[multiple] store ptrs to remote addr in request_st (#3192)

adds two pointers to (request_st *) (cost: 16 bytes in 64-bit builds)

prepares for upcoming changes to mod_extforward to manage remote add

[multiple] store ptrs to remote addr in request_st (#3192)

adds two pointers to (request_st *) (cost: 16 bytes in 64-bit builds)

prepares for upcoming changes to mod_extforward to manage remote addr
per request for HTTP/2 requests, rather than remote addr per connection.

Modern load balancers often provide options to reuse connections for
*different* clients, and therefore mod_extforward might change the
remote addr per request.

x-ref:
"RFE: mod_extforward and multiplexed requests via HTTP/2"
https://redmine.lighttpd.net/issues/3192
"Evaluation of remote_addr for mod_maxminddb for multiplexed connections"
https://redmine.lighttpd.net/issues/3191

show more ...

[multiple] employ ck_calloc, ck_malloc shared code

employ ck_calloc(), ck_malloc() shared code to slightly reduce code size
(centralize the ck_assert() to check that memory allocation succeeded)

[multiple] mark mod_*_plugin_init() funcs cold

[mod_authn_gssapi] warn if no confidentiality flag (fixes #3163)

warn if no confidentiality flag (GSS_C_CONF_FLAG) returned in flags
after call to gss_accept_sec_context() when SPNEGO Negotiate
(aut

[mod_authn_gssapi] warn if no confidentiality flag (fixes #3163)

warn if no confidentiality flag (GSS_C_CONF_FLAG) returned in flags
after call to gss_accept_sec_context() when SPNEGO Negotiate
(auth.require "method" => "gssapi") and credentials are being
stored (auth.backend.gssapi.store-creds = "enable" (default))

Missing flag GSS_C_CONF_FLAG is no longer an error.
(mod_authn_gssapi is for auth, not used for message transport;
mod_authn_gssapi never uses gss_unwrap())

NB: mod_authn_gssapi should be used over TLS for encryption.

x-ref:
"gssapi - no confidentiality for user"
https://redmine.lighttpd.net/issues/3163
"Chapter 1 The GSS-API: An Overview" (online reference)
https://docs.oracle.com/cd/E19683-01/816-1331/overview-6/index.html

show more ...

[multiple] use buffer_append_char()

[multiple] remove buffer_init_buffer()

remove (minor) convenience func; easy to replace

Like buffer_init_string(), buffer_init_buffer() was used in only a few
places at startup or in cold funcs, so

[multiple] remove buffer_init_buffer()

remove (minor) convenience func; easy to replace

Like buffer_init_string(), buffer_init_buffer() was used in only a few
places at startup or in cold funcs, so better off removed from buffer.c

show more ...

[multiple] remove buffer_init_string()

remove (minor) convenience func; easy to replace

[mod_authn_gssapi] reduce KRB5CCNAME mem alloc

reuse KRB5CCNAME path saved in r->env

request_reset() calls plugin cleanups (where KRB5CCNAME path unlinked)
before freeing the string from r->env.

[mod_authn_gssapi] code reuse: fdevent_mkostemp()

[multiple] inline struct in con->dst_addr_buf

(mod_extforward recently changed to use buffer_move() to save addr
instead of swapping pointers)

[multiple] reduce redundant NULL buffer checks

This commit is a large set of code changes and results in removal of
hundreds, perhaps thousands, of CPU instructions, a portion of which
are on hot co

[multiple] reduce redundant NULL buffer checks

This commit is a large set of code changes and results in removal of
hundreds, perhaps thousands, of CPU instructions, a portion of which
are on hot code paths.

Most (buffer *) used by lighttpd are not NULL, especially since buffers
were inlined into numerous larger structs such as request_st and chunk.

In the small number of instances where that is not the case, a NULL
check is often performed earlier in a function where that buffer is
later used with a buffer_* func. In the handful of cases that remained,
a NULL check was added, e.g. with r->http_host and r->conf.server_tag.

- check for empty strings at config time and set value to NULL if blank
string will be ignored at runtime; at runtime, simple pointer check
for NULL can be used to check for a value that has been set and is not
blank ("")
- use buffer_is_blank() instead of buffer_string_is_empty(),
and use buffer_is_unset() instead of buffer_is_empty(),
where buffer is known not to be NULL so that NULL check can be skipped
- use buffer_clen() instead of buffer_string_length() when buffer is
known not to be NULL (to avoid NULL check at runtime)
- use buffer_truncate() instead of buffer_string_set_length() to
truncate string, and use buffer_extend() to extend

Examples where buffer known not to be NULL:
- cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL
(though we might set it to NULL if buffer_is_blank(cpv->v.b))
- address of buffer is arg (&foo)
(compiler optimizer detects this in most, but not all, cases)
- buffer is checked for NULL earlier in func
- buffer is accessed in same scope without a NULL check (e.g. b->ptr)

internal behavior change:
callers must not pass a NULL buffer to some funcs.
- buffer_init_buffer() requires non-null args
- buffer_copy_buffer() requires non-null args
- buffer_append_string_buffer() requires non-null args
- buffer_string_space() requires non-null arg

show more ...

[mod_auth*] rename http_auth.* -> mod_auth_api.*

rename http_auth.[ch] -> mod_auth_api.[ch]

[core] remove HANDLER_UNSET enum value

[multiple] pass len when copying constant strings

[multiple] extend enum http_header_e list

[multiple] rename connection_reset hook to request

rename connection_reset to handle_request_reset

[multiple] split con, request (very large change)

NB: r->tmp_buf == srv->tmp_buf (pointer is copied for quicker access)

NB: request read and write chunkqueues currently point to connection
chun

[multiple] split con, request (very large change)

NB: r->tmp_buf == srv->tmp_buf (pointer is copied for quicker access)

NB: request read and write chunkqueues currently point to connection
chunkqueues; per-request and per-connection chunkqueues are
not distinct from one another
con->read_queue == r->read_queue
con->write_queue == r->write_queue

NB: in the future, a separate connection config may be needed for
connection-level module hooks. Similarly, might need to have
per-request chunkqueues separate from per-connection chunkqueues.
Should probably also have a request_reset() which is distinct from
connection_reset().

show more ...

[multiple] copy small struct instead of memcpy()

when patching config

[core] store subrequest_handler instead of mode

store pointer to module in handler_module instead of con->mode id

[core] move addtl request-specific struct members

[core] move plugin_ctx into (request_st *)

NB: in the future, a separate plugin_ctx may be needed for
connection-level plugins to keep state across multiple requests

[core] move addtl request-specific struct members

[multiple] connection hooks no longer get (srv *)

(explicit (server *) not passed; available in con->srv)

[multiple] prefer (connection *) to (srv *)

convert all log_error_write() to log_error() and pass (log_error_st *)

use con->errh in preference to srv->errh (even though currently same)

avoid passi

[multiple] prefer (connection *) to (srv *)

convert all log_error_write() to log_error() and pass (log_error_st *)

use con->errh in preference to srv->errh (even though currently same)

avoid passing (server *) when previously used only for logging (errh)

show more ...

[multiple] plugin.c handles common FREE_FUNC code

(simpler for modules; less boilerplate to cut-n-paste)