Andre Malo [Wed, 15 Jan 2003 22:08:54 +0000 (22:08 +0000)]
as announced and with no objections:
mod_authz_owner: forward port of require file-owner/file-group functionality
The goal of the module is to do all the neccessary file system work to
figure out username and groupname. "Require file-owner" is completely
resolved within the module. "file-group" is only determined there and the
groupname will be extracted from the stat call and stored within the
r->notes. Done that, the module will decline, so that the group database
modules (mod_authz_groupfile, mod_authz_dbm) can verify the groupname with
their lists.
Thus every group module that supports the file-group requirement must be
hooked after mod_authz_owner. They have to recognize "file-group" and read
the groupname from r->notes. (If there's no name stored, the modules should
ignore the file-group requirement). The backstopper module will do its work
in worst case.
not solved yet:
- the module doesn't work as one could expect if the file doesn't exist in
the first request round (consider MultiViews) (the 1.3 version has the
same problem). I played around with some subrequest techniques, but got
no helpful result. Is there any magic to recognize the actual resulting
filename (if there is)?
Jeff Trawick [Wed, 15 Jan 2003 14:32:06 +0000 (14:32 +0000)]
Change the ulimit command used by apachectl on AIX so that it
works in all locales.
the standard command fails in a non-English locale if the hard
limit is unlimited since the display of the limit will translate
"unlimited", but ulimit only accepts English "unlimited" on input
ap_server_root_relative never guarenteed that the resource exists, or
isn't a file pattern. Correct the code to accept these cases (applied
to both 2.0 and 2.1.)
After introducing tests in the cmds, we lose the absolute authority
of the CRYPTO_malloc_init() which must happen the moment we load the
module and prior to *any* ssl library fn invocation.
Moved the CRYPTO_malloc_init() into the ssl_register_hooks() function,
the absolute first call made into any loaded module.
Andre Malo [Thu, 9 Jan 2003 04:16:24 +0000 (04:16 +0000)]
fix xsl error (although xalan doesn't complain it).
according to the spec it's not allowed to bind the same
variable twice or more within the same scope.
(<http://www.w3.org/TR/xslt#local-variables>)
Reported by: Michael Schr�pl <Michael.Schroepl@telekurs.de>
Submitted by: Astrid Ke�ler
Reviewed by: /me ;-)
Andre Malo [Thu, 9 Jan 2003 03:22:26 +0000 (03:22 +0000)]
update transformation.
- core, mod_deflate, mod_speling, mpm_common because of "compatibility"
transformation change
- quickreference.html.de because of the recent core changes
Greg Stein [Tue, 7 Jan 2003 21:08:03 +0000 (21:08 +0000)]
When unlocking, the auto-checkin code does not need to refer to the
parent resource. We want to (possibly) check in only the resource
identified by the params.
Bring forward the IndexOptions IgnoreCase option to mod_autoindex
from Apache 1.3 for both 2.0 and 2.1 (since the patch/feature was
previously accepted for 1.3, I'm committing without the usual vote
specific to 2.0.) Only small modification of David's patch to avoid
future reformatting of the options list and better handle the strnatcmp
side effects.
Andre Malo [Mon, 6 Jan 2003 06:52:48 +0000 (06:52 +0000)]
cleanup.
- remove superfluid #include
- remove no longer neccessary bitmask handling
- be more efficient if there are no groups for the user
- call ap_note_auth_failure instead of ap_note_basic_auth_failure
Andre Malo [Mon, 6 Jan 2003 03:35:48 +0000 (03:35 +0000)]
allow group authorization to be stored in either basic or digest dbm user
files. This is done by looking up first "$user:$realm" and if no success
then $user as key.
The patch also restores the possibility of group files only
($user -> group,group... or "$user:$realm" -> group,group...).
That got somehow lost during the auth rewrite.
Greg Stein [Sun, 5 Jan 2003 08:38:33 +0000 (08:38 +0000)]
Our standard distribution should not promote broken behavior. We can
help out those packages which are already distributed, but the
developers should be *fixing* their software. The WebDAVFS is pinned
to a specific set of versions (1.[012]) because Apple has said they'll
fix it in the next release. This change pins the gnome-vfs workaround
to a specific version (1.0*), with the expectation they will fix their
software. If they state they won't be fixing the behavior, then we
should rip this out (and once they commit to a fix in a specific rev,
then we can workaround everything up to that rev). Apache HTTPD is all
about being a reference platform, not about compensating for broken
clients out there...
Add a generic locking provider to DAV - mod_dav_lock. Other DAV providers
can use the dav_hooks_locks_generic structure to implement locking in a
non-optimal, but compliant fashion. (Use 'dav-lock', 'generic', '0' to
ap_lookup_provider to retrieve it.)
Use the DavGenericLockDB directive to configure the location of the lock
database (may be server-relative or absolute).
This allows all DAV providers to use a baseline locking API rather than roll
their own.
This code is based mainly off the mod_dav_fs locking code (which uses the
on-disk storage for locking), but removing components that aren't needed in a
non-file-backed repository (such as recording inodes).
Andre Malo [Wed, 1 Jan 2003 20:31:37 +0000 (20:31 +0000)]
The patch allows the user to log the accurate filter input and
output byte count, instead of only the rounded compression ratio.
The DeflateFilterNote directive will be extended as follows:
DeflateFilterNote [type] name
type can be one of "input", "output" or "ratio". "ratio" is assumed if the
type is omitted (backwards compatible).
Andre Malo [Wed, 1 Jan 2003 04:08:26 +0000 (04:08 +0000)]
add support for digest authentication to the authn_dbm module. The
key is "$user:$realm" (perl speaking), the value is the MD5-hash,
optionally followed by a colon and other garbage.
Note that currently there's no tool to create such databases.
Chris Pepper [Sun, 29 Dec 2002 03:36:57 +0000 (03:36 +0000)]
PR:
Obtained from:
Submitted by:
Reviewed by:
Grammar tweak. One comma half-separates a clause from the rest of the sentence. Needs a matching comma (where is ambiguous) or the existing one removed, so I yanked it.
Andre Malo [Sun, 22 Dec 2002 22:45:38 +0000 (22:45 +0000)]
since nobody objected, apply proposed style changes:
- reintroduced the sidebar for the module index page (obvious ;-)
* didn't want to leave the section links so alone, thus added some
<seealso>s.
- changed the ordering of the core/MPMs as follows:
* core
* mpm_common
* alphabetical list of the mpms (ordered by their "natural" names).
- same appeared on the sitemap
- changed <h1> headings of the modulesynopsis files, so that they match the
titles in the sitemap. This should better reflect the nature of the
modules. (affects only core & MPMs)
Andre Malo [Sun, 22 Dec 2002 22:31:24 +0000 (22:31 +0000)]
- mpm_common:
* fixed the <modulelist>s in mpm_common
* moved AcceptMutex to mpm_common;
document the mutex mechanism "posixsem"
* added BS2000Account to mpm_common
(I'm not sure, whether it should appear here or elsewhere. It *seems*
to be supported only by prefork and perchild (if perchild would work)).
The description is obtained from the 1.3 docs.
* fixed several default values
* moved MaxThreadsPerChild and NumServers out to perchild
(btw: we could consider to rename NumServers to StartServers...)
* rearranged some stuff and added several comments, that I found useful
;-)
- mpm_netware:
* MaxThreads 2048 (as maximum and default)
- perchild:
* extended the explanations about using different user ids. Hope, that's
correct.
* extended and adjusted the directive descriptions
(remember, NumServers and MaxThreadsPerChild moved in)
- prefork:
* moved AcceptMutex to mpm_common (as stated already above)
- mpm_winnt:
* added reference to ScoreBoardFile
- worker:
* added reference to AcceptMutex
- general: markup & formatting
projects / apache / log