You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by bc...@apache.org on 2014/08/19 05:30:41 UTC

git commit: TS-2423: Add option for server sessions that use auth headers that can be placed into the shared pool

Repository: trafficserver
Updated Branches:
  refs/heads/master 4e2647c9e -> 802065570


TS-2423: Add option for server sessions that use auth headers that can
be placed into the shared pool


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/80206557
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/80206557
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/80206557

Branch: refs/heads/master
Commit: 8020655706f012ffe0daa7990ca7a75abeb5cb21
Parents: 4e2647c
Author: Bryan Call <bc...@apache.org>
Authored: Mon Aug 18 20:29:53 2014 -0700
Committer: Bryan Call <bc...@apache.org>
Committed: Mon Aug 18 20:29:53 2014 -0700

----------------------------------------------------------------------
 CHANGES                 | 6 +++++-
 mgmt/RecordsConfig.cc   | 2 ++
 proxy/http/HttpConfig.h | 3 ++-
 proxy/http/HttpSM.cc    | 5 +++--
 4 files changed, 12 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/80206557/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index be539ef..9f73841 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,9 +1,13 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache Traffic Server 5.1.0
 
+  *) [TS-2423] Add option for server sessions that use auth headers that can
+   be placed into the shared pool
+
   *) [TS-2635] remove unused include <net/ppp_defs.h>
 
-  *) [TS-3001] GlobalSign responds 403 when OCSP request posted without Host header
+  *) [TS-3001] GlobalSign responds 403 when OCSP request posted without Host
+   header
 
   *) [TS-2722] authproxy: Eliminate the DNS lookup state, just use the client
 

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/80206557/mgmt/RecordsConfig.cc
----------------------------------------------------------------------
diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc
index d69724e..7aa6f80 100644
--- a/mgmt/RecordsConfig.cc
+++ b/mgmt/RecordsConfig.cc
@@ -460,6 +460,8 @@ RecordElement RecordsConfig[] = {
   ,
   {RECT_CONFIG, "proxy.config.http.referer_default_redirect", RECD_STRING, "http://www.example.com/", RECU_DYNAMIC, RR_NULL, RECC_NULL, NULL, RECA_NULL}
   ,
+  {RECT_CONFIG, "proxy.config.http.auth_server_session_private", RECD_INT, "1", RECU_DYNAMIC, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
+  ,
 
   //        ##############################
   //        # parent proxy configuration #

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/80206557/proxy/http/HttpConfig.h
----------------------------------------------------------------------
diff --git a/proxy/http/HttpConfig.h b/proxy/http/HttpConfig.h
index ae670f7..c465043 100644
--- a/proxy/http/HttpConfig.h
+++ b/proxy/http/HttpConfig.h
@@ -395,7 +395,7 @@ struct OverridableHttpConfigParams {
       keep_alive_enabled_in(1), keep_alive_enabled_out(1), keep_alive_post_out(1),
       server_session_sharing_match(TS_SERVER_SESSION_SHARING_MATCH_BOTH),
       server_session_sharing_pool(TS_SERVER_SESSION_SHARING_POOL_THREAD),
-      fwd_proxy_auth_to_parent(0), insert_age_in_response(1),
+      auth_server_session_private(1), fwd_proxy_auth_to_parent(0), insert_age_in_response(1),
       anonymize_remove_from(0), anonymize_remove_referer(0), anonymize_remove_user_agent(0),
       anonymize_remove_cookie(0), anonymize_remove_client_ip(0), anonymize_insert_client_ip(1),
       proxy_response_server_enabled(1), proxy_response_hsts_max_age(-1), proxy_response_hsts_include_subdomains(0),
@@ -452,6 +452,7 @@ struct OverridableHttpConfigParams {
   MgmtByte server_session_sharing_match;
   MgmtByte server_session_sharing_pool;
   //  MgmtByte share_server_sessions;
+  MgmtByte auth_server_session_private;
   MgmtByte fwd_proxy_auth_to_parent;
 
   MgmtByte insert_age_in_response;

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/80206557/proxy/http/HttpSM.cc
----------------------------------------------------------------------
diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index 7de3692..6b5ace8 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -5629,9 +5629,10 @@ HttpSM::setup_server_send_request()
     hdr_length += server_entry->write_buffer->write(t_state.internal_msg_buffer, msg_len);
     server_request_body_bytes = msg_len;
   }
+
   // If we are sending authorizations headers, mark the connection private
-  if (t_state.hdr_info.server_request.presence(MIME_PRESENCE_AUTHORIZATION | MIME_PRESENCE_PROXY_AUTHORIZATION
-					       | MIME_PRESENCE_WWW_AUTHENTICATE)) {
+  if (t_state.txn_conf->auth_server_session_private == 1 &&
+      t_state.hdr_info.server_request.presence(MIME_PRESENCE_AUTHORIZATION | MIME_PRESENCE_PROXY_AUTHORIZATION | MIME_PRESENCE_WWW_AUTHENTICATE)) {
       server_session->private_session = true;
       DebugSM("http_ss", "Setting server session to private for authorization header");
   }