core: Add expression support to ErrorDocument. Switch from a fixed sized 664 byte array per merge to a hash table.

Revert r4635428 corresponding to PR41867. The code reverted attempted to restrict comparisons of the r->filename to given DirectoryMatch blocks. r->filename was already a non-directory entity at this point, because we have already fallen out of the } while (thisinfo.filetype == APR_DIR); block above. The addition of r->d_is_directory was redundant. That is what is always returned by ap_get_core_module_config(r->per_dir_config). Note modifying dir_config required an MMN major bump as this commit could have realigned the offset of refs (had it been added to the end, this would correspond to an mmn minor bump) and other fields packed into the same bytes (this is undefined). Bump on revert to prevent unexpected crashes.

core: Add CGIPassAuth directive to control whether HTTP authorization headers are passed to scripts as CGI variables. PR: 56855

core: Do not match files when using DirectoryMatch. PR41867.

*) SECURITY: CVE-2013-5704 (cve.mitre.org) core: HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. Adds "MergeTrailers" directive to restore legacy behavior. Submitted By: Edward Lu, Yann Ylavic, Joe Orton, Eric Covener Committed By: covener

Add in the concept of "slave" connections... Allows for several "connections" all resulting in a single real connection that talks to the network. Right now, nothing uses this though.

Add directives to control two protocol options: HttpContentLengthHeadZero - allow Content-Length of 0 to be returned on HEAD HttpExpectStrict - allow admin to control whether we must see "100-continue" This is helpful when using Ceph's radosgw and httpd. Inspired by: Yehuda Sadeh <yehuda@inktank.com> See https://github.com/ceph/apache2/commits/precise * include/http_core.h (core_server_config): Add http_cl_head_zero and http_expect_strict fields. * modules/http/http_filters.c (ap_http_header_filter): Only clear out the C-L if http_cl_head_zero is not explictly set. * server/core.c (merge_core_server_configs): Add new fields. (set_cl_head_zero, set_expect_strict): New config helpers. (HttpContentLengthHeadZero, HttpExpectStrict): Declare new directives. * server/protocol.c (ap_read_request): Allow http_expect_strict to control if we return 417. * include/ap_mmn.h (MODULE_MAGIC_NUMBER_MAJOR, MODULE_MAGIC_NUMBER_MINOR): Bump. * CHANGES: Add a brief description.

core: Support named groups and backreferences within the LocationMatch, DirectoryMatch, FilesMatch and ProxyMatch directives.

Follow-up to r1541029: Clarify handling of the directive argument

Add parse_errorlog_arg callback to ap_errorlog_provider to allow providers to check the ErrorLog argument. Implement this check in mod_syslog.

Error log providers need to be able to trigger a startup error from their init() function. A NULL return code is the trigger.

Add AP_ERRORLOG_PROVIDER_ADD_EOL_STR flag for ap_errorlog_provider, bump MMN.

Add ap_errorlog_provider to make ErrorLog logging modular. Move syslog support from core to new mod_syslog.

*) core: merge AllowEncodedSlashes from the base configuration into (non-default) name-based virtual hosts. [Eric Covener]

Add an option to enforce stricter HTTP conformance This is a first stab, the checks will likely have to be revised. For now, we check * if the request line contains control characters * if the request uri has fragment or username/password * that the request method is standard or registered with RegisterHttpMethod * that the request protocol is of the form HTTP/[1-9]+.[0-9]+, or missing for 0.9 * if there is garbage in the request line after the protocol * if any request header contains control characters * if any request header has an empty name * for the host name in the URL or Host header: - if an IPv4 dotted decimal address: Reject octal or hex values, require exactly four parts - if a DNS host name: Reject non-alphanumeric characters besides '.' and '-'. As a side effect, this rejects multiple Host headers. * if any response header contains control characters * if any response header has an empty name * that the Location response header (if present) has a valid scheme and is absolute If we have a host name both from the URL and the Host header, we replace the Host header with the value from the URL to enforce RFC conformance. There is a log-only mode, but the loglevels of the logged messages need some thought/work. Currently, the checks for incoming data log for 'core' and the checks for outgoing data log for 'http'. Maybe we need a way to configure the loglevels separately from the core/http loglevels.

Change HttpProtocol to again only allow to enable/disable 0.9 This reverts r1407643, but changes the syntax of HttpProtocol to min=0.9|1.0, which is less ambiguous than the previous +0.9|-0.9. Allowing to configure an arbitrary version range was a bad idea, because it only checked the version in the request line, without affecting the semantics of the headers, etc. A tighter restriction off the version in the request line is still possible with <If "%{SERVER_PROTOCOL_NUM} ..."> .

Add LogLevelOverride directive that allows to override the loglevel for clients from certain IPs

fixed types since MSVC doesnt have uint*_t.

Make HttpProtocol accept a range of allowed versions. Bump MMN

New directive HttpProtocol which allows to disable HTTP/0.9 support. The syntax is designed to allow addition of a +/- strict option later on.

comment spelling fix

Move *_DECLARE_* macros to beginning of line in headers. Patch submitted by: normw gknw net.

Replace ap_create_core_ctx()/ap_core_ctx_get_bb() with a hook

Fix various filter functions to return apr_status_t instead of int

Make the core input/output filter contexts private and provide accessor APIs for mpm_winnt and mod_ftp. This allows to add members to the context structs without breaking binary compatibility.

Core configuration: add AllowOverride option to treat syntax errors in .htaccess as non-fatal. PR 52439

Clean up size_t abuse, part 2. ap_malloc/calloc/realloc are explicitly excluded from this cleanup as they must be signature identical to the clib functions, and although the definition of size_t has been flakey, the definition of those functions appears to be generally clean since ANSI C.

fix comment

Pass ap_errorlog_info to error_log hook.

Change default FileETag to be "size mtime", i.e. remove the inode. Adjust the etag generation in mod_dav_fs to the new default. PR 49623.

More cleanup: Expand tabs and some more indentation fixes No functional change

Cleanup effort in prep for GA push: Trim trailing whitespace... no func change

Add in MaxRangeOverlaps and MaxRangeReversals to accomodate more control over acceptable Range headers: See: http://trac.tools.ietf.org/wg/httpbis/trac/ticket/311

take care of some MaxRanges feedback: * allow "none" to be expressed in config * send Accept-Ranges: none with MaxRanges none * stop accepting confusing/ambiguous "0", start accepting "unlimited".

add MaxRanges directive institute a default limit of 200 (post-merge where applicable) Ranges before returning the complete resource. (minor mmn bump for core_dir_config addition)

Add AllowOverrideList directive and documentation

Introduce new function ap_get_conn_socket() to access the socket of a connection

Introduce ap_(get|set)_core_module_config() functions/macros and use them everywhere. We know that the core module has module_index 0. Therefore we can save some pointer operations in ap_get_module_config(cv, &core_module) and ap_set_module_config(cv, &core_module, val). As these are called rather often, this may actually have some (small) measurable effect.

- Introduce concept of context prefix (which is an URL prefix) and context document root (which is the file system directory that this URL prefix is mapped to). This generalization of the document root makes it easier for scripts to create self-referential URLs and to find their files. - Expose CONTEXT_DOCUMENT_ROOT and CONTEXT_PREFIX as envvars, in mod_rewrite, and in ap_expr. - Make mod_alias and mod_userdir set the context information. - Allow to override the document root on a per-request basis. This allows mass vhosting modules to set DOCUMENT_ROOT correctly. - Make mod_vhost_alias set the per-request document root PR: 26052, 46198, 49705 Remaining tasks: - Use the context document root & prefix in mod_rewrite to make RewriteBase unneccessary in many cases. Do this without breaking compatibility. - Write docs.

- Add <ElseIf> and <Else> to complement <If> sections. These are both easier to use and more efficient than using several <If> sections. - Update <If> documentation a bit.

Reorder members in core_dir_config to be more logical and efficient. MMN bump was already in r1131465

allow error log formatters to peek at the message format

Add new ap_reserve_module_slots/ap_reserve_module_slots_directive API, necessary if a module (like mod_perl) registers additional modules later than the EXEC_ON_READ phase. Tested by: Torsten Foertsch <torsten foertsch gmx net>

Add in a configuration generation... this is independent of MPM gen, just in case we ever switch MPMs at a graceful ;)

core: AllowEncodedSlashes new option NoDecode to allow encoded slashes in request URL path info but not decode them. Change behavior of option "On" to decode the encoded slashes as 2.0 and 2.2 do. PR 35256, PR 46830.

spelling fix

Create new ap_state_query() function that allows modules to determine if the current configuration run is the initial one at server startup, and if the server is started for testing/config dumping only.

Initialize the core_dir_config->sec_files and ->sec_if only if needed. This saves some memory and two apr_array_append()s per directory merge.

Merge the <If> sections in a separate step ap_if_walk, after ap_location_walk. This makes <If> apply to all requests, not only to file base requests and it allows to use <If> inside <Directory>, <Location>, and <Files> sections. The merging of <If> sections always happens after the merging of <Location> sections, even if the <If> section is embedded inside a <Directory> or <Files> section.

Replace ap_expr with a parser derived from mod_ssl's parser. Make mod_ssl use the new parser. Rework ap_expr's public interface and provide hooks for modules to add variables and functions. The Netware and Windows build files still need to be adjusted

improve docs for ap_errorlog_handler and ap_errorlog_info

Add generate_log_id hook to allow to use the ID generated by mod_unique_id as error log ID for requests.

In ErrorLogFormat, make it possible to log an item only if the loglevel of the message is higher than a specified value. This allows to achive the old behaviour for the source file name/line number of being only logged for debug and higher.

add comment about (not) using pools in error log format handlers

Add ErrorLogFormat directive for configuring the error log format, including additional information that is logged once per connection or request. Add error log IDs for connections and request to allow correlating error log lines and the corresponding access log entry.

Disable sendfile by default, as discussed at http://mail-archives.apache.org/mod_mbox/httpd-dev/201007.mbox/<4C4355EE.2060605@rowe-clan.net>

Move AddOutputFilterByType implementation from core to mod_filter.

re-order many struct members for better alignment on 64bit

- Add loglevels to request_rec and conn_rec - Introduce per-directory loglevel configuration

Remove loglevel entry in core_dir_config, which has been unused for at least some years.

Turn static function get_server_name_for_url() into public function ap_get_server_name_for_url() and use it where appropriate. This fixes mod_rewrite generating invalid URLs for redirects to IPv6 literal addresses.

mod_logio: introduce new optional function ap_logio_get_last_bytes to get total byte count of last request. core: Use ap_logio_get_last_bytes to report more accurate byte counts in mod_status if mod_logio is loaded. Without mod_logio, don't increment counts for HEAD requests. PR: 25656

Security fix for CVE-2009-1195: fix Options handling such that 'AllowOverride Options=IncludesNoExec' does not permit Includes with exec= enabled to be configured in an .htaccess file: * include/http_core.h: Change semantics of Includes/IncludeNoExec options bits to be additive; OPT_INCLUDES now means SSI is enabled without exec=. OPT_INCLUDES|OPT_INC_WITH_EXEC means SSI is enabled with exec=. * server/core.c (create_core_dir_config): Remove defunct OPT_INCNOEXEC from default override_opts; no functional change. (merge_core_dir_configs): Update logic to ensure that exec= is disabled in a context where IncludesNoexec is configured, even if Includes-with-exec is permitted in the inherited options set. (set_allow_opts, set_options): Update to reflect new semantics of OPT_INCLUDES, OPT_INC_WITH_EXEC. * server/config.c: Update to remove OPT_INCNOEXEC from default override_opts; no functional change. * modules/filters/mod_include.c (includes_filter): Update to reflect new options semantics - disable exec= support if the OPT_INC_WITH_EXEC bit is not set. Submitted by: Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>, jorton Thanks to: Vincent Danon <vdanon redhat.com>

Disabled DefaultType directive and removed ap_default_type() from core. We now exclude Content-Type from responses for which a media type has not been configured via mime.types, AddType, ForceType, or some other mechanism. MMN major bump to NZ time. PR: 13986

bollocks, it's absolute crap to break the ABI structure alignment for features

* include/http_core.h (core_dir_config): Fix warning: overflow in implicit constant conversion, generated by core.c line 117, which sets content_md5 to '2', which is too big for a signed value -- but it looks like this was really meant to be unsigned.

Include http_config.h from http_core, since now without CORE_PRIVATE, you need the definition for the module type.

Remove CORE_PRIVATE. This define serves no modern purpose, since every module in the wild, including our own define it, for no purpose. If you have functions which you do not want in the 'public' API, put them in a private header, that is not installed, just like mod_ssl does.

HTTPD Core: Implement <If> sections for conditional (runtime) configuration. N.B. This is a first pass, and has a way to go!

*) mod_logio: Provide optional function to allow modules to adjust the bytes_in count [Eric Covener] Practical example: alternate SSL implementation that lives beyond the filters (IOL)

re-introduce ap_satisfies API back into core and modify how the access_checker, check_user_id and auth_checker hooks are called so that they respect the precedence that is set through the satisfy ALL/ANY directive. This also restores the directives order, allow, deny, satisfyas supported directives rather than being deprecated. These directives still remain in mod_access_compat however.

update license header text

Update the copyright year in all .c, .h and .xml files

Authz refactoring Merge from branches/authz-dev Basically here is a list of what has been done: - Convert all of the authz modules from hook based to provider based - Remove the ap_requires field from the core_dir_config structure - Remove the function ap_requires() since its functionality is no longer supported or necessary in the refactoring - Remove the calls to ap_some_auth_required() in the core request handling to allow the hooks to be called in all cases. - Add the new module mod_authz_core which will act as the authorization provider vector and contain common authz directives such as 'Require', 'Reject' and '<RequireAlias>' - Add the new module mod_authn_core which will contain common authentication directives such as 'AuthType', 'AuthName' and '<AuthnProviderAlias>' - Move the check for METHOD_MASK out of the authz providers and into the authz_core provider vector - Define the status codes that can be returned by the authz providers as AUTHZ_DENIED, AUTHZ_GRANTED and AUTHZ_GENERAL_ERROR - Remove the 'Satisfy' directive - Implement the '<RequireAll>', '<RequireOne>' block directives to handle the 'and' and 'or' logic for authorization. - Remove the 'AuthzXXXAuthoritative' directives from all of the authz providers - Implement the 'Reject' directive that will deny authorization if the argument is true - Fold the 'Reject' directive into the '<RequireAll>', '<RequireOne>' logic - Reimplement the host based authorization functionality provided by 'allow', 'deny' and 'order' as authz providers - Remove the 'allow', 'deny' and 'order' directives - Merge mod_authn_alias into mod_authn_core - Add '<RequireAlias>' functionality which is similar to '<AuthnProviderAlias>' but specific to authorization aliasing - Remove all of the references to the 'authzxxxAuthoritative' directives from the documentation - Remove the 'Satisfy' directive from the documentation - Remove 'Allow', 'Deny', 'Order' directives from the documentation - Document '<RequireAll>', '<RequireOne>', 'Reject' directives - Reimplement the APIs ap_auth_type(), ap_auth_name() as optional functions and move the actual implementation into mod_authn_core - Reimplement the API ap_some_auth_required() as an optional function and move the actual implementation into mod_authz_core Major Changes: - Added the directives <RequireAll>, <RequireOne>, <RequireAlias>, Reject - Expanded the functionality of the directive 'Require' to handle all authorization and access control - Added the new authz providers 'env', 'ip', 'host', 'all' to handle host-based access control - Removed the directives 'Allow', 'Deny', 'Order', 'Satisfy', 'AuthzXXXAuthoritative' - Removed the ap_require() API - Moved the directives 'AuthType', 'AuthName' out of mod_core and into mod_authn_core - Moved the directive 'Require' out of mod_core and into mod_authz_core - Merged mod_authn_alias into mod_authn_core - Renamed mod_authz_dbm authz providers from 'group' and 'file-group' to 'dbm-group' and 'dbm-file-group' Benefits: - All authorization and access control is now handle through two directives, 'Require' and 'Reject' - Authorization has been expanded to allow for complex 'AND/OR' control logic through the directives '<RequireAll>' and '<RequireOne>' - Configuration is now much simpler and consistent across the board - Other modules like mod_ssl and mod_proxy should be able to plug into and take advantage of the same provider based authorization mechanism by implementing their own providers Issues: - Backwards compatibility between 2.2 and 2.3 configurations will be broken in the area of authorization and access control due to the fact that the directives 'allow', 'deny', 'order' and 'satisfy' have been removed. When moving from 2.2 to 2.3 these directives will have to be changed to 'Require all granted', 'Require all denied' or some variation of the authz host-based providers. - Existing third party authorization modules will have to adapt to the new structure.

Okay, at least be nice when "breaking" the API. Tuck the new bitfield to the tail and adjust the MMN

Add in the UseCanonicalPhysicalPort directive, which basically allows Apache to configurably ( :) ) use the physical port when constructing the canonical port. Also add the exact ordering to the docs, so people can easily see how it works. We now have compatibility with both 2.0 and 1.3.

NET_TIME, as a standalone feature, was a horrid idea. The core filter will NOT operate correctly across platforms (even between Linux/Solaris) without setting up the conn->timeout, so always apply the timeout when establishing the core filter. The keep-alive-timeout is entirely an HTTP-ism, and needs to move to the http protocol handler. Note #1; this isn't triggered in the event mpm, but the event mpm introspects s->keep_alive_timeout directly adding it to the pollset, so this is a non-sequitor. Finally, once the headers are read, the named virtual host may have a different (more/less permissive) timeout for the remainder of the request body. This http-centric patch picks up that subtle detail and can switch to a named-vhost timeout.

Doxygen fixup / cleanup submited by: Neale Ranns neale ranns.org reviewed by: Ian Holsman

Initially a no-op. Add trace_enable configuration. The http and proxy flavors of interpreting this flag are yet to be committed.

Merge the listen-protocol sandbox branch to trunk. I will be adding documentation for the new directives hopefully in the next day or so. * server/core.c: Added 'Protocol' to the core module config Added ap_{set,get}_server_protocol API. Added new directive: 'AcceptFilter'. Enable 'httpready' by default on systems that support it. Use dataready filters for others. * server/listen.c: Attempt to inherit protocols from Listener Records to Server configs. The 'Listen' directive can now optionally take a protocol arg Move bits that determined which accept filter is applied to core.c. Added bits to find the correct accept filter based on the core's configuration. * include/{ap_listen.h,http_core.h}: Add Protocol to respective structures. * include/http_core.h: Add the accf_map table to the core_server_config structure * include/ap_mmn.h: Minor MMN Bump for the new interfacces. * modules/ssl/ssl_engine_init.c: Use the new protocol framework to enable mod_ssl for 'https' websites.

Support the suppress-error-charset setting, as with Apache 1.3.x. With Apache 1.3.x, it is a bit simpler as the request does not go through ap_make_content_type(). Modules can set custom error responses but not be able to set the charset, so they have to code the charset in the html. Thus, it is useful to preserve 1.3.x behavior exactly. PR: 26467

Move the POSIX reg* implementations into the ap_* namespace; internalise the ap_reg*<->PCRE wrapper: * configure.in: Add srclib/pcre to the include path. * include/ap_regex.h: Renamed from include/pcreposix.h. Prefix all constants with AP_; prefix all functions and types with ap_. Define AP_DECLARE to nothing if necessary. Remove regcomp error codes. * include/httpd.h: Include ap_regex.h not pcreposix.h. (ap_pregcomp, ap_regexec, ap_regfree): s/regex_t/ap_regex_t/. (ap_regexec, ap_regerror): Prototypes moved to ap_regex.h. * server/util.c (regex_cleanup, ap_pregcomp, ap_pregsub, ap_pregfree): Adjust for ap_ prefixed types. (ap_regexec, ap_regerror): Removed. * server/Makefile.in: Build util_pcre.c. * server/util_pcre.c: Copied from srclib/pcre/pcreposix.c; remove use of PCRE-internals to do error mapping; rename types to add AP_/ap_ prefixes as above. Use APR includes. (ap_regerror): Use apr_snprintf. * srclib/pcre/Makefile.in: Don't build pcreposix.c into libpcre.la. * modules/*: Update to use new type and constant names. PR: 27750 (part one) Submitted by: Andres Salomon <dilinger voxel.net>, Joe Orton

Update copyright year to 2005 and standardize on current copyright owner line.

Fix gcc "no previous prototype" warnings after reorganisation: * server/core_filters.c (ap_core_input_filter, ap_core_output_filter, ap_net_time_filter): Renamed to add ap_ prefixes for global symbols. * include/ap_listen.h: Don't export ap_listen_open at all, it's not used outside server/listen.c any more. * server/listen.c (open_listeners): Renamed from ap_listen_open.

Added 'AllowOverride Options=Indexes,MultiViews' to give an admin better control over what options can be used in .htaccess files. PR: 29310 Submitted by: Tom Alsberg <alsbergt-apache cs.huji.ac.il>

Fix memory corruption problem with ap_custom_response() function. The core per-dir config would later point to request pool data that would be reused for different purposes on different requests. This is based on an old 1.3 patch submitted by Will Lowe. It needs a minor tweak before committing to 1.3, but he had it pretty darn close.

Satisfy directives now can be influenced by a surrounding <Limit> container. PR: 14726.

fix name of The Apache Software Foundation

fix copyright dates according to the first check in

apply Apache License, Version 2.0

update license to 2004.

Rework of the recursion stopper - collapse recursion counters into one function Reviewed by: Justin Erenkrantz

Prevent the server from crashing when entering infinite loops. The new LimitInternalRecursion directive configures limits of subsequent internal redirects and nested subrequests, after which the request will be aborted. [William Rowe, Jeff Trawick, Andr� Malo] PR: 19753 (and probably others)

finished that boring job: update license to 2003. Happy New Year! ;-))

here we go. add a directive that will keep %2f from being decoded into '/', allowing the *_walk to do their magic and return 404 if it's in the path, and allowing it in the path-info.

move rfc1413 code to a new module "metadata:mod_ident". The rfc1413 code itself is mostly c&p, but can still bear some rework ... This patch removes the global ap_rfc1413 function and the ap_rfc1413_timeout variable. It also introduces a new config directive IdentityCheckTimeout (default 30 sec). Reviewed by: Justin Erenkrantz

comment an endif for clarity

mod_logio modification: count bytes-sent after the writev or sendfile call in the core_output_filter, in order to get a more accurate count of the total bytes transmitted in cases where the client terminates the connection before the entire response is sent. Note: This works by adding a flush bucket to each response when mod_logio is used; the side-effect is that pipelined responses get broken up into separate network writes per request (but there's no impact on pipelining when mod_logio is not enabled). Submitted by: Bojan Smojver <bojan@rexursive.com> Reviewed by: Brian Pane

Introduce an EnableSendfile directive (defaulted to ON) to allow users to disable sendfile mechanics for NFS volume mounts and other kernel objects that don't support sendfile. And EnableSendfile off can be used to help narrow bugs down to the sendfile mechanics or eliminate the possiblity that sendfile is a factor on any given platform.

Add logic to the default_handler to enable script delivery to script processors located in the output filter stack. This is on by default, but will change "soon" to off -- the processors will then need to enable it when they are installed into the filter chain.

Added EnableMMAP directive to allow the server administrator to prevent mmap of file buckets upon read.

Whoops, missed this. Moved these symbols to mod_core.h

Match the new APR_BUCKET_BUFF_SIZE. We want this to be slightly less than 8KB to leave room for the various allocators' internal structures while still fitting into a total of 8KB.

Final commit to add ap_rset_content_type accessor. Add AddOutputFiltersbyType filters during call to ap_rset_content_type()

Update our copyright for this year.

Introduce AddOutputFilterByType directive. AddOutputFilterByType DEFLATE text/html (I will add docco soon, I promise. If someone beats me to it, cool...)

Replaced some more ap_add_output_filter() calls with ap_add_output_filter_handle() for efficiency

Performance improvement: incorporated the use of the new ap_add_input_filter_handle() and ap_add_output_filter_handle() functions for core filters

Bring forward the FileETag directive enhancement from 1.3.23-dev. (Passes all 61 of the apache/etags.t test.) Bump MMN due to change to core_dir_config structure (new fields at end).

Fix LimitRequestBody directive by moving the relevant code from ap_*_client_block to ap_http_filter (aka HTTP_IN). This is the only appropriate place for limit checking to occur (otherwise, chunked input is not correctly limited). Also changed the type of limit_req_body to apr_off_t to match the other types inside of HTTP_IN. Also made the strtol call for limit_req_body a bit more robust.

Generalized the recent prep_walk_cache optimizations to allow other modules to register "notes" within the array of working data in the core_request_config

Performance fix for prep_walk_cache(): Moved the directory/location/file-walk caches from the request's pool userdata hash table to the core_request_config struct. This change removes about 60% of the processing time from prep_walk_cache().

Jeff's guess, right on. [Thought I committed it all... gotta grab a clean parallel tree, all my parallel trees are dirty again.]

hack up core_dir_config so that server/core.c compiles again

change the signature of ap_custom_response() to use a "const char *" instead of a "char *". PR: 8791 Submitted by: Kurt Brown kurtb149@yahoo.com Reviewed by: Ian Holsman

Remove the Win32 script-processing exception from mod_cgi, and roll build_command_line/build_argv_list into a unified, overrideable ap_cgi_build_command optional function. Eliminates a ton of Win32 cruft from core.c for registry parsing. Win32 (through the default handler, and newest changes to the apr_proc_create fn) continues to serve .bat/.exe files. This is in preparation for adding modules/arch/win32/mod_win32 for scripts. Please review the mod_cgi.c behavior very carefully.

Changed syntax of Set{Input|Output}Filter. The list of filters must be semicolon delimited (if more than one filter is given.) The Set{Input|Output}Filter directive now overrides a parent container's directive (e.g. SetInputFilter in <Directory /web/foo> will override any SetInputFilter directive in <Directory /web>.) This new syntax is more consistent with Add{Input|Output}Filter directives defined in mod_mime. Also cures a bug in prior releases where the Set{Input|Output}Filter directive would corrupt the global configuration if the multiple directives were nested. [William Rowe]

Since the mod_mime patch was applied, here is the rest of the patch to introduce the ForceType and SetHandler [absolute references] directly into the very top of the fixups phase. This means these will always override _any_ mime module, not just mod_mime. Ergo, other mime modules can continue to set charset, encodings, etc. Since these are globals, they belong in the core. This highlights a very serious drawback to the type_checker hook. By using run first, a module that identifies _partial_ information (maybe just the content type) won't pass the query on to other modules, like mod_mime, that might further define the encoding or charset. The type_checker hook should clearly become a run-all, and the modules should decline if they see someone ahead of them answered a question they were going to try to figure. Which means - if type_checker becomes RUN_ALL - this new override hook fn should become a type_checker again - and RUN_REALLY_FIRST, and let other modules _choose_ not to override this election. (We can run it again at the end, for a recount ;) Votes?

Eliminate proxy: (and all other 'special') processing from the ap_directory_walk() phase. Modules that want to use special walk logic should refer to the mod_proxy map_to_location example, with it's proxy_walk and proxysection implementation. This makes either directory_walk flavor much more legible, since that phase only runs against real <Directory > blocks. On a technical note, this patch also forces the Directory to be canonical (unless it is "/" or a regex.) It also allows us to be more explicit when declaring <Directory > block errors.

sec, sec, who's got a sec? This gave me a headache, but I had to clear out the last patch before I rearranged this to be _readable_. Next step for everyone's sanity, provide <Proxy > directives ;)

Add the ability to extend the methods that Apache understands and have those methods <limit>able in the httpd.conf. It uses the same bit mask/shifted offset as the original HTTP methods such as M_GET or M_POST, but expands the total bits from an int to an ap_int64_t to handle more bits for new request methods than an int provides. Submitted by: Cody Sherr <csherr@covalent.net>

Provide the same optimization to the dir_config structure to track d_is_absolute, along with d_is_fnmatch.

Doc formatting fixes

Define a hook for fetching management/status items. This patch was submitted by Ian Holsman. Greg revised some names, applied the Apache style, and namespace-prefixed the public symbols. Minor bugfix in the use of the hook implementation macro. Submitted by: Ian Holsman <IanH@cnet.com> Reviewed by: Greg Stein

Change AP_MIN_BYTES_TO_WRITE from 9000 to 8192 to match the bucket buffer size. This fixes the 8192-808-8192-808 iovec-length sequence problem on platforms using writev() (eg OS/2). Reviewed by: Brian Havard

tweak ap_get_remote_host() so that the caller can find out if she got back an IP address mod_access needed to know this, but the old code didn't handle IPv6

just making server_signature enum decl easier to read (for both humans and C::Scan)

shift some declarations over to mod_core.h where they're totally private.

Update copyright to 2001

fix minor prototype inconsistencies noticed with C::Scan

get Apache building again after the change to make_exports.awk yeah, I know, this shouldn't be necessary. you're preaching to the choir. but this does the job until make_exports.awk gets slightly more robust.

Normalize the use of AP_DECLARE_DATA

The big change. This is part 3 of the apr-util symbols rename, please see the first commit of srclib/apr-util/include (cvs apr-util/include) for the quick glance at symbols changed.

*) Compensate for recent changes in the APR headers. Specifically, some files need to specifically include stdio.h, or a particular apr_*.h header. *) Adjust callers of apr_create_process() to deal with the extra "const" *) Add "const" to args of ap_os_create_privileged_process()

Next pass at the content-length filter. Not perfect quite yet, but getting closer Submitted by: Greg Stein

Modify the content-length filter to change the criteria used to determine if/when we compute the content-length. There are just a few cases now: 1) We already have all the data 2) We don't have all the data and: 2a) This is a 1.1 request but we can't chunk 2b) The is a keep-alive request In the future, we probably want to modify this to not be a keep-alive request. This filter always buffers 9K of data. The reason is simple, the core will buffer 9K at a time anyway, and there is a chance that we may get the end of the request before we hit 9K. This increases our chances of being able to send a c-l.

Missed these first time round... More apr_port_t changes.

ap_get_client_block() now uses a brigade in core_request_config instead of a brigade in core_dir_conf. For now, getline() and ap_get_client_block() share a brigade.

Add a core_request_config so we have a safe semi-hidden place to save core data that lives across function calls during a single request. Change getline() to take a request_rec parm (rather than a conn_rec) so we can access the core_request_config. This is in preparation for adding look-ahead functionality to getline(), so it can support header line folding once again. I'm committing these changes first so the core_request_config can be used elsewhere (i.e. ap_get_client_block).

Rename output filters field ("filters") in core_dir_config to "output_filters" for consistency with the name of the input filters field ("input_filters").

input filtering changes: get dechunking working verify that infrastructure for input filters works (use existing AddInputFilter directive) Unlike with my previous patch, ap_get_client_block() saves state between calls in the core's per-request dir config. Unlike with my previous patch, HTTP_IN keeps a count of remaining bytes in the conn_rec. Code that needs to prod it to deliver a certain amount of request body plays with conn_rec->remain directly.

Renamed all MODULE_EXPORT symbols to AP_MODULE_DECLARE and all symbols for CORE_EXPORT to AP_CORE_DECLARE (namespace protecting the wrapper) and retitled API_EXPORT as AP_DECLARE and APR_EXPORT as APR_DECLARE. All _VAR_ flavors changes to _DATA to be absolutely clear. Thank you Greg, for the most obvious suggestion.

Add a bit of infrastructure which will be needed for input filtering: 1) separate filter lists hanging off the r and the c requests start off with the same filter list as the connection the input filter list is not initialized for subrequests internal redirects start off with the same filter list as the connection 2) AddInputFilter directive (blatant rip-off of Ryan's AddOutputFilter directive); as with AddOutputFilter, the network is implicitly to the right of the specified filter list; this may not be the most intuitive way to specify the filters; not sure yet

Add the AddFilter directive. This directive takes a list of filter names that have been previously registered with the server. Currently the directive is only valid inside the config file, but once the Options directive is tweaked a bit, I would feel more comfortable exposing this directive to htaccess files. As a part of making adding this filter, I removed the ctx pointer from the ap_add_filter prototype. The problem is that the core is the thing that is actually inserting the filter into the filter stack, but the core doesn't know how to allocate memory for each filter. The solution is to have the filters themselves be responsible for allocating the ctx memory whenever it is required.

Document http_core's public APIs for use with ScanDoc.

prefix libapr functions and types with apr_

shift the LimitXMLRequestBody directive to the core. use it from util_xml.

Whoops... will be needing this exported rsn for mod_mmap_static. But the argument to register hook fn takes a __cdecl function, so _NONSTD it is. PR: Obtained from: Submitted by: Reviewed by:

Hook functions aren't translated (and when they are, they are _NONSTD)... but you don't need to export a function you will pass by ref to a register hook function. PR: Obtained from: Submitted by: Reviewed by:

blast the old names for the status codes

This Win32 patch adds the key HKCR/filetype/shell/execcgi/command as the preference over the HKCR/filetype/shell/open/command for registry-based script execution, allowing two behaviors to coexist peacefully (the pipe based console behavior and the Win32 shell behavior.) The new ScriptInterpreterSource registry-strict directive dismisses bth the HKCR/filetype/shell/open/command and the shebang processing for administrators who are interested in explicit authorization of file type execution allowed in the context of subscriber-created scripts. The net result: only HKCR/filetype/shell/execcgi/command processing is permitted. Docs to follow shortly. PR: Obtained from: Submitted by: Reviewed by:

This patch solves several specific issues: 1.3.x truncated any open/command arguments following the %1 arg. so this patch adds the char** arguments to several functions 1.3.x did not expand environment strings (%userprofile% etc.) *) This patch may still not do so, if we are running with a subset of the 'normal' environment for security reasons. 1.3.x did not parse the extension itself (eg. the .pl key itself) for the command, failing the 'named' type (eg. perlscript), so this patch first tests the 'named' key, then the .ext key PR: Obtained from: Submitted by: Reviewed by:

Command handler revamp. Note that this makes the code produce a LOT of warnings!

Add the resource limiting code back to Apache 2.0. This only works on Unix because I can't find any other platforms with rlimit. If there are other platforms that need this code, then some of the code needs to move. This has just barely been tested, so it could probably use some good testing.

PR: Obtained from: Submitted by: Reviewed by: Hmmm... exporting a hook, very interesting :-) But the win32 build believes hooks are pretty uninteresting, mostly static __cdecl calls, so pound this declaration into NONSTD.

Port mod_mmap_static to 2.0. Make it go faster. core: Export core_translate() as ap_core_translate() for use by mod_mmap_static. Submitted by: Greg Ames Reviewed by: Jeff Trawick

PR: Obtained from: Submitted by: Reviewed by: Reverse out all _EXPORT_VAR changes back to their original _VAR_EXPORT names for linkage (API_, CORE_, and MODULE_).

This patch corrects the issues from the AP_EXPORT and linkage specification arguments to the ap_hooks.h declarations. As with the APR_ and AP_ patches, API_VAR_EXPORT becomes API_EXPORT_VAR, and MODULE_VAR_EXPORT becomes MODULE_EXPORT_VAR. I will be happy to revert the inclusion of ap_config.h from httpd.h if this bothers anyone. More individual modules need to be patched if we do so. The API_EXPORTs all moved into central storage in the ap_config.h header. Without WIN32 or API_STATIC compile time declarations, these macros remain no-ops. This patch also moves the following data from http_main to http_config: const char *ap_server_argv0; const char *ap_server_root; ap_array_header_t *ap_server_pre_read_config; ap_array_header_t *ap_server_post_read_config; ap_array_header_t *ap_server_config_defines; And the following variables had already moved into ap_hooks.c: ap_pool_t *g_pHookPool; (initialized now in http_config) int g_bDebugHooks; (out of http_config) const char *g_szCurrentHookName; (out of http_config) The changes to http_main.c are in preparation for that module to move out to a seperate .exe for win32. Other platforms will be unaffected, outside of these changes.

Change ap_context_t to ap_pool_t. This compiles, runs, and serves pages on Linux, but probably breaks somewhere.

Update to Apache Software License version 1.1

Backport the CSS security fixes to Apache 2.0a. Or is that forward port? My sense of direction is all confused. PR: Obtained from: Submitted by: Reviewed by:

Fix all the License issues. Including: s/Apache Group/Apache Software Foundation/ s/1999/2000/ s/Sascha's license/ASF license

Add back the script_interpreter_source code.

Finish the commits for the change in the header files. Basically, this hides all of the Apache macros that modules don't need access to. This should have been committed with the modules, but I wasn't paying attention to the directory I was in when I ran the commit. Submitted by: Manoj Kasichainula and Ryan Bloom

Changed pools to contexts. Tested with prefork and pthread mpm's. I'll check this out tomorrow and make sure everything was checked in correctly.

Rearchitect the mess in http_main.c, http_core.c and buff.c. Basic restructuring to introduce the MPM concept; includes various changes to the module API... better described by docs/initial_blurb.txt. Created multiple process model (MPM) concept by ripping out the process guts from http_main.c and http_core.c and moving them to separate files under src/modules/mpm/ Moved socket creation stuff to listen.c. Moved connection open, maintenance and close to http_connection.c. I/O layering and BUFF revamp. Much of buff.c moved to ap_iol, iol_socket, and iol_file. See docs/buff.txt. Moved user and auth fields from connection_rec to request_rec. Removed RLIMIT stuff, supposedly to be implemented later in mod_cgi. Disabled suexec, supposedly to be reimplemented later. Submitted by: Dean Gaudet

Apache 1.3.9 baseline for the Apache 2.0 repository. Obtained from: Apache 1.3.9 (minus unused files), tag APACHE_1_3_9 Submitted by: Apache Group