[trafficserver] branch quic-latest updated (6eb6b99 -> 18e9920)
This is an automated email from the ASF dual-hosted git repository. maskit pushed a change to branch quic-latest in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from 6eb6b99 Fix a bug in connection migration add 18e9920 Fix a unit test for QUICFrame No new revisions were added by this update. Summary of changes: iocore/net/quic/test/test_QUICFrame.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
[trafficserver] branch master updated: Don't buffer the logging for TSError
This is an automated email from the ASF dual-hosted git repository.
bcall pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new a3544c2 Don't buffer the logging for TSError
a3544c2 is described below
commit a3544c2048a62024d50bcf07c9c9cbfcefc94001
Author: Bryan Call
AuthorDate: Fri Oct 19 09:32:44 2018 -0700
Don't buffer the logging for TSError
---
src/traffic_server/InkAPI.cc | 8 +---
tests/gold_tests/headers/domain-blacklist-30x.test.py | 3 +++
tests/gold_tests/pluginTest/url_sig/url_sig.test.py | 3 +++
3 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/traffic_server/InkAPI.cc b/src/traffic_server/InkAPI.cc
index 0fc65af..fc18b72 100644
--- a/src/traffic_server/InkAPI.cc
+++ b/src/traffic_server/InkAPI.cc
@@ -411,14 +411,8 @@ TSError(const char *fmt, ...)
{
va_list args;
- if (is_action_tag_set("deft") || is_action_tag_set("sdk_vbos_errors")) {
-va_start(args, fmt);
-ErrorV(fmt, args);
-va_end(args);
- }
-
va_start(args, fmt);
- Log::va_error((char *)fmt, args);
+ ErrorV(fmt, args);
va_end(args);
}
diff --git a/tests/gold_tests/headers/domain-blacklist-30x.test.py
b/tests/gold_tests/headers/domain-blacklist-30x.test.py
index 5d412d5..b8d9041 100644
--- a/tests/gold_tests/headers/domain-blacklist-30x.test.py
+++ b/tests/gold_tests/headers/domain-blacklist-30x.test.py
@@ -112,3 +112,6 @@ passthroughtr.Processes.Default.Command = "python
tcp_client.py 127.0.0.1 {0} {1
passthroughtr.Processes.Default.TimeOut = 5 # seconds
passthroughtr.Processes.Default.ReturnCode = 0
passthroughtr.Processes.Default.Streams.stdout = "passthrough_get.gold"
+
+# Overriding the built in ERROR check since we expect some ERROR messages
+ts.Disk.diags_log.Content = Testers.ContainsExpression("unsupported redirect
status 0", "This test is a failure test")
diff --git a/tests/gold_tests/pluginTest/url_sig/url_sig.test.py
b/tests/gold_tests/pluginTest/url_sig/url_sig.test.py
index 26d92d3..19af447 100644
--- a/tests/gold_tests/pluginTest/url_sig/url_sig.test.py
+++ b/tests/gold_tests/pluginTest/url_sig/url_sig.test.py
@@ -254,3 +254,6 @@ tr.Processes.Default.Command = (
"foo/abcde/qrstuvwxyz?E=33046618506=1=7=1=acae22b0e1ba6ea6fbb5d26018dbf152558e98cb'"
+
LogTee + " ; grep -F -e '< HTTP' -e Authorization {0}/url_sig_long.log >
{0}/url_sig_short.log ".format(ts.RunDirectory)
)
+
+# Overriding the built in ERROR check since we expect some ERROR messages
+ts.Disk.diags_log.Content = Testers.ContainsExpression("ERROR", "Some tests
are failure tests")
[trafficserver] branch 8.0.x updated: access_control: changes after 1st integration
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 8.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/8.0.x by this push:
new 5003242 access_control: changes after 1st integration
5003242 is described below
commit 50032420e46aa3442fc15b82d6cba3ce301cdbcb
Author: Gancho Tenev
AuthorDate: Mon Nov 5 11:35:56 2018 -0800
access_control: changes after 1st integration
- allow multiple set-cookie headers in the response
- associate the cookie with path=/ (needed by all known use-cases).
(cherry picked from commit 965bd1d1e0bff79e057fec88f21e6acabaf1772d)
---
plugins/experimental/access_control/headers.cc | 6 +++---
plugins/experimental/access_control/headers.h | 2 +-
plugins/experimental/access_control/plugin.cc | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/plugins/experimental/access_control/headers.cc
b/plugins/experimental/access_control/headers.cc
index 2bb70bb..fda3a74 100644
--- a/plugins/experimental/access_control/headers.cc
+++ b/plugins/experimental/access_control/headers.cc
@@ -133,7 +133,7 @@ getHeader(TSMBuffer bufp, TSMLoc hdrLoc, const char
*header, int headerlen, char
* @return true - OK, false - failed
*/
bool
-setHeader(TSMBuffer bufp, TSMLoc hdrLoc, const char *header, int headerlen,
const char *value, int valuelen)
+setHeader(TSMBuffer bufp, TSMLoc hdrLoc, const char *header, int headerlen,
const char *value, int valuelen, bool duplicateOk)
{
if (!bufp || !hdrLoc || !header || headerlen <= 0 || !value || valuelen <=
0) {
return false;
@@ -142,8 +142,8 @@ setHeader(TSMBuffer bufp, TSMLoc hdrLoc, const char
*header, int headerlen, cons
bool ret= false;
TSMLoc fieldLoc = TSMimeHdrFieldFind(bufp, hdrLoc, header, headerlen);
- if (!fieldLoc) {
-// No existing header, so create one
+ if (!fieldLoc || duplicateOk) {
+// No existing header or duplicates ok, so create one
if (TS_SUCCESS == TSMimeHdrFieldCreateNamed(bufp, hdrLoc, header,
headerlen, )) {
if (TS_SUCCESS == TSMimeHdrFieldValueStringSet(bufp, hdrLoc, fieldLoc,
-1, value, valuelen)) {
TSMimeHdrFieldAppend(bufp, hdrLoc, fieldLoc);
diff --git a/plugins/experimental/access_control/headers.h
b/plugins/experimental/access_control/headers.h
index d3ad443..bd45e30 100644
--- a/plugins/experimental/access_control/headers.h
+++ b/plugins/experimental/access_control/headers.h
@@ -28,5 +28,5 @@
int removeHeader(TSMBuffer bufp, TSMLoc hdr_loc, const char *header, int len);
bool headerExist(TSMBuffer bufp, TSMLoc hdr_loc, const char *header, int len);
char *getHeader(TSMBuffer bufp, TSMLoc hdr_loc, const char *header, int
headerlen, char *value, int *valuelen);
-bool setHeader(TSMBuffer bufp, TSMLoc hdr_loc, const char *header, int len,
const char *val, int val_len);
+bool setHeader(TSMBuffer bufp, TSMLoc hdr_loc, const char *header, int len,
const char *val, int val_len, bool duplicateOk = false);
void dumpHeaders(TSMBuffer bufp, TSMLoc hdr_loc);
diff --git a/plugins/experimental/access_control/plugin.cc
b/plugins/experimental/access_control/plugin.cc
index 10d3852..bcc68f9 100644
--- a/plugins/experimental/access_control/plugin.cc
+++ b/plugins/experimental/access_control/plugin.cc
@@ -385,11 +385,11 @@ contHandleAccessControl(const TSCont contp, TSEvent
event, void *edata)
*a secure channel, typically HTTP over Transport
Layer Security (TLS)
* HttpOnly - instructs the UA to omit the cookie when providing
access to cookies via “non-HTTP” APIs such as a web
*browser API that exposes cookies to scripts */
- cookieValue.append("Secure; HttpOnly");
+ cookieValue.append("path=/; Secure; HttpOnly");
AccessControlDebug("%.*s: %s", TS_MIME_LEN_SET_COOKIE,
TS_MIME_FIELD_SET_COOKIE, cookieValue.c_str());
setHeader(clientRespBufp, clientRespHdrLoc,
TS_MIME_FIELD_SET_COOKIE, TS_MIME_LEN_SET_COOKIE, cookieValue.c_str(),
-cookieValue.size());
+cookieValue.size(), /* duplicateOk = */ true);
delete token;
} else {
[trafficserver] branch master updated: Print error message for unimplemented commands
This is an automated email from the ASF dual-hosted git repository.
maskit pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 340c1bf Print error message for unimplemented commands
340c1bf is described below
commit 340c1bf745939221752355c852ee68cc46d6cb7d
Author: Masakazu Kitajo
AuthorDate: Mon Nov 5 15:16:38 2018 +0900
Print error message for unimplemented commands
---
src/traffic_ctl/traffic_ctl.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/traffic_ctl/traffic_ctl.cc b/src/traffic_ctl/traffic_ctl.cc
index c510c42..be61cf0 100644
--- a/src/traffic_ctl/traffic_ctl.cc
+++ b/src/traffic_ctl/traffic_ctl.cc
@@ -186,7 +186,7 @@ CtrlProcessArguments(int /* argc */, const char **argv,
const ArgumentDescriptio
int
CtrlUnimplementedCommand(unsigned /* argc */, const char **argv)
{
- CtrlDebug("the '%s' command is not implemented", *argv);
+ fprintf(stderr, "'%s' command is not implemented\n", *argv);
return CTRL_EX_UNIMPLEMENTED;
}
[trafficserver] branch master updated: access_control: changes after 1st integration
This is an automated email from the ASF dual-hosted git repository.
gancho pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 965bd1d access_control: changes after 1st integration
965bd1d is described below
commit 965bd1d1e0bff79e057fec88f21e6acabaf1772d
Author: Gancho Tenev
AuthorDate: Mon Nov 5 11:35:56 2018 -0800
access_control: changes after 1st integration
- allow multiple set-cookie headers in the response
- associate the cookie with path=/ (needed by all known use-cases).
---
plugins/experimental/access_control/headers.cc | 6 +++---
plugins/experimental/access_control/headers.h | 2 +-
plugins/experimental/access_control/plugin.cc | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/plugins/experimental/access_control/headers.cc
b/plugins/experimental/access_control/headers.cc
index 2bb70bb..fda3a74 100644
--- a/plugins/experimental/access_control/headers.cc
+++ b/plugins/experimental/access_control/headers.cc
@@ -133,7 +133,7 @@ getHeader(TSMBuffer bufp, TSMLoc hdrLoc, const char
*header, int headerlen, char
* @return true - OK, false - failed
*/
bool
-setHeader(TSMBuffer bufp, TSMLoc hdrLoc, const char *header, int headerlen,
const char *value, int valuelen)
+setHeader(TSMBuffer bufp, TSMLoc hdrLoc, const char *header, int headerlen,
const char *value, int valuelen, bool duplicateOk)
{
if (!bufp || !hdrLoc || !header || headerlen <= 0 || !value || valuelen <=
0) {
return false;
@@ -142,8 +142,8 @@ setHeader(TSMBuffer bufp, TSMLoc hdrLoc, const char
*header, int headerlen, cons
bool ret= false;
TSMLoc fieldLoc = TSMimeHdrFieldFind(bufp, hdrLoc, header, headerlen);
- if (!fieldLoc) {
-// No existing header, so create one
+ if (!fieldLoc || duplicateOk) {
+// No existing header or duplicates ok, so create one
if (TS_SUCCESS == TSMimeHdrFieldCreateNamed(bufp, hdrLoc, header,
headerlen, )) {
if (TS_SUCCESS == TSMimeHdrFieldValueStringSet(bufp, hdrLoc, fieldLoc,
-1, value, valuelen)) {
TSMimeHdrFieldAppend(bufp, hdrLoc, fieldLoc);
diff --git a/plugins/experimental/access_control/headers.h
b/plugins/experimental/access_control/headers.h
index d3ad443..bd45e30 100644
--- a/plugins/experimental/access_control/headers.h
+++ b/plugins/experimental/access_control/headers.h
@@ -28,5 +28,5 @@
int removeHeader(TSMBuffer bufp, TSMLoc hdr_loc, const char *header, int len);
bool headerExist(TSMBuffer bufp, TSMLoc hdr_loc, const char *header, int len);
char *getHeader(TSMBuffer bufp, TSMLoc hdr_loc, const char *header, int
headerlen, char *value, int *valuelen);
-bool setHeader(TSMBuffer bufp, TSMLoc hdr_loc, const char *header, int len,
const char *val, int val_len);
+bool setHeader(TSMBuffer bufp, TSMLoc hdr_loc, const char *header, int len,
const char *val, int val_len, bool duplicateOk = false);
void dumpHeaders(TSMBuffer bufp, TSMLoc hdr_loc);
diff --git a/plugins/experimental/access_control/plugin.cc
b/plugins/experimental/access_control/plugin.cc
index 10d3852..bcc68f9 100644
--- a/plugins/experimental/access_control/plugin.cc
+++ b/plugins/experimental/access_control/plugin.cc
@@ -385,11 +385,11 @@ contHandleAccessControl(const TSCont contp, TSEvent
event, void *edata)
*a secure channel, typically HTTP over Transport
Layer Security (TLS)
* HttpOnly - instructs the UA to omit the cookie when providing
access to cookies via “non-HTTP” APIs such as a web
*browser API that exposes cookies to scripts */
- cookieValue.append("Secure; HttpOnly");
+ cookieValue.append("path=/; Secure; HttpOnly");
AccessControlDebug("%.*s: %s", TS_MIME_LEN_SET_COOKIE,
TS_MIME_FIELD_SET_COOKIE, cookieValue.c_str());
setHeader(clientRespBufp, clientRespHdrLoc,
TS_MIME_FIELD_SET_COOKIE, TS_MIME_LEN_SET_COOKIE, cookieValue.c_str(),
-cookieValue.size());
+cookieValue.size(), /* duplicateOk = */ true);
delete token;
} else {
[trafficserver] branch master updated: Ignore the entire doc/_build directory that is generated
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new 146cb8e Ignore the entire doc/_build directory that is generated 146cb8e is described below commit 146cb8eef8e4dbc4b532cd63a9c11a4e1afcb5dc Author: Leif Hedstrom AuthorDate: Mon Nov 5 13:15:05 2018 -0700 Ignore the entire doc/_build directory that is generated --- .gitignore | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index c38faa7..acffd82 100644 --- a/.gitignore +++ b/.gitignore @@ -44,8 +44,7 @@ config.h configs/records.config.default configs/storage.config.default -doc/_build/html/api/ -doc/_build/locale/ +doc/_build doc/docbuild/ doc/locale/pot doc/xml/
[trafficserver] branch master updated: This hides the memory leak that CA otherwise finds
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new bd1dc37 This hides the memory leak that CA otherwise finds
bd1dc37 is described below
commit bd1dc373f6e581a2bf728d2fafc10f315fcc6cd8
Author: Leif Hedstrom
AuthorDate: Mon Nov 5 13:21:52 2018 -0700
This hides the memory leak that CA otherwise finds
---
plugins/experimental/magick/magick.cc | 7 ++-
plugins/experimental/webp_transform/ImageTransform.cc | 7 ++-
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/plugins/experimental/magick/magick.cc
b/plugins/experimental/magick/magick.cc
index 833c34c..b4f3cb0 100644
--- a/plugins/experimental/magick/magick.cc
+++ b/plugins/experimental/magick/magick.cc
@@ -56,6 +56,11 @@ using StringViewVector = std::vector;
using byte = unsigned char;
+namespace
+{
+GlobalPlugin *plugin;
+}
+
struct ThreadPool {
using Callback = std::function;
using Queue= std::list;
@@ -621,5 +626,5 @@ TSPluginInit(int argc, const char **argv)
key = argv[1];
}
- new GlobalHookPlugin(key);
+ plugin = new GlobalHookPlugin(key);
}
diff --git a/plugins/experimental/webp_transform/ImageTransform.cc
b/plugins/experimental/webp_transform/ImageTransform.cc
index 8c7a1b0..68ea938 100644
--- a/plugins/experimental/webp_transform/ImageTransform.cc
+++ b/plugins/experimental/webp_transform/ImageTransform.cc
@@ -32,6 +32,11 @@ using namespace atscppapi;
#define TAG "webp_transform"
+namespace
+{
+GlobalPlugin *plugin;
+}
+
class ImageTransform : public TransformationPlugin
{
public:
@@ -103,5 +108,5 @@ TSPluginInit(int argc ATSCPPAPI_UNUSED, const char *argv[]
ATSCPPAPI_UNUSED)
return;
}
InitializeMagick("");
- new GlobalHookPlugin();
+ plugin = new GlobalHookPlugin();
}
[trafficserver] branch master updated: Move the test-only plugins test_hooks and test_cppapi to tests/tools/plugins .
This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new 1d9201b Move the test-only plugins test_hooks and test_cppapi to tests/tools/plugins . 1d9201b is described below commit 1d9201b0f00d8eaae98d5471d99325ac55317798 Author: Walter Karas AuthorDate: Mon Oct 22 14:05:04 2018 -0500 Move the test-only plugins test_hooks and test_cppapi to tests/tools/plugins . Also changes trafficserver extension to Au Test: - Adds 'extra_build_args' parameter to Test.PreparePlugin() method, a string containing extra parameters to the tsxs command building the plugin. - Adds a -L parameter to the tsxs that specifies the directory in the installed TS layout containing TS libraries. --- plugins/Makefile.am | 2 -- plugins/for_testing_only/test_cppapi/Makefile.inc | 19 --- plugins/for_testing_only/test_hooks/Makefile.inc | 19 --- .../autest-site/trafficserver_plugins.test.ext| 14 -- tests/gold_tests/pluginTest/cppapi/cppapi.test.py | 2 +- .../pluginTest/test_hooks/test_hooks.test.py | 4 ++-- .../tools/plugins}/test_cppapi.cc | 0 .../test_hooks => tests/tools/plugins}/test_hooks.cc | 0 8 files changed, 15 insertions(+), 45 deletions(-) diff --git a/plugins/Makefile.am b/plugins/Makefile.am index 5a05bd9..e1d0dad 100644 --- a/plugins/Makefile.am +++ b/plugins/Makefile.am @@ -34,8 +34,6 @@ include cache_promote/Makefile.inc include conf_remap/Makefile.inc include escalate/Makefile.inc include esi/Makefile.inc -include for_testing_only/test_cppapi/Makefile.inc -include for_testing_only/test_hooks/Makefile.inc include generator/Makefile.inc include compress/Makefile.inc include header_rewrite/Makefile.inc diff --git a/plugins/for_testing_only/test_cppapi/Makefile.inc b/plugins/for_testing_only/test_cppapi/Makefile.inc deleted file mode 100644 index c673090..000 --- a/plugins/for_testing_only/test_cppapi/Makefile.inc +++ /dev/null @@ -1,19 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -pkglib_LTLIBRARIES += for_testing_only/test_cppapi/test_cppapi.la -for_testing_only_test_cppapi_test_cppapi_la_LIBADD = $(top_builddir)/src/tscpp/api/libtscppapi.la -for_testing_only_test_cppapi_test_cppapi_la_SOURCES = for_testing_only/test_cppapi/test_cppapi.cc diff --git a/plugins/for_testing_only/test_hooks/Makefile.inc b/plugins/for_testing_only/test_hooks/Makefile.inc deleted file mode 100644 index 91838aa..000 --- a/plugins/for_testing_only/test_hooks/Makefile.inc +++ /dev/null @@ -1,19 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -pkglib_LTLIBRARIES += for_testing_only/test_hooks/test_hooks.la -for_testing_only_test_hooks_test_hooks_la_LIBADD = $(top_builddir)/src/tscpp/api/libtscppapi.la -for_testing_only_test_hooks_test_hooks_la_SOURCES = for_testing_only/test_hooks/test_hooks.cc diff --git a/tests/gold_tests/autest-site/trafficserver_plugins.test.ext b/tests/gold_tests/autest-site/trafficserver_plugins.test.ext index c34fbff..e6e3087 100644 --- a/tests/gold_tests/autest-site/trafficserver_plugins.test.ext +++ b/tests/gold_tests/autest-site/trafficserver_plugins.test.ext @@ -19,7 +19,7 @@ Builds, installs, and enables an ATS
[trafficserver] branch master updated: Fix privilege acquisition to work better with docker
This is an automated email from the ASF dual-hosted git repository.
shinrich pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 3d7e280 Fix privilege acquisition to work better with docker
3d7e280 is described below
commit 3d7e28064b16aae4c90bae99cc3da97994b2d51b
Author: Susan Hinrichs
AuthorDate: Fri Nov 2 16:47:29 2018 +
Fix privilege acquisition to work better with docker
---
src/traffic_manager/traffic_manager.cc | 16 -
src/tscore/ink_cap.cc | 66 +++---
2 files changed, 76 insertions(+), 6 deletions(-)
diff --git a/src/traffic_manager/traffic_manager.cc
b/src/traffic_manager/traffic_manager.cc
index 87be590..d167ec8 100644
--- a/src/traffic_manager/traffic_manager.cc
+++ b/src/traffic_manager/traffic_manager.cc
@@ -993,7 +993,21 @@ restoreCapabilities()
};
static int const CAP_COUNT = sizeof(cap_list) / sizeof(*cap_list);
- cap_set_flag(cap_set, CAP_EFFECTIVE, CAP_COUNT, cap_list, CAP_SET);
+ for (int i = 0; i < CAP_COUNT; i++) {
+if (cap_set_flag(cap_set, CAP_EFFECTIVE, 1, cap_list + i, CAP_SET) < 0) {
+ Warning("restore CAP_EFFECTIVE failed for option %d", i);
+}
+if (cap_set_proc(cap_set) == -1) { // it failed, back out
+ cap_set_flag(cap_set, CAP_EFFECTIVE, 1, cap_list + i, CAP_CLEAR);
+}
+ }
+ for (int i = 0; i < CAP_COUNT; i++) {
+cap_flag_value_t val;
+if (cap_get_flag(cap_set, cap_list[i], CAP_EFFECTIVE, ) < 0) {
+} else {
+ Warning("CAP_EFFECTIVE offiset %d is %s", i, val == CAP_SET ? "set" :
"unset");
+}
+ }
zret = cap_set_proc(cap_set);
cap_free(cap_set);
return zret;
diff --git a/src/tscore/ink_cap.cc b/src/tscore/ink_cap.cc
index 7c53050..f33b732 100644
--- a/src/tscore/ink_cap.cc
+++ b/src/tscore/ink_cap.cc
@@ -260,17 +260,73 @@ RestrictCapabilities()
{
int zret = 0; // return value.
#if TS_USE_POSIX_CAP
- cap_t caps = cap_init(); // start with nothing.
+ cap_t caps_good = cap_init(); // Start with nothing
+ cap_t caps_orig = cap_get_proc();
+
// Capabilities we need.
cap_value_t perm_list[] = {CAP_NET_ADMIN, CAP_NET_BIND_SERVICE,
CAP_IPC_LOCK, CAP_DAC_OVERRIDE, CAP_FOWNER};
static int const PERM_CAP_COUNT = sizeof(perm_list) / sizeof(*perm_list);
cap_value_t eff_list[] = {CAP_NET_ADMIN, CAP_NET_BIND_SERVICE,
CAP_IPC_LOCK};
static int const EFF_CAP_COUNT = sizeof(eff_list) / sizeof(*eff_list);
- cap_set_flag(caps, CAP_PERMITTED, PERM_CAP_COUNT, perm_list, CAP_SET);
- cap_set_flag(caps, CAP_EFFECTIVE, EFF_CAP_COUNT, eff_list, CAP_SET);
- zret = cap_set_proc(caps);
- cap_free(caps);
+ // Request capabilities one at a time. If one capability fails
+ // the rest may succeed. If this scenario does not need that capability
+ // Must start with the current privileges in case we fail we can get back in
+ // that is ok.
+ for (int i = 0; i < PERM_CAP_COUNT; i++) {
+cap_t caps = cap_get_proc();
+if (cap_set_flag(caps, CAP_PERMITTED, 1, perm_list + i, CAP_SET) < 0) {
+} else {
+ if (cap_set_proc(caps) == -1) { // it failed, back out
+Warning("CAP_PERMITTED failed for option %d", i);
+ } else {
+if (cap_set_flag(caps_good, CAP_PERMITTED, 1, perm_list + i, CAP_SET)
< 0) {
+}
+ }
+}
+if (cap_set_proc(caps_orig) < 0) {
+ ink_release_assert(0);
+}
+cap_free(caps);
+ }
+ for (int i = 0; i < EFF_CAP_COUNT; i++) {
+cap_t caps = cap_get_proc();
+if (cap_set_flag(caps, CAP_EFFECTIVE, 1, eff_list + i, CAP_SET) < 0) {
+} else {
+ if (cap_set_proc(caps) == -1) { // it failed, back out
+Warning("CAP_EFFECTIVE failed for option %d", i);
+ } else {
+if (cap_set_flag(caps_good, CAP_EFFECTIVE, 1, eff_list + i, CAP_SET) <
0) {
+}
+ }
+}
+if (cap_set_proc(caps_orig) < 0) {
+ ink_release_assert(0);
+}
+cap_free(caps);
+ }
+
+ if (cap_set_proc(caps_good) == -1) { // it failed, back out
+ink_release_assert(0);
+ }
+
+ for (int i = 0; i < PERM_CAP_COUNT; i++) {
+cap_flag_value_t val;
+if (cap_get_flag(caps_good, perm_list[i], CAP_PERMITTED, ) < 0) {
+} else {
+ Warning("CAP_PERMITTED offiset %d is %s", i, val == CAP_SET ? "set" :
"unset");
+}
+ }
+ for (int i = 0; i < EFF_CAP_COUNT; i++) {
+cap_flag_value_t val;
+if (cap_get_flag(caps_good, eff_list[i], CAP_EFFECTIVE, ) < 0) {
+} else {
+ Warning("CAP_EFFECTIVE offiset %d is %s", i, val == CAP_SET ? "set" :
"unset");
+}
+ }
+
+ cap_free(caps_good);
+ cap_free(caps_orig);
#endif
Debug("privileges", "[RestrictCapabilities] zret : %d", zret);
return zret == 0;
[trafficserver] branch fix_tunnel_route created (now e4d4b3d)
This is an automated email from the ASF dual-hosted git repository. shinrich pushed a change to branch fix_tunnel_route in repository https://gitbox.apache.org/repos/asf/trafficserver.git. at e4d4b3d Add debug in curl This branch includes the following new commits: new e4d4b3d Add debug in curl The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
[trafficserver] 01/01: Add debug in curl
This is an automated email from the ASF dual-hosted git repository.
shinrich pushed a commit to branch fix_tunnel_route
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit e4d4b3d11868597aaa2d9cd21280d4d0339464a2
Author: Susan Hinrichs
AuthorDate: Mon Nov 5 19:30:37 2018 +
Add debug in curl
---
tests/gold_tests/tls/tls_verify.test.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/tests/gold_tests/tls/tls_verify.test.py
b/tests/gold_tests/tls/tls_verify.test.py
index 3a33e9e..d21f14a 100644
--- a/tests/gold_tests/tls/tls_verify.test.py
+++ b/tests/gold_tests/tls/tls_verify.test.py
@@ -104,7 +104,7 @@ tr.Setup.Copy("ssl/signed-foo.key")
tr.Setup.Copy("ssl/signed-foo.pem")
tr.Setup.Copy("ssl/signed-bar.key")
tr.Setup.Copy("ssl/signed-bar.pem")
-tr.Processes.Default.Command = "curl -k -H \"host: foo.com\"
https://127.0.0.1:{0}".format(ts.Variables.ssl_port)
+tr.Processes.Default.Command = "curl -v -k -H \"host: foo.com\"
https://127.0.0.1:{0}".format(ts.Variables.ssl_port)
tr.ReturnCode = 0
# time delay as proxy.config.http.wait_for_cache could be broken
tr.Processes.Default.StartBefore(server_foo)
@@ -118,7 +118,7 @@ tr.Processes.Default.Streams.stdout =
Testers.ExcludesExpression("Could Not Conn
tr.TimeOut = 5
tr2 = Test.AddTestRun("Override-enforcing-Test")
-tr2.Processes.Default.Command = "curl -k -H \"host: bar.com\"
https://127.0.0.1:{0}".format(ts.Variables.ssl_port)
+tr2.Processes.Default.Command = "curl -v -k -H \"host: bar.com\"
https://127.0.0.1:{0}".format(ts.Variables.ssl_port)
tr2.ReturnCode = 0
tr2.StillRunningAfter = server
tr2.Processes.Default.TimeOut = 5
@@ -127,7 +127,7 @@ tr2.Processes.Default.Streams.stdout =
Testers.ExcludesExpression("Could Not Con
tr2.TimeOut = 5
tr3 = Test.AddTestRun("Override-enforcing-Test-fail-name-check")
-tr3.Processes.Default.Command = "curl -k -H \"host: bad_bar.com\"
https://127.0.0.1:{0}".format(ts.Variables.ssl_port)
+tr3.Processes.Default.Command = "curl -v -k -H \"host: bad_bar.com\"
https://127.0.0.1:{0}".format(ts.Variables.ssl_port)
tr3.Processes.Default.Streams.stdout = Testers.ContainsExpression("Could Not
Connect", "Curl attempt should have failed")
tr3.ReturnCode = 0
tr3.StillRunningAfter = server
[trafficserver] branch master updated (0aa7e82 -> df40fe8)
This is an automated email from the ASF dual-hosted git repository. amc pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from 0aa7e82 Docs: Change to run python directly, require python 3.5. add df40fe8 Test: fix test_Ptr.cc to deal with clang not liking "p1 = p1". No new revisions were added by this update. Summary of changes: src/tscore/unit_tests/test_Ptr.cc | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-)
[trafficserver] branch master updated: Docs: Change to run python directly, require python 3.5.
This is an automated email from the ASF dual-hosted git repository.
amc pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 0aa7e82 Docs: Change to run python directly, require python 3.5.
0aa7e82 is described below
commit 0aa7e822ecbda9c6f04cf4fe062c3f77c69147c9
Author: Alan M. Carroll
AuthorDate: Fri Nov 2 13:19:04 2018 -0500
Docs: Change to run python directly, require python 3.5.
---
configure.ac | 13 ++---
doc/Makefile.am | 2 +-
doc/checkvers.py | 6 +++---
3 files changed, 10 insertions(+), 11 deletions(-)
diff --git a/configure.ac b/configure.ac
index 3a69fb6..a2f6a10 100644
--- a/configure.ac
+++ b/configure.ac
@@ -291,20 +291,19 @@ AM_CONDITIONAL([BUILD_TESTS], [test 0 -ne $has_tests])
# makes the diagnostic output ugly and hard to follow.
AC_ARG_VAR(JAVA, [path to java executor])
AC_CHECK_PROG(JAVA, java, java)
-AC_MSG_CHECKING([whether to build documentation])
+AC_MSG_RESULT([Checking whether to build documentation:])
AC_ARG_ENABLE([docs],
[AS_HELP_STRING([--enable-docs],[enable documentation building])],
[
enable_doc_build=yes
-AM_PATH_PYTHON([2.4], [
- dnl action-if-found
+AM_PATH_PYTHON([3.4], [
TS_MAN1_MANPAGES=`cd $srcdir/doc && $PYTHON manpages.py --section=1 |
$AWK '{print "$(BUILDDIR)/man/" $0 }' | tr '\n' ' '`
TS_MAN3_MANPAGES=`cd $srcdir/doc && $PYTHON manpages.py --section=3 |
$AWK '{print "$(BUILDDIR)/man/" $0 }' | tr '\n' ' '`
TS_MAN5_MANPAGES=`cd $srcdir/doc && $PYTHON manpages.py --section=5 |
$AWK '{print "$(BUILDDIR)/man/" $0 }' | tr '\n' ' '`
TS_MAN8_MANPAGES=`cd $srcdir/doc && $PYTHON manpages.py --section=8 |
$AWK '{print "$(BUILDDIR)/man/" $0 }' | tr '\n' ' '`
], [
- dnl action-if-not-found
- :
+ enable_doc_build=no
+ AC_ERROR([Doc building disabled, python 3.4 or better required])
])
AS_IF([test -z "$JAVA"],
@@ -314,7 +313,7 @@ AC_ARG_ENABLE([docs],
])
AC_ARG_VAR(SPHINXBUILD, [the sphinx-build documentation generator])
AC_ARG_VAR(SPHINXOPTS, [additional sphinx-build options])
-AC_PATH_PROG([SPHINXBUILD], [sphinx-build], [])
+AC_PATH_PROG([SPHINXBUILD], [$SPHINXBUILD], [$PYTHON -m sphinx])
AS_IF(["$PYTHON" "$srcdir/doc/checkvers.py" --check-version],
[
sphinx_version_check=yes
@@ -342,7 +341,7 @@ AC_ARG_ENABLE([docs],
],
[enable_doc_build=no]
)
-AC_MSG_RESULT([$enable_doc_build])
+AC_MSG_RESULT([Will build documentation: $enable_doc_build])
AM_CONDITIONAL([BUILD_DOCS], [test "xyes" = "x$enable_doc_build"])
AM_CONDITIONAL([BUILD_MANPAGES], [test "xtrue" = "x$build_manpages"])
diff --git a/doc/Makefile.am b/doc/Makefile.am
index f03bb87..caa7db7 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -62,7 +62,7 @@ I18NSPHINXOPTS = $(SPHINXOPTS)
# detects as non-portable. We bounce this through a shell script and do the
expansion there.
SBUILD = PAPEROPT_a4="$(PAPEROPT_a4)" PAPEROPT_letter="$(PAPEROPT_letter)"
PAPER="$(PAPER)" \
PLANTUML_JAR="$(shell ext/plantuml_fetch.sh | tail -1)" \
- $(srcdir)/sbuild $(SPHINXBUILD) \
+ $(srcdir)/sbuild "$(SPHINXBUILD)" \
-c $(srcdir) \
$(ALLSPHINXOPTS)
diff --git a/doc/checkvers.py b/doc/checkvers.py
index 398680e..e16e7e4 100644
--- a/doc/checkvers.py
+++ b/doc/checkvers.py
@@ -31,7 +31,7 @@ if __name__ == '__main__':
min_sphinx_version_info = (1,7,5)
min_sphinx_version = '.'.join([str(x) for x in
min_sphinx_version_info])
-print('checking for sphinx version >= {0}...
'.format(min_sphinx_version))
+print('checking for sphinx version >= {0}...
'.format(min_sphinx_version), end="")
# Need at least 1.5.1 to use svg
# version >= 1.2 guarantees sphinx.version_info is available.
try:
@@ -52,7 +52,7 @@ if __name__ == '__main__':
print(e)
sys.exit(1)
-print('checking for sphinx.writers.manpage... '),
+print('checking for sphinx.writers.manpage... ', end="")
try:
from sphinx.writers import manpage
print('yes')
@@ -60,7 +60,7 @@ if __name__ == '__main__':
print(e)
sys.exit(1)
-print('checking for sphinxcontrib.plantuml...'),
+print('checking for sphinxcontrib.plantuml...', end="")
try:
import sphinxcontrib.plantuml
print('yes')
