Graham Leggett [Fri, 11 Apr 2008 18:41:53 +0000 (18:41 +0000)]
Move the KeptBodySize directive, kept_body filters and the
ap_parse_request_body function out of the http module and into a
new module called mod_request, reducing the size of the core.
Jeff Trawick [Thu, 10 Apr 2008 15:33:05 +0000 (15:33 +0000)]
rotatelogs: Log the current file size and error code/description
when failing to write to the log file.
Sometimes users have a hard time believing that their little log
file was really big enough to reach quota/filesystem/other limit
back at the time of the error.
Move the initialization of rebind to the post_config handler so that it is done during the actual module load stage rather than the preload stage. If done during the preload stage, the pool passed into the initialization function will be cleared and all allocations will be freed.
* modules/cache/mod_socache_dbm.c (struct ap_socache_instance_t): Rename
timeout field to expiry_interval.
(socache_dbm_init, socache_dbm_create): Take expiry interval from
hints rather than hard-code to 30.
(socache_dbm_expire): Update for timeout field rename.
* modules/cache/mod_socache_shmcb.c (socache_shmcb_init): Adjust for
hints and namespace; adjust subcache index sizing heuristics to use
passed-in hints.
* modules/cache/mod_socache_memcache.c (struct ap_socache_instance_t):
Add tag, taglen fields.
(socache_mc_init): Store the passed-in namespace in instance
structure.
(mc_session_id2sz): Adjust to not take context, use configured
tag as string prefix, and not use a return value.
(socache_mc_store, socache_mc_retrieve, socache_mc_remove):
Adjust for mc_session_id2sz interface changes.
* modules/ssl/ssl_scache.c (ssl_scache_init): Pass namespace and hints
to socache provider init function.
Joe Orton [Tue, 8 Apr 2008 13:49:52 +0000 (13:49 +0000)]
* modules/cache/ap_socache.h: Add ap_socache_instance_t object type.
Adjust the provider interface to use this instance type throughout.
* modules/cache/mod_socache_dbm.c,
modules/cache/mod_socache_memcache.c,
modules/cache/mod_socache_shmcb.c,
modules/cache/mod_socache_dc.c: Adjust all implementations to
define the instance object in place of the "struct context", and
to take this object directly in the provider interface.
Joe Orton [Tue, 8 Apr 2008 10:47:04 +0000 (10:47 +0000)]
Session cache interface redesign, Part 8:
Abstract out the mod_ssl session caching interface into a separate set
of modules, mod_socache_*.
* modules/cache/ap_socache.h: New file.
* modules/cache/config.m4: Copy CHECK_DISTCACHE from ../ssl/config.m4;
add new socache modules.
* modules/cache/mod_socache_dbm.c: Copied from ../ssl/ssl_scache_dbm.c.
s/ssl_scache_/socache_/; add module structure and register_hooks.
* modules/cache/mod_socache_shmcb.c: Copied from ../ssl/ssl_scache_shmcb.c.
s/ssl_scache_/socache_/; add module structure and register_hooks.
Add SHMCB_MAX_SIZE definition, replacing APR_SHM_MAXSIZE.
* modules/cache/mod_socache_memcache.c: Copied from
../ssl/ssl_scache_memcache.c.
s/ssl_scache_/socache_/; add module structure and register_hooks.
Enable for APR-Util 1.3.x at compile-time, omitting configure-time
checks.
* modules/cache/mod_socache_dc.c: Copied from ../ssl/ssl_scache_dc.c.
s/ssl_scache_/socache_/; add module structure and register_hooks.
* In the case that we fail to read the response line from the backend and if
we are a reverse proxy request shutdown the connection WITHOUT ANY response
to trigger a retry by the client if allowed (as for idempotent requests).
BUT currently we should not do this if the request is the first request on
a keepalive connection as browsers like seamonkey only display an empty page
in this case and do not do a retry.
Joe Orton [Mon, 7 Apr 2008 16:03:49 +0000 (16:03 +0000)]
Clean up some more error handling in mod_ssl:
* modules/ssl/ssl_engine_io.c (ssl_filter_io_shutdown): Remove
redundant return value (which was always success).
(ssl_io_filter_handshake): Return APR_ECONNABORTED on handshake
failure, rather than success.
(ssl_io_filter_output): Ignore ssl_filter_io_shutdown return
value.
Joe Orton [Mon, 7 Apr 2008 15:05:14 +0000 (15:05 +0000)]
Clean up some error handling in mod_ssl:
* modules/ssl/ssl_engine_io.c: Define new error codes in the APR status
code range, MODSSL_ERROR_BAD_GATEWAY and MODSSL_ERROR_HTTP_ON_HTTPS;
use these HTTP_* constants directly as apr_status_t values.
(ssl_io_filter_error): Use new constants.
(ssl_io_filter_handshake): Return purely an APR status value rather
than a mixture of HTTP_* constants, OpenSSL error codes, and APR
status values.
If you study all of the directive implementations, you'll note
that we get less than 20% of the NOT_IN_LIMIT rules correct.
<Limit > works in about 4 directive contexts and yet, we ignore
this fact for 100's of directives. Simply eliminate this
nonsense in anticipation of a 100% solution.
If you study all of the directive implementations, you'll note
that we get less than 20% of the NOT_IN_LIMIT rules correct.
<Limit > works in about 4 directive contexts and yet, we ignore
this fact for 100's of directives. Simply eliminate this
nonsense in anticipation of a 100% solution.
Graham Leggett [Sat, 5 Apr 2008 23:52:38 +0000 (23:52 +0000)]
Optimisation: We have no need to distiguish between a Cookie and a Cookie2 when reading cookies, the
cookie read code reads both at once. [Ruediger Pluem]
Graham Leggett [Sat, 5 Apr 2008 23:35:00 +0000 (23:35 +0000)]
Clarify the operation of the SessionCryptoPassphrase directive as raised by rpluem. When
SessionCryptoCertificateFile is set, asymmetrical encryption will be used, and SessionCryptoPassphrase
will be interpreted as the passphrase protecting the private key. When SessionCryptoCertificateFile
is not set, symmetrical encryption is used, and SessionCryptoPassphrase will contain the key to
use. Make sure that the engine parameter is properly passed into the crypto functions, and fix a
missing cleanup on an error case.
Graham Leggett [Sat, 5 Apr 2008 18:59:40 +0000 (18:59 +0000)]
mod_session_dbd: Add a session implementation capable of storing
session information in a SQL database via the dbd interface. Useful
for sites where session privacy is important.
Graham Leggett [Fri, 4 Apr 2008 16:11:31 +0000 (16:11 +0000)]
mod_session_crypto: Add a session encoding implementation capable
of encrypting and decrypting sessions wherever they may be stored.
Introduces a level of privacy when sessions are stored on the
browser.
Graham Leggett [Fri, 4 Apr 2008 16:02:22 +0000 (16:02 +0000)]
mod_session_cookie: Add a session implementation capable of storing
session information within cookies on the browser. Useful for high
volume sites where server bound sessions are too resource intensive.
Chris Darroch [Thu, 3 Apr 2008 21:51:07 +0000 (21:51 +0000)]
Avoid calling access control hooks for internal requests with
configurations which match those of the initial request. Revert to
the original behaviour (call access control hooks for internal requests
with URIs different from the initial request) if any access control hooks
or providers are not registered as permitting this optimization.
Introduce wrappers for access control hook and provider registration
which can accept additional mode and flag data.
The configuration walk optimizations were originally proposed a while
ago (see http://marc.info/?l=apache-httpd-dev&m=116536713506234&w=2);
they have been used since then in production systems and appear to be
stable and effective. They permit certain combinations of modules
and clients to function efficiently, especially when a deeply recursive
series of internal requests, such as those generated by certain WebDAV
requests, are all subject to the identical authentication and authorization
directives.
The major change from the original proposal is a cleaner mechanism for
detecting modules which may expect the old behaviour. This has been
tested successfully with Subversion's mod_authz_svn, which specifically
requires the old behaviour when performing path-based authorization based
against its own private access control configuration files.
projects / apache / log