Commit Graph

2331 Commits

Author SHA1 Message Date
Glenn Strauss 6f75cdddda [build] autotools use AC_PROG_CC_STDC macro
autotools now use AC_PROG_CC_STDC macro instead of -std=gnu99.
The default in current modern gcc compilers is -std=gnu11

(Note: src/CMakeLists.txt and SConstruct still specify -std=gnu99)
2017-05-15 22:02:33 -04:00
Glenn Strauss 1e8147fc3a [build] -Werror if --enable-extra-warnings=error
enable -Werror if ./configure --enable-extra-warnings=error

   "Fix warnings"
2017-05-15 22:02:33 -04:00
Gaël PORTAY e8498bbfcc [core] silence compiler warnings if !HAVE_FORK
silence compiler warnings if HAVE_FORK is not set

However, if HAVE_FORK is not set, then -Werror was probably passed to
./configure, which is currently a mistake.  lighttpd can successfully
compiles src/ with -Werror on many platforms, but ./configure tests
should not be run with -Werror. [gstrauss]

github: closes #81

   "Fix warnings"
2017-05-15 22:02:33 -04:00
Glenn Strauss 7a27d5eff5 [core] buffer to disk streaming to slow backends
buffer input to disk when streaming request body to slow backends
2017-05-15 22:02:33 -04:00
Glenn Strauss 574fb562f1 [mod_cgi] basic support for Upgrade: websocket
transition to transparent gateway for e.g. Upgrade: websocket


disabled by default
enabled with cgi.upgrade = "enable"
2017-05-15 22:02:33 -04:00
Glenn Strauss b641850376 [core] optional condition in config "else" clause (fixes #1268)
  "condition should be optional in "else" clause in configuration file"
2017-05-15 22:02:33 -04:00
Glenn Strauss 86bb8be2c8 [core] perf: skip redundant strlen() if len known
performance: skip redundant strlen() if length is already known

introduce array_get_element_klen() to take key and klen params
2017-05-15 22:02:33 -04:00
Glenn Strauss 07cde2cf0b [core] set server.max-keep-alive-requests = 100 (fixes #2205)
median webpage in today's day and age contains 75-100 requests per page
so increasing the default server.max-keep-alive-requests in lighttpd
from 16 is more than warranted

  "set server.max-keep-alive-requests = 100"
2017-05-15 22:02:32 -04:00
Glenn Strauss 8913dc4e59 [mod_extforward] compile on OSX
define MSG_DONTWAIT and MSG_NOSIGNAL to be no-ops on platforms
without support.  (fd should already be configured O_NONBLOCK
and SIGPIPE signal is configured to be ignored)

(thx avij and wardw)
2017-05-15 22:02:32 -04:00
Glenn Strauss 14656f8f89 [mod_proxy] basic support for Upgrade: websocket (fixes #2811)
transition to transparent proxy for e.g. Upgrade: websocket


disabled by default
enabled with proxy.header = ( "upgrade" => "enable" )

  "proxy Upgrade: websocket"
2017-05-15 22:02:04 -04:00
Glenn Strauss 316e959b4d [core] prep mod transitions to transparent proxy
prep mod_proxy,mod_fastcgi,mod_scgi for transition to transparent proxy
2017-05-14 00:09:23 -04:00
Glenn Strauss dfc1603c4b [core] fix crash for invalid syntax in config file (fixes #2810)
fix crash for invalid syntax in config file for server.modules

  "Missing array entry type check in config_insert (configfile.c), SIGSEGV"
2017-05-14 00:09:23 -04:00
Stefan Bühler 9752620792 [core] configparser: fix resource handling in error cases (fixes #2809)
- lemon never calls the destructor for variables on the RHS, make sure
  to manually clean up
- outside `if (ctx->ok) { }` always check for NULL pointers, i.e:
  - if (x) x->free(x)
  - buffer_free and array_free check for NULL on their own
- cleanup RHS variables below `if (ctx->ok) { }` at the bottom
  - set variables to NULL before if ownership gets passed on
- move some buffers instead of copying them

  "Memory corruption in yy_reduce (configparser.y), SIGSEGV"
2017-05-14 00:09:23 -04:00
Glenn Strauss a48d65c8a5 [core] remove redundant resets of fde_ndx
after initialization, value of fde_ndx should be managed by fdevent.c
2017-05-14 00:09:23 -04:00
Glenn Strauss e685ef70f1 [core] act as transparent proxy after con Upgrade 2017-05-14 00:09:23 -04:00
Glenn Strauss 28851b2cdf [core] skip socket shutdown() if con->fd negative
(allow for future module(s) which give fd away over unix domain socket)
2017-05-10 23:21:15 -04:00
Glenn Strauss c66e826978 [mod_proxy,mod_scgi] fix truncated error trace 2017-05-10 23:21:15 -04:00
Glenn Strauss 77509ed087 [mod_fastcgi] consolidate backend read code
Use same funcs as other dynamic handlers to recv data from backend.
Add hook for fastcgi to process FastCGI packets (and other future
dynamic handlers may hook this in order to handle custom data framing)
2017-05-10 23:21:15 -04:00
Glenn Strauss e622aa4114 [mod_uploadprogress] handle query str progress ID (fixes #2808)
  "mod_uploadprogress fails when using parameters"
2017-05-07 14:34:32 -04:00
Glenn Strauss 036d3d3d66 [mod_proxy] simple host/url mapping in headers (fixes #152)
Provide a simple mechanism for mapping host and urlpath header strings
in proxied request and response well-known headers.  This *is not*
intended as a one-size-fits-all, infinitely extensible, regex rewriting
engine.  Instead, the proxy.header directive aims to provide built-in
functionality in mod_proxy for a few common use cases by performing
simple host matching or urlpath prefix matching, and using the
mapping of the first match.  More complex use cases could possibly be
handled by a custom lighttpd module (which does not currently exist).

Note: the contents of the HTTP request-line and HTTP headers may or
may not be in normalized canonical forms, which may or may not influence
the simple matching performed.  Admins should take care to provide safe
defaults (fail closed) if mapping is expected to occur and blindly
passing non-mapped requests is undesirable.

proxy.header = (
    #"map-host-request" => (
        #"-" => "...",#replace provided given Host request authority
        #"..." => "-",#preserve existing authority (no further matching)
        #"..." => "", #preserve existing authority (no further matching)
        #             #(equivalent to "xxx" => "xxx")
        #"xxx" => "yyy", #map one string ("xxx") to another ("yyy")
    #"map-host-response" => (
        #"-" => "...",#replace authority used in backend request
        #"..." => "-",#replace with original authority
        #"..." => "", #preserve existing authority (no further matching)
        #             #(equivalent to "xxx" => "xxx")
        #"xxx" => "yyy", #map one string ("xxx") to another ("yyy")
    #"map-urlpath" => (
        #"/xxx"  => "/yyy",#map one urlpath prefix to another
        #"/xxx/" => "/",   #map one urlpath prefix to another
        #"/xxx"  => "",    #map one urlpath prefix to another
        #"/key"  => "/value",
        # Note: request headers have matching "key" prefix replaced with
        # "value", and response headers have matching "value" prefix
        # replaced with "key", with a pre-test of the "value" from the
        # first-matched "key" in request headers (if there was a match)
    #"https-remap" => "enable",
        # For https requests from client, map https:// to http://
        # when map-host-request matches URI in request, and map http://
        # to https:// when map-host-response matches URI in response.
        # (mod_proxy currently sends all backend requests as http)

  "feature to remove part of the URI when passing along requests..."
2017-05-07 14:34:32 -04:00
Glenn Strauss 1465cf80f9 [core] calloc plugin_config for consistent init 2017-04-30 20:38:03 -04:00
Glenn Strauss 9c0ef6876d [core] permit strings,ints,arrays in config array
(modules may implement more particular restrictions)

  "[mod_proxy] forwarded is a string array only"
2017-04-28 18:51:15 -04:00
Glenn Strauss b23065e547 [mod_accesslog] flag high precision ts for %T (fixes #2807)
flag high precision ts for %T after parsing %{xxx}T config

  "%D and %{UNIT}T of mod_accesslog do not work as expected"
2017-04-26 15:16:01 -04:00
Glenn Strauss 45bb2c1f59 [core] permit strings and integers in config array
(modules may implement more particular restrictions)

github: closes #80
2017-04-26 00:38:20 -04:00
Gaël PORTAY 589faeef63 [core] fix build issue without ipv6 support
This patch fixes the build issue introduced with when code has been
shared in commit a448886485.

	http-header-glue.c: In function 'http_cgi_headers':
	http-header-glue.c:1555:39: error: 'b2' undeclared (first use in this function)
	http-header-glue.c:1555:39: note: each undeclared identifier is reported only once for each function it appears in

github: closes #79
2017-04-26 00:38:04 -04:00
Glenn Strauss 40f72a41b9 [core] omit default port from normalized host str
omit default scheme port from normalized host string
2017-04-25 11:12:53 -04:00
Glenn Strauss 440b371997 [mod_proxy] fix backslash escaping
(thx gportay)
2017-04-25 01:04:36 -04:00
Glenn Strauss 2986221cab [core] sys-strings.h abstraction for strings.h 2017-04-24 10:14:17 -04:00
Glenn Strauss 05c34ce464 [core] buffer_substr_replace() 2017-04-24 02:38:30 -04:00
Glenn Strauss ac143ead29 [core] inline simple buffer is empty checks 2017-04-24 02:37:10 -04:00
Glenn Strauss 8641d1b03f [core] no SOCK_CLOEXEC on Linux kernel < 2.6.27
Linux kernels < 2.6.27 (old!) might return EINVAL if SOCK_CLOEXEC used

2017-04-15 17:46:25 -04:00
Glenn Strauss 9e46b8ea25 [core] extend mimetype search w/o leading '.'
repeat extension search without leading '.' to handle situation
where admin configured mimetype.assign keys without leading '.'
2017-04-15 12:44:11 -04:00
Glenn Strauss a434a3fab0 [mod_openssl] free local_send_buffer at exit 2017-04-15 03:42:28 -04:00
Glenn Strauss ba679290f9 [core] inet_ntop_cache now 4-element cache
(round-robin replacement; fixes what was effectively a 1-element cache)
2017-04-15 03:42:28 -04:00
Glenn Strauss 0cc7556aec [core] perf: stat_cache_mimetype_by_ext()
shared code to get mimetype string via longest extension match
(attempts to match file basename, then longest ext, then "")

Note: this is a behavior change from simple suffix match
      if there are 16 or more entries in mimetypes.assign
2017-04-15 03:42:28 -04:00
Glenn Strauss 8e97c84c0f [core] fix stat_cache initialization error
fix stat_cache initialization error (coverity identified memory leak)
  (bug introduced when moving stat_cache_init code from server.c to

quell insignificant coverity warning in mod_extforward
2017-04-11 13:17:54 -04:00
Glenn Strauss bd0b2592d1 [mod_extforward] fix typos in Forwarded handling
also: add commented-out code for potentially creating X-Forwarded-For
from Forwarded, if X-Forwarded-For is not present.
2017-04-09 12:57:56 -04:00
Glenn Strauss 78cc72726d [mod_extforward] support HAProxy "PROXY" protocol (fixes #2804)
experimental support to receive requests via HAProxy "PROXY" protocol

  "The PROXY protocol - Versions 1 & 2"
  "support (HAProxy) PROXY protocol for receiving requests"
2017-04-07 02:31:13 -04:00
Glenn Strauss e33ec75999 [core] save connection-level proto in con->proto
The per-request scheme starts with con->proto (e.g. "http")
and can later be changed per-request by mod_extforward or mod_magnet
2017-04-06 00:22:42 -04:00
Glenn Strauss a448886485 [core] inet_pton(), inet_ntop() on (sock_addr *)
shared code to provide inet_pton() and inet_ntop() behavior on
lighttpd (sock_addr *) and (buffer *) data structures.
2017-04-06 00:22:42 -04:00
Glenn Strauss b2e2d42c83 [mod_proxy] support Forwarded HTTP Extension (fixes #2703)
To enable "Forwarded", must enable which params to include.
The recommended set is "for" and "proto" unless other params
are required and proper security precautions have been taken.
proxy.forwarded = ( "for" => 1,
                    "proto" => 1,
                    #"host" => 1,
                    #"by" => 1,
                    #"remote_user" => 1,

See for info about "Forwarded"

  "Forwarded HTTP Extension"
  "Forward authenticated user to proxied requests"
2017-04-06 00:22:42 -04:00
Glenn Strauss 371e1bf723 [mod_extforward] support Forwarded HTTP Extension (#2703)
enable with, e.g.:
extforward.headers = ( "Forwarded" )
extforward.headers = ( "Forwarded", "X-Forwarded-For" )
extforward.headers = ( "Forwarded", "X-Forwarded-For", "Forwarded-For" )

The default remains:
extforward.headers = ( "X-Forwarded-For", "Forwarded-For" )

Support for "Forwarded" is not enabled by default since intermediate
proxies might not be aware of Forwarded, and might therefore pass
spoofed Forwarded header received from client.

extforward.params = ( # overwrite "Host" with Forwarded value
                      #"host" => 1
                      # set REMOTE_USER with Forwarded value
                      #"remote_user" => 1
Note: be cautious configuring trusted proxies if enabling these options
since Forwarded header may be spoofed and passed along indescriminantly
by proxies which do not handle Forwarded.

To remove "Forwarded" from incoming requests, do not enable these
options and instead use mod_setenv to clear the request header:
  setenv.set-request-header = ( "Forwarded" => "" )

Other proxy-related headers which admin might evaluate to keep or clear:
  setenv.set-request-header = ( "X-Forwarded-For" => "",
                                "X-Forwarded-By" => "",
                                "X-Forwarded-Server" => "",
                                "X-Origin-IP" => "",
                                "Via" => "",

  "Forwarded HTTP Extension"
  "Forward authenticated user to proxied requests"
2017-04-06 00:22:41 -04:00
Glenn Strauss 36adf0d9a6 [mod_extforward] rearrange code; prep Forwarded 2017-04-06 00:20:28 -04:00
Glenn Strauss 3070972335 [mod_extforward] upd scheme after ipstr validated 2017-04-01 19:20:09 -04:00
Glenn Strauss e7ee5dbf78 [mod_extforward] consolidate ipstr_to_sockaddr() 2017-04-01 19:20:09 -04:00
Glenn Strauss c3c78599dd [mod_extforward] simplify header search 2017-04-01 19:20:09 -04:00
Glenn Strauss 1104afc49b [core] export http_request_host_policy() for reuse 2017-04-01 19:20:09 -04:00
Glenn Strauss 162e754d0d [core] report file path when mkstemp() fails (fixes #2802)
  "Could the error-log be improved a tiny bit in regards to "Permission denied" errors"
2017-03-28 02:17:33 -04:00
Glenn Strauss 8cf6e908d3 [core] include <netdb.h> where needed
include <netdb.h> in files which use getaddrinfo()
  instead of exposing header in local header "sys-socket.h"
2017-03-28 02:17:33 -04:00
Glenn Strauss 4796313efc [core] collect ioctl FIONREAD code
include <sys/ioctl.h> in files which use ioctl()
  instead of exposing header in local header "sys-socket.h"
2017-03-28 02:17:33 -04:00