* HTTP client and server now support unix domain sockets
via AsioPolySock abstraction.
* HTTP server now supports Basic auth credentials.
* HTTP server now supports peercred authentication
over unix domain sockets.
* HTTP server now supports file creation permission
bits on unix domain socket.
* Added udstest tool to test HTTP client over unix domain
sockets.
The original commit has some unintended side effects
that break server-side code.
This commit tries a different approach: do an early
return from http_in() when buffer size is zero.
Signed-off-by: James Yonan <james@openvpn.net>
I observed a case where http_in() (running as a client) called
parent().base_http_done_handler() twice for the same transaction!
Normally the 'ready' var blocks this sort of behavior, but with
a high-speed persistent session, the 'ready' var can transition
so quickly as to create a window for a double-done race.
The fix is to use a more robust filter against unsolicited input
after base_http_done_handler() is called by setting rr_status to
REQUEST_REPLY::Parser::undefined. This value is never matched
in httpcommon, so it effectively turns http_in() into a no-op when
set.
There is also the question of whether unsolicited input should
be considered a fatal error on a persistent session. It probably
should, but this fix focuses on a corner case where http_in()
is called with a zero-length buffer, presumably from the SSL/TLS
layer.
Signed-off-by: James Yonan <james@openvpn.net>
At debug_level 1, only show timeouts if they occur
within a request/reply transaction, not if they
are triggered outside of a transaction by the
expiration of keepalive.
Signed-off-by: James Yonan <james@openvpn.net>
Because pgapi and ccds use this method as an anti-DoS measure,
it means that POSTS of > 4096 bytes that fail authentication
would permanently lower the future max POST size to 4096 bytes
until server restart.
This is to prevent attacks where a large number of very
small messages (such as 1 byte each) are sent to the
server to force it to consume more memory than the
max_content_bytes limit would normally allow.
Both Client/Server side:
1. Support asynchronous sending of content via
set_async_out() and http_content_out_finish()
methods and http_content_out_needed() callback.
2. Added ContentInfo::extra_headers for caller-defined
extra HTTP headers.
3. Made ContentInfo::CHUNKED into a constexpr
type to match ContentInfo::length member var.
4. Set FD_CLOEXEC on socket.
5. Added remote_ip_port() method to allow remote IP
address and port of socket to be obtained.
Client side:
1. In Host, added hint string to override transport host
when a specific IP address should be used for host
instead of resolving host via DNS.
2. Added Host::host_port_str() method.
3. Make general_timeout work like a true timeout, where
traffic resets the timer (this is how server-side
already works).
4. Added new method remote_endpoint_str() to match
the same method on server-side.
5. Added new method host_hint() to return the current Host
object, but set the hint/port fields to the live
remote IP address/port of the connection.
6. Added new callback http_mutate_resolver_results() to
allow user to modify the order of endpoint list returned
by resolver.
Server side:
1. Make content_len_t into a 64-bit signed int since one
of its possible values is -1 for CHUNKED.
2. Added ContentInfo::no_cache member var to trigger headers
telling clients to not cache the content.
3. Added Factory::stop() virtual method for users to
optionally override.
4. Made get_client_id() method public.
5. Fixed issue where code that allocates a client_id
wasn't actually calling new_client_id().
* Fixed issue where HTTP server did not detect
mid-session client disconnect.
* Implement parent_handoff (for proxies).
* Improved handling of residual content, allowing
HTTP 1.1 pipelining to be supported.
As noted in the Asio documentation, an AsioTimer handler can be
called with a non-error status after timer cancellation.
Unfortunately, this can lead to race conditions, so I'm moving over
all AsioTimer users to AsioTimerSafe when I don't see the handler
clearly checking for late cancellation.
Signed-off-by: James Yonan <james@openvpn.net>
Sometimes when machine wakes from sleep,
it takes too long for agent service to start. This causes
an error which core treats as fatal and stops connection.
Fix by detecting timeout and throw non-fatal error, which
makes core reconnect.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
