From e58da534a47250292e1af36f05e938707a91bfd4 Mon Sep 17 00:00:00 2001 From: Jim Jagielski Date: Tue, 3 Jun 2014 12:14:22 +0000 Subject: [PATCH] Merge r1546730, r1583008, r1571369, r1552130, r1578760, r1592615, r1592632, r1595321, r1550302, r1550307, r1585435 from trunk: fix whitespace in a debug message s/comment/self-documenting/ normalize an ugly construct which somehow manages to return the correct value This is annoying to see in a casual "LogLevel debug foo:traceX ..." Use 'apr_table_setn' instead of 'apr_table_set' when possible in order to save memory. Follow-up to r1592529: Define default port for "scgi" schemes (as chosen by mod_proxy_scgi) in a common location. Suggested by: jailletc36 fix Doxygen markup error Submitted by: jailletc36 Tweak a AP_DEBUG_ASSERT condition. Valid index to use 'req_header_var_names' are 0...6 mod_auth_form: Add a debug message when the fields on a form are not recognised. mod_auth_form: Make the trace logging consistent through the notes, session and form authentication steps. mod_auth_form: update empty log tags. Submitted by: trawick, covener, jailletc36, trawick, trawick, jailletc36, minfrin, minfrin, ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1599501 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ STATUS | 26 -------------------------- modules/aaa/mod_auth_form.c | 32 ++++++++++++++++++++++++++------ modules/filters/mod_ext_filter.c | 2 +- modules/mappers/mod_rewrite.c | 2 +- modules/metadata/mod_headers.c | 2 +- modules/proxy/mod_proxy_http.c | 2 +- modules/proxy/mod_proxy_scgi.c | 4 ++-- modules/proxy/proxy_util.c | 3 ++- server/mpm/event/event.c | 2 +- server/util_expr_eval.c | 16 ++++++++-------- 11 files changed, 46 insertions(+), 48 deletions(-) diff --git a/CHANGES b/CHANGES index fbf6775d46..a8f3296bdd 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,9 @@ Changes with Apache 2.4.10 + *) mod_auth_form: Add a debug message when the fields on a form are not + recognised. [Graham Leggett] + *) mod_proxy_wstunnel: Fix the use of SSL connections with the "wss:" scheme. PR55320. [Alex Liu ] diff --git a/STATUS b/STATUS index febe695972..a95e3f6318 100644 --- a/STATUS +++ b/STATUS @@ -100,32 +100,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - * Easy patches - synch with trunk - mpm/event: fix whitespace in a debug message - mod_ext_filter: self document some apr_sleep usages - mod_rewrite: normalize an ugly construct which somehow manages to return the correct value - mod_header: This is annoying to see in a casual "LogLevel debug foo:traceX ..." - mod_proxy_http: Use 'apr_table_setn' instead of 'apr_table_set' when possible in order to save memory. - mod_proxy_scgi: Define default port for "scgi" schemes (as chosen by mod_proxy_scgi) in a common location. - mod_proxy_scgi: fix Doxygen markup error - util_expr_eval: Tweak a AP_DEBUG_ASSERT condition. - mod_auth_form: Add a debug message when the fields on a form are not recognised. - mod_auth_form: Make the trace logging consistent through the notes, session and form authentication steps. - mod_auth_form: update empty log tags. - trunk patch: - http://svn.apache.org/r1546730 - http://svn.apache.org/r1583008 - http://svn.apache.org/r1571369 - http://svn.apache.org/r1552130 - http://svn.apache.org/r1578760 - http://svn.apache.org/r1592615 - http://svn.apache.org/r1592632 - http://svn.apache.org/r1595321 - http://svn.apache.org/r1550302 - http://svn.apache.org/r1550307 - http://svn.apache.org/r1585435 - 2.4.x patch: http://people.apache.org/~jailletc36/backport7.patch - +1: jailletc36, jim, ylavic PATCHES PROPOSED TO BACKPORT FROM TRUNK: diff --git a/modules/aaa/mod_auth_form.c b/modules/aaa/mod_auth_form.c index 13d9243e5b..cfb4a7f2ff 100644 --- a/modules/aaa/mod_auth_form.c +++ b/modules/aaa/mod_auth_form.c @@ -505,7 +505,7 @@ static void get_notes_auth(request_rec *r, r->user = (char *) *user; } - ap_log_rerror(APLOG_MARK, APLOG_TRACE6, 0, r, + ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "from notes: user: %s, pw: %s, method: %s, mimetype: %s", user ? *user : "", pw ? *pw : "", method ? *method : "", mimetype ? *mimetype : ""); @@ -566,7 +566,7 @@ static apr_status_t get_session_auth(request_rec * r, r->user = (char *) *user; } - ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, + ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "from session: " MOD_SESSION_USER ": %s, " MOD_SESSION_PW ": %s, " MOD_AUTH_FORM_HASH ": %s", user ? *user : "", pw ? *pw : "", @@ -668,13 +668,33 @@ static int get_form_auth(request_rec * r, } } + ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, + "from form: user: %s, pw: %s, method: %s, mimetype: %s, location: %s", + sent_user ? *sent_user : "", sent_pw ? *sent_pw : "", + sent_method ? *sent_method : "", + sent_mimetype ? *sent_mimetype : "", + sent_loc ? *sent_loc : ""); + /* set the user, even though the user is unauthenticated at this point */ - if (*sent_user) { + if (sent_user && *sent_user) { r->user = (char *) *sent_user; } /* a missing username or missing password means auth denied */ - if (!sent_user || !*sent_user || !sent_pw || !*sent_pw) { + if (!sent_user || !*sent_user) { + + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + "form parsed, but username field '%s' was missing or empty, unauthorized", + username); + + return HTTP_UNAUTHORIZED; + } + if (!sent_pw || !*sent_pw) { + + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + "form parsed, but password field '%s' was missing or empty, unauthorized", + password); + return HTTP_UNAUTHORIZED; } @@ -1262,7 +1282,7 @@ static int authenticate_form_post_config(apr_pool_t *pconf, apr_pool_t *plog, ap_session_get_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_get); ap_session_set_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_set); if (!ap_session_load_fn || !ap_session_get_fn || !ap_session_set_fn) { - ap_log_error(APLOG_MARK, APLOG_CRIT, 0, NULL, APLOGNO() + ap_log_error(APLOG_MARK, APLOG_CRIT, 0, NULL, APLOGNO(02617) "You must load mod_session to enable the mod_auth_form " "functions"); return !OK; @@ -1273,7 +1293,7 @@ static int authenticate_form_post_config(apr_pool_t *pconf, apr_pool_t *plog, ap_request_insert_filter_fn = APR_RETRIEVE_OPTIONAL_FN(ap_request_insert_filter); ap_request_remove_filter_fn = APR_RETRIEVE_OPTIONAL_FN(ap_request_remove_filter); if (!ap_request_insert_filter_fn || !ap_request_remove_filter_fn) { - ap_log_error(APLOG_MARK, APLOG_CRIT, 0, NULL, APLOGNO() + ap_log_error(APLOG_MARK, APLOG_CRIT, 0, NULL, APLOGNO(02618) "You must load mod_request to enable the mod_auth_form " "functions"); return !OK; diff --git a/modules/filters/mod_ext_filter.c b/modules/filters/mod_ext_filter.c index bd72526dbb..1e383f084c 100644 --- a/modules/filters/mod_ext_filter.c +++ b/modules/filters/mod_ext_filter.c @@ -715,7 +715,7 @@ static apr_status_t pass_data_to_filter(ap_filter_t *f, const char *data, /* Yuck... I'd really like to wait until I can read * or write, but instead I have to sleep and try again */ - apr_sleep(100000); /* 100 milliseconds */ + apr_sleep(apr_time_from_msec(100)); ap_log_rerror(APLOG_MARK, APLOG_TRACE6, 0, f->r, "apr_sleep()"); #endif /* APR_FILES_AS_SOCKETS */ } diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c index ad77fd6c34..2fe9bf9e07 100644 --- a/modules/mappers/mod_rewrite.c +++ b/modules/mappers/mod_rewrite.c @@ -2633,7 +2633,7 @@ static apr_status_t rewritelock_remove(void *data) apr_global_mutex_destroy(rewrite_mapr_lock_acquire); rewrite_mapr_lock_acquire = NULL; } - return(0); + return APR_SUCCESS; } diff --git a/modules/metadata/mod_headers.c b/modules/metadata/mod_headers.c index 4608da7efe..210b2bbb57 100644 --- a/modules/metadata/mod_headers.c +++ b/modules/metadata/mod_headers.c @@ -870,7 +870,7 @@ static apr_status_t ap_headers_output_filter(ap_filter_t *f, headers_conf *dirconf = ap_get_module_config(f->r->per_dir_config, &headers_module); - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, f->r->server, APLOGNO(01502) + ap_log_error(APLOG_MARK, APLOG_TRACE2, 0, f->r->server, APLOGNO(01502) "headers: ap_headers_output_filter()"); /* do the fixup */ diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c index a35c0a9f71..da18893a12 100644 --- a/modules/proxy/mod_proxy_http.c +++ b/modules/proxy/mod_proxy_http.c @@ -1306,7 +1306,7 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r, "error reading status line from remote " "server %s:%d", backend->hostname, backend->port); if (APR_STATUS_IS_TIMEUP(rc)) { - apr_table_set(r->notes, "proxy_timedout", "1"); + apr_table_setn(r->notes, "proxy_timedout", "1"); ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01103) "read timeout"); if (do_100_continue) { return ap_proxyerror(r, HTTP_SERVICE_UNAVAILABLE, "Timeout on 100-Continue"); diff --git a/modules/proxy/mod_proxy_scgi.c b/modules/proxy/mod_proxy_scgi.c index 6deae78883..7fb2b873a9 100644 --- a/modules/proxy/mod_proxy_scgi.c +++ b/modules/proxy/mod_proxy_scgi.c @@ -37,13 +37,13 @@ #include "util_script.h" #include "mod_proxy.h" +#include "scgi.h" #define SCHEME "scgi" #define PROXY_FUNCTION "SCGI" #define SCGI_MAGIC "SCGI" #define SCGI_PROTOCOL_VERSION "1" -#define SCGI_DEFAULT_PORT (4000) /* just protect from typos */ #define CONTENT_LENGTH "CONTENT_LENGTH" @@ -183,7 +183,7 @@ static int scgi_canon(request_rec *r, char *url) } url += sizeof(SCHEME); /* Keep slashes */ - port = def_port = SCGI_DEFAULT_PORT; + port = def_port = SCGI_DEF_PORT; err = ap_proxy_canon_netloc(r->pool, &url, NULL, NULL, &host, &port); if (err) { diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c index a81848c9da..4f8ee5d5d6 100644 --- a/modules/proxy/proxy_util.c +++ b/modules/proxy/proxy_util.c @@ -22,6 +22,7 @@ #include "apr_hash.h" #include "proxy_util.h" #include "ajp.h" +#include "scgi.h" #if APR_HAVE_UNISTD_H #include /* for getpid() */ @@ -3487,7 +3488,7 @@ static proxy_schemes_t pschemes[] = { {"fcgi", 8000}, {"ajp", AJP13_DEF_PORT}, - {"scgi", 4000}, + {"scgi", SCGI_DEF_PORT}, { NULL, 0xFFFF } /* unknown port */ }; diff --git a/server/mpm/event/event.c b/server/mpm/event/event.c index 1c5a6a385a..622b0187bb 100644 --- a/server/mpm/event/event.c +++ b/server/mpm/event/event.c @@ -1633,7 +1633,7 @@ static void * APR_THREAD_FUNC listener_thread(apr_thread_t * thd, void *dummy) disable_listensocks(process_slot); listeners_disabled = 1; ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf, - "All workers busy, not accepting new conns" + "All workers busy, not accepting new conns " "in this process"); } else if ( (int)apr_atomic_read32(&connection_count) diff --git a/server/util_expr_eval.c b/server/util_expr_eval.c index e3adf88ae1..529736ba31 100644 --- a/server/util_expr_eval.c +++ b/server/util_expr_eval.c @@ -1396,13 +1396,13 @@ static const char *request_var_fn(ap_expr_eval_ctx_t *ctx, const void *data) } static const char *req_header_var_names[] = { - "HTTP_USER_AGENT", - "HTTP_PROXY_CONNECTION", - "HTTP_REFERER", - "HTTP_COOKIE", - "HTTP_FORWARDED", - "HTTP_HOST", - "HTTP_ACCEPT", + "HTTP_USER_AGENT", /* 0 */ + "HTTP_PROXY_CONNECTION", /* 1 */ + "HTTP_REFERER", /* 2 */ + "HTTP_COOKIE", /* 3 */ + "HTTP_FORWARDED", /* 4 */ + "HTTP_HOST", /* 5 */ + "HTTP_ACCEPT", /* 6 */ NULL }; @@ -1422,7 +1422,7 @@ static const char *req_header_var_fn(ap_expr_eval_ctx_t *ctx, const void *data) int index = (varname - req_header_var_names); const char *name; - AP_DEBUG_ASSERT(index < 6); + AP_DEBUG_ASSERT(index < 7); if (!ctx->r) return ""; -- 2.40.0