summaryrefslogtreecommitdiff
path: root/modules
Commit message (Collapse)AuthorAgeFilesLines
...
* Build mod_access_compat on NetWareBradley Nicholes2006-01-232-1/+251
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@371651 13f79535-47bb-0310-9956-ffa450edef68
* Use the correct logging #defineBradley Nicholes2006-01-231-3/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@371648 13f79535-47bb-0310-9956-ffa450edef68
* * Fix PR38340 by actual getting the word and thus advancing the message bufferRuediger Pluem2006-01-211-1/+1
| | | | | | | | | | pointer to the next data. Submitted by: Aleksey Pesternikov <apesternikov yahoo.com> Reviewed by: Ruediger Pluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@371013 13f79535-47bb-0310-9956-ffa450edef68
* Set the LDAP protocol before setting extended LDAP options. [PR38146]Bradley Nicholes2006-01-201-3/+3
| | | | | | Submitted by: Aaron Richton <richton nbcs.rutgers.edu> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@370856 13f79535-47bb-0310-9956-ffa450edef68
* remove the unused per-dir-config structure.Bradley Nicholes2006-01-191-11/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@370521 13f79535-47bb-0310-9956-ffa450edef68
* Remove the call to ap_note_auth_failure() from the providers. ↵Bradley Nicholes2006-01-182-4/+0
| | | | | | mod_authz_core will make the call if it is necessary. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@370039 13f79535-47bb-0310-9956-ffa450edef68
* * Add CacheMinExpire directive to set the minimum time in seconds to cache a ↵Ruediger Pluem2006-01-172-0/+25
| | | | | | | | | | | | document in the case that no valid expire time was supplied with the document. Submitted by: Brian Akins <brian.akins turner.com> Reviewed by: Ruediger Pluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@369811 13f79535-47bb-0310-9956-ffa450edef68
* eliminate the import of the ap_satisfies optional function on every request. ↵Bradley Nicholes2006-01-152-7/+18
| | | | | | Just import it once if it exists. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@369124 13f79535-47bb-0310-9956-ffa450edef68
* clean up some left-over debugging code and commentsBradley Nicholes2006-01-143-17/+6
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@368978 13f79535-47bb-0310-9956-ffa450edef68
* host access control compatibility module (Order, Deny, Allow, Satisfy)Bradley Nicholes2006-01-141-0/+392
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@368932 13f79535-47bb-0310-9956-ffa450edef68
* Restore Order, Deny, Allow, Satisfy for backwards compatibility with authzBradley Nicholes2006-01-144-5/+58
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@368929 13f79535-47bb-0310-9956-ffa450edef68
* Update the NetWare makefiles to build the authz codeBradley Nicholes2006-01-111-6/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@368105 13f79535-47bb-0310-9956-ffa450edef68
* Authz refactoringBradley Nicholes2006-01-1117-990/+2663
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Merge from branches/authz-dev Basically here is a list of what has been done: - Convert all of the authz modules from hook based to provider based - Remove the ap_requires field from the core_dir_config structure - Remove the function ap_requires() since its functionality is no longer supported or necessary in the refactoring - Remove the calls to ap_some_auth_required() in the core request handling to allow the hooks to be called in all cases. - Add the new module mod_authz_core which will act as the authorization provider vector and contain common authz directives such as 'Require', 'Reject' and '<RequireAlias>' - Add the new module mod_authn_core which will contain common authentication directives such as 'AuthType', 'AuthName' and '<AuthnProviderAlias>' - Move the check for METHOD_MASK out of the authz providers and into the authz_core provider vector - Define the status codes that can be returned by the authz providers as AUTHZ_DENIED, AUTHZ_GRANTED and AUTHZ_GENERAL_ERROR - Remove the 'Satisfy' directive - Implement the '<RequireAll>', '<RequireOne>' block directives to handle the 'and' and 'or' logic for authorization. - Remove the 'AuthzXXXAuthoritative' directives from all of the authz providers - Implement the 'Reject' directive that will deny authorization if the argument is true - Fold the 'Reject' directive into the '<RequireAll>', '<RequireOne>' logic - Reimplement the host based authorization functionality provided by 'allow', 'deny' and 'order' as authz providers - Remove the 'allow', 'deny' and 'order' directives - Merge mod_authn_alias into mod_authn_core - Add '<RequireAlias>' functionality which is similar to '<AuthnProviderAlias>' but specific to authorization aliasing - Remove all of the references to the 'authzxxxAuthoritative' directives from the documentation - Remove the 'Satisfy' directive from the documentation - Remove 'Allow', 'Deny', 'Order' directives from the documentation - Document '<RequireAll>', '<RequireOne>', 'Reject' directives - Reimplement the APIs ap_auth_type(), ap_auth_name() as optional functions and move the actual implementation into mod_authn_core - Reimplement the API ap_some_auth_required() as an optional function and move the actual implementation into mod_authz_core Major Changes: - Added the directives <RequireAll>, <RequireOne>, <RequireAlias>, Reject - Expanded the functionality of the directive 'Require' to handle all authorization and access control - Added the new authz providers 'env', 'ip', 'host', 'all' to handle host-based access control - Removed the directives 'Allow', 'Deny', 'Order', 'Satisfy', 'AuthzXXXAuthoritative' - Removed the ap_require() API - Moved the directives 'AuthType', 'AuthName' out of mod_core and into mod_authn_core - Moved the directive 'Require' out of mod_core and into mod_authz_core - Merged mod_authn_alias into mod_authn_core - Renamed mod_authz_dbm authz providers from 'group' and 'file-group' to 'dbm-group' and 'dbm-file-group' Benefits: - All authorization and access control is now handle through two directives, 'Require' and 'Reject' - Authorization has been expanded to allow for complex 'AND/OR' control logic through the directives '<RequireAll>' and '<RequireOne>' - Configuration is now much simpler and consistent across the board - Other modules like mod_ssl and mod_proxy should be able to plug into and take advantage of the same provider based authorization mechanism by implementing their own providers Issues: - Backwards compatibility between 2.2 and 2.3 configurations will be broken in the area of authorization and access control due to the fact that the directives 'allow', 'deny', 'order' and 'satisfy' have been removed. When moving from 2.2 to 2.3 these directives will have to be changed to 'Require all granted', 'Require all denied' or some variation of the authz host-based providers. - Existing third party authorization modules will have to adapt to the new structure. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@368027 13f79535-47bb-0310-9956-ffa450edef68
* * Fix PR38017 by handling the selection of the hostname in the same way forRuediger Pluem2006-01-101-3/+18
| | | | | | | | | | | | | | | | | | | | | | non proxied and reverse proxied requests. We need to handle both cases in the same manner as for the reverse proxy case we have the following situation: If a cached entry is looked up by mod_cache's quick handler r->proxyreq is still unset in the reverse proxy case as it only gets set in the translate name hook (either by ProxyPass or mod_rewrite) which is run after the quick handler hook. This is different to the forward proxy case where it gets set before the quick handler is run (in the post_read_request hook). If a cache entry is created by the CACHE_SAVE filter we always have r->proxyreq set correctly. So we must ensure that in the reverse proxy case we use the same code path and using the canonical name seems to be the right thing to do in the reverse proxy case. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@367798 13f79535-47bb-0310-9956-ffa450edef68
* Explain how we're checking to see if ap_proxy_backend_broke()Jim Jagielski2006-01-061-1/+2
| | | | | | | has been called or not. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@366558 13f79535-47bb-0310-9956-ffa450edef68
* Clarify (I hope) the comment better :)Jim Jagielski2006-01-061-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@366554 13f79535-47bb-0310-9956-ffa450edef68
* As long as we have the AP_BUCKET_IS_ERROR macro, let's use itJim Jagielski2006-01-061-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@366374 13f79535-47bb-0310-9956-ffa450edef68
* * Call ap_proxy_http_cleanup after ap_log_rerror because it resetsRuediger Pluem2006-01-051-1/+1
| | | | | | | backend->hostname to NULL. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@366279 13f79535-47bb-0310-9956-ffa450edef68
* * If a subrequest has a broken backend also set no_cache for the main requestRuediger Pluem2006-01-052-5/+20
| | | | | | | | | | | | | | | | | and ensure that the chunk filter does not sent the last chunk marker in this case. modules/http/chunk_filter.c: Memorize HTTP_BAD_GATEWAY error buckets that had been seen in filter context to ensure that we do not sent the last chunk marker in this case. modules/proxy/proxy_util.c : Set no_cache also for main request if we are a subrequest. Thanks to Joe Orton and André Malo for the "invented unique pointer" trick. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@366181 13f79535-47bb-0310-9956-ffa450edef68
* * Correctly signal broken backend connections up the chain also for the ajpRuediger Pluem2006-01-024-9/+65
| | | | | | | | | | | | | | | backend (see also r357461). Furthermore move common code in mod_proxy_http.c and mod_proxy_ajp.c into a new function (ap_proxy_backend_broke) in proxy_util.c. modules/proxy/mod_proxy_ajp.c : Signal broken backend connection for ajp backend modules/proxy/proxy_util.c : Add ap_proxy_backend_broke modules/proxy/mod_proxy_http.c: - Use ap_proxy_backend_broke - Return DONE also if backend broke modules/proxy/mod_proxy.h : Add declaration of ap_proxy_backend_broke git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@365374 13f79535-47bb-0310-9956-ffa450edef68
* Small spelling fix.Graham Leggett2005-12-281-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@359565 13f79535-47bb-0310-9956-ffa450edef68
* Fix Cookie2 header problems that originates backMladen Turk2005-12-231-3/+3
| | | | | | from mod_jk. Cookie2 was always sent as Cookie. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@358769 13f79535-47bb-0310-9956-ffa450edef68
* This shift was treated in 32 bit scope, then masked to 64 bits,William A. Rowe Jr2005-12-201-1/+1
| | | | | | which was probably quite uncool. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@358040 13f79535-47bb-0310-9956-ffa450edef68
* Morph the ap_http_broken_backend_filter() proxy "specific"Jim Jagielski2005-12-204-18/+23
| | | | | | | filter to a generic http error handling output filter. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@358022 13f79535-47bb-0310-9956-ffa450edef68
* In Apache-2.x, the function is called apr_pstrdup().Martin Kraemer2005-12-191-7/+3
| | | | | | | The 'tmp' variable is not really necessary. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@357699 13f79535-47bb-0310-9956-ffa450edef68
* * Move code for broken backend detection out of core filter into a new httpRuediger Pluem2005-12-183-0/+33
| | | | | | | | protocol filter (ap_http_broken_backend_filter) that is only run in the proxy case. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@357519 13f79535-47bb-0310-9956-ffa450edef68
* * If the mod_proxy backend connection broke in the middle of the response,Ruediger Pluem2005-12-183-6/+26
| | | | | | | | | | | | | | | | | | | | | then - Do not cache it. - Signal the client that something went wrong by closing the connection and not sending the last-chunk marker if the response was T-E chunked. server/core_filters.c : Close the connection to the client by setting c->keepalive to AP_CONN_CLOSE. modules/http/chunk_filter.c : Do not send last-chunk marker in the case the backend broke. modules/proxy/mod_proxy_http.c: Signal that the backend connection broke. modules/cache/mod_disk_cache.c: Respect r->no_cache for discarding the response Submitted by: Roy T. Fielding, Jim Jagielski, Ruediger Pluem Reviewed by: Roy T. Fielding, Jim Jagielski, Ruediger Pluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@357461 13f79535-47bb-0310-9956-ffa450edef68
* * Fix ap_http_chunk_filter to create correct chunks in the case that aRuediger Pluem2005-12-171-0/+2
| | | | | | | | | | flush bucket is pre- and postfixed by data buckets in the brigade. Submitted by: Ruediger Pluem Reviewed by: Justin Erenkrantz, Joe Orton, Jim Jagielski git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@357328 13f79535-47bb-0310-9956-ffa450edef68
* Bring forward the fix for CVE-2005-3352 already on the branches:Joe Orton2005-12-161-1/+1
| | | | | | | | | | | | * modules/mappers/mod_imagemap.c (imap_url): Escape the referer. * server/util.c (ap_escape_html): Escape the " character. Submitted by: mjc Reviewed by: fielding, jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@357161 13f79535-47bb-0310-9956-ffa450edef68
* * modules/debug/mod_bucketeer.c (bucketeer_out_filter): Only pass onJoe Orton2005-12-161-4/+7
| | | | | | | | | the brigade if the pass delimiter is reached and not for any flush delimiter; allows creating brigades with a flush bucket in the middle. Fail if ap_pass_brigade() fails. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@357156 13f79535-47bb-0310-9956-ffa450edef68
* Sorry, previous commit was not ok.Jean-Frederic Clere2005-12-151-2/+5
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@357044 13f79535-47bb-0310-9956-ffa450edef68
* The string comming from TC is in ASCII and the string returned by ↵Jean-Frederic Clere2005-12-151-2/+4
| | | | | | apr_psprintf isn't. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@357022 13f79535-47bb-0310-9956-ffa450edef68
* OK, while we ponder how best to reuse conn pools for workers,Jim Jagielski2005-12-111-10/+4
| | | | | | | clean this section up. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@356030 13f79535-47bb-0310-9956-ffa450edef68
* * revert r355823 and r355837Ruediger Pluem2005-12-114-39/+5
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@355853 13f79535-47bb-0310-9956-ffa450edef68
* * Let the proxy handler know that the backend connection broke after we haveRuediger Pluem2005-12-111-1/+14
| | | | | | | sent the headers. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@355837 13f79535-47bb-0310-9956-ffa450edef68
* * Move handling of backends that broke after the headers have been sentRuediger Pluem2005-12-113-4/+25
| | | | | | | | | | | | | | | | | | into the proxy handler of mod_proxy. This patch still sets r->connection->aborted to 1 which is currently vetoed by Roy. Moving it from the scheme handler to the proxy handler should ease the reimplementation of this, as the scheme handlers only needs to return PROXY_BACKEND_BROKEN to signal the above situation to the proxy handler. mod_proxy.h: Add define for PROXY_BACKEND_BROKEN mod_proxy.c: Handle PROXY_BACKEND_BROKEN in proxy handler mod_proxy_http.c: Sent back PROXY_BACKEND_BROKEN if backend broke after we sent the headers. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@355823 13f79535-47bb-0310-9956-ffa450edef68
* Add a comment and use proper grammar for another comment.Justin Erenkrantz2005-12-071-1/+5
| | | | | | | (No functional changes.) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@354636 13f79535-47bb-0310-9956-ffa450edef68
* If a connection aborts while waiting for a chunked line, flag the connection asJustin Erenkrantz2005-12-071-5/+17
| | | | | | | errored out and send errors upwards. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@354630 13f79535-47bb-0310-9956-ffa450edef68
* If we get an error reading the upstream response, we should bail.Justin Erenkrantz2005-12-071-0/+6
| | | | | | | Reported by: Brian Akins git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@354628 13f79535-47bb-0310-9956-ffa450edef68
* Add the mod_dbd exports to the NetWare make fileBradley Nicholes2005-12-061-0/+5
| | | | | | Submitted by: Guenter Knauf <fuankg apache.org> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@354471 13f79535-47bb-0310-9956-ffa450edef68
* Improve defaults from 'test' values (and get meaningful errors onNick Kew2005-12-061-6/+9
| | | | | | | startup if database is down); trivial tidyups. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@354400 13f79535-47bb-0310-9956-ffa450edef68
* * modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Omit furtherJoe Orton2005-12-061-2/+5
| | | | | | | | | | | access control checks if SSL is not in use regardless of vhost settings. Submitted by: Rüdiger Plüm, Joe Orton PR: 37791 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@354394 13f79535-47bb-0310-9956-ffa450edef68
* PR 36090Nick Kew2005-12-051-0/+1
| | | | | | | Fix recursive ErrorDocument handling git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@354118 13f79535-47bb-0310-9956-ffa450edef68
* * Fix PR37753. Off by one bug in get_path_param eats up too much of the stringRuediger Pluem2005-12-031-1/+1
| | | | | | | | | | such that session identifier for sticky sessions is never found in URL. Submitted by: Kazuhiro Osawa <ko yappo.ne.jp> Reviewed by: Ruediger Pluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@352010 13f79535-47bb-0310-9956-ffa450edef68
* Recover textWilliam A. Rowe Jr2005-12-021-128/+128
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@351717 13f79535-47bb-0310-9956-ffa450edef68
* Until we determine whether we should dip into the connectionJim Jagielski2005-12-011-7/+5
| | | | | | | | | | | | pool each time, rearrange the logic to avoid a double check which is unneeded. No matter what (if it's reusable or not) a null conn->hostname needs to be set. At that point it doesn't matter if we're not reusing it or if the string comparison happens, since what we would do in that case has already been done. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@350250 13f79535-47bb-0310-9956-ffa450edef68
* minor doc changes already on 2.2 branchRoy T. Fielding2005-12-011-3/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@350202 13f79535-47bb-0310-9956-ffa450edef68
* Check that conn->hostname is valid before we do the stringJim Jagielski2005-11-301-0/+1
| | | | | | | comparison git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@350009 13f79535-47bb-0310-9956-ffa450edef68
* Fix SSL Protocol hexdumps for EBCDIC systemsMartin Kraemer2005-11-301-0/+14
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@349906 13f79535-47bb-0310-9956-ffa450edef68
* First stab at a build environment for mod_authn_dbdColm MacCarthaigh2005-11-291-0/+132
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@349774 13f79535-47bb-0310-9956-ffa450edef68
View Lorry Controller Status