Chris Darroch [Tue, 25 Mar 2008 18:21:32 +0000 (18:21 +0000)]
Return AUTHZ_GRANTED not AUTHZ_DENIED when redirecting after
successful login/logout. Use redirection URL from first row returned
by DB query, in the same manner as that used by mod_authn_dbd when
querying for a single record.
Chris Darroch [Fri, 21 Mar 2008 07:49:47 +0000 (07:49 +0000)]
PR 43211: Revise mod_authn_dbd and mod_authz_dbd documenation to reflect
current APR DBD query statement parameter requirements. Tidy up examples
and links to glossary and external sites. Update transformation.
Ruediger Pluem [Thu, 13 Mar 2008 07:28:40 +0000 (07:28 +0000)]
* Do not do Range requests if we use our own conditionals for validating
a cache entity: If we get 304 the Range does not matter and otherwise the
entity changed and we want to have the complete entity.
André Malo [Wed, 12 Mar 2008 20:26:01 +0000 (20:26 +0000)]
* let status texts and letters completely depend on the language
* let directive contexts and letters completely depend on the language
* allow embedding the "licensed" footer text
* generate quickreference legend automatically
* fix some japanese documents where statusses where translated by accident
Ruediger Pluem [Wed, 12 Mar 2008 16:07:46 +0000 (16:07 +0000)]
* Restore the original request headers if the cached resource was stale, as they
may be needed by further output filters like the byterange filter to make the
correct decisions.
Joshua Slive [Wed, 12 Mar 2008 15:42:52 +0000 (15:42 +0000)]
Flush out the rewrite docs a little. In particular:
- rename flags to rewrite_flags for consistency
- note that flags is not comprehensive
- link up flags to the index page
- change the seealso links on the index page to be other useful
links rather than a repeat of the links elsewhere on the page
- add some meat to the intro doc -- some sections still need more content
Joshua Slive [Tue, 11 Mar 2008 18:13:08 +0000 (18:13 +0000)]
Some minor fixups on the rewrite guide. Add proper breadcrumb links;
Fix internal links; Flaten the section structure so that all
recipes appear in the top menu.
Jim Jagielski [Tue, 11 Mar 2008 14:39:14 +0000 (14:39 +0000)]
PR 43562.
fix regression in mod_speling behavior from 1.3/2.0
and, basically, incorrect behavior from what is
expected as well as dependency on AcceptPathInfo.
Enable UAC transition from ApacheMonitor running as a vanilla user without priv
into a copy runas administrator with permissions (closing the original monitor),
in response to any start/stop/restart request who's control permissions failed.
This happens to work on Win2000 and later, although it is actually needed in
Win2008 or Vista and later, where by default under UAC, the admin user actually
has no permissions to control services unless the app is run elevated.
We don't want to do this at start time, and assault the user with auth attempts
at login before they have even asked to use the features of the Monitor. Once
we've made the transition, we'll leave the new monitor running elevated. Some
branding with the "security" shield icon is actually recommended by the CUA, but
I'm neglecting this for the moment.
This patch drops the single instance mutex for a search of existing windows of
our window's class & title, which is localized to the current session and just fine
for the purpose of restricting multiple invocations.
Joe Orton [Tue, 4 Mar 2008 16:14:10 +0000 (16:14 +0000)]
Session cache interface redesign, Part 7:
Clean up provider interface, removing use of mod_ssl-specific types:
* modules/ssl/ssl_private.h (modssl_sesscache_provider): Replace BOOL
with apr_status_t, UCHAR with unsigned char; use 'unsigned int' for
idlen; constify id arguments; remove pool argument from ->status.
* modules/ssl/ssl_scache.c (ssl_scache_retrieve, ssl_scache_store):
Adjust for BOOL->apr_status_t change.
(ssl_ext_status_hook): Update for dropped pool argument.
Nick Kew [Mon, 3 Mar 2008 06:13:59 +0000 (06:13 +0000)]
core: fix SymlinksIfOwnerMatch checking:
(1) Fix Origin checking (PR 36783 - Robert L Mathews)
(2) Check ownership if both FollowSymlinks and SymlinksIfOwnerMatch are set
replace all relevant ascii strxxx fn's with _tcsxxx macros and encode relevant text
with the _T() macro wrapper, permitting /D UNICODE builds in place of /D _MCBS
builds in use today. This allows for internationalized unicode service names and
textual modification. Since this is win32 only, using APR style utf-8-ization is silly.
Because today this module simply isn't loadable on Win95-ME, nobody has actually
complained, and we really have no desire to support such a dangerous OS in the
wild of the internet, the unicode build should become the default.
Martin Kraemer [Fri, 29 Feb 2008 12:15:56 +0000 (12:15 +0000)]
When sending a proxy request of the form
GET http://[3ffe:1:1001:3000:230:5ff:fe05:3c3c]/server-status HTTP/1.0
through the httpd-2.x mod_proxy.c code, while a directive
ProxyDomain .my.dom.ain
is in effect, the request is redirected to
Location: http://[3ffe:1:1001:3000:230:5ff:fe05:3c3c.my.dom.ain]/server-status
The patch fixes this bug, by testing whether the hostname part of the
unparsed_uri contains colon characters (which is the case only for
IPv6 literals).
This patch is also a candidate for httpd-2.0 and httpd-2.2
Joe Orton [Tue, 26 Feb 2008 16:57:56 +0000 (16:57 +0000)]
Session cache interface redesign, Part 6:
Move mutex handling up out of the session cache providers:
* modules/ssl/ssl_private.h (modssl_sesscache_provider): Add name and
flags fields. Define MODSSL_SESSCACHE_FLAG_NOTMPSAFE constant.
* modules/ssl/ssl_scache.c (ssl_scache_store, ssl_scache_retrieve,
ssl_scache_remove, ssl_ext_status_hook): Lock and release the mutex
around provider calls, if necessary.
* modules/ssl/ssl_engine_mutex.c (ssl_mutex_init): Do nothing if no
session cache is configured, or the session cache does not require a
mutex. Otherwise, fail if no mutex is configured and the session
cache *does* require a mutex.
(ssl_mutex_on, ssl_mutex_off): Remove checks for mutex mode;
functions now invoked only if necessary.
* modules/ssl/ssl_scache_dc.c, modules/ssl/ssl_scache_memcache: Set
name and flags fields in provider structures.
* modules/ssl/ssl_scache_shmcb.c, modules/ssl_scache_dbm.c: Remove
mutex handling through; set name and flags fields in provider
structures; mark both as unsafe for concurrent access in flags.
Joe Orton [Tue, 26 Feb 2008 15:25:51 +0000 (15:25 +0000)]
* modules/ssl/ssl_scache_memcache.c (mc_session_id2sz): Fix memcache
key id generation by passing the correct length to snprintf (it
was NUL terminating at the second byte with len=2);
Joe Orton [Mon, 25 Feb 2008 21:28:09 +0000 (21:28 +0000)]
Session cache interface redesign, Part 5:
Use the ap_provider interface for session cache storage providers.
* modules/ssl/mod_ssl.c (modssl_register_scache): New function.
(ssl_register_hooks): Call it.
* modules/ssl/ssl_private.h: Define MODSSL_SESSCACHE_PROVIDER_GROUP
and MODSSL_SESSCACHE_PROVIDER_VERSION constants.
Remove ssl_scmode_t type. Change nSessionCacheMode in
SSLModConfigRec into a long sesscache_mode, storing the OpenSSL
SSL_SESS_CACHE_* flags directly.
* modules/ssl/ssl_engine_config.c (ssl_config_global_create): Set
sesscache_mode to SSL_SESS_CACHE_OFF by default.
(ssl_cmd_SSLSessionCache): Remove ifdef spaghetti; fetch configured
session cache by provider name. Set mc->sesscache_mode for
configured providers.
* modules/ssl/ssl_engine_init.c (ssl_init_ctx_session_cache): Use the
configured mode flags directly from mc->sesscache_mode.
Joe Orton [Mon, 25 Feb 2008 20:09:38 +0000 (20:09 +0000)]
Session cache interface redesign, Part 4:
Move provider-specific configuration handling down into the provider
code. Eliminate all use of SSLModConfigRec within provider code.
* modules/ssl/ssl_private.h (modssl_sesscache_provider): Add 'create'
function which creates and configures the cache provider, before
initialisation. Change 'init' function to take the context pointer
as an input parameter, and reorder to be first.
* modules/ssl/ssl_scache_memcache.c (struct context): Add servers
field.
(ssl_scache_mc_create): New function.
(ssl_scache_mc_init): Use servers from context not SSLModConfigRec.
* modules/ssl/ssl_scache_dbm.c (struct context): Define.
(ssl_scache_dbm_create): New function.
(ssl_scache_dbm_init, ssl_scache_dbm_kill): Adjust to use filename
and pool from context.
(ssl_scache_dbm_store, ssl_scache_dbm_retrieve,
ssl_scache_dbm_status): Use filename from context. Use context pool
for temp storage of the DBM object, and clear before use.
(ssl_scache_dbm_expire): Remove static tLast; use last_expiry from
context. Use context pool for temp storage and clear before use.
* modules/ssl/ssl_scache_dc.c (struct context): Add target field.
(ssl_scache_dc_init, ssl_scache_dc_status): Use target from context.
* modules/ssl/ssl_scache_shmcb.c (struct context): Add data_file,
shm_size fields.
(ssl_scache_shmcb_create): New function; moved argument parsing
logic from ssl_cmd_SSLSessionCache
(ssl_scache_shmcb_init, ssl_scache_shmcb_status): Use config from
context.
* modules/ssl/ssl_engine_config.c (ssl_config_global_create): Remove
handling of old provider-specific fields.
(ssl_cmd_SSLSessionCache): Call provider ->create function to parse
the argument and create provider-specific context structure.
Joe Orton [Mon, 25 Feb 2008 14:18:32 +0000 (14:18 +0000)]
* modules/ssl/ssl_engine_init.c (ssl_init_FindCAList): Cast return
value of sk_X509_NAME_set_cmp_func to void, to avoid warnings with
recent version of OpenSSL.
projects / apache / log