Mention how "satisfy any" affects AAA hooks run after access_checker (access_checker_ex, check_user_id, auth_checker)

access_checker_ex runs immediately after access_checker, which both must run well before auth_checker. No other contrast is possible so assuming this doc is just a typo. access_checker vs. access_checker_ex is discussed here: Subject: svn commit: r964156 - in /httpd/httpd/trunk: docs/manual/developer/ include/ modules/aaa/ server/ http://svn.apache.org/viewvc?rev=964156&view=rev

document params

add dirwalk_stat hook, for use by mpm-itk

core: Add post_perdir_config hook. Submitted by: Steinar Gunderson <sgunderson bigfoot.com> trawick added/fixed include/ pieces

Rename ap_func_attr_* macros to AP_FN_ATTR_* Add macro for attribute alloc_size on newer gcc's

More cleanup: Expand tabs and some more indentation fixes No functional change

Cleanup effort in prep for GA push: Trim trailing whitespace... no func change

Avoid "`sentinel' attribute directive ignored" warning with gcc 3.x

Add __attribute__((sentinel)) to a few functions that require a terminal NULL argument.

Cleanup... most don't need apr_hooks.h at all...

Merge the <If> sections in a separate step ap_if_walk, after ap_location_walk. This makes <If> apply to all requests, not only to file base requests and it allows to use <If> inside <Directory>, <Location>, and <Files> sections. The merging of <If> sections always happens after the merging of <Location> sections, even if the <If> section is embedded inside a <Directory> or <Files> section.

The approach for allowing authorization by user or IP introduced in r956387, etc. causes problems because the authentication module calls note_*_auth_failure if authentication fails. This is inappropriate if access is later allowed because of the IP. So, instead of calling the auth_checker hook even if authentication failed, we introduce a new access_checker_ex hook that runs between the access_checker and the check_user_id hooks. If an access_checker_ex functions returns OK, the request will be allowed without authentication. To make use of this, change mod_authz_core to walk the require blocks in the access_checker_ex phase and deny/allow the request if the authz result does not depend on an authenticated user. To distinguish a real AUTHZ_DENIED from an authz provider from an authz provider needing an authenticated user, the latter must return the new AUTHZ_DENIED_NO_USER code.

Add ap_process_request_after_handler to the exported list for mod_serf

Fix a lot of doxygen warnings. Thanks to Brad Hards for the patch. I added a few more fixes, and there are still more that might need a doxygen expert. PR: 48061 Submitted by: Brad Hards Reviewed by: poirier

Introduce Suspendable Requests to the Event MPM. Using this basic framework, you can return SUSPENDED from an HTTP Handler, and then register a callback that is invoked by the MPM at a later time. This initial version only supports _timers_ as callbacks, but in the future I would like to add things like wait for socket activity, on a socket specified by the handler. Once in a callback, It is then the responsibility of the callback fucntion to finish the HTTP Request handling, but this alows you to do cool things like a fully async proxy, COMET support, or even rate limiting. To prove I'm not insane, I've inlcuded an example module, mod_dialup. You can configure it like this: <Location "/docs"> ModemStandard "V.32" </Location> And for static files inside that path, you will be rate limited to V.32 speeds, aka 9.6 kilobits/second. Does anyone besides Rüdiger read commit emails :-) ? I know there are likely huge problems with this, but I would like to see how far we can push the Event MPM, figure out what to do better, if there is anything, and then really dive into the 3.0 development before ApacheCon. * server/mpm/experimental/event/fdqueue.h: (timer_event_t): New structure to hold timer events and callback functions. * server/mpm/experimental/event/fdqueue.c (ap_queue_empty): Modify to also look at Timer Ring. (ap_queue_init): Initialize Timer Ring. (ap_queue_push_timer): New function, pushes a timer event into the queue. (ap_queue_pop_something): Renamed function, returns a timer event or a socket/pool for a worker thread to run. * server/mpm/experimental/event/event.c (process_socket): If the connection is in SUSPENDED state, don't force it into linger mode yet, the callback will have to take care of that. (push_timer2worker): New shortcut function, pushes timer event into queue for a worker to run. (timer_free_ring): New global data structure to recycle memory used by timer events. (timer_ring): New global data structure to hold active timer events. (g_timer_ring_mtx): Thread mutex to protect timer event data structures. (ap_mpm_register_timed_callback): New Function, registers a callback to be invoked by the MPM at a later time. (listener_thread): Calculate our wakeup time based on the upcoming Event Queue, and after pollset_poll runs, push any Timers that have passed onto worker threads to run. (worker_thread): Call new queue pop method, and if the Timer Event is non-null, invoke the callback. Once the callback is done, push the structure onto the timer_free_ring, to be recycled. (child_main): Initialize new mutex and ring structures. * server/config.c (ap_invoke_handler): Allow SUSPENDED aa valid return code from handlers. * modules/http/http_core.c (ap_process_http_async_connection): Don't close the connection when in SUSPENDED state. * modules/http/http_request.c (ap_process_request_after_handler): New function, body pulled from the old, ap_process_async_request. Split to let handlers invoke this so they don't need to know all of the details of finishing a request. (ap_process_async_request): If the handler returns SUSPENDED, don't do anything but return. * include/ap_mmn.h: Bump MMN. * include/ap_mpm.h (ap_mpm_register_timed_callback): New function. * include/httpd.h: (SUSPENDED): New return code for handlers. (request_rec::invoke_mtx): New mutex to protect callback invokcations from being run before the original handler finishes running. (conn_state_e): Add a suspended state. * include/http_request.h (ap_process_request_after_handler): New function to make it easier for handlers to finish the HTTP Request. * modules/test/config.m4: Add mod_dialup to build. * modules/test/mod_dialup.c: New rate limiting module, requires the Event MPM to work.

* include/http_request.h: Fix warning with gcc -Wall.

Remove CORE_PRIVATE. This define serves no modern purpose, since every module in the wild, including our own define it, for no purpose. If you have functions which you do not want in the 'public' API, put them in a private header, that is not installed, just like mod_ssl does.

Avoid calling access control hooks for internal requests with configurations which match those of the initial request. Revert to the original behaviour (call access control hooks for internal requests with URIs different from the initial request) if any access control hooks or providers are not registered as permitting this optimization. Introduce wrappers for access control hook and provider registration which can accept additional mode and flag data. The configuration walk optimizations were originally proposed a while ago (see http://marc.info/?l=apache-httpd-dev&m=116536713506234&w=2); they have been used since then in production systems and appear to be stable and effective. They permit certain combinations of modules and clients to function efficiently, especially when a deeply recursive series of internal requests, such as those generated by certain WebDAV requests, are all subject to the identical authentication and authorization directives. The major change from the original proposal is a cleaner mechanism for detecting modules which may expect the old behaviour. This has been tested successfully with Subversion's mod_authz_svn, which specifically requires the old behaviour when performing path-based authorization based against its own private access control configuration files.

update license header text

Update the copyright year in all .c, .h and .xml files

Redesign of request cleanup and logging to use End-Of-Request bucket (backport from async-dev branch to 2.3 trunk)

Corrected an out-of-date comment (it's been a while since main.c has called ap_process_request)

Doxygen fixup / cleanup submited by: Neale Ranns neale ranns.org reviewed by: Ian Holsman

Update copyright year to 2005 and standardize on current copyright owner line.

Minor comment fixes, no code changes: - 'sub request' -> 'subrequest' - @retrn -> @return - ... PR: Obtained from: Submitted by: Reviewed by:

use more intuitive variable names ap_sub_req_*_uri to use new_uri ap_sub_req_*_file to use new_file PR: Obtained from: Submitted by: Reviewed by:

fix name of The Apache Software Foundation

fix copyright dates according to the first check in

apply Apache License, Version 2.0

update license to 2004.

finished that boring job: update license to 2003. Happy New Year! ;-))

Clarify the use and sequencing of these three hooks.

Revert to the 1.39 comments about NULL for ap_sub_req_lookup() next_filter

Note the changed meaning of the NULL next_filter argument to the ap_sub_req_lookup() family, and fix a few oddball cases (those are, PATH_TRANSLATED reference issues.)

Update our copyright for this year.

Which PR? I can't count them all. Get QUERY_STRING and PATH_INFO working again. Also rounds out our fix to work around negotiated directories which Greg Ames fixed; this addition in request.c simply shortcuts all further processing.

This patch eliminates the wasteful run-time conversion of method names from strings to numbers in places where the methods are known at compile time. (Justin fixed the va_end() call to be correct.) Submitted by: Brian Pane <bpane@pacbell.net> Reviewed by: Justin Erenkrantz

Normalize all paths to run the same, common code for pre-request setup from the primary request, redirects and sub-requests. This will significantly reduce opporunities for inconsistancy (such as Ian observed, and as I repaired only a month ago.) This promotes process_request_internal to an ap_ namespace protected entity in server/request.c (from it's old home in http/http_request.c) since this fn has no http specifics. Reviewed (in concept): Cliff Woolley, Ian Holsman

Introduce the map_to_storage hook, which allows modules to bypass the directory_walk and file_walk for non-file requests. TRACE shortcut moved to http_protocol.c as APR_HOOK_MIDDLE, and the directory_walk/file_walk happen as APR_HOOK_VERY_LAST in core.c. A seperate patch to mod_proxy is required to short circuit both the TRACE and directory_walk/file_walk stuff. That patch is next.

Fix the macro expansion problem in the hook declaration. Submitted by: Ian Holsman <ianh@cnet.com>

_THIS_ is why mod_dir wouldn't serve the results of mod_negotiation with a query string

The real slim shady finally stood up. This patch segregates the fast internal redirect logic back into http_request, the next patch will actually fix it.

Downgrade non-stopper from XXX->###

Here, finally are a few cleanups of my fat fingers.

Move duplicated rnew cloning from apr_ap_sub_req_lookup_*() functions, and add an ap_sub_req_lookup_dirent() to create a subrequest from the results of an apr_dir_read() for mod_negotiation and mod_autoindex.

change create_request hook to RUN_ALL/return int so handlers can throw errors

Add a hook, create_request. This hook allows modules to modify a request while it is being created. This hook is called for all request_rec's, main request, sub request, and internal redirect. When this hook is called, the the r->main, r->prev, r->next pointers have been set, so modules can determine what kind of request this is. Currently, this is only used by the core module, but protocol modules are going to need to have the ability to affect the request while it is being read.

Check in not-quite-working hooks groupings.

Another chunk of code from http to core. This should continue to build on all platforms. The next job is to shuffle functions back and forth so that the server builds without mod_http.

Update copyright to 2001

fix minor prototype inconsistencies noticed with C::Scan

More doc improvements.

The big change. This is part 3 of the apr-util symbols rename, please see the first commit of srclib/apr-util/include (cvs apr-util/include) for the quick glance at symbols changed.

Allow modules to specify the first module for a sub-request. This allows modules to not have to muck with the output_filter after it creates the sub-request. Without this change, modules that create a sub-request have to manually edit the output_filters, and therefore skip the sub-request output_filter. If they skip the sub-request output_filter, then we end up sending multiple EOS buckets to the core_output_filter.

Fix a broken thing

Add a sub-request filter. This filter just strips the EOS from the brigade generated by the sub-request. If this is not done, then the main-request's core_output_filter will get very confused, as will any other filter in the main-request filter-stack that looks for EOS.

Renamed all MODULE_EXPORT symbols to AP_MODULE_DECLARE and all symbols for CORE_EXPORT to AP_CORE_DECLARE (namespace protecting the wrapper) and retitled API_EXPORT as AP_DECLARE and APR_EXPORT as APR_DECLARE. All _VAR_ flavors changes to _DATA to be absolutely clear. Thank you Greg, for the most obvious suggestion.

Document http_request.h using ScanDoc.

Add mnemonics for the ap_allow_methods() reset flag meanings.

Add support for arbitrary extension methods for the Allow response header field, and an API routine for modifying the allowed list in a unified manner for both known and extension methods.

prefix libapr functions and types with apr_

http_request.[ch]: *) add the "install_filter" hook as a hook/control point for modules to install their filters. [Ryan Bloom] http_protocol.c: *) move check_first_conn_error() up in the file; no actual changes *) add checked_bputstrs(), checked_bflush(), and checked_bputs(). These are copies of ap_rvputs(), ap_rflush(), and ap_rputs() respectively. The users of the checked_* functions will be independent of filtering changes to the ap_r* functions. *) add flush_filters() place holder

PR: Obtained from: Submitted by: Reviewed by: Reverse out additional linkage argument from DECLARE_HOOK and IMPLEMENT_HOOK macros.

This patch corrects the issues from the AP_EXPORT and linkage specification arguments to the ap_hooks.h declarations. As with the APR_ and AP_ patches, API_VAR_EXPORT becomes API_EXPORT_VAR, and MODULE_VAR_EXPORT becomes MODULE_EXPORT_VAR. I will be happy to revert the inclusion of ap_config.h from httpd.h if this bothers anyone. More individual modules need to be patched if we do so. The API_EXPORTs all moved into central storage in the ap_config.h header. Without WIN32 or API_STATIC compile time declarations, these macros remain no-ops. This patch also moves the following data from http_main to http_config: const char *ap_server_argv0; const char *ap_server_root; ap_array_header_t *ap_server_pre_read_config; ap_array_header_t *ap_server_post_read_config; ap_array_header_t *ap_server_config_defines; And the following variables had already moved into ap_hooks.c: ap_pool_t *g_pHookPool; (initialized now in http_config) int g_bDebugHooks; (out of http_config) const char *g_szCurrentHookName; (out of http_config) The changes to http_main.c are in preparation for that module to move out to a seperate .exe for win32. Other platforms will be unaffected, outside of these changes.

add AP_ prefix to *HOOK* macros

Change ap_context_t to ap_pool_t. This compiles, runs, and serves pages on Linux, but probably breaks somewhere.

Update to Apache Software License version 1.1

Fix all the License issues. Including: s/Apache Group/Apache Software Foundation/ s/1999/2000/ s/Sascha's license/ASF license

time overhaul: - ap_time_t is a 64-bit scalar, microseconds since epoch - ap_exploded_time_t corresponds to struct tm with a few extras probably broken on anything except linux.

First step in getting Apache to use APR's time libraries. This gets a good number of them, but I think there are more time values still in the Apache code. This works under Linux, but has not been tested anywhere else.

Changed pools to contexts. Tested with prefork and pthread mpm's. I'll check this out tomorrow and make sure everything was checked in correctly.

Start to implement module-defined hooks that are a) fast and b) typesafe. Replace pre_connection module call with a register_hook call and implement pre_connection as a hook. The intent is that these hooks will be extended to allow Apache to be multi-protocol, and also to allow the calling order to be specified on a per-hook/per-module basis. [Ben Laurie] Port a bunch of modules to the new module structure. ["Michael H. Voase" <mvoase@midcoast.com.au>] Submitted by: Ben Laurie

Apache 1.3.9 baseline for the Apache 2.0 repository. Obtained from: Apache 1.3.9 (minus unused files), tag APACHE_1_3_9 Submitted by: Apache Group