* mod_lua: fix compilation with lua-5.3

*) SECURITY: CVE-2014-8109 (cve.mitre.org) mod_lua: Fix handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments. PR57204 [Edward Lu <Chaosed0 gmail.com>] Submitted By: Edward Lu Committed By: covener

Add missing APLOGNO. Refactor some lines to keep APLOGNO on the same line as ap_log_error, when applicable. Split lines longer than 80. Improve alignment.

mod_lua: Remove dead code left over from the old code cache. The code that used this was commented out in r721594, then removed entirely in r728497, and finally a commit was made intending to remove the last traces of the code cache in r1200513, but this initialization lived on anyway. * modules/lua/mod_lua.c (create_server_config): Remove unused empty hash and rwlock for hash. * modules/lua/mod_lua.h (ap_lua_server_cfg): Remove unneeded hash and rwlock entries. Found by: Bert Huijben <rhuijben{_at_}collab.net>

Follow up to r1604336: Comment out hooks whose only references are now commented out, fixing a "-Wunused-function" warning

Revert early|late argument for LuaHookCheckUserID as it does not work right now.

mod_lua: Reformat and escape script error output.

mod_lua: be a bit more verbose in error logging.

mod_lua: Add a fixups hook that checks if the original request is intended for LuaMapHandler. This fixes a bug where FallbackResource invalidates the LuaMapHandler directive in certain cases by changing the URI before the map handler code executes.

'ap_getword_conf' can not return NULL

r1526906 followup: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]

mod_lua: Use a (new) global pool/mutex setup for IVM rather than a per-process pool.

mod_lua: If the first yield() of a LuaOutputFilter returns a string, it should be prefixed to the response as documented. Also, don't put empty heap buckets in the brigade if a yield() is called with no string.

mod_lua: Remove ETAG, Content-Length, and Content-MD5 when a LuaOutputFilter is configured without mod_filter. [Eric Covener]

register LuaOutputFilters with AP_FILTER_PROTO_CHANGE|AP_FILTER_PROTO_CHANGE_LENGTH

Return a 500 error instead of DECLINED when LuaHook* script does not return a numeric value.

trace4 logging of return codes from LuaHook* functions.

Adding a simple logging hook for mod_lua, which allows users to create their own logs or bypass the generic logging on a per-request basis.

tolerate LuaMapHandler scripts that don't return anything

Remove unneeded exports from mod_lua - part 2.

Use a mutex to control read/write for IVM values, so we can reuse the existing structures without running into race conditions. This should get rid of the need to have MaxConnectionsPerChild set to > 0. If a new value is set and is a string, we either use the existing varbuf or grow it accordingly.

Using the traditional way of declaring Lua functions does not seem to work with NetWare (and possibly Windows too?) Thus, at least until we find a smarter way, we have to move the r:* functions into lua_request.c and connect them from there. The only functional change is that the transferred functions are now called through the request object instead of the apache2 package. The distinction between what merited it to be in either structure seems very vague, so for now, we'll keep the HTTP return codes in the apache2 table, and the request/server functions in the request object.

mod_lua: If a regex fails, return false plus an error message as second return value. Also fix some functions who weren't always returning a value.

mod_lua: Add a lot of core httpd/apr functionality to mod_lua (such as regex matching, expr evaluation, changing/fetching server configuration/info - see docs for a complete list). This also includes a bunch of automatically scraped functions, which may or may not be super useful. Comments appreciated as always, especially on the more hacky bits.

more coding style (no logic change)

Fix warnings about unused variable and (false positive) "'mkey' may be used uninitialized in this function"

Replace duplicate log msg numbers

Trying to tie up some loose ends: - Return immediately if the return val of ap_pass_brigade != APR_SUCCESS - Return a bit earlier when dealing with input filters, so as to not build up a huge backlog.

Fix some style issues, use a more persistent bucket for passing along data (and clean it up the right places), and remove in/out-put filters from the chain if need be.

Removing a misleading comment.

Add new directives, LuaInputFilter/LuaOutputFilter for creating content filters using Lua.

Add 'server' to scope_to_string's list of possible suspects, as to avoid an error when LogLevel is trace

Add the missing state release to the LuaMapHandler handler as well, so we won't end in a potential deadlock when acquiring states for in the server scope.

Add a missing release of a Lua state (when server scope is used) when a hook returns DECLINED.

mod_lua: Allow scripts handled by the lua-script handler to set a return code that will be sent to the client, such as 302, 500 etc. This will allow scripts to be able to f.x. redirect a user to another page by returning 302.

There is only one global provider name space, therefore allow LuaAuthzProvider only in global scope. Remove unnecessary server config field.

mod_lua: Decline to serve a request if the script doesn't exist, instead of throwing an internal server error.

fix "lua_vmprep.c:29:6: warning: no previous prototype for ‘ap_lua_init_mutex’ [-Wmissing-prototypes]"

Reverting r1369758

use the ap_mutex functions to create the mutex instead of the apr_mutex ones.

Add a server scope for Lua states (in LuaScope), which creates a pool of states with manageable minimum and maximum size.

Revert r1367504: mod_lua: The current way of getting the authz provider name doesn't seem to work. This approach should fix that. This is not necessary and breaks with "Require not ..."

mod_lua.c:189:13: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]

mod_lua: Clean up style use apr_pstrcat instead of apr_psprintf fix a bug that was causing bad string interpolations.

mod_lua: Add the (missing) LuaMapHandler directive to the fold. This should work as the existing documentation describes.

mod_lua: The current way of getting the authz provider name doesn't seem to work. This approach should fix that.

mod_lua: Remember to set cfg->codecache to AP_LUA_CACHE_UNSET when creating a config

mod_lua: Pass on the request_rec to ap_lua_get_lua_state, so we can use it for allocating memory for the cache info lookup.

Add LuaCodeCache directive for controlling in-memory caching. This might need some tweaking on the hash key generation for the mtime lookups, ideas are welcome.

Various code clean up Submitted by: Christophe JAILLET <christophe jaillet wanadoo fr> PR: 52893

Add new directive LuaAuthzProvider to allow implementing an authorization provider in lua

factor common code into utility function also improve logging a bit and adjust some log levels

change various strings from char * to const char *

Various code cleanup to avoid compiler, cppcheck, or clang warnings: modules/debugging/mod_firehose.c: Make some internal functions static (to do: logs_cleanup() is unused) modules/filters/mod_charset_lite.c: Remove dead assignments modules/filters/mod_include.c: likewise modules/metadata/mod_usertrack.c: likewise modules/proxy/mod_proxy_ftp.c: likewise modules/ssl/ssl_engine_pphrase.c: likewise modules/proxy/mod_proxy_balancer.c: likewise; Remove NULL check that can never happen modules/proxy/proxy_util.c: Axe NULL-check that can never happen and if it would, it would just mask another bug os/unix/unixd.c: likewise modules/http/http_filters.c: Remove sub-condition that is always true modules/lua/mod_lua.c: Add default cases to switch statements modules/generators/mod_autoindex.c: Unsigned value can never be < 0 server/util_expr_eval.c: Fix compiler warnings with VC and on OS2

remove some dead code found by clang statical analyzer

Add lots of unique tags to error log messages

add per-dir config merging to mod_lua so LuaHook* in multiple per-dir sections behaves as expected instead of discarding previous sections.

Use the right lua scope when used as a hook.

don't let thread-scope be selected in a server w/o threads

C99 and unused variable warnings

use a sub-pool for scope_once

replace server scope with thread scope

remove lingering reslist references before killing server scope

remove ability to set min and max pool sizes for server scope in prep for removing server scope

remove some debug logging which snuck in

* modules/lua/mod_lua.c (ap_lua_ssl_is_https): New function. (lua_post_config): Pick up ssl_is_https optional function. * modules/lua/lua_request.c (req_ssl_is_https_field): New function. (ap_lua_load_request): Map is_https field to above.

remove last traces of the code cache

fix issue with incorrect munging of the lua package path -- LuaPackagePath directives were not working

ap_check_cmd_context checks don't work on the block forms of the lua directives.

mod_lua: Expose SSL variables via r:ssl_var_lookup()

allow some lua hooks to be run in "early" or "late" mode

quick handlers and translate_name in lua can't be keyed off Directory/Filename/htaccess

get the hello world of Handlers working again

quick handler in an external file is already enabled, quick handler in block form seems to work just as well.

More style fixes, no func changes

More cleanup: Expand tabs and some more indentation fixes No functional change

Cleanup effort in prep for GA push: Trim trailing whitespace... no func change

Change the ap_cfg_getline() and ap_cfg_getc() to return an error code. Also: - Make ap_cfg_getline() return APR_ENOSPC if a config line is too long. - Add ap_pcfg_strerror() function to convert ap_cfg_getline's return value into a nice message. - Adjust definition of ap_configfile_t accordingly. Not bumping MMN because it has already been bumped today.

apply patch from zhiguo zhao <zhaozg@gmail.com> to significantly improve server scope handling

save some memory by using cmd->temp_pool instead of cmd->pool in some places

Drop ap_body_to_table due to missing constraints; a DoS waiting for an exploit. Some mod_lua fan aught to revisit this and provide a sensible implementation.

Use the new APLOG_USE_MODULE/AP_DECLARE_MODULE macros everywhere to take advantage of per-module loglevels

Add info to debug logging. Avoid null pointer dereference by returning if we can't get a lua VM. Move "we got a VM" message to after we know we have one. Check that we found the lua handler function before trying to call it.

* modules/lua/: s/apr_strnatcmp/strcmp/ - strnat*cmp functions are for natural order string sorting.

fix symbol space and exports

* Remove unused variable

Use the HTTP_INTERNAL_SERVER_ERROR define instead of 500 directly.

Fix more ISO C90 forbids mixed declarations and code...

Attempt to make mod_lua compile under a strict c89 compiler by moving all variable declarations to be before code.

Change apl_get_lua_state to take a apl_vm_spec instead of a filename, and to load the bytecode if it is present, rather than the file, as this gets the inline config file blocks hooks working again.

Reformat mod_lua according to the HTTP Server Project C Style Guide: <http://httpd.apache.org/dev/styleguide.html> No functional changes.

Make all of the hook callbacks static functions.

Fixup lua_config.c with prefix rename, and make mod_lua.c so it compiles again.

Rename all files in mod_lua to have a lua_ prefix, as things like 'config.h' are way to generic and will often conflict with other include files.

Rename most of the module formally known as mod_wombat to mod_lua conventions, switching apw prefixes for apl.

Rename mod_wombat -> mod_lua. Note that this isn't a complete transformation yet, but it should basically compile and load as mod_lua.