trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jpe...@apache.org
Subject git commit: TS-1890: authproxy caching and reliability fixes
Date Sat, 11 May 2013 20:27:29 GMT
Updated Branches:
  refs/heads/master f812fd05b -> 07466943b


TS-1890: authproxy caching and reliability fixes

  - Make sure that the requests to the authentication proxy are
  never cached. We must not accidentally use stale authentication
  information.

  - Add special handling for Content-Length when authorizing HEAD
  requests. We should not force the length to zero in this case
  because the client knows that HEAD responses must always have an
  empty body.


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/07466943
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/07466943
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/07466943

Branch: refs/heads/master
Commit: 07466943bdda4ac4d4f4b8e0ea3f145f5ae1feaf
Parents: f812fd0
Author: James Peach <jpeach@apache.org>
Authored: Thu May 9 15:18:29 2013 -0700
Committer: James Peach <jpeach@apache.org>
Committed: Sat May 11 13:26:27 2013 -0700

----------------------------------------------------------------------
 CHANGES                                     |    2 +
 plugins/experimental/authproxy/authproxy.cc |   39 ++++++++++++++++++++-
 2 files changed, 39 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/07466943/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index fd80651..186f001 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,8 @@
   Changes with Apache Traffic Server 3.3.3
 
 
+  *) [TS-1890] Authproxy plugin caching and reliability fixes.
+
   *) [TS-1868] TSREMAP_*_STOP does not stop remap plugin evaluation chain.
 
   *) [TS-1889] Refactor remap plugin request URL handling.

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/07466943/plugins/experimental/authproxy/authproxy.cc
----------------------------------------------------------------------
diff --git a/plugins/experimental/authproxy/authproxy.cc b/plugins/experimental/authproxy/authproxy.cc
index b46d3d6..f6bb726 100644
--- a/plugins/experimental/authproxy/authproxy.cc
+++ b/plugins/experimental/authproxy/authproxy.cc
@@ -162,13 +162,14 @@ struct AuthRequestContext
     TSHttpParser    hparser;// HTTP response header parser.
     HttpHeader      rheader;// HTTP response header.
     HttpIoBuffer    iobuf;
+    bool            is_head;// This is a HEAD request
     bool            read_body;
 
     const StateTransition * state;
 
     AuthRequestContext()
             : txn(NULL), cont(NULL), vconn(NULL), hparser(TSHttpParserCreate()),
-                rheader(), iobuf(TS_IOBUFFER_SIZE_INDEX_4K), read_body(true), state(NULL)
{
+                rheader(), iobuf(TS_IOBUFFER_SIZE_INDEX_4K), is_head(false), read_body(true),
state(NULL) {
         this->cont = TSContCreate(dispatch, TSMutexCreate());
         TSContDataSet(this->cont, this);
     }
@@ -252,6 +253,25 @@ pump:
     return TS_EVENT_NONE;
 }
 
+// Return whether the client request was a HEAD request.
+static bool
+AuthRequestIsHead(TSHttpTxn txn)
+{
+    TSMBuffer   mbuf;
+    TSMLoc      mhdr;
+    int         len;
+    bool        is_head;
+
+    TSReleaseAssert(
+        TSHttpTxnClientReqGet(txn, &mbuf, &mhdr) == TS_SUCCESS
+    );
+
+    is_head = (TSHttpHdrMethodGet(mbuf, mhdr, &len) == TS_HTTP_METHOD_HEAD);
+
+    TSHandleMLocRelease(mbuf, TS_NULL_MLOC, mhdr);
+    return is_head;
+}
+
 // Chain the response header hook to send the proxy's authorization response.
 static void
 AuthChainAuthorizationResponse(AuthRequestContext * auth)
@@ -288,6 +308,7 @@ AuthWriteHeadRequest(AuthRequestContext * auth, const sockaddr * /* saddr
ATS_UN
     );
 
     HttpSetMimeHeader(rq.buffer, rq.header, TS_MIME_FIELD_CONTENT_LENGTH, 0u);
+    HttpSetMimeHeader(rq.buffer, rq.header, TS_MIME_FIELD_CACHE_CONTROL, "no-cache");
 
     HttpDebugHeader(rq.buffer, rq.header);
 
@@ -350,6 +371,7 @@ AuthWriteRedirectedRequest(AuthRequestContext * auth, const sockaddr *
saddr)
 
     HttpSetMimeHeader(rq.buffer, rq.header, TS_MIME_FIELD_HOST, hostbuf);
     HttpSetMimeHeader(rq.buffer, rq.header, TS_MIME_FIELD_CONTENT_LENGTH, 0u);
+    HttpSetMimeHeader(rq.buffer, rq.header, TS_MIME_FIELD_CACHE_CONTROL, "no-cache");
 
     HttpDebugHeader(rq.buffer, rq.header);
 
@@ -434,6 +456,9 @@ StateAuthProxyConnect(AuthRequestContext * auth, void * edata)
         break;
     }
 
+    auth->is_head = AuthRequestIsHead(auth->txn);
+    AuthLogDebug("client request %s a HEAD request", auth->is_head ? "is" : "is not");
+
     auth->vconn = TSHttpConnect(&addr.sa);
     if (auth->vconn == NULL) {
         return TS_EVENT_ERROR;
@@ -510,7 +535,12 @@ StateAuthProxySendResponse(AuthRequestContext * auth, void * /* edata
ATS_UNUSED
         TSHttpHdrCopy(mbuf, mhdr, auth->rheader.buffer, auth->rheader.header) == TS_SUCCESS
     );
 
-    HttpSetMimeHeader(mbuf, mhdr, TS_MIME_FIELD_CONTENT_LENGTH, 0u);
+    // We must not whack the content length for HEAD responses, since the
+    // client already knows that there is no body. Forcing content length to
+    // zero breaks hdiutil(1) on Mac OS X.
+    if (!auth->is_head) {
+        HttpSetMimeHeader(mbuf, mhdr, TS_MIME_FIELD_CONTENT_LENGTH, 0u);
+    }
 
     TSHttpTxnReenable(auth->txn, TS_EVENT_HTTP_CONTINUE);
     TSHandleMLocRelease(mbuf, TS_NULL_MLOC, mhdr);
@@ -681,6 +711,11 @@ AuthProxyGlobalHook(TSCont /* cont ATS_UNUSED */, TSEvent event, void
* edata)
     case TS_EVENT_HTTP_OS_DNS:
         // Ignore internal requests since we generated them.
         if (TSHttpIsInternalRequest(ptr.txn) == TS_SUCCESS) {
+            // All our internal requests *must* hit the origin since it is the
+            // agent that needs to make the authorization decision. We can't
+            // allow that to be cached.
+            TSHttpTxnReqCacheableSet(ptr.txn, 0);
+
             AuthLogDebug("re-enabling internal transaction");
             TSHttpTxnReenable(ptr.txn, TS_EVENT_HTTP_CONTINUE);
             return TS_EVENT_NONE;


Mime
View raw message