Home
last modified time | relevance | path

Searched hist:98 (Results 51 – 62 of 62) sorted by relevance

123

/unit/test/
H A Dtest_tls.pydiff 1863:98a5801c01ba Fri May 07 16:42:00 UTC 2021 Andrei Zeliankou <zelenkov@nginx.com> Tests: added test for TLS with empty Subject field.
H A Dtest_php_application.pydiff 2574:98b67e77114c Wed Oct 11 15:42:00 UTC 2023 Andrei Zeliankou <zelenkov@nginx.com> Tests: added PHP test with rewrite and query string.

This test reproduces https://github.com/nginx/unit/issues/964.
/unit/src/
H A Dnxt_conf.cdiff 136:98eee55fda19 Mon Jul 10 14:55:00 UTC 2017 Valentin Bartenev <vbart@nginx.com> Configuration: nxt_conf_map_object() improvements.
H A Dnxt_port_memory.cdiff 79:98a8572b61df Fri Jun 23 16:19:00 UTC 2017 Max Romanov <max.romanov@nginx.com> Store mem_pool in buf->data instead of port for consistency.
H A Dnxt_port.cdiff 79:98a8572b61df Fri Jun 23 16:19:00 UTC 2017 Max Romanov <max.romanov@nginx.com> Store mem_pool in buf->data instead of port for consistency.
H A Dnxt_main_process.cdiff 2377:15ad23116ecc Tue Feb 28 01:59:00 UTC 2023 Andrew Clayton <a.clayton@nginx.com> Socket: Remove Unix domain listen sockets upon reconfigure.

Currently when using Unix domain sockets for requests, if unit is
reconfigured then it will fail if it tries to bind(2) again to a Unix
domain socket with something like

2023/02/25 19:15:50 [alert] 35274#35274 bind(\"unix:/tmp/unit.sock\") failed (98: Address already in use)

When closing such a socket we really need to unlink(2) it. However that
presents a problem in that when running as root, while the main process
runs as root and creates the socket, it's the router process, that runs
as an unprivileged user, e.g nobody, that closes the socket and would
thus remove it, but couldn't due to not having permission, even if the
socket is mode 0666, you need write permissions on the containing
directory to remove a file.

There are several options to solve this, all with varying degrees of
complexity and utility.

1) Give the user who the router process runs as write permission to
the directory containing the listen sockets. These can then be
unlink(2)'d from the router process.

Simple and would work, but perhaps not the most elegant.

2) Using capabilities(7). The router process could temporarily attain
the CAP_DAC_OVERRIDE capability, unlink(7) the socket, then
relinquish the capability until required again.

These are Linux specific (other systems may have similar mechanisms
which would be extra work to support). There is also a, albeit
small, window where the router process is running with elevated
privileges.

3) Have the main process do the unlink(2), it is after all the process
that created the socket.

This is what this commit implements.

We create a new port IPC message type of NXT_PORT_MSG_SOCKET_UNLINK,
that is used by the router process to notify the main process about a
Unix domain socket to unlink(2).

Upon doing a reconfigure the router process will call
nxt_router_listen_socket_release() which will close the socket, we
extend this function in the case of non-abstract Unix domain sockets, so
that it will send a message to the main process containing a copy of the
nxt_sockaddr_t structure that will contain the filename of the socket.

In the main process the handler that we have defined,
nxt_main_port_socket_unlink_handler(), for this message type will run
and allow us to look for the socket in question in the listen_sockets
array and remove it and unlink(2) the socket.

This then allows the reconfigure to work if it tries to bind(2) again to
a socket that previously existed.

Link: <https://github.com/nginx/unit/issues/669>
Link: <https://github.com/nginx/unit/pull/735>
Reviewed-by: Alejandro Colomar <alx@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
diff 2375:da12f0827443 Sat Feb 25 23:37:00 UTC 2023 Andrew Clayton <a.clayton@nginx.com> Socket: Remove Unix domain listen sockets at shutdown.

If we don't remove the Unix domain listen socket file then when Unit
restarts it get an error like

2023/02/25 23:10:11 [alert] 36388#36388 bind(\"unix:/tmp/unit.sock\") failed (98: Address already in use)

This patch makes use of the listen_sockets array, that is already
allocated in the main process but never populated, to place the Unix
domain listen sockets into.

At shutdown we can then loop through this array and unlink(2) any Unix
domain sockets found therein.

Closes: <https://github.com/nginx/unit/issues/792>
Reviewed-by: Alejandro Colomar <alx@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
H A Dnxt_port.hdiff 2377:15ad23116ecc Tue Feb 28 01:59:00 UTC 2023 Andrew Clayton <a.clayton@nginx.com> Socket: Remove Unix domain listen sockets upon reconfigure.

Currently when using Unix domain sockets for requests, if unit is
reconfigured then it will fail if it tries to bind(2) again to a Unix
domain socket with something like

2023/02/25 19:15:50 [alert] 35274#35274 bind(\"unix:/tmp/unit.sock\") failed (98: Address already in use)

When closing such a socket we really need to unlink(2) it. However that
presents a problem in that when running as root, while the main process
runs as root and creates the socket, it's the router process, that runs
as an unprivileged user, e.g nobody, that closes the socket and would
thus remove it, but couldn't due to not having permission, even if the
socket is mode 0666, you need write permissions on the containing
directory to remove a file.

There are several options to solve this, all with varying degrees of
complexity and utility.

1) Give the user who the router process runs as write permission to
the directory containing the listen sockets. These can then be
unlink(2)'d from the router process.

Simple and would work, but perhaps not the most elegant.

2) Using capabilities(7). The router process could temporarily attain
the CAP_DAC_OVERRIDE capability, unlink(7) the socket, then
relinquish the capability until required again.

These are Linux specific (other systems may have similar mechanisms
which would be extra work to support). There is also a, albeit
small, window where the router process is running with elevated
privileges.

3) Have the main process do the unlink(2), it is after all the process
that created the socket.

This is what this commit implements.

We create a new port IPC message type of NXT_PORT_MSG_SOCKET_UNLINK,
that is used by the router process to notify the main process about a
Unix domain socket to unlink(2).

Upon doing a reconfigure the router process will call
nxt_router_listen_socket_release() which will close the socket, we
extend this function in the case of non-abstract Unix domain sockets, so
that it will send a message to the main process containing a copy of the
nxt_sockaddr_t structure that will contain the filename of the socket.

In the main process the handler that we have defined,
nxt_main_port_socket_unlink_handler(), for this message type will run
and allow us to look for the socket in question in the listen_sockets
array and remove it and unlink(2) the socket.

This then allows the reconfigure to work if it tries to bind(2) again to
a socket that previously existed.

Link: <https://github.com/nginx/unit/issues/669>
Link: <https://github.com/nginx/unit/pull/735>
Reviewed-by: Alejandro Colomar <alx@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
H A Dnxt_controller.cdiff 44:98ba4675f2d7 Mon May 15 19:39:00 UTC 2017 Valentin Bartenev <vbart@nginx.com> Controller: trivial abilities to save and request configuration.

Now you can get current configuration with:

$ curl 127.0.0.1:8443

and put new configuration with:

$ curl -X PUT -d @conf.json 127.0.0.1:8443
H A Dnxt_h1proto.cdiff 1600:98d5a4af7282 Fri Sep 18 10:20:00 UTC 2020 Igor Sysoev <igor@sysoev.ru> Fixed segmentation fault during reconfiguration.

If idle connection was closed before h1proto had been allocated
then c->socket.data is NULL. This happens if nxt_h1p_idle_response()
is called by nxt_h1p_idle_close(). However, h1p->conn_write_tail
is used only in nxt_h1p_request_send() that would not be called
after nxt_h1p_idle_response().

The bug was introduced in f237e8c553fd.
H A Dnxt_runtime.cdiff 2375:da12f0827443 Sat Feb 25 23:37:00 UTC 2023 Andrew Clayton <a.clayton@nginx.com> Socket: Remove Unix domain listen sockets at shutdown.

If we don't remove the Unix domain listen socket file then when Unit
restarts it get an error like

2023/02/25 23:10:11 [alert] 36388#36388 bind(\"unix:/tmp/unit.sock\") failed (98: Address already in use)

This patch makes use of the listen_sockets array, that is already
allocated in the main process but never populated, to place the Unix
domain listen sockets into.

At shutdown we can then loop through this array and unlink(2) any Unix
domain sockets found therein.

Closes: <https://github.com/nginx/unit/issues/792>
Reviewed-by: Alejandro Colomar <alx@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
H A Dnxt_router.cdiff 2377:15ad23116ecc Tue Feb 28 01:59:00 UTC 2023 Andrew Clayton <a.clayton@nginx.com> Socket: Remove Unix domain listen sockets upon reconfigure.

Currently when using Unix domain sockets for requests, if unit is
reconfigured then it will fail if it tries to bind(2) again to a Unix
domain socket with something like

2023/02/25 19:15:50 [alert] 35274#35274 bind(\"unix:/tmp/unit.sock\") failed (98: Address already in use)

When closing such a socket we really need to unlink(2) it. However that
presents a problem in that when running as root, while the main process
runs as root and creates the socket, it's the router process, that runs
as an unprivileged user, e.g nobody, that closes the socket and would
thus remove it, but couldn't due to not having permission, even if the
socket is mode 0666, you need write permissions on the containing
directory to remove a file.

There are several options to solve this, all with varying degrees of
complexity and utility.

1) Give the user who the router process runs as write permission to
the directory containing the listen sockets. These can then be
unlink(2)'d from the router process.

Simple and would work, but perhaps not the most elegant.

2) Using capabilities(7). The router process could temporarily attain
the CAP_DAC_OVERRIDE capability, unlink(7) the socket, then
relinquish the capability until required again.

These are Linux specific (other systems may have similar mechanisms
which would be extra work to support). There is also a, albeit
small, window where the router process is running with elevated
privileges.

3) Have the main process do the unlink(2), it is after all the process
that created the socket.

This is what this commit implements.

We create a new port IPC message type of NXT_PORT_MSG_SOCKET_UNLINK,
that is used by the router process to notify the main process about a
Unix domain socket to unlink(2).

Upon doing a reconfigure the router process will call
nxt_router_listen_socket_release() which will close the socket, we
extend this function in the case of non-abstract Unix domain sockets, so
that it will send a message to the main process containing a copy of the
nxt_sockaddr_t structure that will contain the filename of the socket.

In the main process the handler that we have defined,
nxt_main_port_socket_unlink_handler(), for this message type will run
and allow us to look for the socket in question in the listen_sockets
array and remove it and unlink(2) the socket.

This then allows the reconfigure to work if it tries to bind(2) again to
a socket that previously existed.

Link: <https://github.com/nginx/unit/issues/669>
Link: <https://github.com/nginx/unit/pull/735>
Reviewed-by: Alejandro Colomar <alx@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
diff 136:98eee55fda19 Mon Jul 10 14:55:00 UTC 2017 Valentin Bartenev <vbart@nginx.com> Configuration: nxt_conf_map_object() improvements.
/unit/docs/
H A Dchanges.xmldiff 1330:98f5ae92cd7f Thu Dec 26 14:03:00 UTC 2019 Valentin Bartenev <vbart@nginx.com> Added version 1.14.0 CHANGES.

123