summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs/manual/content-negotiation.html.en622
-rw-r--r--docs/manual/developer/modules.html.en258
-rw-r--r--docs/manual/dso.html.en344
-rw-r--r--docs/manual/logs.html.en666
-rw-r--r--docs/manual/mod/directive-dict.html.en327
-rw-r--r--docs/manual/mod/module-dict.html.en123
-rw-r--r--docs/manual/sitemap.html.en201
-rw-r--r--docs/manual/stopping.html.en209
-rwxr-xr-xdocs/manual/urlmapping.html.en333
-rw-r--r--modules/experimental/cache_pqueue.c6
-rw-r--r--modules/experimental/mod_auth_ldap.c866
-rw-r--r--modules/experimental/mod_auth_ldap.def6
-rw-r--r--modules/experimental/util_ldap.c1110
-rw-r--r--modules/experimental/util_ldap.def6
-rw-r--r--modules/experimental/util_ldap_cache.c321
-rw-r--r--modules/experimental/util_ldap_cache.h216
-rw-r--r--modules/experimental/util_ldap_cache_mgr.c538
-rw-r--r--modules/http/http_protocol.c137
-rw-r--r--modules/ssl/ssl_engine_pphrase.c9
-rw-r--r--support/dbmmanage350
-rw-r--r--support/htpasswd.c32
-rw-r--r--support/log_server_status114
-rw-r--r--support/logresolve.pl261
-rw-r--r--support/phf_abuse_log.cgi22
-rw-r--r--support/split-logfile98
-rw-r--r--support/win32/ApacheMonitor.rc11
26 files changed, 132 insertions, 7054 deletions
diff --git a/docs/manual/content-negotiation.html.en b/docs/manual/content-negotiation.html.en
deleted file mode 100644
index 0f4e03ce31..0000000000
--- a/docs/manual/content-negotiation.html.en
+++ /dev/null
@@ -1,622 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
- <title>Apache Content Negotiation</title>
- </head>
- <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
- <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
- vlink="#000080" alink="#FF0000">
- <!--#include virtual="header.html" -->
-
- <h1 align="CENTER">Content Negotiation</h1>
-
- <p>Apache's supports content negotiation as described in
- the HTTP/1.1 specification. It can choose the best
- representation of a resource based on the browser-supplied
- preferences for media type, languages, character set and
- encoding. It also implements a couple of features to give
- more intelligent handling of requests from browsers that send
- incomplete negotiation information.</p>
-
- <p>Content negotiation is provided by the <a
- href="mod/mod_negotiation.html">mod_negotiation</a> module,
- which is compiled in by default.</p>
- <hr />
-
- <h2>About Content Negotiation</h2>
-
- <p>A resource may be available in several different
- representations. For example, it might be available in
- different languages or different media types, or a combination.
- One way of selecting the most appropriate choice is to give the
- user an index page, and let them select. However it is often
- possible for the server to choose automatically. This works
- because browsers can send as part of each request information
- about what representations they prefer. For example, a browser
- could indicate that it would like to see information in French,
- if possible, else English will do. Browsers indicate their
- preferences by headers in the request. To request only French
- representations, the browser would send</p>
-<pre>
- Accept-Language: fr
-</pre>
-
- <p>Note that this preference will only be applied when there is
- a choice of representations and they vary by language.</p>
-
- <p>As an example of a more complex request, this browser has
- been configured to accept French and English, but prefer
- French, and to accept various media types, preferring HTML over
- plain text or other text types, and preferring GIF or JPEG over
- other media types, but also allowing any other media type as a
- last resort:</p>
-<pre>
- Accept-Language: fr; q=1.0, en; q=0.5
- Accept: text/html; q=1.0, text/*; q=0.8, image/gif; q=0.6,
- image/jpeg; q=0.6, image/*; q=0.5, */*; q=0.1
-</pre>
- Apache supports 'server driven' content negotiation, as
- defined in the HTTP/1.1 specification. It fully supports the
- Accept, Accept-Language, Accept-Charset and Accept-Encoding
- request headers. Apache also supports 'transparent'
- content negotiation, which is an experimental negotiation
- protocol defined in RFC 2295 and RFC 2296. It does not offer
- support for 'feature negotiation' as defined in these RFCs.
-
- <p>A <strong>resource</strong> is a conceptual entity
- identified by a URI (RFC 2396). An HTTP server like Apache
- provides access to <strong>representations</strong> of the
- resource(s) within its namespace, with each representation in
- the form of a sequence of bytes with a defined media type,
- character set, encoding, etc. Each resource may be associated
- with zero, one, or more than one representation at any given
- time. If multiple representations are available, the resource
- is referred to as <strong>negotiable</strong> and each of its
- representations is termed a <strong>variant</strong>. The ways
- in which the variants for a negotiable resource vary are called
- the <strong>dimensions</strong> of negotiation.</p>
-
- <h2>Negotiation in Apache</h2>
-
- <p>In order to negotiate a resource, the server needs to be
- given information about each of the variants. This is done in
- one of two ways:</p>
-
- <ul>
- <li>Using a type map (<em>i.e.</em>, a <code>*.var</code>
- file) which names the files containing the variants
- explicitly, or</li>
-
- <li>Using a 'MultiViews' search, where the server does an
- implicit filename pattern match and chooses from among the
- results.</li>
- </ul>
-
- <h3>Using a type-map file</h3>
-
- <p>A type map is a document which is associated with the
- handler named <code>type-map</code> (or, for
- backwards-compatibility with older Apache configurations, the
- mime type <code>application/x-type-map</code>). Note that to
- use this feature, you must have a handler set in the
- configuration that defines a file suffix as
- <code>type-map</code>; this is best done with a</p>
-<pre>
- AddHandler type-map .var
-</pre>
- in the server configuration file.
-
- <p>Type map files should have the same name as the resource
- which they are describing, and have an entry for each available
- variant; these entries consist of contiguous HTTP-format header
- lines. Entries for different variants are separated by blank
- lines. Blank lines are illegal within an entry. It is
- conventional to begin a map file with an entry for the combined
- entity as a whole (although this is not required, and if
- present will be ignored). An example map file is shown below.
- This file would be named <code>foo.var</code>, as it describes
- a resource named <code>foo</code>.</p>
-<pre>
- URI: foo
-
- URI: foo.en.html
- Content-type: text/html
- Content-language: en
-
- URI: foo.fr.de.html
- Content-type: text/html;charset=iso-8859-2
- Content-language: fr, de
-</pre>
- Note also that a typemap file will take precedence over the
- filename's extension, even when Multiviews is on. If the
- variants have different source qualities, that may be indicated
- by the "qs" parameter to the media type, as in this picture
- (available as jpeg, gif, or ASCII-art):
-<pre>
- URI: foo
-
- URI: foo.jpeg
- Content-type: image/jpeg; qs=0.8
-
- URI: foo.gif
- Content-type: image/gif; qs=0.5
-
- URI: foo.txt
- Content-type: text/plain; qs=0.01
-</pre>
-
- <p>qs values can vary in the range 0.000 to 1.000. Note that
- any variant with a qs value of 0.000 will never be chosen.
- Variants with no 'qs' parameter value are given a qs factor of
- 1.0. The qs parameter indicates the relative 'quality' of this
- variant compared to the other available variants, independent
- of the client's capabilities. For example, a jpeg file is
- usually of higher source quality than an ascii file if it is
- attempting to represent a photograph. However, if the resource
- being represented is an original ascii art, then an ascii
- representation would have a higher source quality than a jpeg
- representation. A qs value is therefore specific to a given
- variant depending on the nature of the resource it
- represents.</p>
-
- <p>The full list of headers recognized is available in the <a
- href="mod/mod_negotiation.html#typemaps">mod_negotation</a>
- documentation.</p>
-
-
- <h3>Multiviews</h3>
-
- <p><code>MultiViews</code> is a per-directory option, meaning
- it can be set with an <code>Options</code> directive within a
- <code>&lt;Directory&gt;</code>, <code>&lt;Location&gt;</code>
- or <code>&lt;Files&gt;</code> section in
- <code>access.conf</code>, or (if <code>AllowOverride</code> is
- properly set) in <code>.htaccess</code> files. Note that
- <code>Options All</code> does not set <code>MultiViews</code>;
- you have to ask for it by name.</p>
-
- <p>The effect of <code>MultiViews</code> is as follows: if the
- server receives a request for <code>/some/dir/foo</code>, if
- <code>/some/dir</code> has <code>MultiViews</code> enabled, and
- <code>/some/dir/foo</code> does <em>not</em> exist, then the
- server reads the directory looking for files named foo.*, and
- effectively fakes up a type map which names all those files,
- assigning them the same media types and content-encodings it
- would have if the client had asked for one of them by name. It
- then chooses the best match to the client's requirements.</p>
-
- <p><code>MultiViews</code> may also apply to searches for the
- file named by the <code>DirectoryIndex</code> directive, if the
- server is trying to index a directory. If the configuration
- files specify</p>
-<pre>
- DirectoryIndex index
-</pre>
- then the server will arbitrate between <code>index.html</code>
- and <code>index.html3</code> if both are present. If neither
- are present, and <code>index.cgi</code> is there, the server
- will run it.
-
- <p>If one of the files found when reading the directory does not
- have an extension recognized by <code>mod_mime</code> to designate
- its Charset, Content-Type, Language, or Encoding, then the result
- depends on the setting of the <a
- href="mod/mod_mime.html#multiviewsmatch">MultiViewsMatch</a>
- directive. This directive determines whether handlers, filters,
- and other extension types can participate in MultiViews
- negotiation.</p>
-
- <h2>The Negotiation Methods</h2>
- After Apache has obtained a list of the variants for a given
- resource, either from a type-map file or from the filenames in
- the directory, it invokes one of two methods to decide on the
- 'best' variant to return, if any. It is not necessary to know
- any of the details of how negotiation actually takes place in
- order to use Apache's content negotiation features. However the
- rest of this document explains the methods used for those
- interested.
-
- <p>There are two negotiation methods:</p>
-
- <ol>
- <li><strong>Server driven negotiation with the Apache
- algorithm</strong> is used in the normal case. The Apache
- algorithm is explained in more detail below. When this
- algorithm is used, Apache can sometimes 'fiddle' the quality
- factor of a particular dimension to achieve a better result.
- The ways Apache can fiddle quality factors is explained in
- more detail below.</li>
-
- <li><strong>Transparent content negotiation</strong> is used
- when the browser specifically requests this through the
- mechanism defined in RFC 2295. This negotiation method gives
- the browser full control over deciding on the 'best' variant,
- the result is therefore dependent on the specific algorithms
- used by the browser. As part of the transparent negotiation
- process, the browser can ask Apache to run the 'remote
- variant selection algorithm' defined in RFC 2296.</li>
- </ol>
-
- <h3>Dimensions of Negotiation</h3>
-
- <table>
- <tr valign="top">
- <th>Dimension</th>
-
- <th>Notes</th>
- </tr>
-
- <tr valign="top">
- <td>Media Type</td>
-
- <td>Browser indicates preferences with the Accept header
- field. Each item can have an associated quality factor.
- Variant description can also have a quality factor (the
- "qs" parameter).</td>
- </tr>
-
- <tr valign="top">
- <td>Language</td>
-
- <td>Browser indicates preferences with the Accept-Language
- header field. Each item can have a quality factor. Variants
- can be associated with none, one or more than one
- language.</td>
- </tr>
-
- <tr valign="top">
- <td>Encoding</td>
-
- <td>Browser indicates preference with the Accept-Encoding
- header field. Each item can have a quality factor.</td>
- </tr>
-
- <tr valign="top">
- <td>Charset</td>
-
- <td>Browser indicates preference with the Accept-Charset
- header field. Each item can have a quality factor. Variants
- can indicate a charset as a parameter of the media
- type.</td>
- </tr>
- </table>
-
- <h3>Apache Negotiation Algorithm</h3>
-
- <p>Apache can use the following algorithm to select the 'best'
- variant (if any) to return to the browser. This algorithm is
- not further configurable. It operates as follows:</p>
-
- <ol>
- <li>First, for each dimension of the negotiation, check the
- appropriate <em>Accept*</em> header field and assign a
- quality to each variant. If the <em>Accept*</em> header for
- any dimension implies that this variant is not acceptable,
- eliminate it. If no variants remain, go to step 4.</li>
-
- <li>
- Select the 'best' variant by a process of elimination. Each
- of the following tests is applied in order. Any variants
- not selected at each test are eliminated. After each test,
- if only one variant remains, select it as the best match
- and proceed to step 3. If more than one variant remains,
- move on to the next test.
-
- <ol>
- <li>Multiply the quality factor from the Accept header
- with the quality-of-source factor for this variant's
- media type, and select the variants with the highest
- value.</li>
-
- <li>Select the variants with the highest language quality
- factor.</li>
-
- <li>Select the variants with the best language match,
- using either the order of languages in the
- Accept-Language header (if present), or else the order of
- languages in the <code>LanguagePriority</code> directive
- (if present).</li>
-
- <li>Select the variants with the highest 'level' media
- parameter (used to give the version of text/html media
- types).</li>
-
- <li>Select variants with the best charset media
- parameters, as given on the Accept-Charset header line.
- Charset ISO-8859-1 is acceptable unless explicitly
- excluded. Variants with a <code>text/*</code> media type
- but not explicitly associated with a particular charset
- are assumed to be in ISO-8859-1.</li>
-
- <li>Select those variants which have associated charset
- media parameters that are <em>not</em> ISO-8859-1. If
- there are no such variants, select all variants
- instead.</li>
-
- <li>Select the variants with the best encoding. If there
- are variants with an encoding that is acceptable to the
- user-agent, select only these variants. Otherwise if
- there is a mix of encoded and non-encoded variants,
- select only the unencoded variants. If either all
- variants are encoded or all variants are not encoded,
- select all variants.</li>
-
- <li>Select the variants with the smallest content
- length.</li>
-
- <li>Select the first variant of those remaining. This
- will be either the first listed in the type-map file, or
- when variants are read from the directory, the one whose
- file name comes first when sorted using ASCII code
- order.</li>
- </ol>
- </li>
-
- <li>The algorithm has now selected one 'best' variant, so
- return it as the response. The HTTP response header Vary is
- set to indicate the dimensions of negotiation (browsers and
- caches can use this information when caching the resource).
- End.</li>
-
- <li>To get here means no variant was selected (because none
- are acceptable to the browser). Return a 406 status (meaning
- "No acceptable representation") with a response body
- consisting of an HTML document listing the available
- variants. Also set the HTTP Vary header to indicate the
- dimensions of variance.</li>
- </ol>
-
- <h2><a id="better" name="better">Fiddling with Quality
- Values</a></h2>
-
- <p>Apache sometimes changes the quality values from what would
- be expected by a strict interpretation of the Apache
- negotiation algorithm above. This is to get a better result
- from the algorithm for browsers which do not send full or
- accurate information. Some of the most popular browsers send
- Accept header information which would otherwise result in the
- selection of the wrong variant in many cases. If a browser
- sends full and correct information these fiddles will not be
- applied.</p>
-
- <h3>Media Types and Wildcards</h3>
-
- <p>The Accept: request header indicates preferences for media
- types. It can also include 'wildcard' media types, such as
- "image/*" or "*/*" where the * matches any string. So a request
- including:</p>
-<pre>
- Accept: image/*, */*
-</pre>
- would indicate that any type starting "image/" is acceptable,
- as is any other type (so the first "image/*" is redundant).
- Some browsers routinely send wildcards in addition to explicit
- types they can handle. For example:
-<pre>
- Accept: text/html, text/plain, image/gif, image/jpeg, */*
-</pre>
- The intention of this is to indicate that the explicitly listed
- types are preferred, but if a different representation is
- available, that is ok too. However under the basic algorithm,
- as given above, the */* wildcard has exactly equal preference
- to all the other types, so they are not being preferred. The
- browser should really have sent a request with a lower quality
- (preference) value for *.*, such as:
-<pre>
- Accept: text/html, text/plain, image/gif, image/jpeg, */*; q=0.01
-</pre>
- The explicit types have no quality factor, so they default to a
- preference of 1.0 (the highest). The wildcard */* is given a
- low preference of 0.01, so other types will only be returned if
- no variant matches an explicitly listed type.
-
- <p>If the Accept: header contains <em>no</em> q factors at all,
- Apache sets the q value of "*/*", if present, to 0.01 to
- emulate the desired behavior. It also sets the q value of
- wildcards of the format "type/*" to 0.02 (so these are
- preferred over matches against "*/*". If any media type on the
- Accept: header contains a q factor, these special values are
- <em>not</em> applied, so requests from browsers which send the
- correct information to start with work as expected.</p>
-
- <h3>Language Negotiation Exceptions</h3>
-
- <p>New in Apache 2.0, some exceptions have been added to the
- negotiation algorithm to allow graceful fallback when language
- negotiation fails to find a match.</p>
-
- <p>When a client requests a page on your server, but the server
- cannot find a single page that matches the Accept-language sent by
- the browser, the server will return either a "No Acceptable
- Variant" or "Multiple Choices" response to the client. To avoid
- these error messages, it is possible to configure Apache to ignore
- the Accept-language in these cases and provide a document that
- does not explictly match the client's request. The <a
- href="mod/mod_negotiation.html#forcelanguagepriority">ForceLanguagePriority</a>
- directive can be used to override one or both of these error
- messages and subsitute the servers judgement in the form of the <a
- href="mod/mod_negotiation.html#languagepriority">LanguagePriority</a>
- directive.</p>
-
- <p>The server will also attempt to match language-subsets when no
- other match can be found. For example, if a client requests
- documents with the language <code>en-GB</code> for British
- English, the server is not normally allowed by the HTTP/1.1
- standard to match that against a document that is marked as simply
- <code>en</code>. (Note that it is almost surely a configuration
- error to include <code>en-GB</code> and not <code>en</code> in the
- Accept-Language header, since it is very unlikely that a reader
- understands British English, but doesn't understand English in
- general. Unfortunately, many current clients have default
- configurations that resemble this.) However, if no other language
- match is possible and the server is about to return a "No
- Acceptable Variants" error or fallback to the
- <code>LanguagePriority</code>, the server will ignore the subset
- specification and match <code>en-GB</code> against <code>en</code>
- documents. Implicitly, Apache will add the parent language to
- the client's acceptable language list with a very low quality
- value. But note that if the client requests "en-GB; qs=0.9, fr;
- qs=0.8", and the server has documents designated "en" and "fr",
- then the "fr" document will be returned. This is necessary to
- maintain compliance with the HTTP/1.1 specification and to work
- effectively with properly configured clients.</p>
-
-
- <h2>Extensions to Transparent Content Negotiation</h2>
- Apache extends the transparent content negotiation protocol
- (RFC 2295) as follows. A new <code>{encoding ..}</code> element
- is used in variant lists to label variants which are available
- with a specific content-encoding only. The implementation of
- the RVSA/1.0 algorithm (RFC 2296) is extended to recognize
- encoded variants in the list, and to use them as candidate
- variants whenever their encodings are acceptable according to
- the Accept-Encoding request header. The RVSA/1.0 implementation
- does not round computed quality factors to 5 decimal places
- before choosing the best variant.
-
- <h2>Note on hyperlinks and naming conventions</h2>
-
- <p>If you are using language negotiation you can choose between
- different naming conventions, because files can have more than
- one extension, and the order of the extensions is normally
- irrelevant (see the <a
- href="mod/mod_mime.html#multipleext">mod_mime</a> documentation
- for details).</p>
-
- <p>A typical file has a MIME-type extension (<em>e.g.</em>,
- <samp>html</samp>), maybe an encoding extension (<em>e.g.</em>,
- <samp>gz</samp>), and of course a language extension
- (<em>e.g.</em>, <samp>en</samp>) when we have different
- language variants of this file.</p>
-
- <p>Examples:</p>
-
- <ul>
- <li>foo.en.html</li>
-
- <li>foo.html.en</li>
-
- <li>foo.en.html.gz</li>
- </ul>
-
- <p>Here some more examples of filenames together with valid and
- invalid hyperlinks:</p>
-
- <table border="1" cellpadding="8" cellspacing="0">
- <tr>
- <th>Filename</th>
-
- <th>Valid hyperlink</th>
-
- <th>Invalid hyperlink</th>
- </tr>
-
- <tr>
- <td><em>foo.html.en</em></td>
-
- <td>foo<br />
- foo.html</td>
-
- <td>-</td>
- </tr>
-
- <tr>
- <td><em>foo.en.html</em></td>
-
- <td>foo</td>
-
- <td>foo.html</td>
- </tr>
-
- <tr>
- <td><em>foo.html.en.gz</em></td>
-
- <td>foo<br />
- foo.html</td>
-
- <td>foo.gz<br />
- foo.html.gz</td>
- </tr>
-
- <tr>
- <td><em>foo.en.html.gz</em></td>
-
- <td>foo</td>
-
- <td>foo.html<br />
- foo.html.gz<br />
- foo.gz</td>
- </tr>
-
- <tr>
- <td><em>foo.gz.html.en</em></td>
-
- <td>foo<br />
- foo.gz<br />
- foo.gz.html</td>
-
- <td>foo.html</td>
- </tr>
-
- <tr>
- <td><em>foo.html.gz.en</em></td>
-
- <td>foo<br />
- foo.html<br />
- foo.html.gz</td>
-
- <td>foo.gz</td>
- </tr>
- </table>
-
- <p>Looking at the table above you will notice that it is always
- possible to use the name without any extensions in an hyperlink
- (<em>e.g.</em>, <samp>foo</samp>). The advantage is that you
- can hide the actual type of a document rsp. file and can change
- it later, <em>e.g.</em>, from <samp>html</samp> to
- <samp>shtml</samp> or <samp>cgi</samp> without changing any
- hyperlink references.</p>
-
- <p>If you want to continue to use a MIME-type in your
- hyperlinks (<em>e.g.</em> <samp>foo.html</samp>) the language
- extension (including an encoding extension if there is one)
- must be on the right hand side of the MIME-type extension
- (<em>e.g.</em>, <samp>foo.html.en</samp>).</p>
-
- <h2>Note on Caching</h2>
-
- <p>When a cache stores a representation, it associates it with
- the request URL. The next time that URL is requested, the cache
- can use the stored representation. But, if the resource is
- negotiable at the server, this might result in only the first
- requested variant being cached and subsequent cache hits might
- return the wrong response. To prevent this, Apache normally
- marks all responses that are returned after content negotiation
- as non-cacheable by HTTP/1.0 clients. Apache also supports the
- HTTP/1.1 protocol features to allow caching of negotiated
- responses.</p>
-
- <p>For requests which come from a HTTP/1.0 compliant client
- (either a browser or a cache), the directive
- <tt>CacheNegotiatedDocs</tt> can be used to allow caching of
- responses which were subject to negotiation. This directive can
- be given in the server config or virtual host, and takes no
- arguments. It has no effect on requests from HTTP/1.1 clients.
-
- <h2>More Information</h2>
-
- <p>For more information about content negotiation, see Alan
- J. Flavell's <a
- href="http://ppewww.ph.gla.ac.uk/~flavell/www/lang-neg.html">Language
- Negotiation Notes</a>. But note that this document may not be
- updated to include changes in Apache 2.0.</p>
-
- <!--#include virtual="footer.html" -->
- </body>
-</html>
-
diff --git a/docs/manual/developer/modules.html.en b/docs/manual/developer/modules.html.en
deleted file mode 100644
index ebf7c33da2..0000000000
--- a/docs/manual/developer/modules.html.en
+++ /dev/null
@@ -1,258 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
- <title>Converting Modules from Apache 1.3 to Apache 2.0</title>
- </head>
- <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
- <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
- vlink="#000080" alink="#FF0000">
- <!--#include virtual="header.html" -->
-
- <h1 align="CENTER">From Apache 1.3 to Apache 2.0<br />
- Modules</h1>
-
- <p>This is a first attempt at writing the lessons I learned
- when trying to convert the mod_mmap_static module to Apache
- 2.0. It's by no means definitive and probably won't even be
- correct in some ways, but it's a start.</p>
- <hr />
-
- <h2>The easier changes...</h2>
-
- <h3>Cleanup Routines</h3>
-
- <p>These now need to be of type apr_status_t and return a value
- of that type. Normally the return value will be APR_SUCCESS
- unless there is some need to signal an error in the cleanup. Be
- aware that even though you signal an error not all code yet
- checks and acts upon the error.</p>
-
- <h3>Initialisation Routines</h3>
-
- <p>These should now be renamed to better signify where they sit
- in the overall process. So the name gets a small change from
- mmap_init to mmap_post_config. The arguments passed have
- undergone a radical change and now look like</p>
-
- <ul style="list-style:none">
- <li>apr_pool_t *p,</li>
-
- <li>apr_pool_t *plog,</li>
-
- <li>apr_pool_t *ptemp,</li>
-
- <li>server_rec *s</li>
- </ul>
-
- <h3>Data Types</h3>
-
- <p>A lot of the data types have been moved into the APR. This
- means that some have had a name change, such as the one shown
- above. The following is a brief list of some of the changes
- that you are likely to have to make.</p>
-
- <ul style="list-style:none">
- <li>pool becomes apr_pool_t</li>
-
- <li>table becomes apr_table_t</li>
- </ul>
- <hr />
-
- <h2>The <em>messier</em> changes...</h2>
-
- <h3>Register Hooks</h3>
-
- <p>The new architecture uses a series of hooks to provide for
- calling your functions. These you'll need to add to your module
- by way of a new function, static void register_hooks(void). The
- function is really reasonably straightforward once you
- understand what needs to be done. Each function that needs
- calling at some stage in the processing of a request needs to
- be registered, handlers do not. There are a number of phases
- where functions can be added, and for each you can specify with
- a high degree of control the relative order that the function
- will be called in.</p>
-
- <p>This is the code that was added to mod_mmap_static:</p>
-<pre>
-static void register_hooks(void)
-{
- static const char * const aszPre[]={ "http_core.c",NULL };
- ap_hook_post_config(mmap_post_config,NULL,NULL,HOOK_MIDDLE);
- ap_hook_translate_name(mmap_static_xlat,aszPre,NULL,HOOK_LAST);
-};
-</pre>
-
- <p>This registers 2 functions that need to be called, one in
- the post_config stage (virtually every module will need this
- one) and one for the translate_name phase. note that while
- there are different function names the format of each is
- identical. So what is the format?</p>
-
- <p><strong>ap_hook_[phase_name](function_name, predecessors,
- successors, position);</strong></p>
-
- <p>There are 3 hook positions defined...</p>
-
- <ul style="list-style:none">
- <li>HOOK_FIRST</li>
-
- <li>HOOK_MIDDLE</li>
-
- <li>HOOK_LAST</li>
- </ul>
-
- <p>To define the position you use the position and then modify
- it with the predecessors and successors. each of the modifiers
- can be a list of functions that should be called, either before
- the function is run (predecessors) or after the function has
- run (successors).</p>
-
- <p>In the mod_mmap_static case I didn't care about the
- post_config stage, but the mmap_static_xlat MUST be called
- after the core module had done it's name translation, hence the
- use of the aszPre to define a modifier to the position
- HOOK_LAST.</p>
-
- <h3>Module Definition</h3>
-
- <p>There are now a lot fewer stages to worry about when
- creating your module definition. The old defintion looked
- like</p>
-<pre>
-module MODULE_VAR_EXPORT [module_name]_module =
-{
- STANDARD_MODULE_STUFF,
- /* initializer */
- /* dir config creater */
- /* dir merger --- default is to override */
- /* server config */
- /* merge server config */
- /* command handlers */
- /* handlers */
- /* filename translation */
- /* check_user_id */
- /* check auth */
- /* check access */
- /* type_checker */
- /* fixups */
- /* logger */
- /* header parser */
- /* child_init */
- /* child_exit */
- /* post read-request */
-};
-</pre>
-
- <p>The new structure is a great deal simpler...</p>
-<pre>
-module MODULE_VAR_EXPORT [module_name]_module =
-{
- STANDARD20_MODULE_STUFF,
- /* create per-directory config structures */
- /* merge per-directory config structures */
- /* create per-server config structures */
- /* merge per-server config structures */
- /* command handlers */
- /* handlers */
- /* register hooks */
- };
-</pre>
-
- <p>Some of these read directly across, some don't. I'll try to
- summarise what should be done below.</p>
-
- <p>The stages that read directly across :</p>
-
- <ul style="list-style:none">
- <li>/* dir config creater */ ==&gt; /* create per-directory
- config structures */</li>
-
- <li>/* server config */ ==&gt; /* create per-server config
- structures */</li>
-
- <li>/* dir merger */ ==&gt; /* merge per-directory config
- structures */</li>
-
- <li>/* merge server config */ ==&gt; /* merge per-server
- config structures */</li>
-
- <li>/* command table */ ==&gt; /* command apr_table_t */</li>
-
- <li>/* handlers */ ==&gt; /* handlers */</li>
- </ul>
-
- <p>The remainder of the old functions should be registered as
- hooks. There are the following hook stages defined so
- far...</p>
-
- <ul style="list-style:none">
- <li>ap_hook_post_config <em>(this is where the old _init
- routines get registered)</em></li>
-
- <li>ap_hook_http_method <em>(retrieve the http method from a
- request. (legacy))</em></li>
-
- <li>ap_hook_open_logs <em>(open any specified logs)</em></li>
-
- <li>ap_hook_auth_checker <em>(check if the resource requires
- authorization)</em></li>
-
- <li>ap_hook_access_checker <em>(check for module-specific
- restrictions)</em></li>
-
- <li>ap_hook_check_user_id <em>(check the user-id and
- password)</em></li>
-
- <li>ap_hook_default_port <em>(retrieve the default port for
- the server)</em></li>
-
- <li>ap_hook_pre_connection <em>(do any setup required just
- before processing, but after accepting)</em></li>
-
- <li>ap_hook_process_connection <em>(run the correct
- protocol)</em></li>
-
- <li>ap_hook_child_init <em>(call as soon as the child is
- started)</em></li>
-
- <li>ap_hook_create_request <em>(??)</em></li>
-
- <li>ap_hook_fixups <em>(last chance to modify things before
- generating content)</em></li>
-
- <li>ap_hook_handler <em>(generate the content)</em></li>
-
- <li>ap_hook_header_parser <em>(let's modules look at the
- headers, not used by most modules, because they use
- post_read_request for this.)</em></li>
-
- <li>ap_hook_insert_filter <em>(to insert filters into the
- filter chain)</em></li>
-
- <li>ap_hook_log_transaction <em>(log information about the
- request)</em></li>
-
- <li>ap_hook_optional_fn_retrieve <em>(retrieve any functions
- registered as optional)</em></li>
-
- <li>ap_hook_post_read_request <em>(called after reading the
- request, before any other phase)</em></li>
-
- <li>ap_hook_quick_handler <em>(??)</em></li>
-
- <li>ap_hook_translate_name <em>(translate the URI into a
- filename)</em></li>
-
- <li>ap_hook_type_checker <em>(determine and/or set the doc
- type)</em> <!--#include virtual="footer.html" -->
- </li>
- </ul>
- </body>
-</html>
-
diff --git a/docs/manual/dso.html.en b/docs/manual/dso.html.en
deleted file mode 100644
index 41d965d671..0000000000
--- a/docs/manual/dso.html.en
+++ /dev/null
@@ -1,344 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
- <title>Dynamic Shared Object (DSO) support</title>
- </head>
- <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
- <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
- vlink="#000080" alink="#FF0000">
- <!--#include virtual="header.html" -->
-
- <h1 align="center">Dynamic Shared Object (DSO) Support</h1>
-
- <p>The Apache HTTP Server is a modular program where the
- administrator can choose the functionality to include in the
- server by selecting a set of modules. The modules can be
- statically compiled into the <code>httpd</code> binary when the
- server is built. Alternatively, modules can be compiled as
- Dynamic Shared Objects (DSOs) that exist separately from the
- main <code>httpd</code> binary file. DSO modules may be
- compiled at the time the server is built, or they may be
- compiled and added at a later time using the Apache Extension
- Tool (<a href="programs/apxs.html">apxs</a>).</p>
-
- <p>This document describes how to use DSO modules as well as
- the theory behind their use.</p>
-
- <ul>
- <li><a href="#implementation">Implementation</a></li>
-
- <li><a href="#usage">Usage Summary</a></li>
-
- <li><a href="#background">Background</a></li>
-
- <li><a href="#advantages">Advantages and
- Disadvantages</a></li>
- </ul>
- <hr />
-
- <table border="1">
- <tr>
- <td valign="top"><strong>Related Modules</strong><br />
- <br />
- <a href="mod/mod_so.html">mod_so</a><br />
- </td>
-
- <td valign="top"><strong>Related Directives</strong><br />
- <br />
- <a href="mod/mod_so.html#loadmodule">LoadModule</a><br />
- </td>
- </tr>
- </table>
-
- <h2><a id="implementation"
- name="implementation">Implementation</a></h2>
-
- <p>The DSO support for loading individual Apache modules is
- based on a module named <a
- href="mod/mod_so.html"><code>mod_so.c</code></a> which must be
- statically compiled into the Apache core. It is the only module
- besides <code>core.c</code> which cannot be put into a DSO
- itself. Practically all other distributed Apache modules
- can then be placed into a DSO by individually enabling the DSO
- build for them via <code>configure</code>'s
- <code>--enable-<i>module</i>=shared</code> option as disucussed
- in the <a href="install.html">install documentation</a>. After
- a module is compiled into a DSO named <code>mod_foo.so</code>
- you can use <a href="mod/mod_so.html"><code>mod_so</code></a>'s
- <a
- href="mod/mod_so.html#loadmodule"><code>LoadModule</code></a>
- command in your <code>httpd.conf</code> file to load this
- module at server startup or restart.</p>
-
- <p>To simplify this creation of DSO files for Apache modules
- (especially for third-party modules) a new support program
- named <a href="programs/apxs.html">apxs</a> (<em>APache
- eXtenSion</em>) is available. It can be used to build DSO based
- modules <em>outside of</em> the Apache source tree. The idea is
- simple: When installing Apache the <code>configure</code>'s
- <code>make install</code> procedure installs the Apache C
- header files and puts the platform-dependent compiler and
- linker flags for building DSO files into the <code>apxs</code>
- program. This way the user can use <code>apxs</code> to compile
- his Apache module sources without the Apache distribution
- source tree and without having to fiddle with the
- platform-dependent compiler and linker flags for DSO
- support.</p>
-
- <h2><a id="usage" name="usage">Usage Summary</a></h2>
-
- <p>To give you an overview of the DSO features of Apache 2.0,
- here is a short and concise summary:</p>
-
- <ol>
- <li>
- Build and install a <em>distributed</em> Apache module, say
- <code>mod_foo.c</code>, into its own DSO
- <code>mod_foo.so</code>:
-
- <table bgcolor="#f0f0f0" cellpadding="10">
- <tr>
- <td>
-<pre>
-$ ./configure --prefix=/path/to/install
- --enable-foo=shared
-$ make install
-</pre>
- </td>
- </tr>
- </table>
- </li>
-
- <li>
- Build and install a <em>third-party</em> Apache module, say
- <code>mod_foo.c</code>, into its own DSO
- <code>mod_foo.so</code>:
-
- <table bgcolor="#f0f0f0" cellpadding="10">
- <tr>
- <td>
-<pre>
-$ ./configure --add-module=module_type:/path/to/3rdparty/mod_foo.c
- --enable-foo=shared
-$ make install
-</pre>
- </td>
- </tr>
- </table>
- </li>
-
- <li>
- Configure Apache for <em>later installation</em> of shared
- modules:
-
- <table bgcolor="#f0f0f0" cellpadding="10">
- <tr>
- <td>
-<pre>
-$ ./configure --enable-so
-$ make install
-</pre>
- </td>
- </tr>
- </table>
- </li>
-
- <li>
- Build and install a <em>third-party</em> Apache module, say
- <code>mod_foo.c</code>, into its own DSO
- <code>mod_foo.so</code> <em>outside of</em> the Apache
- source tree using <a href="programs/apxs.html">apxs</a>:
-
- <table bgcolor="#f0f0f0" cellpadding="10">
- <tr>
- <td>
-<pre>
-$ cd /path/to/3rdparty
-$ apxs -c mod_foo.c
-$ apxs -i -a -n foo mod_foo.so
-</pre>
- </td>
- </tr>
- </table>
- </li>
- </ol>
-
- <p>In all cases, once the shared module is compiled, you must
- use a <a
- href="mod/mod_so.html#loadmodule"><code>LoadModule</code></a>
- directive in <code>httpd.conf</code> to tell Apache to activate
- the module.</p>
-
- <h2><a id="background" name="background">Background</a></h2>
-
- <p>On modern Unix derivatives there exists a nifty mechanism
- usually called dynamic linking/loading of <em>Dynamic Shared
- Objects</em> (DSO) which provides a way to build a piece of
- program code in a special format for loading it at run-time
- into the address space of an executable program.</p>
-
- <p>This loading can usually be done in two ways: Automatically
- by a system program called <code>ld.so</code> when an
- executable program is started or manually from within the
- executing program via a programmatic system interface to the
- Unix loader through the system calls
- <code>dlopen()/dlsym()</code>.</p>
-
- <p>In the first way the DSO's are usually called <em>shared
- libraries</em> or <em>DSO libraries</em> and named
- <code>libfoo.so</code> or <code>libfoo.so.1.2</code>. They
- reside in a system directory (usually <code>/usr/lib</code>)
- and the link to the executable program is established at
- build-time by specifying <code>-lfoo</code> to the linker
- command. This hard-codes library references into the executable
- program file so that at start-time the Unix loader is able to
- locate <code>libfoo.so</code> in <code>/usr/lib</code>, in
- paths hard-coded via linker-options like <code>-R</code> or in
- paths configured via the environment variable
- <code>LD_LIBRARY_PATH</code>. It then resolves any (yet
- unresolved) symbols in the executable program which are
- available in the DSO.</p>
-
- <p>Symbols in the executable program are usually not referenced
- by the DSO (because it's a reusable library of general code)
- and hence no further resolving has to be done. The executable
- program has no need to do anything on its own to use the
- symbols from the DSO because the complete resolving is done by
- the Unix loader. (In fact, the code to invoke
- <code>ld.so</code> is part of the run-time startup code which
- is linked into every executable program which has been bound
- non-static). The advantage of dynamic loading of common library
- code is obvious: the library code needs to be stored only once,
- in a system library like <code>libc.so</code>, saving disk
- space for every program.</p>
-
- <p>In the second way the DSO's are usually called <em>shared
- objects</em> or <em>DSO files</em> and can be named with an
- arbitrary extension (although the canonical name is
- <code>foo.so</code>). These files usually stay inside a
- program-specific directory and there is no automatically
- established link to the executable program where they are used.
- Instead the executable program manually loads the DSO at
- run-time into its address space via <code>dlopen()</code>. At
- this time no resolving of symbols from the DSO for the
- executable program is done. But instead the Unix loader
- automatically resolves any (yet unresolved) symbols in the DSO
- from the set of symbols exported by the executable program and
- its already loaded DSO libraries (especially all symbols from
- the ubiquitous <code>libc.so</code>). This way the DSO gets
- knowledge of the executable program's symbol set as if it had
- been statically linked with it in the first place.</p>
-
- <p>Finally, to take advantage of the DSO's API the executable
- program has to resolve particular symbols from the DSO via
- <code>dlsym()</code> for later use inside dispatch tables
- <em>etc.</em> In other words: The executable program has to
- manually resolve every symbol it needs to be able to use it.
- The advantage of such a mechanism is that optional program
- parts need not be loaded (and thus do not spend memory) until
- they are needed by the program in question. When required,
- these program parts can be loaded dynamically to extend the
- base program's functionality.</p>
-
- <p>Although this DSO mechanism sounds straightforward there is
- at least one difficult step here: The resolving of symbols from
- the executable program for the DSO when using a DSO to extend a
- program (the second way). Why? Because "reverse resolving" DSO
- symbols from the executable program's symbol set is against the
- library design (where the library has no knowledge about the
- programs it is used by) and is neither available under all
- platforms nor standardized. In practice the executable
- program's global symbols are often not re-exported and thus not
- available for use in a DSO. Finding a way to force the linker
- to export all global symbols is the main problem one has to
- solve when using DSO for extending a program at run-time.</p>
-
- <p>The shared library approach is the typical one, because it
- is what the DSO mechanism was designed for, hence it is used
- for nearly all types of libraries the operating system
- provides. On the other hand using shared objects for extending
- a program is not used by a lot of programs.</p>
-
- <p>As of 1998 there are only a few software packages available
- which use the DSO mechanism to actually extend their
- functionality at run-time: Perl 5 (via its XS mechanism and the
- DynaLoader module), Netscape Server, <em>etc.</em> Starting
- with version 1.3, Apache joined the crew, because Apache
- already uses a module concept to extend its functionality and
- internally uses a dispatch-list-based approach to link external
- modules into the Apache core functionality. So, Apache is
- really predestined for using DSO to load its modules at
- run-time.</p>
-
- <h2><a id="advantages" name="advantages">Advantages and
- Disadvantages</a></h2>
-
- <p>The above DSO based features have the following
- advantages:</p>
-
- <ul>
- <li>The server package is more flexible at run-time because
- the actual server process can be assembled at run-time via <a
- href="mod/mod_so.html#loadmodule"><code>LoadModule</code></a>
- <code>httpd.conf</code> configuration commands instead of
- <code>configure</code> options at build-time. For instance
- this way one is able to run different server instances
- (standard &amp; SSL version, minimalistic &amp; powered up
- version [mod_perl, PHP3], <em>etc.</em>) with only one Apache
- installation.</li>
-
- <li>The server package can be easily extended with
- third-party modules even after installation. This is at least
- a great benefit for vendor package maintainers who can create
- a Apache core package and additional packages containing
- extensions like PHP3, mod_perl, mod_fastcgi,
- <em>etc.</em></li>
-
- <li>Easier Apache module prototyping because with the
- DSO/<code>apxs</code> pair you can both work outside the
- Apache source tree and only need an <code>apxs -i</code>
- command followed by an <code>apachectl restart</code> to
- bring a new version of your currently developed module into
- the running Apache server.</li>
- </ul>
-
- <p>DSO has the following disadvantages:</p>
-
- <ul>
- <li>The DSO mechanism cannot be used on every platform
- because not all operating systems support dynamic loading of
- code into the address space of a program.</li>
-
- <li>The server is approximately 20% slower at startup time
- because of the symbol resolving overhead the Unix loader now
- has to do.</li>
-
- <li>The server is approximately 5% slower at execution time
- under some platforms because position independent code (PIC)
- sometimes needs complicated assembler tricks for relative
- addressing which are not necessarily as fast as absolute
- addressing.</li>
-
- <li>Because DSO modules cannot be linked against other
- DSO-based libraries (<code>ld -lfoo</code>) on all platforms
- (for instance a.out-based platforms usually don't provide
- this functionality while ELF-based platforms do) you cannot
- use the DSO mechanism for all types of modules. Or in other
- words, modules compiled as DSO files are restricted to only
- use symbols from the Apache core, from the C library
- (<code>libc</code>) and all other dynamic or static libraries
- used by the Apache core, or from static library archives
- (<code>libfoo.a</code>) containing position independent code.
- The only chances to use other code is to either make sure the
- Apache core itself already contains a reference to it or
- loading the code yourself via <code>dlopen()</code>.</li>
- </ul>
- <!--#include virtual="footer.html" -->
- </body>
-</html>
-
diff --git a/docs/manual/logs.html.en b/docs/manual/logs.html.en
deleted file mode 100644
index 49ccee903a..0000000000
--- a/docs/manual/logs.html.en
+++ /dev/null
@@ -1,666 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
- <title>Log Files - Apache HTTP Server</title>
- </head>
- <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
- <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
- vlink="#000080" alink="#FF0000">
- <!--#include virtual="header.html" -->
-
- <h1 align="center">Log Files</h1>
-
- <p>In order to effectively manage a web server, it is necessary
- to get feedback about the activity and performance of the
- server as well as any problems that may be occuring. The Apache
- HTTP Server provides very comprehensive and flexible logging
- capabilities. This document describes how to configure its
- logging capabilities, and how to understand what the logs
- contain.</p>
-
- <ul>
- <li><a href="#security">Security Warning</a></li>
-
- <li><a href="#errorlog">Error Log</a></li>
-
- <li>
- <a href="#accesslog">Access Log</a>
-
- <ul>
- <li><a href="#common">Common Log Format</a></li>
-
- <li><a href="#combined">Combined Log Format</a></li>
-
- <li><a href="#multiple">Multiple Access Logs</a></li>
-
- <li><a href="#conditional">Conditional Logging</a></li>
- </ul>
- </li>
-
- <li><a href="#rotation">Log Rotation</a></li>
-
- <li><a href="#piped">Piped Logs</a></li>
-
- <li><a href="#virtualhosts">Virtual Hosts</a></li>
-
- <li>
- <a href="#other">Other Log Files</a>
-
- <ul>
- <li><a href="#pidfile">PID File</a></li>
-
- <li><a href="#scriptlog">Script Log</a></li>
-
- <li><a href="#rewritelog">Rewrite Log</a></li>
- </ul>
- </li>
- </ul>
- <hr />
-
- <h2><a id="security" name="security">Security Warning</a></h2>
-
- <p>Anyone who can write to the directory where Apache is
- writing a log file can almost certainly gain access to the uid
- that the server is started as, which is normally root. Do
- <em>NOT</em> give people write access to the directory the logs
- are stored in without being aware of the consequences; see the
- <a href="misc/security_tips.html">security tips</a> document
- for details.</p>
-
- <p>In addition, log files may contain information supplied
- directly by the client, without escaping. Therefore, it is
- possible for malicious clients to insert control-characters in
- the log files, so care must be taken in dealing with raw
- logs.</p>
- <hr />
-
- <h2><a id="errorlog" name="errorlog">Error Log</a></h2>
-
- <table border="1">
- <tr>
- <td valign="top"><strong>Related Directives</strong><br />
- <br />
- <a href="mod/core.html#errorlog">ErrorLog</a><br />
- <a href="mod/core.html#loglevel">LogLevel</a> </td>
- </tr>
- </table>
-
- <p>The server error log, whose name and location is set by the
- <a href="mod/core.html#errorlog">ErrorLog</a> directive, is the
- most important log file. This is the place where Apache httpd
- will send diagnostic information and record any errors that it
- encounters in processing requests. It is the first place to
- look when a problem occurs with starting the server or with the
- operation of the server, since it will often contain details of
- what went wrong and how to fix it.</p>
-
- <p>The error log is usually written to a file (typically
- <code>error_log</code> on unix systems and
- <code>error.log</code> on Windows and OS/2). On unix systems it
- is also possible to have the server send errors to
- <code>syslog</code> or <a href="#piped">pipe them to a
- program</a>.</p>
-
- <p>The format of the error log is relatively free-form and
- descriptive. But there is certain information that is contained
- in most error log entries. For example, here is a typical
- message.</p>
-
- <blockquote>
- <code>[Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1]
- client denied by server configuration:
- /export/home/live/ap/htdocs/test</code>
- </blockquote>
-
- <p>The first item in the log entry is the date and time of the
- message. The second entry lists the severity of the error being
- reported. The <a href="mod/core.html#loglevel">LogLevel</a>
- directive is used to control the types of errors that are sent
- to the error log by restricting the severity level. The third
- entry gives the IP address of the client that generated the
- error. Beyond that is the message itself, which in this case
- indicates that the server has been configured to deny the
- client access. The server reports the file-system path (as
- opposed to the web path) of the requested document.</p>
-
- <p>A very wide variety of different messages can appear in the
- error log. Most look similar to the example above. The error
- log will also contain debugging output from CGI scripts. Any
- information written to <code>stderr</code> by a CGI script will
- be copied directly to the error log.</p>
-
- <p>It is not possible to customize the error log by adding or
- removing information. However, error log entries dealing with
- particular requests have corresponding entries in the <a
- href="#accesslog">access log</a>. For example, the above example
- entry corresponds to an access log entry with status code 403.
- Since it is possible to customize the access log, you can
- obtain more information about error conditions using that log
- file.</p>
-
- <p>During testing, it is often useful to continuously monitor
- the error log for any problems. On unix systems, you can
- accomplish this using:</p>
-
- <blockquote>
- <code>tail -f error_log</code>
- </blockquote>
- <hr />
-
- <h2><a id="accesslog" name="accesslog">Access Log</a></h2>
-
- <table border="1">
- <tr>
- <td valign="top"><strong>Related Modules</strong><br />
- <br />
- <a href="mod/mod_log_config.html">mod_log_config</a><br />
- </td>
-
- <td valign="top"><strong>Related Directives</strong><br />
- <br />
- <a
- href="mod/mod_log_config.html#customlog">CustomLog</a><br />
- <a
- href="mod/mod_log_config.html#logformat">LogFormat</a><br />
- <a href="mod/mod_setenvif.html#setenvif">SetEnvIf</a>
- </td>
- </tr>
- </table>
-
- <p>The server access log records all requests processed by the
- server. The location and content of the access log are
- controlled by the <a
- href="mod/mod_log_config.html#customlog">CustomLog</a>
- directive. The <a
- href="mod/mod_log_config.html#logformat">LogFormat</a>
- directive can be used to simplify the selection of the contents
- of the logs. This section describes how to configure the server
- to record information in the access log.</p>
-
- <p>Of course, storing the information in the access log is only
- the start of log management. The next step is to analyze this
- information to produce useful statistics. Log analysis in
- general is beyond the scope of this document, and not really
- part of the job of the web server itself. For more information
- about this topic, and for applications which perform log
- analysis, check the <a
- href="http://dmoz.org/Computers/Software/Internet/Site_Management/Log_analysis/">
- Open Directory</a> or <a
- href="http://dir.yahoo.com/Computers_and_Internet/Software/Internet/World_Wide_Web/Servers/Log_Analysis_Tools/">
- Yahoo</a>.</p>
-
- <p>Various versions of Apache httpd have used other modules and
- directives to control access logging, including
- mod_log_referer, mod_log_agent, and the
- <code>TransferLog</code> directive. The <code>CustomLog</code>
- directive now subsumes the functionality of all the older
- directives.</p>
-
- <p>The format of the access log is highly configurable. The
- format is specified using a <a
- href="mod/mod_log_config.html#format">format string</a> that
- looks much like a C-style printf(1) format string. Some
- examples are presented in the next sections. For a complete
- list of the possible contents of the format string, see the <a
- href="mod/mod_log_config.html">mod_log_config
- documentation</a>.</p>
-
- <h3><a id="common" name="common">Common Log Format</a></h3>
-
- <p>A typical configuration for the access log might look as
- follows.</p>
-
- <blockquote>
- <code>LogFormat "%h %l %u %t \"%r\" %&gt;s %b" common<br />
- CustomLog logs/access_log common</code>
- </blockquote>
-
- <p>This defines the <em>nickname</em> <code>common</code> and
- associates it with a particular log format string. The format
- string consists of percent directives, each of which tell the
- server to log a particular piece of information. Literal
- characters may also be placed in the format string and will be
- copied directly into the log output. The quote character
- (<code>"</code>) must be escaped by placing a back-slash before
- it to prevent it from being interpreted as the end of the
- format string. The format string may also contain the special
- control characters "<code>\n</code>" for new-line and
- "<code>\t</code>" for tab.</p>
-
- <p>The <code>CustomLog</code> directive sets up a new log file
- using the defined <em>nickname</em>. The filename for the
- access log is relative to the <a
- href="mod/core.html#serverroot">ServerRoot</a> unless it begins
- with a slash.</p>
-
- <p>The above configuration will write log entries in a format
- known as the Common Log Format (CLF). This standard format can
- be produced by many different web servers and read by many log
- analysis programs. The log file entries produced in CLF will
- look something like this:</p>
-
- <blockquote>
- <code>127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET
- /apache_pb.gif HTTP/1.0" 200 2326</code>
- </blockquote>
-
- <p>Each part of this log entry is described below.</p>
-
- <dl>
- <dt><code>127.0.0.1</code> (<code>%h</code>)</dt>
-
- <dd>This is the IP address of the client (remote host) which
- made the request to the server. If <a
- href="mod/core.html#hostnamelookups">HostnameLookups</a> is
- set to <code>On</code>, then the server will try to determine
- the hostname and log it in place of the IP address. However,
- this configuration is not recommended since it can
- significantly slow the server. Instead, it is best to use a
- log post-processor such as <a
- href="programs/logresolve.html">logresolve</a> to determine
- the hostnames. The IP address reported here is not
- necessarily the address of the machine at which the user is
- sitting. If a proxy server exists between the user and the
- server, this address will be the address of the proxy, rather
- than the originating machine.</dd>
-
- <dt><code>-</code> (<code>%l</code>)</dt>
-
- <dd>The "hyphen" in the output indicates that the requested
- piece of information is not available. In this case, the
- information that is not available is the RFC 1413 identity of
- the client determined by <code>identd</code> on the clients
- machine. This information is highly unreliable and should
- almost never be used except on tightly controlled internal
- networks. Apache httpd will not even attempt to determine
- this information unless <a
- href="mod/core.html#identitycheck">IdentityCheck</a> is set
- to <code>On</code>.</dd>
-
- <dt><code>frank</code> (<code>%u</code>)</dt>
-
- <dd>This is the userid of the person requesting the document
- as determined by HTTP authentication. The same value is
- typically provided to CGI scripts in the
- <code>REMOTE_USER</code> environment variable. If the status
- code for the request (see below) is 401, then this value
- should not be trusted because the user is not yet
- authenticated. If the document is not password protected,
- this entry will be "<code>-</code>" just like the previous
- one.</dd>
-
- <dt><code>[10/Oct/2000:13:55:36 -0700]</code>
- (<code>%t</code>)</dt>
-
- <dd>
- The time that the server finished processing the request.
- The format is:
-
- <blockquote>
- <code>[day/month/year:hour:minute:second zone]<br />
- day = 2*digit<br />
- month = 3*letter<br />
- year = 4*digit<br />
- hour = 2*digit<br />
- minute = 2*digit<br />
- second = 2*digit<br />
- zone = (`+' | `-') 4*digit</code>
- </blockquote>
- It is possible to have the time displayed in another format
- by specifying <code>%{format}t</code> in the log format
- string, where <code>format</code> is as in
- <code>strftime(3)</code> from the C standard library.
- </dd>
-
- <dt><code>"GET /apache_pb.gif HTTP/1.0"</code>
- (<code>\"%r\"</code>)</dt>
-
- <dd>The request line from the client is given in double
- quotes. The request line contains a great deal of useful
- information. First, the method used by the client is
- <code>GET</code>. Second, the client requested the resource
- <code>/apache_pb.gif</code>, and third, the client used the
- protocol <code>HTTP/1.0</code>. It is also possible to log
- one or more parts of the request line independently. For
- example, the format string "<code>%m %U%q %H</code>" will log
- the method, path, query-string, and protocol, resulting in
- exactly the same output as "<code>%r</code>".</dd>
-
- <dt><code>200</code> (<code>%&gt;s</code>)</dt>
-
- <dd>This is the status code that the server sends back to the
- client. This information is very valuable, because it reveals
- whether the request resulted in a successful response (codes
- beginning in 2), a redirection (codes beginning in 3), an
- error caused by the client (codes beginning in 4), or an
- error in the server (codes beginning in 5). The full list of
- possible status codes can be found in the <a
- href="http://www.w3.org/Protocols/rfc2616/rfc2616.txt">HTTP
- specification</a> (RFC2616 section 10).</dd>
-
- <dt><code>2326</code> (<code>%b</code>)</dt>
-
- <dd>The last entry indicates the size of the object returned
- to the client, not including the response headers. If no
- content was returned to the client, this value will be
- "<code>-</code>". To log "<code>0</code>" for no content, use
- <code>%B</code> instead.</dd>
- </dl>
-
- <h4><a id="combined" name="combined">Combined Log
- Format</a></h4>
-
- <p>Another commonly used format string is called the Combined
- Log Format. It can be used as follows.</p>
-
- <blockquote>
- <code>LogFormat "%h %l %u %t \"%r\" %&gt;s %b \"%{Referer}i\"
- \"%{User-agent}i\"" combined<br />
- CustomLog log/acces_log combined</code>
- </blockquote>
-
- <p>This format is exactly the same as the Common Log Format,
- with the addition of two more fields. Each of the additional
- fields uses the percent-directive
- <code>%{<em>header</em>}i</code>, where <em>header</em> can be
- any HTTP request header. The access log under this format will
- look like:</p>
-
- <blockquote>
- <code>127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET
- /apache_pb.gif HTTP/1.0" 200 2326
- "http://www.example.com/start.html" "Mozilla/4.08 [en]
- (Win98; I ;Nav)"</code>
- </blockquote>
-
- <p>The additional fields are:</p>
-
- <dl>
- <dt><code>"http://www.example.com/start.html"</code>
- (<code>\"%{Referer}i\"</code>)</dt>
-
- <dd>The "Referer" (sic) HTTP request header. This gives the
- site that the client reports having been referred from. (This
- should be the page that links to or includes
- <code>/apache_pb.gif</code>).</dd>
-
- <dt><code>"Mozilla/4.08 [en] (Win98; I ;Nav)"</code>
- (<code>\"%{User-agent}i\"</code>)</dt>
-
- <dd>The User-Agent HTTP request header. This is the
- identifying information that the client browser reports about
- itself.</dd>
- </dl>
-
- <h3><a id="multiple" name="multiple">Multiple Access
- Logs</a></h3>
-
- <p>Multiple access logs can be created simply by specifying
- multiple <code>CustomLog</code> directives in the configuration
- file. For example, the following directives will create three
- access logs. The first contains the basic CLF information,
- while the second and third contain referer and browser
- information. The last two <code>CustomLog</code> lines show how
- to mimic the effects of the <code>ReferLog</code> and
- <code>AgentLog</code> directives.</p>
-
- <blockquote>
- <code>LogFormat "%h %l %u %t \"%r\" %&gt;s %b" common<br />
- CustomLog logs/access_log common<br />
- CustomLog logs/referer_log "%{Referer}i -&gt; %U"<br />
- CustomLog logs/agent_log "%{User-agent}i"</code>
- </blockquote>
-
- <p>This example also shows that it is not necessary to define a
- nickname with the <code>LogFormat</code> directive. Instead,
- the log format can be specified directly in the
- <code>CustomLog</code> directive.</p>
-
- <h3><a id="conditional" name="conditional">Conditional
- Logging</a></h3>
-
- <p>There are times when it is convenient to exclude certain
- entries from the access logs based on characteristics of the
- client request. This is easily accomplished with the help of <a
- href="env.html">environment variables</a>. First, an
- environment variable must be set to indicate that the request
- meets certain conditions. This is usually accomplished with <a
- href="mod/mod_setenvif.html#setenvif">SetEnvIf</a>. Then the
- <code>env=</code> clause of the <code>CustomLog</code>
- directive is used to include or exclude requests where the
- environment variable is set. Some examples:</p>
-
- <blockquote>
- <code># Mark requests from the loop-back interface<br />
- SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog<br />
- # Mark requests for the robots.txt file<br />
- SetEnvIf Request_URI "^/robots\.txt$" dontlog<br />
- # Log what remains<br />
- CustomLog logs/access_log common env=!dontlog</code>
- </blockquote>
-
- <p>As another example, consider logging requests from
- english-speakers to one log file, and non-english speakers to a
- different log file.</p>
-
- <blockquote>
- <code>SetEnvIf Accept-Language "en" english<br />
- CustomLog logs/english_log common env=english<br />
- CustomLog logs/non_english_log common env=!english</code>
- </blockquote>
-
- <p>Although we have just shown that conditional logging is very
- powerful and flexibly, it is not the only way to control the
- contents of the logs. Log files are more useful when they
- contain a complete record of server activity. It is often
- easier to simply post-process the log files to remove requests
- that you do not want to consider.</p>
- <hr />
-
- <h2><a id="rotation" name="rotation">Log Rotation</a></h2>
-
- <p>On even a moderately busy server, the quantity of
- information stored in the log files is very large. The access
- log file typically grows 1 MB or more per 10,000 requests. It
- will consequently be necessary to periodically rotate the log
- files by moving or deleting the existing logs. This cannot be
- done while the server is running, because Apache will continue
- writing to the old log file as long as it holds the file open.
- Instead, the server must be <a
- href="stopping.html">restarted</a> after the log files are
- moved or deleted so that it will open new log files.</p>
-
- <p>By using a <em>graceful</em> restart, the server can be
- instructed to open new log files without losing any existing or
- pending connections from clients. However, in order to
- accomplish this, the server must continue to write to the old
- log files while it finishes serving old requests. It is
- therefore necessary to wait for some time after the restart
- before doing any processing on the log files. A typical
- scenario that simply rotates the logs and compresses the old
- logs to save space is:</p>
-
- <blockquote>
- <code>mv access_log access_log.old<br />
- mv error_log error_log.old<br />
- apachectl graceful<br />
- sleep 600<br />
- gzip access_log.old error_log.old</code>
- </blockquote>
-
- <p>Another way to perform log rotation is using <a
- href="#piped">piped logs</a> as discussed in the next
- section.</p>
- <hr />
-
- <h2><a id="piped" name="piped">Piped Logs</a></h2>
-
- <p>Apache httpd is capable of writing error and access log
- files through a pipe to another process, rather than directly
- to a file. This capability dramatically increases the
- flexibility of logging, without adding code to the main server.
- In order to write logs to a pipe, simply replace the filename
- with the pipe character "<code>|</code>", followed by the name
- of the executable which should accept log entries on its
- standard input. Apache will start the piped-log process when
- the server starts, and will restart it if it crashes while the
- server is running. (This last feature is why we can refer to
- this technique as "reliable piped logging".)</p>
-
- <p>Piped log processes are spawned by the parent Apache httpd
- process, and inherit the userid of that process. This means
- that piped log programs usually run as root. It is therefore
- very important to keep the programs simple and secure.</p>
-
- <p>Some simple examples using piped logs:</p>
-
- <blockquote>
- <code># compressed logs<br />
- CustomLog "|/usr/bin/gzip -c &gt;&gt;
- /var/log/access_log.gz" common<br />
- # almost-real-time name resolution<br />
- CustomLog "|/usr/local/apache/bin/logresolve &gt;&gt;
- /var/log/access_log" common</code>
- </blockquote>
-
- <p>Notice that quotes are used to enclose the entire command
- that will be called for the pipe. Although these examples are
- for the access log, the same technique can be used for the
- error log.</p>
-
- <p>One important use of piped logs is to allow log rotation
- without having to restart the server. The Apache HTTP Server
- includes a simple program called <a
- href="programs/rotatelogs.html">rotatelogs</a> for this
- purpose. For example, to rotate the logs every 24 hours, you
- can use:</p>
-
- <blockquote>
- <code>CustomLog "|/usr/local/apache/bin/rotatelogs
- /var/log/access_log 86400" common</code>
- </blockquote>
-
- <p>A similar, but much more flexible log rotation program
- called <a href="http://www.cronolog.org/">cronolog</a>
- is available at an external site.</p>
-
- <p>As with conditional logging, piped logs are a very powerful
- tool, but they should not be used where a simpler solution like
- off-line post-processing is available.</p>
- <hr />
-
- <h2><a id="virtualhosts" name="virtualhosts">Virtual
- Hosts</a></h2>
-
- <p>When running a server with many <a href="vhosts/">virtual
- hosts</a>, there are several options for dealing with log
- files. First, it is possible to use logs exactly as in a
- single-host server. Simply by placing the logging directives
- outside the <code>&lt;VirtualHost&gt;</code> sections in the
- main server context, it is possible to log all requests in the
- same access log and error log. This technique does not allow
- for easy collection of statistics on individual virtual
- hosts.</p>
-
- <p>If <code>CustomLog</code> or <code>ErrorLog</code>
- directives are placed inside a <code>&lt;VirtualHost&gt;</code>
- section, all requests or errors for that virtual host will be
- logged only to the specified file. Any virtual host which does
- not have logging directives will still have its requests sent
- to the main server logs. This technique is very useful for a
- small number of virtual hosts, but if the number of hosts is
- very large, it can be complicated to manage. In addition, it
- can often create problems with <a
- href="vhosts/fd-limits.html">insufficient file
- descriptors</a>.</p>
-
- <p>For the access log, there is a very good compromise. By
- adding information on the virtual host to the log format
- string, it is possible to log all hosts to the same log, and
- later split the log into individual files. For example,
- consider the following directives.</p>
-
- <blockquote>
- <code>LogFormat "%v %l %u %t \"%r\" %&gt;s %b"
- comonvhost<br />
- CustomLog logs/access_log comonvhost</code>
- </blockquote>
-
- <p>The <code>%v</code> is used to log the name of the virtual
- host that is serving the request. Then a program like <a
- href="programs/other.html">split-logfile</a> can be used to
- post-process the access log in order to split it into one file
- per virtual host.</p>
-
- <p>Unfortunately, no similar technique is available for the
- error log, so you must choose between mixing all virtual hosts
- in the same error log and using one error log per virtual
- host.</p>
- <hr />
-
- <h2><a id="other" name="other">Other Log Files</a></h2>
-
- <table border="1">
- <tr>
- <td valign="top"><strong>Related Modules</strong><br />
- <br />
- <a href="mod/mod_cgi.html">mod_cgi</a><br />
- <a href="mod/mod_rewrite.html">mod_rewrite</a> </td>
-
- <td valign="top"><strong>Related Directives</strong><br />
- <br />
- <a href="mod/core.html#pidfile">PidFile</a><br />
- <a
- href="mod/mod_rewrite.html#RewriteLog">RewriteLog</a><br />
- <a
- href="mod/mod_rewrite.html#RewriteLogLevel">RewriteLogLevel</a><br />
- <a href="mod/mod_cgi.html#scriptlog">ScriptLog</a><br />
- <a
- href="mod/mod_cgi.html#scriptloglength">ScriptLogLength</a><br />
- <a
- href="mod/mod_cgi.html#scriptlogbuffer">ScriptLogBuffer</a>
- </td>
- </tr>
- </table>
-
- <h3><a id="pidfile" name="pidfile">PID File</a></h3>
-
- <p>On startup, Apache httpd saves the process id of the parent
- httpd process to the file <code>logs/httpd.pid</code>. This
- filename can be changed with the <a
- href="mod/core.html#pidfile">PidFile</a> directive. The
- process-id is for use by the administrator in restarting and
- terminating the daemon by sending signals to the parent
- process; on Windows, use the -k command line option instead.
- For more information see the <a href="stopping.html">Stopping
- and Restarting</a> page.</p>
-
- <h3><a id="scriptlog" name="scriptlog">Script Log</a></h3>
-
- <p>In order to aid in debugging, the <a
- href="mod/mod_cgi.html#scriptlog">ScriptLog</a> directive
- allows you to record the input to and output from CGI scripts.
- This should only be used in testing - not for live servers.
- More information is available in the <a
- href="mod/mod_cgi.html">mod_cgi documentation</a>.</p>
-
- <h3><a id="rewritelog" name="rewritelog">Rewrite Log</a></h3>
-
- <p>When using the powerful and complex features of <a
- href="mod/mod_rewrite.html">mod_rewrite</a>, it is almost
- always necessary to use the <a
- href="mod/mod_rewrite.html#RewriteLog">RewriteLog</a> to help
- in debugging. This log file produces a detailed analysis of how
- the rewriting engine transforms requests. The level of detail
- is controlled by the <a
- href="mod/mod_rewrite.html#RewriteLogLevel">RewriteLogLevel</a>
- directive.</p>
- <!--#include virtual="footer.html" -->
- </body>
-</html>
-
diff --git a/docs/manual/mod/directive-dict.html.en b/docs/manual/mod/directive-dict.html.en
deleted file mode 100644
index deedf08aca..0000000000
--- a/docs/manual/mod/directive-dict.html.en
+++ /dev/null
@@ -1,327 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
- <title>Definitions of terms used to describe Apache
- directives</title>
- </head>
- <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
- <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
- vlink="#000080" alink="#FF0000">
- <!--#include virtual="header.html" -->
-
- <h1 align="CENTER">Terms Used to Describe Apache
- Directives</h1>
-
- <p>Each Apache configuration directive is described using a
- common format that looks like this:</p>
-
- <dl>
- <dd><a href="#Syntax" rel="Help"><strong>Syntax:</strong></a>
- <em>directive-name</em> <em>some args</em><br />
- <a href="#Default" rel="Help"><strong>Default:</strong></a>
- <samp><em>directive-name default-value</em></samp><br />
- <a href="#Context" rel="Help"><strong>Context:</strong></a>
- <em>context-list</em><br />
- <a href="#Override"
- rel="Help"><strong>Override:</strong></a>
- <em>override</em><br />
- <a href="#Status" rel="Help"><strong>Status:</strong></a>
- <em>status</em><br />
- <a href="#Module" rel="Help"><strong>Module:</strong></a>
- <em>module-name</em><br />
- <a href="#Compatibility"
- rel="Help"><strong>Compatibility:</strong></a>
- <em>compatibility notes</em><br />
- <a href="#Deprecated"
- rel="Help"><strong>Deprecated:</strong></a> <em>see
- other</em></dd>
- </dl>
-
- <p>Each of the directive's attributes, complete with possible
- values where possible, are described in this document.</p>
-
- <h2>Directive Terms</h2>
-
- <ul>
- <li><a href="#Syntax">Syntax</a></li>
-
- <li><a href="#Default">Default</a></li>
-
- <li><a href="#Context">Context</a></li>
-
- <li><a href="#Override">Override</a></li>
-
- <li><a href="#Status">Status</a></li>
-
- <li><a href="#Module">Module</a></li>
-
- <li><a href="#Compatibility">Compatibility</a></li>
-
- <li><a href="#Deprecated">Deprecated</a></li>
- </ul>
- <hr />
-
- <h2><a id="Syntax" name="Syntax">Syntax</a></h2>
-
- <p>This indicates the format of the directive as it would
- appear in a configuration file. This syntax is extremely
- directive-specific, and is described in detail in the
- directive's definition. Generally, the directive name is
- followed by a series of one or more space-separated arguments.
- If an argument contains a space, the argument must be enclosed
- in double quotes. Optional arguments are enclosed in square
- brackets. Where an argument can take on more than one possible
- value, the possible values are separated by vertical bars "|".
- Literal text is presented in the default font, while
- argument-types for which substitution is necessary are
- <em>emphasized</em>. Directives which can take a variable
- number of arguments will end in "..." indicating that the last
- argument is repeated.</p>
-
- <p>Directives use a great number of different argument types. A
- few common ones are defined below.</p>
-
- <dl>
- <dt><em>URL</em></dt>
-
- <dd>A complete Uniform Resource Locator including a scheme,
- hostname, and optional pathname as in
- <code>http://www.example.com/path/to/file.html</code></dd>
-
- <dt><em>URL-path</em></dt>
-
- <dd>The part of a <em>url</em> which follows the scheme and
- hostname as in <code>/path/to/file.html</code>. The
- <em>url-path</em> represents a web-view of a resource, as
- opposed to a file-system view.</dd>
-
- <dt><em>file-path</em></dt>
-
- <dd>The path to a file in the local file-system beginning
- with the root directory as in
- <code>/usr/local/apache/htdocs/path/to/file.html</code>.
- Unless otherwise specified, a <em>file-path</em> which does
- not begin with a slash will be treated as relative to the <a
- href="core.html#serverroot">ServerRoot</a>.</dd>
-
- <dt><em>directory-path</em></dt>
-
- <dd>The path to a directory in the local file-system
- beginning with the root directory as in
- <code>/usr/local/apache/htdocs/path/to/</code>.</dd>
-
- <dt><em>filename</em></dt>
-
- <dd>The name of a file with no accompanying path information
- as in <code>file.html</code>.</dd>
-
- <dt><em>regex</em></dt>
-
- <dd>A regular expression, which is a way of describing a
- pattern to match in text. The directive definition will
- specify what the <em>regex</em> is matching against.</dd>
-
- <dt><em>extension</em></dt>
-
- <dd>In general, this is the part of the <em>filename</em>
- which follows the last dot. However, Apache recognizes
- multiple filename extensions, so if a <em>filename</em>
- contains more than one dot, each dot-separated part of the
- filename following the first dot is an <em>extension</em>.
- For example, the <em>filename</em> <code>file.html.en</code>
- contains two extensions: <code>.html</code> and
- <code>.en</code>. For Apache directives, you may specify
- <em>extension</em>s with or without the leading dot. In
- addition, <em>extension</em>s are not case sensitive.</dd>
-
- <dt><em>MIME-type</em></dt>
-
- <dd>A method of describing the format of a file which
- consists of a major format type and a minor format type,
- separated by a slash as in <code>text/html</code>.</dd>
-
- <dt><em>env-variable</em></dt>
-
- <dd>The name of an <a href="../env.html">environment
- variable</a> defined in the Apache configuration process.
- Note this is not necessarily the same as an operating system
- environment variable. See the <a
- href="../env.html">environment variable documentation</a> for
- more details.</dd>
- </dl>
- <hr />
-
- <h2><a id="Default" name="Default">Default</a></h2>
-
- <p>If the directive has a default value (<em>i.e.</em>, if you
- omit it from your configuration entirely, the Apache Web server
- will behave as though you set it to a particular value), it is
- described here. If there is no default value, this section
- should say "<em>None</em>". Note that the default listed here
- is not necessarily the same as the value the directive takes in
- the default httpd.conf distributed with the server.</p>
- <hr />
-
- <h2><a id="Context" name="Context">Context</a></h2>
-
- <p>This indicates where in the server's configuration files the
- directive is legal. It's a comma-separated list of one or more
- of the following values:</p>
-
- <dl>
- <dt><strong>server config</strong></dt>
-
- <dd>This means that the directive may be used in the server
- configuration files (<em>e.g.</em>, <samp>httpd.conf</samp>,
- <samp>srm.conf</samp>, and <samp>access.conf</samp>), but
- <strong>not</strong> within any
- <samp>&lt;VirtualHost&gt;</samp> or &lt;Directory&gt;
- containers. It is not allowed in <samp>.htaccess</samp> files
- at all.</dd>
-
- <dt><strong>virtual host</strong></dt>
-
- <dd>This context means that the directive may appear inside
- <samp>&lt;VirtualHost&gt;</samp> containers in the server
- configuration files.</dd>
-
- <dt><strong>directory</strong></dt>
-
- <dd>A directive marked as being valid in this context may be
- used inside <samp>&lt;Directory&gt;</samp>,
- <samp>&lt;Location&gt;</samp>, and <samp>&lt;Files&gt;</samp>
- containers in the server configuration files, subject to the
- restrictions outlined in <a href="../sections.html">How
- Directory, Location and Files sections work</a>.</dd>
-
- <dt><strong>.htaccess</strong></dt>
-
- <dd>If a directive is valid in this context, it means that it
- can appear inside <em>per</em>-directory
- <samp>.htaccess</samp> files. It may not be processed, though
- depending upon the <a href="#Override"
- rel="Help">overrides</a> currently active.</dd>
- </dl>
-
- <p>The directive is <em>only</em> allowed within the designated
- context; if you try to use it elsewhere, you'll get a
- configuration error that will either prevent the server from
- handling requests in that context correctly, or will keep the
- server from operating at all -- <em>i.e.</em>, the server won't
- even start.</p>
-
- <p>The valid locations for the directive are actually the
- result of a Boolean OR of all of the listed contexts. In other
- words, a directive that is marked as being valid in
- "<samp>server config, .htaccess</samp>" can be used in the
- <samp>httpd.conf</samp> file and in <samp>.htaccess</samp>
- files, but not within any &lt;Directory&gt; or
- &lt;VirtualHost&gt; containers.</p>
- <hr />
-
- <h2><a id="Override" name="Override">Override</a></h2>
-
- <p>This directive attribute indicates which configuration
- override must be active in order for the directive to be
- processed when it appears in a <samp>.htaccess</samp> file. If
- the directive's <a href="#Context" rel="Help">context</a>
- doesn't permit it to appear in <samp>.htaccess</samp> files,
- this attribute should say "<em>Not applicable</em>".</p>
-
- <p>Overrides are activated by the <a
- href="core.html#allowoverride"
- rel="Help"><samp>AllowOverride</samp></a> directive, and apply
- to a particular scope (such as a directory) and all
- descendants, unless further modified by other
- <samp>AllowOverride</samp> directives at lower levels. The
- documentation for that directive also lists the possible
- override names available.</p>
- <hr />
-
- <h2><a id="Status" name="Status">Status</a></h2>
-
- <p>This indicates how tightly bound into the Apache Web server
- the directive is; in other words, you may need to recompile the
- server with an enhanced set of modules in order to gain access
- to the directive and its functionality. Possible values for
- this attribute are:</p>
-
- <dl>
- <dt><strong>Core</strong></dt>
-
- <dd>If a directive is listed as having "Core" status, that
- means it is part of the innermost portions of the Apache Web
- server, and is always available.</dd>
-
- <dt><strong>MPM</strong></dt>
-
- <dd>A directive labeled as having "MPM" status is provided by
- a <a href="../mpm.html">Multi-Processing Module</a>. This
- type of directive will be available if and only if you are
- using one of the MPMs listed on the <a
- href="#Module">Module</a> line of the directive
- definition.</dd>
-
- <dt><strong>Base</strong></dt>
-
- <dd>A directive labeled as having "Base" status is supported
- by one of the standard Apache modules which is compiled into
- the server by default, and is therefore normally available
- unless you've taken steps to remove the module from your
- configuration.</dd>
-
- <dt><strong>Extension</strong></dt>
-
- <dd>A directive with "Extension" status is provided by one of
- the modules included with the Apache server kit, but the
- module isn't normally compiled into the server. To enable the
- directive and its functionality, you will need to change the
- server build configuration files and re-compile Apache.</dd>
-
- <dt><strong>Experimental</strong></dt>
-
- <dd>"Experimental" status indicates that the directive is
- available as part of the Apache kit, but you're on your own
- if you try to use it. The directive is being documented for
- completeness, and is not necessarily supported. The module
- which provides the directive may or may not be compiled in by
- default; check the top of the page which describes the
- directive and its module to see if it remarks on the
- availability.</dd>
- </dl>
- <hr />
-
- <h2><a id="Module" name="Module">Module</a></h2>
-
- <p>This quite simply lists the name of the source module which
- defines the directive.</p>
- <hr />
-
- <h2><a id="Compatibility"
- name="Compatibility">Compatibility</a></h2>
-
- <p>If the directive wasn't part of the original Apache version
- 1 distribution, the version in which it was introduced should
- be listed here. If the directive has the same name as one from
- the NCSA HTTPd server, any inconsistencies in behavior between
- the two should also be mentioned. Otherwise, this attribute
- should say "<em>No compatibility issues.</em>"</p>
- <hr />
-
- <h2><a id="Deprecated" name="Deprecated">Deprecated</a></h2>
-
- <p>If this directive is eliminated since the Apache version 1
- distribution, the directive or option that replaces the
- behavior should be cited here. In general, directives,
- features, and options are only deprecated to minimize debugging
- of conflicting features, or if the feature can only continue to
- be supported in an alternate manner.</p>
- <!--#include virtual="footer.html" -->
- </body>
-</html>
-
diff --git a/docs/manual/mod/module-dict.html.en b/docs/manual/mod/module-dict.html.en
deleted file mode 100644
index 5e7cadb821..0000000000
--- a/docs/manual/mod/module-dict.html.en
+++ /dev/null
@@ -1,123 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
- <title>Definitions of terms used to describe Apache
- modules</title>
- </head>
- <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
- <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
- vlink="#000080" alink="#FF0000">
- <!--#include virtual="header.html" -->
-
- <h1 align="CENTER">Terms Used to Describe Apache Modules</h1>
-
- <p>Each Apache module is described using a common format that
- looks like this:</p>
-
- <dl>
- <dd><a href="#Status" rel="Help"><strong>Status:</strong></a>
- <em>status</em><br />
- <a href="#SourceFile" rel="Help"><strong>Source
- File:</strong></a> <em>source-file</em><br />
- <a href="#ModuleIdentifier" rel="Help"><strong>Module
- Identifier:</strong></a> <em>module-identifier</em><br />
- <a href="#Compatibility"
- rel="Help"><strong>Compatibility:</strong></a>
- <em>compatibility notes</em></dd>
- </dl>
-
- <p>Each of the attributes, complete with values where possible,
- are described in this document.</p>
-
- <h2>Module Terms</h2>
-
- <ul>
- <li><a href="#Status">Status</a></li>
-
- <li><a href="#SourceFile">Source File</a></li>
-
- <li><a href="#ModuleIdentifier">Module Identifier</a></li>
-
- <li><a href="#Compatibility">Compatibility</a></li>
- </ul>
- <hr />
-
- <h2><a id="Status" name="Status">Status</a></h2>
-
- <p>This indicates how tightly bound into the Apache Web server
- the module is; in other words, you may need to recompile the
- server in order to gain access to the module and its
- functionality. Possible values for this attribute are:</p>
-
- <dl>
- <dt><strong>MPM</strong></dt>
-
- <dd>A module with status "MPM" is a <a
- href="../mpm.html">Multi-Processing Module</a>. Unlike the
- other types of modules, Apache must have one and only one MPM
- in use at any time. This type of module is responsible for
- basic request handling and dispatching.</dd>
-
- <dt><strong>Base</strong></dt>
-
- <dd>A module labeled as having "Base" status is compiled and
- loaded into the server by default, and is therefore normally
- available unless you have taken steps to remove the module
- from your configuration.</dd>
-
- <dt><strong>Extension</strong></dt>
-
- <dd>A module with "Extension" status is not normally compiled
- and loaded into the server. To enable the module and its
- functionality, you may need to change the server build
- configuration files and re-compile Apache.</dd>
-
- <dt><strong>Experimental</strong></dt>
-
- <dd>"Experimental" status indicates that the module is
- available as part of the Apache kit, but you are on your own
- if you try to use it. The module is being documented for
- completeness, and is not necessarily supported.</dd>
-
- <dt><strong>External</strong></dt>
-
- <dd>Modules which are not included with the base Apache
- distribution ("third-party modules") may use the "External"
- status. We are not responsible for, nor do we support such
- modules.</dd>
- </dl>
- <hr />
-
- <h2><a id="SourceFile" name="SourceFile">Source File</a></h2>
-
- <p>This quite simply lists the name of the source file which
- contains the code for the module. This is also the name used by
- the <a
- href="core.html#ifmodule"><code>&lt;IfModule&gt;</code></a>
- directive.</p>
- <hr />
-
- <h2><a id="ModuleIdentifier" name="ModuleIdentifier">Module
- Identifier</a></h2>
-
- <p>This is a string which identifies the module for use in the
- <a href="mod_so.html#loadmodule">LoadModule</a> directive when
- dynamically loading modules. In particular, it is the name of
- the external variable of type module in the source file.</p>
- <hr />
-
- <h2><a id="Compatibility"
- name="Compatibility">Compatibility</a></h2>
-
- <p>If the module was not part of the original Apache version 2
- distribution, the version in which it was introduced should be
- listed here.</p>
- <!--#include virtual="footer.html" -->
- </body>
-</html>
-
diff --git a/docs/manual/sitemap.html.en b/docs/manual/sitemap.html.en
deleted file mode 100644
index d1f27cb89f..0000000000
--- a/docs/manual/sitemap.html.en
+++ /dev/null
@@ -1,201 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <title>Site Map - Apache HTTP Server 2.0</title>
- </head>
- <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
- <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
- vlink="#000080" alink="#FF0000">
- <!--#include virtual="header.html" -->
-
- <h1 align="center">Site Map</h1>
-
-<ul>
-<li><a href="index.html">Apache HTTP Server Version 2.0 Documentation</a>
-
-<ul>
-<li>Release Notes
-<ul>
-<li><a href="upgrading.html">Upgrading to 2.0 from 1.3</a></li>
-<li><a href="new_features_2_0.html">New features with Apache 2.0</a></li>
-</ul></li>
-
-<li>Using the Apache HTTP Server
-<ul>
-<li><a href="install.html">Compiling and Installing Apache</a></li>
-<li><a href="invoking.html">Starting Apache</a></li>
-<li><a href="stopping.html">Stopping and Restarting the Server</a></li>
-<li><a href="configuring.html">Configuration Files</a></li>
-<li><a href="sections.html">How Directory, Location and Files sections work</a></li>
-<li><a href="server-wide.html">Server-Wide Configuration</a></li>
-<li><a href="logs.html">Log Files</a></li>
-<li><a href="urlmapping.html">Mapping URLs to Filesystem Locations</a></li>
-<li><a href="misc/security_tips.html">Security Tips</a></li>
-<li><a href="dso.html">Dynamic Shared Object (DSO) support</a></li>
-<li><a href="content-negotiation.html">Content Negotiation</a></li>
-<li><a href="custom-error.html">Custom error responses</a></li>
-<li><a href="bind.html">Setting which addresses and ports Apache uses</a></li>
-<li><a href="mpm.html">Multi-Processing Modules (MPMs)</a></li>
-<li><a href="env.html">Environment Variables in Apache</a></li>
-<li><a href="handler.html">Apache's Handler Use</a></li>
-<li><a href="filter.html">Filters</a></li>
-<li><a href="suexec.html">suEXEC Support</a></li>
-<li><a href="misc/perf-tuning.html">Performance Hintes</a></li>
-<li><a href="misc/rewriteguide.html">URL Rewriting Guide</a></li>
-</ul></li>
-
-<li><a href="vhosts/">Apache Virtual Host documentation</a>
-<ul>
-<li><a href="vhosts/name-based.html">Name-based Virtual Hosts</a></li>
-<li><a href="vhosts/ip-based.html">IP-based Virtual Host Support</a></li>
-<li><a href="vhosts/mass.html">Dynamically configured mass virtual hosting</a></li>
-<li><a href="vhosts/examples.html">VirtualHost Examples</a></li>
-<li><a href="vhosts/details.html">An In-Depth Discussion of Virtual Host Matching</a></li>
-<li><a href="vhosts/fd-limits.html">File descriptor limitations</a></li>
-<li><a href="dns-caveats.html">Issues Regarding DNS and Apache</a></li>
-</ul></li>
-
-<li><a href="faq/">Apache Server Frequently Asked Questions</a>
-<ul>
-<li><a href="faq/support.html">Support</a></li>
-</ul></li>
-
-<li><a href="ssl/">Apache SSL/TLS Encryption</a>
-<ul>
-<li><a href="ssl/ssl_intro.html">SSL/TLS Encryption: An Introduction</a></li>
-<li><a href="ssl/ssl_compat.html">SSL/TLS Encryption: Compatibility</a></li>
-<li><a href="ssl/ssl_howto.html">SSL/TLS Encryption: How-To</a></li>
-<li><a href="ssl/ssl_faq.html">SSL/TLS Encryption: FAQ</a></li>
-<li><a href="ssl/ssl_glossary.html">SSL/TLS Encryption: Glossary</a></li>
-</ul></li>
-
-
-<li>Guides, Tutorials, and HowTos
-<ul>
-<li><a href="howto/auth.html">Authentication</a></li>
-<li><a href="howto/cgi.html">Apache Tutorial: Dynamic Content with CGI</a></li>
-<li><a href="howto/ssi.html">Apache Tutorial: Introduction to Server
-Side Includes</a></li>
-<li><a href="misc/tutorials.html">Apache Tutorials</a></li>
-</ul></li>
-
-
-<li>Platform-specific Notes
-<ul>
-<li><a href="platform/windows.html">Using Apache with Microsoft
-Windows</a></li>
-<li><a href="platform/win_compiling.html">Compiling Apache for
-Microsoft Windows</a></li>
-<li><a href="platform/win_service.html">Running Apache for Windows as
-a Service</a></li>
-<li><a href="platform/netware.html">Using Apache with Novell NetWare</a></li>
-<li><a href="platform/perf-hp.html">Running a High-Performance Web
-Server on HPUX</a></li>
-<li><a href="ebcdic.html">The Apache EBCDIC Port</a></li>
-</ul></li>
-
-<li><a href="programs/">Apache HTTP Server and Supporting Programs</a>
-<ul>
-<li><a href="programs/httpd.html">Manual Page: httpd</a></li>
-<li><a href="programs/ab.html">Manual Page: ab</a></li>
-<li><a href="programs/apachectl.html">Manual Page: apachectl</a></li>
-<li><a href="programs/apxs.html">Manual Page: apxs</a></li>
-<li><a href="programs/dbmmanage.html">Manual Page: dbmmanage</a></li>
-<li><a href="programs/htdigest.html">Manual Page: htdigest</a></li>
-<li><a href="programs/htpasswd.html">Manual Page: htpasswd</a></li>
-<li><a href="programs/logresolve.html">Manual Page: logresolve</a></li>
-<li><a href="programs/rotatelogs.html">Manual Page: rotatelogs</a></li>
-<li><a href="programs/suexec.html">Manual Page: suexec</a></li>
-<li><a href="programs/other.html">Other Programs</a></li>
-</ul></li>
-
-<li><a href="misc/">Apache Miscellaneous Documentation</a>
-<ul>
-<li><a href="misc/custom_errordocs.html">International Customized Server Error Messages</a></li>
-<li><a href="misc/fin_wait_2.html">Connections in FIN_WAIT_2 and Apache</a></li>
-<li><a href="misc/known_client_problems.html">Known Client Problems</a></li>
-<li><a href="misc/descriptors.html">Descriptors and Apache</a></li>
-<li><a href="cgi_path.html">PATH_INFO Changes in the CGI Environment</a></li>
-</ul></li>
-
-<li><a href="mod/">Apache modules</a>
-<ul>
-<li><a href="mod/directives.html">Apache directives</a></li>
-<li><a href="mod/module-dict.html">Definitions of terms used to describe Apache modules</a></li>
-<li><a href="mod/directive-dict.html">Definitions of terms used to describe Apache directives</a></li>
-<li><a href="mod/core.html">Apache Core Features</a></li>
-<li><a href="mod/mpm_common.html">Apache MPM Common Directives</a></li>
-<li><a href="mod/mpm_netware.html">Apache MPM netware</a></li>
-<li><a href="mod/mpm_winnt.html">Apache MPM winnt</a></li>
-<li><a href="mod/perchild.html">Apache MPM perchild</a></li>
-<li><a href="mod/prefork.html">Apache MPM prefork</a></li>
-<li><a href="mod/worker.html">Apache MPM worker</a></li>
-<li><a href="mod/mod_access.html">Apache module mod_access</a></li>
-<li><a href="mod/mod_actions.html">Apache module mod_actions</a></li>
-<li><a href="mod/mod_alias.html">Apache module mod_alias</a></li>
-<li><a href="mod/mod_asis.html">Apache module mod_asis</a></li>
-<li><a href="mod/mod_auth.html">Apache module mod_auth</a></li>
-<li><a href="mod/mod_auth_anon.html">Apache module mod_auth_anon.c</a></li>
-<li><a href="mod/mod_auth_dbm.html">Apache module mod_auth_dbm</a></li>
-<li><a href="mod/mod_auth_digest.html">Apache module mod_auth_digest</a></li>
-<li><a href="mod/mod_auth_ldap.html">Apache module mod_ldap</a></li>
-<li><a href="mod/mod_autoindex.html">Apache module mod_autoindex</a></li>
-<li><a href="mod/mod_cache.html">Apache module mod_cache</a></li>
-<li><a href="mod/mod_cern_meta.html">Apache module mod_cern_meta</a></li>
-<li><a href="mod/mod_cgi.html">Apache module mod_cgi</a></li>
-<li><a href="mod/mod_cgid.html">Apache module mod_cgi</a></li>
-<li><a href="mod/mod_charset_lite.html">Apache module mod_charset_lite</a></li>
-<li><a href="mod/mod_dav.html">Apache module mod_dav</a></li>
-<li><a href="mod/mod_deflate.html">Apache module mod_deflate</a></li>
-<li><a href="mod/mod_dir.html">Apache module mod_dir</a></li>
-<li><a href="mod/mod_env.html">Apache module mod_env</a></li>
-<li><a href="mod/mod_example.html">Apache module mod_example</a></li>
-<li><a href="mod/mod_expires.html">Apache module mod_expires</a></li>
-<li><a href="mod/mod_ext_filter.html">Apache module mod_ext_filter</a></li>
-<li><a href="mod/mod_file_cache.html">Apache module mod_file_cache</a></li>
-<li><a href="mod/mod_headers.html">Apache module mod_headers</a></li>
-<li><a href="mod/mod_imap.html">Apache module mod_imap</a></li>
-<li><a href="mod/mod_include.html">Apache module mod_include</a></li>
-<li><a href="mod/mod_info.html">Apache module mod_info</a></li>
-<li><a href="mod/mod_isapi.html">Apache module mod_isapi</a></li>
-<li><a href="mod/mod_ldap.html">Apache module mod_ldap</a></li>
-<li><a href="mod/mod_log_config.html">Apache module mod_log_config</a></li>
-<li><a href="mod/mod_mime.html">Apache module mod_mime</a></li>
-<li><a href="mod/mod_mime_magic.html">Apache module mod_mime_magic</a></li>
-<li><a href="mod/mod_negotiation.html">Apache module mod_negotiation</a></li>
-<li><a href="mod/mod_proxy.html">Apache module mod_proxy</a></li>
-<li><a href="mod/mod_rewrite.html">Apache module mod_rewrite</a></li>
-<li><a href="mod/mod_setenvif.html">Apache module mod_setenvif</a></li>
-<li><a href="mod/mod_so.html">Apache module mod_so</a></li>
-<li><a href="mod/mod_speling.html">Apache module mod_speling</a></li>
-<li><a href="mod/mod_ssl.html">Apache module mod_ssl</a></li>
-<li><a href="mod/mod_status.html">Apache module mod_status</a></li>
-<li><a href="mod/mod_suexec.html">Apache module mod_suexec</a></li>
-<li><a href="mod/mod_unique_id.html">Apache module mod_unique_id</a></li>
-<li><a href="mod/mod_userdir.html">Apache module mod_userdir</a></li>
-<li><a href="mod/mod_usertrack.html">Apache module mod_usertrack</a></li>
-<li><a href="mod/mod_vhost_alias.html">Apache module mod_vhost_alias</a></li>
-</ul></li>
-
-<li><a href="developer/">Developer Documentation</a>
-<ul>
-<li><a href="developer/API.html">Apache API notes</a></li>
-<li><a href="developer/debugging.html">Debugging Memory Allocation in APR</a></li>
-<li><a href="developer/documenting.html">Documenting Apache 2.0</a></li>
-<li><a href="developer/hooks.html">Apache 2.0 Hook Functions</a></li>
-<li><a href="developer/layeredio.html">Apache 2.0 Layered I/O</a></li>
-<li><a href="developer/modules.html">Converting Modules from Apache 1.3 to Apache 2.0</a></li>
-<li><a href="developer/request.html">Request Processing in Apache 2.0</a></li>
-<li><a href="developer/filters.html">How Filters Work in Apache 2.0</a></li>
-</ul></li>
-
-</ul></li>
-
-</ul>
-
- <!--#include virtual="footer.html" -->
- </body>
-</html>
diff --git a/docs/manual/stopping.html.en b/docs/manual/stopping.html.en
deleted file mode 100644
index 8e2c2b12c6..0000000000
--- a/docs/manual/stopping.html.en
+++ /dev/null
@@ -1,209 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
- <title>Stopping and Restarting the Server</title>
- </head>
- <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
- <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
- vlink="#000080" alink="#FF0000">
- <!--#include virtual="header.html" -->
-
- <h1 align="CENTER">Stopping and Restarting the Server</h1>
-
- <p>This document covers stopping and restarting Apache on
- Unix-like systems. Windows users should see <a
- href="platform/windows.html#signal">Signalling Apache when
- running</a>.</p>
-
- <p>You will notice many <code>httpd</code> executables running
- on your system, but you should not send signals to any of them
- except the parent, whose pid is in the <a
- href="mod/mpm_common.html#pidfile">PidFile</a>. That is to say you
- shouldn't ever need to send signals to any process except the
- parent. There are three signals that you can send the parent:
- <code>TERM</code>, <code>HUP</code>, and <code>USR1</code>,
- which will be described in a moment.</p>
-
- <p>To send a signal to the parent you should issue a command
- such as:</p>
-
- <blockquote>
-<pre>
- kill -TERM `cat /usr/local/apache/logs/httpd.pid`
-</pre>
- </blockquote>
- You can read about its progress by issuing:
-
- <blockquote>
-<pre>
- tail -f /usr/local/apache/logs/error_log
-</pre>
- </blockquote>
- Modify those examples to match your <a
- href="mod/core.html#serverroot">ServerRoot</a> and <a
- href="mod/mpm_common.html#pidfile">PidFile</a> settings.
-
- <p>A shell script called <a
- href="programs/apachectl.html">apachectl</a> is provided which
- automates the processing of signalling Apache. For details
- about this script, see the documentation on <a
- href="invoking.html">starting Apache</a>.</p>
-
- <h3>Stop Now</h3>
-
- <p><strong>Signal:</strong> TERM<br />
- <code>apachectl stop</code></p>
-
- <p>Sending the <code>TERM</code> signal to the parent causes it
- to immediately attempt to kill off all of its children. It may
- take it several seconds to complete killing off its children.
- Then the parent itself exits. Any requests in progress are
- terminated, and no further requests are served.</p>
-
- <h3>Graceful Restart</h3>
-
- <p><strong>Signal:</strong> USR1<br />
- <code>apachectl graceful</code></p>
-
- <p>The <code>USR1</code> signal causes the parent process to
- <em>advise</em> the children to exit after their current
- request (or to exit immediately if they're not serving
- anything). The parent re-reads its configuration files and
- re-opens its log files. As each child dies off the parent
- replaces it with a child from the new <em>generation</em> of
- the configuration, which begins serving new requests
- immediately.</p>
- <i>On certain platforms that do not allow USR1 to be used for a
- graceful restart, an alternative signal may be used (such as
- WINCH). apachectl graceful will send the right signal for your
- platform.</i>
-
- <p>This code is designed to always respect the <a
- href="mod/mpm_common.html#maxclients">MaxClients</a>, <a
- href="mod/prefork.html#minspareservers">MinSpareServers</a>,
- and <a
- href="mod/prefork.html#maxspareservers">MaxSpareServers</a>
- settings. Furthermore, it respects <a
- href="mod/mpm_common.html#startservers">StartServers</a> in the
- following manner: if after one second at least StartServers new
- children have not been created, then create enough to pick up
- the slack. This is to say that the code tries to maintain both
- the number of children appropriate for the current load on the
- server, and respect your wishes with the StartServers
- parameter.</p>
-
- <p>Users of the <a href="mod/mod_status.html">status module</a>
- will notice that the server statistics are <strong>not</strong>
- set to zero when a <code>USR1</code> is sent. The code was
- written to both minimize the time in which the server is unable
- to serve new requests (they will be queued up by the operating
- system, so they're not lost in any event) and to respect your
- tuning parameters. In order to do this it has to keep the
- <em>scoreboard</em> used to keep track of all children across
- generations.</p>
-
- <p>The status module will also use a <code>G</code> to indicate
- those children which are still serving requests started before
- the graceful restart was given.</p>
-
- <p>At present there is no way for a log rotation script using
- <code>USR1</code> to know for certain that all children writing
- the pre-restart log have finished. We suggest that you use a
- suitable delay after sending the <code>USR1</code> signal
- before you do anything with the old log. For example if most of
- your hits take less than 10 minutes to complete for users on
- low bandwidth links then you could wait 15 minutes before doing
- anything with the old log.</p>
-
- <p><strong>Note:</strong> If your configuration file has errors
- in it when you issue a restart then your parent will not
- restart, it will exit with an error. In the case of graceful
- restarts it will also leave children running when it exits.
- (These are the children which are "gracefully exiting" by
- handling their last request.) This will cause problems if you
- attempt to restart the server -- it will not be able to bind to
- its listening ports. Before doing a restart, you can check the
- syntax of the configuration files with the <code>-t</code>
- command line argument (see <a
- href="programs/httpd.html">httpd</a>). This still will not
- guarantee that the server will restart correctly. To check the
- semantics of the configuration files as well as the syntax, you
- can try starting httpd as a non-root user. If there are no
- errors it will attempt to open its sockets and logs and fail
- because it's not root (or because the currently running httpd
- already has those ports bound). If it fails for any other
- reason then it's probably a config file error and the error
- should be fixed before issuing the graceful restart.</p>
-
- <h3>Restart Now</h3>
-
- <p><strong>Signal:</strong> HUP<br />
- <code>apachectl restart</code></p>
-
- <p>Sending the <code>HUP</code> signal to the parent causes it
- to kill off its children like in <code>TERM</code> but the
- parent doesn't exit. It re-reads its configuration files, and
- re-opens any log files. Then it spawns a new set of children
- and continues serving hits.</p>
-
- <p>Users of the <a href="mod/mod_status.html">status module</a>
- will notice that the server statistics are set to zero when a
- <code>HUP</code> is sent.</p>
-
- <p><strong>Note:</strong> If your configuration file has errors
- in it when you issue a restart then your parent will not
- restart, it will exit with an error. See below for a method of
- avoiding this.</p>
-
- <h3>Appendix: signals and race conditions</h3>
-
- <p>Prior to Apache 1.2b9 there were several <em>race
- conditions</em> involving the restart and die signals (a simple
- description of race condition is: a time-sensitive problem, as
- in if something happens at just the wrong time it won't behave
- as expected). For those architectures that have the "right"
- feature set we have eliminated as many as we can. But it should
- be noted that there still do exist race conditions on certain
- architectures.</p>
-
- <p>Architectures that use an on disk <a
- href="mod/core.html#scoreboardfile">ScoreBoardFile</a> have the
- potential to corrupt their scoreboards. This can result in the
- "bind: Address already in use" (after <code>HUP</code>) or
- "long lost child came home!" (after <code>USR1</code>). The
- former is a fatal error, while the latter just causes the
- server to lose a scoreboard slot. So it might be advisable to
- use graceful restarts, with an occasional hard restart. These
- problems are very difficult to work around, but fortunately
- most architectures do not require a scoreboard file. See the <a
- href="mod/core.html#scoreboardfile">ScoreBoardFile</a>
- documentation for a architecture uses it.</p>
-
- <p><code>NEXT</code> and <code>MACHTEN</code> (68k only) have
- small race conditions which can cause a restart/die signal to
- be lost, but should not cause the server to do anything
- otherwise problematic.
- <!-- they don't have sigaction, or we're not using it -djg -->
- </p>
-
- <p>All architectures have a small race condition in each child
- involving the second and subsequent requests on a persistent
- HTTP connection (KeepAlive). It may exit after reading the
- request line but before reading any of the request headers.
- There is a fix that was discovered too late to make 1.2. In
- theory this isn't an issue because the KeepAlive client has to
- expect these events because of network latencies and server
- timeouts. In practice it doesn't seem to affect anything either
- -- in a test case the server was restarted twenty times per
- second and clients successfully browsed the site without
- getting broken images or empty documents.
- <!--#include virtual="footer.html" -->
- </p>
- </body>
-</html>
-
diff --git a/docs/manual/urlmapping.html.en b/docs/manual/urlmapping.html.en
deleted file mode 100755
index a127bb1c16..0000000000
--- a/docs/manual/urlmapping.html.en
+++ /dev/null
@@ -1,333 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <title>Mapping URLs to Filesystem Locations - Apache HTTP
- Server</title>
- </head>
- <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
- <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
- vlink="#000080" alink="#FF0000">
- <!--#include virtual="header.html" -->
-
- <h1 align="center">Mapping URLs to Filesystem Locations</h1>
-
- <p>This document explains how Apache uses the URL of a request
- to determine the filesystem location from which to serve a
- file.</p>
-
- <ul>
- <li><a href="#documentroot">DocumentRoot</a></li>
-
- <li><a href="#outside">Files Outside the
- DocumentRoot</a></li>
-
- <li><a href="#user">User Directories</a></li>
-
- <li><a href="#redirect">URL Redirection</a></li>
-
- <li><a href="#proxy">Reverse Proxy</a></li>
-
- <li><a href="#rewrite">Rewrite Engine</a></li>
-
- <li><a href="#notfound">File Not Found</a></li>
- </ul>
- <hr />
-
- <table border="1">
- <tr>
- <td valign="top"><strong>Related Modules</strong><br />
- <br />
- <a href="mod/mod_alias.html">mod_alias</a><br />
- <a href="mod/mod_proxy.html">mod_proxy</a><br />
- <a href="mod/mod_rewrite.html">mod_rewrite</a><br />
- <a href="mod/mod_userdir.html">mod_userdir</a><br />
- <a href="mod/mod_speling.html">mod_speling</a><br />
- <a
- href="mod/mod_vhost_alias.html">mod_vhost_alias</a><br />
- </td>
-
- <td valign="top"><strong>Related Directives</strong><br />
- <br />
- <a href="mod/mod_alias.html#alias">Alias</a><br />
- <a
- href="mod/mod_alias.html#aliasmatch">AliasMatch</a><br />
- <a
- href="mod/mod_speling.html#checkspelling">CheckSpelling</a><br />
- <a
- href="mod/core.html#documentroot">DocumentRoot</a><br />
- <a
- href="mod/core.html#errordocument">ErrorDocument</a><br />
- <a href="mod/core.html#options">Options</a><br />
- <a href="mod/mod_proxy.html#proxypass">ProxyPass</a><br />
- <a href="mod/mod_proxy.html#proxypassreverse">ProxyPassReverse</a><br />
- <a href="mod/mod_alias.html#redirect">Redirect</a><br />
- <a
- href="mod/mod_alias.html#redirectmatch">RedirectMatch</a><br />
- <a
- href="mod/mod_rewrite.html#RewriteCond">RewriteCond</a><br />
- <a
- href="mod/mod_rewrite.html#RewriteRule">RewriteRule</a><br />
- <a
- href="mod/mod_alias.html#scriptalias">ScriptAlias</a><br />
- <a
- href="mod/mod_alias.html#scriptaliasmatch">ScriptAliasMatch</a><br />
- <a href="mod/mod_userdir.html#userdir">UserDir</a><br />
- </td>
- </tr>
- </table>
-
- <h2><a id="documentroot"
- name="documentroot">DocumentRoot</a></h2>
-
- <p>In deciding what file to serve for a given request, Apache's
- default behavior is to take the URL-Path for the request (the
- part of the URL following the hostname and port) and add it to
- the end of the <a
- href="mod/core.html#documentroot">DocumentRoot</a> specified in
- your configuration files. Therefore, the files and directories
- underneath the <code>DocumentRoot</code> make up the basic
- document tree which will be visible from the web.</p>
-
- <p>Apache is also capable of <a href="vhosts/">Virtual
- Hosting</a>, where the server receives requests for more than
- one host. In this case, a different <code>DocumentRoot</code>
- can be specified for each virtual host, or alternatively, the
- directives provided by the module <a
- href="mod/mod_vhost_alias.html">mod_vhost_alias</a> can be used
- to dynamically determine the appropriate place from which to
- serve content based on the requested IP address or
- hostname.</p>
-
- <h2><a id="outside" name="outside">Files Outside the
- DocumentRoot</a></h2>
-
- <p>There are frequently circumstances where it is necessary to
- allow web access to parts of the filesystem that are not
- strictly underneath the <a
- href="mod/core.html#documentroot">DocumentRoot</a>. Apache
- offers several different ways to accomplish this. On Unix
- systems, symbolic links can bring other parts of the filesystem
- under the <code>DocumentRoot</code>. For security reasons,
- Apache will follow symbolic links only if the <a
- href="mod/core.html#options">Options</a> setting for the
- relevant directory includes <code>FollowSymLinks</code> or
- <code>SymLinksIfOwnerMatch</code>.</p>
-
- <p>Alternatively, the <a
- href="mod/mod_alias.html#alias">Alias</a> directive will map
- any part of the filesystem into the web space. For example,
- with</p>
-
- <blockquote>
- <code>Alias /docs /var/web/</code>
- </blockquote>
-
- <p>the URL
- <code>http://www.example.com/docs/dir/file.html</code> will be
- served from <code>/var/web/dir/file.html</code>. The <a
- href="mod/mod_alias.html#scriptalias">ScriptAlias</a> directive
- works the same way, with the additional effect that all content
- located at the target path is treated as CGI scripts.</p>
-
- <p>For situations where you require additional flexibility, you
- can use the <a
- href="mod/mod_alias.html#aliasmatch">AliasMatch</a> and <a
- href="mod/mod_alias.html#scriptaliasmatch">ScriptAliasMatch</a>
- directives to do powerful regular-expression based matching and
- substitution. For example,</p>
-
- <blockquote>
- <code>ScriptAliasMatch ^/~([a-zA-Z0-9]*)/cgi-bin/(.*)
- /home/$1/cgi-bin/$2</code>
- </blockquote>
-
- <p>will map a request to
- <code>http://example.com/~user/cgi-bin/script.cgi</code> to the
- path <code>/home/user/cgi-bin/script.cgi</code> and will treat
- the resulting file as a CGI script.</p>
-
- <h2><a id="user" name="user">User Directories</a></h2>
-
- <p>Traditionally on Unix systems, the home directory of a
- particular <em>user</em> can be referred to as
- <code>~user/</code>. The module <a
- href="mod/mod_userdir.html">mod_userdir</a> extends this idea
- to the web by allowing files under each user's home directory
- to be accessed using URLs such as the following.</p>
-
- <blockquote>
- <code>http://www.example.com/~user/file.html</code>
- </blockquote>
-
- <p>For security reasons, it is inappropriate to give direct
- access to a user's home directory from the web. Therefore, the
- <a href="mod/mod_userdir.html#userdir">UserDir</a> directive
- specifies a directory underneath the user's home directory
- where web files are located. Using the default setting of
- <code>Userdir public_html</code>, the above URL maps to a file
- at a directory like
- <code>/home/user/public_html/file.html</code> where
- <code>/home/user/</code> is the user's home directory as
- specified in <code>/etc/passwd</code>.</p>
-
- <p>There are also several other forms of the
- <code>Userdir</code> directive which you can use on systems
- where <code>/etc/passwd</code> does not contain the location of
- the home directory.</p>
-
- <p>Some people find the "~" symbol (which is often encoded on
- the web as <code>%7e</code>) to be awkward and prefer to use an
- alternate string to represent user directories. This
- functionality is not supported by mod_userdir. However, if
- users' home directories are structured in a regular way, then
- it is possible to use the <a
- href="mod/mod_alias.html#aliasmatch">AliasMatch</a> directive
- to achieve the desired effect. For example, to make
- <code>http://www.example.com/upages/user/file.html</code> map
- to <code>/home/user/public_html/file.html</code>, use the
- following <code>AliasMatch</code> directive:</p>
-
- <blockquote>
- <code>AliasMatch ^/upages/([a-zA-Z0-9]*)/?(.*)
- /home/$1/public_html/$2</code>
- </blockquote>
-
- <h2><a id="redirect" name="redirect">URL Redirection</a></h2>
-
- <p>The configuration directives discussed in the above sections
- tell Apache to get content from a specific place in the
- filesystem and return it to the client. Sometimes, it is
- desirable instead to inform the client that the requested
- content is located at a different URL, and instruct the client
- to make a new request with the new URL. This is called
- <em>redirection</em> and is implemented by the <a
- href="mod/mod_alias.html#redirect">Redirect</a> directive. For
- example, if the contents of the directory <code>/foo/</code>
- under the <code>DocumentRoot</code> are moved to the new
- directory <code>/bar/</code>, you can instruct clients to
- request the content at the new location as follows:</p>
-
- <blockquote>
- <code>Redirect permanent /foo/
- http://www.example.com/bar/</code>
- </blockquote>
-
- <p>This will redirect any URL-Path starting in
- <code>/foo/</code> to the same URL path on the
- <code>www.example.com</code> server with <code>/bar/</code>
- substituted for <code>/foo/</code>. You can redirect clients to
- any server, not only the origin server.</p>
-
- <p>Apache also provides a <a
- href="mod/mod_alias.html#redirectmatch">RedirectMatch</a>
- directive for more complicated rewriting problems. For example,
- to redirect requests for the site home page to a different
- site, but leave all other requests alone, use the following
- configuration:</p>
-
- <blockquote>
- <code>RedirectMatch permanent ^/$
- http://www.example.com/startpage.html</code>
- </blockquote>
-
- <p>Alternatively, to temporarily redirect all pages on a site
- to one particular page, use the following:</p>
-
- <blockquote>
- <code>RedirectMatch temp .*
- http://www.example.com/startpage.html</code>
- </blockquote>
-
-
-<h2><a id="proxy" name="proxy">Reverse Proxy</a></h2>
-
-<p>Apache also allows you to bring remote documents into the URL space
-of the local server. This technique is called <em>reverse
-proxying</em> because the web server acts like a proxy server by
-fetching the documents from a remote server and returning them to the
-client. It is different from normal proxying because, to the client,
-it appears the documents originate at the reverse proxy server.</p>
-
-<p>In the following example, when clients request documents under the
-<code>/foo/</code> directory, the server fetches those documents from
-the <code>/bar/</code> directory on <code>internal.example.com</code>
-and returns them to the client as if they were from the local
-server.</p>
-
-<blockquote>
-ProxyPass /foo/ http://internal.example.com/bar/<br />
-ProxyPassReverse /foo/ http://internal.example.com/bar/
-</blockquote>
-
-<p>The <a href="mod/mod_proxy.html#proxypass">ProxyPass</a> configures
-the server to fetch the appropriate documents, while the <a
-href="mod/mod_proxy.html#proxypassreverse">ProxyPassReverse</a>
-directive rewrites redirects originating at
-<code>internal.examle.com</code> so that they target the appropriate
-directory on the local server. It is important to note, however, that
-links inside the documents will not be rewritten. So any absolute
-links on <code>internal.example.com</code> will result in the client
-breaking out of the proxy server and requesting directly from
-<code>internal.example.com</code>.</p>
-
-
- <h2><a id="rewrite" name="rewrite">Rewriting Engine</a></h2>
-
- <p>When even more powerful substitution is required, the rewriting
- engine provided by <a href="mod/mod_rewrite.html">mod_rewrite</a>
- can be useful. The directives provided by this module use
- characteristics of the request such as browser type or source IP
- address in deciding from where to serve content. In addition,
- mod_rewrite can use external database files or programs to
- determine how to handle a request. The rewriting engine is capable
- of performing all three types of mappings discussed above:
- internal redirects (aliases), external redirects, and proxying.
- Many practical examples employing mod_rewrite are discussed in the
- <a href="misc/rewriteguide.html">URL Rewriting Guide</a>.</p>
-
- <h2><a id="notfound" name="notfound">File Not Found</a></h2>
-
- <p>Inevitably, URLs will be requested for which no matching
- file can be found in the filesystem. This can happen for
- several reasons. In some cases, it can be a result of moving
- documents from one location to another. In this case, it is
- best to use <a href="#redirect">URL redirection</a> to inform
- clients of the new location of the resource. In this way, you
- can assure that old bookmarks and links will continue to work,
- even though the resource is at a new location.</p>
-
- <p>Another common cause of "File Not Found" errors is
- accidental mistyping of URLs, either directly in the browser,
- or in HTML links. Apache provides the module <a
- href="mod/mod_speling.html">mod_speling</a> (sic) to help with
- this problem. When this module is activated, it will intercept
- "File Not Found" errors and look for a resource with a similar
- filename. If one such file is found, mod_speling will send an
- HTTP redirect to the client informing it of the correct
- location. If several "close" files are found, a list of
- available alternatives will be presented to the client.</p>
-
- <p>An especially useful feature of mod_speling, is that it will
- compare filenames without respect to case. This can help
- systems where users are unaware of the case-sensitive nature of
- URLs and the unix filesystem. But using mod_speling for
- anything more than the occasional URL correction can place
- additional load on the server, since each "incorrect" request
- is followed by a URL redirection and a new request from the
- client.</p>
-
- <p>If all attempts to locate the content fail, Apache returns
- an error page with HTTP status code 404 (file not found). The
- appearance of this page is controlled with the <a
- href="mod/core.html#errordocument">ErrorDocument</a> directive
- and can be customized in a flexible manner as discussed in the
- <a href="custom-error.html">Custom error responses</a> and <a
- href="misc/custom_errordocs.html">International Server Error
- Responses</a> documents.</p>
- <!--#include virtual="footer.html" -->
- </body>
-</html>
-
diff --git a/modules/experimental/cache_pqueue.c b/modules/experimental/cache_pqueue.c
index 297f8c7e75..145be5b56b 100644
--- a/modules/experimental/cache_pqueue.c
+++ b/modules/experimental/cache_pqueue.c
@@ -177,8 +177,8 @@ apr_status_t cache_pq_remove(cache_pqueue_t *q, void* d)
long pri_popped;
long pri_removed;
- posn = q->get(d);
popped = cache_pq_pop(q);
+ posn = q->get(d);
if (!popped)
return APR_EGENERAL;
@@ -220,11 +220,11 @@ void *cache_pq_pop(cache_pqueue_t *q)
break;
}
q->d[i] = q->d[j];
- q->set(d, i);
+ q->set(q->d[i], i);
i = j;
}
q->d[i] = tmp;
- q->set(d, i);
+ q->set(q->d[i], i);
return d;
}
diff --git a/modules/experimental/mod_auth_ldap.c b/modules/experimental/mod_auth_ldap.c
deleted file mode 100644
index 064484d5d7..0000000000
--- a/modules/experimental/mod_auth_ldap.c
+++ /dev/null
@@ -1,866 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2001 The Apache Software Foundation. All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- * if any, must include the following acknowledgment:
- * "This product includes software developed by the
- * Apache Software Foundation (http://www.apache.org/)."
- * Alternately, this acknowledgment may appear in the software itself,
- * if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- * not be used to endorse or promote products derived from this
- * software without prior written permission. For written
- * permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- * nor may "Apache" appear in their name, without prior written
- * permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation. For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- */
-
-/*
- * mod_auth_ldap.c: LDAP authentication module
- *
- * Original code from auth_ldap module for Apache v1.3:
- * Copyright 1998, 1999 Enbridge Pipelines Inc.
- * Copyright 1999-2001 Dave Carrigan
- */
-
-#include <apr_ldap.h>
-#include <apr_strings.h>
-
-#include "ap_config.h"
-#if APR_HAVE_UNISTD_H
-/* for getpid() */
-#include <unistd.h>
-#endif
-#include <ctype.h>
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_protocol.h"
-#include "http_request.h"
-#include "util_ldap.h"
-
-#ifndef APU_HAS_LDAP
-#error mod_auth_ldap requires APR-util to have LDAP support built in
-#endif
-
-/* per directory configuration */
-typedef struct {
- apr_pool_t *pool; /* Pool that this config is allocated from */
- apr_thread_mutex_t *lock; /* Lock for this config */
- int auth_authoritative; /* Is this auth method the one and only? */
- int enabled; /* Is auth_ldap enabled in this directory? */
-
- /* These parameters are all derived from the AuthLDAPURL directive */
- char *url; /* String representation of the URL */
-
- char *host; /* Name of the LDAP server (or space separated list) */
- int port; /* Port of the LDAP server */
- char *basedn; /* Base DN to do all searches from */
- char *attribute; /* Attribute to search for */
- char **attributes; /* Array of all the attributes to return */
- int scope; /* Scope of the search */
- char *filter; /* Filter to further limit the search */
- deref_options deref; /* how to handle alias dereferening */
- char *binddn; /* DN to bind to server (can be NULL) */
- char *bindpw; /* Password to bind to server (can be NULL) */
-
- int frontpage_hack; /* Hack for frontpage support */
- int user_is_dn; /* If true, connection->user is DN instead of userid */
- int compare_dn_on_server; /* If true, will use server to do DN compare */
-
- int have_ldap_url; /* Set if we have found an LDAP url */
-
- apr_array_header_t *groupattr; /* List of Group attributes */
- int group_attrib_is_dn; /* If true, the group attribute is the DN, otherwise,
- it's the exact string passed by the HTTP client */
-
- int netscapessl; /* True if Netscape SSL is enabled */
- int starttls; /* True if StartTLS is enabled */
-} mod_auth_ldap_config_t;
-
-typedef struct mod_auth_ldap_request_t {
- char *dn; /* The saved dn from a successful search */
- char *user; /* The username provided by the client */
-} mod_auth_ldap_request_t;
-
-/* maximum group elements supported */
-#define GROUPATTR_MAX_ELTS 10
-
-struct mod_auth_ldap_groupattr_entry_t {
- char *name;
-};
-
-module AP_MODULE_DECLARE_DATA auth_ldap_module;
-
-/* function prototypes */
-void mod_auth_ldap_build_filter(char *filtbuf,
- request_rec *r,
- mod_auth_ldap_config_t *sec);
-int mod_auth_ldap_check_user_id(request_rec *r);
-int mod_auth_ldap_auth_checker(request_rec *r);
-void *mod_auth_ldap_create_dir_config(apr_pool_t *p, char *d);
-
-/* ---------------------------------------- */
-
-
-/*
- * Build the search filter, or at least as much of the search filter that
- * will fit in the buffer. We don't worry about the buffer not being able
- * to hold the entire filter. If the buffer wasn't big enough to hold the
- * filter, ldap_search_s will complain, but the only situation where this
- * is likely to happen is if the client sent a really, really long
- * username, most likely as part of an attack.
- *
- * The search filter consists of the filter provided with the URL,
- * combined with a filter made up of the attribute provided with the URL,
- * and the actual username passed by the HTTP client. For example, assume
- * that the LDAP URL is
- *
- * ldap://ldap.airius.com/ou=People, o=Airius?uid??(posixid=*)
- *
- * Further, assume that the userid passed by the client was `userj'. The
- * search filter will be (&(posixid=*)(uid=userj)).
- */
-#define FILTER_LENGTH MAX_STRING_LEN
-void mod_auth_ldap_build_filter(char *filtbuf,
- request_rec *r,
- mod_auth_ldap_config_t *sec)
-{
- char *p, *q, *filtbuf_end;
- /*
- * Create the first part of the filter, which consists of the
- * config-supplied portions.
- */
- apr_snprintf(filtbuf, FILTER_LENGTH, "(&(%s)(%s=", sec->filter, sec->attribute);
-
- /*
- * Now add the client-supplied username to the filter, ensuring that any
- * LDAP filter metachars are escaped.
- */
- filtbuf_end = filtbuf + FILTER_LENGTH - 1;
- for (p = r->user, q=filtbuf + strlen(filtbuf);
- *p && q < filtbuf_end; *q++ = *p++) {
- if (strchr("*()\\", *p) != NULL) {
- *q++ = '\\';
- if (q >= filtbuf_end) {
- break;
- }
- }
- }
- *q = '\0';
-
- /*
- * Append the closing parens of the filter, unless doing so would
- * overrun the buffer.
- */
- if (q + 2 <= filtbuf_end)
- strcat(filtbuf, "))");
-}
-
-
-/*
- * Authentication Phase
- * --------------------
- *
- * This phase authenticates the credentials the user has sent with
- * the request (ie the username and password are checked). This is done
- * by making an attempt to bind to the LDAP server using this user's
- * DN and the supplied password.
- *
- */
-int mod_auth_ldap_check_user_id(request_rec *r)
-{
- const char **vals = NULL;
- char filtbuf[FILTER_LENGTH];
- mod_auth_ldap_config_t *sec =
- (mod_auth_ldap_config_t *)ap_get_module_config(r->per_dir_config, &auth_ldap_module);
-
- util_ldap_connection_t *ldc = NULL;
- const char *sent_pw;
- int result = 0;
- const char *dn = NULL;
-
- mod_auth_ldap_request_t *req =
- (mod_auth_ldap_request_t *)apr_pcalloc(r->pool, sizeof(mod_auth_ldap_request_t));
- ap_set_module_config(r->request_config, &auth_ldap_module, req);
-
- if (!sec->enabled) {
- return DECLINED;
- }
-
- /*
- * Basic sanity checks before any LDAP operations even happen.
- */
- if (!sec->have_ldap_url) {
- return DECLINED;
- }
-
- /* There is a good AuthLDAPURL, right? */
- if (sec->host) {
- ldc = util_ldap_connection_find(r, sec->host, sec->port,
- sec->binddn, sec->bindpw, sec->deref,
- sec->netscapessl, sec->starttls);
- }
- else {
- ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
- "[%d] auth_ldap authenticate: no sec->host - weird...?", getpid());
- return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
- }
-
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[%d] auth_ldap authenticate: using URL %s", getpid(), sec->url);
-
- /* Get the password that the client sent */
- if ((result = ap_get_basic_auth_pw(r, &sent_pw))) {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[%d] auth_ldap authenticate: "
- "ap_get_basic_auth_pw() returns %d", getpid(), result);
- util_ldap_connection_close(ldc);
- return result;
- }
-
- /* build the username filter */
- mod_auth_ldap_build_filter(filtbuf, r, sec);
-
- /* do the user search */
- result = util_ldap_cache_checkuserid(r, ldc, sec->url, sec->basedn, sec->scope,
- sec->attributes, filtbuf, sent_pw, &dn, &vals);
- util_ldap_connection_close(ldc);
-
- if (result != LDAP_SUCCESS) {
- ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
- "[%d] auth_ldap authenticate: "
- "user %s authentication failed; URI %s [%s][%s]",
- getpid(), r->user, r->uri, ldc->reason, ldap_err2string(result));
- if (LDAP_INVALID_CREDENTIALS == result) {
- ap_note_basic_auth_failure(r);
- return HTTP_UNAUTHORIZED;
- }
- else {
- return sec->auth_authoritative? HTTP_UNAUTHORIZED: DECLINED;
- }
- }
-
- /* mark the user and DN */
- req->dn = apr_pstrdup(r->pool, dn);
- req->user = r->user;
- if (sec->user_is_dn) {
- r->user = req->dn;
- }
-
- /* add environment variables */
- if (sec->attributes && vals) {
- apr_table_t *e = r->subprocess_env;
- int i = 0;
- while (sec->attributes[i]) {
- char *str = apr_pstrcat(r->pool, "AUTHENTICATE_", sec->attributes[i], NULL);
- int j = 13;
- while (str[j]) {
- if (str[j] >= 'a' && str[j] <= 'z') {
- str[j] = str[j] - ('a' - 'A');
- }
- j++;
- }
- apr_table_setn(e, str, vals[i]);
- i++;
- }
- }
-
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[%d] auth_ldap authenticate: accepting %s", getpid(), r->user);
-
- return OK;
-}
-
-
-/*
- * Authorisation Phase
- * -------------------
- *
- * After checking whether the username and password are correct, we need
- * to check whether that user is authorised to view this resource. The
- * require directive is used to do this:
- *
- * require valid-user Any authenticated is allowed in.
- * require user <username> This particular user is allowed in.
- * require group <groupname> The user must be a member of this group
- * in order to be allowed in.
- * require dn <dn> The user must have the following DN in the
- * LDAP tree to be let in.
- *
- */
-int mod_auth_ldap_auth_checker(request_rec *r)
-{
- int result = 0;
- mod_auth_ldap_request_t *req =
- (mod_auth_ldap_request_t *)ap_get_module_config(r->request_config,
- &auth_ldap_module);
- mod_auth_ldap_config_t *sec =
- (mod_auth_ldap_config_t *)ap_get_module_config(r->per_dir_config,
- &auth_ldap_module);
-
- util_ldap_connection_t *ldc = NULL;
- int m = r->method_number;
-
- const apr_array_header_t *reqs_arr = ap_requires(r);
- require_line *reqs = reqs_arr ? (require_line *)reqs_arr->elts : NULL;
-
- register int x;
- const char *t;
- char *w;
- int method_restricted = 0;
-
- if (!sec->enabled) {
- return DECLINED;
- }
-
- if (!sec->have_ldap_url) {
- return DECLINED;
- }
-
- if (sec->host) {
- ldc = util_ldap_connection_find(r, sec->host, sec->port,
- sec->binddn, sec->bindpw, sec->deref,
- sec->netscapessl, sec->starttls);
- }
- else {
- ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
- "[%d] auth_ldap authorise: no sec->host - weird...?", getpid());
- return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
- }
-
- /*
- * If there are no elements in the group attribute array, the default should be
- * member and uniquemember; populate the array now.
- */
- if (sec->groupattr->nelts == 0) {
- struct mod_auth_ldap_groupattr_entry_t *grp;
- apr_thread_mutex_lock(sec->lock);
- grp = apr_array_push(sec->groupattr);
- grp->name = "member";
- grp = apr_array_push(sec->groupattr);
- grp->name = "uniquemember";
- apr_thread_mutex_unlock(sec->lock);
- }
-
- if (!reqs_arr) {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[%d] auth_ldap authorise: no requirements array", getpid());
- return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
- }
-
- /* Loop through the requirements array until there's no elements
- * left, or something causes a return from inside the loop */
- for(x=0; x < reqs_arr->nelts; x++) {
- if (! (reqs[x].method_mask & (1 << m))) {
- continue;
- }
- method_restricted = 1;
-
- t = reqs[x].requirement;
- w = ap_getword(r->pool, &t, ' ');
-
- if (strcmp(w, "valid-user") == 0) {
- /*
- * Valid user will always be true if we authenticated with ldap,
- * but when using front page, valid user should only be true if
- * he exists in the frontpage password file. This hack will get
- * auth_ldap to look up the user in the the pw file to really be
- * sure that he's valid. Naturally, it requires mod_auth to be
- * compiled in, but if mod_auth wasn't in there, then the need
- * for this hack wouldn't exist anyway.
- */
- if (sec->frontpage_hack) {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[%d] auth_ldap authorise: "
- "deferring authorisation to mod_auth (FP Hack)",
- getpid());
- return OK;
- }
- else {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[%d] auth_ldap authorise: "
- "successful authorisation because user "
- "is valid-user", getpid());
- return OK;
- }
- }
- else if (strcmp(w, "user") == 0) {
- if (req->dn == NULL || strlen(req->dn) == 0) {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[%d] auth_ldap authorise: "
- "require user: user's DN has not been defined; failing authorisation",
- getpid());
- return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
- }
- /*
- * First do a whole-line compare, in case it's something like
- * require user Babs Jensen
- */
- result = util_ldap_cache_compare(r, ldc, sec->url, req->dn, sec->attribute, t);
- switch(result) {
- case LDAP_COMPARE_TRUE: {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[%d] auth_ldap authorise: "
- "require user: authorisation successful", getpid());
- return OK;
- }
- default: {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[%d] auth_ldap authorise: require user: "
- "authorisation failed [%s][%s]", getpid(),
- ldc->reason, ldap_err2string(result));
- }
- }
- /*
- * Now break apart the line and compare each word on it
- */
- while (t[0]) {
- w = ap_getword_conf(r->pool, &t);
- result = util_ldap_cache_compare(r, ldc, sec->url, req->dn, sec->attribute, w);
- switch(result) {
- case LDAP_COMPARE_TRUE: {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[%d] auth_ldap authorise: "
- "require user: authorisation successful", getpid());
- return OK;
- }
- default: {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[%d] auth_ldap authorise: "
- "require user: authorisation failed [%s][%s]",
- getpid(), ldc->reason, ldap_err2string(result));
- }
- }
- }
- }
- else if (strcmp(w, "dn") == 0) {
- if (req->dn == NULL || strlen(req->dn) == 0) {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[%d] auth_ldap authorise: "
- "require dn: user's DN has not been defined; failing authorisation",
- getpid());
- return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
- }
-
- result = util_ldap_cache_comparedn(r, ldc, sec->url, req->dn, t, sec->compare_dn_on_server);
- switch(result) {
- case LDAP_COMPARE_TRUE: {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[%d] auth_ldap authorise: "
- "require dn: authorisation successful", getpid());
- return OK;
- }
- default: {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[%d] auth_ldap authorise: "
- "require dn: LDAP error [%s][%s]",
- getpid(), ldc->reason, ldap_err2string(result));
- }
- }
- }
- else if (strcmp(w, "group") == 0) {
- struct mod_auth_ldap_groupattr_entry_t *ent = (struct mod_auth_ldap_groupattr_entry_t *) sec->groupattr->elts;
- int i;
-
- if (sec->group_attrib_is_dn) {
- if (req->dn == NULL || strlen(req->dn) == 0) {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[%d] auth_ldap authorise: require group: user's DN has not been defined; failing authorisation",
- getpid());
- return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
- }
- }
- else {
- if (req->user == NULL || strlen(req->user) == 0) {
- /* We weren't called in the authentication phase, so we didn't have a
- * chance to set the user field. Do so now. */
- req->user = r->user;
- }
- }
-
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[%d] auth_ldap authorise: require group: testing for group membership in `%s'",
- getpid(), t);
-
- for (i = 0; i < sec->groupattr->nelts; i++) {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[%d] auth_ldap authorise: require group: testing for %s: %s (%s)", getpid(),
- ent[i].name, sec->group_attrib_is_dn ? req->dn : req->user, t);
-
- result = util_ldap_cache_compare(r, ldc, sec->url, t, ent[i].name,
- sec->group_attrib_is_dn ? req->dn : req->user);
- switch(result) {
- case LDAP_COMPARE_TRUE: {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[%d] auth_ldap authorise: require group: "
- "authorisation successful (attribute %s) [%s][%s]",
- getpid(), ent[i].name, ldc->reason, ldap_err2string(result));
- return OK;
- }
- default: {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[%d] auth_ldap authorise: require group: "
- "authorisation failed [%s][%s]",
- getpid(), ldc->reason, ldap_err2string(result));
- }
- }
- }
- }
- }
-
- if (!method_restricted) {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[%d] auth_ldap authorise: agreeing because non-restricted",
- getpid());
- return OK;
- }
-
- if (!sec->auth_authoritative) {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[%d] auth_ldap authorise: declining to authorise", getpid());
- return DECLINED;
- }
-
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[%d] auth_ldap authorise: authorisation denied", getpid());
- ap_note_basic_auth_failure (r);
-
- return HTTP_UNAUTHORIZED;
-}
-
-
-/* ---------------------------------------- */
-/* config directives */
-
-
-void *mod_auth_ldap_create_dir_config(apr_pool_t *p, char *d)
-{
- mod_auth_ldap_config_t *sec =
- (mod_auth_ldap_config_t *)apr_pcalloc(p, sizeof(mod_auth_ldap_config_t));
-
- sec->pool = p;
- apr_thread_mutex_create(&sec->lock, APR_THREAD_MUTEX_DEFAULT, p);
- sec->auth_authoritative = 1;
- sec->enabled = 1;
- sec->groupattr = apr_array_make(p, GROUPATTR_MAX_ELTS,
- sizeof(struct mod_auth_ldap_groupattr_entry_t));
-
- sec->have_ldap_url = 0;
- sec->url = "";
- sec->host = NULL;
- sec->binddn = NULL;
- sec->bindpw = NULL;
- sec->deref = always;
- sec->group_attrib_is_dn = 1;
-
- sec->frontpage_hack = 0;
- sec->netscapessl = 0;
- sec->starttls = 0;
-
- sec->user_is_dn = 0;
- sec->compare_dn_on_server = 0;
-
- return sec;
-}
-
-/*
- * Use the ldap url parsing routines to break up the ldap url into
- * host and port.
- */
-static const char *mod_auth_ldap_parse_url(cmd_parms *cmd,
- void *config,
- const char *url)
-{
- int result;
- LDAPURLDesc *urld;
-
- mod_auth_ldap_config_t *sec = config;
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
- cmd->server, "[%d] auth_ldap url parse: `%s'",
- getpid(), url);
-
- result = ldap_url_parse(url, &(urld));
- if (result != LDAP_SUCCESS) {
- switch (result) {
- case LDAP_URL_ERR_NOTLDAP:
- return "LDAP URL does not begin with ldap://";
- case LDAP_URL_ERR_NODN:
- return "LDAP URL does not have a DN";
- case LDAP_URL_ERR_BADSCOPE:
- return "LDAP URL has an invalid scope";
- case LDAP_URL_ERR_MEM:
- return "Out of memory parsing LDAP URL";
- default:
- return "Could not parse LDAP URL";
- }
- }
- sec->url = apr_pstrdup(cmd->pool, url);
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
- cmd->server, "[%d] auth_ldap url parse: Host: %s", getpid(), urld->lud_host);
- ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
- cmd->server, "[%d] auth_ldap url parse: Port: %d", getpid(), urld->lud_port);
- ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
- cmd->server, "[%d] auth_ldap url parse: DN: %s", getpid(), urld->lud_dn);
- ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
- cmd->server, "[%d] auth_ldap url parse: attrib: %s", getpid(), urld->lud_attrs? urld->lud_attrs[0] : "(null)");
- ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
- cmd->server, "[%d] auth_ldap url parse: scope: %s", getpid(),
- (urld->lud_scope == LDAP_SCOPE_SUBTREE? "subtree" :
- urld->lud_scope == LDAP_SCOPE_BASE? "base" :
- urld->lud_scope == LDAP_SCOPE_ONELEVEL? "onelevel" : "unknown"));
- ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
- cmd->server, "[%d] auth_ldap url parse: filter: %s", getpid(), urld->lud_filter);
-
- /* Set all the values, or at least some sane defaults */
- if (sec->host) {
- char *p = apr_palloc(cmd->pool, strlen(sec->host) + strlen(urld->lud_host) + 2);
- strcpy(p, urld->lud_host);
- strcat(p, " ");
- strcat(p, sec->host);
- sec->host = p;
- }
- else {
- sec->host = urld->lud_host? apr_pstrdup(cmd->pool, urld->lud_host) : "localhost";
- }
- sec->basedn = urld->lud_dn? apr_pstrdup(cmd->pool, urld->lud_dn) : "";
- if (urld->lud_attrs && urld->lud_attrs[0]) {
- int i = 1;
- while (urld->lud_attrs[i]) {
- i++;
- }
- sec->attributes = apr_pcalloc(cmd->pool, sizeof(char *) * (i+1));
- i = 0;
- while (urld->lud_attrs[i]) {
- sec->attributes[i] = apr_pstrdup(cmd->pool, urld->lud_attrs[i]);
- i++;
- }
- sec->attribute = sec->attributes[0];
- }
- else {
- sec->attribute = "uid";
- }
-
- sec->scope = urld->lud_scope == LDAP_SCOPE_ONELEVEL ?
- LDAP_SCOPE_ONELEVEL : LDAP_SCOPE_SUBTREE;
-
- if (urld->lud_filter) {
- if (urld->lud_filter[0] == '(') {
- /*
- * Get rid of the surrounding parens; later on when generating the
- * filter, they'll be put back.
- */
- sec->filter = apr_pstrdup(cmd->pool, urld->lud_filter+1);
- sec->filter[strlen(sec->filter)-1] = '\0';
- }
- else {
- sec->filter = apr_pstrdup(cmd->pool, urld->lud_filter);
- }
- }
- else {
- sec->filter = "objectclass=*";
- }
- if (strncmp(url, "ldaps", 5) == 0) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
- cmd->server, "[%d] auth_ldap parse url: requesting secure LDAP", getpid());
-#ifdef APU_HAS_LDAP_STARTTLS
- sec->port = urld->lud_port? urld->lud_port : LDAPS_PORT;
- sec->starttls = 1;
-#else
-#ifdef APU_HAS_LDAP_NETSCAPE_SSL
- sec->port = urld->lud_port? urld->lud_port : LDAPS_PORT;
- sec->netscapessl = 1;
-#else
- return "Secure LDAP (ldaps://) not supported. Rebuild APR-Util";
-#endif
-#endif
- }
- else {
- ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
- cmd->server, "[%d] auth_ldap parse url: not requesting secure LDAP", getpid());
- sec->netscapessl = 0;
- sec->starttls = 0;
- sec->port = urld->lud_port? urld->lud_port : LDAP_PORT;
- }
-
- sec->have_ldap_url = 1;
- ldap_free_urldesc(urld);
- return NULL;
-}
-
-static const char *mod_auth_ldap_set_deref(cmd_parms *cmd, void *config, const char *arg)
-{
- mod_auth_ldap_config_t *sec = config;
-
- if (strcmp(arg, "never") == 0 || strcasecmp(arg, "off") == 0) {
- sec->deref = never;
- }
- else if (strcmp(arg, "searching") == 0) {
- sec->deref = searching;
- }
- else if (strcmp(arg, "finding") == 0) {
- sec->deref = finding;
- }
- else if (strcmp(arg, "always") == 0 || strcasecmp(arg, "on") == 0) {
- sec->deref = always;
- }
- else {
- return "Unrecognized value for AuthLDAPAliasDereference directive";
- }
- return NULL;
-}
-
-static const char *mod_auth_ldap_add_group_attribute(cmd_parms *cmd, void *config, const char *arg)
-{
- struct mod_auth_ldap_groupattr_entry_t *new;
-
- mod_auth_ldap_config_t *sec = config;
-
- if (sec->groupattr->nelts > GROUPATTR_MAX_ELTS)
- return "Too many AuthLDAPGroupAttribute directives";
-
- new = apr_array_push(sec->groupattr);
- new->name = apr_pstrdup(cmd->pool, arg);
-
- return NULL;
-}
-
-command_rec mod_auth_ldap_cmds[] = {
- AP_INIT_TAKE1("AuthLDAPURL", mod_auth_ldap_parse_url, NULL, OR_AUTHCFG,
- "URL to define LDAP connection. This should be an RFC 2255 complaint\n"
- "URL of the form ldap://host[:port]/basedn[?attrib[?scope[?filter]]].\n"
- "<ul>\n"
- "<li>Host is the name of the LDAP server. Use a space separated list of hosts \n"
- "to specify redundant servers.\n"
- "<li>Port is optional, and specifies the port to connect to.\n"
- "<li>basedn specifies the base DN to start searches from\n"
- "<li>Attrib specifies what attribute to search for in the directory. If not "
- "provided, it defaults to <b>uid</b>.\n"
- "<li>Scope is the scope of the search, and can be either <b>sub</b> or "
- "<b>one</b>. If not provided, the default is <b>sub</b>.\n"
- "<li>Filter is a filter to use in the search. If not provided, "
- "defaults to <b>(objectClass=*)</b>.\n"
- "</ul>\n"
- "Searches are performed using the attribute and the filter combined. "
- "For example, assume that the\n"
- "LDAP URL is <b>ldap://ldap.airius.com/ou=People, o=Airius?uid?sub?(posixid=*)</b>. "
- "Searches will\n"
- "be done using the filter <b>(&((posixid=*))(uid=<i>username</i>))</b>, "
- "where <i>username</i>\n"
- "is the user name passed by the HTTP client. The search will be a subtree "
- "search on the branch <b>ou=People, o=Airius</b>."),
-
- AP_INIT_TAKE1("AuthLDAPBindDN", ap_set_string_slot,
- (void *)APR_OFFSETOF(mod_auth_ldap_config_t, binddn), OR_AUTHCFG,
- "DN to use to bind to LDAP server. If not provided, will do an anonymous bind."),
-
- AP_INIT_TAKE1("AuthLDAPBindPassword", ap_set_string_slot,
- (void *)APR_OFFSETOF(mod_auth_ldap_config_t, bindpw), OR_AUTHCFG,
- "Password to use to bind to LDAP server. If not provided, will do an anonymous bind."),
-
- AP_INIT_FLAG("AuthLDAPRemoteUserIsDN", ap_set_flag_slot,
- (void *)APR_OFFSETOF(mod_auth_ldap_config_t, user_is_dn), OR_AUTHCFG,
- "Set to 'on' to set the REMOTE_USER environment variable to be the full "
- "DN of the remote user. By default, this is set to off, meaning that "
- "the REMOTE_USER variable will contain whatever value the remote user sent."),
-
- AP_INIT_FLAG("AuthLDAPAuthoritative", ap_set_flag_slot,
- (void *)APR_OFFSETOF(mod_auth_ldap_config_t, auth_authoritative), OR_AUTHCFG,
- "Set to 'off' to allow access control to be passed along to lower modules if "
- "the UserID and/or group is not known to this module"),
-
- AP_INIT_FLAG("AuthLDAPCompareDNOnServer", ap_set_flag_slot,
- (void *)APR_OFFSETOF(mod_auth_ldap_config_t, compare_dn_on_server), OR_AUTHCFG,
- "Set to 'on' to force auth_ldap to do DN compares (for the \"require dn\" "
- "directive) using the server, and set it 'off' to do the compares locally "
- "(at the expense of possible false matches). See the documentation for "
- "a complete description of this option."),
-
- AP_INIT_ITERATE("AuthLDAPGroupAttribute", mod_auth_ldap_add_group_attribute, NULL, OR_AUTHCFG,
- "A list of attributes used to define group membership - defaults to "
- "member and uniquemember"),
-
- AP_INIT_FLAG("AuthLDAPGroupAttributeIsDN", ap_set_flag_slot,
- (void *)APR_OFFSETOF(mod_auth_ldap_config_t, group_attrib_is_dn), OR_AUTHCFG,
- "If set to 'on', auth_ldap uses the DN that is retrieved from the server for"
- "subsequent group comparisons. If set to 'off', auth_ldap uses the string"
- "provided by the client directly. Defaults to 'on'."),
-
- AP_INIT_TAKE1("AuthLDAPDereferenceAliases", mod_auth_ldap_set_deref, NULL, OR_AUTHCFG,
- "Determines how aliases are handled during a search. Can bo one of the"
- "values \"never\", \"searching\", \"finding\", or \"always\". "
- "Defaults to always."),
-
- AP_INIT_FLAG("AuthLDAPEnabled", ap_set_flag_slot,
- (void *)APR_OFFSETOF(mod_auth_ldap_config_t, enabled), OR_AUTHCFG,
- "Set to off to disable auth_ldap, even if it's been enabled in a higher tree"),
-
- AP_INIT_FLAG("AuthLDAPFrontPageHack", ap_set_flag_slot,
- (void *)APR_OFFSETOF(mod_auth_ldap_config_t, frontpage_hack), OR_AUTHCFG,
- "Set to 'on' to support Microsoft FrontPage"),
-
-#ifdef APU_HAS_LDAP_STARTTLS
- AP_INIT_FLAG("AuthLDAPStartTLS", ap_set_flag_slot,
- (void *)APR_OFFSETOF(mod_auth_ldap_config_t, starttls), OR_AUTHCFG,
- "Set to 'on' to start TLS after connecting to the LDAP server."),
-#endif /* APU_HAS_LDAP_STARTTLS */
-
- {NULL}
-};
-
-static void mod_auth_ldap_register_hooks(apr_pool_t *p)
-{
- ap_hook_check_user_id(mod_auth_ldap_check_user_id, NULL, NULL, APR_HOOK_MIDDLE);
- ap_hook_auth_checker(mod_auth_ldap_auth_checker, NULL, NULL, APR_HOOK_MIDDLE);
-}
-
-module auth_ldap_module = {
- STANDARD20_MODULE_STUFF,
- mod_auth_ldap_create_dir_config, /* dir config creater */
- NULL, /* dir merger --- default is to override */
- NULL, /* server config */
- NULL, /* merge server config */
- mod_auth_ldap_cmds, /* command table */
- mod_auth_ldap_register_hooks, /* set up request processing hooks */
-};
diff --git a/modules/experimental/mod_auth_ldap.def b/modules/experimental/mod_auth_ldap.def
deleted file mode 100644
index 599636fb49..0000000000
--- a/modules/experimental/mod_auth_ldap.def
+++ /dev/null
@@ -1,6 +0,0 @@
-IMPORT util_ldap_connection_find
-IMPORT util_ldap_connection_close
-IMPORT util_ldap_cache_checkuserid
-IMPORT util_ldap_cache_compare
-IMPORT util_ldap_cache_comparedn
-EXPORT auth_ldap_module
diff --git a/modules/experimental/util_ldap.c b/modules/experimental/util_ldap.c
deleted file mode 100644
index 9bd7682b72..0000000000
--- a/modules/experimental/util_ldap.c
+++ /dev/null
@@ -1,1110 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2001 The Apache Software Foundation. All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- * if any, must include the following acknowledgment:
- * "This product includes software developed by the
- * Apache Software Foundation (http://www.apache.org/)."
- * Alternately, this acknowledgment may appear in the software itself,
- * if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- * not be used to endorse or promote products derived from this
- * software without prior written permission. For written
- * permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- * nor may "Apache" appear in their name, without prior written
- * permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation. For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- */
-
-/*
- * util_ldap.c: LDAP things
- *
- * Original code from auth_ldap module for Apache v1.3:
- * Copyright 1998, 1999 Enbridge Pipelines Inc.
- * Copyright 1999-2001 Dave Carrigan
- */
-
-#include <apr_ldap.h>
-#include <apr_strings.h>
-
-#include "ap_config.h"
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_protocol.h"
-#include "http_request.h"
-#include "util_ldap.h"
-#include "util_ldap_cache.h"
-
-#if APR_HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#ifndef APU_HAS_LDAP
-#error mod_ldap requires APR-util to have LDAP support built in
-#endif
-
-module AP_MODULE_DECLARE_DATA ldap_module;
-
-int util_ldap_handler(request_rec *r);
-void *util_ldap_create_config(apr_pool_t *p, server_rec *s);
-
-
-/*
- * Some definitions to help between various versions of apache.
- */
-
-#ifndef DOCTYPE_HTML_2_0
-#define DOCTYPE_HTML_2_0 "<!DOCTYPE HTML PUBLIC \"-//IETF//" \
- "DTD HTML 2.0//EN\">\n"
-#endif
-
-#ifndef DOCTYPE_HTML_3_2
-#define DOCTYPE_HTML_3_2 "<!DOCTYPE HTML PUBLIC \"-//W3C//" \
- "DTD HTML 3.2 Final//EN\">\n"
-#endif
-
-#ifndef DOCTYPE_HTML_4_0S
-#define DOCTYPE_HTML_4_0S "<!DOCTYPE HTML PUBLIC \"-//W3C//" \
- "DTD HTML 4.0//EN\"\n" \
- "\"http://www.w3.org/TR/REC-html40/strict.dtd\">\n"
-#endif
-
-#ifndef DOCTYPE_HTML_4_0T
-#define DOCTYPE_HTML_4_0T "<!DOCTYPE HTML PUBLIC \"-//W3C//" \
- "DTD HTML 4.0 Transitional//EN\"\n" \
- "\"http://www.w3.org/TR/REC-html40/loose.dtd\">\n"
-#endif
-
-#ifndef DOCTYPE_HTML_4_0F
-#define DOCTYPE_HTML_4_0F "<!DOCTYPE HTML PUBLIC \"-//W3C//" \
- "DTD HTML 4.0 Frameset//EN\"\n" \
- "\"http://www.w3.org/TR/REC-html40/frameset.dtd\">\n"
-#endif
-
-/*
- * Status Handler
- * --------------
- *
- * This handler generates a status page about the current performance of
- * the LDAP cache. It is enabled as follows:
- *
- * <Location /ldap-status>
- * SetHandler ldap-status
- * </Location>
- *
- */
-int util_ldap_handler(request_rec *r)
-{
-
- r->allowed |= (1 << M_GET);
- if (r->method_number != M_GET)
- return DECLINED;
-
- if (strcmp(r->handler, "ldap-status")) {
- return DECLINED;
- }
-
- r->content_type = "text/html";
- if (r->header_only)
- return OK;
-
- ap_rputs(DOCTYPE_HTML_3_2
- "<html><head><title>LDAP Cache Information</title></head>\n", r);
- ap_rputs("<body bgcolor='#ffffff'><h1 align=center>LDAP Cache Information</h1>\n", r);
-
- ap_rputs("<p>\n"
- "<table border='0'>\n"
- "<tr bgcolor='#000000'>\n"
- "<td><font size='-1' face='Arial,Helvetica' color='#ffffff'><b>Cache Name</b></font></td>"
- "<td><font size='-1' face='Arial,Helvetica' color='#ffffff'><b>Entries</b></font></td>"
- "<td><font size='-1' face='Arial,Helvetica' color='#ffffff'><b>Avg. Chain Len.</b></font></td>"
- "<td colspan='2'><font size='-1' face='Arial,Helvetica' color='#ffffff'><b>Hits</b></font></td>"
- "<td><font size='-1' face='Arial,Helvetica' color='#ffffff'><b>Ins/Rem</b></font></td>"
- "<td colspan='2'><font size='-1' face='Arial,Helvetica' color='#ffffff'><b>Purges</b></font></td>"
- "<td><font size='-1' face='Arial,Helvetica' color='#ffffff'><b>Avg Purge Time</b></font></td>"
- "</tr>\n", r
- );
-
- ap_rputs(util_ald_cache_display(r->pool), r);
-
- ap_rputs("</table>\n</p>\n", r);
-
- return OK;
-}
-
-/* ------------------------------------------------------------------ */
-
-
-/*
- * Closes an LDAP connection by unlocking it. The next time
- * util_ldap_connection_find() is called this connection will be
- * available for reuse.
- */
-void util_ldap_connection_close(util_ldap_connection_t *ldc)
-{
-
- /*
- * QUESTION:
- *
- * Is it safe leaving bound connections floating around between the
- * different modules? Keeping the user bound is a performance boost,
- * but it is also a potential security problem - maybe.
- *
- * For now we unbind the user when we finish with a connection, but
- * we don't have to...
- */
-
- /* mark our connection as available for reuse */
- apr_thread_mutex_unlock(ldc->lock);
-
-}
-
-
-/*
- * Destroys an LDAP connection by unbinding. This function is registered
- * with the pool cleanup function - causing the LDAP connections to be
- * shut down cleanly on graceful restart.
- */
-apr_status_t util_ldap_connection_destroy(void *param)
-{
- util_ldap_connection_t *ldc = param;
-
- /* unbinding from the LDAP server */
- if (ldc->ldap) {
- ldap_unbind_s(ldc->ldap);
- ldc->bound = 0;
- ldc->ldap = NULL;
- }
-
- /* release the lock we were using. The lock should have
- already been released in the close connection call.
- But just in case it wasn't, we first try to get the lock
- before unlocking it to avoid unlocking an unheld lock.
- Unlocking an unheld lock causes problems on NetWare. The
- other option would be to assume that close connection did
- its job. */
- apr_thread_mutex_trylock(ldc->lock);
- apr_thread_mutex_unlock(ldc->lock);
-
- return APR_SUCCESS;
-}
-
-
-/*
- * Connect to the LDAP server and binds. Does not connect if already
- * connected (i.e. ldc->ldap is non-NULL.) Does not bind if already bound.
- *
- * Returns LDAP_SUCCESS on success; and an error code on failure
- */
-int util_ldap_connection_open(util_ldap_connection_t *ldc)
-{
- int result = 0;
- int failures = 0;
-
-
-start_over:
- if (failures++ > 10) {
- /* too many failures - leave */
- return result;
- }
-
- if (!ldc->ldap) {
- ldc->bound = 0;
-
- /* opening connection to LDAP server */
- if ((ldc->ldap = ldap_init(ldc->host, ldc->port)) == NULL) {
- /* couldn't connect */
- ldc->reason = "ldap_init() failed";
- return -1;
- }
-
- /* add the cleanup to the pool */
- apr_pool_cleanup_register(ldc->pool, ldc,
- util_ldap_connection_destroy,
- apr_pool_cleanup_null);
-
- /* Set the alias dereferencing option */
-#if LDAP_VERSION_MAX == 2
- ldc->ldap->ld_deref = ldc->deref;
-#else
- result = ldap_set_option(ldc->ldap, LDAP_OPT_DEREF, &(ldc->deref));
- if (result != LDAP_SUCCESS) {
- /* setting LDAP dereference option failed */
- /* we ignore this error */
- }
-#endif /* LDAP_VERSION_MAX */
-
-#ifdef APU_HAS_LDAP_NETSCAPE_SSL
- if (ldc->netscapessl) {
- if (!ldc->certdb) {
- /* secure LDAP requested, but no CA cert defined */
- ldc->reason = "secure LDAP requested, but no CA cert defined";
- return -1;
- } else {
- result = ldapssl_install_routines(ldc->ldap);
- if (result != LDAP_SUCCESS) {
- /* SSL initialisation failed */
- ldc->reason = "ldapssl_install_routines() failed";
- return result;
- }
- result = ldap_set_option(ldc->ldap, LDAP_OPT_SSL, LDAP_OPT_ON);
- if (result != LDAP_SUCCESS) {
- /* SSL option failed */
- ldc->reason = "ldap_set_option() failed trying to set LDAP_OPT_SSL";
- return result;
- }
- }
- }
-#endif /* APU_HAS_LDAP_NETSCAPE_SSL */
-
-#ifdef APU_HAS_LDAP_STARTTLS
- if (ldc->starttls) {
- int version = LDAP_VERSION3;
-
- /* Also we have to set the connection to use protocol version 3,
- * since we're using TLS. */
- if ((result = ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION,
- &version)) != LDAP_SUCCESS) {
- /* setting LDAP version failed - ignore error */
- }
-
- /*
- * In util_ldap_connection_find, we compare ldc->withtls to
- * sec->starttls to see if we have a cache match. On the off
- * chance that apache's config processing rotines set starttls to
- * some other true value besides 1, we set it to 1 here to ensure
- * that the comparison succeeds.
- */
- ldc->starttls = 1;
-
- result = ldap_start_tls_s(ldc->ldap, NULL, NULL);
- if (result != LDAP_SUCCESS) {
- /* start TLS failed */
- ldc->withtls = 0;
- ldc->reason = "ldap_start_tls_s() failed";
- return result;
- }
- ldc->withtls = 1;
- } else {
- ldc->withtls = 0;
- }
-#endif /* APU_HAS_LDAP_STARTTLS */
- }
-
- /*
- * At this point the LDAP connection is guaranteed alive. If bound says
- * that we're bound already, we can just return.
- */
- if (ldc->bound) {
- ldc->reason = "LDAP connection open successful (already bound)";
- return LDAP_SUCCESS;
- }
-
- /*
- * Now bind with the username/password provided by the
- * configuration. It will be an anonymous bind if no u/p was
- * provided.
- */
- if ((result = ldap_simple_bind_s(ldc->ldap, ldc->binddn, ldc->bindpw))
- == LDAP_SERVER_DOWN) {
- /* couldn't connect - try again */
- ldc->reason = "ldap_simple_bind_s() failed with server down";
- goto start_over;
- }
-
- if (result != LDAP_SUCCESS) {
- /* LDAP fatal error occured */
- ldc->reason = "ldap_simple_bind_s() failed";
- return result;
- }
-
- /* note how we are bound */
- ldc->bound = 1;
-
- ldc->reason = "LDAP connection open successful";
- return LDAP_SUCCESS;
-}
-
-
-/*
- * Find an existing ldap connection struct that matches the
- * provided ldap connection parameters.
- *
- * If not found in the cache, a new ldc structure will be allocated from st->pool
- * and returned to the caller. If found in the cache, a pointer to the existing
- * ldc structure will be returned.
- */
-util_ldap_connection_t *util_ldap_connection_find(request_rec *r, const char *host, int port,
- const char *binddn, const char *bindpw, deref_options deref,
- int netscapessl, int starttls)
-{
- struct util_ldap_connection_t *l, *p; /* To traverse the linked list */
-
- util_ldap_state_t *st =
- (util_ldap_state_t *)ap_get_module_config(r->server->module_config,
- &ldap_module);
-
-
- /* mutex lock this function */
- if (!st->mutex) {
- apr_thread_mutex_create(&st->mutex, APR_THREAD_MUTEX_DEFAULT, st->pool);
- }
- apr_thread_mutex_lock(st->mutex);
-
- /* Search for an exact connection match in the list that is not
- * being used.
- */
- for (l=st->connections,p=NULL; l; l=l->next) {
- if ( (APR_SUCCESS == apr_thread_mutex_trylock(l->lock))
- && l->port == port
- && strcmp(l->host, host) == 0
- && ( (!l->binddn && !binddn) || (l->binddn && binddn && !strcmp(l->binddn, binddn)) )
- && ( (!l->bindpw && !bindpw) || (l->bindpw && bindpw && !strcmp(l->bindpw, bindpw)) )
- && l->deref == deref
-#ifdef APU_HAS_LDAP_NETSCAPE_SSL
- && l->netscapessl == netscapessl
-#endif
-#ifdef APU_HAS_LDAP_STARTTLS
- && l->withtls == starttls
-#endif
- )
- break;
- p = l;
- }
-
- /* If nothing found, search again, but we don't care about the
- * binddn and bindpw this time.
- */
- if (!l) {
- for (l=st->connections,p=NULL; l; l=l->next) {
- if ( (APR_SUCCESS == apr_thread_mutex_trylock(l->lock))
- && l->port == port
- && strcmp(l->host, host) == 0
- && l->deref == deref
-#ifdef APU_HAS_LDAP_NETSCAPE_SSL
- && l->netscapessl == netscapessl
-#endif
-#ifdef APU_HAS_LDAP_STARTTLS
- && l->withtls == starttls
-#endif
- ) {
- /* the bind credentials have changed */
- l->bound = 0;
- l->binddn = apr_pstrdup(st->pool, binddn);
- l->bindpw = apr_pstrdup(st->pool, bindpw);
- break;
- }
- p = l;
- }
- }
-
-/* artificially disable cache */
-//l = NULL;
-
- /* If no connection what found after the second search, we
- * must create one.
- */
- if (!l) {
-
- /*
- * Add the new connection entry to the linked list. Note that we
- * don't actually establish an LDAP connection yet; that happens
- * the first time authentication is requested.
- */
- /* create the details to the pool in st */
- l = apr_pcalloc(st->pool, sizeof(util_ldap_connection_t));
- apr_thread_mutex_create(&l->lock, APR_THREAD_MUTEX_DEFAULT, st->pool);
- apr_thread_mutex_lock(l->lock);
- l->pool = st->pool;
- l->bound = 0;
- l->host = apr_pstrdup(st->pool, host);
- l->port = port;
- l->deref = deref;
- l->binddn = apr_pstrdup(st->pool, binddn);
- l->bindpw = apr_pstrdup(st->pool, bindpw);
- l->netscapessl = netscapessl;
- l->starttls = starttls;
- l->withtls = 0;
-
- if (p) {
- p->next = l;
- }
- else {
- st->connections = l;
- }
- }
-
- apr_thread_mutex_unlock(st->mutex);
- return l;
-}
-
-/* ------------------------------------------------------------------ */
-
-/*
- * Compares two DNs to see if they're equal. The only way to do this correctly is to
- * search for the dn and then do ldap_get_dn() on the result. This should match the
- * initial dn, since it would have been also retrieved with ldap_get_dn(). This is
- * expensive, so if the configuration value compare_dn_on_server is
- * false, just does an ordinary strcmp.
- *
- * The lock for the ldap cache should already be acquired.
- */
-int util_ldap_cache_comparedn(request_rec *r, util_ldap_connection_t *ldc,
- const char *url, const char *dn, const char *reqdn,
- int compare_dn_on_server)
-{
- int result = 0;
- util_url_node_t *curl;
- util_url_node_t curnode;
- util_dn_compare_node_t *node;
- util_dn_compare_node_t newnode;
- int failures = 0;
- LDAPMessage *res, *entry;
- char *searchdn;
-
- util_ldap_state_t *st =
- (util_ldap_state_t *)ap_get_module_config(r->server->module_config,
- &ldap_module);
-
-
- /* read lock this function */
- if (!util_ldap_cache_lock) {
- apr_thread_rwlock_create(&util_ldap_cache_lock, st->pool);
- }
-
- /* get cache entry (or create one) */
- apr_thread_rwlock_wrlock(util_ldap_cache_lock);
- curnode.url = url;
- curl = util_ald_cache_fetch(util_ldap_cache, &curnode);
- if (curl == NULL) {
- curl = util_ald_create_caches(st, url);
- }
- apr_thread_rwlock_unlock(util_ldap_cache_lock);
-
- /* a simple compare? */
- if (!compare_dn_on_server) {
- /* unlock this read lock */
- if (strcmp(dn, reqdn)) {
- ldc->reason = "DN Comparison FALSE (direct strcmp())";
- return LDAP_COMPARE_FALSE;
- }
- else {
- ldc->reason = "DN Comparison TRUE (direct strcmp())";
- return LDAP_COMPARE_TRUE;
- }
- }
-
- /* no - it's a server side compare */
- apr_thread_rwlock_rdlock(util_ldap_cache_lock);
-
- /* is it in the compare cache? */
- newnode.reqdn = (char *)reqdn;
- node = util_ald_cache_fetch(curl->dn_compare_cache, &newnode);
- if (node != NULL) {
- /* If it's in the cache, it's good */
- /* unlock this read lock */
- apr_thread_rwlock_unlock(util_ldap_cache_lock);
- ldc->reason = "DN Comparison TRUE (cached)";
- return LDAP_COMPARE_TRUE;
- }
-
- /* unlock this read lock */
- apr_thread_rwlock_unlock(util_ldap_cache_lock);
-
-start_over:
- if (failures++ > 10) {
- /* too many failures */
- return result;
- }
-
- /* make a server connection */
- if (LDAP_SUCCESS != (result = util_ldap_connection_open(ldc))) {
- /* connect to server failed */
- return result;
- }
-
- /* search for reqdn */
- if ((result = ldap_search_ext_s(ldc->ldap, const_cast(reqdn), LDAP_SCOPE_BASE,
- "(objectclass=*)", NULL, 1,
- NULL, NULL, NULL, -1, &res)) == LDAP_SERVER_DOWN) {
- util_ldap_connection_close(ldc);
- ldc->reason = "DN Comparison ldap_search_ext_s() failed with server down";
- goto start_over;
- }
- if (result != LDAP_SUCCESS) {
- /* search for reqdn failed - no match */
- ldc->reason = "DN Comparison ldap_search_ext_s() failed";
- return result;
- }
-
- entry = ldap_first_entry(ldc->ldap, res);
- searchdn = ldap_get_dn(ldc->ldap, entry);
-
- ldap_msgfree(res);
- if (strcmp(dn, searchdn) != 0) {
- /* compare unsuccessful */
- ldc->reason = "DN Comparison FALSE (checked on server)";
- result = LDAP_COMPARE_FALSE;
- }
- else {
- /* compare successful - add to the compare cache */
- apr_thread_rwlock_rdlock(util_ldap_cache_lock);
- newnode.reqdn = (char *)reqdn;
- newnode.dn = (char *)dn;
- util_ald_cache_insert(curl->dn_compare_cache, &newnode);
- apr_thread_rwlock_unlock(util_ldap_cache_lock);
- ldc->reason = "DN Comparison TRUE (checked on server)";
- result = LDAP_COMPARE_TRUE;
- }
- ldap_memfree(searchdn);
- return result;
-
-}
-
-/*
- * Does an generic ldap_compare operation. It accepts a cache that it will use
- * to lookup the compare in the cache. We cache two kinds of compares
- * (require group compares) and (require user compares). Each compare has a different
- * cache node: require group includes the DN; require user does not because the
- * require user cache is owned by the
- *
- */
-int util_ldap_cache_compare(request_rec *r, util_ldap_connection_t *ldc,
- const char *url, const char *dn,
- const char *attrib, const char *value)
-{
- int result = 0;
- util_url_node_t *curl;
- util_url_node_t curnode;
- util_compare_node_t *compare_nodep;
- util_compare_node_t the_compare_node;
- apr_time_t curtime;
- int failures = 0;
-
- util_ldap_state_t *st =
- (util_ldap_state_t *)ap_get_module_config(r->server->module_config,
- &ldap_module);
-
-
- /* read lock this function */
- if (!util_ldap_cache_lock) {
- apr_thread_rwlock_create(&util_ldap_cache_lock, st->pool);
- }
-
- /* get cache entry (or create one) */
- apr_thread_rwlock_wrlock(util_ldap_cache_lock);
- curnode.url = url;
- curl = util_ald_cache_fetch(util_ldap_cache, &curnode);
- if (curl == NULL) {
- curl = util_ald_create_caches(st, url);
- }
- apr_thread_rwlock_unlock(util_ldap_cache_lock);
-
- /* make a comparison to the cache */
- apr_thread_rwlock_rdlock(util_ldap_cache_lock);
- curtime = apr_time_now();
-
- the_compare_node.dn = (char *)dn;
- the_compare_node.attrib = (char *)attrib;
- the_compare_node.value = (char *)value;
- the_compare_node.result = 0;
-
- compare_nodep = util_ald_cache_fetch(curl->compare_cache, &the_compare_node);
-
- if (compare_nodep != NULL) {
- /* found it... */
- if (curtime - compare_nodep->lastcompare > st->compare_cache_ttl) {
- /* ...but it is too old */
- util_ald_cache_remove(curl->compare_cache, compare_nodep);
- }
- else {
- /* ...and it is good */
- /* unlock this read lock */
- apr_thread_rwlock_unlock(util_ldap_cache_lock);
- if (LDAP_COMPARE_TRUE == compare_nodep->result) {
- ldc->reason = "Comparison true (cached)";
- return compare_nodep->result;
- }
- else if (LDAP_COMPARE_FALSE == compare_nodep->result) {
- ldc->reason = "Comparison false (cached)";
- return compare_nodep->result;
- }
- else if (LDAP_NO_SUCH_ATTRIBUTE == compare_nodep->result) {
- ldc->reason = "Comparison no such attribute (cached)";
- return compare_nodep->result;
- }
- else {
- ldc->reason = "Comparison undefined (cached)";
- return compare_nodep->result;
- }
- }
- }
- /* unlock this read lock */
- apr_thread_rwlock_unlock(util_ldap_cache_lock);
-
-
-start_over:
- if (failures++ > 10) {
- /* too many failures */
- return result;
- }
- if (LDAP_SUCCESS != (result = util_ldap_connection_open(ldc))) {
- /* connect failed */
- return result;
- }
-
- if ((result = ldap_compare_s(ldc->ldap, const_cast(dn),
- const_cast(attrib), const_cast(value)))
- == LDAP_SERVER_DOWN) {
- /* connection failed - try again */
- util_ldap_connection_close(ldc);
- ldc->reason = "ldap_compare_s() failed with server down";
- goto start_over;
- }
-
- ldc->reason = "Comparison complete";
- if ((LDAP_COMPARE_TRUE == result) ||
- (LDAP_COMPARE_FALSE == result) ||
- (LDAP_NO_SUCH_ATTRIBUTE == result)) {
- /* compare completed; caching result */
- apr_thread_rwlock_wrlock(util_ldap_cache_lock);
- the_compare_node.lastcompare = curtime;
- the_compare_node.result = result;
- util_ald_cache_insert(curl->compare_cache, &the_compare_node);
- apr_thread_rwlock_unlock(util_ldap_cache_lock);
- if (LDAP_COMPARE_TRUE == result) {
- ldc->reason = "Comparison true (adding to cache)";
- return LDAP_COMPARE_TRUE;
- }
- else if (LDAP_COMPARE_FALSE == result) {
- ldc->reason = "Comparison false (adding to cache)";
- return LDAP_COMPARE_FALSE;
- }
- else {
- ldc->reason = "Comparison no such attribute (adding to cache)";
- return LDAP_NO_SUCH_ATTRIBUTE;
- }
- }
- return result;
-}
-
-int util_ldap_cache_checkuserid(request_rec *r, util_ldap_connection_t *ldc,
- const char *url, const char *basedn, int scope, char **attrs,
- const char *filter, const char *bindpw, const char **binddn,
- const char ***retvals)
-{
- const char **vals = NULL;
- int result = 0;
- LDAPMessage *res, *entry;
- char *dn;
- int count;
- int failures = 0;
- util_url_node_t *curl; /* Cached URL node */
- util_url_node_t curnode;
- util_search_node_t *search_nodep; /* Cached search node */
- util_search_node_t the_search_node;
- apr_time_t curtime;
-
- util_ldap_state_t *st =
- (util_ldap_state_t *)ap_get_module_config(r->server->module_config,
- &ldap_module);
-
- /* read lock this function */
- if (!util_ldap_cache_lock) {
- apr_thread_rwlock_create(&util_ldap_cache_lock, st->pool);
- }
-
- /* Get the cache node for this url */
- apr_thread_rwlock_wrlock(util_ldap_cache_lock);
- curnode.url = url;
- curl = (util_url_node_t *)util_ald_cache_fetch(util_ldap_cache, &curnode);
- if (curl == NULL) {
- curl = util_ald_create_caches(st, url);
- }
- apr_thread_rwlock_unlock(util_ldap_cache_lock);
-
- apr_thread_rwlock_rdlock(util_ldap_cache_lock);
- the_search_node.username = filter;
- search_nodep = util_ald_cache_fetch(curl->search_cache, &the_search_node);
- if (search_nodep != NULL && search_nodep->bindpw) {
-
- /* found entry in search cache... */
- curtime = apr_time_now();
-
- /*
- * Remove this item from the cache if its expired, or if the
- * sent password doesn't match the storepassword.
- */
- if ((curtime - search_nodep->lastbind) > st->search_cache_ttl) {
- /* ...but entry is too old */
- util_ald_cache_remove(curl->search_cache, search_nodep);
- }
- else if (strcmp(search_nodep->bindpw, bindpw) != 0) {
- /* ...but cached password doesn't match sent password */
- util_ald_cache_remove(curl->search_cache, search_nodep);
- }
- else {
- /* ...and entry is valid */
- *binddn = search_nodep->dn;
- *retvals = search_nodep->vals;
- apr_thread_rwlock_unlock(util_ldap_cache_lock);
- ldc->reason = "Authentication successful (cached)";
- return LDAP_SUCCESS;
- }
- }
- /* unlock this read lock */
- apr_thread_rwlock_unlock(util_ldap_cache_lock);
-
-
- /*
- * At this point, there is no valid cached search, so lets do the search.
- */
-
- /*
- * If any LDAP operation fails due to LDAP_SERVER_DOWN, control returns here.
- */
-start_over:
- if (failures++ > 10) {
- return result;
- }
- if (LDAP_SUCCESS != (result = util_ldap_connection_open(ldc))) {
- return result;
- }
-
- /* try do the search */
- if ((result = ldap_search_ext_s(ldc->ldap,
- basedn, scope,
- filter, attrs, 0,
- NULL, NULL, NULL, -1, &res)) == LDAP_SERVER_DOWN) {
- ldc->reason = "ldap_search_ext_s() for user failed with server down";
- goto start_over;
- }
-
- /* if there is an error (including LDAP_NO_SUCH_OBJECT) return now */
- if (result != LDAP_SUCCESS) {
- ldc->reason = "ldap_search_ext_s() for user failed";
- return result;
- }
-
- /*
- * We should have found exactly one entry; to find a different
- * number is an error.
- */
- count = ldap_count_entries(ldc->ldap, res);
- if (count != 1) {
- ldap_msgfree(res);
- ldc->reason = "User is not unique (search found two or more matches)";
- return LDAP_NO_SUCH_OBJECT;
- }
-
- entry = ldap_first_entry(ldc->ldap, res);
-
- /* Grab the dn, copy it into the pool, and free it again */
- dn = ldap_get_dn(ldc->ldap, entry);
- *binddn = apr_pstrdup(st->pool, dn);
- ldap_memfree(dn);
-
- /*
- * A bind to the server with an empty password always succeeds, so
- * we check to ensure that the password is not empty. This implies
- * that users who actually do have empty passwords will never be
- * able to authenticate with this module. I don't see this as a big
- * problem.
- */
- if (strlen(bindpw) <= 0) {
- ldap_msgfree(res);
- ldc->reason = "Empty password not allowed";
- return LDAP_INVALID_CREDENTIALS;
- }
-
- /*
- * Attempt to bind with the retrieved dn and the password. If the bind
- * fails, it means that the password is wrong (the dn obviously
- * exists, since we just retrieved it)
- */
- if ((result =
- ldap_simple_bind_s(ldc->ldap, *binddn, bindpw)) ==
- LDAP_SERVER_DOWN) {
- ldc->reason = "ldap_simple_bind_s() to check user credentials failed with server down";
- goto start_over;
- }
-
- /* failure? if so - return */
- if (result != LDAP_SUCCESS) {
- ldc->reason = "ldap_simple_bind_s() to check user credentials failed";
- return result;
- }
-
- /*
- * Get values for the provided attributes.
- */
- if (attrs) {
- int k = 0;
- int i = 0;
- while (attrs[k++]);
- vals = apr_pcalloc(r->pool, sizeof(char *) * (k+1));
- while (attrs[i]) {
- char **values;
- int j = 0;
- char *str = NULL;
- /* get values */
- values = ldap_get_values(ldc->ldap, entry, attrs[i]);
- while (values && values[j]) {
- str = str ? apr_pstrcat(r->pool, str, "; ", values[j], NULL) : apr_pstrdup(r->pool, values[j]);
- j++;
- }
- vals[i] = str;
- i++;
- }
- *retvals = vals;
- }
-
- /*
- * Add the new username to the search cache.
- */
- apr_thread_rwlock_wrlock(util_ldap_cache_lock);
- the_search_node.username = filter;
- the_search_node.dn = *binddn;
- the_search_node.bindpw = bindpw;
- the_search_node.lastbind = apr_time_now();
- the_search_node.vals = vals;
- util_ald_cache_insert(curl->search_cache, &the_search_node);
- ldap_msgfree(res);
- apr_thread_rwlock_unlock(util_ldap_cache_lock);
-
- ldc->reason = "Authentication successful";
- return LDAP_SUCCESS;
-}
-
-
-
-/* ---------------------------------------- */
-/* config directives */
-
-
-static const char *util_ldap_set_cache_bytes(cmd_parms *cmd, void *dummy, const char *bytes)
-{
- util_ldap_state_t *st =
- (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config,
- &ldap_module);
-
- st->cache_bytes = atol(bytes);
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
- "[%d] ldap cache: Setting shared memory cache size to %d bytes.",
- getpid(), st->cache_bytes);
-
- return NULL;
-}
-
-static const char *util_ldap_set_cache_ttl(cmd_parms *cmd, void *dummy, const char *ttl)
-{
- util_ldap_state_t *st =
- (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config,
- &ldap_module);
-
- st->search_cache_ttl = atol(ttl) * 1000000;
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
- "[%d] ldap cache: Setting cache TTL to %ld microseconds.",
- getpid(), st->search_cache_ttl);
-
- return NULL;
-}
-
-static const char *util_ldap_set_cache_entries(cmd_parms *cmd, void *dummy, const char *size)
-{
- util_ldap_state_t *st =
- (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config,
- &ldap_module);
-
-
- st->search_cache_size = atol(size);
- if (st->search_cache_size < 0) {
- st->search_cache_size = 0;
- }
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
- "[%d] ldap cache: Setting search cache size to %ld entries.",
- getpid(), st->search_cache_size);
-
- return NULL;
-}
-
-static const char *util_ldap_set_opcache_ttl(cmd_parms *cmd, void *dummy, const char *ttl)
-{
- util_ldap_state_t *st =
- (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config,
- &ldap_module);
-
- st->compare_cache_ttl = atol(ttl) * 1000000;
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
- "[%d] ldap cache: Setting operation cache TTL to %ld microseconds.",
- getpid(), st->compare_cache_ttl);
-
- return NULL;
-}
-
-static const char *util_ldap_set_opcache_entries(cmd_parms *cmd, void *dummy, const char *size)
-{
- util_ldap_state_t *st =
- (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config,
- &ldap_module);
-
- st->compare_cache_size = atol(size);
- if (st->compare_cache_size < 0) {
- st->compare_cache_size = 0;
- }
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
- "[%d] ldap cache: Setting operation cache size to %ld entries.",
- getpid(), st->compare_cache_size);
-
- return NULL;
-}
-
-#ifdef APU_HAS_LDAPSSL_CLIENT_INIT
-static const char *util_ldap_set_certdbpath(cmd_parms *cmd, void *dummy, const char *path)
-{
- util_ldap_state_t *st =
- (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config,
- &ldap_module);
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
- "[%d] ldap cache: Setting LDAP SSL client certificate dbpath to %s.",
- getpid(), path);
-
- st->have_certdb = 1;
- if (ldapssl_client_init(path, NULL) != 0) {
- return "Could not initialize SSL client";
- }
- else {
- return NULL;
- }
-}
-#endif
-
-void *util_ldap_create_config(apr_pool_t *p, server_rec *s)
-{
- util_ldap_state_t *st =
- (util_ldap_state_t *)apr_pcalloc(p, sizeof(util_ldap_state_t));
-
- st->pool = p;
-
- st->cache_bytes = 100000;
- st->search_cache_ttl = 600000000;
- st->search_cache_size = 1024;
- st->compare_cache_ttl = 600000000;
- st->compare_cache_size = 1024;
-
- st->connections = NULL;
-#ifdef APU_HAS_LDAP_NETSCAPE_SSL
- st->have_certdb = 0;
-#endif
-
- return st;
-}
-
-static void util_ldap_init_module(apr_pool_t *pool, server_rec *s)
-{
- util_ldap_state_t *st =
- (util_ldap_state_t *)ap_get_module_config(s->module_config,
- &ldap_module);
-
- apr_status_t result = util_ldap_cache_init(pool, st->cache_bytes);
- char buf[MAX_STRING_LEN];
-
- apr_strerror(result, buf, sizeof(buf));
- ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, result, s,
- "[%d] ldap cache init: %s",
- getpid(), buf);
-}
-
-
-command_rec util_ldap_cmds[] = {
- AP_INIT_TAKE1("LDAPSharedCacheSize", util_ldap_set_cache_bytes, NULL, RSRC_CONF,
- "Sets the size of the shared memory cache in bytes. "
- "Zero means disable the shared memory cache. Defaults to 100KB."),
-
- AP_INIT_TAKE1("LDAPCacheEntries", util_ldap_set_cache_entries, NULL, RSRC_CONF,
- "Sets the maximum number of entries that are possible in the LDAP "
- "search cache. "
- "Zero means no limit; -1 disables the cache. Defaults to 1024 entries."),
-
- AP_INIT_TAKE1("LDAPCacheTTL", util_ldap_set_cache_ttl, NULL, RSRC_CONF,
- "Sets the maximum time (in seconds) that an item can be cached in the LDAP "
- "search cache. Zero means no limit. Defaults to 600 seconds (10 minutes)."),
-
- AP_INIT_TAKE1("LDAPOpCacheEntries", util_ldap_set_opcache_entries, NULL, RSRC_CONF,
- "Sets the maximum number of entries that are possible in the LDAP "
- "compare cache. "
- "Zero means no limit; -1 disables the cache. Defaults to 1024 entries."),
-
- AP_INIT_TAKE1("LDAPOpCacheTTL", util_ldap_set_opcache_ttl, NULL, RSRC_CONF,
- "Sets the maximum time (in seconds) that an item is cached in the LDAP "
- "operation cache. Zero means no limit. Defaults to 600 seconds (10 minutes)."),
-
-#ifdef APU_HAS_LDAPSSL_CLIENT_INIT
- AP_INIT_TAKE1("LDAPCertDBPath", util_ldap_set_certdbpath, NULL, RSRC_CONF,
- "Specifies the file containing Certificate Authority certificates "
- "for validating secure LDAP server certificates. This file must be the "
- "cert7.db database used by Netscape Communicator"),
-#endif
-
- {NULL}
-};
-
-static void util_ldap_register_hooks(apr_pool_t *p)
-{
- ap_hook_child_init(util_ldap_init_module, NULL, NULL, APR_HOOK_MIDDLE);
- ap_hook_handler(util_ldap_handler, NULL, NULL, APR_HOOK_MIDDLE);
-}
-
-module ldap_module = {
- STANDARD20_MODULE_STUFF,
- NULL, /* dir config creater */
- NULL, /* dir merger --- default is to override */
- util_ldap_create_config, /* server config */
- NULL, /* merge server config */
- util_ldap_cmds, /* command table */
- util_ldap_register_hooks, /* set up request processing hooks */
-};
diff --git a/modules/experimental/util_ldap.def b/modules/experimental/util_ldap.def
deleted file mode 100644
index d1fac89b35..0000000000
--- a/modules/experimental/util_ldap.def
+++ /dev/null
@@ -1,6 +0,0 @@
-EXPORT ldap_module
-EXPORT util_ldap_connection_find
-EXPORT util_ldap_connection_close
-EXPORT util_ldap_cache_checkuserid
-EXPORT util_ldap_cache_compare
-EXPORT util_ldap_cache_comparedn
diff --git a/modules/experimental/util_ldap_cache.c b/modules/experimental/util_ldap_cache.c
deleted file mode 100644
index 0414f4d4e7..0000000000
--- a/modules/experimental/util_ldap_cache.c
+++ /dev/null
@@ -1,321 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2001 The Apache Software Foundation. All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- * if any, must include the following acknowledgment:
- * "This product includes software developed by the
- * Apache Software Foundation (http://www.apache.org/)."
- * Alternately, this acknowledgment may appear in the software itself,
- * if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- * not be used to endorse or promote products derived from this
- * software without prior written permission. For written
- * permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- * nor may "Apache" appear in their name, without prior written
- * permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation. For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- */
-
-/*
- * util_ldap_cache.c: LDAP cache things
- *
- * Original code from auth_ldap module for Apache v1.3:
- * Copyright 1998, 1999 Enbridge Pipelines Inc.
- * Copyright 1999-2001 Dave Carrigan
- */
-
-#include <apr_ldap.h>
-#include "util_ldap.h"
-#include "util_ldap_cache.h"
-
-#ifdef APU_HAS_LDAP
-
-
-
-
-/* ------------------------------------------------------------------ */
-
-unsigned long util_ldap_url_node_hash(void *n)
-{
- util_url_node_t *node = (util_url_node_t *)n;
- return util_ald_hash_string(1, node->url);
-}
-
-int util_ldap_url_node_compare(void *a, void *b)
-{
- util_url_node_t *na = (util_url_node_t *)a;
- util_url_node_t *nb = (util_url_node_t *)b;
-
- return(strcmp(na->url, nb->url) == 0);
-}
-
-void *util_ldap_url_node_copy(void *c)
-{
- util_url_node_t *n = (util_url_node_t *)c;
- util_url_node_t *node = (util_url_node_t *)util_ald_alloc(sizeof(util_url_node_t));
-
- if (node) {
- if (!(node->url = util_ald_strdup(n->url))) {
- util_ald_free(node->url);
- return NULL;
- }
- node->search_cache = n->search_cache;
- node->compare_cache = n->compare_cache;
- node->dn_compare_cache = n->dn_compare_cache;
- return node;
- }
- else {
- return NULL;
- }
-}
-
-void util_ldap_url_node_free(void *n)
-{
- util_url_node_t *node = (util_url_node_t *)n;
-
- util_ald_free(node->url);
- util_ald_destroy_cache(node->search_cache);
- util_ald_destroy_cache(node->compare_cache);
- util_ald_destroy_cache(node->dn_compare_cache);
- util_ald_free(node);
-}
-
-/* ------------------------------------------------------------------ */
-
-/* Cache functions for search nodes */
-unsigned long util_ldap_search_node_hash(void *n)
-{
- util_search_node_t *node = (util_search_node_t *)n;
- return util_ald_hash_string(1, ((util_search_node_t *)(node))->username);
-}
-
-int util_ldap_search_node_compare(void *a, void *b)
-{
- return(strcmp(((util_search_node_t *)a)->username,
- ((util_search_node_t *)b)->username) == 0);
-}
-
-void *util_ldap_search_node_copy(void *c)
-{
- util_search_node_t *node = (util_search_node_t *)c;
- util_search_node_t *newnode = util_ald_alloc(sizeof(util_search_node_t));
-
- /* safety check */
- if (newnode) {
-
- /* copy vals */
- if (node->vals) {
- int k = 0;
- int i = 0;
- while (node->vals[k++]);
- if (!(newnode->vals = util_ald_alloc(sizeof(char *) * (k+1)))) {
- util_ldap_search_node_free(newnode);
- return NULL;
- }
- while (node->vals[i]) {
- if (!(newnode->vals[i] = util_ald_strdup(node->vals[i]))) {
- util_ldap_search_node_free(newnode);
- return NULL;
- }
- i++;
- }
- }
- else {
- newnode->vals = NULL;
- }
- if (!(newnode->username = util_ald_strdup(node->username)) ||
- !(newnode->dn = util_ald_strdup(node->dn)) ||
- !(newnode->bindpw = util_ald_strdup(node->bindpw)) ) {
- util_ldap_search_node_free(newnode);
- return NULL;
- }
- newnode->lastbind = node->lastbind;
-
- }
- return (void *)newnode;
-}
-
-void util_ldap_search_node_free(void *n)
-{
- int i = 0;
- util_search_node_t *node = (util_search_node_t *)n;
- if (node->vals) {
- while (node->vals[i]) {
- util_ald_free(node->vals[i++]);
- }
- util_ald_free(node->vals);
- }
- util_ald_free(node->username);
- util_ald_free(node->dn);
- util_ald_free(node->bindpw);
- util_ald_free(node);
-}
-
-/* ------------------------------------------------------------------ */
-
-unsigned long util_ldap_compare_node_hash(void *n)
-{
- util_compare_node_t *node = (util_compare_node_t *)n;
- return util_ald_hash_string(3, node->dn, node->attrib, node->value);
-}
-
-int util_ldap_compare_node_compare(void *a, void *b)
-{
- util_compare_node_t *na = (util_compare_node_t *)a;
- util_compare_node_t *nb = (util_compare_node_t *)b;
- return (strcmp(na->dn, nb->dn) == 0 &&
- strcmp(na->attrib, nb->attrib) == 0 &&
- strcmp(na->value, nb->value) == 0);
-}
-
-void *util_ldap_compare_node_copy(void *c)
-{
- util_compare_node_t *n = (util_compare_node_t *)c;
- util_compare_node_t *node = (util_compare_node_t *)util_ald_alloc(sizeof(util_compare_node_t));
-
- if (node) {
- if (!(node->dn = util_ald_strdup(n->dn)) ||
- !(node->attrib = util_ald_strdup(n->attrib)) ||
- !(node->value = util_ald_strdup(n->value))) {
- util_ldap_compare_node_free(node);
- return NULL;
- }
- node->lastcompare = n->lastcompare;
- node->result = n->result;
- return node;
- }
- else {
- return NULL;
- }
-}
-
-void util_ldap_compare_node_free(void *n)
-{
- util_compare_node_t *node = (util_compare_node_t *)n;
- util_ald_free(node->dn);
- util_ald_free(node->attrib);
- util_ald_free(node->value);
- util_ald_free(node);
-}
-
-/* ------------------------------------------------------------------ */
-
-unsigned long util_ldap_dn_compare_node_hash(void *n)
-{
- return util_ald_hash_string(1, ((util_dn_compare_node_t *)n)->reqdn);
-}
-
-int util_ldap_dn_compare_node_compare(void *a, void *b)
-{
- return (strcmp(((util_dn_compare_node_t *)a)->reqdn,
- ((util_dn_compare_node_t *)b)->reqdn) == 0);
-}
-
-void *util_ldap_dn_compare_node_copy(void *c)
-{
- util_dn_compare_node_t *n = (util_dn_compare_node_t *)c;
- util_dn_compare_node_t *node = (util_dn_compare_node_t *)util_ald_alloc(sizeof(util_dn_compare_node_t));
- if (node) {
- if (!(node->reqdn = util_ald_strdup(n->reqdn)) ||
- !(node->dn = util_ald_strdup(n->dn))) {
- util_ldap_dn_compare_node_free(node);
- return NULL;
- }
- return node;
- }
- else {
- return NULL;
- }
-}
-
-void util_ldap_dn_compare_node_free(void *n)
-{
- util_dn_compare_node_t *node = (util_dn_compare_node_t *)n;
- util_ald_free(node->reqdn);
- util_ald_free(node->dn);
- util_ald_free(node);
-}
-
-
-/* ------------------------------------------------------------------ */
-apr_status_t util_ldap_cache_child_kill(void *data);
-apr_status_t util_ldap_cache_module_kill(void *data);
-
-apr_status_t util_ldap_cache_module_kill(void *data)
-{
-#if APR_HAS_SHARED_MEMORY
- if (util_ldap_shm != NULL) {
- apr_status_t result = apr_shm_destroy(util_ldap_shm);
- util_ldap_shm = NULL;
- return result;
- }
-#endif
- util_ald_destroy_cache(util_ldap_cache);
- return APR_SUCCESS;
-}
-
-apr_status_t util_ldap_cache_init(apr_pool_t *pool, apr_size_t reqsize)
-{
- apr_anylock_t rmm_lock;
-
-#if APR_HAS_SHARED_MEMORY
- apr_status_t result;
-
- result = apr_shm_create(&util_ldap_shm, reqsize, "/tmp/ldap_cache", pool);
- if (result != APR_SUCCESS) {
- return result;
- }
-
- /* This will create a rmm "handler" to get into the shared memory area */
- apr_rmm_init(&util_ldap_rmm, &rmm_lock,
- (void *)apr_shm_baseaddr_get(util_ldap_shm), reqsize, pool);
-#endif
-
- apr_pool_cleanup_register(pool, NULL, util_ldap_cache_module_kill, apr_pool_cleanup_null);
-
- util_ldap_cache = util_ald_create_cache(50,
- util_ldap_url_node_hash,
- util_ldap_url_node_compare,
- util_ldap_url_node_copy,
- util_ldap_url_node_free);
- return APR_SUCCESS;
-}
-
-
-#endif /* APU_HAS_LDAP */
diff --git a/modules/experimental/util_ldap_cache.h b/modules/experimental/util_ldap_cache.h
deleted file mode 100644
index f2be43d024..0000000000
--- a/modules/experimental/util_ldap_cache.h
+++ /dev/null
@@ -1,216 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2001 The Apache Software Foundation. All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- * if any, must include the following acknowledgment:
- * "This product includes software developed by the
- * Apache Software Foundation (http://www.apache.org/)."
- * Alternately, this acknowledgment may appear in the software itself,
- * if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- * not be used to endorse or promote products derived from this
- * software without prior written permission. For written
- * permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- * nor may "Apache" appear in their name, without prior written
- * permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation. For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- */
-
-
-#ifndef APU_LDAP_CACHE_H
-#define APU_LDAP_CACHE_H
-
-/*
- * This switches LDAP support on or off.
- */
-
-/* this whole thing disappears if LDAP is not enabled */
-#ifdef APU_HAS_LDAP
-
-
-/*
- * LDAP Cache Manager
- */
-
-#include <apr_shm.h>
-#include <apr_rmm.h> /* EDD */
-
-typedef struct util_cache_node_t {
- void *payload; /* Pointer to the payload */
- time_t add_time; /* Time node was added to cache */
- struct util_cache_node_t *next;
-} util_cache_node_t;
-
-typedef struct util_ald_cache_t {
- unsigned long size; /* Size of cache array */
- unsigned long maxentries; /* Maximum number of cache entries */
- unsigned long numentries; /* Current number of cache entries */
- unsigned long fullmark; /* Used to keep track of when cache becomes 3/4 full */
- time_t marktime; /* Time that the cache became 3/4 full */
- unsigned long (*hash)(void *); /* Func to hash the payload */
- int (*compare)(void *, void *); /* Func to compare two payloads */
- void * (*copy)(void *); /* Func to alloc mem and copy payload to new mem */
- void (*free)(void *); /* Func to free mem used by the payload */
- util_cache_node_t **nodes;
-
- unsigned long numpurges; /* No. of times the cache has been purged */
- double avg_purgetime; /* Average time to purge the cache */
- time_t last_purge; /* Time of the last purge */
- unsigned long npurged; /* Number of elements purged in last purge. This is not
- obvious: it won't be 3/4 the size of the cache if
- there were a lot of expired entries. */
-
- unsigned long fetches; /* Number of fetches */
- unsigned long hits; /* Number of cache hits */
- unsigned long inserts; /* Number of inserts */
- unsigned long removes; /* Number of removes */
-} util_ald_cache_t;
-
-#if APR_HAS_SHARED_MEMORY
-apr_shm_t *util_ldap_shm;
-apr_rmm_t *util_ldap_rmm;
-#endif
-util_ald_cache_t *util_ldap_cache;
-apr_thread_rwlock_t *util_ldap_cache_lock;
-
-#ifndef WIN32
-#define ALD_MM_FILE_MODE ( S_IRUSR|S_IWUSR )
-#else
-#define ALD_MM_FILE_MODE ( _S_IREAD|_S_IWRITE )
-#endif
-
-
-/*
- * LDAP Cache
- */
-
-/*
- * Maintain a cache of LDAP URLs that the server handles. Each node in
- * the cache contains the search cache for that URL, and a compare cache
- * for the URL. The compare cash is populated when doing require group
- * compares.
- */
-typedef struct util_url_node_t {
- const char *url;
- util_ald_cache_t *search_cache;
- util_ald_cache_t *compare_cache;
- util_ald_cache_t *dn_compare_cache;
-} util_url_node_t;
-
-/*
- * We cache every successful search and bind operation, using the username
- * as the key. Each node in the cache contains the returned DN, plus the
- * password used to bind.
- */
-typedef struct util_search_node_t {
- const char *username; /* Cache key */
- const char *dn; /* DN returned from search */
- const char *bindpw; /* The most recently used bind password;
- NULL if the bind failed */
- apr_time_t lastbind; /* Time of last successful bind */
- const char **vals; /* Values of queried attributes */
-} util_search_node_t;
-
-/*
- * We cache every successful compare operation, using the DN, attrib, and
- * value as the key.
- */
-typedef struct util_compare_node_t {
- const char *dn; /* DN, attrib and value combine to be the key */
- const char *attrib;
- const char *value;
- apr_time_t lastcompare;
- int result;
-} util_compare_node_t;
-
-/*
- * We cache every successful compare dn operation, using the dn in the require
- * statement and the dn fetched based on the client-provided username.
- */
-typedef struct util_dn_compare_node_t {
- const char *reqdn; /* The DN in the require dn statement */
- const char *dn; /* The DN found in the search */
-} util_dn_compare_node_t;
-
-
-/*
- * Function prototypes for LDAP cache
- */
-
-/* util_ldap_cache.c */
-unsigned long util_ldap_url_node_hash(void *n);
-int util_ldap_url_node_compare(void *a, void *b);
-void *util_ldap_url_node_copy(void *c);
-void util_ldap_url_node_free(void *n);
-unsigned long util_ldap_search_node_hash(void *n);
-int util_ldap_search_node_compare(void *a, void *b);
-void *util_ldap_search_node_copy(void *c);
-void util_ldap_search_node_free(void *n);
-unsigned long util_ldap_compare_node_hash(void *n);
-int util_ldap_compare_node_compare(void *a, void *b);
-void *util_ldap_compare_node_copy(void *c);
-void util_ldap_compare_node_free(void *n);
-unsigned long util_ldap_dn_compare_node_hash(void *n);
-int util_ldap_dn_compare_node_compare(void *a, void *b);
-void *util_ldap_dn_compare_node_copy(void *c);
-void util_ldap_dn_compare_node_free(void *n);
-
-
-/* util_ldap_cache_mgr.c */
-
-void util_ald_free(const void *ptr);
-void *util_ald_alloc(unsigned long size);
-const char *util_ald_strdup(const char *s);
-unsigned long util_ald_hash_string(int nstr, ...);
-void util_ald_cache_purge(util_ald_cache_t *cache);
-util_url_node_t *util_ald_create_caches(util_ldap_state_t *s, const char *url);
-util_ald_cache_t *util_ald_create_cache(unsigned long maxentries,
- unsigned long (*hashfunc)(void *),
- int (*comparefunc)(void *, void *),
- void * (*copyfunc)(void *),
- void (*freefunc)(void *));
-void util_ald_destroy_cache(util_ald_cache_t *cache);
-void *util_ald_cache_fetch(util_ald_cache_t *cache, void *payload);
-void util_ald_cache_insert(util_ald_cache_t *cache, void *payload);
-void util_ald_cache_remove(util_ald_cache_t *cache, void *payload);
-char *util_ald_cache_display_stats(apr_pool_t *p, util_ald_cache_t *cache,
- char *name);
-
-#endif /* APU_HAS_LDAP */
-#endif /* APU_LDAP_CACHE_H */
diff --git a/modules/experimental/util_ldap_cache_mgr.c b/modules/experimental/util_ldap_cache_mgr.c
deleted file mode 100644
index f2a65d9132..0000000000
--- a/modules/experimental/util_ldap_cache_mgr.c
+++ /dev/null
@@ -1,538 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2001 The Apache Software Foundation. All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- * if any, must include the following acknowledgment:
- * "This product includes software developed by the
- * Apache Software Foundation (http://www.apache.org/)."
- * Alternately, this acknowledgment may appear in the software itself,
- * if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- * not be used to endorse or promote products derived from this
- * software without prior written permission. For written
- * permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- * nor may "Apache" appear in their name, without prior written
- * permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation. For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- */
-
-/*
- * util_ldap_cache_mgr.c: LDAP cache manager things
- *
- * Original code from auth_ldap module for Apache v1.3:
- * Copyright 1998, 1999 Enbridge Pipelines Inc.
- * Copyright 1999-2001 Dave Carrigan
- */
-
-#include <apr_ldap.h>
-#include "util_ldap.h"
-#include "util_ldap_cache.h"
-#include <apr_strings.h>
-
-#ifdef APU_HAS_LDAP
-
-/* only here until strdup is gone */
-#include <string.h>
-
-/* here till malloc is gone */
-#include <stdlib.h>
-
-static const int primes[] =
-{
- 11,
- 19,
- 37,
- 73,
- 109,
- 163,
- 251,
- 367,
- 557,
- 823,
- 1237,
- 1861,
- 2777,
- 4177,
- 6247,
- 9371,
- 14057,
- 21089,
- 31627,
- 47431,
- 71143,
- 106721,
- 160073,
- 240101,
- 360163,
- 540217,
- 810343,
- 1215497,
- 1823231,
- 2734867,
- 4102283,
- 6153409,
- 9230113,
- 13845163,
- 0
-};
-
-void util_ald_free(const void *ptr)
-{
-#if APR_HAS_SHARED_MEMORY
- if (util_ldap_shm) {
- if (ptr)
- apr_rmm_free(util_ldap_rmm, apr_rmm_offset_get(util_ldap_rmm, (void *)ptr));
- } else {
- if (ptr)
- free((void *)ptr);
- }
-#else
- if (ptr)
- free((void *)ptr);
-#endif
-}
-
-void *util_ald_alloc(unsigned long size)
-{
- if (0 == size)
- return NULL;
-#if APR_HAS_SHARED_MEMORY
- if (util_ldap_shm) {
- return (void *)apr_rmm_addr_get(util_ldap_rmm, apr_rmm_calloc(util_ldap_rmm, size));
- } else {
- return (void *)calloc(sizeof(char), size);
- }
-#else
- return (void *)calloc(sizeof(char), size);
-#endif
-}
-
-const char *util_ald_strdup(const char *s)
-{
-#if APR_HAS_SHARED_MEMORY
- if (util_ldap_shm) {
- char *buf = (char *)apr_rmm_addr_get(util_ldap_rmm, apr_rmm_calloc(util_ldap_rmm, strlen(s)+1));
- if (buf) {
- strcpy(buf, s);
- return buf;
- }
- else {
- return NULL;
- }
- } else {
- return strdup(s);
- }
-#else
- return strdup(s);
-#endif
-}
-
-
-/*
- * Computes the hash on a set of strings. The first argument is the number
- * of strings to hash, the rest of the args are strings.
- * Algorithm taken from glibc.
- */
-unsigned long util_ald_hash_string(int nstr, ...)
-{
- int i;
- va_list args;
- unsigned long h=0, g;
- char *str, *p;
-
- va_start(args, nstr);
- for (i=0; i < nstr; ++i) {
- str = va_arg(args, char *);
- for (p = str; *p; ++p) {
- h = ( h << 4 ) + *p;
- if ( ( g = h & 0xf0000000 ) ) {
- h = h ^ (g >> 24);
- h = h ^ g;
- }
- }
- }
- va_end(args);
-
- return h;
-}
-
-
-/*
- Purges a cache that has gotten full. We keep track of the time that we
- added the entry that made the cache 3/4 full, then delete all entries
- that were added before that time. It's pretty simplistic, but time to
- purge is only O(n), which is more important.
-*/
-void util_ald_cache_purge(util_ald_cache_t *cache)
-{
- int i;
- util_cache_node_t *p, *q;
- apr_time_t t;
-
- if (!cache)
- return;
-
- cache->last_purge = apr_time_now();
- cache->npurged = 0;
- cache->numpurges++;
-
- for (i=0; i < cache->size; ++i) {
- p = cache->nodes[i];
- while (p != NULL) {
- if (p->add_time < cache->marktime) {
- q = p->next;
- (*cache->free)(p->payload);
- util_ald_free(p);
- cache->numentries--;
- cache->npurged++;
- p = q;
- }
- else {
- p = p->next;
- }
- }
- }
-
- t = apr_time_now();
- cache->avg_purgetime =
- ((t - cache->last_purge) + (cache->avg_purgetime * (cache->numpurges-1))) /
- cache->numpurges;
-}
-
-
-/*
- * create caches
- */
-util_url_node_t *util_ald_create_caches(util_ldap_state_t *st, const char *url)
-{
- util_url_node_t *curl = NULL;
- util_ald_cache_t *search_cache;
- util_ald_cache_t *compare_cache;
- util_ald_cache_t *dn_compare_cache;
-
- /* create the three caches */
- search_cache = util_ald_create_cache(st->search_cache_size,
- util_ldap_search_node_hash,
- util_ldap_search_node_compare,
- util_ldap_search_node_copy,
- util_ldap_search_node_free);
- compare_cache = util_ald_create_cache(st->compare_cache_size,
- util_ldap_compare_node_hash,
- util_ldap_compare_node_compare,
- util_ldap_compare_node_copy,
- util_ldap_compare_node_free);
- dn_compare_cache = util_ald_create_cache(st->compare_cache_size,
- util_ldap_dn_compare_node_hash,
- util_ldap_dn_compare_node_compare,
- util_ldap_dn_compare_node_copy,
- util_ldap_dn_compare_node_free);
-
- /* check that all the caches initialised successfully */
- if (search_cache && compare_cache && dn_compare_cache) {
-
- curl = (util_url_node_t *)apr_pcalloc(st->pool, sizeof(util_url_node_t));
- curl->url = url;
- curl->search_cache = search_cache;
- curl->compare_cache = compare_cache;
- curl->dn_compare_cache = dn_compare_cache;
-
- util_ald_cache_insert(util_ldap_cache, curl);
-
- }
-
- return curl;
-}
-
-
-util_ald_cache_t *util_ald_create_cache(unsigned long maxentries,
- unsigned long (*hashfunc)(void *),
- int (*comparefunc)(void *, void *),
- void * (*copyfunc)(void *),
- void (*freefunc)(void *))
-{
- util_ald_cache_t *cache;
- int i;
-
- if (maxentries <= 0)
- return NULL;
-
- cache = (util_ald_cache_t *)util_ald_alloc(sizeof(util_ald_cache_t));
- if (!cache)
- return NULL;
-
- cache->maxentries = maxentries;
- cache->numentries = 0;
- cache->size = maxentries / 3;
- if (cache->size < 64) cache->size = 64;
- for (i = 0; primes[i] && primes[i] < cache->size; ++i) ;
- cache->size = primes[i]? primes[i] : primes[i-1];
-
- cache->nodes = (util_cache_node_t **)util_ald_alloc(cache->size * sizeof(util_cache_node_t *));
- if (!cache->nodes) {
- util_ald_free(cache);
- return NULL;
- }
-
- for (i=0; i < cache->size; ++i)
- cache->nodes[i] = NULL;
-
- cache->hash = hashfunc;
- cache->compare = comparefunc;
- cache->copy = copyfunc;
- cache->free = freefunc;
-
- cache->fullmark = cache->maxentries / 4 * 3;
- cache->marktime = 0;
- cache->avg_purgetime = 0.0;
- cache->numpurges = 0;
- cache->last_purge = 0;
- cache->npurged = 0;
-
- cache->fetches = 0;
- cache->hits = 0;
- cache->inserts = 0;
- cache->removes = 0;
-
- return cache;
-}
-
-void util_ald_destroy_cache(util_ald_cache_t *cache)
-{
- int i;
- util_cache_node_t *p, *q;
-
- if (cache == NULL)
- return;
-
- for (i = 0; i < cache->size; ++i) {
- p = cache->nodes[i];
- q = NULL;
- while (p != NULL) {
- q = p->next;
- (*cache->free)(p->payload);
- util_ald_free(p);
- p = q;
- }
- }
- util_ald_free(cache->nodes);
- util_ald_free(cache);
-}
-
-void *util_ald_cache_fetch(util_ald_cache_t *cache, void *payload)
-{
- int hashval;
- util_cache_node_t *p;
-
- if (cache == NULL)
- return NULL;
-
- cache->fetches++;
-
- hashval = (*cache->hash)(payload) % cache->size;
- for (p = cache->nodes[hashval];
- p && !(*cache->compare)(p->payload, payload);
- p = p->next) ;
-
- if (p != NULL) {
- cache->hits++;
- return p->payload;
- }
- else {
- return NULL;
- }
-}
-
-/*
- * Insert an item into the cache.
- * *** Does not catch duplicates!!! ***
- */
-void util_ald_cache_insert(util_ald_cache_t *cache, void *payload)
-{
- int hashval;
- util_cache_node_t *node;
-
- if (cache == NULL || payload == NULL)
- return;
-
- cache->inserts++;
- hashval = (*cache->hash)(payload) % cache->size;
- node = (util_cache_node_t *)util_ald_alloc(sizeof(util_cache_node_t));
- node->add_time = apr_time_now();
- node->payload = (*cache->copy)(payload);
- node->next = cache->nodes[hashval];
- cache->nodes[hashval] = node;
- if (++cache->numentries == cache->fullmark)
- cache->marktime=apr_time_now();
- if (cache->numentries >= cache->maxentries)
- util_ald_cache_purge(cache);
-}
-
-void util_ald_cache_remove(util_ald_cache_t *cache, void *payload)
-{
- int hashval;
- util_cache_node_t *p, *q;
-
- if (cache == NULL)
- return;
-
- cache->removes++;
- hashval = (*cache->hash)(payload) % cache->size;
- for (p = cache->nodes[hashval], q=NULL;
- p && !(*cache->compare)(p->payload, payload);
- p = p->next) {
- q = p;
- }
-
- /* If p is null, it means that we couldn't find the node, so just return */
- if (p == NULL)
- return;
-
- if (q == NULL) {
- /* We found the node, and it's the first in the list */
- cache->nodes[hashval] = p->next;
- }
- else {
- /* We found the node and it's not the first in the list */
- q->next = p->next;
- }
- (*cache->free)(p->payload);
- util_ald_free(p);
- cache->numentries--;
-}
-
-char *util_ald_cache_display_stats(apr_pool_t *p, util_ald_cache_t *cache, char *name)
-{
- int i;
- int totchainlen = 0;
- int nchains = 0;
- double chainlen;
- util_cache_node_t *n;
- char *buf;
-
- if (cache == NULL) {
- return "";
- }
-
- for (i=0; i < cache->size; ++i) {
- if (cache->nodes[i] != NULL) {
- nchains++;
- for (n = cache->nodes[i]; n != NULL; n = n->next)
- totchainlen++;
- }
- }
- chainlen = nchains? (double)totchainlen / (double)nchains : 0;
-
- buf = apr_psprintf(p,
- "<tr valign='top'>"
- "<td nowrap>%s</td>"
- "<td align='right' nowrap>%lu (%.0f%% full)</td>"
- "<td align='right'>%.1f</td>"
- "<td align='right'>%lu/%lu</td>"
- "<td align='right'>%.0f%%</td>"
- "<td align='right'>%lu/%lu</td>",
- name,
- cache->numentries,
- (double)cache->numentries / (double)cache->maxentries * 100.0,
- chainlen,
- cache->hits,
- cache->fetches,
- (cache->fetches > 0 ? (double)(cache->hits) / (double)(cache->fetches) * 100.0 : 100.0),
- cache->inserts,
- cache->removes);
-
- if (cache->numpurges) {
- char str_ctime[APR_CTIME_LEN];
-
- apr_ctime(str_ctime, cache->last_purge);
- buf = apr_psprintf(p,
- "%s"
- "<td align='right'>%lu</td>\n"
- "<td align='right' nowrap>%s</td>\n",
- buf,
- cache->numpurges,
- str_ctime);
- }
- else {
- buf = apr_psprintf(p,
- "%s<td colspan='2' align='center'>(none)</td>\n",
- buf);
- }
-
- buf = apr_psprintf(p, "%s<td align='right'>%.2g</td>\n</tr>", buf, cache->avg_purgetime);
-
- return buf;
-}
-
-char *util_ald_cache_display(apr_pool_t *pool)
-{
- int i;
- char *buf, *t1, *t2, *t3;
-
- if (!util_ldap_cache) {
- return "<tr valign='top'><td nowrap colspan=7>Cache has not been enabled/initialised.</td></tr>";
- }
-
- buf = util_ald_cache_display_stats(pool, util_ldap_cache, "LDAP URL Cache");
-
- for (i=0; i < util_ldap_cache->size; ++i) {
- util_cache_node_t *p;
- for (p = util_ldap_cache->nodes[i]; p != NULL; p = p->next) {
- util_url_node_t *n;
-
- n = (util_url_node_t *)p->payload;
-
- t1 = apr_psprintf(pool, "%s (Searches)", n->url);
- t2 = apr_psprintf(pool, "%s (Compares)", n->url);
- t3 = apr_psprintf(pool, "%s (DNCompares)", n->url);
-
- buf = apr_psprintf(pool, "%s\n\n"
- "%s\n\n"
- "%s\n\n"
- "%s\n\n",
- buf,
- util_ald_cache_display_stats(pool, n->search_cache, t1),
- util_ald_cache_display_stats(pool, n->compare_cache, t2),
- util_ald_cache_display_stats(pool, n->dn_compare_cache, t3)
- );
- }
- }
- return buf;
-}
-
-#endif /* APU_HAS_LDAP */
diff --git a/modules/http/http_protocol.c b/modules/http/http_protocol.c
index 3ffe91a91d..4bbcf1562e 100644
--- a/modules/http/http_protocol.c
+++ b/modules/http/http_protocol.c
@@ -794,14 +794,39 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b,
}
else if (lenp) {
const char *pos = lenp;
+ int conversion_error = 0;
+ /* This ensures that the number can not be negative. */
while (apr_isdigit(*pos) || apr_isspace(*pos)) {
++pos;
}
if (*pos == '\0') {
+ char *endstr;
+
+ errno = 0;
ctx->state = BODY_LENGTH;
- ctx->remaining = atol(lenp);
+ ctx->remaining = strtol(lenp, &endstr, 10);
+
+ if (errno || (endstr && *endstr)) {
+ conversion_error = 1;
+ }
+ }
+
+ if (*pos != '\0' || conversion_error) {
+ apr_bucket_brigade *bb;
+
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, f->r,
+ "Invalid Content-Length");
+
+ bb = apr_brigade_create(f->r->pool, f->c->bucket_alloc);
+ e = ap_bucket_error_create(HTTP_REQUEST_ENTITY_TOO_LARGE, NULL,
+ f->r->pool, f->c->bucket_alloc);
+ APR_BRIGADE_INSERT_TAIL(bb, e);
+ e = apr_bucket_eos_create(f->c->bucket_alloc);
+ APR_BRIGADE_INSERT_TAIL(bb, e);
+ ctx->eos_sent = 1;
+ return ap_pass_brigade(f->r->output_filters, bb);
}
/* If we have a limit in effect and we know the C-L ahead of
@@ -1683,17 +1708,28 @@ AP_DECLARE(int) ap_setup_client_block(request_rec *r, int read_policy)
}
else if (lenp) {
const char *pos = lenp;
+ int conversion_error = 0;
while (apr_isdigit(*pos) || apr_isspace(*pos)) {
++pos;
}
- if (*pos != '\0') {
+
+ if (*pos == '\0') {
+ char *endstr;
+
+ errno = 0;
+ r->remaining = strtol(lenp, &endstr, 10);
+
+ if (errno || (endstr && *endstr)) {
+ conversion_error = 1;
+ }
+ }
+
+ if (*pos != '\0' || conversion_error) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "Invalid Content-Length %s", lenp);
+ "Invalid Content-Length");
return HTTP_BAD_REQUEST;
}
-
- r->remaining = atol(lenp);
}
if ((r->read_body == REQUEST_NO_BODY)
@@ -1771,44 +1807,79 @@ static long get_chunk_size(char *b)
* to read past the data provided by the client, since these reads block.
* Returns 0 on End-of-body, -1 on error or premature chunk end.
*
+ * Reading the chunked encoding requires a buffer size large enough to
+ * hold a chunk-size line, including any extensions. For now, we'll leave
+ * that to the caller, at least until we can come up with a better solution.
*/
AP_DECLARE(long) ap_get_client_block(request_rec *r, char *buffer,
apr_size_t bufsiz)
{
+ apr_size_t total;
apr_status_t rv;
- apr_bucket_brigade *bb;
-
- bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
-
- rv = ap_get_brigade(r->input_filters, bb, AP_MODE_READBYTES,
- APR_BLOCK_READ, bufsiz);
-
- /* We lose the failure code here. This is why ap_get_client_block should
- * not be used.
- */
- if (rv != APR_SUCCESS) {
- /* if we actually fail here, we want to just return and
- * stop trying to read data from the client.
- */
- r->connection->keepalive = -1;
- return -1;
+ apr_bucket *b;
+ const char *tempbuf;
+ core_request_config *req_cfg =
+ (core_request_config *)ap_get_module_config(r->request_config,
+ &core_module);
+ apr_bucket_brigade *bb = req_cfg->bb;
+
+ /* read until we get a non-empty brigade */
+ while (APR_BRIGADE_EMPTY(bb)) {
+ if (ap_get_brigade(r->input_filters, bb, AP_MODE_READBYTES,
+ APR_BLOCK_READ, bufsiz) != APR_SUCCESS) {
+ /* if we actually fail here, we want to just return and
+ * stop trying to read data from the client.
+ */
+ r->connection->keepalive = -1;
+ apr_brigade_destroy(bb);
+ return -1;
+ }
}
- /* If this fails, it means that a filter is written incorrectly and that
- * it needs to learn how to properly handle APR_BLOCK_READ requests by
- * returning data when requested.
- */
- AP_DEBUG_ASSERT(!APR_BRIGADE_EMPTY(bb));
-
- rv = apr_brigade_flatten(bb, buffer, &bufsiz);
- if (rv != APR_SUCCESS) {
- return -1;
+ b = APR_BRIGADE_FIRST(bb);
+ if (APR_BUCKET_IS_EOS(b)) { /* reached eos on previous invocation */
+ apr_bucket_delete(b);
+ return 0;
}
- /* XXX yank me? */
- r->read_length += bufsiz;
+ /* ### it would be nice to replace the code below with "consume N bytes
+ ### from this brigade, placing them into that buffer." there are
+ ### other places where we do the same...
+ ###
+ ### alternatively, we could partition the brigade, then call a
+ ### function which serializes a given brigade into a buffer. that
+ ### semantic is used elsewhere, too...
+ */
+
+ total = 0;
+ while (total < bufsiz
+ && b != APR_BRIGADE_SENTINEL(bb)
+ && !APR_BUCKET_IS_EOS(b)) {
+ apr_size_t len_read;
+ apr_bucket *old;
+
+ if ((rv = apr_bucket_read(b, &tempbuf, &len_read,
+ APR_BLOCK_READ)) != APR_SUCCESS) {
+ return -1;
+ }
+ if (total + len_read > bufsiz) {
+ apr_bucket_split(b, bufsiz - total);
+ len_read = bufsiz - total;
+ }
+ memcpy(buffer, tempbuf, len_read);
+ buffer += len_read;
+ total += len_read;
+ /* XXX the next field shouldn't be mucked with here,
+ * as it is in terms of bytes in the unfiltered body;
+ * gotta see if anybody else actually uses it
+ */
+ r->read_length += len_read; /* XXX yank me? */
+ old = b;
+ b = APR_BUCKET_NEXT(b);
+ apr_bucket_delete(old);
+ }
- return bufsiz;
+ return total;
}
/* In HTTP/1.1, any method can have a body. However, most GET handlers
diff --git a/modules/ssl/ssl_engine_pphrase.c b/modules/ssl/ssl_engine_pphrase.c
index 275758e933..f2d4c7584e 100644
--- a/modules/ssl/ssl_engine_pphrase.c
+++ b/modules/ssl/ssl_engine_pphrase.c
@@ -444,8 +444,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
pServ, "Init: Private key not found");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ);
}
- if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN
- || sc->server->pphrase_dialog_type == SSL_PPTYPE_PIPE) {
+ if (writetty) {
apr_file_printf(writetty, "Apache:mod_ssl:Error: Private key not found.\n");
apr_file_printf(writetty, "**Stopped\n");
}
@@ -455,8 +454,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
pServ, "Init: Pass phrase incorrect");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ);
- if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN
- || sc->server->pphrase_dialog_type == SSL_PPTYPE_PIPE) {
+ if (writetty) {
apr_file_printf(writetty, "Apache:mod_ssl:Error: Pass phrase incorrect.\n");
apr_file_printf(writetty, "**Stopped\n");
}
@@ -549,8 +547,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
*/
if (nPassPhraseDialog > 0) {
sc = mySrvConfig(s);
- if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN
- || sc->server->pphrase_dialog_type == SSL_PPTYPE_PIPE) {
+ if (writetty) {
apr_file_printf(writetty, "\n");
apr_file_printf(writetty, "Ok: Pass Phrase Dialog successful.\n");
}
diff --git a/support/dbmmanage b/support/dbmmanage
deleted file mode 100644
index ad9a4aca76..0000000000
--- a/support/dbmmanage
+++ /dev/null
@@ -1,350 +0,0 @@
-#!/usr/bin/perl
-# ====================================================================
-# The Apache Software License, Version 1.1
-#
-# Copyright (c) 2000-2001 The Apache Software Foundation. All rights
-# reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-#
-# 3. The end-user documentation included with the redistribution,
-# if any, must include the following acknowledgment:
-# "This product includes software developed by the
-# Apache Software Foundation (http://www.apache.org/)."
-# Alternately, this acknowledgment may appear in the software itself,
-# if and wherever such third-party acknowledgments normally appear.
-#
-# 4. The names "Apache" and "Apache Software Foundation" must
-# not be used to endorse or promote products derived from this
-# software without prior written permission. For written
-# permission, please contact apache@apache.org.
-#
-# 5. Products derived from this software may not be called "Apache",
-# nor may "Apache" appear in their name, without prior written
-# permission of the Apache Software Foundation.
-#
-# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-# ====================================================================
-#
-# This software consists of voluntary contributions made by many
-# individuals on behalf of the Apache Software Foundation. For more
-# information on the Apache Software Foundation, please see
-# <http://www.apache.org/>.
-#
-
-#for more functionality see the HTTPD::UserAdmin module:
-# http://www.perl.com/CPAN/modules/by-module/HTTPD/HTTPD-Tools-x.xx.tar.gz
-#
-# usage: dbmmanage <DBMfile> <command> <user> <password> <groups> <comment>
-
-package dbmmanage;
-# -ldb -lndbm -lgdbm -lsdbm
-BEGIN { @AnyDBM_File::ISA = qw(DB_File NDBM_File GDBM_File SDBM_File) }
-use strict;
-use Fcntl;
-use AnyDBM_File ();
-
-sub usage {
- my $cmds = join "|", sort keys %dbmc::;
- die <<SYNTAX;
-Usage: dbmmanage [enc] dbname command [username [pw [group[,group] [comment]]]]
-
- where enc is -d for crypt encryption (default except on Win32, Netware)
- -m for MD5 encryption (default on Win32, Netware)
- -s for SHA1 encryption
- -p for plaintext
-
- command is one of: $cmds
-
- pw of . for update command retains the old password
- pw of - (or blank) for update command prompts for the password
-
- groups or comment of . (or blank) for update command retains old values
- groups or comment of - for update command clears the existing value
- groups or comment of - for add and adduser commands is the empty value
-SYNTAX
-}
-
-sub need_sha1_crypt {
- if (!eval ('require "Digest/SHA1.pm";')) {
- print STDERR <<SHAERR;
-dbmmanage SHA1 passwords require the interface or the module Digest::SHA1
-available from CPAN:
-
- http://www.cpan.org/modules/by-module/Digest/Digest-MD5-2.12.tar.gz
-
-Please install Digest::SHA1 and try again, or use a different crypt option:
-
-SHAERR
- usage();
- }
-}
-
-sub need_md5_crypt {
- if (!eval ('require "Crypt/PasswdMD5.pm";')) {
- print STDERR <<MD5ERR;
-dbmmanage MD5 passwords require the module Crypt::PasswdMD5 available from CPAN
-
- http://www.cpan.org/modules/by-module/Crypt/Crypt-PasswdMD5-1.1.tar.gz
-
-Please install Crypt::PasswdMD5 and try again, or use a different crypt option:
-
-MD5ERR
- usage();
- }
-}
-
-# if your osname is in $newstyle_salt, then use new style salt (starts with '_' and contains
-# four bytes of iteration count and four bytes of salt). Otherwise, just use
-# the traditional two-byte salt.
-# see the man page on your system to decide if you have a newer crypt() lib.
-# I believe that 4.4BSD derived systems do (at least BSD/OS 2.0 does).
-# The new style crypt() allows up to 20 characters of the password to be
-# significant rather than only 8.
-#
-my $newstyle_salt_platforms = join '|', qw{bsdos}; #others?
-my $newstyle_salt = $^O =~ /(?:$newstyle_salt_platforms)/;
-
-# Some platforms just can't crypt() for Apache
-#
-my $crypt_not_supported_platforms = join '|', qw{MSWin32 NetWare}; #others?
-my $crypt_not_supported = $^O =~ /(?:$crypt_not_supported_platforms)/;
-
-my $crypt_method = "crypt";
-
-if ($crypt_not_supported) {
- $crypt_method = "md5";
-}
-
-# Some platforms won't jump through our favorite hoops
-#
-my $not_unix_platforms = join '|', qw{MSWin32 NetWare}; #others?
-my $not_unix = $^O =~ /(?:$not_unix_platforms)/;
-
-if ($crypt_not_supported) {
- $crypt_method = "md5";
-}
-
-if (@ARGV[0] eq "-d") {
- shift @ARGV;
- if ($crypt_not_supported) {
- print STDERR
- "Warning: Apache/$^O does not support crypt()ed passwords!\n\n";
- }
- $crypt_method = "crypt";
-}
-
-if (@ARGV[0] eq "-m") {
- shift @ARGV;
- $crypt_method = "md5";
-}
-
-if (@ARGV[0] eq "-p") {
- shift @ARGV;
- if (!$crypt_not_supported) {
- print STDERR
- "Warning: Apache/$^O does not support plaintext passwords!\n\n";
- }
- $crypt_method = "plain";
-}
-
-if (@ARGV[0] eq "-s") {
- shift @ARGV;
- need_sha1_crypt();
- $crypt_method = "sha1";
-}
-
-if ($crypt_method eq "md5") {
- need_md5_crypt();
-}
-
-my($file,$command,$key,$crypted_pwd,$groups,$comment) = @ARGV;
-
-usage() unless $file and $command and defined &{$dbmc::{$command}};
-
-# remove extension if any
-my $chop = join '|', qw{db.? pag dir};
-$file =~ s/\.($chop)$//;
-
-my $is_update = $command eq "update";
-my %DB = ();
-my @range = ();
-my($mode, $flags) = $command =~
- /^(?:view|check)$/ ? (0644, O_RDONLY) : (0644, O_RDWR|O_CREAT);
-
-tie (%DB, "AnyDBM_File", $file, $flags, $mode) || die "Can't tie $file: $!";
-dbmc->$command();
-untie %DB;
-
-
-my $x;
-sub genseed {
- my $psf;
- if ($not_unix) {
- srand (time ^ $$ or time ^ ($$ + ($$ << 15)));
- }
- else {
- for (qw(-xlwwa -le)) {
- `ps $_ 2>/dev/null`;
- $psf = $_, last unless $?;
- }
- srand (time ^ $$ ^ unpack("%L*", `ps $psf | gzip -f`));
- }
- @range = (qw(. /), '0'..'9','a'..'z','A'..'Z');
- $x = int scalar @range;
-}
-
-sub randchar {
- join '', map $range[rand $x], 1..shift||1;
-}
-
-sub saltpw_crypt {
- genseed() unless @range;
- return $newstyle_salt ?
- join '', "_", randchar, "a..", randchar(4) :
- randchar(2);
-}
-
-sub cryptpw_crypt {
- my ($pw, $salt) = @_;
- $salt = saltpw_crypt unless $salt;
- crypt $pw, $salt;
-}
-
-sub saltpw_md5 {
- genseed() unless @range;
- randchar(8);
-}
-
-sub cryptpw_md5 {
- my($pw, $salt) = @_;
- $salt = saltpw_md5 unless $salt;
- Crypt::PasswdMD5::apache_md5_crypt($pw, $salt);
-}
-
-sub cryptpw_sha1 {
- my($pw, $salt) = @_;
- '{SHA}' . Digest::SHA1::sha1_base64($pw) . "=";
-}
-
-sub cryptpw {
- if ($crypt_method eq "md5") {
- return cryptpw_md5(@_);
- } elsif ($crypt_method eq "sha1") {
- return cryptpw_sha1(@_);
- } elsif ($crypt_method eq "crypt") {
- return cryptpw_crypt(@_);
- }
- @_[0]; # otherwise return plaintext
-}
-
-sub getpass {
- my $prompt = shift || "Enter password:";
-
- unless($not_unix) {
- open STDIN, "/dev/tty" or warn "couldn't open /dev/tty $!\n";
- system "stty -echo;";
- }
-
- my($c,$pwd);
- print STDERR $prompt;
- while (($c = getc(STDIN)) ne '' and $c ne "\n" and $c ne "\r") {
- $pwd .= $c;
- }
-
- system "stty echo" unless $not_unix;
- print STDERR "\n";
- die "Can't use empty password!\n" unless length $pwd;
- return $pwd;
-}
-
-sub dbmc::update {
- die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
- $crypted_pwd = (split /:/, $DB{$key}, 3)[0] if $crypted_pwd eq '.';
- $groups = (split /:/, $DB{$key}, 3)[1] if !$groups || $groups eq '.';
- $comment = (split /:/, $DB{$key}, 3)[2] if !$comment || $comment eq '.';
- if (!$crypted_pwd || $crypted_pwd eq '-') {
- dbmc->adduser;
- }
- else {
- dbmc->add;
- }
-}
-
-sub dbmc::add {
- die "Can't use empty password!\n" unless $crypted_pwd;
- unless($is_update) {
- die "Sorry, user `$key' already exists!\n" if $DB{$key};
- }
- $groups = '' if $groups eq '-';
- $comment = '' if $comment eq '-';
- $groups .= ":" . $comment if $comment;
- $crypted_pwd .= ":" . $groups if $groups;
- $DB{$key} = $crypted_pwd;
- my $action = $is_update ? "updated" : "added";
- print "User $key $action with password encrypted to $DB{$key} using $crypt_method\n";
-}
-
-sub dbmc::adduser {
- my $value = getpass "New password:";
- die "They don't match, sorry.\n" unless getpass("Re-type new password:") eq $value;
- $crypted_pwd = cryptpw $value;
- dbmc->add;
-}
-
-sub dbmc::delete {
- die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
- delete $DB{$key}, print "`$key' deleted\n";
-}
-
-sub dbmc::view {
- print $key ? "$key:$DB{$key}\n" : map { "$_:$DB{$_}\n" if $DB{$_} } keys %DB;
-}
-
-sub dbmc::check {
- die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
- my $chkpass = (split /:/, $DB{$key}, 3)[0];
- my $testpass = getpass();
- if (substr($chkpass, 0, 6) eq '$apr1$') {
- need_md5_crypt;
- $crypt_method = "md5";
- } elsif (substr($chkpass, 0, 5) eq '{SHA}') {
- need_sha1_crypt;
- $crypt_method = "sha1";
- } elsif (length($chkpass) == 13 && $chkpass ne $testpass) {
- $crypt_method = "crypt";
- } else {
- $crypt_method = "plain";
- }
- print $crypt_method . (cryptpw($testpass, $chkpass) eq $chkpass
- ? " password ok\n" : " password mismatch\n");
-}
-
-sub dbmc::import {
- while(defined($_ = <STDIN>) and chomp) {
- ($key,$crypted_pwd,$groups,$comment) = split /:/, $_, 4;
- dbmc->add;
- }
-}
-
diff --git a/support/htpasswd.c b/support/htpasswd.c
index 3e622e5401..c2e374dde3 100644
--- a/support/htpasswd.c
+++ b/support/htpasswd.c
@@ -134,9 +134,9 @@
#define ERR_OVERFLOW 5
#define ERR_BADUSER 6
-#define NEWFILE 1
-#define NOFILE 2
-#define NONINTERACTIVE 4
+#define APHTP_NEWFILE 1
+#define APHTP_NOFILE 2
+#define APHTP_NONINTERACTIVE 4
apr_file_t *errfile;
apr_file_t *ftemp = NULL;
@@ -347,10 +347,10 @@ static void check_args(apr_pool_t *pool, int argc, const char *const argv[],
}
while (*++arg != '\0') {
if (*arg == 'c') {
- *mask |= NEWFILE;
+ *mask |= APHTP_NEWFILE;
}
else if (*arg == 'n') {
- *mask |= NOFILE;
+ *mask |= APHTP_NOFILE;
args_left--;
}
else if (*arg == 'm') {
@@ -366,7 +366,7 @@ static void check_args(apr_pool_t *pool, int argc, const char *const argv[],
*alg = ALG_CRYPT;
}
else if (*arg == 'b') {
- *mask |= NONINTERACTIVE;
+ *mask |= APHTP_NONINTERACTIVE;
args_left++;
}
else {
@@ -375,7 +375,7 @@ static void check_args(apr_pool_t *pool, int argc, const char *const argv[],
}
}
- if (*mask & (NEWFILE & NOFILE)) {
+ if (*mask & (APHTP_NEWFILE | APHTP_NOFILE)) {
apr_file_printf(errfile, "%s: -c and -n options conflict\n", argv[0]);
exit(ERR_SYNTAX);
}
@@ -388,7 +388,7 @@ static void check_args(apr_pool_t *pool, int argc, const char *const argv[],
usage();
}
- if (*mask & NOFILE) {
+ if (*mask & APHTP_NOFILE) {
i--;
}
else {
@@ -398,7 +398,7 @@ static void check_args(apr_pool_t *pool, int argc, const char *const argv[],
}
*pwfilename = apr_pstrdup(pool, argv[i]);
if (strlen(argv[i + 1]) > (MAX_STRING_LEN - 1)) {
- apr_file_printf(errfile, "%s: username too long (>%" APR_SIZE_T_FMT ")\n",
+ apr_file_printf(errfile, "%s: username too long (> %d)\n",
argv[0], MAX_STRING_LEN - 1);
exit(ERR_OVERFLOW);
}
@@ -409,9 +409,9 @@ static void check_args(apr_pool_t *pool, int argc, const char *const argv[],
argv[0], *arg);
exit(ERR_BADUSER);
}
- if (*mask & NONINTERACTIVE) {
+ if (*mask & APHTP_NONINTERACTIVE) {
if (strlen(argv[i + 2]) > (MAX_STRING_LEN - 1)) {
- apr_file_printf(errfile, "%s: password too long (>%" APR_SIZE_T_FMT ")\n",
+ apr_file_printf(errfile, "%s: password too long (> %d)\n",
argv[0], MAX_STRING_LEN);
exit(ERR_OVERFLOW);
}
@@ -486,14 +486,14 @@ int main(int argc, const char * const argv[])
"just not work on this platform.\n");
}
#endif
- if (! mask & NOFILE) {
+ if (! mask & APHTP_NOFILE) {
/*
* Only do the file checks if we're supposed to frob it.
*
* Verify that the file exists if -c was omitted. We give a special
* message if it doesn't.
*/
- if ((! mask & NEWFILE) && (! exists(pwfilename, pool))) {
+ if ((! mask & APHTP_NEWFILE) && (! exists(pwfilename, pool))) {
apr_file_printf(errfile,
"%s: cannot modify file %s; use '-c' to create it\n",
argv[0], pwfilename);
@@ -504,7 +504,7 @@ int main(int argc, const char * const argv[])
* Verify that we can read the existing file in the case of an update
* to it (rather than creation of a new one).
*/
- if ((! mask & NEWFILE) && (! readable(pool, pwfilename))) {
+ if ((! mask & APHTP_NEWFILE) && (! readable(pool, pwfilename))) {
apr_file_printf(errfile, "%s: cannot open file %s for read access\n",
argv[0], pwfilename);
perror("apr_file_open");
@@ -514,7 +514,7 @@ int main(int argc, const char * const argv[])
* Now check to see if we can preserve an existing file in case
* of password verification errors on a -c operation.
*/
- if ((mask & NEWFILE) && exists(pwfilename, pool) &&
+ if ((mask & APHTP_NEWFILE) && exists(pwfilename, pool) &&
(! readable(pool, pwfilename))) {
apr_file_printf(errfile, "%s: cannot open file %s for read access\n"
"%s: existing auth data would be lost on "
@@ -547,7 +547,7 @@ int main(int argc, const char * const argv[])
apr_file_printf(errfile, "%s: %s\n", argv[0], record);
exit(i);
}
- if (mask & NOFILE) {
+ if (mask & APHTP_NOFILE) {
printf("%s\n", record);
exit(0);
}
diff --git a/support/log_server_status b/support/log_server_status
deleted file mode 100644
index e32280c912..0000000000
--- a/support/log_server_status
+++ /dev/null
@@ -1,114 +0,0 @@
-#!/usr/bin/perl
-# ====================================================================
-# The Apache Software License, Version 1.1
-#
-# Copyright (c) 2000-2001 The Apache Software Foundation. All rights
-# reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-#
-# 3. The end-user documentation included with the redistribution,
-# if any, must include the following acknowledgment:
-# "This product includes software developed by the
-# Apache Software Foundation (http://www.apache.org/)."
-# Alternately, this acknowledgment may appear in the software itself,
-# if and wherever such third-party acknowledgments normally appear.
-#
-# 4. The names "Apache" and "Apache Software Foundation" must
-# not be used to endorse or promote products derived from this
-# software without prior written permission. For written
-# permission, please contact apache@apache.org.
-#
-# 5. Products derived from this software may not be called "Apache",
-# nor may "Apache" appear in their name, without prior written
-# permission of the Apache Software Foundation.
-#
-# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-# ====================================================================
-#
-# This software consists of voluntary contributions made by many
-# individuals on behalf of the Apache Software Foundation. For more
-# information on the Apache Software Foundation, please see
-# <http://www.apache.org/>.
-#
-# Log Server Status
-# Mark J Cox, UK Web Ltd 1996, mark@ukweb.com
-#
-# This script is designed to be run at a frequent interval by something
-# like cron. It connects to the server and downloads the status
-# information. It reformats the information to a single line and logs
-# it to a file. Make sure the directory $wherelog is writable by the
-# user who runs this script.
-#
-require 'sys/socket.ph';
-
-$wherelog = "/var/log/graph/"; # Logs will be like "/var/log/graph/19960312"
-$server = "localhost"; # Name of server, could be "www.foo.com"
-$port = "80"; # Port on server
-$request = "/status/?auto"; # Request to send
-
-sub tcp_connect
-{
- local($host,$port) =@_;
- $sockaddr='S n a4 x8';
- chop($hostname=`hostname`);
- $port=(getservbyname($port, 'tcp'))[2] unless $port =~ /^\d+$/;
- $me=pack($sockaddr,&AF_INET,0,(gethostbyname($hostname))[4]);
- $them=pack($sockaddr,&AF_INET,$port,(gethostbyname($host))[4]);
- socket(S,&PF_INET,&SOCK_STREAM,(getprotobyname('tcp'))[2]) ||
- die "socket: $!";
- bind(S,$me) || return "bind: $!";
- connect(S,$them) || return "connect: $!";
- select(S);
- $| = 1;
- select(stdout);
- return "";
-}
-
-### Main
-
-{
- $year=`date +%y`;
- chomp($year);
- $year += ($year < 70) ? 2000 : 1900;
- $date = $year . `date +%m%d:%H%M%S`;
- chomp($date);
- ($day,$time)=split(/:/,$date);
- $res=&tcp_connect($server,$port);
- open(OUT,">>$wherelog$day");
- if ($res) {
- print OUT "$time:-1:-1:-1:-1:$res\n";
- exit 1;
- }
- print S "GET $request\n";
- while (<S>) {
- $requests=$1 if ( m|^BusyServers:\ (\S+)|);
- $idle=$1 if ( m|^IdleServers:\ (\S+)|);
- $number=$1 if ( m|sses:\ (\S+)|);
- $cpu=$1 if (m|^CPULoad:\ (\S+)|);
- }
- print OUT "$time:$requests:$idle:$number:$cpu\n";
-}
-
-
diff --git a/support/logresolve.pl b/support/logresolve.pl
deleted file mode 100644
index ab5a7322ab..0000000000
--- a/support/logresolve.pl
+++ /dev/null
@@ -1,261 +0,0 @@
-#!/usr/bin/perl
-# ====================================================================
-# The Apache Software License, Version 1.1
-#
-# Copyright (c) 2000-2001 The Apache Software Foundation. All rights
-# reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-#
-# 3. The end-user documentation included with the redistribution,
-# if any, must include the following acknowledgment:
-# "This product includes software developed by the
-# Apache Software Foundation (http://www.apache.org/)."
-# Alternately, this acknowledgment may appear in the software itself,
-# if and wherever such third-party acknowledgments normally appear.
-#
-# 4. The names "Apache" and "Apache Software Foundation" must
-# not be used to endorse or promote products derived from this
-# software without prior written permission. For written
-# permission, please contact apache@apache.org.
-#
-# 5. Products derived from this software may not be called "Apache",
-# nor may "Apache" appear in their name, without prior written
-# permission of the Apache Software Foundation.
-#
-# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-# ====================================================================
-#
-# This software consists of voluntary contributions made by many
-# individuals on behalf of the Apache Software Foundation. For more
-# information on the Apache Software Foundation, please see
-# <http://www.apache.org/>.
-#
-# logresolve.pl
-#
-# v 1.2 by robh @ imdb.com
-#
-# usage: logresolve.pl <infile >outfile
-#
-# input = Apache/NCSA/.. logfile with IP numbers at start of lines
-# output = same logfile with IP addresses resolved to hostnames where
-# name lookups succeeded.
-#
-# this differs from the C based 'logresolve' in that this script
-# spawns a number ($CHILDREN) of subprocesses to resolve addresses
-# concurrently and sets a short timeout ($TIMEOUT) for each lookup in
-# order to keep things moving quickly.
-#
-# the parent process handles caching of IP->hostnames using a Perl hash
-# it also avoids sending the same IP to multiple child processes to be
-# resolved multiple times concurrently.
-#
-# Depending on the settings of $CHILDREN and $TIMEOUT you should see
-# significant reductions in the overall time taken to resolve your
-# logfiles. With $CHILDREN=40 and $TIMEOUT=5 I've seen 200,000 - 300,000
-# logfile lines processed per hour compared to ~45,000 per hour
-# with 'logresolve'.
-#
-# I haven't yet seen any noticable reduction in the percentage of IPs
-# that fail to get resolved. Your mileage will no doubt vary. 5s is long
-# enough to wait IMO.
-#
-# Known to work with FreeBSD 2.2
-# Known to have problems with Solaris
-#
-# 980417 - use 'sockaddr_un' for bind/connect to make the script work
-# with linux. Fix from Luuk de Boer <luuk_de_boer@pi.net>
-
-require 5.004;
-
-$|=1;
-
-use FileHandle;
-use Socket;
-
-use strict;
-no strict 'refs';
-
-use vars qw($PROTOCOL);
-$PROTOCOL = 0;
-
-my $CHILDREN = 40;
-my $TIMEOUT = 5;
-
-my $filename;
-my %hash = ();
-my $parent = $$;
-
-my @children = ();
-for (my $child = 1; $child <=$CHILDREN; $child++) {
- my $f = fork();
- if (!$f) {
- $filename = "./.socket.$parent.$child";
- if (-e $filename) { unlink($filename) || warn "$filename .. $!\n";}
- &child($child);
- exit(0);
- }
- push(@children, $f);
-}
-
-&parent;
-&cleanup;
-
-## remove all temporary files before shutting down
-sub cleanup {
- # die kiddies, die
- kill(15, @children);
- for (my $child = 1; $child <=$CHILDREN; $child++) {
- if (-e "./.socket.$parent.$child") {
- unlink("./.socket.$parent.$child")
- || warn ".socket.$parent.$child $!";
- }
- }
-}
-
-sub parent {
- # Trap some possible signals to trigger temp file cleanup
- $SIG{'KILL'} = $SIG{'INT'} = $SIG{'PIPE'} = \&cleanup;
-
- my %CHILDSOCK;
- my $filename;
-
- ## fork child processes. Each child will create a socket connection
- ## to this parent and use an unique temp filename to do so.
- for (my $child = 1; $child <=$CHILDREN; $child++) {
- $CHILDSOCK{$child}= FileHandle->new;
-
- if (!socket($CHILDSOCK{$child}, AF_UNIX, SOCK_STREAM, $PROTOCOL)) {
- warn "parent socket to child failed $!";
- }
- $filename = "./.socket.$parent.$child";
- my $response;
- do {
- $response = connect($CHILDSOCK{$child}, sockaddr_un($filename));
- if ($response != 1) {
- sleep(1);
- }
- } while ($response != 1);
- $CHILDSOCK{$child}->autoflush;
- }
- ## All child processes should now be ready or at worst warming up
-
- my (@buffer, $child, $ip, $rest, $hostname, $response);
- ## read the logfile lines from STDIN
- while(<STDIN>) {
- @buffer = (); # empty the logfile line buffer array.
- $child = 1; # children are numbered 1..N, start with #1
-
- # while we have a child to talk to and data to give it..
- do {
- push(@buffer, $_); # buffer the line
- ($ip, $rest) = split(/ /, $_, 2); # separate IP form rest
-
- unless ($hash{$ip}) { # resolve if unseen IP
- $CHILDSOCK{$child}->print("$ip\n"); # pass IP to next child
- $hash{$ip} = $ip; # don't look it up again.
- $child++;
- }
- } while (($child < ($CHILDREN-1)) and ($_ = <STDIN>));
-
- ## now poll each child for a response
- while (--$child > 0) {
- $response = $CHILDSOCK{$child}->getline;
- chomp($response);
- # child sends us back both the IP and HOSTNAME, no need for us
- # to remember what child received any given IP, and no worries
- # what order we talk to the children
- ($ip, $hostname) = split(/\|/, $response, 2);
- $hash{$ip} = $hostname;
- }
-
- # resolve all the logfiles lines held in the log buffer array..
- for (my $line = 0; $line <=$#buffer; $line++) {
- # get next buffered line
- ($ip, $rest) = split(/ /, $buffer[$line], 2);
- # separate IP from rest and replace with cached hostname
- printf STDOUT ("%s %s", $hash{$ip}, $rest);
- }
- }
-}
-
-########################################
-
-sub child {
- # arg = numeric ID - how the parent refers to me
- my $me = shift;
-
- # add trap for alarm signals.
- $SIG{'ALRM'} = sub { die "alarmed"; };
-
- # create a socket to communicate with parent
- socket(INBOUND, AF_UNIX, SOCK_STREAM, $PROTOCOL)
- || die "Error with Socket: !$\n";
- $filename = "./.socket.$parent.$me";
- bind(INBOUND, sockaddr_un($filename))
- || die "Error Binding $filename: $!\n";
- listen(INBOUND, 5) || die "Error Listening: $!\n";
-
- my ($ip, $send_back);
- my $talk = FileHandle->new;
-
- # accept a connection from the parent process. We only ever have
- # have one connection where we exchange 1 line of info with the
- # parent.. 1 line in (IP address), 1 line out (IP + hostname).
- accept($talk, INBOUND) || die "Error Accepting: $!\n";
- # disable I/O buffering just in case
- $talk->autoflush;
- # while the parent keeps sending data, we keep responding..
- while(($ip = $talk->getline)) {
- chomp($ip);
- # resolve the IP if time permits and send back what we found..
- $send_back = sprintf("%s|%s", $ip, &nslookup($ip));
- $talk->print($send_back."\n");
- }
-}
-
-# perform a time restricted hostname lookup.
-sub nslookup {
- # get the IP as an arg
- my $ip = shift;
- my $hostname = undef;
-
- # do the hostname lookup inside an eval. The eval will use the
- # already configured SIGnal handler and drop out of the {} block
- # regardless of whether the alarm occured or not.
- eval {
- alarm($TIMEOUT);
- $hostname = gethostbyaddr(gethostbyname($ip), AF_INET);
- alarm(0);
- };
- if ($@ =~ /alarm/) {
- # useful for debugging perhaps..
- # print "alarming, isn't it? ($ip)";
- }
-
- # return the hostname or the IP address itself if there is no hostname
- $hostname ne "" ? $hostname : $ip;
-}
-
-
diff --git a/support/phf_abuse_log.cgi b/support/phf_abuse_log.cgi
deleted file mode 100644
index 87543ce5f4..0000000000
--- a/support/phf_abuse_log.cgi
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/usr/bin/perl
-
-# This script is used to detect people trying to abuse the security hole which
-# existed in A CGI script direstributed with Apache 1.0.3 and earlier versions.
-# You can redirect them to here using the "<Location /cgi-bin/phf*>" suggestion
-# in httpd.conf.
-#
-# The format logged to is
-# "[date] remote_addr remote_host [date] referrer user_agent".
-
-$LOG = "/var/log/phf_log";
-
-require "ctime.pl";
-$when = &ctime(time);
-$when =~ s/\n//go;
-$ENV{HTTP_USER_AGENT} .= " via $ENV{HTTP_VIA}" if($ENV{HTTP_VIA});
-
-open(LOG, ">>$LOG") || die "boo hoo, phf_log $!";
-print LOG "[$when] $ENV{REMOTE_ADDR} $ENV{REMOTE_HOST} $ENV{$HTTP_REFERER} $ENV{HTTP_USER_AGENT}\n";
-close(LOG);
-
-print "Content-type: text/html\r\n\r\n<BLINK>Smile, you're on Candid Camera.</BLINK>\n";
diff --git a/support/split-logfile b/support/split-logfile
deleted file mode 100644
index c0f34861aa..0000000000
--- a/support/split-logfile
+++ /dev/null
@@ -1,98 +0,0 @@
-#!/usr/bin/perl
-# ====================================================================
-# The Apache Software License, Version 1.1
-#
-# Copyright (c) 2000-2001 The Apache Software Foundation. All rights
-# reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-#
-# 3. The end-user documentation included with the redistribution,
-# if any, must include the following acknowledgment:
-# "This product includes software developed by the
-# Apache Software Foundation (http://www.apache.org/)."
-# Alternately, this acknowledgment may appear in the software itself,
-# if and wherever such third-party acknowledgments normally appear.
-#
-# 4. The names "Apache" and "Apache Software Foundation" must
-# not be used to endorse or promote products derived from this
-# software without prior written permission. For written
-# permission, please contact apache@apache.org.
-#
-# 5. Products derived from this software may not be called "Apache",
-# nor may "Apache" appear in their name, without prior written
-# permission of the Apache Software Foundation.
-#
-# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-# ====================================================================
-#
-# This software consists of voluntary contributions made by many
-# individuals on behalf of the Apache Software Foundation. For more
-# information on the Apache Software Foundation, please see
-# <http://www.apache.org/>.
-
-# This script will take a combined Web server access
-# log file and break its contents into separate files.
-# It assumes that the first field of each line is the
-# virtual host identity (put there by "%v"), and that
-# the logfiles should be named that+".log" in the current
-# directory.
-#
-# The combined log file is read from stdin. Records read
-# will be appended to any existing log files.
-#
-%is_open = ();
-
-while ($log_line = <STDIN>) {
- #
- # Get the first token from the log record; it's the
- # identity of the virtual host to which the record
- # applies.
- #
- ($vhost) = split (/\s/, $log_line);
- #
- # Normalize the virtual host name to all lowercase.
- # If it's blank, the request was handled by the default
- # server, so supply a default name. This shouldn't
- # happen, but caution rocks.
- #
- $vhost = lc ($vhost) or "access";
- #
- # If the log file for this virtual host isn't opened
- # yet, do it now.
- #
- if (! $is_open{$vhost}) {
- open $vhost, ">>${vhost}.log"
- or die ("Can't open ${vhost}.log");
- $is_open{$vhost} = 1;
- }
- #
- # Strip off the first token (which may be null in the
- # case of the default server), and write the edited
- # record to the current log file.
- #
- $log_line =~ s/^\S*\s+//;
- printf $vhost "%s", $log_line;
-}
-exit 0;
diff --git a/support/win32/ApacheMonitor.rc b/support/win32/ApacheMonitor.rc
index 28b612b2c9..73c6eafeb8 100644
--- a/support/win32/ApacheMonitor.rc
+++ b/support/win32/ApacheMonitor.rc
@@ -80,12 +80,13 @@ BEGIN
LBS_DISABLENOSCROLL | WS_VSCROLL | WS_TABSTOP
LISTBOX IDL_STDOUT,2,124,285,51,LBS_NOINTEGRALHEIGHT |
LBS_DISABLENOSCROLL | LBS_NOSEL | WS_VSCROLL
- PUSHBUTTON "&Start",IDC_SSTART,298,75,50,14
- PUSHBUTTON "S&top",IDC_SSTOP,298,91,50,14
- PUSHBUTTON "&Restart",IDC_SRESTART,298,107,50,14
- PUSHBUTTON "Ser&vices",IDC_SMANAGER,298,123,50,14
+ PUSHBUTTON "&Start",IDC_SSTART,298,65,50,14
+ PUSHBUTTON "S&top",IDC_SSTOP,298,81,50,14
+ PUSHBUTTON "&Restart",IDC_SRESTART,298,97,50,14
+ PUSHBUTTON "Ser&vices",IDC_SMANAGER,298,113,50,14
CONTROL IDB_BMPHEADER,IDC_STATIC,"Static",SS_BITMAP,0,0,349,38
- PUSHBUTTON "&Connect",IDC_SCONNECT,298,139,50,14
+ PUSHBUTTON "&Connect",IDC_SCONNECT,298,129,50,14
+ PUSHBUTTON "&Disconnect",IDC_SDISCONN,298,145,50,14
PUSHBUTTON "E&xit",IDC_SEXIT,298,161,50,14
END