Merge tag 'upstream/5.0.1'

Upstream version 5.0.1

8 files changed, 172 insertions, 29 deletions

diff --git a/src/libfast/Makefile.am b/src/libfast/Makefile.am
index 35d102109..df5b650ce 100644
--- a/src/libfast/Makefile.am
+++ b/src/libfast/Makefile.am
@@ -1,7 +1,14 @@
 ipseclib_LTLIBRARIES = libfast.la
 
-libfast_la_SOURCES = context.h dispatcher.c request.h session.h \
-  controller.h dispatcher.h request.c session.c filter.h smtp.c smtp.h
+libfast_la_SOURCES = \
+	dispatcher.c request.c session.c smtp.c
+
+if USE_DEV_HEADERS
+fast_includedir = ${dev_headers}/fast
+nobase_fast_include_HEADERS = \
+	context.h controller.h dispatcher.h filter.h request.h session.h smtp.h
+endif
+
 libfast_la_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \
   -lfcgi $(clearsilver_LIBS) $(PTHREADLIB)
 INCLUDES = -I$(top_srcdir)/src/libstrongswan -I/usr/include/ClearSilver
diff --git a/src/libfast/Makefile.in b/src/libfast/Makefile.in
index abb721758..78341c7e7 100644
--- a/src/libfast/Makefile.in
+++ b/src/libfast/Makefile.in
@@ -15,6 +15,7 @@
 
 @SET_MAKE@
 
+
 VPATH = @srcdir@
 pkgdatadir = $(datadir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
@@ -35,7 +36,8 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 subdir = src/libfast
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+DIST_COMMON = $(am__nobase_fast_include_HEADERS_DIST) \
+	$(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
 	$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -49,6 +51,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
 am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
@@ -72,7 +75,8 @@ am__nobase_list = $(am__nobase_strip_setup); \
 am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__installdirs = "$(DESTDIR)$(ipseclibdir)"
+am__installdirs = "$(DESTDIR)$(ipseclibdir)" \
+	"$(DESTDIR)$(fast_includedir)"
 LTLIBRARIES = $(ipseclib_LTLIBRARIES)
 am__DEPENDENCIES_1 =
 libfast_la_DEPENDENCIES =  \
@@ -80,7 +84,7 @@ libfast_la_DEPENDENCIES =  \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
 am_libfast_la_OBJECTS = dispatcher.lo request.lo session.lo smtp.lo
 libfast_la_OBJECTS = $(am_libfast_la_OBJECTS)
-DEFAULT_INCLUDES = -I.@am__isrc@
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
 am__mv = mv -f
@@ -95,6 +99,9 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
 	$(LDFLAGS) -o $@
 SOURCES = $(libfast_la_SOURCES)
 DIST_SOURCES = $(libfast_la_SOURCES)
+am__nobase_fast_include_HEADERS_DIST = context.h controller.h \
+	dispatcher.h filter.h request.h session.h smtp.h
+HEADERS = $(nobase_fast_include_HEADERS)
 ETAGS = etags
 CTAGS = ctags
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
@@ -106,6 +113,7 @@ AUTOCONF = @AUTOCONF@
 AUTOHEADER = @AUTOHEADER@
 AUTOMAKE = @AUTOMAKE@
 AWK = @AWK@
+BFDLIB = @BFDLIB@
 BTLIB = @BTLIB@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
@@ -200,11 +208,14 @@ build_os = @build_os@
 build_vendor = @build_vendor@
 builddir = @builddir@
 c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
 clearsilver_LIBS = @clearsilver_LIBS@
 datadir = @datadir@
 datarootdir = @datarootdir@
 dbusservicedir = @dbusservicedir@
-default_pkcs11 = @default_pkcs11@
+dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
@@ -221,11 +232,12 @@ imcvdir = @imcvdir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
 ipsecdir = @ipsecdir@
 ipsecgroup = @ipsecgroup@
 ipseclibdir = @ipseclibdir@
 ipsecuser = @ipsecuser@
-libcharon_plugins = @libcharon_plugins@
 libdir = @libdir@
 libexecdir = @libexecdir@
 linux_headers = @linux_headers@
@@ -241,6 +253,7 @@ mkdir_p = @mkdir_p@
 nm_CFLAGS = @nm_CFLAGS@
 nm_LIBS = @nm_LIBS@
 nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
 oldincludedir = @oldincludedir@
 openac_plugins = @openac_plugins@
 p_plugins = @p_plugins@
@@ -250,7 +263,6 @@ pdfdir = @pdfdir@
 piddir = @piddir@
 pki_plugins = @pki_plugins@
 plugindir = @plugindir@
-pluto_plugins = @pluto_plugins@
 pool_plugins = @pool_plugins@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
@@ -279,8 +291,12 @@ urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 ipseclib_LTLIBRARIES = libfast.la
-libfast_la_SOURCES = context.h dispatcher.c request.h session.h \
-  controller.h dispatcher.h request.c session.c filter.h smtp.c smtp.h
+libfast_la_SOURCES = \
+	dispatcher.c request.c session.c smtp.c
+
+@USE_DEV_HEADERS_TRUE@fast_includedir = ${dev_headers}/fast
+@USE_DEV_HEADERS_TRUE@nobase_fast_include_HEADERS = \
+@USE_DEV_HEADERS_TRUE@	context.h controller.h dispatcher.h filter.h request.h session.h smtp.h
 
 libfast_la_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \
   -lfcgi $(clearsilver_LIBS) $(PTHREADLIB)
@@ -392,6 +408,29 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
+install-nobase_fast_includeHEADERS: $(nobase_fast_include_HEADERS)
+	@$(NORMAL_INSTALL)
+	test -z "$(fast_includedir)" || $(MKDIR_P) "$(DESTDIR)$(fast_includedir)"
+	@list='$(nobase_fast_include_HEADERS)'; test -n "$(fast_includedir)" || list=; \
+	$(am__nobase_list) | while read dir files; do \
+	  xfiles=; for file in $$files; do \
+	    if test -f "$$file"; then xfiles="$$xfiles $$file"; \
+	    else xfiles="$$xfiles $(srcdir)/$$file"; fi; done; \
+	  test -z "$$xfiles" || { \
+	    test "x$$dir" = x. || { \
+	      echo "$(MKDIR_P) '$(DESTDIR)$(fast_includedir)/$$dir'"; \
+	      $(MKDIR_P) "$(DESTDIR)$(fast_includedir)/$$dir"; }; \
+	    echo " $(INSTALL_HEADER) $$xfiles '$(DESTDIR)$(fast_includedir)/$$dir'"; \
+	    $(INSTALL_HEADER) $$xfiles "$(DESTDIR)$(fast_includedir)/$$dir" || exit $$?; }; \
+	done
+
+uninstall-nobase_fast_includeHEADERS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(nobase_fast_include_HEADERS)'; test -n "$(fast_includedir)" || list=; \
+	$(am__nobase_strip_setup); files=`$(am__nobase_strip)`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(fast_includedir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(fast_includedir)" && rm -f $$files
 
 ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
 	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
@@ -477,9 +516,9 @@ distdir: $(DISTFILES)
 	done
 check-am: all-am
 check: check-am
-all-am: Makefile $(LTLIBRARIES)
+all-am: Makefile $(LTLIBRARIES) $(HEADERS)
 installdirs:
-	for dir in "$(DESTDIR)$(ipseclibdir)"; do \
+	for dir in "$(DESTDIR)$(ipseclibdir)" "$(DESTDIR)$(fast_includedir)"; do \
 	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-am
@@ -530,7 +569,8 @@ info: info-am
 
 info-am:
 
-install-data-am: install-ipseclibLTLIBRARIES
+install-data-am: install-ipseclibLTLIBRARIES \
+	install-nobase_fast_includeHEADERS
 
 install-dvi: install-dvi-am
 
@@ -576,7 +616,8 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-ipseclibLTLIBRARIES
+uninstall-am: uninstall-ipseclibLTLIBRARIES \
+	uninstall-nobase_fast_includeHEADERS
 
 .MAKE: install-am install-strip
 
@@ -587,12 +628,14 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES
 	install install-am install-data install-data-am install-dvi \
 	install-dvi-am install-exec install-exec-am install-html \
 	install-html-am install-info install-info-am \
-	install-ipseclibLTLIBRARIES install-man install-pdf \
-	install-pdf-am install-ps install-ps-am install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
+	install-ipseclibLTLIBRARIES install-man \
+	install-nobase_fast_includeHEADERS install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
 	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-ipseclibLTLIBRARIES
+	tags uninstall uninstall-am uninstall-ipseclibLTLIBRARIES \
+	uninstall-nobase_fast_includeHEADERS
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libfast/dispatcher.c b/src/libfast/dispatcher.c
index e5fca7074..63c872e35 100644
--- a/src/libfast/dispatcher.c
+++ b/src/libfast/dispatcher.c
@@ -179,10 +179,16 @@ static session_entry_t *session_entry_create(private_dispatcher_t *this,
 											 char *host)
 {
 	session_entry_t *entry;
+	session_t *session;
 
+	session = load_session(this);
+	if (!session)
+	{
+		return NULL;
+	}
 	INIT(entry,
 		.cond = condvar_create(CONDVAR_TYPE_DEFAULT),
-		.session = load_session(this),
+		.session = session,
 		.host = strdup(host),
 		.used = time_monotonic(NULL),
 	);
@@ -324,6 +330,12 @@ static void dispatch(private_dispatcher_t *this)
 		else
 		{	/* create a new session if not found */
 			found = session_entry_create(this, request->get_host(request));
+			if (!found)
+			{
+				request->destroy(request);
+				this->mutex->unlock(this->mutex);
+				continue;
+			}
 			sid = found->session->get_sid(found->session);
 			this->sessions->put(this->sessions, sid, found);
 		}
diff --git a/src/libfast/request.c b/src/libfast/request.c
index 3acd831b2..6ca474037 100644
--- a/src/libfast/request.c
+++ b/src/libfast/request.c
@@ -22,6 +22,11 @@
 #include <stdlib.h>
 #include <pthread.h>
 #include <string.h>
+#include <unistd.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
 #include <ClearSilver/ClearSilver.h>
 
 #include <threading/thread.h>
@@ -275,6 +280,60 @@ METHOD(request_t, serve, void,
 	FCGX_PutStr(chunk.ptr, chunk.len, this->req.out);
 }
 
+METHOD(request_t, sendfile, bool,
+	private_request_t *this, char *path, char *mime)
+{
+	struct stat sb;
+	chunk_t data;
+	void *addr;
+	int fd, written;
+	char buf[24];
+
+	fd = open(path, O_RDONLY);
+	if (fd == -1)
+	{
+		return FALSE;
+	}
+	if (fstat(fd, &sb) == -1)
+	{
+		close(fd);
+		return FALSE;
+	}
+	addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
+	if (addr == MAP_FAILED)
+	{
+		close(fd);
+		return FALSE;
+	}
+
+	/* FCGX does not like large integers, print to a buffer using libc */
+	snprintf(buf, sizeof(buf), "%lld", (int64_t)sb.st_size);
+	FCGX_FPrintF(this->req.out, "Content-Length: %s\n", buf);
+	if (mime)
+	{
+		FCGX_FPrintF(this->req.out, "Content-Type: %s\n", mime);
+	}
+	FCGX_FPrintF(this->req.out, "\n");
+
+	data = chunk_create(addr, sb.st_size);
+
+	while (data.len)
+	{
+		written = FCGX_PutStr(data.ptr, data.len, this->req.out);
+		if (written == -1)
+		{
+			munmap(addr, sb.st_size);
+			close(fd);
+			return FALSE;
+		}
+		data = chunk_skip(data, written);
+	}
+
+	munmap(addr, sb.st_size);
+	close(fd);
+	return TRUE;
+}
+
 METHOD(request_t, render, void,
 	private_request_t *this, char *template)
 {
@@ -380,6 +439,7 @@ request_t *request_create(int fd, bool debug)
 			.render = _render,
 			.streamf = _streamf,
 			.serve = _serve,
+			.sendfile = _sendfile,
 			.set = _set,
 			.setf = _setf,
 			.get_ref = _get_ref,
diff --git a/src/libfast/request.h b/src/libfast/request.h
index c9c1f13e2..63a465bb8 100644
--- a/src/libfast/request.h
+++ b/src/libfast/request.h
@@ -185,6 +185,15 @@ struct request_t {
 	void (*serve)(request_t *this, char *headers, chunk_t chunk);
 
 	/**
+	 * Send a file from the file system.
+	 *
+	 * @param path		path to file to serve
+	 * @param mime		mime type of file to send, or NULL
+	 * @return			TRUE if file served successfully
+	 */
+	bool (*sendfile)(request_t *this, char *path, char *mime);
+
+	/**
 	 * Increase the reference count to the stream.
 	 *
 	 * @return			this with increased refcount
diff --git a/src/libfast/session.c b/src/libfast/session.c
index 1d9ed0107..cf14dbeb6 100644
--- a/src/libfast/session.c
+++ b/src/libfast/session.c
@@ -78,20 +78,24 @@ METHOD(session_t, add_filter, void,
 /**
  * Create a session ID and a cookie
  */
-static void create_sid(private_session_t *this)
+static bool create_sid(private_session_t *this)
 {
 	char buf[COOKIE_LEN];
 	rng_t *rng;
 
-	memset(buf, 0, sizeof(buf));
-	memset(this->sid, 0, sizeof(this->sid));
 	rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
-	if (rng)
+	if (!rng)
+	{
+		return FALSE;
+	}
+	if (!rng->get_bytes(rng, sizeof(buf), buf))
 	{
-		rng->get_bytes(rng, sizeof(buf), buf);
 		rng->destroy(rng);
+		return FALSE;
 	}
+	rng->destroy(rng);
 	chunk_to_hex(chunk_create(buf, sizeof(buf)), this->sid, FALSE);
+	return TRUE;
 }
 
 /**
@@ -212,7 +216,11 @@ session_t *session_create(context_t *context)
 		.filters = linked_list_create(),
 		.context = context,
 	);
-	create_sid(this);
+	if (!create_sid(this))
+	{
+		destroy(this);
+		return NULL;
+	}
 
 	return &this->public;
 }
diff --git a/src/libfast/session.h b/src/libfast/session.h
index f60fa9ef2..acbab8964 100644
--- a/src/libfast/session.h
+++ b/src/libfast/session.h
@@ -70,6 +70,7 @@ struct session_t {
  * Create a session new session.
  *
  * @param context		user defined session context instance
+ * @return				client session, NULL on error
  */
 session_t *session_create(context_t *context);
 
diff --git a/src/libfast/smtp.c b/src/libfast/smtp.c
index 4118c74a6..1375c2944 100644
--- a/src/libfast/smtp.c
+++ b/src/libfast/smtp.c
@@ -136,7 +136,13 @@ METHOD(smtp_t, destroy, void,
 smtp_t *smtp_create()
 {
 	private_smtp_t *this;
-	struct sockaddr_in addr;
+	struct sockaddr_in addr = {
+		.sin_family = AF_INET,
+		.sin_port = htons(25),
+		.sin_addr = {
+			.s_addr = htonl(INADDR_LOOPBACK),
+		},
+	};
 	int s;
 
 	INIT(this,
@@ -153,9 +159,6 @@ smtp_t *smtp_create()
 		free(this);
 		return NULL;
 	}
-	addr.sin_family = AF_INET;
-	addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
-	addr.sin_port = htons(25);
 	if (connect(s, (struct sockaddr*)&addr, sizeof(addr)) < 0)
 	{
 		DBG1(DBG_LIB, "connecting to SMTP server failed: %s", strerror(errno));