diff options
Diffstat (limited to 'openwrt')
| -rw-r--r-- | openwrt/package/Config.in | 1 | ||||
| -rw-r--r-- | openwrt/package/Makefile | 2 | ||||
| -rw-r--r-- | openwrt/package/mini_httpd/Config.in | 24 | ||||
| -rw-r--r-- | openwrt/package/mini_httpd/Makefile | 45 | ||||
| -rw-r--r-- | openwrt/package/mini_httpd/files/matrixssl_helper.c | 455 | ||||
| -rw-r--r-- | openwrt/package/mini_httpd/files/matrixssl_helper.h | 39 | ||||
| -rw-r--r-- | openwrt/package/mini_httpd/files/mini_httpd.conf | 7 | ||||
| -rw-r--r-- | openwrt/package/mini_httpd/files/mini_httpd.default | 1 | ||||
| -rw-r--r-- | openwrt/package/mini_httpd/files/mini_httpd.init | 21 | ||||
| -rw-r--r-- | openwrt/package/mini_httpd/files/mini_httpd.pem | 29 | ||||
| -rw-r--r-- | openwrt/package/mini_httpd/ipkg/mini-httpd.conffiles | 3 | ||||
| -rw-r--r-- | openwrt/package/mini_httpd/ipkg/mini-httpd.control | 9 | ||||
| -rw-r--r-- | openwrt/package/mini_httpd/patches/500-matrixssl.patch | 161 | 
13 files changed, 797 insertions, 0 deletions
| diff --git a/openwrt/package/Config.in b/openwrt/package/Config.in index 18b1d9011..b90930d1c 100644 --- a/openwrt/package/Config.in +++ b/openwrt/package/Config.in @@ -48,6 +48,7 @@ source "package/kismet/Config.in"  source "package/l2tpd/Config.in"  source "package/lighttpd/Config.in"  source "package/maradns/Config.in" +source "package/mini_httpd/Config.in"  source "package/ndisc/Config.in"  source "package/net-snmp/Config.in"  source "package/nfs-server/Config.in" diff --git a/openwrt/package/Makefile b/openwrt/package/Makefile index 89e901960..bf65d83dd 100644 --- a/openwrt/package/Makefile +++ b/openwrt/package/Makefile @@ -62,6 +62,7 @@ package-$(BR2_PACKAGE_MARADNS) += maradns  package-$(BR2_PACKAGE_MATRIXSSL) += matrixssl  package-$(BR2_PACKAGE_MICROCOM) += microcom  package-$(BR2_PACKAGE_MICROPERL) += microperl +package-$(BR2_PACKAGE_MINI_HTTPD) += mini_httpd  package-$(BR2_PACKAGE_MONIT) += monit  package-$(BR2_PACKAGE_MYSQL) += mysql  package-$(BR2_PACKAGE_NCURSES) += ncurses @@ -149,6 +150,7 @@ libgd-compile: libpng-compile  libnet-compile: libpcap-compile  libnids-compile: libnet-compile  lighttpd-compile: openssl-compile pcre-compile +mini_httpd-compile: matrixssl-compile  mysql-compile: ncurses-compile zlib-compile  net-snmp-compile: libelf-compile  nfs-server-compile: portmap-compile diff --git a/openwrt/package/mini_httpd/Config.in b/openwrt/package/mini_httpd/Config.in new file mode 100644 index 000000000..484924f79 --- /dev/null +++ b/openwrt/package/mini_httpd/Config.in @@ -0,0 +1,24 @@ +config BR2_PACKAGE_MINI_HTTPD +	tristate "mini-httpd - A small web server" +	default m if CONFIG_DEVEL +	help +	 mini_httpd is a small HTTP server. Its performance is not great, but for  +	 low or medium traffic sites it's quite adequate. It implements all the  +	 basic features of an HTTP server, including: +	  +	     * GET, HEAD, and POST methods. +	     * CGI. +	     * Basic authentication. +	     * Security against ".." filename snooping. +	     * The common MIME types. +	     * Trailing-slash redirection. +	     * index.html, index.htm, index.cgi +	     * Directory listings. +	     * Multihoming / virtual hosting. +	     * Standard logging. +	     * Custom error pages.  +	  +	 It can also be configured to do SSL/HTTPS and IPv6.  +	  +	 http://www.acme.com/software/mini_httpd/ +	  diff --git a/openwrt/package/mini_httpd/Makefile b/openwrt/package/mini_httpd/Makefile new file mode 100644 index 000000000..aa9d89b1b --- /dev/null +++ b/openwrt/package/mini_httpd/Makefile @@ -0,0 +1,45 @@ +# $Id$ + +include $(TOPDIR)/rules.mk + +PKG_NAME:=mini-httpd +PKG_VERSION:=1.19 +PKG_RELEASE:=1 +PKG_MD5SUM:=792a529dfe974355aad8ba6c80e54e7a + +PKG_SOURCE_URL:=http://www.acme.com/software/mini_httpd/ +PKG_SOURCE:=mini_httpd-$(PKG_VERSION).tar.gz +PKG_CAT:=zcat + +PKG_BUILD_DIR:=$(BUILD_DIR)/mini_httpd-$(PKG_VERSION) + +include $(TOPDIR)/package/rules.mk + +$(eval $(call PKG_template,MINI_HTTPD,mini-httpd,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) + + +$(PKG_BUILD_DIR)/.configured: +	cp -f ./files/matrixssl_helper.{c,h} $(PKG_BUILD_DIR)/ +	touch $@ + +$(PKG_BUILD_DIR)/.built: +	$(MAKE) -C $(PKG_BUILD_DIR) \ +		CC=$(TARGET_CC) \ +		OFLAGS="$(TARGET_CFLAGS)" \ +		SSL_INC="-I$(STAGING_DIR)/usr/include" \ +		SSL_LIBS="-L$(STAGING_DIR)/usr/lib -lmatrixssl" \ +		all +	touch $@ + +$(IPKG_MINI_HTTPD): +	install -d -m0755 $(IDIR_MINI_HTTPD)/etc +	install -m0644 ./files/mini_httpd.conf $(IDIR_MINI_HTTPD)/etc/ +	install -m0600 ./files/mini_httpd.pem $(IDIR_MINI_HTTPD)/etc/ +	install -d -m0755 $(IDIR_MINI_HTTPD)/etc/default +	install -m0644 ./files/mini_httpd.default $(IDIR_MINI_HTTPD)/etc/default/mini_httpd +	install -d -m0755 $(IDIR_MINI_HTTPD)/etc/init.d +	install -m0755 ./files/mini_httpd.init $(IDIR_MINI_HTTPD)/etc/init.d/mini_httpd +	install -d -m0755 $(IDIR_MINI_HTTPD)/usr/sbin +	install -m0755 $(PKG_BUILD_DIR)/mini_httpd $(IDIR_MINI_HTTPD)/usr/sbin/ +	$(RSTRIP) $(IDIR_MINI_HTTPD) +	$(IPKG_BUILD) $(IDIR_MINI_HTTPD) $(PACKAGE_DIR) diff --git a/openwrt/package/mini_httpd/files/matrixssl_helper.c b/openwrt/package/mini_httpd/files/matrixssl_helper.c new file mode 100644 index 000000000..e3fe3346c --- /dev/null +++ b/openwrt/package/mini_httpd/files/matrixssl_helper.c @@ -0,0 +1,455 @@ +/* + * MatrixSSL helper functions + * + * Copyright (C) 2005 Nicolas Thill <nthill@free.fr> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the + * GNU General Public License for more details. + * + * Portions borrowed from MatrixSSL example code + * + */ + +#include <sys/socket.h> +#include <netinet/in.h> +#include <netinet/tcp.h> +#include <arpa/inet.h> +#include <fcntl.h> +#include <unistd.h> +#include <stdio.h> +#include <string.h> +#include <errno.h> + +#include "matrixssl_helper.h" + +#define SSL_SOCKET_EOF  0x0001 +#define SSL_SOCKET_CLOSE_NOTIFY  0x0002 + +#define min(a, b)  ( (a) < (b) ) ? (a) : (b) + +static int _ssl_read(SSL *ssl, char *buf, int len); +static int _ssl_write(SSL *ssl, char *buf, int len); +static void _ssl_setSocketBlock(int fd); +static void _ssl_setSocketNonblock(int fd); +static void _ssl_closeSocket(int fd); + + +SSL * SSL_new(sslKeys_t *keys) +{ +	SSL * ssl; +	ssl = (SSL *)malloc(sizeof(SSL)); +	 +	if (!ssl) return 0; +	 +	ssl->keys = keys; +	if ( matrixSslNewSession(&(ssl->ssl), ssl->keys, NULL, SSL_FLAGS_SERVER) < 0 ) { +	} +	 +	ssl->insock.size = 1024; +	ssl->insock.buf = ssl->insock.start = ssl->insock.end = +		(unsigned char *)malloc(ssl->insock.size); +	 +	ssl->outsock.size = 1024; +	ssl->outsock.buf = ssl->outsock.start = ssl->outsock.end =  +		(unsigned char *)malloc(ssl->outsock.size); +	 +	ssl->inbuf.size = 0; +	ssl->inbuf.buf = ssl->inbuf.start = ssl->inbuf.end = NULL; +	 +	return ssl; +} + + +int SSL_accept(SSL *ssl) { + +	unsigned char buf[1024]; +	int status, rc; +	 +readMore: +	rc = _ssl_read(ssl, buf, sizeof(buf)); +	if (rc == 0) { +		if (ssl->status == SSL_SOCKET_EOF || ssl->status == SSL_SOCKET_CLOSE_NOTIFY) { +			SSL_free(ssl); +			return -1; +		} +		if (matrixSslHandshakeIsComplete(ssl->ssl) == 0) { +			goto readMore; +		} +	} else if (rc > 0) { +		return 0; +	} else { +		SSL_free(ssl); +		return -1; +	} +	 +	return 1; +} + + +void SSL_set_fd(SSL *ssl, int fd) { +	ssl->fd = fd; +} + + +int SSL_read(SSL *ssl, char *buf, int len) { +	int rc; +readMore: +	rc = _ssl_read(ssl, buf, len); +	if (rc <= 0) { +		if (rc < 0 || ssl->status == SSL_SOCKET_EOF || ssl->status == SSL_SOCKET_CLOSE_NOTIFY) { +			_ssl_closeSocket(ssl->fd); +			return rc; +		} +		goto readMore; +	} +	return rc; +} + + +int SSL_write(SSL *ssl, char *buf, int len) { +	int rc; +writeMore: +	rc = _ssl_write(ssl, buf, len); +	if (rc <= 0) { +		if (rc < 0) { +			return rc; +		} +		goto writeMore; +	} +	return rc; +} + + +void SSL_free(SSL * ssl) +{ +	matrixSslDeleteSession(ssl->ssl); +	if (ssl->insock.buf) { +		free(ssl->insock.buf); +	} +	if (ssl->outsock.buf) { +		free(ssl->outsock.buf); +	} +	if (ssl->inbuf.buf) { +		free(ssl->inbuf.buf); +	} +	free(ssl); +} + + + +static void _ssl_setSocketBlock(int fd) +{ +	fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~O_NONBLOCK); +	fcntl(fd, F_SETFD, FD_CLOEXEC); +} + + +static void _ssl_setSocketNonblock(int fd) +{ +	fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) | O_NONBLOCK); +} + + +static void _ssl_closeSocket(int fd) +{ +	char buf[32]; + +	if (fd != -1) { +		_ssl_setSocketNonblock(fd); +		if (shutdown(fd, 1) >= 0) { +			while (recv(fd, buf, sizeof(buf), 0) > 0); +		} +		close(fd); +	} +} + + +static int _ssl_read(SSL *ssl, char *buf, int len) +{ +	int bytes, rc, remaining; +	unsigned char error, alertLevel, alertDescription, performRead; + +	ssl->status = 0; + +	if (ssl->ssl == NULL || len <= 0) { +		return -1; +	} +/* +	If inbuf is valid, then we have previously decoded data that must be +	returned, return as much as possible.  Once all buffered data is +	returned, free the inbuf. +*/ +	if (ssl->inbuf.buf) { +		if (ssl->inbuf.start < ssl->inbuf.end) { +			remaining = (int)(ssl->inbuf.end - ssl->inbuf.start); +			bytes = (int)min(len, remaining); +			memcpy(buf, ssl->inbuf.start, bytes); +			ssl->inbuf.start += bytes; +			return bytes; +		} +		free(ssl->inbuf.buf); +		ssl->inbuf.buf = NULL; +	} +/* +	Pack the buffered socket data (if any) so that start is at zero. +*/ +	if (ssl->insock.buf < ssl->insock.start) { +		if (ssl->insock.start == ssl->insock.end) { +			ssl->insock.start = ssl->insock.end = ssl->insock.buf; +		} else { +			memmove(ssl->insock.buf, ssl->insock.start, ssl->insock.end - ssl->insock.start); +			ssl->insock.end -= (ssl->insock.start - ssl->insock.buf); +			ssl->insock.start = ssl->insock.buf; +		} +	} +/* +	Read up to as many bytes as there are remaining in the buffer.  We could +	Have encrypted data already cached in conn->insock, but might as well read more +	if we can. +*/ +	performRead = 0; +readMore: +	if (ssl->insock.end == ssl->insock.start || performRead) { +		performRead = 1; +		bytes = recv(ssl->fd, (char *)ssl->insock.end,  +			(int)((ssl->insock.buf + ssl->insock.size) - ssl->insock.end), MSG_NOSIGNAL); +		if (bytes == -1) { +			ssl->status = errno; +			return -1; +		} +		if (bytes == 0) { +			ssl->status = SSL_SOCKET_EOF; +			return 0; +		} +		ssl->insock.end += bytes; +	} +/* +	Define a temporary sslBuf +*/ +	ssl->inbuf.start = ssl->inbuf.end = ssl->inbuf.buf = (unsigned char *)malloc(len); +	ssl->inbuf.size = len; +/* +	Decode the data we just read from the socket +*/ +decodeMore: +	error = 0; +	alertLevel = 0; +	alertDescription = 0; + +	rc = matrixSslDecode(ssl->ssl, &ssl->insock, &ssl->inbuf, &error, &alertLevel,  +		&alertDescription); +	switch (rc) { +/* +	Successfully decoded a record that did not return data or require a response. +*/ +	case SSL_SUCCESS: +		return 0; +/* +	Successfully decoded an application data record, and placed in tmp buf +*/ +	case SSL_PROCESS_DATA: +/* +		Copy as much as we can from the temp buffer into the caller's buffer +		and leave the remainder in conn->inbuf until the next call to read +		It is possible that len > data in buffer if the encoded record +		was longer than len, but the decoded record isn't! +*/ +		rc = (int)(ssl->inbuf.end - ssl->inbuf.start); +		rc = min(rc, len); +		memcpy(buf, ssl->inbuf.start, rc); +		ssl->inbuf.start += rc; +		return rc; +/* +	We've decoded a record that requires a response into tmp +	If there is no data to be flushed in the out buffer, we can write out +	the contents of the tmp buffer.  Otherwise, we need to append the data  +	to the outgoing data buffer and flush it out. +*/ +	case SSL_SEND_RESPONSE: +		bytes = send(ssl->fd, (char *)ssl->inbuf.start,  +			(int)(ssl->inbuf.end - ssl->inbuf.start), MSG_NOSIGNAL); +		if (bytes == -1) { +			ssl->status = errno; +			if (ssl->status != EAGAIN) { +				goto readError; +			} +			ssl->status = 0; +		} +		ssl->inbuf.start += bytes; +		if (ssl->inbuf.start < ssl->inbuf.end) { +/* +			This must be a non-blocking socket since it didn't all get sent +			out and there was no error.  We want to finish the send here +			simply because we are likely in the SSL handshake. +*/ +			_ssl_setSocketBlock(ssl->fd); +			bytes = send(ssl->fd, (char *)ssl->inbuf.start,  +				(int)(ssl->inbuf.end - ssl->inbuf.start), MSG_NOSIGNAL); +			if (bytes == -1) { +				ssl->status = errno; +				goto readError; +			} +			ssl->inbuf.start += bytes; +/* +			Can safely set back to non-blocking because we wouldn't +			have got here if this socket wasn't non-blocking to begin with. +*/ +			_ssl_setSocketNonblock(ssl->fd); +		} +		ssl->inbuf.start = ssl->inbuf.end = ssl->inbuf.buf; +		return 0; +/* +	There was an error decoding the data, or encoding the out buffer. +	There may be a response data in the out buffer, so try to send. +	We try a single hail-mary send of the data, and then close the socket. +	Since we're closing on error, we don't worry too much about a clean flush. +*/ +	case SSL_ERROR: +		if (ssl->inbuf.start < ssl->inbuf.end) { +			_ssl_setSocketNonblock(ssl->fd); +			bytes = send(ssl->fd, (char *)ssl->inbuf.start,  +				(int)(ssl->inbuf.end - ssl->inbuf.start), MSG_NOSIGNAL); +		} +		goto readError; +/* +	We've decoded an alert.  The level and description passed into +	matrixSslDecode are filled in with the specifics. +*/ +	case SSL_ALERT: +		if (alertDescription == SSL_ALERT_CLOSE_NOTIFY) { +			ssl->status = SSL_SOCKET_CLOSE_NOTIFY; +			goto readZero; +		} +		goto readError; +/* +	We have a partial record, we need to read more data off the socket. +	If we have a completely full conn->insock buffer, we'll need to grow it +	here so that we CAN read more data when called the next time. +*/ +	case SSL_PARTIAL: +		if (ssl->insock.start == ssl->insock.buf && ssl->insock.end ==  +				(ssl->insock.buf + ssl->insock.size)) { +			if (ssl->insock.size > SSL_MAX_BUF_SIZE) { +				goto readError; +			} +			ssl->insock.size *= 2; +			ssl->insock.start = ssl->insock.buf =  +				(unsigned char *)realloc(ssl->insock.buf, ssl->insock.size); +			ssl->insock.end = ssl->insock.buf + (ssl->insock.size / 2); +		} +		if (!performRead) { +			performRead = 1; +			free(ssl->inbuf.buf); +			ssl->inbuf.buf = NULL; +			goto readMore; +		} else { +			goto readZero; +		} +/* +	The out buffer is too small to fit the decoded or response +	data.  Increase the size of the buffer and call decode again +*/ +	case SSL_FULL: +		ssl->inbuf.size *= 2; +		if (ssl->inbuf.buf != (unsigned char*)buf) { +			free(ssl->inbuf.buf); +			ssl->inbuf.buf = NULL; +		} +		ssl->inbuf.start = ssl->inbuf.end = ssl->inbuf.buf =  +			(unsigned char *)malloc(ssl->inbuf.size); +		goto decodeMore; +	} +/* +	We consolidated some of the returns here because we must ensure +	that conn->inbuf is cleared if pointing at caller's buffer, otherwise +	it will be freed later on. +*/ +readZero: +	if (ssl->inbuf.buf == (unsigned char*)buf) { +		ssl->inbuf.buf = NULL; +	} +	return 0; +readError: +	if (ssl->inbuf.buf == (unsigned char*)buf) { +		ssl->inbuf.buf = NULL; +	} +	return -1; +} + + +int _ssl_write(SSL *ssl, char *buf, int len) +{ +	int		rc; + +	ssl->status = 0; +/* +	Pack the buffered socket data (if any) so that start is at zero. +*/ +	if (ssl->outsock.buf < ssl->outsock.start) { +		if (ssl->outsock.start == ssl->outsock.end) { +			ssl->outsock.start = ssl->outsock.end = ssl->outsock.buf; +		} else { +			memmove(ssl->outsock.buf, ssl->outsock.start, ssl->outsock.end - ssl->outsock.start); +			ssl->outsock.end -= (ssl->outsock.start - ssl->outsock.buf); +			ssl->outsock.start = ssl->outsock.buf; +		} +	} +/* +	If there is buffered output data, the caller must be trying to +	send the same amount of data as last time.  We don't support  +	sending additional data until the original buffered request has +	been completely sent. +*/ +	if (ssl->outBufferCount > 0 && len != ssl->outBufferCount) { +		return -1; +	} +/* +	If we don't have buffered data, encode the caller's data +*/ +	if (ssl->outBufferCount == 0) { +retryEncode: +		rc = matrixSslEncode(ssl->ssl, (unsigned char *)buf, len, &ssl->outsock); +		switch (rc) { +		case SSL_ERROR: +			return -1; +		case SSL_FULL: +			if (ssl->outsock.size > SSL_MAX_BUF_SIZE) { +				return -1; +			} +			ssl->outsock.size *= 2; +			ssl->outsock.buf =  +				(unsigned char *)realloc(ssl->outsock.buf, ssl->outsock.size); +			ssl->outsock.end = ssl->outsock.buf + (ssl->outsock.end - ssl->outsock.start); +			ssl->outsock.start = ssl->outsock.buf; +			goto retryEncode; +		} +	} +/* +	We've got data to send. +*/ +	rc = send(ssl->fd, (char *)ssl->outsock.start,  +		(int)(ssl->outsock.end - ssl->outsock.start), MSG_NOSIGNAL); +	if (rc == -1) { +		ssl->status = errno; +		return -1; +	} +	ssl->outsock.start += rc; +/* +	If we wrote it all return the length, otherwise remember the number of +	bytes passed in, and return 0 to be called again later. +*/ +	if (ssl->outsock.start == ssl->outsock.end) { +		ssl->outBufferCount = 0; +		return len; +	} +	ssl->outBufferCount = len; +	return 0; +} + diff --git a/openwrt/package/mini_httpd/files/matrixssl_helper.h b/openwrt/package/mini_httpd/files/matrixssl_helper.h new file mode 100644 index 000000000..e5854df64 --- /dev/null +++ b/openwrt/package/mini_httpd/files/matrixssl_helper.h @@ -0,0 +1,39 @@ +/* + * MatrixSSL helper functions + * + * Copyright (C) 2005 Nicolas Thill <nthill@free.fr> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the + * GNU General Public License for more details. + */ + +#ifndef __MATRIXSSL_HELPER_H__ +#define __MATRIXSSL_HELPER_H__ + +#include <matrixSsl/matrixSsl.h> + +typedef struct __SSL { +  int fd; +  ssl_t *ssl; +  sslKeys_t *keys; +  sslBuf_t insock, outsock, inbuf; +  int outBufferCount; +  int partial; +  int status; +} SSL; + +SSL * SSL_new(sslKeys_t *keys); +void SSL_set_fd(SSL *ssl, int fd); +int SSL_accept(SSL *ssl); +int SSL_read(SSL *ssl, char *b, int len); +int SSL_write(SSL *ssl, char *buf, int len); +void SSL_free(SSL *ssl); + +#endif /* __MATRIXSSL_HELPER_H__ */ diff --git a/openwrt/package/mini_httpd/files/mini_httpd.conf b/openwrt/package/mini_httpd/files/mini_httpd.conf new file mode 100644 index 000000000..2e784520a --- /dev/null +++ b/openwrt/package/mini_httpd/files/mini_httpd.conf @@ -0,0 +1,7 @@ +cgipat=cgi-bin/* +dir=/www +nochroot +pidfile=/var/run/mini_httpd.pid +user=root +ssl +certfile=/etc/mini_httpd.pem diff --git a/openwrt/package/mini_httpd/files/mini_httpd.default b/openwrt/package/mini_httpd/files/mini_httpd.default new file mode 100644 index 000000000..85b229e88 --- /dev/null +++ b/openwrt/package/mini_httpd/files/mini_httpd.default @@ -0,0 +1 @@ +OPTIONS="-C /etc/mini_httpd.conf" diff --git a/openwrt/package/mini_httpd/files/mini_httpd.init b/openwrt/package/mini_httpd/files/mini_httpd.init new file mode 100644 index 000000000..a6905591d --- /dev/null +++ b/openwrt/package/mini_httpd/files/mini_httpd.init @@ -0,0 +1,21 @@ +#!/bin/sh + +DEFAULT=/etc/default/mini_httpd +RUN_D=/var/run +PID_F=$RUN_D/mini_httpd.pid +[ -f $DEFAULT ] && . $DEFAULT + +case $1 in + start) +  [ -d $RUN_D ] || mkdir -p $RUN_D +  mini_httpd $OPTIONS +  ;; + stop) +  [ -f $PID_F ] && kill $(cat $PID_F) +  ;; + *) +  echo "usage: $0 (start|stop)" +  exit 1 +esac + +exit $? diff --git a/openwrt/package/mini_httpd/files/mini_httpd.pem b/openwrt/package/mini_httpd/files/mini_httpd.pem new file mode 100644 index 000000000..8a1241a76 --- /dev/null +++ b/openwrt/package/mini_httpd/files/mini_httpd.pem @@ -0,0 +1,29 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQC5rFJOQakwMmF9aoVnAXaQLOOPoYOEk19/ls9VZt1ZqfzQuTbG +GGrgMIDclB0kHMFvSbzeiVjMnrSdQTNe1gOQAGtHhHiqugrLqH9m3wqOerbf/Yir +hic9U6X9RaWC6BzNgcYU1QtPn1sDtbMNFAB6jzF3W76EIlHEobgMtfqtxwIDAQAB +AoGBAKJst9eToyDxgc1ICQlSA1kem7eDUF0C2xDvadLI2KxegzZIQD1NEPmsFJ5h +x5hWu3TSabG3LwJZd6D1b63vxE6QRMhcDG3idb7kXzhOOZyfnlnrBtJ3VJC/UH5H +O1pMMBxcu2fXrua+h7BW0gMoZhchvsArDoWaZPjNUNHiNRYBAkEA3Ngnge7njqlf +/UlLkQHHfxgorQ78GjOzrrUvz86pFtW8RKCjAv55HIqAhWrSgxWF4yXkPO2XOHC9 +KTeVKccjAQJBANc63r3M3yP817cPzyo/8BJQD9nAzmolrsBf1YMxML20UmEbObax +QdmxoYu/a8tOD4gT6EZDkauJU0yS69HGeMcCQQCvRmbkuuXQ1iC29+sfpVfeSSBP +aaswaIRdTrQprA2LcAtCNHPsNmeM/WfPe96j5vsiMrqYmMECLIgVJGYgiEoBAkEA +kzg1e+ZTC667bwBlWCT79crFzNDRYFH+QqBKz74p9NkPMFULGSgOPvX95jU9aocu +oInda5J0Zb09OTeWDpuPqQJAUIeY36WUst7NaW40mZXkMjjR2QtWi7P4cmv7nLp0 +WdPQzkUW1Bv4sSUQ7svQqpmZPaFiyhXL1VSa1M5MPd3tbA== +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIICOTCCAaKgAwIBAgIJANRuTbnzy8ObMA0GCSqGSIb3DQEBBAUAMFMxCzAJBgNV +BAYTAkZSMQ4wDAYDVQQIEwVQYXJpczEOMAwGA1UEBxMFUGFyaXMxEDAOBgNVBAoT +B015IEhvbWUxEjAQBgNVBAMTCU15IFJvdXRlcjAeFw0wNTAxMTQwMjQzMjdaFw0w +NjAxMTQwMjQzMjdaMFMxCzAJBgNVBAYTAkZSMQ4wDAYDVQQIEwVQYXJpczEOMAwG +A1UEBxMFUGFyaXMxEDAOBgNVBAoTB015IEhvbWUxEjAQBgNVBAMTCU15IFJvdXRl +cjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuaxSTkGpMDJhfWqFZwF2kCzj +j6GDhJNff5bPVWbdWan80Lk2xhhq4DCA3JQdJBzBb0m83olYzJ60nUEzXtYDkABr +R4R4qroKy6h/Zt8Kjnq23/2Iq4YnPVOl/UWlgugczYHGFNULT59bA7WzDRQAeo8x +d1u+hCJRxKG4DLX6rccCAwEAAaMVMBMwEQYJYIZIAYb4QgEBBAQDAgZAMA0GCSqG +SIb3DQEBBAUAA4GBAErI3QmcZVzjxKcoPTO3z8cRJV87SVFp0qbIjbYCBDUWB1QY +/bMkQPr2zJyfJmUYLEs4iKgHrmlaUCMHy9NZKOg9ZxrW42BtQ5QnOtDm3UifwzJW +oCFC3uPWfTYsZn/FrUXlErds+xXXT63VJzBe6DdXwHcdcdxzl05oIyL9JIzI +-----END CERTIFICATE----- diff --git a/openwrt/package/mini_httpd/ipkg/mini-httpd.conffiles b/openwrt/package/mini_httpd/ipkg/mini-httpd.conffiles new file mode 100644 index 000000000..36a86b957 --- /dev/null +++ b/openwrt/package/mini_httpd/ipkg/mini-httpd.conffiles @@ -0,0 +1,3 @@ +/etc/default/mini_httpd +/etc/mini_httpd.conf +/etc/mini_httpd.pem diff --git a/openwrt/package/mini_httpd/ipkg/mini-httpd.control b/openwrt/package/mini_httpd/ipkg/mini-httpd.control new file mode 100644 index 000000000..508405317 --- /dev/null +++ b/openwrt/package/mini_httpd/ipkg/mini-httpd.control @@ -0,0 +1,9 @@ +Package: mini-httpd +Priority: optional +Section: net +Version: [TBDL] +Architecture: [TBDL] +Maintainer: OpenWrt Developers Team <bugs@openwrt.org> +Source: http://openwrt.org/cgi-bin/viewcvs.cgi/openwrt/package/mini_httpd/ +Description: A small HTTP server, built with SSL support using MatrixSSL. +Depends: libmatrixssl diff --git a/openwrt/package/mini_httpd/patches/500-matrixssl.patch b/openwrt/package/mini_httpd/patches/500-matrixssl.patch new file mode 100644 index 000000000..54963f363 --- /dev/null +++ b/openwrt/package/mini_httpd/patches/500-matrixssl.patch @@ -0,0 +1,161 @@ +diff -ruN mini_httpd-1.19-orig/Makefile mini_httpd-1.19-3/Makefile +--- mini_httpd-1.19-orig/Makefile	2002-11-02 00:02:57.000000000 +0100 ++++ mini_httpd-1.19-3/Makefile	2005-03-09 08:52:21.000000000 +0100 +@@ -14,17 +14,30 @@ + # http://www.openssl.org/  Make sure the SSL_TREE definition points to the + # tree with your OpenSSL installation - depending on how you installed it, + # it may be in /usr/local instead of /usr/local/ssl. ++ ++# OpenSSL + #SSL_TREE =	/usr/local/ssl + #SSL_DEFS =	-DUSE_SSL + #SSL_INC =	-I${SSL_TREE}/include + #SSL_LIBS =	-L${SSL_TREE}/lib -lssl -lcrypto ++#SSL_OBJS = ++ ++# MatrixSSL ++SSL_TREE = ++SSL_DEFS =	-DUSE_SSL -DHAVE_MATRIXSSL ++SSL_INC = ++SSL_LIBS =	-lmatrixssl ++SSL_OBJS =	matrixssl_helper.o +  +  +-BINDIR =	/usr/local/sbin +-MANDIR =	/usr/local/man ++DESTDIR = ++ ++BINDIR =	$(DESTDIR)/usr/sbin ++MANDIR =	$(DESTDIR)/usr/share/man + CC =		gcc + CDEFS =		${SSL_DEFS} ${SSL_INC} +-CFLAGS =	-O ${CDEFS} ++OFLAGS =	-O ++CFLAGS =	${OFLAGS} ${CDEFS} + #CFLAGS =	-g ${CDEFS} +-LDFLAGS =	-s ++LDFLAGS = + #LDFLAGS =	-g +@@ -32,12 +45,15 @@ +  + all:		mini_httpd htpasswd +  +-mini_httpd:	mini_httpd.o match.o tdate_parse.o +-	${CC} ${CFLAGS} ${LDFLAGS} mini_httpd.o match.o tdate_parse.o ${LDLIBS} -o mini_httpd ++mini_httpd:	mini_httpd.o match.o tdate_parse.o ${SSL_OBJS} ++	${CC} ${CFLAGS} ${LDFLAGS} mini_httpd.o match.o tdate_parse.o ${SSL_OBJS} ${LDLIBS} -o mini_httpd +  + mini_httpd.o:	mini_httpd.c version.h port.h match.h tdate_parse.h mime_encodings.h mime_types.h + 	${CC} ${CFLAGS} -c mini_httpd.c +  ++matrixssl_helper.o: matrixssl_helper.c ++	${CC} ${CFLAGS} -c matrixssl_helper.c ++	 + match.o:	match.c match.h + 	${CC} ${CFLAGS} -c match.c +  +@@ -71,16 +87,18 @@ + 	chmod 600 mini_httpd.pem +  +  +-install:	all +-	rm -f ${BINDIR}/mini_httpd ${BINDIR}/htpasswd ++install:	all uninstall + 	-mkdir -p ${BINDIR} + 	cp mini_httpd htpasswd ${BINDIR} +-	rm -f ${MANDIR}/man8/mini_httpd.8 ${MANDIR}/man1/htpasswd.1 + 	-mkdir -p ${MANDIR}/man8 + 	cp mini_httpd.8 ${MANDIR}/man8 + 	-mkdir -p ${MANDIR}/man1 + 	cp htpasswd.1 ${MANDIR}/man1 +  ++uninstall: ++	rm -f ${BINDIR}/mini_httpd ${BINDIR}/htpasswd ++	rm -f ${MANDIR}/man8/mini_httpd.8 ${MANDIR}/man1/htpasswd.1 ++ + clean: + 	rm -f mini_httpd mime_encodings.h mime_types.h htpasswd mini_httpd.rnd *.o core core.* *.core +  +diff -ruN mini_httpd-1.19-orig/mini_httpd.c mini_httpd-1.19-3/mini_httpd.c +--- mini_httpd-1.19-orig/mini_httpd.c	2003-12-03 19:27:22.000000000 +0100 ++++ mini_httpd-1.19-3/mini_httpd.c	2005-03-09 08:46:28.000000000 +0100 +@@ -66,8 +66,14 @@ + #endif /* HAVE_SENDFILE */ +  + #ifdef USE_SSL ++# ifdef HAVE_OPENSSL + #include <openssl/ssl.h> + #include <openssl/err.h> ++# else /* HAVE_OPENSSL */ ++#  ifdef HAVE_MATRIXSSL ++#   include "matrixssl_helper.h" ++#  endif /* HAVE_MATRIXSSL */ ++# endif /* HAVE_OPENSSL */ + #endif /* USE_SSL */ +  + extern char* crypt( const char* key, const char* setting ); +@@ -193,7 +199,13 @@ + static int do_ssl; + static char* certfile; + static char* cipher; ++#ifdef HAVE_OPENSSL + static SSL_CTX* ssl_ctx; ++#else /* HAVE_OPENSSL */ ++ #ifdef HAVE_MATRIXSSL ++static sslKeys_t* keys; ++ #endif /* HAVE_MATRIXSSL */ ++#endif /* HAVE_OPENSSL */ + #endif /* USE_SSL */ + static char cwd[MAXPATHLEN]; + static int got_hup; +@@ -540,6 +552,7 @@ + #ifdef USE_SSL +     if ( do_ssl ) + 	{ ++# ifdef HAVE_OPENSSL + 	SSL_load_error_strings(); + 	SSLeay_add_ssl_algorithms(); + 	ssl_ctx = SSL_CTX_new( SSLv23_server_method() ); +@@ -559,6 +572,17 @@ + 		exit( 1 ); + 		} + 	    } ++# else /* HAVE_OPENSSL */ ++#  ifdef HAVE_MATRIXSSL ++	matrixSslOpen(); ++	if ( matrixSslReadKeys( &keys, certfile, certfile, NULL, NULL < 0) ) ++	    { ++	    syslog( LOG_CRIT, "can't load certificate and/or private key\n"); ++	    (void) fprintf( stderr, "%s: can't load certificate and/or private key\n", argv0 ); ++	    exit( 1 ); ++	    } ++#  endif /* HAVE_MATRIXSSL */ ++# endif /* HAVE_OPENSSL */ + 	} + #endif /* USE_SSL */ +  +@@ -1174,6 +1198,7 @@ + #ifdef USE_SSL +     if ( do_ssl ) + 	{ ++# ifdef HAVE_OPENSSL + 	ssl = SSL_new( ssl_ctx ); + 	SSL_set_fd( ssl, conn_fd ); + 	if ( SSL_accept( ssl ) == 0 ) +@@ -1181,6 +1206,16 @@ + 	    ERR_print_errors_fp( stderr ); + 	    exit( 1 ); + 	    } ++# else /* HAVE_OPENSSL */ ++#  ifdef HAVE_MATRIXSSL ++	ssl = SSL_new(keys); ++	SSL_set_fd( ssl, conn_fd ); ++	if ( SSL_accept( ssl ) <= 0 ) ++	    { ++	    perror( "SSL_accept" ); ++	    } ++#  endif /* HAVE_MATRIXSSL */ ++# endif /* HAVE_OPENSSL */ + 	} + #endif /* USE_SSL */ +  | 
