Justin did some minor tweaks as he agrees with Andreas and Rudiger that
apr_dir_remove should return an error if the directory isn't empty; hence,
remove the apr_dir_read calls.
Fix bug where non-200 CGI responses will not send anything down filter chain.
This is most notable when mod_cache is used. This has been used in production
on wiki.apache.org for a while now.
* modules/generators/mod_cgi.c
(cgi_handler): When a non-zero value is returned by scan_script, set the
status field and ensure that we have an EOS to send down the filer stack.
Hopefully, address the last edge case where status may
be uninitialized. Asserts in non-debug builds are bad things,
anyways, so this is probably more correct. This should fix
-Werror compile warning observed by Joe Orton.
An impossible-to-hit edge case today; we described the request
as chunked - and if chunked always send the body termination "0"
chunk header.
Roy's requested change that we always send a body we could read
in full as a C-L request ensures this code wasn't triggered; some
change in the future could again reveal this edge case.
Joe Orton [Fri, 5 Aug 2005 12:27:57 +0000 (12:27 +0000)]
* server/vhost.c (get_addresses): Fail with an error message rather
than an assert() for errors which plague users on Solaris boxes which
don't have a properly configured resolver.
Joe Orton [Wed, 3 Aug 2005 14:44:29 +0000 (14:44 +0000)]
* modules/ldap/util_ldap.c (util_ldap_post_config): Pass NULL to
apr_global_mutex_create if no cache file name is specified, rather
than inventing an inappropriate name with tmpnam().
Joe Orton [Tue, 2 Aug 2005 09:26:51 +0000 (09:26 +0000)]
* modules/ldap/util_ldap.c (util_ldap_post_config): Fail if
util_ldap_cache_init fails; let ap_log_error call strerror.
Downgrade informational messages to APLOG_INFO from APLOG_NOTICE.
(util_ldap_child_init): Remove some noisy but fairly pointless
debugging output.
Joe Orton [Mon, 1 Aug 2005 15:46:46 +0000 (15:46 +0000)]
* modules/ldap/util_ldap_cache.c (util_ldap_url_node_display,
util_ldap_search_node_display, util_ldap_compare_node_display,
util_ldap_dn_compare_node_display): Use ap_rprintf. Terminate table
rows with "</tr>" not "<tr>".
Joe Orton [Mon, 1 Aug 2005 14:50:21 +0000 (14:50 +0000)]
* modules/ldap/util_ldap.c (util_ldap_post_config): Don't attempt to
remove the shm segment here.
* modules/ldap/util_ldap_cache.c (util_ldap_cache_init): Properly
remove the shm segment here before creating a new one; don't attach to
any existing shm segment if apr_shm_create() fails.
(util_ldap_cache_module_kill): Don't attempt to remove the shm segment
here; apr_shm_destroy() does that anyway.
Joe Orton [Thu, 28 Jul 2005 12:02:44 +0000 (12:02 +0000)]
* modules/ldap/util_ldap_cache.c (util_ldap_cache_module_kill): Make
private function static. (util_ldap_cache_child_kill): Remove
prototype for function which doesn't exist.
Joe Orton [Thu, 28 Jul 2005 11:53:25 +0000 (11:53 +0000)]
* modules/ldap/util_ldap_cache.c (util_ldap_cache_init): Use the
actual available size of the shm segment not the requested size.
Ensure the requested size is aligned. Check errors from apr_rmm_init.
Mladen Turk [Thu, 28 Jul 2005 11:16:34 +0000 (11:16 +0000)]
Add status param option so that current worker
status can be changed via editing httpd.conf instead
just using web page. Seems the ApacheCon is paying of.
Thanks to Sander for pointing that out.
Joe Orton [Thu, 28 Jul 2005 10:52:52 +0000 (10:52 +0000)]
* modules/ldap/util_ldap_cache_mgr.c (util_ald_cache_insert,
util_ald_cache_remove, util_ald_cache_fetch): Always use "unsigned
long" for hash values, for consistency.
Joe Orton [Thu, 28 Jul 2005 10:45:59 +0000 (10:45 +0000)]
* modules/ldap/util_ldap_cache_mgr.c (util_ald_cache_insert): Fix a
cache corruption case: ensure that there is room in the cache for a
copy of the payload before inserting the node.
Joe Orton [Thu, 28 Jul 2005 09:50:16 +0000 (09:50 +0000)]
* modules/ldap/util_ldap.c: Remove DOCTYPE_* macros duplicated from
httpd.h. Remove redundant prototypes of static functions which aren't
used before they are declared.
Joe Orton [Mon, 25 Jul 2005 12:44:40 +0000 (12:44 +0000)]
* modules/proxy/mod_proxy_http.c (stream_reqbody_cl): Fix format
string error.
(ap_proxy_http_request): Restore default case in rb_method switch to
fix gcc warnings.
Martin Kraemer [Fri, 22 Jul 2005 12:11:55 +0000 (12:11 +0000)]
Allow extraction of the values of SSL certificate extensions into
environment variables, so that their value can be used by any
module that is aware of environment variables, as in:
SetEnvIf OID("2.16.840.1.113730.1.13") "(.*) Generated (Certificate)" ca=$1
sets
ca=TinyCA
if the cert was issued by TinyCA.
Similarly,
SetenvIf OID("2.16.840.1.113730.1.13") "(.*)" NetscapeComment=$1
will set $NetscapeComment to the whole string.
It is technically allowed to have multiple instances of an extension
field, all with the same oid. In this case, the environment variable
will be set to the list of all fields, separated by commas.
The [PATCH] uses a cross-module call from mod_setenvif to
mod_ssl (the latter may also be missing: in this case the
variable will never be set). It calls a common function
in the ssl module that is also used for the SSLRequire
directive's test.
Using the user nobody (or similar accounts on other systems like
nouser) violates the purpose of that user. User nobody exists
specifically as a user that no process runs as and that owns no files
on disk. Same for nogroup.
The user and group daemon are the generic system services user and
group. Use those instead.
Martin Kraemer [Wed, 20 Jul 2005 16:42:58 +0000 (16:42 +0000)]
Collaborative work: (Thanks, dreid!)
Implement OID checking for mod_ssl. This code allows for checking of arbitrary client
certificate extensions by OID, in a syntax like:
SSLRequire "BaDCA Generated Certificate" in Oid("2.16.840.1.113730.1.13") \
|| "committers" in Oid("1.3.6.1.4.1.18060.1")
Note the following:
* A given OID can occur multiple times in one cert, with different values. Therefore
the OID function compares the left-hand string against each of the OID values,
until a complete match is found. If none patches, the result is FALSE
* The left hand side can be another expression, so can be a reference to a variable
or an file() invocation etc.
* The OID is also just a reference to a string, or function, or whatever.
* My manual description is very short. Someone else please help improve the description
The arguments to require are case-sensitive, so that "Require User" and
"Require Valid-User" don't work. This makes those comparisons
case-insensitive.
Paul Querna [Wed, 20 Jul 2005 11:20:33 +0000 (11:20 +0000)]
Check an alternative return value for when a file or directory does not exist. Previously this would return a forbidden on the documentation website for any URL ending in .html.
Yet another snafu in body handling. We need to clearly avoid any
ap_get_brigade or request body processing in every *subrequest*
proxy action. The new code introduced more chaos because we read
the request body irrespective of any bogus header handling bugs.
This requires a goto, and yes, that sucks :) But this is one of those
oddball cases where jumping away makes more sense than tons of indented
code, IMHO. And if you count the number of goto's I've committed to
httpd, you know I avoid them like the plague.
I woulda' suggestd to jorton to take a flying carnal act, except that
each time he points me back to the 2.0 patch, I catch another entirely
bogus choice within the old/new httpd-2.x request body code :)
I've bumped the 2.0 patch to correspond; see
http://people.apache.org/~wrowe/httpd-2.0-proxy-request-4.patch
Fix broken while () {} loops (lingering code from the old logic),
closes an infinite loop in the most recent version. Init the cl_val
to prevent failure of zero length bodies in the most recent version.
Use 'request body' instead of 'data' to describe any errors.
Finally, loop around ap_get_brigade to grab multiple chunks that still
fall below our MAX_MEM_SPOOL threshold, since the chunk decoding from
the client will pass up just one small chunk per ap_get_brigade call.
Ian Holsman [Sun, 17 Jul 2005 05:12:10 +0000 (05:12 +0000)]
This patch adds a new hook (request_status) that gets ran in proxy_handler
just before the final return. This gives modules an opportunity to do
something based on the proxy status.
A couple of examples where this is useful:
-You are using a caching module and would rather return stale content rather
than an error to the client if the origin is down.
-you proxy some subrequests (using SSI - mod_include) and do not want SSI
errors when the backend is down. If you would normally return
HTTP_BAD_GATEWAY, you may have a module that serves some other content.
new hook -- so mmn bump.. i made it a major one, hope thats ok
On Roy's suggestion; why wait to try to clear out the input
stream if it is smaller than MAX_MEM_SPOOL? Do this upfront
before dispatching to a body handler.
This means changing each of the three body pumps to presume
a preexisting input_brigade was already loaded, so turn around
their loop conditions.
Missed an edge case; once we know the C-L didn't match, it's
time to shut down the body already. Finish reading from the
client but do nothing else, returning an error.
send_request_body and indentation made it very difficult to follow
all the mistakes in this code. Fold send_request_body into reindent
to make the pattern clear and skip some extra string handling.
Little functional change, that comes next.
End abuse of apr_strnat[case]cmp - it isn't str[case]cmp.
Unsure if apr_strnatcasecmp(conf_ip, uri_ip) was intentional, on the
off chance that the left or right hand ip string happens to contain
leading zeros.
projects / apache / log