Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge r1881790, r1904513, r1909400, r1909401, r1909402, r1909451, r1912459 from trunk #389

Conversation

rpluem
Copy link
Contributor

@rpluem rpluem commented Oct 30, 2023

Merge r1881790, r1904513, r1909400, r1909401, r1909402, r1909451, r1912459 from trunk

notroj and others added 7 commits October 30, 2023 10:16
to configure the Basic auth credentials to send to the remote proxy.

(Note that credentials are always sent w/o waiting for a challenge as
with proxy-chain-auth, and only Basic is supported - both of which are
not exactly ideal - but better than nothing.)

* modules/proxy/mod_proxy.h (struct proxy_remote): Add creds field.

* modules/proxy/mod_proxy.c (proxy_handler): Pass forward proxy
  credentials via r->notes.
  (add_proxy): Take credentials and base64-encode into ->creds field if
  passed.
  (add_proxy_noregex, add_proxy_regex): Take optional creds argument.

* modules/proxy/proxy_util.c (ap_proxy_determine_connection):
  Use proxy credentials from r->notes if available.
  (ap_proxy_create_hdrbrgd): Set Proxy-Authorization header from
  credentials in r->notes if present.

PR: 37355
Github: closes apache#135

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1881790 13f79535-47bb-0310-9956-ffa450edef68
(cherry picked from commit c77e6ab)
…when

           some dollar substitution (backreference) happens in the hostname
           or port part of the URL.

Address or connection reuse can't work when the autority part of the URL is
dynamic (single origin server[:port] handled/assumed in the reslist). Detect
such cases and unset worker->s->is_address_reusable to disable reuse regardless
of enablereuse/disablereuse.

* modules/proxy/proxy_util.c(ap_proxy_define_worker_ex):
  Lookup for $n substitution in the hostname[:port] when parsing the URL and
  if present, set worker->->is_address_reusable=0 / worker->s->disablereuse=1.

* modules/proxy/proxy_util.c(ap_proxy_initialize_worker):
  Don't overwrite worker->s->is_address_reusable from enablereuse/disablereuse
  parameters, and set both consistently.

* docs/manual/mod/mod_proxy.xml:
  Add ProxyPassMatch compatibility note about key=value parameters handled with
  $n substitutions since 2.4.47.
  Document the specificities of enablereuse/disablereuse w.r.t. $n subsitutions
  in the different part of the URL.
  Axe the note about unparsable URLs when the $n substitution happens in the
  port, this has been addressed in 2.4.47 too (and works now).

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1904513 13f79535-47bb-0310-9956-ffa450edef68
(cherry picked from commit c74bf2f)
…L and thus

  we need to avoid a race that worker->cp->addr switches to NULL after we
  checked it to be non NULL but before we assign it to conn->addr in an else
  tree which would leave conn->addr to NULL and likely cause a segfault later.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909400 13f79535-47bb-0310-9956-ffa450edef68
(cherry picked from commit dc498e9)
… lookup

  again.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909401 13f79535-47bb-0310-9956-ffa450edef68
(cherry picked from commit 12b589f)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909402 13f79535-47bb-0310-9956-ffa450edef68
(cherry picked from commit 34c5832)
…cache it

  might be caused by a change on DNS side. Try another DNS lookup in this case
  and in case this causes a successful connection trigger a refresh of the
  worker lookup cache.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909451 13f79535-47bb-0310-9956-ffa450edef68
(cherry picked from commit 9a8eb4a)
Define a new proxy_address struct holding the current/latest sockaddr in use
by each proxy worker and conn. Since backend addresses can be updated when
their TTL expires and while connections are being processed, each address is
refcounted and freed only when the last worker (or conn) using it grabs the
new one.

The lifetime of the addresses is handled at a single place by the new
ap_proxy_determine_address() function. It guarantees to bind the current/latest
backend address to the passed in conn (or do nothing if it's up to date already).
The function is called indirectly by ap_proxy_determine_connection() for the
proxy modules that use it, or directly by mod_proxy_ftp and mod_proxy_hcheck.
It also is called eventually by ap_proxy_connect_backend() when connect()ing all
the current addresses fails, to check (PROXY_DETERMINE_ADDRESS_CHECK) if some
new addrs are available.

This commit is also a rework of the lifetime of conn->addr, conn->hostname
and conn->forward, using the conn->uds_pool and conn->fwd_pool for the cases
where the backend is connected through a UDS socket and a remote CONNECT proxy
respectively.

* include/ap_mmn.h:
  Minor bump for new function/fields.

* modules/proxy/mod_proxy.h (struct proxy_address,
                             ap_proxy_determine_addresss()):
  Declare ap_proxy_determine_addresss() and opaque struct proxy_address,
  new fields to structs proxy_conn_rec/proxy_worker_shared/proxy_worker.

* modules/proxy/mod_proxy.c (set_worker_param):
  Parse/set the new worker->address_ttl parameter.

* modules/proxy/proxy_util.c (proxy_util_register_hooks(),
                              ap_proxy_initialize_worker(),
                              ap_proxy_connection_reusable(),
                              ap_proxyerror(), proxyerror_core(),
                              init_conn_pool(), make_conn_subpool(),
                              connection_make(), connection_cleanup(),
                              connection_constructor()):
 Initialize *proxy_start_time in proxy_util_register_hooks() as the epoch
 from which expiration times are relative (i.e. seconds stored in an uint32_t
 for atomic changes).
 Make sure worker->s->is_address_reusable and worker->s->disablereuse are
 consistant in ap_proxy_initialize_worker(), thus no need to check for both
 in ap_proxy_connection_reusable().
 New proxyerror_core() helper taking an apr_status_t to log, wrap in
 ap_proxyerror().
 New make_conn_subpool() to create worker->cp->{pool,dns} with their own
 allocator.
 New connection_make() helper to factorize code in connection_cleanup() and
 connection_constructor().

* modules/proxy/proxy_util.c (proxy_address_inc(), proxy_address_dec(),
                              proxy_address_cleanup(), proxy_address_set_expired(),
                              worker_address_get(), worker_address_set(),
                              worker_address_resolve(), proxy_addrs_equal(),
                              ap_proxy_determine_address(),
                              ap_proxy_determine_connection(),
                              ap_proxy_connect_backend()):
 Implement ap_proxy_determine_address() using the above helpers for atomic changes,
 and call it from ap_proxy_determine_connection() and ap_proxy_connect_backend().

* modules/proxy/mod_proxy_ftp.c (proxy_ftp_handler):
  Use ap_proxy_determine_address() and use the returned backend->addr.

* modules/proxy/mod_proxy_hcheck.c (hc_determine_connection, hc_get_backend,
                                    hc_init_worker, hc_watchdog_callback):
  Use ap_proxy_determine_address() in hc_determine_connection() and call the
  latter from hc_get_backend(), replace hc_init_worker() by hc_init_baton()
  which now calls hc_get_hcworker() and hc_get_backend() to resolve the first
  address at init time.

* modules/proxy/mod_proxy_http.c (proxy_http_handler):
  Use backend->addr and ->hostname instead of worker->cp->addr and
  worker->s->hostname_ex respectively.

* modules/proxy/mod_proxy_ajp.c (ap_proxy_ajp_request):
  Use backend->addr and ->hostname instead of worker->cp->addr and
  worker->s->hostname_ex respectively.

Closes apache#367

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1912459 13f79535-47bb-0310-9956-ffa450edef68
(cherry picked from commit 3c7f67f)
@rpluem
Copy link
Contributor Author

rpluem commented Oct 30, 2023

Missed r1365001

@rpluem rpluem closed this Oct 30, 2023
@rpluem rpluem deleted the 1881790_1904513_1909400_1909401_1909402_1909451_1912459 branch October 30, 2023 10:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants