Joe Orton [Mon, 16 Oct 2023 13:10:16 +0000 (13:10 +0000)]
Fix h2 build broken in r1913019:
* modules/http2: Make WebSockets support conditional also
on APR 1.7.x since apr_encode.h is required. Restore
#include "apr_encode.h" removed in previous commit.
Joe Orton [Tue, 3 Oct 2023 12:58:16 +0000 (12:58 +0000)]
mod_dav_fs: add DAVLockDBType directive.
* modules/dav/fs/dbm.c (dav_dbm_open_direct): Take a dbmtype argument
and use it to select the apr_dbm driver type.
(dav_dbm_open): Continue to use the "default" propdb type to open
the property databases.
* modules/dav/fs/lock.c: Store and pass through the lockdb_type
through.
* modules/dav/fs/mod_dav_fs.c (dav_get_lockdb_path): Return the dbm
type via an output argument.
(dav_fs_cmd_davlockdbtype): New config directive.
(dav_fs_merge_server_config): Merge the dbm type.
(dav_fs_post_config): Set the default lockdb type.
* modules/dav/fs/repos.h: Update prototypes as above; internal API
only so no compat concerns.
Joe Orton [Thu, 28 Sep 2023 08:11:30 +0000 (08:11 +0000)]
* modules/dav/fs/dbm.c (dav_dbm_open_direct): Test against
APR_MAJOR_VERSION, APU_MAJOR_VERSION is not defined for APR trunk
since the #include <apu_version.h> is conditional on APR < 2.
Joe Orton [Fri, 22 Sep 2023 09:31:22 +0000 (09:31 +0000)]
* modules/dav/fs/dbm.c (dav_fs_dbm_error, dav_dbm_open_direct): Remove
error message references to "property" databases since these
functions are used for both propdbs and the lock database.
mod_proxy: Allocate and pnitialize the workers and balancers on pconf.
On ungraceful restart, pchild might be destroyed without waiting for the MPM
threads, just before exit()ing but still there is a window where threads may
be using its data still.
Avoid possible exit path crashes by basing the workers/balancers on pconf,
which is not destroyed in children processes.
While at it, avoid the duplication of the generic "forward" worker for each
server(_rec), there can be a single instance like the generic "reverse"
worker.
mod_proxy: Add ap_proxy_worker_get_name() and deprecate ap_proxy_worker_name().
The latter requires a pool and returns a non constant string although it may
return worker shared data.
By computing the worker "UDS" name at init time we can return a constant name
in any case with no need for a pool, that's the new ap_proxy_worker_get_name().
mod_proxy: Handle backend address renewal with address_ttl= parameter.
Define a new proxy_address struct holding the current/latest sockaddr in use
by each proxy worker and conn. Since backend addresses can be updated when
their TTL expires and while connections are being processed, each address is
refcounted and freed only when the last worker (or conn) using it grabs the
new one.
The lifetime of the addresses is handled at a single place by the new
ap_proxy_determine_address() function. It guarantees to bind the current/latest
backend address to the passed in conn (or do nothing if it's up to date already).
The function is called indirectly by ap_proxy_determine_connection() for the
proxy modules that use it, or directly by mod_proxy_ftp and mod_proxy_hcheck.
It also is called eventually by ap_proxy_connect_backend() when connect()ing all
the current addresses fails, to check (PROXY_DETERMINE_ADDRESS_CHECK) if some
new addrs are available.
This commit is also a rework of the lifetime of conn->addr, conn->hostname
and conn->forward, using the conn->uds_pool and conn->fwd_pool for the cases
where the backend is connected through a UDS socket and a remote CONNECT proxy
respectively.
* include/ap_mmn.h:
Minor bump for new function/fields.
* modules/proxy/mod_proxy.h (struct proxy_address,
ap_proxy_determine_addresss()):
Declare ap_proxy_determine_addresss() and opaque struct proxy_address,
new fields to structs proxy_conn_rec/proxy_worker_shared/proxy_worker.
* modules/proxy/mod_proxy.c (set_worker_param):
Parse/set the new worker->address_ttl parameter.
* modules/proxy/proxy_util.c (proxy_util_register_hooks(),
ap_proxy_initialize_worker(),
ap_proxy_connection_reusable(),
ap_proxyerror(), proxyerror_core(),
init_conn_pool(), make_conn_subpool(),
connection_make(), connection_cleanup(),
connection_constructor()):
Initialize *proxy_start_time in proxy_util_register_hooks() as the epoch
from which expiration times are relative (i.e. seconds stored in an uint32_t
for atomic changes).
Make sure worker->s->is_address_reusable and worker->s->disablereuse are
consistant in ap_proxy_initialize_worker(), thus no need to check for both
in ap_proxy_connection_reusable().
New proxyerror_core() helper taking an apr_status_t to log, wrap in
ap_proxyerror().
New make_conn_subpool() to create worker->cp->{pool,dns} with their own
allocator.
New connection_make() helper to factorize code in connection_cleanup() and
connection_constructor().
* modules/proxy/proxy_util.c (proxy_address_inc(), proxy_address_dec(),
proxy_address_cleanup(), proxy_address_set_expired(),
worker_address_get(), worker_address_set(),
worker_address_resolve(), proxy_addrs_equal(),
ap_proxy_determine_address(),
ap_proxy_determine_connection(),
ap_proxy_connect_backend()):
Implement ap_proxy_determine_address() using the above helpers for atomic changes,
and call it from ap_proxy_determine_connection() and ap_proxy_connect_backend().
* modules/proxy/mod_proxy_ftp.c (proxy_ftp_handler):
Use ap_proxy_determine_address() and use the returned backend->addr.
* modules/proxy/mod_proxy_hcheck.c (hc_determine_connection, hc_get_backend,
hc_init_worker, hc_watchdog_callback):
Use ap_proxy_determine_address() in hc_determine_connection() and call the
latter from hc_get_backend(), replace hc_init_worker() by hc_init_baton()
which now calls hc_get_hcworker() and hc_get_backend() to resolve the first
address at init time.
* modules/proxy/mod_proxy_http.c (proxy_http_handler):
Use backend->addr and ->hostname instead of worker->cp->addr and
worker->s->hostname_ex respectively.
* modules/proxy/mod_proxy_ajp.c (ap_proxy_ajp_request):
Use backend->addr and ->hostname instead of worker->cp->addr and
worker->s->hostname_ex respectively.
Rainer Jung [Wed, 30 Aug 2023 12:56:11 +0000 (12:56 +0000)]
mod_ssl: Silence info log message "SSL Library Error: error:0A000126:
SSL routines::unexpected eof while reading" when using
OpenSSL 3 by setting SSL_OP_IGNORE_UNEXPECTED_EOF if
available. [Rainer Jung]
Stefan Eissing [Wed, 16 Aug 2023 11:40:21 +0000 (11:40 +0000)]
* mod_md: fixed passing of the server environment variables to programs
started via MDMessageCmd and MDChallengeDns01 on *nix system.
See <https://github.com/icing/mod_md/issues/319>.
Joe Orton [Mon, 14 Aug 2023 14:40:00 +0000 (14:40 +0000)]
Add DAVBasePath directive to allow users to configure the real repos
root path, useful where the DAV repos is configured with a regex match.
* modules/dav/main/mod_dav.c
(dav_get_resource): If available, pass the configured base path
as the repos root to repos provider.
On the error path for fetching a resource, detect and warn
specifically when the location is configured via a regex.
(dav_cmd_davbasepath): New function.
Stefan Eissing [Mon, 14 Aug 2023 14:39:00 +0000 (14:39 +0000)]
HTTP/2, websockets
- provide "Connection" header in internal Upgrade request
- set input notification if input is already available when
stream processing is started
- add optional function in mod_http2.h to use instead of
ap_get_pollfd_from_conn() in older servers with a new
mod_http2
Stefan Eissing [Fri, 14 Jul 2023 12:26:50 +0000 (12:26 +0000)]
* mod_md:
- New directive `MDMatchNames all|servernames` to allow more control over how
MDomains are matched to VirtualHosts.
- New directive `MDChallengeDns01Version`. Setting this to `2` will provide
the command also with the challenge value on `teardown` invocation. In version
1, the default, only the `setup` invocation gets this parameter.
Refs #312. Thanks to @domrim for the idea.
- For Managed Domain in "manual" mode, the checks if all used ServerName and
ServerAlias are part of the MDomain now reports a warning instead of an error
(AH10040) when not all names are present.
- MDChallengeDns01 can now be configured for individual domains.
Using PR from Jérôme Billiras (@bilhackmac) and adding test case and fixing proper working
- Fixed a bug found by Jérôme Billiras (@bilhackmac) that caused the challenge
teardown not being invoked as it should.
connect() failures can return POLLOUT|POLLHUP and the polling loop should
take the POLLOUT branch in this case, not the POLLIN|POLLHUP one, so move
the check for POLLOUT first.
While at it, add some assert()ions to avoid infinite loops.
It's easier to control errors at the function scope and it avoids ignored
errors/warnings to propagate to the following tests (i.e. mask further
unexpected errors).
Joe Orton [Thu, 6 Jul 2023 08:28:08 +0000 (08:28 +0000)]
Allow mod_dav_fs to tolerate race conditions between PROPFIND and an
operation which removes a directory/file between apr_dir_read() and
apr_stat(). Current behaviour is to abort the connection which seems
inferior to tolerating (and logging) the error.
* modules/dav/fs/repos.c (dav_fs_walker): If DAV_WALKTYPE_TOLERANT is
set, ignore ENOENT from stat() rather than aborting the response.
Log the error from stat either way.
* modules/dav/main/mod_dav.c (dav_method_propfind): Set
DAV_WALKTYPE_TOLERANT.
Stefan Eissing [Thu, 29 Jun 2023 10:15:50 +0000 (10:15 +0000)]
mod_http2: when failing a request, make sure the request_rec fields
are populated (best effort) for the response generation since this
might access fields in there.
Respect a http_status already assigned during stream processing
for error generation.
projects / thirdparty / apache / httpd.git / log
