annotate misc/systemd/socket-activation.lua @ 5404:1087f697c3f3

mod_http_oauth2: Strip unknown extra fields from client registration We shouldn't sign things we don't understand! RFC 7591 section-2 states: > The authorization server MUST ignore any client metadata sent by the > client that it does not understand (for instance, by silently removing > unknown metadata from the client's registration record during > processing). Prevents grandfathering in of unvalidated data that might become used later, especially since the 'additionalProperties' schema keyword was removed in 698fef74ce53
author Kim Alvefur <zash@zash.se>
date Tue, 02 May 2023 16:23:40 +0200
parents 3296a09b4e57
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2352
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 -- Monkeypatch to support socket activation
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 --
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 -- Requires LuaSocket after "agnostic" changes merged
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 --
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 -- To enable:
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 -- RunScript "socket-activation.lua"
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8 local socket = require"socket";
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 local tcp_serv_mt = debug.getregistry()["tcp{server}"];
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 local socket_bind = socket.bind;
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 local SD_LISTEN_FDS_START = 3;
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 local fds = tonumber(os.getenv"LISTEN_FDS") or 0;
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 if fds < SD_LISTEN_FDS_START then return; end
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 local servs = {};
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 for i = 1, fds do
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 local serv = socket.tcp();
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 if serv:getfd() >= 0 then
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 return; -- This won't work, we will leak the old FD
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 end
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 debug.setmetatable(serv, tcp_serv_mt);
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 serv:setfd(SD_LISTEN_FDS_START + i - 1);
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 local ip, port = serv:getsockname();
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 servs [ ip .. ":" .. port ] = serv;
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 end
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31 function socket.bind( ip, port, backlog )
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 local sock = servs [ ip .. ":" .. port ];
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 if sock then
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34 servs [ ip .. ":" .. port ] = nil;
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35 return sock;
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 end
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 if next(servs) == nil then
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 -- my work here is done
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 socket.bind = socket_bind;
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40 end
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 return socket_bind( ip, port, backlog );
3296a09b4e57 misc/systemd: Experimental files for enabling socket activation
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 end