,
386 SSL_DBM_FILE_MODE, ctx->pool)) != APR_SUCCESS) {
387 ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
388 "Cannot open SSLSessionCache DBM file `%s' for "
393 apr_dbm_firstkey(dbm, &dbmkey);
394 while (dbmkey.dptr != NULL) {
397 apr_dbm_fetch(dbm, dbmkey, &dbmval);
398 if (dbmval.dsize <= sizeof(time_t) || dbmval.dptr == NULL)
401 memcpy(&tExpiresAt, dbmval.dptr, sizeof(time_t));
402 if (tExpiresAt <= tNow)
406 if ((keylist[keyidx].dptr = apr_pmemdup(ctx->pool, dbmkey.dptr, dbmkey.dsize)) != NULL) {
407 keylist[keyidx].dsize = dbmkey.dsize;
409 if (keyidx == KEYMAX)
413 apr_dbm_nextkey(dbm, &dbmkey);
417 /* pass 2: delete expired elements */
418 if (apr_dbm_open(&dbm, ctx->data_file, APR_DBM_RWCREATE,
419 SSL_DBM_FILE_MODE, ctx->pool) != APR_SUCCESS) {
420 ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
421 "Cannot re-open SSLSessionCache DBM file `%s' for "
426 for (i = 0; i < keyidx; i++) {
427 apr_dbm_delete(dbm, keylist[i]);
436 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
437 "Inter-Process Session Cache (DBM) Expiry: "
438 "old: %d, new: %d, removed: %d",
439 nElements, nElements-nDeleted, nDeleted);
442 static void socache_dbm_status(ap_socache_instance_t *ctx, request_rec *r,
456 apr_pool_clear(ctx->pool);
457 if ((rv = apr_dbm_open(&dbm, ctx->data_file, APR_DBM_RWCREATE,
458 SSL_DBM_FILE_MODE, ctx->pool)) != APR_SUCCESS) {
459 ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
460 "Cannot open SSLSessionCache DBM file `%s' for status "
466 * XXX - Check the return value of apr_dbm_firstkey, apr_dbm_fetch - TBD
468 apr_dbm_firstkey(dbm, &dbmkey);
469 for ( ; dbmkey.dptr != NULL; apr_dbm_nextkey(dbm, &dbmkey)) {
470 apr_dbm_fetch(dbm, dbmkey, &dbmval);
471 if (dbmval.dptr == NULL)
474 nSize += dbmval.dsize;
477 if (nSize > 0 && nElem > 0)
478 nAverage = nSize / nElem;
481 ap_rprintf(r, "cache type: <b>DBM</b>, maximum size: <b>unlimited</b><br>");
482 ap_rprintf(r, "current sessions: <b>%d</b>, current size: <b>%d</b> bytes<br>", nElem, nSize);
483 ap_rprintf(r, "average session size: <b>%d</b> bytes<br>", nAverage);
487 static const ap_socache_provider_t socache_dbm = {
489 AP_SOCACHE_FLAG_NOTMPSAFE,
494 socache_dbm_retrieve,
499 static void register_hooks(apr_pool_t *p)
501 ap_register_provider(p, AP_SOCACHE_PROVIDER_GROUP, "dbm",
502 AP_SOCACHE_PROVIDER_VERSION,
506 module AP_MODULE_DECLARE_DATA socache_dbm_module = {
507 STANDARD20_MODULE_STUFF,
508 NULL, NULL, NULL, NULL, NULL,