Last active
June 15, 2021 07:45
-
-
Save t2ym/9b80d6c41a99f3dee6136751b463e90d to your computer and use it in GitHub Desktop.
Git patch to nghttp2-v1.43.0 to add const SSL *nghttp2::asio_http2::server::request::ssl() to associate client certificates with requests
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/src/asio_server.cc b/src/asio_server.cc | |
index 74c92276..5a79061e 100644 | |
--- a/src/asio_server.cc | |
+++ b/src/asio_server.cc | |
@@ -154,7 +154,7 @@ void server::start_accept(boost::asio::ssl::context &tls_context, | |
return; | |
} | |
- new_connection->start(); | |
+ new_connection->start(new_connection->socket().native_handle()); | |
}); | |
} | |
diff --git a/src/asio_server_connection.h b/src/asio_server_connection.h | |
index daf9a664..c9570c04 100644 | |
--- a/src/asio_server_connection.h | |
+++ b/src/asio_server_connection.h | |
@@ -85,12 +85,15 @@ public: | |
stopped_(false) {} | |
/// Start the first asynchronous operation for the connection. | |
- void start() { | |
+ void start(SSL *ssl = nullptr) { | |
boost::system::error_code ec; | |
handler_ = std::make_shared<http2_handler>( | |
GET_IO_SERVICE(socket_), socket_.lowest_layer().remote_endpoint(ec), | |
[this]() { do_write(); }, mux_); | |
+ if (ssl) { | |
+ handler_->ssl(ssl); | |
+ } | |
if (handler_->start() != 0) { | |
stop(); | |
return; | |
diff --git a/src/asio_server_http2_handler.cc b/src/asio_server_http2_handler.cc | |
index c1fc195f..78186bd7 100644 | |
--- a/src/asio_server_http2_handler.cc | |
+++ b/src/asio_server_http2_handler.cc | |
@@ -241,6 +241,7 @@ http2_handler::http2_handler(boost::asio::io_service &io_service, | |
mux_(mux), | |
io_service_(io_service), | |
remote_ep_(ep), | |
+ ssl_(nullptr), | |
session_(nullptr), | |
buf_(nullptr), | |
buflen_(0), | |
@@ -484,6 +485,14 @@ const boost::asio::ip::tcp::endpoint &http2_handler::remote_endpoint() { | |
return remote_ep_; | |
} | |
+const SSL *http2_handler::ssl() const { | |
+ return ssl_; | |
+} | |
+ | |
+void http2_handler::ssl(SSL *ssl) { | |
+ ssl_ = ssl; | |
+} | |
+ | |
callback_guard::callback_guard(http2_handler &h) : handler(h) { | |
handler.enter_callback(); | |
} | |
diff --git a/src/asio_server_http2_handler.h b/src/asio_server_http2_handler.h | |
index 12064499..7bf5cf43 100644 | |
--- a/src/asio_server_http2_handler.h | |
+++ b/src/asio_server_http2_handler.h | |
@@ -92,6 +92,9 @@ public: | |
const boost::asio::ip::tcp::endpoint &remote_endpoint(); | |
+ const SSL *ssl() const; | |
+ void ssl(SSL *ssl); | |
+ | |
const std::string &http_date(); | |
template <size_t N> | |
@@ -156,6 +159,7 @@ private: | |
serve_mux &mux_; | |
boost::asio::io_service &io_service_; | |
boost::asio::ip::tcp::endpoint remote_ep_; | |
+ SSL *ssl_; | |
nghttp2_session *session_; | |
const uint8_t *buf_; | |
std::size_t buflen_; | |
diff --git a/src/asio_server_request.cc b/src/asio_server_request.cc | |
index 36669a52..8083a516 100644 | |
--- a/src/asio_server_request.cc | |
+++ b/src/asio_server_request.cc | |
@@ -54,6 +54,10 @@ const boost::asio::ip::tcp::endpoint &request::remote_endpoint() const { | |
return impl_->remote_endpoint(); | |
} | |
+const SSL *request::ssl() const { | |
+ return impl_->ssl(); | |
+} | |
+ | |
} // namespace server | |
} // namespace asio_http2 | |
} // namespace nghttp2 | |
diff --git a/src/asio_server_request_impl.cc b/src/asio_server_request_impl.cc | |
index 8442ad05..5cc6ab78 100644 | |
--- a/src/asio_server_request_impl.cc | |
+++ b/src/asio_server_request_impl.cc | |
@@ -62,6 +62,14 @@ void request_impl::remote_endpoint(boost::asio::ip::tcp::endpoint ep) { | |
remote_ep_ = std::move(ep); | |
} | |
+const SSL *request_impl::ssl() const { | |
+ return ssl_; | |
+} | |
+ | |
+void request_impl::ssl(const SSL *ssl) { | |
+ ssl_ = ssl; | |
+} | |
+ | |
size_t request_impl::header_buffer_size() const { return header_buffer_size_; } | |
void request_impl::update_header_buffer_size(size_t len) { | |
diff --git a/src/asio_server_request_impl.h b/src/asio_server_request_impl.h | |
index 05de98a8..3f29299d 100644 | |
--- a/src/asio_server_request_impl.h | |
+++ b/src/asio_server_request_impl.h | |
@@ -58,6 +58,9 @@ public: | |
const boost::asio::ip::tcp::endpoint &remote_endpoint() const; | |
void remote_endpoint(boost::asio::ip::tcp::endpoint ep); | |
+ const SSL *ssl() const; | |
+ void ssl(const SSL *ssl); | |
+ | |
size_t header_buffer_size() const; | |
void update_header_buffer_size(size_t len); | |
@@ -68,6 +71,7 @@ private: | |
uri_ref uri_; | |
data_cb on_data_cb_; | |
boost::asio::ip::tcp::endpoint remote_ep_; | |
+ const SSL *ssl_; | |
size_t header_buffer_size_; | |
}; | |
diff --git a/src/asio_server_stream.cc b/src/asio_server_stream.cc | |
index f763c1e0..05ba88e5 100644 | |
--- a/src/asio_server_stream.cc | |
+++ b/src/asio_server_stream.cc | |
@@ -35,6 +35,7 @@ namespace server { | |
stream::stream(http2_handler *h, int32_t stream_id) | |
: handler_(h), stream_id_(stream_id) { | |
request_.impl().stream(this); | |
+ request_.impl().ssl(h->ssl()); | |
response_.impl().stream(this); | |
} | |
diff --git a/src/includes/nghttp2/asio_http2_server.h b/src/includes/nghttp2/asio_http2_server.h | |
index d4ec489a..ae6cb65d 100644 | |
--- a/src/includes/nghttp2/asio_http2_server.h | |
+++ b/src/includes/nghttp2/asio_http2_server.h | |
@@ -62,6 +62,8 @@ public: | |
// Returns the remote endpoint of the request | |
const boost::asio::ip::tcp::endpoint &remote_endpoint() const; | |
+ const SSL *ssl() const; | |
+ | |
private: | |
std::unique_ptr<request_impl> impl_; | |
}; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Map groups to roles generated from AD groups and subgroups
userCertificate
attributesuserCertificate
attributes are not populated until users sign in to their computersuserCertificate
attributes should be existent before their access attempts. Fingerprints can be pre-fetched for such applicationsmemberOf
attributesmemberOf
attributesdummy item for indentationdummy item for indentationsubject
in user certificate to Active DirectorydistinguishedName
emailAddress
is included in thesubject
, it should be trivialsubject
:CN=${Name},OU...
==distinguishedName
Format-Json
came from https://stackoverflow.com/questions/56322993/proper-formating-of-json-using-powershell/56324939Group and User configurations in the above script