Ruediger Pluem [Mon, 1 Oct 2018 18:21:18 +0000 (18:21 +0000)]
* Pickup the proxy related configuration for verify mode and verify depth and
not the configuration settings for frontend connections in case of
connections by the proxy to the backend.
* dav_stream_response processes data that has been allocated from the propdb
pool. Hence close the propdb *after* dav_stream_response which clears thei
probdb pool.
* Doing a PROPFIND on a large collection e.g. 50.000 elements can easily
consume 1 GB of memory as the subrequests and propdb pools are not
destroyed and cleared after each element was handled.
Do this now. There is one case in dav_get_props where elem->priv
lives longer then the propdb pool. In this case allocate from r->pool.
Furthermore also recycle propdb's which allows to clear the propdb's
pools instead of destroying them and creating them again.
Joe Orton [Tue, 18 Sep 2018 11:05:43 +0000 (11:05 +0000)]
* modules/ssl/ssl_engine_kernel.c (ssl_check_post_client_verify):
Retrieve and set sslconn->client_cert here for both "modern" and
classic access control.
(ssl_hook_Access_classic, ssl_hook_Access_modern, ssl_hook_Access):
Restore SSLRequire and FakeBasicAuth checks to ssl_hook_Access so tests
are still applied for TLSv1.3.
Joe Orton [Wed, 12 Sep 2018 15:54:24 +0000 (15:54 +0000)]
* modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol):
Disable AUTO_RETRY mode for OpenSSL 1.1.1, which fixes
post-handshake authentication.
(ssl_init_proxy_certs): Fix proxy client cert support with
TLSv1.3, which is now crippled by default.
Follow up to r1840265: really privatize ap_filter_{recycle,adopt_brigade}().
Move ap_filter_adopt_brigade()'s declaration to "server/core.h" (private).
For ap_filter_recycle(), make it static/internal to util_filter (renamed to
recycle_dead_filters() which better fits what it does). It's now also called
unconditionally from ap_filter_input_pending() which itself is always called
after the request processing and from MPM event (as input_pending hook).
Joe Orton [Tue, 11 Sep 2018 16:01:47 +0000 (16:01 +0000)]
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access_modern): Fail with
403 if SSL_verify_client_post_handshake() fails, e.g. when the
TLS/1.3 client didn't send the Post-Handshake Authentication
extension.
Joe Orton [Tue, 11 Sep 2018 12:57:36 +0000 (12:57 +0000)]
* modules/arch/unix/mod_systemd.c (systemd_pre_mpm, systemd_monitor):
Ignore sd_notify{,f} failure cases as currently recommended by the
systemd API docs.
Joe Orton [Tue, 11 Sep 2018 12:53:30 +0000 (12:53 +0000)]
* modules/arch/unix/mod_systemd.c (systemd_post_config): Fix systemd
service getting stuck reloading if "ExtendedStatus off" is
configured; regression in r1802251.
Follow up to r1840149: core input filter pending data.
Since r1840149 ap_core_input_filter() can't use use f->[priv->]bb directly, so
ap_filter_input_pending() stopped accounting for its pending data.
But ap_core_input_filter() can't (and doesn't need to) setaside its socket
bucket, so ap_filter_setaside_brigade() is not an option. This commit adds
ap_filter_adopt_brigade() which simply moves the given buckets (brigade) into
f->priv->bb, and since this is not something to be done blindly (the buckets
need to have c->pool/bucket_alloc lifetime, which is the case in the core
filter) the function is not AP_DECLAREd/exported thus can be used in core only.
With ap_filter_adopt_brigade() and ap_filter_reinstate_brigade(), the core
input is now ap_filter_input_pending() friendly.
Also, ap_filter_recycle() is no more part of the API (AP_DECLARE removed too),
there really is no point to call it outside core code. MAJOR bumped once again
because of this.
Eric Covener [Thu, 6 Sep 2018 15:24:29 +0000 (15:24 +0000)]
fix StrictHostCheck in single/non-NVH vhosts
While all VH'es are NVH'es in 2.4 and later, something special happens
once a second NVH in a set is added. This case covers the
global server config scenario as well.
util_filter: protect ap_filter_t private fields from external (ab)use.
Introduce opaque struct ap_filter_private to move ap_filter_t "pending", "bb"
and "deferred_pool" fields to the "priv" side of things.
This allows to trust values set internally (only!) in util_filter code, and
make useful assertions between the different functions calls, along with the
usual nice extensibility property.
Likewise, the private struct ap_filter_conn_ctx in conn_rec (from r1839997)
allows now to implement the new ap_acquire_brigade() and ap_release_brigade()
functions useful to get a brigade with c->pool's lifetime. They obsolete
ap_reuse_brigade_from_pool() which is replaced where previously used.
Some comments added in ap_request_core_filter() regarding the lifetime of the
data it plays with, up to EOR...
core: follow up to r1839997: some runtime optimizations.
We don't mind about cleaning up a connection filter when its pool is being
cleaned up already. For request filters, let pending_filter_cleanup() do
nothing if the given filter is not pending (anymore), which allows to save a
cleanup kill when the filter is removed.
Clear (zero) the reused filters (ap_filter_t) on reuse rather than cleanup,
then a single APR_RING_CONCAT() can be used to recycle dead_filters in a one
go.
Always call ap_filter_recycle() in ap_filter_output_pending(), even if no
filter is pending, and while at it fix s/ap_filter_recyle/ap_filter_recycle/
silly typo.
Stefan Eissing [Tue, 4 Sep 2018 08:29:11 +0000 (08:29 +0000)]
On the trunk:
mod_http2: connection IO event handling reworked. Instead of reacting on
incoming bytes, the state machine now acts on incoming frames that are
affecting it. This reduces state transitions.
core: follow up to r1839997: recycle request filters to a delayed ring first.
We want not only ap_filter_output_pending() to be able to access each pending
filter's *f after the EOR is destroyed, but also each request filter to do
the same until it returns.
So request filters are now always cleaned up into a dead_filters ring which is
merged into spare_filters only when ap_filter_recycle() is called explicitely,
that is in ap_process_request_after_handler() and ap_filter_output_pending().
The former takes care of recycling at the end of the request, with any MPM,
while the latter keeps recycling during MPM event's write completion.
core: always allocate filters (ap_filter_t) on f->c->pool.
When filters are allocated on f->r->pool, they may be destroyed any time
underneath themselves which makes it hard for them to be passed the EOR and
forward it (*f can't be dereferenced anymore when the EOR is destroyed, thus
before request filters return).
On the util_filter side, it also makes it impossible to flush pending request
filters when they have set aside the EOR, since f->bb can't be accessed after
it's passed to the f->next.
So we always use f->c->pool to allocate filters and pending brigades, and to
avoid leaks with keepalive requests (long living connections handling multiple
requests), filters and brigades are recycled with a cleanup on f->r->pool.
Recycling is done (generically) with a spare data ring (void pointers), and a
filter(s) context struct is associated with the conn_rec to maintain the rings
by connection, that is:
util_filter: split pending filters ring in two: input and output ones.
Pending input and output are now maintained separately in respectively
c->pending_input_filters and c->pending_output_filters, which improves
both performances and debug-ability.
Also, struct ap_filter_ring is made opaque, it's only used by util_filter
and this will allow us to later change it e.g. to a dual ring+apr_hash to
avoid quadratic search in ap_filter_prepare_brigade().
MMN major bumped due to the change in conn_rec (this is trunk only code
anyway for now).
Yann Ylavic [Wed, 29 Aug 2018 12:27:31 +0000 (12:27 +0000)]
MPMs: early initialize scoreboard's child generation number.
Since [mpm]_note_child_killed uses the scoreboard's generation number for
child_status hook (MPM_CHILD_EXITED), we must initialize it early (i.e. in
[mpm]_note_child_started where MPM_CHILD_STARTED is set) to avoid race
conditions on restart (e.g. storm/loop of restarts) leading to AH00546.
When a rewrite to proxy is configured in the server config, a check is made to make sure mod_proxy is active. But the same is not done if a rewrite to proxy is configured in an .htaccess file.
Basically this patch is the block of code from hook_uri2file that does the proxy check, copied to hook_fixup.
Patch provided by Michael Streeter [mstreeter1 gmail.com], slightly modified to use a new APLOGNO
PR 56264
- Add some links.
- Remove the space in "character set" in the syntax of ProxyFtpDirCharset to avoid confusion (it is 1 parameter only)
- Use the correct syntax for the "default" values, so that they are parsed and correctly displayed in 'quickreference'
- Remove extra [] when directive's parameter are required
- correct the default password: apache-proxy@ instead of apache_proxy@.
This was silently changed in r88745, 17 years ago!
'ap_unescape_urlencoded()' suggests that NULL can be passed to 'unescape_url()'.
So avoid a potential 'strchr(NULL, ...)' which is an undefined behavior.
Yann Ylavic [Fri, 10 Aug 2018 16:15:50 +0000 (16:15 +0000)]
core: ap_filter_output_pending() to flush outer most filters first.
Since previous output filters may use ap_filter_should_yield() to determine
whether they should send more data (e.g. ap_request_core_filter), we need
to flush pending data from the core output filter first, and so on up the
chain.
Otherwise we may enter an infinite loop where ap_request_core_filter() does
nothing on ap_filter_output_pending() called from MPM event.
Rainer Jung [Tue, 7 Aug 2018 10:25:31 +0000 (10:25 +0000)]
mod_status: Complete the data shown for async
MPMs in "auto" mode. Added number of processes,
number of stopping processes and number
of busy and idle workers.
Rainer Jung [Tue, 7 Aug 2018 10:17:33 +0000 (10:17 +0000)]
mod_proxy: Improve the balancer member data shown
in mod_status when "ProxyStatus" is "On":
add "busy" count and show byte counts in auto
mode always in units of kilobytes.