Add the .sha256() method.

0013bb4e · Geoff Simmons · f488a1d9 · 0013bb4e · 0013bb4e · 0013bb4e
Commit 0013bb4e authored Feb 28, 2021 by Geoff Simmons
Hide whitespace changes
Inline Side-by-side

Showing with 141 additions and 6 deletions

README.rst README.rst +11 -3

info.vtc src/tests/info.vtc +68 -0

vmod_file.c src/vmod_file.c +56 -2

vmod_file.vcc src/vmod_file.vcc +6 -1

No files found.
--- a/README.rst
+++ b/README.rst
@@ -173,8 +173,8 @@ is followed.

 .. _file.reader():

-new xreader = file.reader(STRING name, STRING path, DURATION ttl, BOOL log_checks)
----------------------------------------------------------------------------------
+new xreader = file.reader(STRING name, STRING path, DURATION ttl, BOOL log_checks, BOOL enable_sha256)
+------------------------------------------------------------------------------------------------------

 ::

@@ -182,7 +182,8 @@ new xreader = file.reader(STRING name, STRING path, DURATION ttl, BOOL log_check
      STRING name,
      STRING path="/usr/local/etc/varnish:/usr/local/share/varnish/vcl:/etc/varnish:/usr/share/varnish/vcl",
      DURATION ttl=120,
-      BOOL log_checks=0
+      BOOL log_checks=0,
+      BOOL enable_sha256=0
   )

 Create an object to read and cache the contents of the file named
@@ -472,6 +473,13 @@ The contents of the BLOB returned by ``.id()`` are intentionally not
 documented, and should not be relied on to extract information about
 the file.

+.. _xreader.sha256():
+
+BLOB xreader.sha256()
+---------------------
+
+XXX ...
+
 .. _file.version():

 STRING version()

--- a/src/tests/info.vtc
+++ b/src/tests/info.vtc
@@ -212,3 +212,71 @@ delay .1

 # Check the log to verify that ETag changes.
 client c1 -run
+
+shell {echo -n "foo bar baz quux" > ${tmpdir}/sha}
+
+varnish v1 -vcl {
+	import ${vmod_file};
+	import blob;
+	backend b None;
+
+	sub vcl_init {
+		new rdr = file.reader("${tmpdir}/sha", ttl=0.1s,
+		                      enable_sha256=true);
+	}
+
+	sub vcl_recv {
+		return (synth(200));
+	}
+
+	sub vcl_synth {
+		set resp.http.ETag = blob.encode(BASE64, blob=rdr.sha256());
+		return (deliver);
+	}
+}
+
+client c1 {
+	txreq
+	rxresp
+	expect resp.status == 200
+	expect resp.http.ETag ~ {^[[:alnum:]+/]+=*$}
+} -run
+
+shell {echo -n "quux baz bar foo" > ${tmpdir}/sha}
+delay .1
+
+# Check the log to verify that ETag changes.
+client c1 -run
+
+
+varnish v1 -vcl {
+	import ${vmod_file};
+	import blob;
+	backend b None;
+
+	sub vcl_init {
+		new rdr = file.reader("${tmpdir}/sha", ttl=0.1s);
+	}
+
+	sub vcl_recv {
+		set req.http.SHA256 = blob.encode(BASE64, blob=rdr.sha256());
+		return (synth(200));
+	}
+}
+
+logexpect l1 -v v1 -d 0 -g vxid -q "VCL_Error" {
+	expect 0 * Begin	req
+	expect * = VCL_Error	{^vmod file failure: rdr\.sha256\(\): sha256 not enabled$}
+	expect 0 = ReqHeader	{^SHA256: $}
+	expect 0 = VCL_return	fail
+	expect * = End
+} -start
+
+client c1 {
+	txreq
+	rxresp
+	expect resp.status == 503
+	expect resp.reason == "VCL failed"
+} -run
+
+logexpect l1 -wait
--- a/src/vmod_file.c
+++ b/src/vmod_file.c
@@ -45,6 +45,7 @@
 #include "vcl.h"
 #include "vtim.h"
 #include "vsb.h"
+#include "vsha256.h"

 #include "vcc_if.h"

@@ -61,6 +62,9 @@
 /* For the result of .id() */
 #define VMOD_FILE_ID_MAGIC 0x001122d7

+/* For the result of .sha256() */
+#define VMOD_FILE_SHA256_MAGIC 0xd2130e92
+
 #define INIT_SLEEP_INTERVAL 0.001
 #define ERRMSG_LEN 128
 #define NO_ERR ("No error")
@@ -70,6 +74,7 @@ struct file_info {
 #define FILE_INFO_MAGIC 0x46ebec3d
 	struct timespec	mtime;
 	char		*path;
+	unsigned char	*sha256;
 	size_t		len;
 	dev_t		dev;
 	ino_t		ino;
@@ -115,6 +120,7 @@ check(union sigval val)
 	void *addr;
 	char timbuf[VTIM_FORMAT_SIZE];
 	int err;
+	VSHA256_CTX sha_ctx;

 	CAST_OBJ_NOTNULL(rdr, val.sival_ptr, FILE_READER_MAGIC);
 	CHECK_OBJ_NOTNULL(rdr->info, FILE_INFO_MAGIC);
@@ -231,6 +237,13 @@ check(union sigval val)
 		goto out;
 	}

+	if (info->sha256 != NULL) {
+		AN(info->sha256);
+		VSHA256_Init(&sha_ctx);
+		VSHA256_Update(&sha_ctx, addr, st.st_size);
+		VSHA256_Final(info->sha256, &sha_ctx);
+	}
+
 	info->mtime.tv_sec = st.st_mtim.tv_sec;
 	info->mtime.tv_nsec = st.st_mtim.tv_nsec;
 	info->dev = st.st_dev;
@@ -278,7 +291,7 @@ VCL_VOID
 vmod_reader__init(VRT_CTX, struct VPFX(file_reader) **rdrp,
 		  const char *vcl_name, struct vmod_priv *priv,
 		  VCL_STRING name, VCL_STRING path, VCL_DURATION ttl,
-		  VCL_BOOL log_checks)
+		  VCL_BOOL log_checks, VCL_BOOL enable_sha256)
 {
 	struct VPFX(file_reader) *rdr;
 	struct file_info *info;
@@ -318,6 +331,16 @@ vmod_reader__init(VRT_CTX, struct VPFX(file_reader) **rdrp,
 		      vcl_name, vstrerror(errno));
 		return;
 	}
+	AZ(info->sha256);
+	if (enable_sha256) {
+		errno = 0;
+		info->sha256 = calloc(1, VSHA256_DIGEST_LENGTH);
+		if (info->sha256 == NULL) {
+			VFAIL(ctx, "new %s: allocating space for SHA256: %s",
+			      vcl_name, vstrerror(errno));
+			return;
+		}
+	}

 	rdr->info = info;
 	rdr->obj_name = strdup(vcl_name);
@@ -487,6 +510,8 @@ vmod_reader__fini(struct VPFX(file_reader) **rdrp)
 		CHECK_OBJ(rdr->info, FILE_INFO_MAGIC);
 		if (rdr->info->path != NULL)
 			free(rdr->info->path);
+		if (rdr->info->sha256 != NULL)
+			free(rdr->info->sha256);
 		FREE_OBJ(rdr->info);
 	}
 	if (rdr->vcl_name != NULL)
@@ -687,7 +712,7 @@ vmod_reader_id(VRT_CTX, struct VPFX(file_reader) *rdr)
 	CHECK_OBJ_NOTNULL(rdr->info, FILE_INFO_MAGIC);

 	AZ(pthread_rwlock_rdlock(&rdr->lock));
-	ERRCHK(ctx, rdr, "rdr", NULL);
+	ERRCHK(ctx, rdr, "id", NULL);
 	secs = rdr->info->mtime.tv_sec;
 	nsecs = rdr->info->mtime.tv_nsec;
 	dev = rdr->info->dev;
@@ -719,6 +744,35 @@ vmod_reader_id(VRT_CTX, struct VPFX(file_reader) *rdr)
 	return (blob);
 }

+VCL_BLOB
+vmod_reader_sha256(VRT_CTX, struct VPFX(file_reader) *rdr)
+{
+	unsigned char *digest;
+
+	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
+	CHECK_OBJ_NOTNULL(ctx->ws, WS_MAGIC);
+	CHECK_OBJ_NOTNULL(rdr, FILE_READER_MAGIC);
+	CHECK_OBJ_NOTNULL(rdr->info, FILE_INFO_MAGIC);
+
+	if (rdr->info->sha256 == NULL) {
+		VFAIL(ctx, "%s.sha256(): sha256 not enabled", rdr->obj_name);
+		return NULL;
+	}
+
+	AZ(pthread_rwlock_rdlock(&rdr->lock));
+	ERRCHK(ctx, rdr, "sha256", NULL);
+	digest = WS_Copy(ctx->ws, rdr->info->sha256, VSHA256_DIGEST_LENGTH);
+	AZ(pthread_rwlock_unlock(&rdr->lock));
+
+	if (digest == NULL) {
+		VFAIL(ctx, "%s.sha256(): insufficient workspace for digest",
+		      rdr->obj_name);
+		return NULL;
+	}
+	return VRT_blob(ctx, "VMOD file sha256()", digest,
+			VSHA256_DIGEST_LENGTH, VMOD_FILE_SHA256_MAGIC);
+}
+
 VCL_STRING
 vmod_version(VRT_CTX)
 {

--- a/src/vmod_file.vcc
+++ b/src/vmod_file.vcc
@@ -169,7 +169,8 @@ is followed.

 $Object reader(PRIV_VCL, STRING name,
 STRING path="/usr/local/etc/varnish:/usr/local/share/varnish/vcl:/etc/varnish:/usr/share/varnish/vcl",
-               DURATION ttl=120, BOOL log_checks=0)
+               DURATION ttl=120, BOOL log_checks=0,
+               BOOL enable_sha256=0)

 Create an object to read and cache the contents of the file named
 ``name``, and optionally check the file for changes at the interval
@@ -428,6 +429,10 @@ The contents of the BLOB returned by ``.id()`` are intentionally not
 documented, and should not be relied on to extract information about
 the file.

+$Method BLOB .sha256()
+
+XXX ...
+
 $Function STRING version()

 Return the version string for this VMOD.