]>
Commit | Line | Data |
---|---|---|
cf0fe2e1 ER |
1 | Index: configure.in |
2 | =================================================================== | |
99ee3d18 ER |
3 | --- configure.in (.../tags/lighttpd-1.4.13) (revision 1718) |
4 | +++ configure.in (.../branches/lighttpd-1.4.x) (revision 1718) | |
cf0fe2e1 ER |
5 | @@ -398,7 +398,7 @@ |
6 | ||
7 | AC_MSG_RESULT($WITH_LUA) | |
8 | if test "$WITH_LUA" != "no"; then | |
9 | - if test "$WITH_LUA" == "yes"; then | |
10 | + if test "$WITH_LUA" = "yes"; then | |
11 | WITH_LUA=lua | |
12 | fi | |
13 | PKG_CHECK_MODULES(LUA, $WITH_LUA >= 5.1, [ | |
14 | @@ -538,7 +538,7 @@ | |
15 | AC_OUTPUT | |
16 | ||
17 | ||
18 | -do_build="mod_cgi mod_fastcgi mod_proxy mod_evhost mod_simple_vhost mod_access mod_alias mod_setenv mod_usertrack mod_auth mod_status mod_accesslog mod_rrdtool mod_secdownload mod_expire mod_compress mod_dirlisting mod_indexfiles mod_userdir mod_webdav mod_staticfile mod_scgi mod_flv_streaming" | |
19 | +do_build="mod_cgi mod_fastcgi mod_extforward mod_proxy mod_evhost mod_simple_vhost mod_access mod_alias mod_setenv mod_usertrack mod_auth mod_status mod_accesslog mod_rrdtool mod_secdownload mod_expire mod_compress mod_dirlisting mod_indexfiles mod_userdir mod_webdav mod_staticfile mod_scgi mod_flv_streaming" | |
20 | ||
21 | plugins="mod_rewrite mod_redirect mod_ssi mod_trigger_b4_dl" | |
22 | features="regex-conditionals" | |
23 | Index: src/mod_cgi.c | |
24 | =================================================================== | |
99ee3d18 ER |
25 | --- src/mod_cgi.c (.../tags/lighttpd-1.4.13) (revision 1718) |
26 | +++ src/mod_cgi.c (.../branches/lighttpd-1.4.x) (revision 1718) | |
cf0fe2e1 ER |
27 | @@ -842,6 +842,12 @@ |
28 | CONST_BUF_LEN(con->authed_user)); | |
29 | } | |
30 | ||
31 | +#ifdef USE_OPENSSL | |
32 | + if (srv_sock->is_ssl) { | |
33 | + cgi_env_add(&env, CONST_STR_LEN("HTTPS"), CONST_STR_LEN("on")); | |
34 | + } | |
35 | +#endif | |
36 | + | |
37 | /* request.content_length < SSIZE_MAX, see request.c */ | |
38 | ltostr(buf, con->request.content_length); | |
39 | cgi_env_add(&env, CONST_STR_LEN("CONTENT_LENGTH"), buf, strlen(buf)); | |
a26d5970 ER |
40 | Index: src/base.h |
41 | =================================================================== | |
99ee3d18 ER |
42 | --- src/base.h (.../tags/lighttpd-1.4.13) (revision 1718) |
43 | +++ src/base.h (.../branches/lighttpd-1.4.x) (revision 1718) | |
a26d5970 ER |
44 | @@ -481,7 +481,9 @@ |
45 | enum { STAT_CACHE_ENGINE_UNSET, | |
46 | STAT_CACHE_ENGINE_NONE, | |
47 | STAT_CACHE_ENGINE_SIMPLE, | |
48 | +#ifdef HAVE_FAM_H | |
49 | STAT_CACHE_ENGINE_FAM | |
50 | +#endif | |
51 | } stat_cache_engine; | |
52 | unsigned short enable_cores; | |
53 | } server_config; | |
54 | Index: src/connections.c | |
55 | =================================================================== | |
99ee3d18 ER |
56 | --- src/connections.c (.../tags/lighttpd-1.4.13) (revision 1718) |
57 | +++ src/connections.c (.../branches/lighttpd-1.4.x) (revision 1718) | |
58 | @@ -500,11 +500,10 @@ | |
cf0fe2e1 ER |
59 | case 201: |
60 | case 301: | |
61 | case 302: | |
62 | + case 303: | |
63 | break; | |
64 | ||
65 | case 206: /* write_queue is already prepared */ | |
99ee3d18 ER |
66 | - con->file_finished = 1; |
67 | - | |
68 | break; | |
69 | case 205: /* class: header only */ | |
70 | case 304: | |
71 | @@ -970,7 +969,7 @@ | |
a26d5970 ER |
72 | } |
73 | } else { | |
74 | /* a splited \r \n */ | |
75 | - return -1; | |
76 | + break; | |
77 | } | |
78 | } | |
79 | } | |
80 | Index: src/configfile.c | |
81 | =================================================================== | |
99ee3d18 ER |
82 | --- src/configfile.c (.../tags/lighttpd-1.4.13) (revision 1718) |
83 | +++ src/configfile.c (.../branches/lighttpd-1.4.x) (revision 1718) | |
a26d5970 ER |
84 | @@ -218,13 +218,19 @@ |
85 | srv->srvconf.stat_cache_engine = STAT_CACHE_ENGINE_SIMPLE; | |
86 | } else if (buffer_is_equal_string(stat_cache_string, CONST_STR_LEN("simple"))) { | |
87 | srv->srvconf.stat_cache_engine = STAT_CACHE_ENGINE_SIMPLE; | |
88 | +#ifdef HAVE_FAM_H | |
89 | } else if (buffer_is_equal_string(stat_cache_string, CONST_STR_LEN("fam"))) { | |
90 | srv->srvconf.stat_cache_engine = STAT_CACHE_ENGINE_FAM; | |
91 | +#endif | |
92 | } else if (buffer_is_equal_string(stat_cache_string, CONST_STR_LEN("disable"))) { | |
93 | srv->srvconf.stat_cache_engine = STAT_CACHE_ENGINE_NONE; | |
94 | } else { | |
95 | log_error_write(srv, __FILE__, __LINE__, "sb", | |
96 | - "server.stat-cache-engine can be one of \"disable\", \"simple\", \"fam\", but not:", stat_cache_string); | |
97 | + "server.stat-cache-engine can be one of \"disable\", \"simple\"," | |
98 | +#ifdef HAVE_FAM_H | |
99 | + " \"fam\"," | |
100 | +#endif | |
101 | + " but not:", stat_cache_string); | |
102 | ret = HANDLER_ERROR; | |
103 | } | |
f26f9fd5 | 104 | |
a26d5970 ER |
105 | Index: src/mod_scgi.c |
106 | =================================================================== | |
99ee3d18 ER |
107 | --- src/mod_scgi.c (.../tags/lighttpd-1.4.13) (revision 1718) |
108 | +++ src/mod_scgi.c (.../branches/lighttpd-1.4.x) (revision 1718) | |
a26d5970 ER |
109 | @@ -2528,7 +2528,7 @@ |
110 | hctx->reconnects < 5) { | |
111 | scgi_reconnect(srv, hctx); | |
f673a614 | 112 | |
a26d5970 ER |
113 | - log_error_write(srv, __FILE__, __LINE__, "sdsdsd", |
114 | + log_error_write(srv, __FILE__, __LINE__, "ssdsd", | |
115 | "response not sent, request not sent, reconnection.", | |
116 | "connection-fd:", con->fd, | |
117 | "fcgi-fd:", hctx->fd); | |
118 | Index: src/request.c | |
119 | =================================================================== | |
99ee3d18 ER |
120 | --- src/request.c (.../tags/lighttpd-1.4.13) (revision 1718) |
121 | +++ src/request.c (.../branches/lighttpd-1.4.x) (revision 1718) | |
a26d5970 ER |
122 | @@ -85,6 +85,9 @@ |
123 | /* Host is empty */ | |
124 | if (host_len == 0) return -1; | |
f26f9fd5 | 125 | |
a26d5970 ER |
126 | + /* if the hostname ends in a "." strip it */ |
127 | + if (host->ptr[host_len-1] == '.') host_len -= 1; | |
f673a614 | 128 | + |
a26d5970 ER |
129 | /* scan from the right and skip the \0 */ |
130 | for (i = host_len - 1; i + 1 > 0; i--) { | |
131 | const char c = host->ptr[i]; | |
132 | Index: src/network_backends.h | |
133 | =================================================================== | |
99ee3d18 ER |
134 | --- src/network_backends.h (.../tags/lighttpd-1.4.13) (revision 1718) |
135 | +++ src/network_backends.h (.../branches/lighttpd-1.4.x) (revision 1718) | |
a26d5970 ER |
136 | @@ -14,7 +14,7 @@ |
137 | # include <sys/uio.h> | |
138 | #endif | |
139 | ||
140 | -#if defined HAVE_SYS_UIO_H && defined HAVE_SENDFILE && defined HAVE_WRITEV && defined(__FreeBSD__) | |
141 | +#if defined HAVE_SYS_UIO_H && defined HAVE_SENDFILE && defined HAVE_WRITEV && (defined(__FreeBSD__) || defined(__DragonFly__)) | |
142 | # define USE_FREEBSD_SENDFILE | |
143 | # include <sys/uio.h> | |
144 | #endif | |
145 | Index: src/mod_proxy.c | |
146 | =================================================================== | |
99ee3d18 ER |
147 | --- src/mod_proxy.c (.../tags/lighttpd-1.4.13) (revision 1718) |
148 | +++ src/mod_proxy.c (.../branches/lighttpd-1.4.x) (revision 1718) | |
a26d5970 ER |
149 | @@ -656,6 +656,7 @@ |
150 | } | |
151 | ||
152 | if (-1 == (r = read(hctx->fd, hctx->response->ptr + hctx->response->used - 1, b))) { | |
153 | + if (errno == EAGAIN) return 0; | |
154 | log_error_write(srv, __FILE__, __LINE__, "sds", | |
155 | "unexpected end-of-file (perhaps the proxy process died):", | |
156 | proxy_fd, strerror(errno)); | |
cf0fe2e1 ER |
157 | Index: src/mod_extforward.c |
158 | =================================================================== | |
159 | --- src/mod_extforward.c (.../tags/lighttpd-1.4.13) (revision 0) | |
99ee3d18 | 160 | +++ src/mod_extforward.c (.../branches/lighttpd-1.4.x) (revision 1718) |
cf0fe2e1 ER |
161 | @@ -0,0 +1,490 @@ |
162 | +#include <ctype.h> | |
163 | +#include <stdlib.h> | |
164 | +#include <string.h> | |
165 | +#include <stdio.h> | |
166 | +#include <netinet/in.h> | |
167 | + | |
168 | +#include "base.h" | |
169 | +#include "log.h" | |
170 | +#include "buffer.h" | |
171 | + | |
172 | +#include "plugin.h" | |
173 | + | |
174 | +#include "inet_ntop_cache.h" | |
175 | +#ifdef HAVE_CONFIG_H | |
176 | +#include "config.h" | |
177 | +#endif | |
178 | + | |
179 | +/** | |
180 | + * mod_extforward.c for lighttpd, by comman.kang <at> gmail <dot> com | |
181 | + * extended, modified by Lionel Elie Mamane (LEM), lionel <at> mamane <dot> lu | |
182 | + * | |
183 | + * Config example: | |
184 | + * | |
185 | + * Trust proxy 10.0.0.232 and 10.0.0.232 | |
186 | + * extforward.forwarder = ( "10.0.0.232" => "trust", | |
187 | + * "10.0.0.233" => "trust" ) | |
188 | + * | |
189 | + * Trust all proxies (NOT RECOMMENDED!) | |
190 | + * extforward.forwarder = ( "all" => "trust") | |
191 | + * | |
192 | + * Note that "all" has precedence over specific entries, | |
193 | + * so "all except" setups will not work. | |
194 | + * | |
195 | + * Note: The effect of this module is variable on $HTTP["remotip"] directives and | |
196 | + * other module's remote ip dependent actions. | |
197 | + * Things done by modules before we change the remoteip or after we reset it will match on the proxy's IP. | |
198 | + * Things done in between these two moments will match on the real client's IP. | |
199 | + * The moment things are done by a module depends on in which hook it does things and within the same hook | |
200 | + * on whether they are before/after us in the module loading order | |
201 | + * (order in the server.modules directive in the config file). | |
202 | + * | |
203 | + * Tested behaviours: | |
204 | + * | |
205 | + * mod_access: Will match on the real client. | |
206 | + * | |
207 | + * mod_accesslog: | |
208 | + * In order to see the "real" ip address in access log , | |
209 | + * you'll have to load mod_extforward after mod_accesslog. | |
210 | + * like this: | |
211 | + * | |
212 | + * server.modules = ( | |
213 | + * ..... | |
214 | + * mod_accesslog, | |
215 | + * mod_extforward | |
216 | + * ) | |
217 | + * | |
218 | + * Known issues: | |
219 | + * seems causing segfault with mod_ssl and $HTTP{"socket"} directives | |
220 | + * LEM 2006.05.26: Fixed segfault $SERVER["socket"] directive. Untested with SSL. | |
221 | + * | |
222 | + * ChangeLog: | |
223 | + * 2005.12.19 Initial Version | |
224 | + * 2005.12.19 fixed conflict with conditional directives | |
225 | + * 2006.05.26 LEM: IPv6 support | |
226 | + * 2006.05.26 LEM: Fix a segfault with $SERVER["socket"] directive. | |
227 | + * 2006.05.26 LEM: Run at uri_raw time, as we don't need to see the URI | |
228 | + * In this manner, we run before mod_access and $HTTP["remoteip"] directives work! | |
229 | + * 2006.05.26 LEM: Clean config_cond cache of tests whose result we probably change. | |
230 | + */ | |
231 | + | |
232 | + | |
233 | +/* plugin config for all request/connections */ | |
234 | + | |
235 | +typedef struct { | |
236 | + array *forwarder; | |
237 | +} plugin_config; | |
238 | + | |
239 | +typedef struct { | |
240 | + PLUGIN_DATA; | |
241 | + | |
242 | + plugin_config **config_storage; | |
243 | + | |
244 | + plugin_config conf; | |
245 | +} plugin_data; | |
246 | + | |
247 | + | |
248 | +/* context , used for restore remote ip */ | |
249 | + | |
250 | +typedef struct { | |
251 | + sock_addr saved_remote_addr; | |
252 | + buffer *saved_remote_addr_buf; | |
253 | +} handler_ctx; | |
254 | + | |
255 | + | |
256 | +static handler_ctx * handler_ctx_init(sock_addr oldaddr, buffer *oldaddr_buf) { | |
257 | + handler_ctx * hctx; | |
258 | + hctx = calloc(1, sizeof(*hctx)); | |
259 | + hctx->saved_remote_addr = oldaddr; | |
260 | + hctx->saved_remote_addr_buf = oldaddr_buf; | |
261 | + return hctx; | |
262 | +} | |
263 | + | |
264 | +static void handler_ctx_free(handler_ctx *hctx) { | |
265 | + free(hctx); | |
266 | +} | |
267 | + | |
268 | +/* init the plugin data */ | |
269 | +INIT_FUNC(mod_extforward_init) { | |
270 | + plugin_data *p; | |
271 | + p = calloc(1, sizeof(*p)); | |
272 | + return p; | |
273 | +} | |
274 | + | |
275 | +/* destroy the plugin data */ | |
276 | +FREE_FUNC(mod_extforward_free) { | |
277 | + plugin_data *p = p_d; | |
278 | + | |
279 | + UNUSED(srv); | |
280 | + | |
281 | + if (!p) return HANDLER_GO_ON; | |
282 | + | |
283 | + if (p->config_storage) { | |
284 | + size_t i; | |
285 | + | |
286 | + for (i = 0; i < srv->config_context->used; i++) { | |
287 | + plugin_config *s = p->config_storage[i]; | |
288 | + | |
289 | + if (!s) continue; | |
290 | + | |
291 | + array_free(s->forwarder); | |
292 | + | |
293 | + free(s); | |
294 | + } | |
295 | + free(p->config_storage); | |
296 | + } | |
297 | + | |
298 | + | |
299 | + free(p); | |
300 | + | |
301 | + return HANDLER_GO_ON; | |
302 | +} | |
303 | + | |
304 | +/* handle plugin config and check values */ | |
305 | + | |
306 | +SETDEFAULTS_FUNC(mod_extforward_set_defaults) { | |
307 | + plugin_data *p = p_d; | |
308 | + size_t i = 0; | |
309 | + | |
310 | + config_values_t cv[] = { | |
311 | + { "extforward.forwarder", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 0 */ | |
312 | + { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET } | |
313 | + }; | |
314 | + | |
315 | + if (!p) return HANDLER_ERROR; | |
316 | + | |
317 | + p->config_storage = calloc(1, srv->config_context->used * sizeof(specific_config *)); | |
318 | + | |
319 | + for (i = 0; i < srv->config_context->used; i++) { | |
320 | + plugin_config *s; | |
321 | + | |
322 | + s = calloc(1, sizeof(plugin_config)); | |
323 | + s->forwarder = array_init(); | |
324 | + | |
325 | + cv[0].destination = s->forwarder; | |
326 | + | |
327 | + p->config_storage[i] = s; | |
328 | + | |
329 | + if (0 != config_insert_values_global(srv, ((data_config *)srv->config_context->data[i])->value, cv)) { | |
330 | + return HANDLER_ERROR; | |
331 | + } | |
332 | + } | |
333 | + | |
334 | + return HANDLER_GO_ON; | |
335 | +} | |
336 | + | |
337 | +#define PATCH(x) \ | |
338 | + p->conf.x = s->x; | |
339 | +static int mod_extforward_patch_connection(server *srv, connection *con, plugin_data *p) { | |
340 | + size_t i, j; | |
341 | + plugin_config *s = p->config_storage[0]; | |
342 | + | |
343 | + PATCH(forwarder); | |
344 | + | |
345 | + /* LEM: The purpose of this seems to match extforward configuration | |
346 | + stanzas that are not in the global context, but in some sub-context. | |
347 | + I fear this will break contexts of the form HTTP['remote'] = . | |
348 | + (in the form that they do not work with the real remote, but matching on | |
349 | + the proxy instead). | |
350 | + | |
351 | + I'm not sure this this is all thread-safe. Is the p we are passed different | |
352 | + for each connection or is it global? | |
353 | + | |
354 | + mod_fastcgi does the same, so it must be safe. | |
355 | + */ | |
356 | + /* skip the first, the global context */ | |
357 | + for (i = 1; i < srv->config_context->used; i++) { | |
358 | + data_config *dc = (data_config *)srv->config_context->data[i]; | |
359 | + s = p->config_storage[i]; | |
360 | + | |
361 | + /* condition didn't match */ | |
362 | + if (!config_check_cond(srv, con, dc)) continue; | |
363 | + | |
364 | + /* merge config */ | |
365 | + for (j = 0; j < dc->value->used; j++) { | |
366 | + data_unset *du = dc->value->data[j]; | |
367 | + | |
368 | + if (buffer_is_equal_string(du->key, CONST_STR_LEN("extforward.forwarder"))) { | |
369 | + PATCH(forwarder); | |
370 | + } | |
371 | + } | |
372 | + } | |
373 | + | |
374 | + return 0; | |
375 | +} | |
376 | +#undef PATCH | |
377 | + | |
378 | + | |
379 | +static void put_string_into_array_len(array *ary, const char *str, int len) | |
380 | +{ | |
381 | + data_string *tempdata; | |
382 | + if (len == 0) | |
383 | + return; | |
384 | + tempdata = data_string_init(); | |
385 | + buffer_copy_string_len(tempdata->value,str,len); | |
386 | + array_insert_unique(ary,(data_unset *)tempdata); | |
387 | +} | |
388 | +/* | |
389 | + extract a forward array from the environment | |
390 | +*/ | |
391 | +static array *extract_forward_array(buffer *pbuffer) | |
392 | +{ | |
393 | + array *result = array_init(); | |
394 | + if (pbuffer->used > 0) { | |
395 | + char *base, *curr; | |
396 | + /* state variable, 0 means not in string, 1 means in string */ | |
397 | + int in_str = 0; | |
398 | + for (base = pbuffer->ptr, curr = pbuffer->ptr; *curr; curr++) | |
399 | + { | |
400 | + if (in_str) { | |
401 | + if ( (*curr > '9' || *curr < '0') && *curr != '.' && *curr != ':' ) { | |
402 | + /* found an separator , insert value into result array */ | |
403 | + put_string_into_array_len(result, base, curr-base); | |
404 | + /* change state to not in string */ | |
405 | + in_str = 0; | |
406 | + } | |
407 | + } else { | |
408 | + if (*curr >= '0' && *curr <= '9') | |
409 | + { | |
410 | + /* found leading char of an IP address, move base pointer and change state */ | |
411 | + base = curr; | |
412 | + in_str = 1; | |
413 | + } | |
414 | + } | |
415 | + } | |
416 | + /* if breaking out while in str, we got to the end of string, so add it */ | |
417 | + if (in_str) | |
418 | + { | |
419 | + put_string_into_array_len(result, base, curr-base); | |
420 | + } | |
421 | + } | |
422 | + return result; | |
423 | +} | |
424 | + | |
425 | +#define IP_TRUSTED 1 | |
426 | +#define IP_UNTRUSTED 0 | |
427 | +/* | |
428 | + check whether ip is trusted, return 1 for trusted , 0 for untrusted | |
429 | +*/ | |
430 | +static int is_proxy_trusted(const char *ipstr, plugin_data *p) | |
431 | +{ | |
432 | + data_string* allds = (data_string *) array_get_element(p->conf.forwarder,"all"); | |
433 | + if (allds) { | |
434 | + if (strcasecmp(allds->value->ptr,"trust") == 0) | |
435 | + return IP_TRUSTED; | |
436 | + else | |
437 | + return IP_UNTRUSTED; | |
438 | + } | |
439 | + return (data_string *)array_get_element(p->conf.forwarder,ipstr) ? IP_TRUSTED : IP_UNTRUSTED ; | |
440 | +} | |
441 | + | |
442 | +struct addrinfo *ipstr_to_sockaddr(const char *host) | |
443 | +{ | |
444 | + struct addrinfo hints, *res0; | |
445 | + int result; | |
446 | + memset(&hints, 0, sizeof(hints)); | |
447 | + hints.ai_flags = AI_NUMERICHOST | AI_NUMERICSERV; | |
448 | + | |
449 | + result = getaddrinfo(host, NULL, &hints, &res0); | |
450 | + if ( result != 0 ) | |
451 | + { | |
452 | + fprintf(stderr,"could not resolve hostname %s because %s\n", host,gai_strerror(result)); | |
453 | + if (result == EAI_SYSTEM) | |
454 | + perror("The system error is "); | |
455 | + return NULL; | |
456 | + } | |
457 | + else | |
458 | + if (res0==0) | |
459 | + fprintf(stderr, "Problem in resolving hostname %s: succeeded, but no information returned\n", host); | |
460 | + | |
461 | + return res0; | |
462 | +} | |
463 | + | |
464 | + | |
465 | +static void clean_cond_cache(server *srv, connection *con) | |
466 | +{ | |
467 | + size_t i; | |
468 | + | |
469 | + for (i = 0; i < srv->config_context->used; i++) { | |
470 | + data_config *dc = (data_config *)srv->config_context->data[i]; | |
471 | + | |
472 | + if (dc->comp == COMP_HTTP_REMOTEIP) | |
473 | + { | |
474 | + con->cond_cache[i].result = COND_RESULT_UNSET; | |
475 | + con->cond_cache[i].patterncount = 0; | |
476 | + } | |
477 | + } | |
478 | +} | |
479 | + | |
480 | +URIHANDLER_FUNC(mod_extforward_uri_handler) { | |
481 | + plugin_data *p = p_d; | |
482 | + data_string *forwarded = NULL; | |
483 | +#ifdef HAVE_IPV6 | |
484 | + char b2[INET6_ADDRSTRLEN + 1]; | |
485 | +#endif | |
486 | + const char *s; | |
487 | + UNUSED(srv); | |
488 | + mod_extforward_patch_connection(srv, con, p); | |
489 | + | |
490 | +/* log_error_write(srv, __FILE__, __LINE__,"s","mod_extforward_uri_handler called\n"); */ | |
491 | + | |
492 | + /* if the remote ip itself is not trusted , then do nothing */ | |
493 | +#ifdef HAVE_IPV6 | |
494 | + s = inet_ntop(con->dst_addr.plain.sa_family, | |
495 | + con->dst_addr.plain.sa_family == AF_INET6 ? | |
496 | + &(con->dst_addr.ipv6.sin6_addr) : | |
497 | + &(con->dst_addr.ipv4.sin_addr), | |
498 | + b2, | |
499 | + (sizeof b2) - 1); | |
500 | +#else | |
501 | + s = inet_ntoa(con->dst_addr.ipv4.sin_addr); | |
502 | +#endif | |
503 | + if (IP_UNTRUSTED == is_proxy_trusted (s, p) ) | |
504 | + return HANDLER_GO_ON; | |
505 | + | |
506 | + /* log_error_write(srv, __FILE__, __LINE__,"s","remote address is trusted proxy, go on\n");*/ | |
507 | + if (con->request.headers && | |
508 | + ((forwarded = (data_string *) array_get_element(con->request.headers,"X-Forwarded-For")) || | |
509 | + (forwarded = (data_string *) array_get_element(con->request.headers, "Forwarded-For")))) | |
510 | + { | |
511 | + /* log_error_write(srv, __FILE__, __LINE__,"s","found forwarded header\n");*/ | |
512 | + /* found forwarded for header */ | |
513 | + int i; | |
514 | + array *forward_array = extract_forward_array(forwarded->value); | |
515 | + char *real_remote_addr = NULL; | |
516 | +#ifdef HAVE_IPV6 | |
517 | + struct addrinfo *addrlist = NULL; | |
518 | +#endif | |
519 | + /* Testing shows that multiple headers and multiple values in one header | |
520 | + come in _reverse_ order. So the first one we get is the last one in the request. */ | |
521 | + for (i = forward_array->used - 1; i >= 0; i--) | |
522 | + { | |
523 | + data_string *ds = (data_string *) forward_array->data[i]; | |
524 | + if (ds) { | |
525 | +/* log_error_write(srv, __FILE__, __LINE__,"ss","forward",ds->value->ptr); */ | |
526 | + real_remote_addr = ds->value->ptr; | |
527 | + break; | |
528 | + /* LEM: What the hell is this about? | |
529 | + We test whether the forwarded for IP is trusted? | |
530 | + This looks like an ugly hack to handle multiple Forwarded-For's | |
531 | + and avoid those set to our proxies, or something like that. | |
532 | + My testing shows that reverse proxies add a new X-Forwarded-For header, | |
533 | + and we should thus take the last one, which is the first one we see. | |
534 | + | |
535 | + The net result of the old code is that we use the first untrusted IP, | |
536 | + or if all are trusted, the last trusted IP. | |
537 | + That's crazy. So I've disabled this. | |
538 | + */ | |
539 | + /* check whether it is trusted */ | |
540 | +/* if (IP_UNTRUSTED == is_proxy_trusted(ds->value->ptr,p) ) */ | |
541 | +/* break; */ | |
542 | +/* log_error_write(srv, __FILE__, __LINE__,"ss",ds->value->ptr," is trusted."); */ | |
543 | + | |
544 | + } | |
545 | + else { | |
546 | + /* bug ? bailing out here */ | |
547 | + break; | |
548 | + } | |
549 | + } | |
550 | + if (real_remote_addr != NULL) /* parsed */ | |
551 | + { | |
552 | + sock_addr s; | |
553 | + struct addrinfo *addrs_left; | |
554 | +/* log_error_write(srv, __FILE__, __LINE__,"ss","use forward",real_remote_addr); */ | |
555 | +#ifdef HAVE_IPV6 | |
556 | + addrlist = ipstr_to_sockaddr(real_remote_addr); | |
557 | + s.plain.sa_family = AF_UNSPEC; | |
558 | + for (addrs_left = addrlist; addrs_left != NULL; | |
559 | + addrs_left = addrs_left -> ai_next) | |
560 | + { | |
561 | + s.plain.sa_family = addrs_left->ai_family; | |
562 | + if ( s.plain.sa_family == AF_INET ) | |
563 | + { | |
564 | + s.ipv4.sin_addr = ((struct sockaddr_in*)addrs_left->ai_addr)->sin_addr; | |
565 | + break; | |
566 | + } | |
567 | + else if ( s.plain.sa_family == AF_INET6 ) | |
568 | + { | |
569 | + s.ipv6.sin6_addr = ((struct sockaddr_in6*)addrs_left->ai_addr)->sin6_addr; | |
570 | + break; | |
571 | + } | |
572 | + } | |
573 | +#else | |
574 | + s.ipv4.sin_addr.s_addr = inet_addr(real_remote_addr); | |
575 | + s.plain.sa_family = (s.ipv4.sin_addr.s_addr == 0xFFFFFFFF) ? AF_UNSPEC : AF_INET; | |
576 | +#endif | |
577 | + if (s.plain.sa_family != AF_UNSPEC) | |
578 | + { | |
579 | + /* we found the remote address, modify current connection and save the old address */ | |
580 | + if (con->plugin_ctx[p->id]) { | |
581 | + log_error_write(srv, __FILE__, __LINE__,"patching an already patched connection!"); | |
582 | + handler_ctx_free(con->plugin_ctx[p->id]); | |
583 | + con->plugin_ctx[p->id] = NULL; | |
584 | + } | |
585 | + /* save old address */ | |
586 | + con->plugin_ctx[p->id] = handler_ctx_init(con->dst_addr, con->dst_addr_buf); | |
587 | + /* patch connection address */ | |
588 | + con->dst_addr = s; | |
589 | + con->dst_addr_buf = buffer_init(); | |
590 | + buffer_copy_string(con->dst_addr_buf, real_remote_addr); | |
591 | +/* log_error_write(srv, __FILE__, __LINE__,"ss","Set dst_addr_buf to ", real_remote_addr); */ | |
592 | + /* Now, clean the conf_cond cache, because we may have changed the results of tests */ | |
593 | + clean_cond_cache(srv, con); | |
594 | + } | |
595 | +#ifdef HAVE_IPV6 | |
596 | + if (addrlist != NULL ) freeaddrinfo(addrlist); | |
597 | +#endif | |
598 | + } | |
599 | + array_free(forward_array); | |
600 | + } | |
601 | + | |
602 | + /* not found */ | |
603 | + return HANDLER_GO_ON; | |
604 | +} | |
605 | + | |
606 | +CONNECTION_FUNC(mod_extforward_restore) { | |
607 | + plugin_data *p = p_d; | |
608 | + UNUSED(srv); | |
609 | + | |
610 | + /* LEM: This seems completely unuseful, as we are not using | |
611 | + p->conf in this function. Furthermore, it brings a | |
612 | + segfault if one of the conditional configuration | |
613 | + blocks is "SERVER['socket'] == foo", because the | |
614 | + socket is not known yet in the srv/con structure. | |
615 | + */ | |
616 | + /* mod_extforward_patch_connection(srv, con, p); */ | |
617 | + | |
618 | + /* restore this connection's remote ip */ | |
619 | + if (con->plugin_ctx[p->id]) { | |
620 | + handler_ctx *hctx = con->plugin_ctx[p->id]; | |
621 | + con->dst_addr = hctx->saved_remote_addr; | |
622 | + buffer_free(con->dst_addr_buf); | |
623 | + con->dst_addr_buf = hctx->saved_remote_addr_buf; | |
624 | +/* log_error_write(srv, __FILE__, __LINE__,"s","LEM: Reset dst_addr_buf"); */ | |
625 | + handler_ctx_free(hctx); | |
626 | + con->plugin_ctx[p->id] = NULL; | |
627 | + /* Now, clean the conf_cond cache, because we may have changed the results of tests */ | |
628 | + clean_cond_cache(srv, con); | |
629 | + } | |
630 | + return HANDLER_GO_ON; | |
631 | +} | |
632 | + | |
633 | + | |
634 | +/* this function is called at dlopen() time and inits the callbacks */ | |
635 | + | |
636 | +int mod_extforward_plugin_init(plugin *p) { | |
637 | + p->version = LIGHTTPD_VERSION_ID; | |
638 | + p->name = buffer_init_string("extforward"); | |
639 | + | |
640 | + p->init = mod_extforward_init; | |
641 | + p->handle_uri_raw = mod_extforward_uri_handler; | |
642 | + p->handle_request_done = mod_extforward_restore; | |
643 | + p->connection_reset = mod_extforward_restore; | |
644 | + p->set_defaults = mod_extforward_set_defaults; | |
645 | + p->cleanup = mod_extforward_free; | |
646 | + | |
647 | + p->data = NULL; | |
648 | + | |
649 | + return 0; | |
650 | +} | |
651 | + | |
652 | ||
653 | Property changes on: src/mod_extforward.c | |
654 | ___________________________________________________________________ | |
655 | Name: svn:eol-style | |
656 | + native | |
657 | ||
658 | Index: src/Makefile.am | |
659 | =================================================================== | |
99ee3d18 ER |
660 | --- src/Makefile.am (.../tags/lighttpd-1.4.13) (revision 1718) |
661 | +++ src/Makefile.am (.../branches/lighttpd-1.4.x) (revision 1718) | |
cf0fe2e1 ER |
662 | @@ -199,6 +199,11 @@ |
663 | mod_fastcgi_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined | |
664 | mod_fastcgi_la_LIBADD = $(common_libadd) | |
665 | ||
666 | +lib_LTLIBRARIES += mod_extforward.la | |
667 | +mod_extforward_la_SOURCES = mod_extforward.c | |
668 | +mod_extforward_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined | |
669 | +mod_extforward_la_LIBADD = $(common_libadd) | |
670 | + | |
671 | lib_LTLIBRARIES += mod_access.la | |
672 | mod_access_la_SOURCES = mod_access.c | |
673 | mod_access_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined | |
674 | Index: src/network_writev.c | |
675 | =================================================================== | |
99ee3d18 ER |
676 | --- src/network_writev.c (.../tags/lighttpd-1.4.13) (revision 1718) |
677 | +++ src/network_writev.c (.../branches/lighttpd-1.4.x) (revision 1718) | |
cf0fe2e1 ER |
678 | @@ -55,7 +55,7 @@ |
679 | const size_t max_chunks = MAX_IOVEC; | |
680 | #elif defined(UIO_MAXIOV) /* Linux x86 (glibc-2.2.5-233) */ | |
681 | const size_t max_chunks = UIO_MAXIOV; | |
682 | -#elif (defined(__FreeBSD__) && __FreeBSD_version < 500000) /* FreeBSD 4.x */ | |
683 | +#elif (defined(__FreeBSD__) && __FreeBSD_version < 500000) || defined(__DragonFly__) /* FreeBSD 4.x */ | |
684 | const size_t max_chunks = 1024; /* UIO_MAXIOV value from sys/uio.h */ | |
685 | #else | |
686 | #error "sysconf() doesnt return _SC_IOV_MAX ..., check the output of 'man writev' for the EINVAL error and send the output to jan@kneschke.de" | |
a26d5970 ER |
687 | Index: src/mod_expire.c |
688 | =================================================================== | |
99ee3d18 ER |
689 | --- src/mod_expire.c (.../tags/lighttpd-1.4.13) (revision 1718) |
690 | +++ src/mod_expire.c (.../branches/lighttpd-1.4.x) (revision 1718) | |
a26d5970 ER |
691 | @@ -85,7 +85,7 @@ |
692 | /* | |
693 | * parse | |
694 | * | |
695 | - * '(access|modification) [plus] {<num> <type>}*' | |
696 | + * '(access|now|modification) [plus] {<num> <type>}*' | |
697 | * | |
698 | * e.g. 'access 1 years' | |
699 | */ | |
700 | @@ -101,6 +101,9 @@ | |
701 | if (0 == strncmp(ts, "access ", 7)) { | |
702 | type = 0; | |
703 | ts += 7; | |
704 | + } else if (0 == strncmp(ts, "now ", 4)) { | |
705 | + type = 0; | |
706 | + ts += 4; | |
707 | } else if (0 == strncmp(ts, "modification ", 13)) { | |
708 | type = 1; | |
709 | ts += 13; | |
710 | @@ -116,7 +119,7 @@ | |
711 | ts += 5; | |
712 | } | |
4eb11136 | 713 | |
a26d5970 ER |
714 | - /* the rest is just <number> (years|months|days|hours|minutes|seconds) */ |
715 | + /* the rest is just <number> (years|months|weeks|days|hours|minutes|seconds) */ | |
716 | while (1) { | |
717 | char *space, *err; | |
718 | int num; | |
719 | @@ -148,6 +151,9 @@ | |
720 | } else if (slen == 6 && | |
721 | 0 == strncmp(ts, "months", slen)) { | |
722 | num *= 60 * 60 * 24 * 30; | |
723 | + } else if (slen == 5 && | |
724 | + 0 == strncmp(ts, "weeks", slen)) { | |
725 | + num *= 60 * 60 * 24 * 7; | |
726 | } else if (slen == 4 && | |
727 | 0 == strncmp(ts, "days", slen)) { | |
728 | num *= 60 * 60 * 24; | |
729 | @@ -174,6 +180,8 @@ | |
730 | num *= 60 * 60 * 24 * 30 * 12; | |
731 | } else if (0 == strcmp(ts, "months")) { | |
732 | num *= 60 * 60 * 24 * 30; | |
733 | + } else if (0 == strcmp(ts, "weeks")) { | |
734 | + num *= 60 * 60 * 24 * 7; | |
735 | } else if (0 == strcmp(ts, "days")) { | |
736 | num *= 60 * 60 * 24; | |
737 | } else if (0 == strcmp(ts, "hours")) { | |
738 | Index: src/network_freebsd_sendfile.c | |
739 | =================================================================== | |
99ee3d18 ER |
740 | --- src/network_freebsd_sendfile.c (.../tags/lighttpd-1.4.13) (revision 1718) |
741 | +++ src/network_freebsd_sendfile.c (.../branches/lighttpd-1.4.x) (revision 1718) | |
a26d5970 | 742 | @@ -25,7 +25,7 @@ |
2519e6e5 ER |
743 | |
744 | ||
a26d5970 ER |
745 | #ifndef UIO_MAXIOV |
746 | -# ifdef __FreeBSD__ | |
747 | +# if defined(__FreeBSD__) || defined(__DragonFly__) | |
748 | /* FreeBSD 4.7, 4.9 defined it in sys/uio.h only if _KERNEL is specified */ | |
749 | # define UIO_MAXIOV 1024 | |
750 | # endif | |
751 | Index: src/http_auth.c | |
752 | =================================================================== | |
99ee3d18 ER |
753 | --- src/http_auth.c (.../tags/lighttpd-1.4.13) (revision 1718) |
754 | +++ src/http_auth.c (.../branches/lighttpd-1.4.x) (revision 1718) | |
a26d5970 ER |
755 | @@ -733,8 +733,9 @@ |
756 | } | |
757 | } | |
4eb11136 | 758 | |
a26d5970 ER |
759 | + if (p->conf.auth_ldap_allow_empty_pw != 1 && pw[0] == '\0') |
760 | + return -1; | |
2519e6e5 | 761 | |
a26d5970 ER |
762 | - |
763 | /* build filter */ | |
764 | buffer_copy_string_buffer(p->ldap_filter, p->conf.ldap_filter_pre); | |
765 | buffer_append_string_buffer(p->ldap_filter, username); | |
766 | Index: src/http_auth.h | |
767 | =================================================================== | |
99ee3d18 ER |
768 | --- src/http_auth.h (.../tags/lighttpd-1.4.13) (revision 1718) |
769 | +++ src/http_auth.h (.../branches/lighttpd-1.4.x) (revision 1718) | |
a26d5970 ER |
770 | @@ -36,6 +36,7 @@ |
771 | buffer *auth_ldap_filter; | |
772 | buffer *auth_ldap_cafile; | |
773 | unsigned short auth_ldap_starttls; | |
774 | + unsigned short auth_ldap_allow_empty_pw; | |
1175ccec | 775 | |
a26d5970 | 776 | unsigned short auth_debug; |
1175ccec | 777 | |
a26d5970 ER |
778 | Index: src/mod_auth.c |
779 | =================================================================== | |
99ee3d18 ER |
780 | --- src/mod_auth.c (.../tags/lighttpd-1.4.13) (revision 1718) |
781 | +++ src/mod_auth.c (.../branches/lighttpd-1.4.x) (revision 1718) | |
a26d5970 ER |
782 | @@ -113,6 +113,7 @@ |
783 | PATCH(auth_ldap_filter); | |
784 | PATCH(auth_ldap_cafile); | |
785 | PATCH(auth_ldap_starttls); | |
786 | + PATCH(auth_ldap_allow_empty_pw); | |
787 | #ifdef USE_LDAP | |
788 | PATCH(ldap); | |
789 | PATCH(ldap_filter_pre); | |
790 | @@ -160,6 +161,8 @@ | |
791 | PATCH(auth_ldap_cafile); | |
792 | } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.starttls"))) { | |
793 | PATCH(auth_ldap_starttls); | |
794 | + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.allow-empty-pw"))) { | |
795 | + PATCH(auth_ldap_allow_empty_pw); | |
796 | } | |
797 | } | |
798 | } | |
799 | @@ -312,6 +315,7 @@ | |
800 | { "auth.backend.ldap.starttls", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, | |
801 | { "auth.backend.ldap.bind-dn", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, | |
802 | { "auth.backend.ldap.bind-pw", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 10 */ | |
803 | + { "auth.backend.ldap.allow-empty-pw", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, | |
804 | { "auth.backend.htdigest.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, | |
805 | { "auth.backend.htpasswd.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, | |
806 | { "auth.debug", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 13 */ | |
807 | @@ -359,11 +363,12 @@ | |
808 | cv[6].destination = s->auth_ldap_filter; | |
809 | cv[7].destination = s->auth_ldap_cafile; | |
810 | cv[8].destination = &(s->auth_ldap_starttls); | |
811 | - cv[9].destination = s->auth_ldap_binddn; | |
812 | - cv[10].destination = s->auth_ldap_bindpw; | |
813 | - cv[11].destination = s->auth_htdigest_userfile; | |
814 | - cv[12].destination = s->auth_htpasswd_userfile; | |
815 | - cv[13].destination = &(s->auth_debug); | |
816 | + cv[9].destination = s->auth_ldap_binddn; | |
817 | + cv[10].destination = s->auth_ldap_bindpw; | |
818 | + cv[11].destination = &(s->auth_ldap_allow_empty_pw); | |
819 | + cv[12].destination = s->auth_htdigest_userfile; | |
820 | + cv[13].destination = s->auth_htpasswd_userfile; | |
821 | + cv[14].destination = &(s->auth_debug); | |
52083199 | 822 | |
a26d5970 ER |
823 | p->config_storage[i] = s; |
824 | ca = ((data_config *)srv->config_context->data[i])->value; | |
99ee3d18 ER |
825 | Index: src/http-header-glue.c |
826 | =================================================================== | |
827 | --- src/http-header-glue.c (.../tags/lighttpd-1.4.13) (revision 1718) | |
828 | +++ src/http-header-glue.c (.../branches/lighttpd-1.4.x) (revision 1718) | |
829 | @@ -148,7 +148,7 @@ | |
830 | char dst[INET6_ADDRSTRLEN]; | |
831 | ||
832 | log_error_write(srv, __FILE__, __LINE__, | |
833 | - "SSSS", "NOTICE: getnameinfo failed: ", | |
834 | + "SSS", "NOTICE: getnameinfo failed: ", | |
835 | strerror(errno), ", using ip-address instead"); | |
836 | ||
837 | buffer_append_string(o, | |
838 | @@ -162,7 +162,7 @@ | |
839 | case AF_INET: | |
840 | if (NULL == (he = gethostbyaddr((char *)&our_addr.ipv4.sin_addr, sizeof(struct in_addr), AF_INET))) { | |
841 | log_error_write(srv, __FILE__, __LINE__, | |
842 | - "SdSS", "NOTICE: gethostbyaddr failed: ", | |
843 | + "SdS", "NOTICE: gethostbyaddr failed: ", | |
844 | h_errno, ", using ip-address instead"); | |
845 | ||
846 | buffer_append_string(o, inet_ntoa(our_addr.ipv4.sin_addr)); | |
a26d5970 ER |
847 | Index: src/mod_fastcgi.c |
848 | =================================================================== | |
99ee3d18 ER |
849 | --- src/mod_fastcgi.c (.../tags/lighttpd-1.4.13) (revision 1718) |
850 | +++ src/mod_fastcgi.c (.../branches/lighttpd-1.4.x) (revision 1718) | |
a26d5970 ER |
851 | @@ -275,6 +275,7 @@ |
852 | buffer *key; /* like .php */ | |
4eb11136 | 853 | |
a26d5970 ER |
854 | int note_is_sent; |
855 | + int last_used_ndx; | |
2519e6e5 | 856 | |
a26d5970 | 857 | fcgi_extension_host **hosts; |
1175ccec | 858 | |
a26d5970 ER |
859 | @@ -563,6 +564,7 @@ |
860 | fe = calloc(1, sizeof(*fe)); | |
861 | assert(fe); | |
862 | fe->key = buffer_init(); | |
863 | + fe->last_used_ndx = -1; | |
864 | buffer_copy_string_buffer(fe->key, key); | |
1175ccec | 865 | |
a26d5970 ER |
866 | /* */ |
867 | @@ -2365,6 +2367,7 @@ | |
868 | * check how much we have to read | |
869 | */ | |
870 | if (ioctl(hctx->fd, FIONREAD, &toread)) { | |
cf0fe2e1 | 871 | + if (errno == EAGAIN) return 0; |
a26d5970 ER |
872 | log_error_write(srv, __FILE__, __LINE__, "sd", |
873 | "unexpected end-of-file (perhaps the fastcgi process died):", | |
874 | fcgi_fd); | |
875 | @@ -2375,12 +2378,23 @@ | |
2519e6e5 | 876 | |
a26d5970 ER |
877 | if (toread > 0) { |
878 | buffer *b; | |
879 | + chunk *cq_first = hctx->rb->first; | |
880 | + chunk *cq_last = hctx->rb->last; | |
881 | ||
882 | b = chunkqueue_get_append_buffer(hctx->rb); | |
883 | buffer_prepare_copy(b, toread + 1); | |
884 | ||
885 | /* append to read-buffer */ | |
886 | if (-1 == (r = read(hctx->fd, b->ptr, toread))) { | |
cf0fe2e1 | 887 | + if (errno == EAGAIN) { |
a26d5970 ER |
888 | + /* roll back the last chunk allocation, |
889 | + and continue on next iteration */ | |
890 | + buffer_free(hctx->rb->last->mem); | |
891 | + free(hctx->rb->last); | |
892 | + hctx->rb->first = cq_first; | |
893 | + hctx->rb->last = cq_last; | |
894 | + return 0; | |
895 | + } | |
896 | log_error_write(srv, __FILE__, __LINE__, "sds", | |
897 | "unexpected end-of-file (perhaps the fastcgi process died):", | |
898 | fcgi_fd, strerror(errno)); | |
899 | @@ -2393,6 +2407,7 @@ | |
900 | b->used = r + 1; /* one extra for the fake \0 */ | |
901 | b->ptr[b->used - 1] = '\0'; | |
902 | } else { | |
cf0fe2e1 | 903 | + if (errno == EAGAIN) return 0; |
a26d5970 ER |
904 | log_error_write(srv, __FILE__, __LINE__, "ssdsb", |
905 | "unexpected end-of-file (perhaps the fastcgi process died):", | |
906 | "pid:", proc->pid, | |
907 | @@ -2499,6 +2514,8 @@ | |
908 | } | |
909 | break; | |
910 | case FCGI_STDERR: | |
911 | + if (packet.len == 0) break; | |
2519e6e5 | 912 | + |
a26d5970 ER |
913 | log_error_write(srv, __FILE__, __LINE__, "sb", |
914 | "FastCGI-stderr:", packet.b); | |
2519e6e5 | 915 | |
a26d5970 ER |
916 | @@ -2979,17 +2996,23 @@ |
917 | size_t k; | |
918 | int ndx, used = -1; | |
919 | ||
920 | - /* get best server */ | |
921 | - for (k = 0, ndx = -1; k < hctx->ext->used; k++) { | |
922 | - host = hctx->ext->hosts[k]; | |
923 | + /* check if the next server has no load. */ | |
924 | + ndx = hctx->ext->last_used_ndx + 1; | |
925 | + if(ndx >= hctx->ext->used || ndx < 0) ndx = 0; | |
926 | + host = hctx->ext->hosts[ndx]; | |
927 | + if (host->load > 0) { | |
928 | + /* get backend with the least load. */ | |
929 | + for (k = 0, ndx = -1; k < hctx->ext->used; k++) { | |
930 | + host = hctx->ext->hosts[k]; | |
931 | ||
932 | - /* we should have at least one proc that can do something */ | |
933 | - if (host->active_procs == 0) continue; | |
934 | + /* we should have at least one proc that can do something */ | |
935 | + if (host->active_procs == 0) continue; | |
936 | ||
937 | - if (used == -1 || host->load < used) { | |
938 | - used = host->load; | |
939 | + if (used == -1 || host->load < used) { | |
940 | + used = host->load; | |
2519e6e5 | 941 | |
a26d5970 ER |
942 | - ndx = k; |
943 | + ndx = k; | |
944 | + } | |
945 | } | |
2519e6e5 | 946 | } |
2519e6e5 | 947 | |
a26d5970 ER |
948 | @@ -3005,6 +3028,7 @@ |
949 | return HANDLER_FINISHED; | |
2519e6e5 | 950 | } |
2519e6e5 | 951 | |
a26d5970 ER |
952 | + hctx->ext->last_used_ndx = ndx; |
953 | host = hctx->ext->hosts[ndx]; | |
2519e6e5 | 954 | |
a26d5970 ER |
955 | /* |
956 | Index: src/server.c | |
957 | =================================================================== | |
99ee3d18 ER |
958 | --- src/server.c (.../tags/lighttpd-1.4.13) (revision 1718) |
959 | +++ src/server.c (.../branches/lighttpd-1.4.x) (revision 1718) | |
a26d5970 ER |
960 | @@ -163,6 +163,7 @@ |
961 | #undef CLEAN | |
2519e6e5 | 962 | |
a26d5970 ER |
963 | for (i = 0; i < FILE_CACHE_MAX; i++) { |
964 | + srv->mtime_cache[i].mtime = (time_t)-1; | |
965 | srv->mtime_cache[i].str = buffer_init(); | |
2519e6e5 | 966 | } |
2519e6e5 | 967 | |
a26d5970 ER |
968 | @@ -1231,6 +1232,19 @@ |
969 | srv_socket->fd = -1; | |
2519e6e5 | 970 | |
a26d5970 | 971 | /* network_close() will cleanup after us */ |
2519e6e5 | 972 | + |
a26d5970 ER |
973 | + if (srv->srvconf.pid_file->used && |
974 | + srv->srvconf.changeroot->used == 0) { | |
975 | + if (0 != unlink(srv->srvconf.pid_file->ptr)) { | |
976 | + if (errno != EACCES && errno != EPERM) { | |
977 | + log_error_write(srv, __FILE__, __LINE__, "sbds", | |
978 | + "unlink failed for:", | |
979 | + srv->srvconf.pid_file, | |
980 | + errno, | |
981 | + strerror(errno)); | |
982 | + } | |
983 | + } | |
984 | + } | |
985 | } | |
986 | } | |
2519e6e5 | 987 | |
a26d5970 ER |
988 | @@ -1335,7 +1349,8 @@ |
989 | } | |
2519e6e5 | 990 | |
a26d5970 ER |
991 | if (srv->srvconf.pid_file->used && |
992 | - srv->srvconf.changeroot->used == 0) { | |
993 | + srv->srvconf.changeroot->used == 0 && | |
994 | + 0 == graceful_shutdown) { | |
995 | if (0 != unlink(srv->srvconf.pid_file->ptr)) { | |
996 | if (errno != EACCES && errno != EPERM) { | |
997 | log_error_write(srv, __FILE__, __LINE__, "sbds", | |
cf0fe2e1 ER |
998 | Index: doc/extforward.txt |
999 | =================================================================== | |
1000 | --- doc/extforward.txt (.../tags/lighttpd-1.4.13) (revision 0) | |
99ee3d18 | 1001 | +++ doc/extforward.txt (.../branches/lighttpd-1.4.x) (revision 1718) |
cf0fe2e1 ER |
1002 | @@ -0,0 +1,96 @@ |
1003 | +============== | |
1004 | +mod_extforward | |
1005 | +============== | |
1006 | + | |
1007 | +.. contents:: | |
1008 | + | |
1009 | +Overview | |
1010 | +======== | |
1011 | + | |
1012 | +Comman Kang <comman.kang at gmail.com> sent me: :: | |
1013 | + | |
1014 | + Hello jan. | |
1015 | + | |
1016 | + I've made something rough but similar to mod_extract_forwarded for | |
1017 | + Apache. This module will extract the client's "real" ip from | |
1018 | + X-Forwarded-For header which is added by squid or other proxies. It might be | |
1019 | + useful for servers behind reverse proxy servers. | |
1020 | + | |
1021 | + However, this module is causing segfault with mod_ssl or | |
1022 | + $HTTP{''socket"} directive, crashing in config_check_cond while patching | |
1023 | + connection , I do not understand architecture of the lighttpd well, does it | |
1024 | + need to call patch_connection in either handle_request_done and | |
1025 | + connection_reset ? | |
1026 | + | |
1027 | +Lionel Elie Mamane <lionel@mamane.lu> improved the patch: :: | |
1028 | + | |
1029 | + I've taken lighttpd-1.4.10-mod_extforward.c from the wiki and I've | |
1030 | + extended it. Here is the result. | |
1031 | + | |
1032 | + Major changes: | |
1033 | + | |
1034 | + - IPv6 support | |
1035 | + | |
1036 | + - Fixed at least one segfault with SERVER['socket'] | |
1037 | + | |
1038 | + - Arrange things so that a url.access-deny under scope of a | |
1039 | + HTTP['remoteip'] condition works well :) | |
1040 | + | |
1041 | + I've commented the code in some places, mostly where I wasn't sure | |
1042 | + what was going on, or I didn't see what the original author meant to | |
1043 | + do. | |
1044 | + | |
1045 | +Options | |
1046 | +======= | |
1047 | + | |
1048 | +extforward.forwarder | |
1049 | + Sets trust level of proxy IP's. | |
1050 | + | |
1051 | + Default: empty | |
1052 | + | |
1053 | + Example: :: | |
1054 | + | |
1055 | + extforward.forwarder = ("10.0.0.232" => "trust") | |
1056 | + | |
1057 | + will translate ip addresses coming from 10.0.0.232 to real ip addresses extracted from X-Forwarded-For: HTTP request header. | |
1058 | + | |
1059 | +Note | |
1060 | +======= | |
1061 | + | |
1062 | +The effect of this module is variable on $HTTP["remotip"] directives and other module's remote ip dependent actions. | |
1063 | +Things done by modules before we change the remoteip or after we reset it will match on the proxy's IP. | |
1064 | +Things done in between these two moments will match on the real client's IP. | |
1065 | +The moment things are done by a module depends on in which hook it does things and within the same hook | |
1066 | +on whether they are before/after us in the module loading order | |
1067 | +(order in the server.modules directive in the config file). | |
1068 | + | |
1069 | +Tested behaviours: | |
1070 | + | |
1071 | + mod_access: Will match on the real client. | |
1072 | + | |
1073 | + mod_accesslog: | |
1074 | + In order to see the "real" ip address in access log , | |
1075 | + you'll have to load mod_extforward after mod_accesslog. | |
1076 | + like this: :: | |
1077 | + | |
1078 | + server.modules = ( | |
1079 | + ..... | |
1080 | + mod_accesslog, | |
1081 | + mod_extforward | |
1082 | + ) | |
1083 | + | |
1084 | +Samples | |
1085 | +======= | |
1086 | + | |
1087 | +Trust proxy 10.0.0.232 and 10.0.0.232 :: | |
1088 | + | |
1089 | + extforward.forwarder = ( | |
1090 | + "10.0.0.232" => "trust", | |
1091 | + "10.0.0.233" => "trust", | |
1092 | + ) | |
1093 | + | |
1094 | +Trust all proxies (NOT RECOMMENDED!) :: | |
1095 | + | |
1096 | + extforward.forwarder = ( "all" => "trust") | |
1097 | + | |
1098 | +Note that "all" has precedence over specific entries, so "all except" setups will not work. | |
1099 | Index: doc/Makefile.am | |
1100 | =================================================================== | |
99ee3d18 ER |
1101 | --- doc/Makefile.am (.../tags/lighttpd-1.4.13) (revision 1718) |
1102 | +++ doc/Makefile.am (.../branches/lighttpd-1.4.x) (revision 1718) | |
cf0fe2e1 ER |
1103 | @@ -6,6 +6,7 @@ |
1104 | cgi.txt \ | |
1105 | compress.txt \ | |
1106 | configuration.txt \ | |
1107 | +extforward.txt \ | |
1108 | fastcgi-state.txt \ | |
1109 | fastcgi.txt \ | |
1110 | features.txt \ | |
1111 | @@ -43,6 +44,7 @@ | |
1112 | cgi.html \ | |
1113 | compress.html \ | |
1114 | configuration.html \ | |
1115 | + extforward.html \ | |
1116 | fastcgi-state.html \ | |
1117 | fastcgi.html \ | |
1118 | features.html \ | |
1119 | Index: NEWS | |
1120 | =================================================================== | |
99ee3d18 ER |
1121 | --- NEWS (.../tags/lighttpd-1.4.13) (revision 1718) |
1122 | +++ NEWS (.../branches/lighttpd-1.4.x) (revision 1718) | |
1123 | @@ -3,6 +3,23 @@ | |
cf0fe2e1 ER |
1124 | NEWS |
1125 | ==== | |
1126 | ||
1127 | +- 1.4.14 - ??? | |
1128 | + * added mod_extforward module [1665] | |
99ee3d18 ER |
1129 | + * added HTTPS=on to the environment of cgi scripts (#861) |
1130 | + * fix handling of 303 #1045 | |
1131 | + * made the configure check for lua more portable [1677] | |
1132 | + * fix http 500 errors (colin.stephen/at/o2.com) #1041 | |
1133 | + * prevent wrong pidfile unlinking on graceful restart (Chris Webb) [1656] | |
1134 | + * ignore empty packets from STDERR stream. #998 | |
1135 | + * fix a crash for files with an mtime of 0 reported by cubiq on irc [1519] | |
1136 |