varnish-cache/lib/libvmod_proxy/vmod_proxy.c
1
/*-
2
 * Copyright (c) 2018 GANDI SAS
3
 * All rights reserved.
4
 *
5
 * Author: Emmanuel Hocdet <manu@gandi.net>
6
 *
7
 * Redistribution and use in source and binary forms, with or without
8
 * modification, are permitted provided that the following conditions
9
 * are met:
10
 * 1. Redistributions of source code must retain the above copyright
11
 *    notice, this list of conditions and the following disclaimer.
12
 * 2. Redistributions in binary form must reproduce the above copyright
13
 *    notice, this list of conditions and the following disclaimer in the
14
 *    documentation and/or other materials provided with the distribution.
15
 *
16
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19
 * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
20
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26
 * SUCH DAMAGE.
27
 */
28
29
#include "config.h"
30
31
#include <ctype.h>
32
#include <stdlib.h>
33
#include <string.h>
34
35
#include "cache/cache.h"
36
37
#include "vend.h"
38
39
#include "proxy/cache_proxy.h"
40
41
#include "vcc_if.h"
42
43
44
struct pp2_tlv_ssl {
45
        uint8_t  client;
46
        uint32_t verify;
47
}__attribute__((packed));
48
49
#define PP2_CLIENT_SSL           0x01
50
#define PP2_CLIENT_CERT_CONN     0x02
51
#define PP2_CLIENT_CERT_SESS     0x04
52
53
static VCL_BOOL
54 48
tlv_ssl_flag(VRT_CTX, int flag)
55
{
56
        struct pp2_tlv_ssl *dst;
57
        int len;
58 48
        CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
59
60 48
        if (VPX_tlv(ctx->req, PP2_TYPE_SSL, (void **)&dst, &len))
61 0
                return (0);
62
63 48
        return ((dst->client & flag) == flag);
64 48
}
65
66
VCL_BOOL v_matchproto_(td_proxy_is_ssl)
67 16
vmod_is_ssl(VRT_CTX)
68
{
69 16
        return tlv_ssl_flag(ctx, PP2_CLIENT_SSL);
70
}
71
72
VCL_BOOL v_matchproto_(td_proxy_client_has_cert_sess)
73 16
vmod_client_has_cert_sess(VRT_CTX)
74
{
75 16
        return tlv_ssl_flag(ctx, PP2_CLIENT_CERT_SESS);
76
}
77
78
VCL_BOOL v_matchproto_(td_proxy_client_has_cert_conn)
79 16
vmod_client_has_cert_conn(VRT_CTX)
80
{
81 16
        return tlv_ssl_flag(ctx, PP2_CLIENT_CERT_CONN);
82
}
83
84
/* return come from SSL_get_verify_result */
85
VCL_INT v_matchproto_(td_proxy_ssl_verify_result)
86 16
vmod_ssl_verify_result(VRT_CTX)
87
{
88
        struct pp2_tlv_ssl *dst;
89
        int len;
90 16
        CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
91
92 16
        if (VPX_tlv(ctx->req, PP2_TYPE_SSL, (void **)&dst, &len))
93 0
                return (0); /* X509_V_OK */
94
95 16
        return (vbe32dec(&dst->verify));
96 16
}
97
98
static VCL_STRING
99 112
tlv_string(VRT_CTX, int tlv)
100
{
101
        char *dst, *d;
102
        int len;
103
104 112
        CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
105
106 112
        if (VPX_tlv(ctx->req, tlv, (void **)&dst, &len))
107 16
                return (NULL);
108 96
        if (!WS_ReserveSize(ctx->ws, len+1))
109 0
                return (NULL);
110 96
        d = ctx->ws->f;
111 96
        memcpy(d, dst, len);
112 96
        d[len] = '\0';
113 96
        WS_Release(ctx->ws, len+1);
114 96
        return (d);
115 112
}
116
117
VCL_STRING v_matchproto_(td_proxy_alpn)
118 16
vmod_alpn(VRT_CTX)
119
{
120 16
        return tlv_string(ctx, PP2_TYPE_ALPN);
121
}
122
123
VCL_STRING v_matchproto_(td_proxy_authority)
124 16
vmod_authority(VRT_CTX)
125
{
126 16
        return tlv_string(ctx, PP2_TYPE_AUTHORITY);
127
}
128
129
VCL_STRING v_matchproto_(td_proxy_ssl_version)
130 16
vmod_ssl_version(VRT_CTX)
131
{
132 16
        return tlv_string(ctx, PP2_SUBTYPE_SSL_VERSION);
133
}
134
135
VCL_STRING v_matchproto_(td_proxy_ssl_cipher)
136 16
vmod_ssl_cipher(VRT_CTX)
137
{
138 16
        return tlv_string(ctx, PP2_SUBTYPE_SSL_CIPHER);
139
}
140
141
VCL_STRING v_matchproto_(td_proxy_cert_sign)
142 16
vmod_cert_sign(VRT_CTX)
143
{
144 16
        return tlv_string(ctx, PP2_SUBTYPE_SSL_SIG_ALG);
145
}
146
147
VCL_STRING v_matchproto_(td_proxy_cert_key)
148 16
vmod_cert_key(VRT_CTX)
149
{
150 16
        return tlv_string(ctx, PP2_SUBTYPE_SSL_KEY_ALG);
151
}
152
153
VCL_STRING v_matchproto_(td_proxy_client_cert_cn)
154 16
vmod_client_cert_cn(VRT_CTX)
155
{
156 16
        return tlv_string(ctx, PP2_SUBTYPE_SSL_CN);
157
}