[trafficserver] branch master updated: Add support for JWS to be passed as a URI path parameter in URI signing plugin
This is an automated email from the ASF dual-hosted git repository. jrushford pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new 4f5baf0 Add support for JWS to be passed as a URI path parameter in URI signing plugin 4f5baf0 is described below commit 4f5baf097467ff6d3f76d566e57509800f2099d3 Author: Dylan Souza AuthorDate: Fri Nov 2 18:05:12 2018 + Add support for JWS to be passed as a URI path parameter in URI signing plugin --- plugins/experimental/uri_signing/parse.c | 71 +- plugins/experimental/uri_signing/parse.h | 2 +- plugins/experimental/uri_signing/uri_signing.c | 2 +- 3 files changed, 48 insertions(+), 27 deletions(-) diff --git a/plugins/experimental/uri_signing/parse.c b/plugins/experimental/uri_signing/parse.c index a53c60f..603c4ec 100644 --- a/plugins/experimental/uri_signing/parse.c +++ b/plugins/experimental/uri_signing/parse.c @@ -29,37 +29,64 @@ #include cjose_jws_t * -get_jws_from_query(const char *uri, size_t uri_ct, const char *paramName) +get_jws_from_uri(const char *uri, size_t uri_ct, const char *paramName) { - PluginDebug("Parsing JWS from query string: %.*s", (int)uri_ct, uri); - const char *query = uri; - const char *end = uri + uri_ct; - while (query != end && *query != '?') { -++query; - } - if (query == end) { + /* Reserved characters as defined by the URI Generic Syntax RFC: https://tools.ietf.org/html/rfc3986#section-2.2 */ + const char *reserved_string = ":/?#[]@!$&\'()*+,;="; + + /* If param name ends in reserved character this will be treated as the termination symbol when parsing for package. Default is + * '='. */ + char termination_symbol; + size_t termination_ct; + size_t param_ct = strlen(paramName); + + if (param_ct <= 0) { +PluginDebug("URI signing package name cannot be empty"); return NULL; } - ++query; + if (strchr(reserved_string, paramName[param_ct - 1])) { +termination_symbol = paramName[param_ct - 1]; +termination_ct = param_ct - 1; + } else { +termination_symbol = '='; +termination_ct = param_ct; + } + + PluginDebug("Parsing JWS from query string: %.*s", (int)uri_ct, uri); + const char *param = uri; + const char *end = uri + uri_ct; + const char *key, *key_end; + const char *value, *value_end; - const char *key = query, *key_end; - const char *value = query, *value_end; for (;;) { -while (value != end && *value != '=') { - ++value; +/* Search the URI for a reserved character. */ +while (param != end && strchr(reserved_string, *param) == NULL) { + ++param; } +if (param == end) { + break; +} + +++param; +/* Parse the parameter for a key value pair separated by the termination symbol. */ +key = param; +value = param; +while (value != end && *value != termination_symbol) { + ++value; +} if (value == end) { break; } -key_end = value; -value_end = ++value; -while (value_end != end && *value_end != '&') { - ++value_end; -} +key_end = value; -if (!strncmp(paramName, key, (size_t)(key_end - key))) { +/* If the Parameter key is our target parameter name, attempt to import a JWS from the value. */ +if ((size_t)(key_end - key) == termination_ct && !strncmp(paramName, key, (size_t)(key_end - key))) { + value_end = ++value; + while (value_end != end && strchr(reserved_string, *value_end) == NULL) { +++value_end; + } PluginDebug("Decoding JWS: %.*s", (int)(key_end - key), key); cjose_err err= {0}; cjose_jws_t *jws = cjose_jws_import(value, (size_t)(value_end - value), ); @@ -70,12 +97,6 @@ get_jws_from_query(const char *uri, size_t uri_ct, const char *paramName) } return jws; } - -if (value_end == end) { - break; -} - -key = value = value_end + 1; } PluginDebug("Unable to locate signing key in uri: %.*s", (int)uri_ct, uri); return NULL; diff --git a/plugins/experimental/uri_signing/parse.h b/plugins/experimental/uri_signing/parse.h index 8002f87..8d82c63 100644 --- a/plugins/experimental/uri_signing/parse.h +++ b/plugins/experimental/uri_signing/parse.h @@ -19,7 +19,7 @@ #include struct _cjose_jws_int; -struct _cjose_jws_int *get_jws_from_query(const char *uri, size_t uri_ct, const char *paramName); +struct _cjose_jws_int *get_jws_from_uri(const char *uri, size_t uri_ct, const char *paramName); struct _cjose_jws_int *get_jws_from_cookie(const char **cookie, size_t *cookie_ct, const char *paramName); struct config; diff --git a/plugins/experimental/uri_signing/uri_signing.c b/plugins/experimental/uri_signing/uri_signing.c index 55ba117..e9a2a81 100644 --- a/plugins/experimental/uri_signing/uri_signing.c +++ b/plugins/experimental/uri_signing/uri_signing.c @@
[trafficserver] 01/01: Merge branch '8.0.x' into 8.1.x
This is an automated email from the ASF dual-hosted git repository. bcall pushed a commit to branch 8.1.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git commit 2a089062773fa6b7db985a18f841e5c1a8d85a44 Merge: f859127 e8ee826 Author: Bryan Call AuthorDate: Wed Jan 9 09:36:43 2019 -0800 Merge branch '8.0.x' into 8.1.x Conflicts: configure.ac tools/package/trafficserver.spec CHANGELOG-8.0.2| 11 +++ STATUS | 8 +- doc/Makefile.am| 2 +- doc/admin-guide/plugins/sslheaders.en.rst | 2 +- doc/ext/local-config.py.in | 13 +++- doc/{ => ext}/plantuml_fetch.sh| 0 doc/ext/traffic-server.py | 12 ++- doc/uml/Makefile.am| 2 +- iocore/eventsystem/I_VConnection.h | 2 +- iocore/eventsystem/P_UnixEventProcessor.h | 7 +- plugins/experimental/sslheaders/expand.cc | 2 +- plugins/experimental/sslheaders/sslheaders.cc | 82 ++- plugins/experimental/sslheaders/sslheaders.h | 8 +- proxy/ProxyClientSession.cc| 3 +- proxy/http/HttpSM.cc | 7 +- tests/gold_tests/pluginTest/sslheaders/observer.py | 31 .../pluginTest/sslheaders/ssl/server.key | 28 +++ .../pluginTest/sslheaders/ssl/server.pem | 21 + .../pluginTest/sslheaders/sslheaders.gold | 1 + .../pluginTest/sslheaders/sslheaders.test.py | 91 ++ 20 files changed, 293 insertions(+), 40 deletions(-)
[trafficserver] branch 8.1.x updated (f859127 -> 2a08906)
This is an automated email from the ASF dual-hosted git repository. bcall pushed a change to branch 8.1.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from f859127 Bumped the version to 8.1.0 add f601b0f Updated version number in the .spec file, for next 8.0.x rel add a24582b Doc: Fix doc build to work with Sphinx 1.8. add 30d930e Doc: Repair various format errors. Tweak traffic-server.py support for Python 3. add 6ac3b2a Revert "Two more places to check whether attempting half_closed connection logic is feasible." add fb0019b make sure the index stays positive add ad6fa96 Bumped version to 8.0.2, and updated STATUS add 9a5b3c0 sslheaders experimental plugin: fix doc typo, improve container use. add ea34099 Make sslheaders plugin better conform to documentation. add 9091749 Added null value init for VConn user_args. add 6d135e1 Updated Changelog add 2410ae9 Updated Changelog add e8ee826 Fixed clang 5.0.0 issue with brace initialization new 2a08906 Merge branch '8.0.x' into 8.1.x The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: CHANGELOG-8.0.2| 11 +++ STATUS | 8 +- doc/Makefile.am| 2 +- doc/admin-guide/plugins/sslheaders.en.rst | 2 +- doc/ext/local-config.py.in | 13 +++- doc/{ => ext}/plantuml_fetch.sh| 0 doc/ext/traffic-server.py | 12 ++- doc/uml/Makefile.am| 2 +- iocore/eventsystem/I_VConnection.h | 2 +- iocore/eventsystem/P_UnixEventProcessor.h | 7 +- plugins/experimental/sslheaders/expand.cc | 2 +- plugins/experimental/sslheaders/sslheaders.cc | 82 ++- plugins/experimental/sslheaders/sslheaders.h | 8 +- proxy/ProxyClientSession.cc| 3 +- proxy/http/HttpSM.cc | 7 +- .../observer.py} | 11 ++- .../pluginTest/sslheaders/ssl/server.key | 28 +++ .../pluginTest/sslheaders/ssl/server.pem | 21 + .../pluginTest/sslheaders/sslheaders.gold | 1 + .../pluginTest/sslheaders/sslheaders.test.py | 91 ++ 20 files changed, 270 insertions(+), 43 deletions(-) create mode 100644 CHANGELOG-8.0.2 rename doc/{ => ext}/plantuml_fetch.sh (100%) copy tests/gold_tests/pluginTest/{compress/compress_observer.py => sslheaders/observer.py} (78%) mode change 100755 => 100644 create mode 100644 tests/gold_tests/pluginTest/sslheaders/ssl/server.key create mode 100644 tests/gold_tests/pluginTest/sslheaders/ssl/server.pem create mode 100644 tests/gold_tests/pluginTest/sslheaders/sslheaders.gold create mode 100644 tests/gold_tests/pluginTest/sslheaders/sslheaders.test.py
[trafficserver] branch 8.0.x updated: Fixed clang 5.0.0 issue with brace initialization
This is an automated email from the ASF dual-hosted git repository. bcall pushed a commit to branch 8.0.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/8.0.x by this push: new e8ee826 Fixed clang 5.0.0 issue with brace initialization e8ee826 is described below commit e8ee82656d8c7eec0af85e158f7b18bf7e6c5ddd Author: Bryan Call AuthorDate: Tue Jan 8 14:13:18 2019 -0800 Fixed clang 5.0.0 issue with brace initialization (cherry picked from commit 6e84a42f6870a100bc9ea71e968ecb0c611a0375) --- iocore/eventsystem/I_VConnection.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iocore/eventsystem/I_VConnection.h b/iocore/eventsystem/I_VConnection.h index 62f6041..bc72ba5 100644 --- a/iocore/eventsystem/I_VConnection.h +++ b/iocore/eventsystem/I_VConnection.h @@ -406,7 +406,7 @@ public: }; protected: - std::array user_args{nullptr}; + std::array user_args{{nullptr}}; }; struct DummyVConnection : public AnnotatedVConnection {
[trafficserver] branch master updated: fix NXDOMAIN problems
This is an automated email from the ASF dual-hosted git repository. duke8253 pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new 792a022 fix NXDOMAIN problems 792a022 is described below commit 792a0b0cebca2807e98ad75caa79b677132c Author: Fei Deng AuthorDate: Mon Dec 24 10:44:09 2018 -0600 fix NXDOMAIN problems --- iocore/hostdb/HostDB.cc | 17 + 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/iocore/hostdb/HostDB.cc b/iocore/hostdb/HostDB.cc index 6e50c44..de09e91 100644 --- a/iocore/hostdb/HostDB.cc +++ b/iocore/hostdb/HostDB.cc @@ -441,6 +441,7 @@ HostDBContinuation::init(HostDBHash const _hash, Options const ) action = opt.cont; } else { // ink_assert(!"this sucks"); +ink_zero(action); action.mutex = mutex; } } @@ -1591,10 +1592,10 @@ HostDBContinuation::probeEvent(int /* event ATS_UNUSED */, Event *e) EThread *t = e ? e->ethread : this_ethread(); MUTEX_TRY_LOCK(lock, action.mutex, t); - // Go ahead and grab the continuation mutex or just grab the action mutex again of there is no continuation mutex - MUTEX_TRY_LOCK(lock2, (action.continuation && action.continuation->mutex) ? action.continuation->mutex : action.mutex, t); - // Don't continue unless we have both mutexes - if (!lock.is_locked() || !lock2.is_locked()) { + + // Separating lock checks here to make sure things don't break + // when we check if the action is cancelled. + if (!lock.is_locked()) { mutex->thread_holding->schedule_in(this, HOST_DB_RETRY_PERIOD); return EVENT_CONT; } @@ -1604,6 +1605,14 @@ HostDBContinuation::probeEvent(int /* event ATS_UNUSED */, Event *e) return EVENT_DONE; } + // Go ahead and grab the continuation mutex or just grab the action mutex again of there is no continuation mutex + MUTEX_TRY_LOCK(lock2, (action.continuation && action.continuation->mutex) ? action.continuation->mutex : action.mutex, t); + // Don't continue unless we have both mutexes + if (!lock2.is_locked()) { +mutex->thread_holding->schedule_in(this, HOST_DB_RETRY_PERIOD); +return EVENT_CONT; + } + if (!hostdb_enable || (!*hash.host_name && !hash.ip.isValid())) { if (action.continuation) { action.continuation->handleEvent(EVENT_HOST_DB_LOOKUP, nullptr);
[trafficserver] branch master updated (1ad1270 -> 571d11e)
This is an automated email from the ASF dual-hosted git repository. bcall pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git. from 1ad1270 Cleanup: Make _next_round_robin uint64_t add 571d11e This improves on #3008, making the code clearer No new revisions were added by this update. Summary of changes: proxy/http/HttpSM.cc | 14 -- 1 file changed, 8 insertions(+), 6 deletions(-)
[trafficserver] branch master updated: Cleanup: Make _next_round_robin uint64_t
This is an automated email from the ASF dual-hosted git repository. bcall pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new 1ad1270 Cleanup: Make _next_round_robin uint64_t 1ad1270 is described below commit 1ad12700c2750774cf98bc3c83ff5aea6f83a79c Author: Masaori Koshiba AuthorDate: Tue Jan 8 09:07:43 2019 +0900 Cleanup: Make _next_round_robin uint64_t --- iocore/eventsystem/I_EventProcessor.h | 6 +++--- iocore/eventsystem/P_UnixEventProcessor.h | 7 +-- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/iocore/eventsystem/I_EventProcessor.h b/iocore/eventsystem/I_EventProcessor.h index 3730b49..2bf9010 100644 --- a/iocore/eventsystem/I_EventProcessor.h +++ b/iocore/eventsystem/I_EventProcessor.h @@ -303,9 +303,9 @@ public: /// The thread group ID is the index into an array of these and so is not stored explicitly. struct ThreadGroupDescriptor { std::string _name; ///< Name for the thread group. -int _count= 0; ///< # of threads of this type. -std::atomic _started = 0; ///< # of started threads of this type. -int _next_round_robin = 0; ///< Index of thread to use for events assigned to this group. +int _count = 0; ///< # of threads of this type. +std::atomic _started = 0; ///< # of started threads of this type. +uint64_t _next_round_robin = 0; ///< Index of thread to use for events assigned to this group. Que(Event, link) _spawnQueue;///< Events to dispatch when thread is spawned. EThread *_thread[MAX_THREADS_IN_EACH_TYPE] = {}; ///< The actual threads in this group. std::function _afterStartCallback = nullptr; diff --git a/iocore/eventsystem/P_UnixEventProcessor.h b/iocore/eventsystem/P_UnixEventProcessor.h index ba58de9..ed97729 100644 --- a/iocore/eventsystem/P_UnixEventProcessor.h +++ b/iocore/eventsystem/P_UnixEventProcessor.h @@ -54,12 +54,7 @@ EventProcessor::assign_thread(EventType etype) ink_assert(etype < MAX_EVENT_TYPES); if (tg->_count > 1) { -// When "_next_round_robin" grows big enough, it becomes a negative number, -// meaning "next" is also negative. And since "next" is used as an index -// into array "_thread", the result is returning NULL when assigning threads. -// So we need to cast "_next_round_robin" to unsigned int so the result stays -// positive. -next = static_cast(++tg->_next_round_robin) % tg->_count; +next = ++tg->_next_round_robin % tg->_count; } else { next = 0; }
[trafficserver] branch master updated: The mutex of NetAccept::action_->continuation is optional when the EVENT_ERROR event is called back.
This is an automated email from the ASF dual-hosted git repository. oknet pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git The following commit(s) were added to refs/heads/master by this push: new 732dd20 The mutex of NetAccept::action_->continuation is optional when the EVENT_ERROR event is called back. 732dd20 is described below commit 732dd2095547387fb0b51d86460405c668acac78 Author: Oknet Xu AuthorDate: Mon Jan 7 11:48:26 2019 +0800 The mutex of NetAccept::action_->continuation is optional when the EVENT_ERROR event is called back. In general, `NetAccept::action_->continuation` is a type of `ProtocolProbeSessionAccept` object. The mutex of `ProtocolProbeSessionAccept` is NULL to allow parallel accepts. Resolve issue #4726. --- iocore/net/UnixNetAccept.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iocore/net/UnixNetAccept.cc b/iocore/net/UnixNetAccept.cc index 21f39c4..9c3e40f 100644 --- a/iocore/net/UnixNetAccept.cc +++ b/iocore/net/UnixNetAccept.cc @@ -322,7 +322,7 @@ NetAccept::do_blocking_accept(EThread *t) return 0; } if (!action_->cancelled) { -SCOPED_MUTEX_LOCK(lock, action_->mutex, t); +SCOPED_MUTEX_LOCK(lock, action_->mutex ? action_->mutex : t->mutex, t); action_->continuation->handleEvent(EVENT_ERROR, (void *)(intptr_t)res); Warning("accept thread received fatal error: errno = %d", errno); }