Commit Graph

2271 Commits

Author SHA1 Message Date
Glenn Strauss aa14493e47 [tests] reduce time waiting for backends to start
reduce time spent waiting for backends to start

tests check for active listening port before proceeding

test runs now complete in about 2/3 the time
2017-03-19 23:48:50 -04:00
Glenn Strauss 1804ccbd6d [mod_scgi] do not reconnect after connect succeeds
apply diff from commit:2eaf42d0 made to mod_fastcgi.c back in 2009

(change is being made for (a bit more) consistency between the modules
 as mod_scgi.c was forked from mod_fastcgi.c a very long time ago, as
 well as to remove call to sleep for 10ms (usleep(10000) from mod_scgi)

  "fastcgi incomplete header might crash lighty"
2017-03-19 23:48:50 -04:00
Glenn Strauss 3b7ab403be [mod_cgi] eliminate warning when compiled -Os 2017-03-19 23:48:50 -04:00
Glenn Strauss a22c126323 [core] remove now-unused buffer_search_string_len
(just use strstr(), if desired)
2017-03-19 23:48:50 -04:00
Glenn Strauss 0a635fc8be [core] consolidate dynamic handler response parse
- consolidate dynamic handler HTTP response parsing code
- reduce string copies for CGI, FastCGI, SCGI, proxy response headers
- let read() signal EOF or EAGAIN instead of ioctl FIONREAD 0-data-ready
2017-03-19 23:48:50 -04:00
Glenn Strauss 76ad82434f [mod_proxy] remove use of con->got_response 2017-03-15 13:19:18 -04:00
Glenn Strauss 0ec41d6d80 [core] remove unused member con->in_joblist 2017-03-15 13:16:13 -04:00
Glenn Strauss 1485cb401b [core] fix crash if invalid config file (fixes #2798)
If lighttpd.conf is invalid, some modules may not have initialized their
per-context config structures, but will have their free-functions
called, which should not be run on uninitialized per-context configs.

  "Segfault with simple-vhost.debug = "enable""
2017-03-13 19:30:09 -04:00
Glenn Strauss 46ff978fa0 [doc] simple-vhost.debug takes an integer value (fixes #2797) 2017-03-13 13:50:07 -04:00
Glenn Strauss 83759aede6 [mod_auth] Digest nonce on system with time <=1978
On systems with time prior to Jul 4 1978 21:24:15,
the hex string of the timestamp is fewer than 8 chars.

(thx daveoman)
2017-03-13 13:50:07 -04:00
Glenn Strauss e4bb56222f [mod_cgi,fastcgi,scgi,proxy] fix streaming response (fixes #2796)
fix streaming response when = 2
and client catches up to stream from backend

(thx horgh)

  "mod_fastcgi can fail to read entire response from server"
2017-03-13 13:49:17 -04:00
Glenn Strauss f94d666d15 [mod_authn_gssapi] needs -lcom_err under cygwin 2017-03-10 02:42:35 -05:00
Glenn Strauss bd77abe0f8 [config] more specific checks for array lists
More specific checks on contents of array lists.  Each module using
lists now does better checking on the types of values in the list
(strings, integers, arrays/lists)

This helps prevent misconfiguration of things like cgi.assign,
fastcgi.server, and scgi.server, where source code might be
served as static files if parenthesis are misplaced.

2017-03-08 11:42:59 -05:00
Glenn Strauss 970f337c29 [core] reduce con allocation for small max_conns
reduce con allocation for small server.max_conns
(do not allocate structures that will never be used)
2017-03-01 19:21:04 -05:00
Glenn Strauss 18905bca2b update .gitignore, add .gitattributes 2017-02-28 12:01:53 -05:00
Glenn Strauss 3399b0dd16 [core] default server.max-fds=4096 if unspecified (#2789)
  "lighttpd cores on AIX when nofiles is unlimited"
2017-02-28 11:34:04 -05:00
Glenn Strauss 8ddb727d5c [mod_usertrack] usertrack.cookie-attrs config opt (fixes #2795)
usertrack.cookie-attrs allows user to add arbitrary attributes to the
  cookie set by mod_usertrack, including attributes Secure and HttpOnly
  as well as Path

usertrack.cookie-attrs is appended as-is to cookie string
  and therefore must be properly URL-encoded

usertrack.cookie-attrs, if set, replaces *all* other cookie attributes,
  including "; Path=/; Version=1" as well as the Domain= and Max-Age=
  attributes if usertrack.cookie-domain and usetrack.cookie-max-age set,
  so those should be part of usertrack.cookie-attrs if desired

  usertrack.cookie-name  = "TRACKID"    # (default)
  usertrack.cookie-attrs = "; Path=/; Version=1;; Max-Age=86400; Secure; HttpOnly"

  "mod_usertrack should have an option to set the 'Secure' and 'HttpOnly' flags on the cookie"
2017-02-27 12:16:32 -05:00
Glenn Strauss 78047a3c1b [core] $REQUEST_HEADER[...] subsumes other config (#1556)
  "Allow matching against any arbitrary HTTP header in the configuration file regexps"
2017-02-27 02:05:56 -05:00
Glenn Strauss 57ab20ace5 [mod_cgi] cgi.local-redir = [enable|disable] (#2108, #2793)
new directive cgi.local-redir = [enable|disable]

*disable* RFC3875 6.2.2 local-redir by default.
(behavior change from when local-redir support added in lighttpd 1.4.40)

The reason for this behavior change is that CGI local-redir support
(RFC3875 6.2.2) is an optimization.  Absence of support may result in
additional latency in servicing a request due the additional round-trip
to the client, but that was the prior behavior (before lighttpd 1.4.40)
and is the behavior of web servers which do not support CGI local-redir.

However, enabling CGI local-redir by default may result in broken links
in the case where a user config (unaware of CGI local-redir behavior)
returns HTML pages containing *relative* paths (not root-relative paths)
which are relative to the location of the local-redir target document,
and the local-redir target document is located at a different URL-path
from the original CGI request.

  RFC3875 CGI 1.1 specification section 6.2.2 Local Redirect Response
  "CGI local redirect not implemented correctly"
  "1.4.40 regression: broken redirect (using Location) between url.rewrite-once URLs"
2017-02-26 18:03:10 -05:00
Glenn Strauss d569572112 [mod_vhostdb_ldap] fix inverted logic (coverity)
fix inverted logic identified by coverity

silence other coverity warnings
2017-02-26 10:54:43 -05:00
Glenn Strauss ab077790f2 [tests] correct skip count for mod-scgi.t 2017-02-25 16:02:50 -05:00
Glenn Strauss 350d39b4ca [core] fix regex condition subst w/ mod_extforward (fixes #2794)
  "1.4.40 regression: regexp subst vars mangled by config-glue condition caching"
2017-02-25 12:41:21 -05:00
Glenn Strauss 51ff7ac504 [mod_cgi] status 200 OK if no hdrs (deprecated) (#2786)
set status 200 OK if CGI does not return CGI headers

This mode in lighttpd is deprecated and may be removed in the next major
release of lighttpd.  CGI scripts should return a proper CGI header in
the response, even if that header is empty and followed by a blank line,
before return response body.

Without a proper CGI response header, the first line(s) of the response
might be incorrectly construed as being CGI response headers, especially
if they contain ':', and response may be corrupted.  That is why this
mode is deprecated (and not supported in numerous other web servers).

The minimal valid CGI response header is "\n", which lighttpd will treat
as equivalent to "Status: 200\n\n"

  "error 500 (mod_cgi.c.601) cgi died"
2017-02-25 12:41:21 -05:00
Glenn Strauss 1dd5cce3bc [mod_fastcgi,mod_scgi] consolidate backend process accounting (#2788)
consolidate backend process accounting for consistency

  "FreeBSD/1.4.45/SSL: requests getting stuck in handle-req state occasionally"
2017-02-25 12:41:21 -05:00
Glenn Strauss 23c3535efc [mod_scgi] fix potential repeated use of proc->id
host->max_id is now number of procs allocated
proc->id is used when generated unix socket name or port for proc
2017-02-25 12:41:21 -05:00
Glenn Strauss 317b7e5fc6 [mod_scgi] fix unused_procs bidirectional-links 2017-02-25 12:41:20 -05:00
Glenn Strauss ab85841b14 [mod_cgi] fix CGI local-redir w/ url.rewrite-once (fixes #2793)
  "1.4.40 regression: broken redirect (using Location) between url.rewrite-once URLs"
2017-02-25 12:41:20 -05:00
Glenn Strauss fb6b4027c8 [mod_fastcgi,mod_scgi] consistent waitpid handling (fixes #2791)
more consistent waitpid() handling, consolidate similar code

If ECHILD received for a given pid, do not retry waitpid() for that pid

  "mod_fastcgi : pid {pid} 1 not found: No child processes"
2017-02-25 12:41:18 -05:00
Glenn Strauss 95a756dcb3 [core] issue trace if max-fds too large (fixes #2789)
  "lighttpd cores on AIX when nofiles is unlimited"
2017-02-13 14:24:53 -05:00
Glenn Strauss daa94fceee [core] move version.h logic into server.c
and remove version.h
2017-02-12 00:55:44 -05:00
Glenn Strauss bafe6abf04 [core] include lighttpd vers in server started msg 2017-02-12 00:29:05 -05:00
Glenn Strauss ce0f2f61d2 [core] set default server_tag in server.c
(instead of in configfile.c)

(now only server.c depends on version.h
 and must be recompiled after each commit)
2017-02-12 00:26:12 -05:00
Glenn Strauss 8f651a2b30 [core] config opt to intercept dynamic handler err (fixes #974)
new directive server.error-intercept = [ "enable" | "disable" ]
to intercept 4xx and 5xx responses from dynamic handlers
(e.g. CGI, FastCGI, SCGI, proxy)

Intercepted HTTP error status are then handled by one of
(if configured)

Do not use server.error-intercept with locations handled by mod_webdav!

  "would like something similar to nginx proxy_intercept_errors"
2017-02-11 14:59:15 -05:00
Glenn Strauss aa923e05f6 [mod_fastcgi,mod_scgi] backend spawn EINTR retry (#2788)
When spawning backends, retry blocking connect() to backend if EINTR
received when attempting to see if backend is already running.  EINTR
might be received if a HUP or USR1 signal is received while connecting
(or SIGCHLD on systems without SA_RESTART)

(expected to occur extremely rarely, but simple to handle properly)

  "FreeBSD/1.4.45/SSL: requests getting stuck in handle-req state occasionally"
2017-02-11 12:35:49 -05:00
Glenn Strauss 12440e89cd [core] use kqueue in level-triggered mode (fixes #2788)
use kqueue in level-triggered mode, not edge-triggered

  "FreeBSD/1.4.45/SSL: requests getting stuck in handle-req state occasionally"
2017-02-11 11:06:36 -05:00
Glenn Strauss 3209f30d11 [core] handle if backend sends Transfer-Encoding (#2786)
It is still not a good idea for backend to send Transfer-Encoding unless
backend is mod_proxy, and mod_proxy should not currently receive chunked
response since mod_proxy sends HTTP/1.0 request.

If mod_proxy is changed to sent HTTP/1.1 request, then lighttpd would
need to check if client is HTTP/1.0 and would need to de-chunk and
remove any other transfer-codings if not supported by next-hop.

  "error 500 (mod_cgi.c.601) cgi died"
2017-02-11 11:06:31 -05:00
Glenn Strauss 82501d24f2 [mod_openssl] inherit ssl.* from global scope
inherit ssl.* from global scope if $SERVER["socket"] contains
ssl.engine = "enable" and no other ssl.* settings

(In earlier versions of lighttpd, specifying ssl.engine = "enable"
 without specifying ssl.pemfile was a configuration error, so this
 change should not break any pre-existing and previously working

2017-02-02 08:48:29 -05:00
Glenn Strauss 55bf085cca [core] add label for 308 Permanent Redirect
2017-01-31 14:40:05 -05:00
Glenn Strauss 7f9209c6d4 [mod_cgi] do not send "Status" back to client
"Status" from CGI/1.1 environment should not be sent back to client.

Also, do not send "Status" back to client in mod_scgi
and more precisely parse for "Status" in mod_fastcgi
2017-01-31 14:40:05 -05:00
Glenn Strauss dde50f1939 [mod_cgi] RFC3875 CGI local-redir strict adherence (#2108)
RFC3875 CGI local-redir stricter adherence

do not apply local-redir if any response headers besides "Location"
do not apply local-redir if any response body has been received
(though it might not have been received yet, and we do not wait to find
 out, if lighttpd is configured to stream response body back to client)

  RFC3875 CGI 1.1 specification section 6.2.2 Local Redirect Response
  "CGI local redirect not implemented correctly"
2017-01-31 14:40:05 -05:00
Stefan Bühler 1c3e7095d9 [mime.conf] add text/markdown to utf-8 list, regenerate mime.conf 2017-01-31 14:40:05 -05:00
Glenn Strauss 0ae6bab4a9 [doc] SIGUSR1 doc and lighttpd-angel SIGUSR1
  add paranoid check to avoid sending kill(-1, <signal>) as root
2017-01-31 14:40:05 -05:00
Glenn Strauss b63c9011c3 [mod_rrdtool] no error if loaded but no config
there should be no error if mod_rrdtool is loaded but not configured
2017-01-31 14:40:05 -05:00
Glenn Strauss fb8057707c [mod_authn_mysql] fix minor memleak at shutdown 2017-01-31 14:40:05 -05:00
Glenn Strauss 6c1e6e660e [core] graceful restart with SIGUSR1 (fixes #2785)
more consistent cleanup of resources at shutdown
(e.g. upon error conditions)

Notes: graceful restart with SIGUSR1
- not available if chroot()ed, oneshot mode, or if idle timeout occurs
- preserve process id (pid)
- preserve existing listen sockets
  - i.e. does not close old listen sockets from prior configs
    (even if old listen sockets no longer in the new config)
    (sockets may have been bound w/ root privileges no longer available)
  - will fail to add listen sockets from new config if privileges
    lighttpd configured to drop privileges to non-root user, and
    new listen socket attempts to bind to low-numbered port requiring
    root privileges.
  - will fail if listen sockets in new config conflict with any previous
    old listen sockets
  - These failure modes will result in lighttpd shutting down instead of
    graceful restart.  These failure modes are not detectable with
    preflight checks ('lighttpd -tt -f lighttpd.conf') because the
    new instance of lighttpd running the preflight check does not
    known config state of n prior graceful restarts, or even the
    config state of the currently running lighttpd server.
- due to lighttpd feature of optionally managing backends
  (e.g. fastcgi and scgi via "bin-path"), lighttpd must wait for
  all child processes to exit prior to restarting.  Restarting new
  workers while old workers (and old backends) were still running would
  result in failure of restarted lighttpd process to be able to bind to
  sockets already in use by old backends (e.g. unix "socket" path)

  "graceful restart with SIGUSR1"
2017-01-31 14:40:05 -05:00
Glenn Strauss b0c66266d9 [core] initialize globals at top of main()
initialize globals (including file-scoped static globals) at top of main
2017-01-31 14:40:05 -05:00
Glenn Strauss 3cd822b5e0 [core] move interval timer near worker event loop
(interval timer is currently unused)
2017-01-31 14:40:05 -05:00
Glenn Strauss 733fa06cdb [core] combine duplicated getrlimit, network_init
combine duplicated getrlimit, network_init code which was duplicated
and only slightly modified for root and non-root.
2017-01-31 14:40:05 -05:00
Glenn Strauss 0a6eaf2e49 [core] check issetugid() early in main() 2017-01-31 14:40:05 -05:00
Glenn Strauss 92c724eac6 [doc] doc/initscripts.txt (fixes #2782)
add doc/initscripts.txt with description of lighttpd signal handling
  and links to the initscripts of various operating system distros

remove doc/initscripts/*

  "init scripts outdated, should be removed"
2017-01-31 14:40:02 -05:00