Date: Wed, 20 Jan 2016 23:10:04 +0100 From: Stanislaw Adaszewski <s.adaszewski@gmail.com> To: freebsd-ports@freebsd.org Cc: s.adaszewski@gmail.com Subject: OpenBSD's httpd port Message-ID: <20160120221004.GB3039@fbsd.intel1>
next in thread | raw e-mail | index | archive | help
--ZPt4rx8FFjLCG7dd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Hi guys,
I have a semi-working port of OpenBSD's new httpd running
on FreeBSD.
It is based on the current (i.e. as of today) sources from
OpenBSD repo. Furthermore I've pulled in imsg.c, imsg.h,
imsg-buffer.c from OpenBSD's libutil.
Also, libressl and libevent2 need to be installed from
FreeBSD's port collection.
In spite of this, some things are missing, notably:
- tls_handshake() is not implemented in FreeBSD's libressl
I didn't investigate how to handle this, I presume the
SSL support is not functioning until a workaround is
implemented or libressl updated to OpenBSD's version
- crypt_checkpass() is not implemented in FreeBSD, it should
be pretty trivial to port/implement it, it's used for
checking .htaccess/.htpasswd type hashes; right now this
mechanism is non-functional
Other than that after applying the following patch (attached)
the daemon manages to start in a chroot-ted environment and
serve both raw and PHP files (via fastcgi to PHP-FPM).
I wanted to ask if there's a chance to get this put into
FreeBSD's port tree while I keep working on the missing
functionality? The rationale for this is that httpd is
one of the smallest and most robust ways of setting up
e.g. WordPress installation. Doing the same with nginx was
at least cumbersome. There's another patch of mine in the
openbsd-tech list which adds URL rewriting support to httpd.
I feel that there's a niche for such simple lightweight
daemon and efforts should be made to collaborate with OpenBSD
people on this one.
Best,
S.
--ZPt4rx8FFjLCG7dd
Content-Type: text/x-diff; charset=us-ascii
Content-Disposition: attachment; filename="httpd_freebsd.patch"
Only in .: 1
Common subdirectories: ../../../../openbsd.orig/src/usr.sbin/httpd/CVS and ./CVS
diff ../../../../openbsd.orig/src/usr.sbin/httpd/Makefile ./Makefile
6a7
> SRCS+= imsg.c imsg-buffer.c
12c13
< LDADD= -levent -ltls -lssl -lcrypto -lutil
---
> LDADD= -L/usr/local/lib -levent -ltls -lssl -lcrypto -lutil
15c16
< CFLAGS+= -Wall -I${.CURDIR}
---
> CFLAGS+= -Wall -I${.CURDIR} -I/usr/local/include
Common subdirectories: ../../../../openbsd.orig/src/usr.sbin/httpd/cgi-bin and ./cgi-bin
Common subdirectories: ../../../../openbsd.orig/src/usr.sbin/httpd/conf and ./conf
Common subdirectories: ../../../../openbsd.orig/src/usr.sbin/httpd/htdocs and ./htdocs
diff ../../../../openbsd.orig/src/usr.sbin/httpd/http.h ./http.h
24a25,28
> #ifndef HOST_NAME_MAX
> #define HOST_NAME_MAX 256
> #endif
>
diff ../../../../openbsd.orig/src/usr.sbin/httpd/httpd.c ./httpd.c
50c50
< __dead void usage(void);
---
> void usage(void);
147c147
< __dead void
---
> void
254c254
< if (pledge("stdio rpath wpath cpath inet dns proc ioctl sendfd",
---
> /* if (pledge("stdio rpath wpath cpath inet dns proc ioctl sendfd",
256c256
< fatal("pledge");
---
> fatal("pledge"); */
951a952,957
> int getdtablecount();
>
> int getdtablecount() {
> return 0;
> }
>
diff ../../../../openbsd.orig/src/usr.sbin/httpd/httpd.h ./httpd.h
40a41,44
> #ifndef HOST_NAME_MAX
> #define HOST_NAME_MAX 256
> #endif
>
682c686
< __dead void fatal(const char *, ...)
---
> void fatal(const char *, ...)
684c688
< __dead void fatalx(const char *, ...)
---
> void fatalx(const char *, ...)
Only in .: httpd_freebsd.patch
Common subdirectories: ../../../../openbsd.orig/src/usr.sbin/httpd/icons and ./icons
Only in .: imsg-buffer.c
Only in .: imsg.c
Only in .: imsg.h
diff ../../../../openbsd.orig/src/usr.sbin/httpd/log.c ./log.c
46c46
< __dead void fatal(const char *, ...)
---
> void fatal(const char *, ...)
48c48
< __dead void fatalx(const char *, ...)
---
> void fatalx(const char *, ...)
diff ../../../../openbsd.orig/src/usr.sbin/httpd/logger.c ./logger.c
73,74c73,74
< if (pledge("stdio recvfd", NULL) == -1)
< fatal("pledge");
---
> /* if (pledge("stdio recvfd", NULL) == -1)
> fatal("pledge"); */
139a140,141
> #define dprintf
>
Common subdirectories: ../../../../openbsd.orig/src/usr.sbin/httpd/logs and ./logs
diff ../../../../openbsd.orig/src/usr.sbin/httpd/parse.y ./parse.y
53a54,55
> #include <stdlib.h>
>
1789c1791
< if (error == EAI_AGAIN || error == EAI_NODATA || error == EAI_NONAME)
---
> if (error == EAI_AGAIN || /* error == EAI_NODATA || */ error == EAI_NONAME)
diff ../../../../openbsd.orig/src/usr.sbin/httpd/server.c ./server.c
72c72
< extern void bufferevent_read_pressure_cb(struct evbuffer *, size_t,
---
> static void bufferevent_read_pressure_cb(struct evbuffer *, size_t,
74a75,90
> static void
> bufferevent_read_pressure_cb(struct evbuffer *buf, size_t old, size_t now,
> void *arg) {
> struct bufferevent *bufev = arg;
> /*
> * If we are below the watermark then reschedule reading if it's
> * still enabled.
> */
> if (bufev->wm_read.high == 0 || now < bufev->wm_read.high) {
> evbuffer_setcb(buf, NULL, NULL);
>
> if (bufev->enabled & EV_READ)
> server_bufferevent_add(&bufev->ev_read, bufev->timeout_read.tv_sec);
> }
> }
>
218,219c234,235
< explicit_bzero(srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len);
< explicit_bzero(srv->srv_conf.tls_key, srv->srv_conf.tls_key_len);
---
> bzero(srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len);
> bzero(srv->srv_conf.tls_key, srv->srv_conf.tls_key_len);
247,248c263,264
< if (pledge("stdio rpath inet unix recvfd", NULL) == -1)
< fatal("pledge");
---
> /* if (pledge("stdio rpath inet unix recvfd", NULL) == -1)
> fatal("pledge"); */
324c340
< explicit_bzero(srv_conf->tls_cert, srv_conf->tls_cert_len);
---
> bzero(srv_conf->tls_cert, srv_conf->tls_cert_len);
329c345
< explicit_bzero(srv_conf->tls_key, srv_conf->tls_key_len);
---
> bzero(srv_conf->tls_key, srv_conf->tls_key_len);
500c516
< if (srv_conf->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) {
---
> /* if (srv_conf->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) {
508c524
< }
---
> } */
569a586
> size_t outlen;
579,580c596,597
< ret = tls_read(clt->clt_tls_ctx, rbuf, howmuch);
< if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) {
---
> ret = tls_read(clt->clt_tls_ctx, rbuf, howmuch, &outlen);
> if (ret == TLS_READ_AGAIN || ret == TLS_WRITE_AGAIN) {
598c615
< server_bufferevent_add(&bufev->ev_read, bufev->timeout_read);
---
> server_bufferevent_add(&bufev->ev_read, bufev->timeout_read.tv_sec);
615c632
< server_bufferevent_add(&bufev->ev_read, bufev->timeout_read);
---
> server_bufferevent_add(&bufev->ev_read, bufev->timeout_read.tv_sec);
629a647
> size_t outlen;
639,640c657,658
< EVBUFFER_LENGTH(bufev->output));
< if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) {
---
> EVBUFFER_LENGTH(bufev->output), &outlen);
> if (ret == TLS_READ_AGAIN || ret == TLS_WRITE_AGAIN) {
651c669
< server_bufferevent_add(&bufev->ev_write, bufev->timeout_write);
---
> server_bufferevent_add(&bufev->ev_write, bufev->timeout_write.tv_sec);
659c677
< server_bufferevent_add(&bufev->ev_write, bufev->timeout_write);
---
> server_bufferevent_add(&bufev->ev_write, bufev->timeout_write.tv_sec);
747a766,767
> size_t outlen;
>
758c778
< (void)tls_write(clt->clt_tls_ctx, buf, len);
---
> (void)tls_write(clt->clt_tls_ctx, buf, len, &outlen);
958c978
< ret = tls_handshake(clt->clt_tls_ctx);
---
> // ret = tls_handshake(clt->clt_tls_ctx);
961c981
< } else if (ret == TLS_WANT_POLLIN) {
---
> } else if (ret == TLS_READ_AGAIN) {
965c985
< } else if (ret == TLS_WANT_POLLOUT) {
---
> } else if (ret == TLS_WRITE_AGAIN) {
1218c1238
< ret = server_bufferevent_write(clt, buf->buffer, size);
---
> ret = server_bufferevent_write(clt, EVBUFFER_DATA(buf), size);
diff ../../../../openbsd.orig/src/usr.sbin/httpd/server_http.c ./server_http.c
32a33
> #define _WITH_GETLINE
56a58,65
> int stravis(char **dst, const char *src, int flags);
>
> int stravis(char **dst, const char *src, int flags) {
> *dst = (char*) malloc(4 * strlen(src) + 1);
> if (*dst == 0) return -1;
> return strvis(*dst, src, flags);
> }
>
172c181
< explicit_bzero(line, linelen);
---
> bzero(line, linelen);
179c188
< explicit_bzero(line, linelen);
---
> bzero(line, linelen);
183,184c192,193
< if (crypt_checkpass(clt_pass, pass) == 0) {
< explicit_bzero(line, linelen);
---
> if (0) { // crypt_checkpass(clt_pass, pass) == 0) {
> bzero(line, linelen);
195,196c204,205
< explicit_bzero(ba->kv_value, strlen(ba->kv_value));
< explicit_bzero(decoded, sizeof(decoded));
---
> bzero(ba->kv_value, strlen(ba->kv_value));
> bzero(decoded, sizeof(decoded));
779c788
< if (stravis(&escapedmsg, msg, VIS_DQ) == -1) {
---
> if (stravis(&escapedmsg, msg, 0) == -1) {
Common subdirectories: ../../../../openbsd.orig/src/usr.sbin/httpd/src and ./src
Common subdirectories: ../../../../openbsd.orig/src/usr.sbin/httpd/support and ./support
--ZPt4rx8FFjLCG7dd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="httpd.conf"
chroot "/var/www"
server "default" {
listen on * port 80
root "/htdocs/test"
location "*.php" {
fastcgi socket "/run/php-fpm.sock"
}
}
--ZPt4rx8FFjLCG7dd--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160120221004.GB3039>