Return-Path: Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: (qmail 73456 invoked from network); 7 Apr 2008 16:39:16 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 7 Apr 2008 16:39:16 -0000 Received: (qmail 41213 invoked by uid 500); 7 Apr 2008 16:39:10 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 41093 invoked by uid 500); 7 Apr 2008 16:39:10 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 41045 invoked by uid 99); 7 Apr 2008 16:39:10 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Apr 2008 09:39:09 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Apr 2008 16:38:21 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 6F9BF1A9875; Mon, 7 Apr 2008 09:37:46 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r645594 [22/28] - in /httpd/sandbox/amsterdam/d: ./ build/ docs/conf/ docs/conf/extra/ docs/man/ docs/manual/ docs/manual/developer/ docs/manual/faq/ docs/manual/howto/ docs/manual/misc/ docs/manual/mod/ docs/manual/platform/ docs/manual/pr... Date: Mon, 07 Apr 2008 16:31:24 -0000 To: cvs@httpd.apache.org From: pquerna@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20080407163746.6F9BF1A9875@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Modified: httpd/sandbox/amsterdam/d/modules/aaa/mod_authnz_ldap.c URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/aaa/mod_authnz_ldap.c?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/aaa/mod_authnz_ldap.c (original) +++ httpd/sandbox/amsterdam/d/modules/aaa/mod_authnz_ldap.c Mon Apr 7 09:28:58 2008 @@ -42,6 +42,8 @@ #error mod_authnz_ldap requires APR-util to have LDAP support built in. To fix add --with-ldap to ./configure. #endif +static char *default_attributes[3] = { "member", "uniqueMember", NULL }; + typedef struct { apr_pool_t *pool; /* Pool that this config is allocated from */ #if APR_HAS_THREADS @@ -71,8 +73,6 @@ apr_array_header_t *groupattr; /* List of Group attributes identifying user members. Default:"member uniqueMember" */ int group_attrib_is_dn; /* If true, the group attribute is the DN, otherwise, it's the exact string passed by the HTTP client */ - apr_array_header_t *subgroupattrs; /* List of attributes used to find subgroup references - within a group directory entry. Default:"member uniqueMember" */ char **sgAttributes; /* Array of strings constructed (post-config) from subgroupattrs. Last entry is NULL. */ apr_array_header_t *subgroupclasses; /* List of object classes of sub-groups. Default:"groupOfNames groupOfUniqueNames" */ int maxNestingDepth; /* Maximum recursive nesting depth permitted during subgroup processing. Default: 10 */ @@ -288,8 +288,6 @@ */ sec->groupattr = apr_array_make(p, GROUPATTR_MAX_ELTS, sizeof(struct mod_auth_ldap_groupattr_entry_t)); - sec->subgroupattrs = apr_array_make(p, GROUPATTR_MAX_ELTS, - sizeof(struct mod_auth_ldap_groupattr_entry_t)); sec->subgroupclasses = apr_array_make(p, GROUPATTR_MAX_ELTS, sizeof(struct mod_auth_ldap_groupattr_entry_t)); @@ -302,7 +300,7 @@ sec->group_attrib_is_dn = 1; sec->secure = -1; /*Initialize to unset*/ sec->maxNestingDepth = 10; - sec->sgAttributes = NULL; + sec->sgAttributes = apr_pcalloc(p, sizeof (char *) * GROUPATTR_MAX_ELTS + 1); sec->user_is_dn = 0; sec->remote_user_attribute = NULL; @@ -401,7 +399,7 @@ util_ldap_connection_close(ldc); /* sanity check - if server is down, retry it up to 5 times */ - if (result == LDAP_SERVER_DOWN) { + if (AP_LDAP_IS_SERVER_DOWN(result)) { if (failures++ <= 5) { goto start_over; } @@ -602,7 +600,9 @@ } ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, - "[%" APR_PID_T_FMT "] auth_ldap authorize: authorization denied", getpid()); + "[%" APR_PID_T_FMT "] auth_ldap authorize user: authorization denied for user %s to %s", + getpid(), r->user, r->uri); + return AUTHZ_DENIED; } @@ -662,24 +662,6 @@ } /* - * If there are no elements in the sub group attribute array, the default - * should be member and uniquemember; populate the array now. - */ - if (sec->subgroupattrs->nelts == 0) { - struct mod_auth_ldap_groupattr_entry_t *grp; -#if APR_HAS_THREADS - apr_thread_mutex_lock(sec->lock); -#endif - grp = apr_array_push(sec->subgroupattrs); - grp->name = "member"; - grp = apr_array_push(sec->subgroupattrs); - grp->name = "uniqueMember"; -#if APR_HAS_THREADS - apr_thread_mutex_unlock(sec->lock); -#endif - } - - /* * If there are no elements in the sub group classes array, the default * should be groupOfNames and groupOfUniqueNames; populate the array now. */ @@ -741,8 +723,8 @@ if (req->dn == NULL || strlen(req->dn) == 0) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "[%" APR_PID_T_FMT "] auth_ldap authorize: require group: " - "user's DN has not been defined; failing authorization", - getpid()); + "user's DN has not been defined; failing authorization for user %s", + getpid(), r->user); return AUTHZ_DENIED; } } @@ -773,8 +755,8 @@ case LDAP_COMPARE_TRUE: { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "[%" APR_PID_T_FMT "] auth_ldap authorize: require group: " - "authorization successful (attribute %s) [%s][%s]", - getpid(), ent[i].name, ldc->reason, ldap_err2string(result)); + "authorization successful (attribute %s) [%s][%d - %s]", + getpid(), ent[i].name, ldc->reason, result, ldap_err2string(result)); return AUTHZ_GRANTED; } case LDAP_COMPARE_FALSE: { @@ -783,30 +765,17 @@ "failed [%s][%d - %s], checking sub-groups", getpid(), t, ldc->reason, result, ldap_err2string(result)); - if(sec->sgAttributes == NULL) { - struct mod_auth_ldap_groupattr_entry_t *sg_ent = (struct mod_auth_ldap_groupattr_entry_t *) sec->subgroupattrs->elts; - char **sg_attrs; - int sga_index; - - /* Allocate a null-terminated array of attribute strings. */ - sg_attrs = apr_pcalloc(sec->pool, (sec->subgroupattrs->nelts+1) * sizeof(char *)); - for(sga_index = 0; sga_index < sec->subgroupattrs->nelts; sga_index++) { - sg_attrs[sga_index] = apr_pstrdup(sec->pool, sg_ent[sga_index].name); - } - sg_attrs[sec->subgroupattrs->nelts] = NULL; - sec->sgAttributes = sg_attrs; - } - result = util_ldap_cache_check_subgroups(r, ldc, sec->url, t, ent[i].name, sec->group_attrib_is_dn ? req->dn : req->user, - sec->sgAttributes, sec->subgroupclasses, + sec->sgAttributes[0] ? sec->sgAttributes : default_attributes, + sec->subgroupclasses, 0, sec->maxNestingDepth); if(result == LDAP_COMPARE_TRUE) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "[%" APR_PID_T_FMT "] auth_ldap authorise: require group (sub-group): " "authorisation successful (attribute %s) [%s][%d - %s]", getpid(), ent[i].name, ldc->reason, result, ldap_err2string(result)); - return OK; + return AUTHZ_GRANTED; } else { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, @@ -819,14 +788,15 @@ default: { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "[%" APR_PID_T_FMT "] auth_ldap authorize: require group \"%s\": " - "authorization failed [%s][%s]", - getpid(), t, ldc->reason, ldap_err2string(result)); + "authorization failed [%s][%d - %s]", + getpid(), t, ldc->reason, result, ldap_err2string(result)); } } } ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, - "[%" APR_PID_T_FMT "] auth_ldap authorize: authorization denied", getpid()); + "[%" APR_PID_T_FMT "] auth_ldap authorize group: authorization denied for user %s to %s", + getpid(), r->user, r->uri); return AUTHZ_DENIED; } @@ -932,7 +902,8 @@ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, - "[%" APR_PID_T_FMT "] auth_ldap authorise: authorisation denied", getpid()); + "[%" APR_PID_T_FMT "] auth_ldap authorize dn: authorization denied for user %s to %s", + getpid(), r->user, r->uri); return AUTHZ_DENIED; } @@ -1046,7 +1017,8 @@ } ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, - "[%" APR_PID_T_FMT "] auth_ldap authorise: authorisation denied", getpid()); + "[%" APR_PID_T_FMT "] auth_ldap authorize attribute: authorization denied for user %s to %s", + getpid(), r->user, r->uri); return AUTHZ_DENIED; } @@ -1181,7 +1153,8 @@ } ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, - "[%" APR_PID_T_FMT "] auth_ldap authorise: authorization denied", getpid()); + "[%" APR_PID_T_FMT "] auth_ldap authorize filter: authorization denied for user %s to %s", + getpid(), r->user, r->uri); return AUTHZ_DENIED; } @@ -1333,15 +1306,17 @@ static const char *mod_auth_ldap_add_subgroup_attribute(cmd_parms *cmd, void *config, const char *arg) { - struct mod_auth_ldap_groupattr_entry_t *new; + int i = 0; authn_ldap_config_t *sec = config; - if (sec->subgroupattrs->nelts > GROUPATTR_MAX_ELTS) + for (i = 0; sec->sgAttributes[i]; i++) { + ; + } + if (i == GROUPATTR_MAX_ELTS) return "Too many AuthLDAPSubGroupAttribute values"; - new = apr_array_push(sec->subgroupattrs); - new->name = apr_pstrdup(cmd->pool, arg); + sec->sgAttributes[i] = apr_pstrdup(cmd->pool, arg); return NULL; } @@ -1449,18 +1424,18 @@ AP_INIT_ITERATE("AuthLDAPSubGroupAttribute", mod_auth_ldap_add_subgroup_attribute, NULL, OR_AUTHCFG, "Attribute labels used to define sub-group (or nested group) membership in groups - " - "defaults to member and uniqueMember (one per directive)"), + "defaults to member and uniqueMember"), AP_INIT_ITERATE("AuthLDAPSubGroupClass", mod_auth_ldap_add_subgroup_class, NULL, OR_AUTHCFG, "LDAP objectClass values used to identify sub-group instances - " - "defaults to groupOfNames and groupOfUniqueNames (one per directive)"), + "defaults to groupOfNames and groupOfUniqueNames"), AP_INIT_TAKE1("AuthLDAPMaxSubGroupDepth", mod_auth_ldap_set_subgroup_maxdepth, NULL, OR_AUTHCFG, "Maximum subgroup nesting depth to be evaluated - defaults to 10 (top-level group = 0)"), AP_INIT_ITERATE("AuthLDAPGroupAttribute", mod_auth_ldap_add_group_attribute, NULL, OR_AUTHCFG, "A list of attribute labels used to identify the user members of groups - defaults to " - "member and uniquemember (one per directive)"), + "member and uniquemember"), AP_INIT_FLAG("AuthLDAPGroupAttributeIsDN", ap_set_flag_slot, (void *)APR_OFFSETOF(authn_ldap_config_t, group_attrib_is_dn), OR_AUTHCFG, @@ -1607,20 +1582,25 @@ static void register_hooks(apr_pool_t *p) { /* Register authn provider */ - ap_register_provider(p, AUTHN_PROVIDER_GROUP, "ldap", "0", - &authn_ldap_provider); + ap_register_auth_provider(p, AUTHN_PROVIDER_GROUP, "ldap", "0", + &authn_ldap_provider, AP_AUTH_INTERNAL_PER_CONF); /* Register authz providers */ - ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "ldap-user", "0", - &authz_ldapuser_provider); - ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "ldap-group", "0", - &authz_ldapgroup_provider); - ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "ldap-dn", "0", - &authz_ldapdn_provider); - ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "ldap-attribute", "0", - &authz_ldapattribute_provider); - ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "ldap-filter", "0", - &authz_ldapfilter_provider); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "ldap-user", "0", + &authz_ldapuser_provider, + AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "ldap-group", "0", + &authz_ldapgroup_provider, + AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "ldap-dn", "0", + &authz_ldapdn_provider, + AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "ldap-attribute", "0", + &authz_ldapattribute_provider, + AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "ldap-filter", "0", + &authz_ldapfilter_provider, + AP_AUTH_INTERNAL_PER_CONF); ap_hook_post_config(authnz_ldap_post_config,NULL,NULL,APR_HOOK_MIDDLE); Modified: httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_core.c URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_core.c?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_core.c (original) +++ httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_core.c Mon Apr 7 09:28:58 2008 @@ -29,7 +29,6 @@ #define APR_WANT_BYTEFUNC #include "apr_want.h" -#define CORE_PRIVATE #include "ap_config.h" #include "httpd.h" #include "http_config.h" @@ -483,8 +482,9 @@ APR_HASH_KEY_STRING, prvdraliasrec); /* Register the fake provider so that we get called first */ - ap_register_provider(cmd->pool, AUTHZ_PROVIDER_GROUP, provider_alias, "0", - &authz_alias_provider); + ap_register_auth_provider(cmd->pool, AUTHZ_PROVIDER_GROUP, + provider_alias, "0", &authz_alias_provider, + AP_AUTH_INTERNAL_PER_CONF); } cmd->override = old_overrides; @@ -802,11 +802,18 @@ return req_authz; } +static apr_array_header_t *authz_ap_list_provider_names(apr_pool_t *ptemp) +{ + return ap_list_provider_names(ptemp, AUTHZ_PROVIDER_GROUP, "0"); +} + static void register_hooks(apr_pool_t *p) { APR_REGISTER_OPTIONAL_FN(authz_some_auth_required); + APR_REGISTER_OPTIONAL_FN(authz_ap_list_provider_names); - ap_hook_auth_checker(authorize_user, NULL, NULL, APR_HOOK_MIDDLE); + ap_hook_check_authz(authorize_user, NULL, NULL, APR_HOOK_MIDDLE, + AP_AUTH_INTERNAL_PER_CONF); } module AP_MODULE_DECLARE_DATA authz_core_module = Modified: httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_dbd.c URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_dbd.c?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_dbd.c (original) +++ httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_dbd.c Mon Apr 7 09:28:58 2008 @@ -164,15 +164,16 @@ for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1); rv != -1; rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) { - if (rv == 0) { - newuri = apr_dbd_get_entry(dbd->driver, row, 0); - } - else { + if (rv != 0) { message = apr_dbd_error(dbd->driver, dbd->handle, rv); ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "authz_dbd in get_row; action=%s user=%s [%s]", action, r->user, message?message:noerror); } + else if (newuri == NULL) { + newuri = apr_dbd_get_entry(dbd->driver, row, 0); + } + /* we can't break out here or row won't get cleaned up */ } } else { @@ -185,13 +186,9 @@ if (newuri != NULL) { r->status = HTTP_MOVED_TEMPORARILY; apr_table_set(r->err_headers_out, "Location", newuri); - rv = HTTP_MOVED_TEMPORARILY; } - else { - rv = OK; - } - authz_dbd_run_client_login(r, rv, action); - return rv; + authz_dbd_run_client_login(r, OK, action); + return OK; } static int authz_dbd_group_query(request_rec *r, authz_dbd_cfg *cfg, @@ -313,12 +310,15 @@ static void authz_dbd_hooks(apr_pool_t *p) { - ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "dbd-group", "0", - &authz_dbdgroup_provider); - ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "dbd-login", "0", - &authz_dbdlogin_provider); - ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "dbd-logout", "0", - &authz_dbdlogout_provider); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "dbd-group", "0", + &authz_dbdgroup_provider, + AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "dbd-login", "0", + &authz_dbdlogin_provider, + AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "dbd-logout", "0", + &authz_dbdlogout_provider, + AP_AUTH_INTERNAL_PER_CONF); } module AP_MODULE_DECLARE_DATA authz_dbd_module = Modified: httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_dbm.c URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_dbm.c?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_dbm.c (original) +++ httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_dbm.c Mon Apr 7 09:28:58 2008 @@ -272,10 +272,12 @@ { authz_owner_get_file_group = APR_RETRIEVE_OPTIONAL_FN(authz_owner_get_file_group); - ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "dbm-group", "0", - &authz_dbmgroup_provider); - ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "dbm-file-group", "0", - &authz_dbmfilegroup_provider); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "dbm-group", "0", + &authz_dbmgroup_provider, + AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "dbm-file-group", "0", + &authz_dbmfilegroup_provider, + AP_AUTH_INTERNAL_PER_CONF); } module AP_MODULE_DECLARE_DATA authz_dbm_module = Modified: httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_default.c URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_default.c?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_default.c (original) +++ httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_default.c Mon Apr 7 09:28:58 2008 @@ -89,7 +89,8 @@ static void register_hooks(apr_pool_t *p) { - ap_hook_auth_checker(check_user_access,NULL,NULL,APR_HOOK_LAST); + ap_hook_check_authz(check_user_access, NULL, NULL, APR_HOOK_LAST, + AP_AUTH_INTERNAL_PER_CONF); } module AP_MODULE_DECLARE_DATA authz_default_module = Modified: httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_groupfile.c URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_groupfile.c?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_groupfile.c (original) +++ httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_groupfile.c Mon Apr 7 09:28:58 2008 @@ -266,10 +266,12 @@ { authz_owner_get_file_group = APR_RETRIEVE_OPTIONAL_FN(authz_owner_get_file_group); - ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "group", "0", - &authz_group_provider); - ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "file-group", "0", - &authz_filegroup_provider); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "group", "0", + &authz_group_provider, + AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "file-group", "0", + &authz_filegroup_provider, + AP_AUTH_INTERNAL_PER_CONF); } module AP_MODULE_DECLARE_DATA authz_groupfile_module = Modified: httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_host.c URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_host.c?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_host.c (original) +++ httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_host.c Mon Apr 7 09:28:58 2008 @@ -241,14 +241,14 @@ static void register_hooks(apr_pool_t *p) { - ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "env", "0", - &authz_env_provider); - ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "ip", "0", - &authz_ip_provider); - ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "host", "0", - &authz_host_provider); - ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "all", "0", - &authz_all_provider); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "env", "0", + &authz_env_provider, AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "ip", "0", + &authz_ip_provider, AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "host", "0", + &authz_host_provider, AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "all", "0", + &authz_all_provider, AP_AUTH_INTERNAL_PER_CONF); } module AP_MODULE_DECLARE_DATA authz_host_module = Modified: httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_owner.c URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_owner.c?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_owner.c (original) +++ httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_owner.c Mon Apr 7 09:28:58 2008 @@ -167,8 +167,9 @@ { APR_REGISTER_OPTIONAL_FN(authz_owner_get_file_group); - ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "file-owner", "0", - &authz_fileowner_provider); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "file-owner", "0", + &authz_fileowner_provider, + AP_AUTH_INTERNAL_PER_CONF); } module AP_MODULE_DECLARE_DATA authz_owner_module = Modified: httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_user.c URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_user.c?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_user.c (original) +++ httpd/sandbox/amsterdam/d/modules/aaa/mod_authz_user.c Mon Apr 7 09:28:58 2008 @@ -81,10 +81,11 @@ static void register_hooks(apr_pool_t *p) { - ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "user", "0", - &authz_user_provider); - ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "valid-user", "0", - &authz_validuser_provider); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "user", "0", + &authz_user_provider, AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "valid-user", "0", + &authz_validuser_provider, + AP_AUTH_INTERNAL_PER_CONF); } module AP_MODULE_DECLARE_DATA authz_user_module = Modified: httpd/sandbox/amsterdam/d/modules/cache/cache_storage.c URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/cache/cache_storage.c?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/cache/cache_storage.c (original) +++ httpd/sandbox/amsterdam/d/modules/cache/cache_storage.c Mon Apr 7 09:28:58 2008 @@ -14,8 +14,6 @@ * limitations under the License. */ -#define CORE_PRIVATE - #include "mod_cache.h" extern APR_OPTIONAL_FN_TYPE(ap_cache_generate_key) *cache_generate_key; @@ -285,6 +283,13 @@ apr_table_unset(r->headers_in, "If-None-Match"); apr_table_unset(r->headers_in, "If-Range"); apr_table_unset(r->headers_in, "If-Unmodified-Since"); + + /* + * Do not do Range requests with our own conditionals: If + * we get 304 the Range does not matter and otherwise the + * entity changed and we want to have the complete entity + */ + apr_table_unset(r->headers_in, "Range"); etag = apr_table_get(h->resp_hdrs, "ETag"); lastmod = apr_table_get(h->resp_hdrs, "Last-Modified"); Modified: httpd/sandbox/amsterdam/d/modules/cache/cache_util.c URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/cache/cache_util.c?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/cache/cache_util.c (original) +++ httpd/sandbox/amsterdam/d/modules/cache/cache_util.c Mon Apr 7 09:28:58 2008 @@ -14,8 +14,6 @@ * limitations under the License. */ -#define CORE_PRIVATE - #include "mod_cache.h" #include @@ -234,6 +232,14 @@ /* These come from the cached entity. */ cc_cresp = apr_table_get(h->resp_hdrs, "Cache-Control"); expstr = apr_table_get(h->resp_hdrs, "Expires"); + + if (ap_cache_liststr(NULL, cc_cresp, "no-cache", NULL)) { + /* + * The cached entity contained Cache-Control: no-cache, so treat as + * stale causing revalidation + */ + return 0; + } if ((agestr = apr_table_get(h->resp_hdrs, "Age"))) { age_c = apr_atoi64(agestr); Modified: httpd/sandbox/amsterdam/d/modules/cache/config.m4 URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/cache/config.m4?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/cache/config.m4 (original) +++ httpd/sandbox/amsterdam/d/modules/cache/config.m4 Mon Apr 7 09:28:58 2008 @@ -4,7 +4,7 @@ APACHE_MODPATH_INIT(cache) -APACHE_MODULE(file_cache, File cache, , , no) +APACHE_MODULE(file_cache, File cache, , , most) dnl # list of object files for mod_cache cache_objs="dnl @@ -18,9 +18,10 @@ cache_cache.lo dnl cache_pqueue.lo dnl cache_hash.lo dnl +cache_util.lo dnl " -APACHE_MODULE(cache, dynamic file caching, $cache_objs, , no) -APACHE_MODULE(disk_cache, disk caching module, , , no) -APACHE_MODULE(mem_cache, memory caching module, $mem_cache_objs, , no) +APACHE_MODULE(cache, dynamic file caching, $cache_objs, , most) +APACHE_MODULE(disk_cache, disk caching module, , , most) +APACHE_MODULE(mem_cache, memory caching module, $mem_cache_objs, , ) APACHE_MODPATH_FINISH Modified: httpd/sandbox/amsterdam/d/modules/cache/mod_cache.c URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/cache/mod_cache.c?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/cache/mod_cache.c (original) +++ httpd/sandbox/amsterdam/d/modules/cache/mod_cache.c Mon Apr 7 09:28:58 2008 @@ -14,8 +14,6 @@ * limitations under the License. */ -#define CORE_PRIVATE - #include "mod_cache.h" module AP_MODULE_DECLARE_DATA cache_module; @@ -613,6 +611,12 @@ cache->provider->remove_entity(cache->stale_handle); /* Treat the request as if it wasn't conditional. */ cache->stale_handle = NULL; + /* + * Restore the original request headers as they may be needed + * by further output filters like the byterange filter to make + * the correct decisions. + */ + r->headers_in = cache->stale_headers; } } Modified: httpd/sandbox/amsterdam/d/modules/cache/mod_cache.h URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/cache/mod_cache.h?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/cache/mod_cache.h (original) +++ httpd/sandbox/amsterdam/d/modules/cache/mod_cache.h Mon Apr 7 09:28:58 2008 @@ -26,8 +26,6 @@ #ifndef MOD_CACHE_H #define MOD_CACHE_H -#define CORE_PRIVATE - #include "apr_hooks.h" #include "apr.h" #include "apr_lib.h" Modified: httpd/sandbox/amsterdam/d/modules/cache/mod_disk_cache.c URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/cache/mod_disk_cache.c?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/cache/mod_disk_cache.c (original) +++ httpd/sandbox/amsterdam/d/modules/cache/mod_disk_cache.c Mon Apr 7 09:28:58 2008 @@ -102,7 +102,7 @@ } } -static void mkdir_structure(disk_cache_conf *conf, const char *file, apr_pool_t *pool) +static apr_status_t mkdir_structure(disk_cache_conf *conf, const char *file, apr_pool_t *pool) { apr_status_t rv; char *p; @@ -116,11 +116,12 @@ rv = apr_dir_make(file, APR_UREAD|APR_UWRITE|APR_UEXECUTE, pool); if (rv != APR_SUCCESS && !APR_STATUS_IS_EEXIST(rv)) { - /* XXX */ + return rv; } *p = '/'; ++p; } + return APR_SUCCESS; } /* htcacheclean may remove directories underneath us. @@ -141,7 +142,9 @@ /* 1000 micro-seconds aka 0.001 seconds. */ apr_sleep(1000); - mkdir_structure(conf, dest, pool); + rv = mkdir_structure(conf, dest, pool); + if (rv != APR_SUCCESS) + continue; rv = apr_file_rename(src, dest, pool); } @@ -165,7 +168,7 @@ */ rv = apr_file_rename(dobj->tempfile, dobj->datafile, r->pool); if (rv != APR_SUCCESS) { - ap_log_error(APLOG_MARK, APLOG_DEBUG, rv, r->server, + ap_log_error(APLOG_MARK, APLOG_WARNING, rv, r->server, "disk_cache: rename tempfile to datafile failed:" " %s -> %s", dobj->tempfile, dobj->datafile); apr_file_remove(dobj->tempfile, r->pool); @@ -472,7 +475,8 @@ #endif rc = apr_file_open(&dobj->fd, dobj->datafile, flags, 0, r->pool); if (rc != APR_SUCCESS) { - /* XXX: Log message */ + ap_log_error(APLOG_MARK, APLOG_ERR, rc, r->server, + "disk_cache: Cannot open info header file %s", dobj->datafile); return DECLINED; } @@ -484,7 +488,8 @@ /* Read the bytes to setup the cache_info fields */ rc = file_cache_recall_mydata(dobj->hfd, info, dobj, r); if (rc != APR_SUCCESS) { - /* XXX log message */ + ap_log_error(APLOG_MARK, APLOG_ERR, rc, r->server, + "disk_cache: Cannot read header file %s", dobj->hdrsfile); return DECLINED; } @@ -749,7 +754,8 @@ /* This case should not happen... */ if (!dobj->hfd) { - /* XXX log message */ + ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, + "disk_cache: recalling headers; but no header fd for %s", dobj->name); return APR_NOTFOUND; } @@ -846,13 +852,16 @@ dobj->prefix = NULL; } - mkdir_structure(conf, dobj->hdrsfile, r->pool); + rv = mkdir_structure(conf, dobj->hdrsfile, r->pool); rv = apr_file_mktemp(&dobj->tfd, dobj->tempfile, APR_CREATE | APR_WRITE | APR_BINARY | APR_EXCL, r->pool); if (rv != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_WARNING, rv, r->server, + "disk_cache: could not create temp file %s", + dobj->tempfile); return rv; } @@ -874,10 +883,10 @@ rv = safe_file_rename(conf, dobj->tempfile, dobj->hdrsfile, r->pool); if (rv != APR_SUCCESS) { - ap_log_error(APLOG_MARK, APLOG_DEBUG, rv, r->server, + ap_log_error(APLOG_MARK, APLOG_WARNING, rv, r->server, "disk_cache: rename tempfile to varyfile failed: %s -> %s", dobj->tempfile, dobj->hdrsfile); - apr_file_remove(dobj->tempfile, r->pool); + apr_file_remove(dobj->tempfile, r->pool); return rv; } @@ -896,6 +905,9 @@ APR_BUFFERED | APR_EXCL, r->pool); if (rv != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_WARNING, rv, r->server, + "disk_cache: could not create temp file %s", + dobj->tempfile); return rv; } @@ -916,6 +928,9 @@ rv = apr_file_writev(dobj->hfd, (const struct iovec *) &iov, 2, &amt); if (rv != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_WARNING, rv, r->server, + "disk_cache: could not write info to header file %s", + dobj->hdrsfile); return rv; } @@ -935,6 +950,9 @@ r->err_headers_out); rv = store_table(dobj->hfd, headers_out); if (rv != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_WARNING, rv, r->server, + "disk_cache: could not write out-headers to header file %s", + dobj->hdrsfile); return rv; } } @@ -948,6 +966,9 @@ r->server); rv = store_table(dobj->hfd, headers_in); if (rv != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_WARNING, rv, r->server, + "disk_cache: could not write in-headers to header file %s", + dobj->hdrsfile); return rv; } } @@ -960,12 +981,12 @@ */ rv = apr_file_remove(dobj->hdrsfile, r->pool); if (rv != APR_SUCCESS) { - mkdir_structure(conf, dobj->hdrsfile, r->pool); + rv = mkdir_structure(conf, dobj->hdrsfile, r->pool); } rv = safe_file_rename(conf, dobj->tempfile, dobj->hdrsfile, r->pool); if (rv != APR_SUCCESS) { - ap_log_error(APLOG_MARK, APLOG_ERR, rv, r->server, + ap_log_error(APLOG_MARK, APLOG_WARNING, rv, r->server, "disk_cache: rename tempfile to hdrsfile failed: %s -> %s", dobj->tempfile, dobj->hdrsfile); apr_file_remove(dobj->tempfile, r->pool); Modified: httpd/sandbox/amsterdam/d/modules/cache/mod_file_cache.c URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/cache/mod_file_cache.c?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/cache/mod_file_cache.c (original) +++ httpd/sandbox/amsterdam/d/modules/cache/mod_file_cache.c Mon Apr 7 09:28:58 2008 @@ -86,8 +86,6 @@ #include #endif -#define CORE_PRIVATE - #include "httpd.h" #include "http_config.h" #include "http_log.h" Modified: httpd/sandbox/amsterdam/d/modules/cache/mod_mem_cache.c URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/cache/mod_mem_cache.c?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/cache/mod_mem_cache.c (original) +++ httpd/sandbox/amsterdam/d/modules/cache/mod_mem_cache.c Mon Apr 7 09:28:58 2008 @@ -35,7 +35,6 @@ * of 0 means the object is not in the cache and no worker threads are accessing * it. */ -#define CORE_PRIVATE #include "mod_cache.h" #include "cache_pqueue.h" #include "cache_cache.h" Modified: httpd/sandbox/amsterdam/d/modules/dav/fs/repos.c URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/dav/fs/repos.c?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/dav/fs/repos.c (original) +++ httpd/sandbox/amsterdam/d/modules/dav/fs/repos.c Mon Apr 7 09:28:58 2008 @@ -1773,13 +1773,15 @@ return apr_pstrdup(ctx->pool, ""); if (ctx->finfo.filetype != 0) { - return apr_psprintf(ctx->pool, "\"%lx-%lx-%lx\"", - (unsigned long) ctx->finfo.inode, - (unsigned long) ctx->finfo.size, - (unsigned long) ctx->finfo.mtime); + return apr_psprintf(ctx->pool, "\"%" APR_UINT64_T_HEX_FMT "-%" + APR_UINT64_T_HEX_FMT "-%" APR_UINT64_T_HEX_FMT "\"", + (apr_uint64_t) ctx->finfo.inode, + (apr_uint64_t) ctx->finfo.size, + (apr_uint64_t) ctx->finfo.mtime); } - return apr_psprintf(ctx->pool, "\"%lx\"", (unsigned long) ctx->finfo.mtime); + return apr_psprintf(ctx->pool, "\"%" APR_UINT64_T_HEX_FMT "\"", + (apr_uint64_t) ctx->finfo.mtime); } static const dav_hooks_repository dav_hooks_repository_fs = Modified: httpd/sandbox/amsterdam/d/modules/dav/main/mod_dav.c URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/dav/main/mod_dav.c?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/dav/main/mod_dav.c (original) +++ httpd/sandbox/amsterdam/d/modules/dav/main/mod_dav.c Mon Apr 7 09:28:58 2008 @@ -314,7 +314,7 @@ { r->status = status; - ap_set_content_type(r, "text/html"); + ap_set_content_type(r, "text/html; charset=ISO-8859-1"); /* begin the response now... */ ap_rvputs(r, @@ -2630,6 +2630,11 @@ /* ### how best to report this... */ return dav_error_response(r, lookup.rnew->status, "Destination URI had an error."); + } + + if (dav_get_provider(lookup.rnew) == NULL) { + return dav_error_response(r, HTTP_METHOD_NOT_ALLOWED, + "DAV not enabled for Destination URI."); } /* Resolve destination resource */ Modified: httpd/sandbox/amsterdam/d/modules/dav/main/util.c URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/dav/main/util.c?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/dav/main/util.c (original) +++ httpd/sandbox/amsterdam/d/modules/dav/main/util.c Mon Apr 7 09:28:58 2008 @@ -1404,6 +1404,39 @@ return NULL; } +/* If-* header checking */ +static int dav_meets_conditions(request_rec *r, int resource_state) +{ + const char *if_match, *if_none_match; + int retVal; + + /* If-Match '*' fix. Resource existence not checked by ap_meets_conditions. + * If-Match '*' request should succeed only if the resource exists. */ + if ((if_match = apr_table_get(r->headers_in, "If-Match")) != NULL) { + if (if_match[0] == '*' && resource_state != DAV_RESOURCE_EXISTS) + return HTTP_PRECONDITION_FAILED; + } + + retVal = ap_meets_conditions(r); + + /* If-None-Match '*' fix. If-None-Match '*' request should succeed + * if the resource does not exist. */ + if (retVal == HTTP_PRECONDITION_FAILED) { + /* Note. If if_none_match != NULL, if_none_match is the culprit. + * Since, in presence of If-None-Match, + * other If-* headers are undefined. */ + if ((if_none_match = + apr_table_get(r->headers_in, "If-None-Match")) != NULL) { + if (if_none_match[0] == '*' + && resource_state != DAV_RESOURCE_EXISTS) { + return OK; + } + } + } + + return retVal; +} + /* ** dav_validate_request: Validate if-headers (and check for locks) on: ** (1) r->filename @ depth; @@ -1433,6 +1466,9 @@ const dav_hooks_repository *repos_hooks = resource->hooks; dav_buffer work_buf = { 0 }; dav_response *new_response; + int resource_state; + const char *etag; + int set_etag = 0; #if DAV_DEBUG if (depth && response == NULL) { @@ -1449,10 +1485,29 @@ if (response != NULL) *response = NULL; + /* Set the ETag header required by dav_meets_conditions() */ + etag = apr_table_get(r->headers_out, "ETag"); + if (!etag) { + etag = (*resource->hooks->getetag)(resource); + if (etag && *etag) { + apr_table_set(r->headers_out, "ETag", etag); + set_etag = 1; + } + } /* Do the standard checks for conditional requests using * If-..-Since, If-Match etc */ - if ((result = ap_meets_conditions(r)) != OK) { - /* ### fix this up... how? */ + resource_state = dav_get_resource_state(r, resource); + result = dav_meets_conditions(r, resource_state); + if (set_etag) { + /* + * If we have set an ETag to headers out above for + * dav_meets_conditions() revert this here as we do not want to set + * the ETag in responses to requests with methods where this might not + * be desired. + */ + apr_table_unset(r->headers_out, "ETag"); + } + if (result != OK) { return dav_new_error(r->pool, result, 0, NULL); } Modified: httpd/sandbox/amsterdam/d/modules/echo/mod_echo.c URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/echo/mod_echo.c?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/echo/mod_echo.c (original) +++ httpd/sandbox/amsterdam/d/modules/echo/mod_echo.c Mon Apr 7 09:28:58 2008 @@ -14,7 +14,6 @@ * limitations under the License. */ -#define CORE_PRIVATE #include "ap_config.h" #include "ap_mmn.h" #include "httpd.h" Propchange: httpd/sandbox/amsterdam/d/modules/examples/ ------------------------------------------------------------------------------ --- svn:ignore (added) +++ svn:ignore Mon Apr 7 09:28:58 2008 @@ -0,0 +1,23 @@ +.deps +.libs +*.la +modules.mk +Makefile +*.lo +*.slo +*.so +*.x +Debug +Release +*.plg +*.aps +*.dep +*.mak +*.rc +BuildLog.htm +*.stc +*.stt +*.sto +*.vcproj +*.vcproj.* + Modified: httpd/sandbox/amsterdam/d/modules/experimental/NWGNUmakefile URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/experimental/NWGNUmakefile?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/experimental/NWGNUmakefile (original) +++ httpd/sandbox/amsterdam/d/modules/experimental/NWGNUmakefile Mon Apr 7 09:28:58 2008 @@ -151,19 +151,15 @@ # # If there is an NLM target, put it here # -# We are referencing example.nlm twice to get around a known issue with the +# We are referencing substitute.nlm twice to get around a known issue with the # makefiles. Normally if there is only one element to be built within a # directory, the makefile for the single element would be called NWGNUmakefile. # But if there are multiples, the parent NWGNUmakefile must reference more # than one submakefile. Because the experimental directory might vary in the # number of submakefiles, but for the moment only contains one, we reference # it twice to allow it parent NWGNUmakefile to work properly. If another -# submakefile is added, the extra reference to example.nlm should be removed. +# submakefile is added, the extra reference to substitute.nlm should be removed. TARGET_nlm = \ - $(OBJDIR)/example.nlm \ - $(OBJDIR)/case_flt.nlm \ - $(OBJDIR)/case_flt_in.nlm \ - $(OBJDIR)/substitute.nlm \ $(EOLIST) # Modified: httpd/sandbox/amsterdam/d/modules/experimental/config.m4 URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/experimental/config.m4?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/experimental/config.m4 (original) +++ httpd/sandbox/amsterdam/d/modules/experimental/config.m4 Mon Apr 7 09:28:58 2008 @@ -1,9 +1,4 @@ APACHE_MODPATH_INIT(experimental) -APACHE_MODULE(example, example and demo module, , , no) -APACHE_MODULE(case_filter, example uppercase conversion filter, , , no) -APACHE_MODULE(case_filter_in, example uppercase conversion input filter, , , no) -APACHE_MODULE(substitute, response content rewrite-like filtering, , , most) - APACHE_MODPATH_FINISH Modified: httpd/sandbox/amsterdam/d/modules/filters/NWGNUmakefile URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/filters/NWGNUmakefile?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/filters/NWGNUmakefile (original) +++ httpd/sandbox/amsterdam/d/modules/filters/NWGNUmakefile Mon Apr 7 09:28:58 2008 @@ -155,6 +155,7 @@ $(OBJDIR)/extfiltr.nlm \ $(OBJDIR)/charsetl.nlm \ $(OBJDIR)/mod_filter.nlm \ + $(OBJDIR)/substitute.nlm \ $(EOLIST) # If the zlib libraries source exists then build the mod_deflate module Modified: httpd/sandbox/amsterdam/d/modules/filters/config.m4 URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/filters/config.m4?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/filters/config.m4 (original) +++ httpd/sandbox/amsterdam/d/modules/filters/config.m4 Mon Apr 7 09:28:58 2008 @@ -7,6 +7,7 @@ APACHE_MODULE(ext_filter, external filter module, , , most) APACHE_MODULE(include, Server Side Includes, , , yes) APACHE_MODULE(filter, Smart Filtering, , , yes) +APACHE_MODULE(substitute, response content rewrite-like filtering, , , most) if test "$ac_cv_ebcdic" = "yes"; then # mod_charset_lite can be very useful on an ebcdic system, Modified: httpd/sandbox/amsterdam/d/modules/filters/mod_charset_lite.c URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/filters/mod_charset_lite.c?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/filters/mod_charset_lite.c (original) +++ httpd/sandbox/amsterdam/d/modules/filters/mod_charset_lite.c Mon Apr 7 09:28:58 2008 @@ -26,7 +26,7 @@ #include "httpd.h" #include "http_config.h" -#define CORE_PRIVATE + #include "http_core.h" #include "http_log.h" #include "http_main.h" @@ -76,6 +76,8 @@ const char *charset_default; /* how to ship on wire */ /** module does ap_add_*_filter()? */ enum {IA_INIT, IA_IMPADD, IA_NOIMPADD} implicit_add; + /** treat all mimetypes as text? */ + enum {FX_INIT, FX_FORCE, FX_NOFORCE} force_xlate; } charset_dir_t; /* charset_filter_ctx_t is created for each filter instance; because the same @@ -138,6 +140,8 @@ over->charset_source ? over->charset_source : base->charset_source; a->implicit_add = over->implicit_add != IA_INIT ? over->implicit_add : base->implicit_add; + a->force_xlate= + over->force_xlate != FX_INIT ? over->force_xlate : base->force_xlate; return a; } @@ -176,6 +180,12 @@ else if (!strcasecmp(flag, "NoImplicitAdd")) { dc->implicit_add = IA_NOIMPADD; } + if (!strcasecmp(flag, "TranslateAllMimeTypes")) { + dc->force_xlate = FX_FORCE; + } + else if (!strcasecmp(flag, "NoTranslateAllMimeTypes")) { + dc->force_xlate = FX_NOFORCE; + } else if (!strncasecmp(flag, "DebugLevel=", 11)) { dc->debug = atoi(flag + 11); } @@ -189,9 +199,9 @@ return NULL; } -/* find_code_page() is a fixup hook that decides if translation should be - * enabled; if so, it sets up request data for use by the filter registration - * hook so that it knows what to do +/* find_code_page() is a fixup hook that checks if the module is + * configured and the input or output potentially need to be translated. + * If so, context is initialized for the filters. */ static int find_code_page(request_rec *r) { @@ -200,7 +210,6 @@ charset_req_t *reqinfo; charset_filter_ctx_t *input_ctx, *output_ctx; apr_status_t rv; - const char *mime_type; if (dc->debug >= DBGLVL_FLOW) { ap_log_rerror(APLOG_MARK,APLOG_DEBUG, 0, r, @@ -229,7 +238,10 @@ } /* catch proxy requests */ - if (r->proxyreq) return DECLINED; + if (r->proxyreq) { + return DECLINED; + } + /* mod_rewrite indicators */ if (r->filename && (!strncmp(r->filename, "redirect:", 9) @@ -238,54 +250,10 @@ || !strncmp(r->filename, "forbidden:", 10))) { return DECLINED; } - /* no translation when server and network charsets are set to the same value */ - if (!strcasecmp(dc->charset_source, dc->charset_default)) return DECLINED; - mime_type = r->content_type ? r->content_type : ap_default_type(r); - - /* If mime type isn't text or message, bail out. - */ - -/* XXX When we handle translation of the request body, watch out here as - * 1.3 allowed additional mime types: multipart and - * application/x-www-form-urlencoded - */ - - if (strncasecmp(mime_type, "text/", 5) && -#if APR_CHARSET_EBCDIC || AP_WANT_DIR_TRANSLATION - /* On an EBCDIC machine, be willing to translate mod_autoindex- - * generated output. Otherwise, it doesn't look too cool. - * - * XXX This isn't a perfect fix because this doesn't trigger us - * to convert from the charset of the source code to ASCII. The - * general solution seems to be to allow a generator to set an - * indicator in the r specifying that the body is coded in the - * implementation character set (i.e., the charset of the source - * code). This would get several different types of documents - * translated properly: mod_autoindex output, mod_status output, - * mod_info output, hard-coded error documents, etc. - */ - strcmp(mime_type, DIR_MAGIC_TYPE) && -#endif - strncasecmp(mime_type, "message/", 8)) { - if (dc->debug >= DBGLVL_GORY) { - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, - "mime type is %s; no translation selected", - mime_type); - } - /* We must not bail out here (i.e., the MIME test must be in the filter - * itself, not in the fixup, because only then is the final MIME type known. - * Examples for late changes to the MIME type include CGI handling (MIME - * type is set in the Content-Type header produced by the CGI script), or - * PHP (until PHP runs, the MIME type is set to application/x-httpd-php) - */ - } - - if (dc->debug >= DBGLVL_GORY) { - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, - "charset_source: %s charset_default: %s", - dc && dc->charset_source ? dc->charset_source : "(none)", - dc && dc->charset_default ? dc->charset_default : "(none)"); + /* no translation when server and network charsets are set to the same value */ + if (!strcasecmp(dc->charset_source, dc->charset_default)) { + return DECLINED; } /* Get storage for the request data and the output filter context. @@ -302,14 +270,6 @@ reqinfo->output_ctx = output_ctx; - /* We must not open the xlation table here yet, because the final MIME - * type is not known until we are actually called in the output filter. - * With POST or PUT request, the case is different, because their MIME - * type is set in the request headers, and their data are prerequisites - * for actually calling, e.g., the CGI handler later on. - */ - output_ctx->xlate = NULL; - switch (r->method_number) { case M_PUT: case M_POST: @@ -832,18 +792,11 @@ } } - /* Opening the output translation (this used to be done in the fixup hook, - * but that was too early: a subsequent type modification, e.g., by a - * CGI script, would go unnoticed. Now we do it in the filter itself.) + /* Check the mime type to see if translation should be performed. */ - if (!ctx->noop && ctx->xlate == NULL) - { + if (!ctx->noop && ctx->xlate == NULL) { const char *mime_type = f->r->content_type ? f->r->content_type : ap_default_type(f->r); - /* XXX When we handle translation of the request body, watch out here as - * 1.3 allowed additional mime types: multipart and - * application/x-www-form-urlencoded - */ if (strncasecmp(mime_type, "text/", 5) == 0 || #if APR_CHARSET_EBCDIC /* On an EBCDIC machine, be willing to translate mod_autoindex- @@ -858,12 +811,13 @@ * translated properly: mod_autoindex output, mod_status output, * mod_info output, hard-coded error documents, etc. */ - strcmp(mime_type, DIR_MAGIC_TYPE) == 0 || + strcmp(mime_type, DIR_MAGIC_TYPE) == 0 || #endif - strncasecmp(mime_type, "message/", 8) == 0) { + strncasecmp(mime_type, "message/", 8) == 0 || + dc->force_xlate == FX_FORCE) { rv = apr_xlate_open(&ctx->xlate, - dc->charset_default, dc->charset_source, f->r->pool); + dc->charset_default, dc->charset_source, f->r->pool); if (rv != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, f->r, "can't open translation %s->%s", @@ -877,20 +831,21 @@ } } else { - ctx->noop = 1; - if (dc->debug >= DBGLVL_GORY) - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, f->r, - "mime type is %s; no translation selected", - mime_type); + ctx->noop = 1; + if (dc->debug >= DBGLVL_GORY) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, f->r, + "mime type is %s; no translation selected", + mime_type); } + } } if (dc->debug >= DBGLVL_GORY) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, f->r, - "xlate_out_filter() - " - "charset_source: %s charset_default: %s", - dc && dc->charset_source ? dc->charset_source : "(none)", - dc && dc->charset_default ? dc->charset_default : "(none)"); + "xlate_out_filter() - " + "charset_source: %s charset_default: %s", + dc && dc->charset_source ? dc->charset_source : "(none)", + dc && dc->charset_default ? dc->charset_default : "(none)"); } if (!ctx->ran) { /* filter never ran before */ @@ -1147,7 +1102,8 @@ add_charset_options, NULL, OR_FILEINFO, - "valid options: ImplicitAdd, NoImplicitAdd, DebugLevel=n"), + "valid options: ImplicitAdd, NoImplicitAdd, TranslateAllMimeTypes, " + "NoTranslateAllMimeTypes, DebugLevel=n"), {NULL} }; Modified: httpd/sandbox/amsterdam/d/modules/filters/mod_deflate.c URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/filters/mod_deflate.c?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/filters/mod_deflate.c (original) +++ httpd/sandbox/amsterdam/d/modules/filters/mod_deflate.c Mon Apr 7 09:28:58 2008 @@ -373,25 +373,20 @@ return APR_SUCCESS; } /* PR 39727: we're screwing up our clients if we leave a strong ETag - * header while transforming content. A minimal fix that makes us - * protocol-compliant is to make it a weak ETag. Whether we can - * use this ourselves (e.g. in mod_cache) is a different issue. + * header while transforming content. Henrik Nordstrom suggests + * appending ";gzip". * - * Henrik Nordstrom suggests instead appending ";gzip", commenting: - * "This should allows for easy bidirectional mapping, simplifying most - * conditionals as no transformation of the entity body is needed to find - * the etag, and the simple format makes it easier to trace should any - * misunderstandings occur." - * - * We might consider such a strategy in future if we implement support - * for such a scheme. + * Pending a more thorough review of our Etag handling, let's just + * implement his suggestion. It fixes the bug, or at least turns it + * from a showstopper to an inefficiency. And it breaks nothing that + * wasn't already broken. */ -static void deflate_check_etag(request_rec *r) +static void deflate_check_etag(request_rec *r, const char *transform) { const char *etag = apr_table_get(r->headers_out, "ETag"); if (etag && (((etag[0] != 'W') && (etag[0] !='w')) || (etag[1] != '/'))) { apr_table_set(r->headers_out, "ETag", - apr_pstrcat(r->pool, "W/", etag, NULL)); + apr_pstrcat(r->pool, etag, "-", transform, NULL)); } } static apr_status_t deflate_out_filter(ap_filter_t *f, @@ -591,7 +586,7 @@ } apr_table_unset(r->headers_out, "Content-Length"); apr_table_unset(r->headers_out, "Content-MD5"); - deflate_check_etag(r); + deflate_check_etag(r, "gzip"); /* initialize deflate output buffer */ ctx->stream.next_out = ctx->buffer; @@ -1084,7 +1079,7 @@ /* these are unlikely to be set anyway, but ... */ apr_table_unset(r->headers_out, "Content-Length"); apr_table_unset(r->headers_out, "Content-MD5"); - deflate_check_etag(r); + deflate_check_etag(r, "gunzip"); /* initialize inflate output buffer */ ctx->stream.next_out = ctx->buffer; Modified: httpd/sandbox/amsterdam/d/modules/filters/mod_ext_filter.c URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/filters/mod_ext_filter.c?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/filters/mod_ext_filter.c (original) +++ httpd/sandbox/amsterdam/d/modules/filters/mod_ext_filter.c Mon Apr 7 09:28:58 2008 @@ -22,7 +22,7 @@ #include "http_config.h" #include "http_log.h" #include "http_protocol.h" -#define CORE_PRIVATE + #include "http_core.h" #include "apr_buckets.h" #include "util_filter.h" Modified: httpd/sandbox/amsterdam/d/modules/filters/mod_filter.c URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/modules/filters/mod_filter.c?rev=645594&r1=645593&r2=645594&view=diff ============================================================================== --- httpd/sandbox/amsterdam/d/modules/filters/mod_filter.c (original) +++ httpd/sandbox/amsterdam/d/modules/filters/mod_filter.c Mon Apr 7 09:28:58 2008 @@ -24,6 +24,7 @@ #include "http_request.h" #include "http_log.h" #include "util_filter.h" +#include "ap_expr.h" module AP_MODULE_DECLARE_DATA filter_module; @@ -35,46 +36,13 @@ * (2.0-compatible) ap_filter_rec_t* frec. */ struct ap_filter_provider_t { - /** How to match this provider to filter dispatch criterion */ - enum { - STRING_MATCH, - STRING_CONTAINS, - REGEX_MATCH, - INT_EQ, - INT_LT, - INT_LE, - INT_GT, - INT_GE, - DEFINED - } match_type; - - /** negation on match_type */ - int not; - - /** The dispatch match itself - union member depends on match_type */ - union { - const char *string; - ap_regex_t *regex; - int number; - } match; + ap_parse_node_t *expr; /** The filter that implements this provider */ ap_filter_rec_t *frec; /** The next provider in the list */ ap_filter_provider_t *next; - - /** Dispatch criteria for filter providers */ - enum { - HANDLER, - REQUEST_HEADERS, - RESPONSE_HEADERS, - SUBPROCESS_ENV, - CONTENT_TYPE - } dispatch; - - /** Match value for filter providers */ - const char* value; }; /** we need provider_ctx to save ctx values set by providers in filter_init */ @@ -137,7 +105,12 @@ harness_ctx *fctx = apr_pcalloc(f->r->pool, sizeof(harness_ctx)); for (p = filter->providers; p; p = p->next) { - if (p->frec->filter_init_func) { + if (p->frec->filter_init_func == filter_init) { + ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, f->c, + "Chaining of FilterProviders not supported"); + return HTTP_INTERNAL_SERVER_ERROR; + } + else if (p->frec->filter_init_func) { f->ctx = NULL; if ((err = p->frec->filter_init_func(f)) != OK) { ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, f->c, @@ -157,13 +130,13 @@ f->ctx = fctx; return OK; } - static int filter_lookup(ap_filter_t *f, ap_filter_rec_t *filter) { ap_filter_provider_t *provider; const char *str = NULL; char *str1; int match; + int err = 0; unsigned int proto_flags; request_rec *r = f->r; harness_ctx *ctx = f->ctx; @@ -173,90 +146,14 @@ /* Check registered providers in order */ for (provider = filter->providers; provider; provider = provider->next) { - match = 1; - switch (provider->dispatch) { - case REQUEST_HEADERS: - str = apr_table_get(r->headers_in, provider->value); - break; - case RESPONSE_HEADERS: - str = apr_table_get(r->headers_out, provider->value); - break; - case SUBPROCESS_ENV: - str = apr_table_get(r->subprocess_env, provider->value); - break; - case CONTENT_TYPE: - str = r->content_type; - break; - case HANDLER: - str = r->handler; - break; - } - - /* treat nulls so we don't have to check every strcmp individually - * Not sure if there's anything better to do with them - */ - if (!str) { - if (provider->match_type == DEFINED && provider->match.string) { - match = 0; - } - } - /* we can't check for NULL in provider as that kills integer 0 - * so we have to test each string/regexp case in the switch - */ - else { - switch (provider->match_type) { - case STRING_MATCH: - if (strcasecmp(str, provider->match.string)) { - match = 0; - } - break; - case STRING_CONTAINS: - str1 = apr_pstrdup(r->pool, str); - ap_str_tolower(str1); - if (!strstr(str1, provider->match.string)) { - match = 0; - } - break; - case REGEX_MATCH: - if (ap_regexec(provider->match.regex, str, 0, NULL, 0) - == AP_REG_NOMATCH) { - match = 0; - } - break; - case INT_EQ: - if (atoi(str) != provider->match.number) { - match = 0; - } - break; - /* Integer comparisons should be [var] OP [match] - * We need to set match = 0 if the condition fails - */ - case INT_LT: - if (atoi(str) >= provider->match.number) { - match = 0; - } - break; - case INT_LE: - if (atoi(str) > provider->match.number) { - match = 0; - } - break; - case INT_GT: - if (atoi(str) <= provider->match.number) { - match = 0; - } - break; - case INT_GE: - if (atoi(str) < provider->match.number) { - match = 0; - } - break; - case DEFINED: /* we already handled this:-) */ - break; - } + match = ap_expr_eval(r, provider->expr, &err, NULL, ap_expr_string, NULL); + if (err) { + /* log error but accept match value ? */ + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Error evaluating filter dispatch condition"); } - if (match != provider->not) { + if (match) { /* condition matches this provider */ #ifndef NO_PROTOCOL /* check protocol @@ -492,27 +389,17 @@ return NULL; } -static const char *filter_provider(cmd_parms *cmd, void *CFG, const char *args) +static const char *filter_provider(cmd_parms *cmd, void *CFG, + const char *fname, const char *pname, + const char *expr) { mod_filter_cfg *cfg = CFG; - int flags; ap_filter_provider_t *provider; - const char *rxend; const char *c; - char *str; - const char *eq; ap_filter_rec_t* frec; ap_filter_rec_t* provider_frec; - - /* insist on exactly four arguments */ - const char *fname = ap_getword_conf(cmd->pool, &args) ; - const char *pname = ap_getword_conf(cmd->pool, &args) ; - const char *condition = ap_getword_conf(cmd->pool, &args) ; - const char *match = ap_getword_conf(cmd->pool, &args) ; - eq = ap_getword_conf(cmd->pool, &args) ; - if ( !*fname || !*pname || !*match || !*condition || *eq ) { - return "usage: FilterProvider filter provider condition match" ; - } + ap_parse_node_t *node; + int err = 0; /* fname has been declared with DeclareFilter, so we can look it up */ frec = apr_hash_get(cfg->live_filters, fname, APR_HASH_KEY_STRING); @@ -533,121 +420,19 @@ /* if provider has been registered, we can look it up */ provider_frec = ap_get_output_filter_handle(pname); if (!provider_frec) { - provider_frec = apr_hash_get(cfg->live_filters, pname, - APR_HASH_KEY_STRING); - } - if (!provider_frec) { return apr_psprintf(cmd->pool, "Unknown filter provider %s", pname); } - - provider = apr_palloc(cmd->pool, sizeof(ap_filter_provider_t)); - if (*match == '!') { - provider->not = 1; - ++match; - } - else { - provider->not = 0; + node = ap_expr_parse(cmd->pool, expr, &err); + if (err) { + return "Error parsing FilterProvider expression."; } - switch (*match++) { - case '<': - if (*match == '=') { - provider->match_type = INT_LE; - ++match; - } - else { - provider->match_type = INT_LT; - } - provider->match.number = atoi(match); - break; - case '>': - if (*match == '=') { - provider->match_type = INT_GE; - ++match; - } - else { - provider->match_type = INT_GT; - } - provider->match.number = atoi(match); - break; - case '=': - provider->match_type = INT_EQ; - provider->match.number = atoi(match); - break; - case '/': - provider->match_type = REGEX_MATCH; - rxend = ap_strchr_c(match, '/'); - if (!rxend) { - return "Bad regexp syntax"; - } - flags = AP_REG_NOSUB; /* we're not mod_rewrite:-) */ - for (c = rxend+1; *c; ++c) { - switch (*c) { - case 'i': flags |= AP_REG_ICASE; break; - } - } - provider->match.regex = ap_pregcomp(cmd->pool, - apr_pstrndup(cmd->pool, - match, - rxend-match), - flags); - if (provider->match.regex == NULL) { - return "Bad regexp"; - } - break; - case '*': - provider->match_type = DEFINED; - provider->match.number = -1; - break; - case '$': - provider->match_type = STRING_CONTAINS; - str = apr_pstrdup(cmd->pool, match); - ap_str_tolower(str); - provider->match.string = str; - break; - default: - provider->match_type = STRING_MATCH; - provider->match.string = apr_pstrdup(cmd->pool, match-1); - break; - } + provider = apr_palloc(cmd->pool, sizeof(ap_filter_provider_t)); + provider->expr = node; provider->frec = provider_frec; provider->next = frec->providers; frec->providers = provider; - /* determine what a filter will dispatch this provider on */ - eq = ap_strchr_c(condition, '='); - if (eq) { - str = apr_pstrdup(cmd->pool, eq+1); - if (!strncasecmp(condition, "env=", 4)) { - provider->dispatch = SUBPROCESS_ENV; - } - else if (!strncasecmp(condition, "req=", 4)) { - provider->dispatch = REQUEST_HEADERS; - } - else if (!strncasecmp(condition, "resp=", 5)) { - provider->dispatch = RESPONSE_HEADERS; - } - else { - return "FilterProvider: unrecognized dispatch table"; - } - } - else { - if (!strcasecmp(condition, "handler")) { - provider->dispatch = HANDLER; - } - else { - provider->dispatch = RESPONSE_HEADERS; - } - str = apr_pstrdup(cmd->pool, condition); - ap_str_tolower(str); - } - - if ( (provider->dispatch == RESPONSE_HEADERS) - && !strcasecmp(str, "content-type")) { - provider->dispatch = CONTENT_TYPE; - } - provider->value = str; - return NULL; } @@ -850,8 +635,8 @@ AP_INIT_TAKE12("FilterDeclare", filter_declare, NULL, OR_OPTIONS, "filter-name [filter-type]"), /** we don't have a TAKE4, so we have to use RAW_ARGS */ - AP_INIT_RAW_ARGS("FilterProvider", filter_provider, NULL, OR_OPTIONS, - "filter-name provider-name dispatch-criterion dispatch-match"), + AP_INIT_TAKE3("FilterProvider", filter_provider, NULL, OR_OPTIONS, + "filter-name provider-name match-expression"), AP_INIT_ITERATE("FilterChain", filter_chain, NULL, OR_OPTIONS, "list of filter names with optional [+-=!@]"), AP_INIT_TAKE2("FilterTrace", filter_debug, NULL, RSRC_CONF | ACCESS_CONF,