diff options
author | florian <florian@openbsd.org> | 2018-04-11 15:50:46 +0000 |
---|---|---|
committer | florian <florian@openbsd.org> | 2018-04-11 15:50:46 +0000 |
commit | 108ab390ed6b790507f91f65b8e315c3db019156 (patch) | |
tree | bbe838cdee89ce2930e28d14184b9dea3f0767eb /usr.sbin/httpd | |
parent | More steps for i386 Meltdown fix: (diff) | |
download | wireguard-openbsd-108ab390ed6b790507f91f65b8e315c3db019156.tar.xz wireguard-openbsd-108ab390ed6b790507f91f65b8e315c3db019156.zip |
Make httpd listen on all IPv4 and IPv6 addresses for
"listen on * port 80".
While here accept up to 16 addresses from DNS or interface groups.
requested by & "lovely" deraadt@
OK kn@
Diffstat (limited to 'usr.sbin/httpd')
-rw-r--r-- | usr.sbin/httpd/httpd.conf.5 | 14 | ||||
-rw-r--r-- | usr.sbin/httpd/httpd.h | 3 | ||||
-rw-r--r-- | usr.sbin/httpd/parse.y | 95 |
3 files changed, 60 insertions, 52 deletions
diff --git a/usr.sbin/httpd/httpd.conf.5 b/usr.sbin/httpd/httpd.conf.5 index afda0ac132b..54f5e1772e3 100644 --- a/usr.sbin/httpd/httpd.conf.5 +++ b/usr.sbin/httpd/httpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: httpd.conf.5,v 1.89 2018/01/04 20:38:12 jmc Exp $ +.\" $OpenBSD: httpd.conf.5,v 1.90 2018/04/11 15:50:46 florian Exp $ .\" .\" Copyright (c) 2014, 2015 Reyk Floeter <reyk@openbsd.org> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: January 4 2018 $ +.Dd $Mdocdate: April 11 2018 $ .Dt HTTPD.CONF 5 .Os .Sh NAME @@ -52,12 +52,12 @@ addresses of the specified network interface. If .Sq * is given as an address, -it will be used as an alias for +.Xr httpd 8 +will listen on all IPv4 and IPv6 addresses. .Ar 0.0.0.0 -to listen on all IPv4 addresses. -Likewise, -.Sq :: -can be used to listen on all IPv6 addresses. +means to listen on all IPv4 addresses and +.Ar :: +all IPv6 addresses. A .Ar port can be specified by number or name. diff --git a/usr.sbin/httpd/httpd.h b/usr.sbin/httpd/httpd.h index 1d49dfa230f..6901af7d1af 100644 --- a/usr.sbin/httpd/httpd.h +++ b/usr.sbin/httpd/httpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: httpd.h,v 1.135 2018/02/07 03:28:05 florian Exp $ */ +/* $OpenBSD: httpd.h,v 1.136 2018/04/11 15:50:46 florian Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -53,6 +53,7 @@ #define HTTPD_LOGROOT "/logs" #define HTTPD_ACCESS_LOG "access.log" #define HTTPD_ERROR_LOG "error.log" +#define HTTPD_MAX_ALIAS_IP 16 #define HTTPD_REALM_MAX 255 #define HTTPD_LOCATION_MAX 255 #define HTTPD_DEFAULT_TYPE { "bin", "application", "octet-stream", NULL } diff --git a/usr.sbin/httpd/parse.y b/usr.sbin/httpd/parse.y index fcf1938c42d..2fb9c8cff19 100644 --- a/usr.sbin/httpd/parse.y +++ b/usr.sbin/httpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.92 2017/08/28 06:00:05 florian Exp $ */ +/* $OpenBSD: parse.y,v 1.93 2018/04/11 15:50:46 florian Exp $ */ /* * Copyright (c) 2007 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -106,7 +106,6 @@ int host_if(const char *, struct addresslist *, int, struct portrange *, const char *, int); int host(const char *, struct addresslist *, int, struct portrange *, const char *, int); -void host_free(struct addresslist *); struct server *server_inherit(struct server *, struct server_config *, struct server_config *); int getservice(char *); @@ -415,39 +414,61 @@ serveroptsl : LISTEN ON STRING opttls port { YYERROR; } - if (srv->srv_conf.ss.ss_family != AF_UNSPEC) { - if ((alias = calloc(1, - sizeof(*alias))) == NULL) - fatal("out of memory"); - - /* Add as an IP-based alias. */ - s_conf = alias; - } else - s_conf = &srv->srv_conf; - TAILQ_INIT(&al); - if (host($3, &al, 1, &$5, NULL, -1) <= 0) { - yyerror("invalid listen ip: %s", $3); - free($3); - YYERROR; + if (strcmp("*", $3) == 0) { + if (host("0.0.0.0", &al, 1, &$5, NULL, -1) <= + 0) { + yyerror("invalid listen ip: %s", + "0.0.0.0"); + free($3); + YYERROR; + } + if (host("::", &al, 1, &$5, NULL, -1) <= 0) { + yyerror("invalid listen ip: %s", "::"); + free($3); + YYERROR; + } + } else { + if (host($3, &al, HTTPD_MAX_ALIAS_IP, &$5, NULL, + -1) <= 0) { + yyerror("invalid listen ip: %s", $3); + free($3); + YYERROR; + } } free($3); - h = TAILQ_FIRST(&al); - memcpy(&s_conf->ss, &h->ss, sizeof(s_conf->ss)); - s_conf->port = h->port.val[0]; - s_conf->prefixlen = h->prefixlen; - host_free(&al); + while ((h = TAILQ_FIRST(&al)) != NULL) { - if ($4) - s_conf->flags |= SRVFLAG_TLS; + if (srv->srv_conf.ss.ss_family != AF_UNSPEC) { + if ((alias = calloc(1, + sizeof(*alias))) == NULL) + fatal("out of memory"); - if (alias != NULL) { - /* IP-based; use name match flags from parent */ - alias->flags &= ~SRVFLAG_SERVER_MATCH; - alias->flags |= srv->srv_conf.flags & - SRVFLAG_SERVER_MATCH; - TAILQ_INSERT_TAIL(&srv->srv_hosts, - alias, entry); + /* Add as an IP-based alias. */ + s_conf = alias; + } else + s_conf = &srv->srv_conf; + + memcpy(&s_conf->ss, &h->ss, sizeof(s_conf->ss)); + s_conf->port = h->port.val[0]; + s_conf->prefixlen = h->prefixlen; + + if ($4) + s_conf->flags |= SRVFLAG_TLS; + + if (alias != NULL) { + /* + * IP-based; use name match flags from + * parent + */ + alias->flags &= ~SRVFLAG_SERVER_MATCH; + alias->flags |= srv->srv_conf.flags & + SRVFLAG_SERVER_MATCH; + TAILQ_INSERT_TAIL(&srv->srv_hosts, + alias, entry); + } + TAILQ_REMOVE(&al, h, entry); + free(h); } } | ALIAS optmatch STRING { @@ -1990,9 +2011,6 @@ host(const char *s, struct addresslist *al, int max, { struct address *h; - if (strcmp("*", s) == 0) - s = "0.0.0.0"; - h = host_v4(s); /* IPv6 address? */ @@ -2021,17 +2039,6 @@ host(const char *s, struct addresslist *al, int max, return (host_dns(s, al, max, port, ifname, ipproto)); } -void -host_free(struct addresslist *al) -{ - struct address *h; - - while ((h = TAILQ_FIRST(al)) != NULL) { - TAILQ_REMOVE(al, h, entry); - free(h); - } -} - struct server * server_inherit(struct server *src, struct server_config *alias, struct server_config *addr) |