Stefan Eissing [Fri, 14 Jul 2023 12:26:50 +0000 (12:26 +0000)]
* mod_md:
- New directive `MDMatchNames all|servernames` to allow more control over how
MDomains are matched to VirtualHosts.
- New directive `MDChallengeDns01Version`. Setting this to `2` will provide
the command also with the challenge value on `teardown` invocation. In version
1, the default, only the `setup` invocation gets this parameter.
Refs #312. Thanks to @domrim for the idea.
- For Managed Domain in "manual" mode, the checks if all used ServerName and
ServerAlias are part of the MDomain now reports a warning instead of an error
(AH10040) when not all names are present.
- MDChallengeDns01 can now be configured for individual domains.
Using PR from Jérôme Billiras (@bilhackmac) and adding test case and fixing proper working
- Fixed a bug found by Jérôme Billiras (@bilhackmac) that caused the challenge
teardown not being invoked as it should.
connect() failures can return POLLOUT|POLLHUP and the polling loop should
take the POLLOUT branch in this case, not the POLLIN|POLLHUP one, so move
the check for POLLOUT first.
While at it, add some assert()ions to avoid infinite loops.
It's easier to control errors at the function scope and it avoids ignored
errors/warnings to propagate to the following tests (i.e. mask further
unexpected errors).
Joe Orton [Thu, 6 Jul 2023 08:28:08 +0000 (08:28 +0000)]
Allow mod_dav_fs to tolerate race conditions between PROPFIND and an
operation which removes a directory/file between apr_dir_read() and
apr_stat(). Current behaviour is to abort the connection which seems
inferior to tolerating (and logging) the error.
* modules/dav/fs/repos.c (dav_fs_walker): If DAV_WALKTYPE_TOLERANT is
set, ignore ENOENT from stat() rather than aborting the response.
Log the error from stat either way.
* modules/dav/main/mod_dav.c (dav_method_propfind): Set
DAV_WALKTYPE_TOLERANT.
Stefan Eissing [Thu, 29 Jun 2023 10:15:50 +0000 (10:15 +0000)]
mod_http2: when failing a request, make sure the request_rec fields
are populated (best effort) for the response generation since this
might access fields in there.
Respect a http_status already assigned during stream processing
for error generation.
Stefan Eissing [Wed, 28 Jun 2023 11:22:49 +0000 (11:22 +0000)]
*) mod_http2: new directive `H2ProxyRequests on|off` to enable handling
of HTTP/2 requests in a forward proxy configuration.
General forward proxying is enabled via `ProxyRequests`. If the
HTTP/2 protocol is also enabled for such a server/host, this new
directive is needed in addition.
Stefan Eissing [Wed, 21 Jun 2023 12:14:08 +0000 (12:14 +0000)]
*) mod_http2: adding checks for websocket support on platform and
server versions. Give error message accordingly when trying to
enable websockets in unsupported configurations.
Add test and code to check the, finally selected, server of
a request_rec for websocket support or 501 the request.
Stefan Eissing [Wed, 21 Jun 2023 09:49:13 +0000 (09:49 +0000)]
*) http_protocol: if there is a request and an error bucket in the input
brigade, always process the request bucket first. This gives the proper
context in which to evaluate the error bucket in.
Some error access r->method, for example, in their response body.
Yann Ylavic [Tue, 20 Jun 2023 15:53:11 +0000 (15:53 +0000)]
ab: More accurate stats for time limited (-t) runs.
When ab runs for a limited time, the number of requests configured (or the
default MAX_REQUESTS if not configured) may be lower than than the number
of requests actually/finally achieved, in which case the stats per request
is a window of the actual stats since we can't store all the results.
Rather than taking the last N requests of the run for the stats, do the mean
of all the requests reusing the same window slot, and print that.
If no number of requests is configured for a time limited run, it will stop
only at the end of the time (i.e. MAX_REQUESTS is ignored for the end of
test condition). So MAX_REQUESTS is renamed to TIMED_REQUESTS while at it.
Yann Ylavic [Tue, 20 Jun 2023 15:08:44 +0000 (15:08 +0000)]
ab: Fix crash with -W when exiting earlya on fatal error.
When multiple threads are failing (e.g. read/write timeout) it's not
thread-safe to simply/concurrently print the stats and exit. This can
result in garbage being printed or a crash.
Let's cleanly shutdown the threads and do the printing at a single point.
For the places where we want to fail but threads are not started yet we
can simply exit still, so to simplify the stats are not printed in an
atexit() handler.
Stefan Eissing [Tue, 20 Jun 2023 12:01:09 +0000 (12:01 +0000)]
*) mod_http2: added support for bootstrapping WebSockets via HTTP/2, as
described in RFC 8441. A new directive 'H2WebSockets on|off' has been
added. The feature is by default not enabled.
As also discussed in the manual, this feature should work for setups
using "ProxyPass backend-url upgrade=websocket" without further changes.
Special server modules for WebSockets will have to be adapted,
most likely, as the handling if IO events is different with HTTP/2.
HTTP/2 WebSockets are supported on platforms with native pipes. This
excludes Windows.
Stefan Eissing [Tue, 13 Jun 2023 14:36:43 +0000 (14:36 +0000)]
*) mod_http2: fixed a bug that could lead to a crash in main connection
output handling. This occured only when the last request on a HTTP/2
connection had been processed and the session decided to shut down.
This could lead to an attempt to send a final GOAWAY while the previous
write was still in progress. See PR 66646.
Stefan Eissing [Fri, 9 Jun 2023 15:02:21 +0000 (15:02 +0000)]
*) mod_http2: fixed a bug in flushing pending data on an already closed
connection that could lead to a busy loop, preventing the HTTP/2 session
to close down successfully. Fixed PR 66624.
Giovanni Bechis [Tue, 6 Jun 2023 22:02:37 +0000 (22:02 +0000)]
mod_ext_filter: check exit status of filter processes
Whenever a filter process returns a non-zero exit status, or is killed
by a signal, return a HTTP 500 error, and log the reason.
Ran top-level make update-log-msg-tags to update APLOGNO numbers.
Stefan Eissing [Thu, 1 Jun 2023 12:21:03 +0000 (12:21 +0000)]
*) core: add `final_resp_passed` flag to request_rec to allow
ap_die() to judge if it can send out a response. Bump mmn.
Enable test cases that check errors during response body to
appear as error on client side.
Stefan Eissing [Thu, 1 Jun 2023 10:38:53 +0000 (10:38 +0000)]
* mod_proxy_http2: fixed using the wrong "bucket_alloc" from the backend
connection when sending data on the frontend one. This caused crashes
or infinite loops in rare situations.
* mod_proxy_http2: fixed a bug in retry/response handling that could lead
to wrong status codes or HTTP messages send at the end of response bodies
exceeding the announced content-length.
* mod_proxy_http2: fix retry handling to not leak temporary errors.
On detecting that that an existing connection was shutdown by the other
side, a 503 response leaked even though the request was retried on a
fresh connection.
* mod_http2: fixed a bug that did cleanup of consumed and pending buckets in
the wrong order when a bucket_beam was destroyed.
Stefan Eissing [Mon, 22 May 2023 14:10:17 +0000 (14:10 +0000)]
*) mod_proxy_http2: fix retry handling to not leak temporary errors.
On detecting that that an existing connection was shutdown by the other
side, a 503 response leaked even though the request was retried on a
fresh connection.
When we are at flush_max_threshold and the next bucket is a metadata (i.e. next->length == 0), we still need to re-check for flush_max_threshold and associated optimisation (is_in_memory_bucket()) when we process this metadata bucket in the next iteration of the loop.
Graham Leggett [Fri, 19 May 2023 10:29:02 +0000 (10:29 +0000)]
mod_authnz_ldap.c: Make sure the authentication variables are set in
all cases where another module is the source of the authentication,
and that authenticated user is looked up in LDAP.