Enable UAC transition from ApacheMonitor running as a vanilla user without priv
into a copy runas administrator with permissions (closing the original monitor),
in response to any start/stop/restart request who's control permissions failed.
This happens to work on Win2000 and later, although it is actually needed in
Win2008 or Vista and later, where by default under UAC, the admin user actually
has no permissions to control services unless the app is run elevated.
We don't want to do this at start time, and assault the user with auth attempts
at login before they have even asked to use the features of the Monitor. Once
we've made the transition, we'll leave the new monitor running elevated. Some
branding with the "security" shield icon is actually recommended by the CUA, but
I'm neglecting this for the moment.
This patch drops the single instance mutex for a search of existing windows of
our window's class & title, which is localized to the current session and just fine
for the purpose of restricting multiple invocations.
Joe Orton [Tue, 4 Mar 2008 16:14:10 +0000 (16:14 +0000)]
Session cache interface redesign, Part 7:
Clean up provider interface, removing use of mod_ssl-specific types:
* modules/ssl/ssl_private.h (modssl_sesscache_provider): Replace BOOL
with apr_status_t, UCHAR with unsigned char; use 'unsigned int' for
idlen; constify id arguments; remove pool argument from ->status.
* modules/ssl/ssl_scache.c (ssl_scache_retrieve, ssl_scache_store):
Adjust for BOOL->apr_status_t change.
(ssl_ext_status_hook): Update for dropped pool argument.
Nick Kew [Mon, 3 Mar 2008 06:13:59 +0000 (06:13 +0000)]
core: fix SymlinksIfOwnerMatch checking:
(1) Fix Origin checking (PR 36783 - Robert L Mathews)
(2) Check ownership if both FollowSymlinks and SymlinksIfOwnerMatch are set
replace all relevant ascii strxxx fn's with _tcsxxx macros and encode relevant text
with the _T() macro wrapper, permitting /D UNICODE builds in place of /D _MCBS
builds in use today. This allows for internationalized unicode service names and
textual modification. Since this is win32 only, using APR style utf-8-ization is silly.
Because today this module simply isn't loadable on Win95-ME, nobody has actually
complained, and we really have no desire to support such a dangerous OS in the
wild of the internet, the unicode build should become the default.
Martin Kraemer [Fri, 29 Feb 2008 12:15:56 +0000 (12:15 +0000)]
When sending a proxy request of the form
GET http://[3ffe:1:1001:3000:230:5ff:fe05:3c3c]/server-status HTTP/1.0
through the httpd-2.x mod_proxy.c code, while a directive
ProxyDomain .my.dom.ain
is in effect, the request is redirected to
Location: http://[3ffe:1:1001:3000:230:5ff:fe05:3c3c.my.dom.ain]/server-status
The patch fixes this bug, by testing whether the hostname part of the
unparsed_uri contains colon characters (which is the case only for
IPv6 literals).
This patch is also a candidate for httpd-2.0 and httpd-2.2
Joe Orton [Tue, 26 Feb 2008 16:57:56 +0000 (16:57 +0000)]
Session cache interface redesign, Part 6:
Move mutex handling up out of the session cache providers:
* modules/ssl/ssl_private.h (modssl_sesscache_provider): Add name and
flags fields. Define MODSSL_SESSCACHE_FLAG_NOTMPSAFE constant.
* modules/ssl/ssl_scache.c (ssl_scache_store, ssl_scache_retrieve,
ssl_scache_remove, ssl_ext_status_hook): Lock and release the mutex
around provider calls, if necessary.
* modules/ssl/ssl_engine_mutex.c (ssl_mutex_init): Do nothing if no
session cache is configured, or the session cache does not require a
mutex. Otherwise, fail if no mutex is configured and the session
cache *does* require a mutex.
(ssl_mutex_on, ssl_mutex_off): Remove checks for mutex mode;
functions now invoked only if necessary.
* modules/ssl/ssl_scache_dc.c, modules/ssl/ssl_scache_memcache: Set
name and flags fields in provider structures.
* modules/ssl/ssl_scache_shmcb.c, modules/ssl_scache_dbm.c: Remove
mutex handling through; set name and flags fields in provider
structures; mark both as unsafe for concurrent access in flags.
Joe Orton [Tue, 26 Feb 2008 15:25:51 +0000 (15:25 +0000)]
* modules/ssl/ssl_scache_memcache.c (mc_session_id2sz): Fix memcache
key id generation by passing the correct length to snprintf (it
was NUL terminating at the second byte with len=2);
Joe Orton [Mon, 25 Feb 2008 21:28:09 +0000 (21:28 +0000)]
Session cache interface redesign, Part 5:
Use the ap_provider interface for session cache storage providers.
* modules/ssl/mod_ssl.c (modssl_register_scache): New function.
(ssl_register_hooks): Call it.
* modules/ssl/ssl_private.h: Define MODSSL_SESSCACHE_PROVIDER_GROUP
and MODSSL_SESSCACHE_PROVIDER_VERSION constants.
Remove ssl_scmode_t type. Change nSessionCacheMode in
SSLModConfigRec into a long sesscache_mode, storing the OpenSSL
SSL_SESS_CACHE_* flags directly.
* modules/ssl/ssl_engine_config.c (ssl_config_global_create): Set
sesscache_mode to SSL_SESS_CACHE_OFF by default.
(ssl_cmd_SSLSessionCache): Remove ifdef spaghetti; fetch configured
session cache by provider name. Set mc->sesscache_mode for
configured providers.
* modules/ssl/ssl_engine_init.c (ssl_init_ctx_session_cache): Use the
configured mode flags directly from mc->sesscache_mode.
Joe Orton [Mon, 25 Feb 2008 20:09:38 +0000 (20:09 +0000)]
Session cache interface redesign, Part 4:
Move provider-specific configuration handling down into the provider
code. Eliminate all use of SSLModConfigRec within provider code.
* modules/ssl/ssl_private.h (modssl_sesscache_provider): Add 'create'
function which creates and configures the cache provider, before
initialisation. Change 'init' function to take the context pointer
as an input parameter, and reorder to be first.
* modules/ssl/ssl_scache_memcache.c (struct context): Add servers
field.
(ssl_scache_mc_create): New function.
(ssl_scache_mc_init): Use servers from context not SSLModConfigRec.
* modules/ssl/ssl_scache_dbm.c (struct context): Define.
(ssl_scache_dbm_create): New function.
(ssl_scache_dbm_init, ssl_scache_dbm_kill): Adjust to use filename
and pool from context.
(ssl_scache_dbm_store, ssl_scache_dbm_retrieve,
ssl_scache_dbm_status): Use filename from context. Use context pool
for temp storage of the DBM object, and clear before use.
(ssl_scache_dbm_expire): Remove static tLast; use last_expiry from
context. Use context pool for temp storage and clear before use.
* modules/ssl/ssl_scache_dc.c (struct context): Add target field.
(ssl_scache_dc_init, ssl_scache_dc_status): Use target from context.
* modules/ssl/ssl_scache_shmcb.c (struct context): Add data_file,
shm_size fields.
(ssl_scache_shmcb_create): New function; moved argument parsing
logic from ssl_cmd_SSLSessionCache
(ssl_scache_shmcb_init, ssl_scache_shmcb_status): Use config from
context.
* modules/ssl/ssl_engine_config.c (ssl_config_global_create): Remove
handling of old provider-specific fields.
(ssl_cmd_SSLSessionCache): Call provider ->create function to parse
the argument and create provider-specific context structure.
Joe Orton [Mon, 25 Feb 2008 14:18:32 +0000 (14:18 +0000)]
* modules/ssl/ssl_engine_init.c (ssl_init_FindCAList): Cast return
value of sk_X509_NAME_set_cmp_func to void, to avoid warnings with
recent version of OpenSSL.
Ruediger Pluem [Fri, 22 Feb 2008 22:58:42 +0000 (22:58 +0000)]
* Second part of fix for PR 44402:
- Fix the same race condition in event MPM.
- Slightly optimize code in worker MPM by removing the need for an additional
dereference operation.
- Do some word smithing on the CHANGES entry.
Joe Orton [Fri, 22 Feb 2008 21:09:40 +0000 (21:09 +0000)]
Session cache interface redesign, Part 3:
Move provider-private context out of SSLModConfigRec and into an
opaque context pointer. Use real error propagation in the ->init
functions rather than ssl_die().
* modules/ssl/ssl_private.h (modssl_sesscache_provider): Take a
context out-parameter from ->init, and return an apr_status_t.
Add context pointer as first arg for the other function types.
(SSLModConfigRec): Remove tSessionCacheData* fields; add
sesscache_context field.
* modules/ssl/ssl_scache.c (ssl_scache_init): Move once-per-process
invocation check back into here.
(ssl_scache_*): Adjust to use context pointer.
* modules/ssl/ssl_scache_shmcb.c, modules/ssl/ssl_scache_dc.c,
modules/ssl/ssl_scache_dbm.c: Adjust all implementations to use
opaque context pointer.
* modules/ssl/ssl_scache_memcache.c: Move memcache context into the
context structure rather than using global state.
* modules/ssl/ssl_engine_config.c: Remove handling of
pSessionCacheData* fields in SSLModConfigRec.
Joe Orton [Fri, 22 Feb 2008 19:58:39 +0000 (19:58 +0000)]
Move SSL session data deserialization up out of the session cache
storage providers; includes a significant change to the shmcb storage
structure:
* modules/ssl/ssl_private.h (modssl_sesscache_provider): Change
retrieve function to take dest/destlen output buffer, to take a
constant id paramater, and to return a BOOL.
* modules/ssl/ssl_scache_shmcb.c: Store the whole ID in the cache
before the data, so that each index can be compared against the
requested ID without deserializing the data. This requires approx
20% extra storage per session in the common case, though should
reduce CPU overhead in some retrieval paths.
(SHMCBIndex): Replace s_id2 field with id_len.
(shmcb_cyclic_memcmp): New function.
(ssl_scache_shmcb_init): Change the heuristics to allow for increase
in per-session storage requirement.
(ssl_scache_shmcb_retrieve): Drop requirement on ID length.
(shmcb_subcache_store): Store the ID in the cyclic buffer.
(shmcb_subcache_retrieve, shmcb_subcache_remove): Compare against
the stored ID rather than deserializing the data.
(ssl_scache_shmcb_retrieve, ssl_scache_shmcb_store): Update
accordingly.
Joe Orton [Fri, 22 Feb 2008 12:00:49 +0000 (12:00 +0000)]
Move SSL session data serialization up out of the session cache
storage providers:
* modules/ssl/ssl_private.h (modssl_sesscache_provider): Change
'store' interface to take a data/length pair rather than an
SSL_SESSION pointer.
* modules/ssl/ssl_scache.c (ssl_scache_store): Serialize the SSL
session here and pass down the raw DER.
* modules/ssl/ssl_scache_dc.c, modules/ssl_scache_mc.c,
modules/ssl_scache_shmcb.c, modules/ssl_scache_dbm.c: Adjust ->store
implementations accordingly, removing the four sets of identical
code doing the i2d dance.
Joe Orton [Fri, 22 Feb 2008 11:36:51 +0000 (11:36 +0000)]
Re-implement the SSL session cache abstraction using a vtable; first
step towards use of the ap_provider interface:
* modules/ssl/ssl_private.h (modssl_sesscache_provider): Add new
vtable type.
(SSLModConfigRec): Reference the vtable here.
Replace all the ssl_scache_* prototypes with provider vtable objects.
* modules/ssl/ssl_scache.c (ssl_scache_init, ssl_scache_kill,
ssl_scache_retrieve, ssl_scache_store, ssl_scache_remove,
ssl_ext_status_hook): Use callbacks from vtable rather than ifdef
spaghetti.
* modules/ssl/ssl_engine_init.c (ssl_init_ctx_session_cache):
Only install the OpenSSL callbacks if a vtable is configured.
* modules/ssl/ssl_engine_config.c (ssl_cmd_SSLSessionCache): Set up
vtable pointer.
* modules/ssl/ssl_scache_dc.c, modules/ssl_scache_mc.c: Adjust to make
implementations static, and add vtable definition.
* modules/ssl_scache_shmcb.c: Likewise; also move the init
one-per-process requirement down here.
* modules/ssl_scache_dbm.c: Likewise; also (temporarily) use a local
subpool in the store callback.
Eric Covener [Wed, 20 Feb 2008 21:17:17 +0000 (21:17 +0000)]
*) mod_charset_lite: Add ForceAllMimeTypes sub-option to
CharsetOptions, allowing the administrator to skip the
mimetype checking that precedes translation.
PR 44458 [Eric Covener]
Jim Jagielski [Thu, 14 Feb 2008 13:16:52 +0000 (13:16 +0000)]
This is really really out of date... try to refresh it;
remove the current "list" of people for now, maybe add link
to httpd.apache.org or http://people.apache.org/~jim/projects.html#httpd
instead
Kasper Brand came across a flaw in the current implementation when CRL
information - i.e. SSLCARevocationFile/SSLCARevocationPath - is set
on a per-vhost basis (don't know how much sense it makes to have
non-global CRLs, but anyway...).
The attached patch (47B2B1A7.1060009@velox.ch on httpd-dev) addresses
this issue, and it also improves the logging behavior for an SNI
enabled configuration (previously some of the messages would
always go to the first vhost, or wouldn't appear at
all, depending on the LogLevel of the first vhost).
Addition of a test script which creates a Sample/test configuration for installations
that wants to support SNI. Primarily done as a lot of web developers find the creation
of certificates hard - and do not want to go to the expense of sourcing a handful
from a well-known CA just for testing and experimenting.
Also update the CHANGES log with the word 'SNI' as to make googling it easier.
Return a little bit more error information when, say a disk is full or something gets write protected. Note that in some cases mod_cache.c will_also_ log a 'cache: store_headers failed' subsequently.
Sub-requests are created and used with two purposes; sometimes
simply to 'see' what a request would do; as to fill out an SSI,
validate access or similar - and is then discarded. And sometimes
as the precursor to becoming the actual request; e.g. when mod_dir
checks if an /index.html can be served for a '/'.
In the latter case it is important to preserve the output filters
'for real'; whereas in the first case they have to be reset to
purely the minimal proto filters (if at all). This patch instates
the output filters in 3 cases where sub-requests are/may in fact
be used as the real request later on.
This is a relatively risky change (which should not be back-ported
without further discussion) and may break caches in combination
with internal redirects/vary/negotiation in subtle ways.
See the thread starting at [1] and in particular the general
concerns of rpluem at [2] with respect to sub requests
and (fast_)internal redirects possibly needing a more
thorough overhaul.