diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-25 04:41:27 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-25 04:41:27 +0000 |
commit | c54018b07a9085c0a3aedbc2bd01a85a3b3e20cf (patch) | |
tree | f6e1d6fcf9f6db3794c418b2f89ecf9e08ff41c8 /include | |
parent | Adding debian version 2.4.38-3+deb10u10. (diff) | |
download | apache2-c54018b07a9085c0a3aedbc2bd01a85a3b3e20cf.tar.xz apache2-c54018b07a9085c0a3aedbc2bd01a85a3b3e20cf.zip |
Merging upstream version 2.4.59.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | include/ap_config_auto.h.in | 194 | ||||
-rw-r--r-- | include/ap_expr.h | 4 | ||||
-rw-r--r-- | include/ap_mmn.h | 79 | ||||
-rw-r--r-- | include/ap_mpm.h | 103 | ||||
-rw-r--r-- | include/ap_regex.h | 23 | ||||
-rw-r--r-- | include/ap_release.h | 4 | ||||
-rw-r--r-- | include/http_config.h | 43 | ||||
-rw-r--r-- | include/http_connection.h | 15 | ||||
-rw-r--r-- | include/http_core.h | 61 | ||||
-rw-r--r-- | include/http_protocol.h | 104 | ||||
-rw-r--r-- | include/http_request.h | 22 | ||||
-rw-r--r-- | include/http_ssl.h | 317 | ||||
-rw-r--r-- | include/http_vhost.h | 13 | ||||
-rw-r--r-- | include/httpd.h | 279 | ||||
-rw-r--r-- | include/mod_auth.h | 2 | ||||
-rw-r--r-- | include/mpm_common.h | 9 | ||||
-rw-r--r-- | include/scoreboard.h | 9 | ||||
-rw-r--r-- | include/util_fcgi.h | 2 | ||||
-rw-r--r-- | include/util_ldap.h | 3 | ||||
-rw-r--r-- | include/util_script.h | 2 | ||||
-rw-r--r-- | include/util_time.h | 4 |
21 files changed, 1169 insertions, 123 deletions
diff --git a/include/ap_config_auto.h.in b/include/ap_config_auto.h.in index ff93e54..b4de75a 100644 --- a/include/ap_config_auto.h.in +++ b/include/ap_config_auto.h.in @@ -52,15 +52,18 @@ /* Using autoconf to configure Apache */ #undef AP_USING_AUTOCONF -/* Define to 1 if you have the `arc4random_buf' function. */ +/* Define to 1 if you have the 'arc4random_buf' function. */ #undef HAVE_ARC4RANDOM_BUF -/* Define to 1 if you have the `bindprocessor' function. */ +/* Define to 1 if you have the 'bindprocessor' function. */ #undef HAVE_BINDPROCESSOR /* Define to 1 if you have the <bstring.h> header file. */ #undef HAVE_BSTRING_H +/* Define if crypt() supports SHA-2 hashes */ +#undef HAVE_CRYPT_SHA2 + /* Define if curl is available */ #undef HAVE_CURL @@ -73,31 +76,31 @@ /* Define to 1 if you have the <distcache/dc_client.h> header file. */ #undef HAVE_DISTCACHE_DC_CLIENT_H -/* Define to 1 if you have the `ENGINE_init' function. */ +/* Define to 1 if you have the 'ENGINE_init' function. */ #undef HAVE_ENGINE_INIT -/* Define to 1 if you have the `ENGINE_load_builtin_engines' function. */ +/* Define to 1 if you have the 'ENGINE_load_builtin_engines' function. */ #undef HAVE_ENGINE_LOAD_BUILTIN_ENGINES -/* Define to 1 if you have the `epoll_create' function. */ +/* Define to 1 if you have the 'epoll_create' function. */ #undef HAVE_EPOLL_CREATE -/* Define to 1 if you have the `fopen64' function. */ +/* Define to 1 if you have the 'fopen64' function. */ #undef HAVE_FOPEN64 -/* Define to 1 if you have the `getgrnam' function. */ +/* Define to 1 if you have the 'getgrnam' function. */ #undef HAVE_GETGRNAM -/* Define to 1 if you have the `getloadavg' function. */ +/* Define to 1 if you have the 'getloadavg' function. */ #undef HAVE_GETLOADAVG -/* Define to 1 if you have the `getpgid' function. */ +/* Define to 1 if you have the 'getpgid' function. */ #undef HAVE_GETPGID -/* Define to 1 if you have the `getpwnam' function. */ +/* Define to 1 if you have the 'getpwnam' function. */ #undef HAVE_GETPWNAM -/* Define if you have gettid() */ +/* Define to 1 if you have the 'gettid' function. */ #undef HAVE_GETTID /* Define if struct tm has a tm_gmtoff field */ @@ -106,7 +109,7 @@ /* Define to 1 if you have the <grp.h> header file. */ #undef HAVE_GRP_H -/* Define to 1 if you have the `initgroups' function. */ +/* Define to 1 if you have the 'initgroups' function. */ #undef HAVE_INITGROUPS /* Define to 1 if you have the <inttypes.h> header file. */ @@ -115,17 +118,17 @@ /* Define if jansson is available */ #undef HAVE_JANSSON -/* Define to 1 if you have the `killpg' function. */ +/* Define to 1 if you have the 'killpg' function. */ #undef HAVE_KILLPG -/* Define to 1 if you have the `kqueue' function. */ +/* Define to 1 if you have the 'kqueue' function. */ #undef HAVE_KQUEUE /* Define to 1 if you have the <limits.h> header file. */ #undef HAVE_LIMITS_H -/* Define to 1 if you have the <memory.h> header file. */ -#undef HAVE_MEMORY_H +/* Define to 1 if you have the <minix/config.h> header file. */ +#undef HAVE_MINIX_CONFIG_H /* Define if nghttp2 is available */ #undef HAVE_NGHTTP2 @@ -133,22 +136,31 @@ /* Define to 1 if you have the <nghttp2/nghttp2.h> header file. */ #undef HAVE_NGHTTP2_NGHTTP2_H +/* Define to 1 if you have the 'nghttp2_option_set_no_closed_streams' + function. */ +#undef HAVE_NGHTTP2_OPTION_SET_NO_CLOSED_STREAMS + +/* Define to 1 if you have the + 'nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation' + function. */ +#undef HAVE_NGHTTP2_OPTION_SET_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION + /* Define to 1 if you have the - `nghttp2_session_callbacks_set_on_invalid_header_callback' function. */ + 'nghttp2_session_callbacks_set_on_invalid_header_callback' function. */ #undef HAVE_NGHTTP2_SESSION_CALLBACKS_SET_ON_INVALID_HEADER_CALLBACK -/* Define to 1 if you have the `nghttp2_session_change_stream_priority' +/* Define to 1 if you have the 'nghttp2_session_change_stream_priority' function. */ #undef HAVE_NGHTTP2_SESSION_CHANGE_STREAM_PRIORITY -/* Define to 1 if you have the `nghttp2_session_get_stream_local_window_size' +/* Define to 1 if you have the 'nghttp2_session_get_stream_local_window_size' function. */ #undef HAVE_NGHTTP2_SESSION_GET_STREAM_LOCAL_WINDOW_SIZE -/* Define to 1 if you have the `nghttp2_session_server_new2' function. */ +/* Define to 1 if you have the 'nghttp2_session_server_new2' function. */ #undef HAVE_NGHTTP2_SESSION_SERVER_NEW2 -/* Define to 1 if you have the `nghttp2_stream_get_weight' function. */ +/* Define to 1 if you have the 'nghttp2_stream_get_weight' function. */ #undef HAVE_NGHTTP2_STREAM_GET_WEIGHT /* Define if OpenSSL is available */ @@ -157,33 +169,45 @@ /* Define to 1 if you have the <openssl/engine.h> header file. */ #undef HAVE_OPENSSL_ENGINE_H -/* Define to 1 if you have the `port_create' function. */ +/* Define to 1 if you have the 'OPENSSL_init_ssl' function. */ +#undef HAVE_OPENSSL_INIT_SSL + +/* Detected PCRE2 */ +#undef HAVE_PCRE2 + +/* Define to 1 if you have the 'port_create' function. */ #undef HAVE_PORT_CREATE -/* Define to 1 if you have the `prctl' function. */ +/* Define to 1 if you have the 'prctl' function. */ #undef HAVE_PRCTL /* Define to 1 if you have the <priv.h> header file. */ #undef HAVE_PRIV_H -/* Define to 1 if you have the `pthread_kill' function. */ +/* Define to 1 if you have the 'pthread_kill' function. */ #undef HAVE_PTHREAD_KILL /* Define to 1 if you have the <pwd.h> header file. */ #undef HAVE_PWD_H -/* Define to 1 if you have the `RAND_egd' function. */ +/* Define to 1 if you have the 'RAND_egd' function. */ #undef HAVE_RAND_EGD -/* Define to 1 if you have the `setsid' function. */ +/* Define if rustls is available */ +#undef HAVE_RUSTLS + +/* Define to 1 if you have the 'setsid' function. */ #undef HAVE_SETSID -/* Define to 1 if you have the `SSL_CTX_new' function. */ +/* Define to 1 if you have the 'SSL_CTX_new' function. */ #undef HAVE_SSL_CTX_NEW /* Define to 1 if you have the <stdint.h> header file. */ #undef HAVE_STDINT_H +/* Define to 1 if you have the <stdio.h> header file. */ +#undef HAVE_STDIO_H + /* Define to 1 if you have the <stdlib.h> header file. */ #undef HAVE_STDLIB_H @@ -193,9 +217,18 @@ /* Define to 1 if you have the <string.h> header file. */ #undef HAVE_STRING_H -/* Define to 1 if you have the `syslog' function. */ +/* Define to 1 if you have the 'syslog' function. */ #undef HAVE_SYSLOG +/* Define if systemd is supported */ +#undef HAVE_SYSTEMD + +/* Define to 1 if you have the <systemd/sd-daemon.h> header file. */ +#undef HAVE_SYSTEMD_SD_DAEMON_H + +/* Define if you have gettid() via syscall() */ +#undef HAVE_SYS_GETTID + /* Define to 1 if you have the <sys/ipc.h> header file. */ #undef HAVE_SYS_IPC_H @@ -235,18 +268,21 @@ /* Define to 1 if you have <sys/wait.h> that is POSIX.1 compatible. */ #undef HAVE_SYS_WAIT_H -/* Define to 1 if you have the `timegm' function. */ +/* Define to 1 if you have the 'timegm' function. */ #undef HAVE_TIMEGM -/* Define to 1 if you have the `times' function. */ +/* Define to 1 if you have the 'times' function. */ #undef HAVE_TIMES /* Define to 1 if you have the <unistd.h> header file. */ #undef HAVE_UNISTD_H -/* Define to 1 if you have the `vsyslog' function. */ +/* Define to 1 if you have the 'vsyslog' function. */ #undef HAVE_VSYSLOG +/* Define to 1 if you have the <wchar.h> header file. */ +#undef HAVE_WCHAR_H + /* Root directory of the Apache install area */ #undef HTTPD_ROOT @@ -274,45 +310,107 @@ /* This platform doesn't suffer from the thundering herd problem */ #undef SINGLE_LISTEN_UNSERIALIZED_ACCEPT -/* Define to 1 if you have the ANSI C header files. */ +/* Define to 1 if all of the C89 standard headers exist (not just the ones + required in a freestanding environment). This macro is provided for + backward compatibility; new code need not use it. */ #undef STDC_HEADERS /* Path to suexec binary */ #undef SUEXEC_BIN -/* Enable extensions on AIX 3, Interix. */ +/* Enable extensions on AIX, Interix, z/OS. */ #ifndef _ALL_SOURCE # undef _ALL_SOURCE #endif +/* Enable general extensions on macOS. */ +#ifndef _DARWIN_C_SOURCE +# undef _DARWIN_C_SOURCE +#endif +/* Enable general extensions on Solaris. */ +#ifndef __EXTENSIONS__ +# undef __EXTENSIONS__ +#endif /* Enable GNU extensions on systems that have them. */ #ifndef _GNU_SOURCE # undef _GNU_SOURCE #endif -/* Enable threading extensions on Solaris. */ +/* Enable X/Open compliant socket functions that do not require linking + with -lxnet on HP-UX 11.11. */ +#ifndef _HPUX_ALT_XOPEN_SOCKET_API +# undef _HPUX_ALT_XOPEN_SOCKET_API +#endif +/* Identify the host operating system as Minix. + This macro does not affect the system headers' behavior. + A future release of Autoconf may stop defining this macro. */ +#ifndef _MINIX +# undef _MINIX +#endif +/* Enable general extensions on NetBSD. + Enable NetBSD compatibility extensions on Minix. */ +#ifndef _NETBSD_SOURCE +# undef _NETBSD_SOURCE +#endif +/* Enable OpenBSD compatibility extensions on NetBSD. + Oddly enough, this does nothing on OpenBSD. */ +#ifndef _OPENBSD_SOURCE +# undef _OPENBSD_SOURCE +#endif +/* Define to 1 if needed for POSIX-compatible behavior. */ +#ifndef _POSIX_SOURCE +# undef _POSIX_SOURCE +#endif +/* Define to 2 if needed for POSIX-compatible behavior. */ +#ifndef _POSIX_1_SOURCE +# undef _POSIX_1_SOURCE +#endif +/* Enable POSIX-compatible threading on Solaris. */ #ifndef _POSIX_PTHREAD_SEMANTICS # undef _POSIX_PTHREAD_SEMANTICS #endif +/* Enable extensions specified by ISO/IEC TS 18661-5:2014. */ +#ifndef __STDC_WANT_IEC_60559_ATTRIBS_EXT__ +# undef __STDC_WANT_IEC_60559_ATTRIBS_EXT__ +#endif +/* Enable extensions specified by ISO/IEC TS 18661-1:2014. */ +#ifndef __STDC_WANT_IEC_60559_BFP_EXT__ +# undef __STDC_WANT_IEC_60559_BFP_EXT__ +#endif +/* Enable extensions specified by ISO/IEC TS 18661-2:2015. */ +#ifndef __STDC_WANT_IEC_60559_DFP_EXT__ +# undef __STDC_WANT_IEC_60559_DFP_EXT__ +#endif +/* Enable extensions specified by C23 Annex F. */ +#ifndef __STDC_WANT_IEC_60559_EXT__ +# undef __STDC_WANT_IEC_60559_EXT__ +#endif +/* Enable extensions specified by ISO/IEC TS 18661-4:2015. */ +#ifndef __STDC_WANT_IEC_60559_FUNCS_EXT__ +# undef __STDC_WANT_IEC_60559_FUNCS_EXT__ +#endif +/* Enable extensions specified by C23 Annex H and ISO/IEC TS 18661-3:2015. */ +#ifndef __STDC_WANT_IEC_60559_TYPES_EXT__ +# undef __STDC_WANT_IEC_60559_TYPES_EXT__ +#endif +/* Enable extensions specified by ISO/IEC TR 24731-2:2010. */ +#ifndef __STDC_WANT_LIB_EXT2__ +# undef __STDC_WANT_LIB_EXT2__ +#endif +/* Enable extensions specified by ISO/IEC 24747:2009. */ +#ifndef __STDC_WANT_MATH_SPEC_FUNCS__ +# undef __STDC_WANT_MATH_SPEC_FUNCS__ +#endif /* Enable extensions on HP NonStop. */ #ifndef _TANDEM_SOURCE # undef _TANDEM_SOURCE #endif -/* Enable general extensions on Solaris. */ -#ifndef __EXTENSIONS__ -# undef __EXTENSIONS__ +/* Enable X/Open extensions. Define to 500 only if necessary + to make mbstate_t available. */ +#ifndef _XOPEN_SOURCE +# undef _XOPEN_SOURCE #endif -/* Define to 1 if on MINIX. */ -#undef _MINIX - -/* Define to 2 if the system does not provide POSIX.1 features except with - this defined. */ -#undef _POSIX_1_SOURCE - -/* Define to 1 if you need to in order for `stat' and other things to work. */ -#undef _POSIX_SOURCE - -/* Define to empty if `const' does not conform to ANSI C. */ +/* Define to empty if 'const' does not conform to ANSI C. */ #undef const /* Define to 'int' if <sys/resource.h> doesn't define it for us */ diff --git a/include/ap_expr.h b/include/ap_expr.h index 55fff36..8e57fcd 100644 --- a/include/ap_expr.h +++ b/include/ap_expr.h @@ -57,7 +57,7 @@ typedef struct { * operators) */ #define AP_EXPR_FLAG_SSL_EXPR_COMPAT 1 -/** Don't add siginificant request headers to the Vary response header */ +/** Don't add significant request headers to the Vary response header */ #define AP_EXPR_FLAG_DONT_VARY 2 /** Don't allow functions/vars that bypass the current request's access * restrictions or would otherwise leak confidential information. @@ -282,7 +282,7 @@ typedef struct { /** Function for looking up the provider function for a variable, operator * or function in an expression. - * @param parms The parameter struct, also determins where the result is + * @param parms The parameter struct, also determines where the result is * stored. * @return OK on success, * !OK on failure, diff --git a/include/ap_mmn.h b/include/ap_mmn.h index 2167baa..6f80ab3 100644 --- a/include/ap_mmn.h +++ b/include/ap_mmn.h @@ -523,7 +523,82 @@ * 20120211.82 (2.4.35-dev) Add optional function declaration for * ap_proxy_balancer_get_best_worker to mod_proxy.h. * 20120211.83 (2.4.35-dev) Add client64 field to worker_score struct - * + * 20120211.84 (2.4.35-dev) Add ap_no2slash_ex() and merge_slashes to + * core_server_conf. + * 20120211.85 (2.4.40-dev) add ap_set_conn_count(). + * 20120211.86 (2.4.40-dev) Add forward_100_continue{,_set} to proxy_dir_conf + * 20120211.87 (2.4.40-dev) Add dav_popen_propdb + * 20120211.88 (2.4.40-dev) Add ap_dir_nofnmatch() and ap_dir_fnmatch(). + * 20120211.89 (2.4.42-dev) Add add dns_pool to proxy_conn_pool and define + * AP_VOLATILIZE_T. + * 20120211.90 (2.4.42-dev) AP_REG_DEFAULT macro in ap_regex.h + * 20120211.91 (2.4.42-dev) Add ap_is_chunked() in httpd.h + * 20120211.92 (2.4.42-dev) AP_REG_NO_DEFAULT macro in ap_regex.h + * 20120211.93 (2.4.44-dev) Add ap_parse_strict_length() + * 20120211.94 (2.4.47-dev) Add ap_proxy_define_match_worker() + * 20120211.95 (2.4.47-dev) Add proxy check_trans hook + * 20120211.96 (2.4.47-dev) Add ap_get_status_line_ex() + * 20120211.97 (2.4.47-dev) Add read_buf_size member to core_dir_config, + * flush_max_threshold and flush_max_pipelined to + * core_server_config, and ap_get_read_buf_size(). + * 20120211.98 (2.4.47-dev) Add ap_proxy_should_override to mod_proxy.h + * 20120211.99 (2.4.47-dev) Add proxy_tunnel_rec, ap_proxy_tunnel_create() + * and ap_proxy_tunnel_run() to proxy_util. + * 20120211.99 (2.4.47-dev) Add ap_proxy_worker_can_upgrade() + * 20120211.100 (2.4.47-dev) Add ap_proxy_prefetch_input(), + * ap_proxy_spool_input() and + * ap_proxy_read_input(). + * 20120211.101 (2.4.47-dev) ETAG_DIGEST in http_core.h. struct etag_rec, + * ap_make_etag_ex() and ap_set_etag_fd() in + * http_protocol.h. ap_request_bnotes_t, + * AP_REQUEST_STRONG_ETAG, AP_REQUEST_GET_BNOTE, + * AP_REQUEST_SET_BNOTE and AP_REQUEST_IS_STRONG_ETAG + * in httpd.h. + * 20120211.102 (2.4.47-dev) Add ap_ssl_conn_is_ssl()/ap_ssl_var_lookup() and hooks + * 20120211.103 (2.4.47-dev) Add ap_ssl_add_cert_files, ap_ssl_add_fallback_cert_files + * and ap_ssl_answer_challenge and hooks. + * 20120211.104 (2.4.47-dev) Move ap_ssl_* into new http_ssl.h header file + * 20120211.105 (2.4.47-dev) Add ap_ssl_ocsp* hooks and functions to http_ssl.h. + * 20120211.106 (2.4.49-dev) Add ap_create_request(). + * 20120211.107 (2.4.49-dev) Add ap_parse_request_line() and + * ap_check_request_header() + * 20120211.108 (2.4.49-dev) Add ajp_handle_cping_cpong + * 20120211.109 (2.4.49-dev) Add ap_normalize_path(), + * pre_translate_name hook and + * Add map_encoded_one and map_encoded_all bits to + * proxy_server_conf. + * 20120211.110 (2.4.49-dev) Add hook child_stopping to get informed that a child + * is being shut down. + * 20120211.111 (2.4.49-dev) Add dav_get_provider(), dav_open_lockdb(), + * dav_close_lockdb() and dav_get_resource() to + * mod_dav.h. + * 20120211.112 (2.4.49-dev) Add deliver_report and gather_reports hooks. + * 20120211.113 (2.4.49-dev) Add method_precondition hook. + * 20120211.114 (2.4.49-dev) Add optional balancer_manage function. + * 20120211.115 (2.4.49-dev) Add ap_proxy_get_worker_ex() and + * ap_proxy_define_worker_ex() to mod_proxy.h + * 20120211.116 (2.4.49-dev) add conn_rec->outgoing and ap_ssl_bind_outgoing() + * 20120211.117 (2.4.50-dev) Add ap_pre_connection + * 20120211.118 (2.4.51-dev) Add ap_unescape_url_ex() and deprecate + * AP_NORMALIZE_DROP_PARAMETERS + * 20120211.119 (2.4.51-dev) Add dav_validate_root_ns(), dav_find_child_ns(), + * dav_find_next_ns(), dav_find_attr_ns() and + * dav_find_attr(). + * 20120211.120 (2.4.51-dev) Add dav_liveprop_elem structure and + * dav_get_liveprop_element(). + * 20120211.121 (2.4.51-dev) Add ap_post_read_request() + * 20120211.122 (2.4.51-dev) Add ap_thread_create(), ap_thread_main_create() + * and ap_thread_current() + * 20120211.123 (2.4.51-dev) Added ap_pcre_version_string(), AP_REG_PCRE_COMPILED + * and AP_REG_PCRE_LOADED to ap_regex.h. + * 20120211.124 (2.4.51-dev) Add name_ex to struct proxy_worker_shared + * 20120211.125 (2.4.55-dev) Export mod_http2.h as public header + * 20120211.126 (2.4.55-dev) Add additional hcmethod_t enums and PROXY_WORKER_IS_ERROR + * 20120211.127 (2.4.56-dev) Add ap_proxy_canonenc_ex + * 20120211.128 (2.4.55-dev) Add AP_CTIME_OPTION_GMTOFF to util_time.h + * 20120211.129 (2.4.58-dev) Add ap_get_pollfd_from_conn() + * 20120211.130 (2.4.59-dev) Add ap_proxy_determine_address() + * 20120211.131 (2.4.59-dev) Add DAV_WALKTYPE_TOLERANT */ #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */ @@ -531,7 +606,7 @@ #ifndef MODULE_MAGIC_NUMBER_MAJOR #define MODULE_MAGIC_NUMBER_MAJOR 20120211 #endif -#define MODULE_MAGIC_NUMBER_MINOR 83 /* 0...n */ +#define MODULE_MAGIC_NUMBER_MINOR 131 /* 0...n */ /** * Determine if the server's current MODULE_MAGIC_NUMBER is at least a diff --git a/include/ap_mpm.h b/include/ap_mpm.h index 71f8f47..e3a58aa 100644 --- a/include/ap_mpm.h +++ b/include/ap_mpm.h @@ -88,6 +88,7 @@ extern "C" { * @param plog the log pool, reset after the config file is read * @param server_conf the global server config. * @return DONE for shutdown OK otherwise. + * @ingroup hooks */ AP_DECLARE_HOOK(int, mpm, (apr_pool_t *pconf, apr_pool_t *plog, server_rec *server_conf)) @@ -113,42 +114,75 @@ AP_DECLARE(apr_status_t) ap_os_create_privileged_process( apr_procattr_t *attr, apr_pool_t *p); -/* Subtypes/Values for AP_MPMQ_IS_THREADED and AP_MPMQ_IS_FORKED */ -#define AP_MPMQ_NOT_SUPPORTED 0 /* This value specifies that an */ - /* MPM is not capable of */ - /* threading or forking. */ -#define AP_MPMQ_STATIC 1 /* This value specifies that */ - /* an MPM is using a static */ - /* number of threads or daemons */ -#define AP_MPMQ_DYNAMIC 2 /* This value specifies that */ - /* an MPM is using a dynamic */ - /* number of threads or daemons */ - -/* Values returned for AP_MPMQ_MPM_STATE */ +/** @defgroup mpmq MPM query + * @{ + */ + +/** @defgroup thrdfrk Subtypes/Values returned for AP_MPMQ_IS_THREADED and AP_MPMQ_IS_FORKED + * @ingroup mpmq + * @{ + */ +#define AP_MPMQ_NOT_SUPPORTED 0 /**< This value specifies that an + * MPM is not capable of + * threading or forking. */ +#define AP_MPMQ_STATIC 1 /**< This value specifies that + * an MPM is using a static + * number of threads or daemons */ +#define AP_MPMQ_DYNAMIC 2 /**< This value specifies that + * an MPM is using a dynamic + * number of threads or daemons */ +/** @} */ + +/** @defgroup qstate Values returned for AP_MPMQ_MPM_STATE + * @ingroup mpmq + * @{ + */ #define AP_MPMQ_STARTING 0 #define AP_MPMQ_RUNNING 1 #define AP_MPMQ_STOPPING 2 +/** @} */ -#define AP_MPMQ_MAX_DAEMON_USED 1 /* Max # of daemons used so far */ -#define AP_MPMQ_IS_THREADED 2 /* MPM can do threading */ -#define AP_MPMQ_IS_FORKED 3 /* MPM can do forking */ -#define AP_MPMQ_HARD_LIMIT_DAEMONS 4 /* The compiled max # daemons */ -#define AP_MPMQ_HARD_LIMIT_THREADS 5 /* The compiled max # threads */ -#define AP_MPMQ_MAX_THREADS 6 /* # of threads/child by config */ -#define AP_MPMQ_MIN_SPARE_DAEMONS 7 /* Min # of spare daemons */ -#define AP_MPMQ_MIN_SPARE_THREADS 8 /* Min # of spare threads */ -#define AP_MPMQ_MAX_SPARE_DAEMONS 9 /* Max # of spare daemons */ -#define AP_MPMQ_MAX_SPARE_THREADS 10 /* Max # of spare threads */ -#define AP_MPMQ_MAX_REQUESTS_DAEMON 11 /* Max # of requests per daemon */ -#define AP_MPMQ_MAX_DAEMONS 12 /* Max # of daemons by config */ -#define AP_MPMQ_MPM_STATE 13 /* starting, running, stopping */ -#define AP_MPMQ_IS_ASYNC 14 /* MPM can process async connections */ -#define AP_MPMQ_GENERATION 15 /* MPM generation */ -#define AP_MPMQ_HAS_SERF 16 /* MPM can drive serf internally */ +/** @defgroup qcodes Query codes for ap_mpm_query() + * @ingroup mpmq + * @{ + */ +/** Max # of daemons used so far */ +#define AP_MPMQ_MAX_DAEMON_USED 1 +/** MPM can do threading */ +#define AP_MPMQ_IS_THREADED 2 +/** MPM can do forking */ +#define AP_MPMQ_IS_FORKED 3 +/** The compiled max # daemons */ +#define AP_MPMQ_HARD_LIMIT_DAEMONS 4 +/** The compiled max # threads */ +#define AP_MPMQ_HARD_LIMIT_THREADS 5 +/** \# of threads/child by config */ +#define AP_MPMQ_MAX_THREADS 6 +/** Min # of spare daemons */ +#define AP_MPMQ_MIN_SPARE_DAEMONS 7 +/** Min # of spare threads */ +#define AP_MPMQ_MIN_SPARE_THREADS 8 +/** Max # of spare daemons */ +#define AP_MPMQ_MAX_SPARE_DAEMONS 9 +/** Max # of spare threads */ +#define AP_MPMQ_MAX_SPARE_THREADS 10 +/** Max # of requests per daemon */ +#define AP_MPMQ_MAX_REQUESTS_DAEMON 11 +/** Max # of daemons by config */ +#define AP_MPMQ_MAX_DAEMONS 12 +/** starting, running, stopping */ +#define AP_MPMQ_MPM_STATE 13 +/** MPM can process async connections */ +#define AP_MPMQ_IS_ASYNC 14 +/** MPM generation */ +#define AP_MPMQ_GENERATION 15 +/** MPM can drive serf internally */ +#define AP_MPMQ_HAS_SERF 16 +/** @} */ /** * Query a property of the current MPM. - * @param query_code One of APM_MPMQ_* + * @param query_code One of AP_MPMQ_* * @param result A location to place the result of the query * @return APR_EGENERAL if an mpm-query hook has not been registered; * APR_SUCCESS or APR_ENOTIMPL otherwise @@ -159,6 +193,7 @@ AP_DECLARE(apr_status_t) ap_os_create_privileged_process( */ AP_DECLARE(apr_status_t) ap_mpm_query(int query_code, int *result); +/** @} */ typedef void (ap_mpm_callback_fn_t)(void *baton); @@ -191,6 +226,7 @@ typedef enum mpm_child_status { * scoreboard slot. * @param state One of the mpm_child_status values. Modules should ignore * unrecognized values. + * @ingroup hooks */ AP_DECLARE_HOOK(void,child_status,(server_rec *s, pid_t pid, ap_generation_t gen, int slot, mpm_child_status state)) @@ -201,6 +237,7 @@ AP_DECLARE_HOOK(void,child_status,(server_rec *s, pid_t pid, ap_generation_t gen * * @param s The main server_rec. * @param gen The server generation which is now completely finished. + * @ingroup hooks */ AP_DECLARE_HOOK(void,end_generation,(server_rec *s, ap_generation_t gen)) @@ -224,6 +261,14 @@ typedef struct ap_exception_info_t { pid_t pid; } ap_exception_info_t; +/** + * Run the fatal_exception hook for each module; this hook is run + * from some MPMs in the event of a child process crash, if the + * server was built with --enable-exception-hook and the + * EnableExceptionHook directive is On. + * @param ei information about the exception + * @ingroup hooks + */ AP_DECLARE_HOOK(int,fatal_exception,(ap_exception_info_t *ei)) #endif /*AP_ENABLE_EXCEPTION_HOOK*/ diff --git a/include/ap_regex.h b/include/ap_regex.h index 7d8df79..50d5aba 100644 --- a/include/ap_regex.h +++ b/include/ap_regex.h @@ -84,7 +84,17 @@ extern "C" { #define AP_REG_DOLLAR_ENDONLY 0x200 /* '$' matches at end of subject string only */ -#define AP_REG_MATCH "MATCH_" /** suggested prefix for ap_regname */ +#define AP_REG_NO_DEFAULT 0x400 /**< Don't implicitely add AP_REG_DEFAULT options */ + +#define AP_REG_MATCH "MATCH_" /**< suggested prefix for ap_regname */ + +#define AP_REG_DEFAULT (AP_REG_DOTALL|AP_REG_DOLLAR_ENDONLY) + +/* Arguments for ap_pcre_version_string */ +enum { + AP_REG_PCRE_COMPILED = 0, /** PCRE version used during program compilation */ + AP_REG_PCRE_LOADED /** PCRE version loaded at runtime */ +}; /* Error values: */ enum { @@ -110,6 +120,15 @@ typedef struct { /* The functions */ /** + * Return PCRE version string. + * @param which Either AP_REG_PCRE_COMPILED (PCRE version used + * during program compilation) or AP_REG_PCRE_LOADED + * (PCRE version used at runtime) + * @return The PCRE version string + */ +AP_DECLARE(const char *) ap_pcre_version_string(int which); + +/** * Get default compile flags * @return Bitwise OR of AP_REG_* flags */ @@ -182,6 +201,8 @@ AP_DECLARE(apr_size_t) ap_regerror(int errcode, const ap_regex_t *preg, * Return an array of named regex backreferences * @param preg The precompiled regex * @param names The array to which the names will be added + * @param prefix An optional prefix to add to the returned names. AP_REG_MATCH + * is the recommended prefix. * @param upper If non zero, uppercase the names */ AP_DECLARE(int) ap_regname(const ap_regex_t *preg, diff --git a/include/ap_release.h b/include/ap_release.h index c1b1300..827dfc0 100644 --- a/include/ap_release.h +++ b/include/ap_release.h @@ -23,7 +23,7 @@ #define AP_RELEASE_H #define AP_SERVER_COPYRIGHT \ - "Copyright 2019 The Apache Software Foundation." + "Copyright 2024 The Apache Software Foundation." /* * The below defines the base string of the Server: header. Additional @@ -43,7 +43,7 @@ #define AP_SERVER_MAJORVERSION_NUMBER 2 #define AP_SERVER_MINORVERSION_NUMBER 4 -#define AP_SERVER_PATCHLEVEL_NUMBER 38 +#define AP_SERVER_PATCHLEVEL_NUMBER 59 #define AP_SERVER_DEVBUILD_BOOLEAN 0 /* Synchronize the above with docs/manual/style/version.ent */ diff --git a/include/http_config.h b/include/http_config.h index adc5825..8359eb1 100644 --- a/include/http_config.h +++ b/include/http_config.h @@ -786,7 +786,7 @@ AP_DECLARE(void) ap_remove_module(module *m); AP_DECLARE(const char *) ap_add_loaded_module(module *mod, apr_pool_t *p, const char *s); /** - * Remove a module fromthe chained modules list and the list of loaded modules + * Remove a module from the chained modules list and the list of loaded modules * @param mod the module structure of the module to remove */ AP_DECLARE(void) ap_remove_loaded_module(module *mod); @@ -907,7 +907,7 @@ AP_DECLARE(const char *) ap_build_cont_config(apr_pool_t *p, * @param conf_pool The pconf pool * @param temp_pool The temporary pool * @param conftree Place to store the root node of the config tree - * @return Error string on erro, NULL otherwise + * @return Error string on error, NULL otherwise * @note If conf_pool == temp_pool, ap_build_config() will assume .htaccess * context and use a lower maximum line length. */ @@ -928,6 +928,21 @@ AP_DECLARE(const char *) ap_walk_config(ap_directive_t *conftree, ap_conf_vector_t *section_vector); /** + * Convenience function to create a ap_dir_match_t structure from a cmd_parms. + * + * @param cmd The command. + * @param flags Flags to indicate whether optional or recursive. + * @param cb Callback for each file found that matches the wildcard. Return NULL on + * success, an error string on error. + * @param ctx Context for the callback. + * @return Structure ap_dir_match_t with fields populated, allocated from the + * cmd->temp_pool. + */ +AP_DECLARE(ap_dir_match_t *)ap_dir_cfgmatch(cmd_parms *cmd, int flags, + const char *(*cb)(ap_dir_match_t *w, const char *fname), void *ctx) + __attribute__((nonnull(1,3))); + +/** * @defgroup ap_check_cmd_context Check command context * @{ */ @@ -1054,7 +1069,7 @@ AP_DECLARE(void) ap_run_rewrite_args(process_rec *process); /** * Run the register hooks function for a specified module - * @param m The module to run the register hooks function fo + * @param m The module to run the register hooks function from * @param p The pool valid for the lifetime of the module */ AP_DECLARE(void) ap_register_hooks(module *m, apr_pool_t *p); @@ -1283,6 +1298,7 @@ AP_CORE_DECLARE(void *) ap_set_config_vectors(server_rec *server, * Run the header parser functions for each module * @param r The current request * @return OK or DECLINED + * @ingroup hooks */ AP_DECLARE_HOOK(int,header_parser,(request_rec *r)) @@ -1292,6 +1308,7 @@ AP_DECLARE_HOOK(int,header_parser,(request_rec *r)) * @param plog The logging streams pool * @param ptemp The temporary pool * @return OK or DECLINED on success anything else is a error + * @ingroup hooks */ AP_DECLARE_HOOK(int,pre_config,(apr_pool_t *pconf,apr_pool_t *plog, apr_pool_t *ptemp)) @@ -1303,6 +1320,7 @@ AP_DECLARE_HOOK(int,pre_config,(apr_pool_t *pconf,apr_pool_t *plog, * @param ptemp The temporary pool * @param s the server to operate upon * @return OK or DECLINED on success anything else is a error + * @ingroup hooks */ AP_DECLARE_HOOK(int,check_config,(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)) @@ -1315,17 +1333,28 @@ AP_DECLARE_HOOK(int,check_config,(apr_pool_t *pconf, apr_pool_t *plog, * @note To avoid reordering problems due to different buffering, hook * functions should only apr_file_*() to print to stdout/stderr and * not simple printf()/fprintf(). - * + * @ingroup hooks */ AP_DECLARE_HOOK(void,test_config,(apr_pool_t *pconf, server_rec *s)) /** * Run the post_config function for each module + * + * The function might be called multiple times. @a pconf, @a plog, and + * @a ptemp may be cleared and/or destroyed between calls. + * + * The function will be called zero or one times with the server's state being + * #AP_SQ_MS_CREATE_PRE_CONFIG, and will be called one or more times with + * the server's state being #AP_SQ_MS_CREATE_CONFIG. + * + * @see ap_state_query(), #AP_SQ_MAIN_STATE + * * @param pconf The config pool * @param plog The logging streams pool * @param ptemp The temporary pool * @param s The list of server_recs * @return OK or DECLINED on success anything else is a error + * @ingroup hooks */ AP_DECLARE_HOOK(int,post_config,(apr_pool_t *pconf,apr_pool_t *plog, apr_pool_t *ptemp,server_rec *s)) @@ -1337,6 +1366,7 @@ AP_DECLARE_HOOK(int,post_config,(apr_pool_t *pconf,apr_pool_t *plog, * @param ptemp The temporary pool * @param s The list of server_recs * @return OK or DECLINED on success anything else is a error + * @ingroup hooks */ AP_DECLARE_HOOK(int,open_logs,(apr_pool_t *pconf,apr_pool_t *plog, apr_pool_t *ptemp,server_rec *s)) @@ -1345,6 +1375,7 @@ AP_DECLARE_HOOK(int,open_logs,(apr_pool_t *pconf,apr_pool_t *plog, * Run the child_init functions for each module * @param pchild The child pool * @param s The list of server_recs in this server + * @ingroup hooks */ AP_DECLARE_HOOK(void,child_init,(apr_pool_t *pchild, server_rec *s)) @@ -1352,6 +1383,7 @@ AP_DECLARE_HOOK(void,child_init,(apr_pool_t *pchild, server_rec *s)) * Run the handler functions for each module * @param r The request_rec * @remark non-wildcard handlers should HOOK_MIDDLE, wildcard HOOK_LAST + * @ingroup hooks */ AP_DECLARE_HOOK(int,handler,(request_rec *r)) @@ -1365,6 +1397,7 @@ AP_DECLARE_HOOK(int,handler,(request_rec *r)) * @param lookup_uri Controls whether the caller actually wants content or not. * lookup is set when the quick_handler is called out of * ap_sub_req_lookup_uri() + * @ingroup hooks */ AP_DECLARE_HOOK(int,quick_handler,(request_rec *r, int lookup_uri)) @@ -1372,6 +1405,7 @@ AP_DECLARE_HOOK(int,quick_handler,(request_rec *r, int lookup_uri)) * Retrieve the optional functions for each module. * This is run immediately before the server starts. Optional functions should * be registered during the hook registration phase. + * @ingroup hooks */ AP_DECLARE_HOOK(void,optional_fn_retrieve,(void)) @@ -1388,6 +1422,7 @@ AP_DECLARE_HOOK(void,optional_fn_retrieve,(void)) * APR_ENOENT or APR_ENOTDIR if no htaccess file exists, * AP_DECLINED to let later modules do the opening, * any other error code on error. + * @ingroup hooks */ AP_DECLARE_HOOK(apr_status_t,open_htaccess, (request_rec *r, const char *dir_name, const char *access_name, diff --git a/include/http_connection.h b/include/http_connection.h index 8bc009d..71f02bd 100644 --- a/include/http_connection.h +++ b/include/http_connection.h @@ -135,6 +135,21 @@ AP_DECLARE_HOOK(int,process_connection,(conn_rec *c)) */ AP_DECLARE_HOOK(int,pre_close_connection,(conn_rec *c)) +/** + * This is a wrapper around ap_run_pre_connection. In case that + * ap_run_pre_connection returns an error it marks the connection as + * aborted and ensures that the basic connection setup normally done + * by the core module is done in case it was not done so far. + * @param c The connection on which the request has been received. + * Same as for the pre_connection hook. + * @param csd The mechanism on which this connection is to be read. + * Most times this will be a socket, but it is up to the module + * that accepts the request to determine the exact type. + * Same as for the pre_connection hook. + * @return The result of ap_run_pre_connection + */ +AP_DECLARE(int) ap_pre_connection(conn_rec *c, void *csd); + /** End Of Connection (EOC) bucket */ AP_DECLARE_DATA extern const apr_bucket_type_t ap_bucket_type_eoc; diff --git a/include/http_core.h b/include/http_core.h index 35df5dc..948034f 100644 --- a/include/http_core.h +++ b/include/http_core.h @@ -31,6 +31,7 @@ #include "apr_optional.h" #include "util_filter.h" #include "ap_expr.h" +#include "apr_poll.h" #include "apr_tables.h" #include "http_config.h" @@ -160,7 +161,7 @@ AP_DECLARE(const char *) ap_document_root(request_rec *r); /** * Lookup the remote user agent's DNS name or IP address - * @ingroup get_remote_hostname + * @ingroup get_remote_host * @param req The current request * @param type The type of lookup to perform. One of: * <pre> @@ -254,6 +255,13 @@ AP_DECLARE(const char *) ap_get_server_name_for_url(request_rec *r); AP_DECLARE(apr_port_t) ap_get_server_port(const request_rec *r); /** + * Get the size of read buffers + * @param r The current request + * @return The read buffers size + */ +AP_DECLARE(apr_size_t) ap_get_read_buf_size(const request_rec *r); + +/** * Return the limit on bytes in request msg body * @param r The current request * @return the maximum number of bytes in the request msg body @@ -482,12 +490,13 @@ typedef unsigned int overrides_t; */ typedef unsigned long etag_components_t; -#define ETAG_UNSET 0 -#define ETAG_NONE (1 << 0) -#define ETAG_MTIME (1 << 1) -#define ETAG_INODE (1 << 2) -#define ETAG_SIZE (1 << 3) -#define ETAG_ALL (ETAG_MTIME | ETAG_INODE | ETAG_SIZE) +#define ETAG_UNSET 0 +#define ETAG_NONE (1 << 0) +#define ETAG_MTIME (1 << 1) +#define ETAG_INODE (1 << 2) +#define ETAG_SIZE (1 << 3) +#define ETAG_DIGEST (1 << 4) +#define ETAG_ALL (ETAG_MTIME | ETAG_INODE | ETAG_SIZE) /* This is the default value used */ #define ETAG_BACKWARD (ETAG_MTIME | ETAG_SIZE) @@ -672,6 +681,8 @@ typedef struct { /** Table of rules for building CGI variables, NULL if none configured */ apr_hash_t *cgi_var_rules; + + apr_size_t read_buf_size; } core_dir_config; /* macro to implement off by default behaviour */ @@ -740,7 +751,11 @@ typedef struct { #define AP_HTTP_METHODS_LENIENT 1 #define AP_HTTP_METHODS_REGISTERED 2 char http_methods; - + unsigned int merge_slashes; + + apr_size_t flush_max_threshold; + apr_int32_t flush_max_pipelined; + unsigned int strict_host_check; } core_server_config; /* for AddOutputFiltersByType in core.c */ @@ -769,6 +784,11 @@ AP_DECLARE(void) ap_set_server_protocol(server_rec* s, const char* proto); typedef struct core_output_filter_ctx core_output_filter_ctx_t; typedef struct core_filter_ctx core_ctx_t; +struct core_filter_ctx { + apr_bucket_brigade *b; + apr_bucket_brigade *tmpbb; +}; + typedef struct core_net_rec { /** Connection to the client */ apr_socket_t *client_socket; @@ -1041,6 +1061,31 @@ AP_DECLARE(int) ap_state_query(int query_code); /** only dump some parts of the config */ #define AP_SQ_RM_CONFIG_DUMP 4 +/** Get a apr_pollfd_t populated with descriptor and descriptor type + * and the timeout to use for it. + * @return APR_ENOTIMPL if not supported for a connection. + */ +AP_DECLARE_HOOK(apr_status_t, get_pollfd_from_conn, + (conn_rec *c, struct apr_pollfd_t *pfd, + apr_interval_time_t *ptimeout)) + +/** + * Pass in a `struct apr_pollfd_t*` and get `desc_type` and `desc` + * populated with a suitable value for polling connection input. + * For primary connection (c->master == NULL), this will be the connection + * socket. For secondary connections this may differ or not be available + * at all. + * Note that APR_NO_DESC may be set to indicate that the connection + * input is already closed. + * + * @param pfd the pollfd to set the descriptor in + * @param ptimeout != NULL to retrieve the timeout in effect + * @return ARP_SUCCESS when the information was assigned. + */ +AP_CORE_DECLARE(apr_status_t) ap_get_pollfd_from_conn(conn_rec *c, + struct apr_pollfd_t *pfd, + apr_interval_time_t *ptimeout); + #ifdef __cplusplus } #endif diff --git a/include/http_protocol.h b/include/http_protocol.h index 11c7b2d..94c481e 100644 --- a/include/http_protocol.h +++ b/include/http_protocol.h @@ -54,6 +54,13 @@ AP_DECLARE_DATA extern ap_filter_rec_t *ap_old_write_func; */ /** + * Read an empty request and set reasonable defaults. + * @param c The current connection + * @return The new request_rec + */ +AP_DECLARE(request_rec *) ap_create_request(conn_rec *c); + +/** * Read a request and fill in the fields. * @param c The current connection * @return The new request_rec @@ -61,6 +68,20 @@ AP_DECLARE_DATA extern ap_filter_rec_t *ap_old_write_func; request_rec *ap_read_request(conn_rec *c); /** + * Parse and validate the request line. + * @param r The current request + * @return 1 on success, 0 on failure + */ +AP_DECLARE(int) ap_parse_request_line(request_rec *r); + +/** + * Validate the request header and select vhost. + * @param r The current request + * @return 1 on success, 0 on failure + */ +AP_DECLARE(int) ap_check_request_header(request_rec *r); + +/** * Read the mime-encoded headers. * @param r The current request */ @@ -75,6 +96,13 @@ AP_DECLARE(void) ap_get_mime_headers(request_rec *r); AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb); +/** + * Run post_read_request hook and validate. + * @param r The current request + * @return OK or HTTP_... + */ +AP_DECLARE(int) ap_post_read_request(request_rec *r); + /* Finish up stuff after a request */ /** @@ -145,6 +173,27 @@ AP_DECLARE(const char *) ap_make_content_type(request_rec *r, */ AP_DECLARE(void) ap_setup_make_content_type(apr_pool_t *pool); +/** A structure with the ingredients for a file based etag */ +typedef struct etag_rec etag_rec; + +/** + * @brief A structure with the ingredients for a file based etag + */ +struct etag_rec { + /** Optional vary list validator */ + const char *vlist_validator; + /** Time when the request started */ + apr_time_t request_time; + /** finfo.protection (st_mode) set to zero if no such file */ + apr_finfo_t *finfo; + /** File pathname used when generating a digest */ + const char *pathname; + /** File descriptor used when generating a digest */ + apr_file_t *fd; + /** Force a non-digest etag to be weak */ + int force_weak; +}; + /** * Construct an entity tag from the resource information. If it's a real * file, build in some of the file characteristics. @@ -156,12 +205,27 @@ AP_DECLARE(void) ap_setup_make_content_type(apr_pool_t *pool); AP_DECLARE(char *) ap_make_etag(request_rec *r, int force_weak); /** + * Construct an entity tag from information provided in the etag_rec + * structure. + * @param r The current request + * @param er The etag record, containing ingredients for the etag. + */ +AP_DECLARE(char *) ap_make_etag_ex(request_rec *r, etag_rec *er); + +/** * Set the E-tag outgoing header * @param r The current request */ AP_DECLARE(void) ap_set_etag(request_rec *r); /** + * Set the E-tag outgoing header, with the option of forcing a strong ETag. + * @param r The current request + * @param fd The file descriptor + */ +AP_DECLARE(void) ap_set_etag_fd(request_rec *r, apr_file_t *fd); + +/** * Set the last modified time for the file being sent * @param r The current request */ @@ -411,7 +475,27 @@ AP_DECLARE(int) ap_rwrite(const void *buf, int nbyte, request_rec *r); */ static APR_INLINE int ap_rputs(const char *str, request_rec *r) { - return ap_rwrite(str, (int)strlen(str), r); + apr_size_t len; + + len = strlen(str); + + for (;;) { + if (len <= INT_MAX) { + return ap_rwrite(str, (int)len, r); + } + else { + int rc; + + rc = ap_rwrite(str, INT_MAX, r); + if (rc < 0) { + return rc; + } + else { + str += INT_MAX; + len -= INT_MAX; + } + } + } } /** @@ -466,6 +550,17 @@ AP_DECLARE(int) ap_index_of_response(int status); */ AP_DECLARE(const char *) ap_get_status_line(int status); +/** + * Return the Status-Line for a given status code (excluding the + * HTTP-Version field). If an invalid status code is passed, + * "500 Internal Server Error" will be returned, whereas an unknown + * status will be returned like "xxx Status xxx". + * @param p The pool to allocate from when status is unknown + * @param status The HTTP status code + * @return The Status-Line + */ +AP_DECLARE(const char *) ap_get_status_line_ex(apr_pool_t *p, int status); + /* Reading a block of data from the client connection (e.g., POST arg) */ /** @@ -733,7 +828,7 @@ AP_DECLARE_HOOK(const char *,http_scheme,(const request_rec *r)) AP_DECLARE_HOOK(apr_port_t,default_port,(const request_rec *r)) -#define AP_PROTOCOL_HTTP1 "http/1.1" +#define AP_PROTOCOL_HTTP1 "http/1.1" /** * Determine the list of protocols available for a connection/request. This may @@ -798,8 +893,7 @@ AP_DECLARE_HOOK(int,protocol_propose,(conn_rec *c, request_rec *r, * @param c The current connection * @param r The current request or NULL * @param s The server/virtual host selected - * @param choices A list of protocol identifiers, normally the clients whishes - * @param proposals the list of protocol identifiers proposed by the hooks + * @param protocol The protocol identifier we try to switch to * @return OK or DECLINED * @bug This API or implementation and order of operations should be considered * experimental and will continue to evolve in future 2.4 releases, with @@ -1015,6 +1109,8 @@ AP_DECLARE(void) ap_finalize_sub_req_protocol(request_rec *sub_r); */ AP_DECLARE(void) ap_send_interim_response(request_rec *r, int send_headers); + + #ifdef __cplusplus } #endif diff --git a/include/http_request.h b/include/http_request.h index 0013d39..7e8bfad 100644 --- a/include/http_request.h +++ b/include/http_request.h @@ -332,14 +332,14 @@ void ap_process_async_request(request_rec *r); /** * Kill the current request - * @param type Why the request is dieing + * @param type Why the request is dying * @param r The current request */ AP_DECLARE(void) ap_die(int type, request_rec *r); /** * Check whether a connection is still established and has data available, - * optionnaly consuming blank lines ([CR]LF). + * optionally consuming blank lines ([CR]LF). * @param c The current connection * @param bb The brigade to filter * @param max_blank_lines Max number of blank lines to consume, or zero @@ -364,6 +364,18 @@ AP_DECLARE_HOOK(int,create_request,(request_rec *r)) /** * This hook allow modules an opportunity to translate the URI into an + * actual filename, before URL decoding happens. + * @param r The current request + * @return DECLINED to let other modules handle the pre-translation, + * OK if it was handled and no other module should process it, + * DONE if no further transformation should happen on the URI, + * HTTP_... in case of error. + * @ingroup hooks + */ +AP_DECLARE_HOOK(int,pre_translate_name,(request_rec *r)) + +/** + * This hook allow modules an opportunity to translate the URI into an * actual filename. If no modules do anything special, the server's default * rules will be followed. * @param r The current request @@ -443,7 +455,7 @@ AP_DECLARE_HOOK(int,access_checker,(request_rec *r)) * This hook should be registered with ap_hook_check_access_ex(). * * @param r the current request - * @return OK (allow acces), DECLINED (let later modules decide), + * @return OK (allow access), DECLINED (let later modules decide), * or HTTP_... (deny access) * @ingroup hooks * @see ap_hook_check_access_ex @@ -549,7 +561,7 @@ AP_DECLARE_HOOK(void,insert_filter,(request_rec *r)) * This hook allows modules to affect the request immediately after the * per-directory configuration for the request has been generated. * @param r The current request - * @return OK (allow acces), DECLINED (let later modules decide), + * @return OK (allow access), DECLINED (let later modules decide), * or HTTP_... (deny access) * @ingroup hooks */ @@ -589,7 +601,7 @@ AP_DECLARE_DATA extern const apr_bucket_type_t ap_bucket_type_eor; * @param e The bucket to inspect * @return true or false */ -#define AP_BUCKET_IS_EOR(e) (e->type == &ap_bucket_type_eor) +#define AP_BUCKET_IS_EOR(e) ((e)->type == &ap_bucket_type_eor) /** * Make the bucket passed in an End Of REQUEST (EOR) bucket diff --git a/include/http_ssl.h b/include/http_ssl.h new file mode 100644 index 0000000..2e052c5 --- /dev/null +++ b/include/http_ssl.h @@ -0,0 +1,317 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @file http_ssl.h + * @brief SSL protocol handling + * + * @defgroup APACHE_CORE_PROTO SSL Protocol Handling + * @ingroup APACHE_CORE + * @{ + */ + +#ifndef APACHE_HTTP_SSL_H +#define APACHE_HTTP_SSL_H + +#include "httpd.h" +#include "apr_portable.h" +#include "apr_mmap.h" + +#ifdef __cplusplus +extern "C" { +#endif + +struct ap_conf_vector_t; + +/** + * This hook allows modules that manage SSL connection to register their + * inquiry function for checking if a connection is using SSL from them. + * @param c The current connection + * @return OK if the connection is using SSL, DECLINED if not. + * @ingroup hooks + */ +AP_DECLARE_HOOK(int,ssl_conn_is_ssl,(conn_rec *c)) + +/** + * Return != 0 iff the connection is encrypted with SSL. + * @param c the connection + */ +AP_DECLARE(int) ap_ssl_conn_is_ssl(conn_rec *c); + +/** + * This hook declares a connection to be outgoing and the configuration that applies to it. + * This hook can be called several times in the lifetime of an outgoing connection, e.g. + * when it is re-used in different request contexts. It will at least be called after the + * connection was created and before the pre-connection hooks is invoked. + * All outgoing-connection hooks are run until one returns something other than DECLINE. + * if enable_ssl != 0, a hook that sets up SSL for the connection needs to return OK + * to prevent subsequent hooks from doing the same. + * + * @param c The connection on which requests/data are to be sent. + * @param dir_conf The directory configuration in which this connection is being used. + * @param enable_ssl If != 0, the SSL protocol should be enabled for this connection. + * @return DECLINED, OK when ssl was enabled + */ +AP_DECLARE_HOOK(int, ssl_bind_outgoing, + (conn_rec *c, struct ap_conf_vector_t *dir_conf, int enable_ssl)) + +/** + * Assures the connection is marked as outgoing and invokes the ssl_bind_outgoing hook. + * This may be called several times on an outgoing connection with varying dir_conf + * values. require_ssl is not allowed to change on the same connection. + * + * @param c The connection on which requests/data are to be sent. + * @param dir_conf The directory configuration in which this connection is being used. + * @param require_ssl != 0 iff this connection needs to be secured by SSL/TLS protocol. + * @return OK iff ssl was required and is enabled, DECLINED otherwise + */ +AP_DECLARE(int) ap_ssl_bind_outgoing(conn_rec *c, struct ap_conf_vector_t *dir_conf, + int require_ssl); + +/** + * Return != 0 iff handlers/hooks for outgoing connections are registered. + */ +AP_DECLARE(int) ap_ssl_has_outgoing_handlers(void); + +/** + * This hook allows modules to look up SSL related variables for a + * server/connection/request, depending on what they inquire. Some + * variables will only be available for a connection/request, for example. + * @param p The pool to allocate a returned value in, MUST be provided + * @param s The server to inquire a value for, maybe NULL + * @param c The current connection, maybe NULL + * @param r The current request, maybe NULL + * @param name The name of the variable to retrieve, MUST be provided + * @return value or the variable or NULL if not provided/available + * @ingroup hooks + */ +AP_DECLARE_HOOK(const char *,ssl_var_lookup, + (apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, const char *name)) + +/** + * Lookup an SSL related variable for the server/connection/request or a global + * value when all those parameters are set to NULL. Pool and name must always be + * provided and the returned value (if not NULL) will be allocated from the pool. + * @param p The pool to allocate a returned value in, MUST be provided + * @param s The server to inquire a value for, maybe NULL + * @param c The current connection, maybe NULL + * @param r The current request, maybe NULL + * @param name The name of the variable to retrieve, MUST be provided + * @return value or the variable or NULL if not provided/available + */ +AP_DECLARE(const char *) ap_ssl_var_lookup(apr_pool_t *p, server_rec *s, + conn_rec *c, request_rec *r, + const char *name); + +/** + * Register to provide certificate/key files for servers. Certificate files are + * expected to contain the certificate chain, beginning with the server's certificate, + * excluding the trust anchor, in PEM format. + * They must be accompanied by a private key file, also in PEM format. + * + * @param s the server certificates are collected for + * @param p the pool to use for allocations + * @param cert_files an array of const char* with the path to the certificate chain + * @param key_files an array of const char* with the path to the private key file + * @return OK if files were added, DECLINED if not, or other for error. + */ + +AP_DECLARE_HOOK(int, ssl_add_cert_files, (server_rec *s, apr_pool_t *p, + apr_array_header_t *cert_files, + apr_array_header_t *key_files)) + +/** + * Collect certificate/key files from all providers registered. This includes + * providers registered at the global 'ssl_add_cert_files', as well as those + * installed in the OPTIONAL 'ssl_add_cert_files' hook as may be provided by + * ssl modules. + * + * @param s the server certificates are collected for + * @param p the pool to use for allocations + * @param cert_files an array of const char* with the path to the certificate chain + * @param key_files an array of const char* with the path to the private key file + */ +AP_DECLARE(apr_status_t) ap_ssl_add_cert_files(server_rec *s, apr_pool_t *p, + apr_array_header_t *cert_files, + apr_array_header_t *key_files); + + +/** + * Register to provide 'fallback' certificates in case no 'real' certificates + * have been configured/added by other providers. Modules using these certificates + * are encouraged to answer requests to this server with a 503 response code. + * + * @param s the server certificates are collected for + * @param p the pool to use for allocations + * @param cert_files an array of const char* with the path to the certificate chain + * @param key_files an array of const char* with the path to the private key file + * @return OK if files were added, DECLINED if not, or other for error. + */ +AP_DECLARE_HOOK(int, ssl_add_fallback_cert_files, (server_rec *s, apr_pool_t *p, + apr_array_header_t *cert_files, + apr_array_header_t *key_files)) + +/** + * Collect 'fallback' certificate/key files from all registered providers, either + * in the global 'ssl_add_fallback_cert_files' hook or the optional one of similar + * name as provided by mod_ssl and sorts. + * Certificates obtained this way are commonly self signed, temporary crutches. + * To be used to the time it takes to retrieve a 'read', trusted certificate. + * A module using fallbacks is encouraged to answer all requests with a 503. + * + * @param s the server certificates are collected for + * @param p the pool to use for allocations + * @param cert_files an array of const char* with the path to the certificate chain + * @param key_files an array of const char* with the path to the private key file + */ +AP_DECLARE(apr_status_t) ap_ssl_add_fallback_cert_files(server_rec *s, apr_pool_t *p, + apr_array_header_t *cert_files, + apr_array_header_t *key_files); + + +/** + * On TLS connections that do not relate to a configured virtual host + * allow modules to provide a certificate and key to be used on the connection. + * + * A Certificate PEM added must be accompanied by a private key PEM. The private + * key PEM may be given by a NULL pointer, in which case it is expected to be found in + * the certificate PEM string. + */ +AP_DECLARE_HOOK(int, ssl_answer_challenge, (conn_rec *c, const char *server_name, + const char **pcert_pem, const char **pkey_pem)) + +/** + * Returns != 0 iff the connection is a challenge to the server, for example + * as defined in RFC 8555 for the 'tls-alpn-01' domain verification, and needs + * a specific certificate as answer in the handshake. + * + * ALPN protocol negotiation via the hooks 'protocol_propose' and 'protocol_switch' + * need to have run before this call is made. + * + * Certificate PEMs added must be accompanied by a private key PEM. The private + * key PEM may be given by a NULL pointer, in which case it is expected to be found in + * the certificate PEM string. + * + * A certificate provided this way needs to replace any other certificates selected + * by configuration or 'ssl_add_cert_pems` on this connection. + */ +AP_DECLARE(int) ap_ssl_answer_challenge(conn_rec *c, const char *server_name, + const char **pcert_pem, const char **pkey_pem); + + +/** + * Setup optional functions for ssl related queries so that functions + * registered by old-style SSL module functions are interrogated by the + * the new ap_is_ssl() and friends. Installs own optional functions, so that + * old modules looking for these find one and get the correct results (shadowing). + * + * Needs to run in core's very early POST_CONFIG hook. + * Modules providing such functions register their own optionals during + * register_hooks(). Modules using such functions retrieve them often + * in their own post-config or in the even later retrieval hook. When shadowing + * other modules functions, core's early post-config is a good time. + * @param pool The pool to use for allocations + */ +AP_DECLARE(void) ap_setup_ssl_optional_fns(apr_pool_t *pool); + +/** + * Providers of OCSP status responses register at this hook. Installed hooks returning OK + * are expected to provide later OCSP responses via a 'ap_ssl_ocsp_get_resp_hook'. + * @param s the server being configured + * @params p a memory pool to use + * @param id opaque data uniquely identifying the certificate, provided by caller + * @param pem PEM data of certificate first, followed by PEM of issuer cert + * @return OK iff stapling is being provided + */ +AP_DECLARE_HOOK(int, ssl_ocsp_prime_hook, (server_rec *s, apr_pool_t *p, + const char *id, apr_size_t id_len, + const char *pem)) + +/** + * Registering a certificate for Provisioning of OCSP responses. It is the caller's + * responsibility to provide a global (apache instance) unique id for the certificate + * that is then used later in retrieving the OCSP response. + * A certificate can be primed this way more than once, however the same identifier + * has to be provided each time (byte-wise same, not pointer same). + * The memory pointed to by `id` and `pem` is only valid for the duration of the call. + * + * @param s the server being configured + * @params p a memory pool to use + * @param id opaque data uniquely identifying the certificate, provided by caller + * @param pem PEM data of certificate first, followed by chain certs, at least the issuer + * @return APR_SUCCESS iff OCSP responses will be provided. + * APR_ENOENT when no provided was found or took responsibility. + */ +AP_DECLARE(apr_status_t) ap_ssl_ocsp_prime(server_rec *s, apr_pool_t *p, + const char *id, apr_size_t id_len, + const char *pem); + +/** + * Callback to copy over the OCSP response data. If OCSP response data is not + * available, this will be called with NULL, 0 parameters! + * + * Memory allocation methods and lifetime of data will vary per module and + * SSL library used. The caller requesting OCSP data will need to make a copy + * for his own use. + * Any passed data may only be valid for the duration of the call. + */ +typedef void ap_ssl_ocsp_copy_resp(const unsigned char *der, apr_size_t der_len, void *userdata); + +/** + * Asking for OCSP response DER data for a certificate formerly primed. + * @param s the (SNI selected) server of the connection + * @param c the connection + * @param id identifier for the certifate, as used in ocsp_stapling_prime() + * @param cb callback to invoke when response data is available + * @param userdata caller supplied data passed to callback + * @return OK iff response data has been provided, DECLINED otherwise + */ +AP_DECLARE_HOOK(int, ssl_ocsp_get_resp_hook, + (server_rec *s, conn_rec *c, const char *id, apr_size_t id_len, + ap_ssl_ocsp_copy_resp *cb, void *userdata)) + +/** + * Retrieve the OCSP response data for a previously primed certificate. The id needs + * to be byte-wise identical to the one used on priming. If the call return ARP_SUCCESS, + * the callback has been invoked with the OCSP response DER data. + * Otherwise, a different status code must be returned. Callers in SSL connection + * handshakes are encouraged to continue the handshake without OCSP data for + * server reliability. The decision to accept or reject a handshake with missing + * OCSP stapling data needs to be done by the client. + * For similar reasons, providers of responses might return seemingly expired ones + * if they were unable to refresh a response in time. + * + * The memory pointed to by `id` is only valid for the duration of the call. + * Also, the DER data passed to the callback is only valid for the duration + * of the call. + * + * @param s the (SNI selected) server of the connection + * @param c the connection + * @param id identifier for the certifate, as used in ocsp_stapling_prime() + * @param cb callback to invoke when response data is available + * @param userdata caller supplied data passed to callback + * @return APR_SUCCESS iff data has been provided + */ +AP_DECLARE(apr_status_t) ap_ssl_ocsp_get_resp(server_rec *s, conn_rec *c, + const char *id, apr_size_t id_len, + ap_ssl_ocsp_copy_resp *cb, void *userdata); + +#ifdef __cplusplus +} +#endif + +#endif /* !APACHE_HTTP_SSL_H */ +/** @} */ diff --git a/include/http_vhost.h b/include/http_vhost.h index 473c9c7..d2d9c97 100644 --- a/include/http_vhost.h +++ b/include/http_vhost.h @@ -100,6 +100,19 @@ AP_DECLARE(void) ap_update_vhost_given_ip(conn_rec *conn); AP_DECLARE(void) ap_update_vhost_from_headers(request_rec *r); /** + * Updates r->server with the best name-based virtual host match, within + * the chain of matching virtual hosts selected by ap_update_vhost_given_ip. + * @param r The current request + * @param require_match 1 to return an HTTP error if the requested hostname is + * not explicitly matched to a VirtualHost. + * @return return HTTP_OK unless require_match was specified and the requested + * hostname did not match any ServerName, ServerAlias, or VirtualHost + * address-spec. + */ +AP_DECLARE(int) ap_update_vhost_from_headers_ex(request_rec *r, int require_match); + + +/** * Match the host in the header with the hostname of the server for this * request. * @param r The current request diff --git a/include/httpd.h b/include/httpd.h index 65392f8..799cf97 100644 --- a/include/httpd.h +++ b/include/httpd.h @@ -47,6 +47,7 @@ #include "ap_release.h" #include "apr.h" +#include "apr_version.h" #include "apr_general.h" #include "apr_tables.h" #include "apr_pools.h" @@ -308,7 +309,7 @@ extern "C" { #define AP_MAX_REG_MATCH 10 /** - * APR_HAS_LARGE_FILES introduces the problem of spliting sendfile into + * APR_HAS_LARGE_FILES introduces the problem of splitting sendfile into * multiple buckets, no greater than MAX(apr_size_t), and more granular * than that in case the brigade code/filters attempt to read it directly. * ### 16mb is an invention, no idea if it is reasonable. @@ -595,7 +596,7 @@ AP_DECLARE(const char *) ap_get_server_built(void); #define M_CONNECT 4 #define M_OPTIONS 5 #define M_TRACE 6 /** RFC 2616: HTTP */ -#define M_PATCH 7 /** no rfc(!) ### remove this one? */ +#define M_PATCH 7 /** RFC 5789: PATCH Method for HTTP */ #define M_PROPFIND 8 /** RFC 2518: WebDAV */ #define M_PROPPATCH 9 /* : */ #define M_MKCOL 10 @@ -645,6 +646,49 @@ struct ap_method_list_t { /** the array used for extension methods */ apr_array_header_t *method_list; }; +/** @} */ + +/** + * @defgroup bnotes Binary notes recognized by the server + * @ingroup APACHE_CORE_DAEMON + * @{ + * + * @brief Binary notes recognized by the server. + */ + +/** + * The type used for request binary notes. + */ +typedef apr_uint64_t ap_request_bnotes_t; + +/** + * These constants represent bitmasks for notes associated with this + * request. There are space for 64 bits in the apr_uint64_t. + * + */ +#define AP_REQUEST_STRONG_ETAG 1 >> 0 + +/** + * This is a convenience macro to ease with getting specific request + * binary notes. + */ +#define AP_REQUEST_GET_BNOTE(r, mask) \ + ((mask) & ((r)->bnotes)) + +/** + * This is a convenience macro to ease with setting specific request + * binary notes. + */ +#define AP_REQUEST_SET_BNOTE(r, mask, val) \ + (r)->bnotes = (((r)->bnotes & ~(mask)) | (val)) + +/** + * Returns true if the strong etag flag is set for this request. + */ +#define AP_REQUEST_IS_STRONG_ETAG(r) \ + AP_REQUEST_GET_BNOTE((r), AP_REQUEST_STRONG_ETAG) +/** @} */ + /** * @defgroup module_magic Module Magic mime types @@ -667,9 +711,9 @@ struct ap_method_list_t { #if !APR_CHARSET_EBCDIC /** linefeed */ #define LF 10 -/** carrige return */ +/** carriage return */ #define CR 13 -/** carrige return /Line Feed Combo */ +/** carriage return /Line Feed Combo */ #define CRLF "\015\012" #else /* APR_CHARSET_EBCDIC */ /* For platforms using the EBCDIC charset, the transition ASCII->EBCDIC is done @@ -719,7 +763,7 @@ struct ap_method_list_t { /* * Things which may vary per file-lookup WITHIN a request --- * e.g., state of MIME config. Basically, the name of an object, info - * about the object, and any other info we may ahve which may need to + * about the object, and any other info we may have which may need to * change as we go poking around looking for it (e.g., overridden by * .htaccess files). * @@ -826,7 +870,9 @@ struct request_rec { int proto_num; /** Protocol string, as given to us, or HTTP/0.9 */ char *protocol; - /** Host, as set by full URI or Host: */ + /** Host, as set by full URI or Host: header. + * For literal IPv6 addresses, this does NOT include the surrounding [ ] + */ const char *hostname; /** Time when the request started */ @@ -1060,6 +1106,11 @@ struct request_rec { * 1 yes/success */ int double_reverse; + /** Request flags associated with this request. Use + * AP_REQUEST_GET_FLAGS() and AP_REQUEST_SET_FLAGS() to access + * the elements of this field. + */ + ap_request_bnotes_t bnotes; }; /** @@ -1188,6 +1239,8 @@ struct conn_rec { /** The "real" master connection. NULL if I am the master. */ conn_rec *master; + + int outgoing; }; /** @@ -1282,7 +1335,7 @@ struct server_rec { /** MIME type info, etc., before we start checking per-directory info */ struct ap_conf_vector_t *lookup_defaults; - /** The name of the server */ + /** The path to the config file that the server was defined in */ const char *defn_name; /** The line of the config file that the server was defined on */ unsigned defn_line_number; @@ -1689,6 +1742,18 @@ AP_DECLARE(int) ap_unescape_url(char *url); */ AP_DECLARE(int) ap_unescape_url_keep2f(char *url, int decode_slashes); +#define AP_UNESCAPE_URL_KEEP_UNRESERVED (1u << 0) +#define AP_UNESCAPE_URL_FORBID_SLASHES (1u << 1) +#define AP_UNESCAPE_URL_KEEP_SLASHES (1u << 2) + +/** + * Unescape a URL, with options + * @param url The url to unescape + * @param flags Bitmask of AP_UNESCAPE_URL_* flags + * @return 0 on success, non-zero otherwise + */ +AP_DECLARE(int) ap_unescape_url_ex(char *url, unsigned int flags); + /** * Unescape an application/x-www-form-urlencoded string * @param query The query to unescape @@ -1697,12 +1762,37 @@ AP_DECLARE(int) ap_unescape_url_keep2f(char *url, int decode_slashes); AP_DECLARE(int) ap_unescape_urlencoded(char *query); /** - * Convert all double slashes to single slashes - * @param name The string to convert + * Convert all double slashes to single slashes, except where significant + * to the filesystem on the current platform. + * @param name The string to convert, assumed to be a filesystem path */ AP_DECLARE(void) ap_no2slash(char *name); /** + * Convert all double slashes to single slashes, except where significant + * to the filesystem on the current platform. + * @param name The string to convert + * @param is_fs_path if set to 0, the significance of any double-slashes is + * ignored. + */ +AP_DECLARE(void) ap_no2slash_ex(char *name, int is_fs_path); + +#define AP_NORMALIZE_ALLOW_RELATIVE (1u << 0) +#define AP_NORMALIZE_NOT_ABOVE_ROOT (1u << 1) +#define AP_NORMALIZE_DECODE_UNRESERVED (1u << 2) +#define AP_NORMALIZE_MERGE_SLASHES (1u << 3) +#define AP_NORMALIZE_DROP_PARAMETERS (0) /* deprecated */ + +/** + * Remove all ////, /./ and /xx/../ substrings from a path, and more + * depending on passed in flags. + * @param path The path to normalize + * @param flags bitmask of AP_NORMALIZE_* flags + * @return non-zero on success + */ +AP_DECLARE(int) ap_normalize_path(char *path, unsigned int flags); + +/** * Remove all ./ and xx/../ substrings from a file name. Also remove * any leading ../ or /../ substrings. * @param name the file name to parse @@ -2041,6 +2131,15 @@ AP_DECLARE(char *) ap_append_pid(apr_pool_t *p, const char *string, const char *delim); /** + * Parse a length string with decimal characters only, no leading sign nor + * trailing character, like Content-Length or (Content-)Range headers. + * @param len The parsed length (apr_off_t) + * @param str The string to parse + * @return 1 (success), 0 (failure) + */ +AP_DECLARE(int) ap_parse_strict_length(apr_off_t *len, const char *str); + +/** * Parse a given timeout parameter string into an apr_interval_time_t value. * The unit of the time interval is given as postfix string to the numeric * string. Currently the following units are understood: @@ -2312,6 +2411,71 @@ AP_DECLARE(void *) ap_realloc(void *ptr, size_t size) AP_FN_ATTR_WARN_UNUSED_RESULT AP_FN_ATTR_ALLOC_SIZE(2); +#if APR_HAS_THREADS + +#if APR_VERSION_AT_LEAST(1,8,0) && !defined(AP_NO_THREAD_LOCAL) + +/** + * APR 1.8+ implement those already. + */ +#if APR_HAS_THREAD_LOCAL +#define AP_HAS_THREAD_LOCAL 1 +#define AP_THREAD_LOCAL APR_THREAD_LOCAL +#else +#define AP_HAS_THREAD_LOCAL 0 +#endif +#define ap_thread_create apr_thread_create +#define ap_thread_current apr_thread_current +#define ap_thread_current_create apr_thread_current_create +#define ap_thread_current_after_fork apr_thread_current_after_fork + +#else /* APR_VERSION_AT_LEAST(1,8,0) && !defined(AP_NO_THREAD_LOCAL) */ + +#ifndef AP_NO_THREAD_LOCAL +/** + * AP_THREAD_LOCAL keyword mapping the compiler's. + */ +#if defined(__cplusplus) && __cplusplus >= 201103L +#define AP_THREAD_LOCAL thread_local +#elif defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112 && \ + (!defined(__GNUC__) || \ + __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 9)) +#define AP_THREAD_LOCAL _Thread_local +#elif defined(__GNUC__) /* works for clang too */ +#define AP_THREAD_LOCAL __thread +#elif defined(WIN32) && defined(_MSC_VER) +#define AP_THREAD_LOCAL __declspec(thread) +#endif +#endif /* ndef AP_NO_THREAD_LOCAL */ + +#ifndef AP_THREAD_LOCAL +#define AP_HAS_THREAD_LOCAL 0 +#define ap_thread_create apr_thread_create +#else /* AP_THREAD_LOCAL */ +#define AP_HAS_THREAD_LOCAL 1 +AP_DECLARE(apr_status_t) ap_thread_create(apr_thread_t **thread, + apr_threadattr_t *attr, + apr_thread_start_t func, + void *data, apr_pool_t *pool); +#endif /* AP_THREAD_LOCAL */ + +AP_DECLARE(apr_status_t) ap_thread_current_create(apr_thread_t **current, + apr_threadattr_t *attr, + apr_pool_t *pool); +AP_DECLARE(void) ap_thread_current_after_fork(void); +AP_DECLARE(apr_thread_t *) ap_thread_current(void); + +#endif /* APR_VERSION_AT_LEAST(1,8,0) && !defined(AP_NO_THREAD_LOCAL) */ + +AP_DECLARE(apr_status_t) ap_thread_main_create(apr_thread_t **thread, + apr_pool_t *pool); + +#else /* APR_HAS_THREADS */ + +#define AP_HAS_THREAD_LOCAL 0 + +#endif /* APR_HAS_THREADS */ + /** * Get server load params * @param ld struct to populate: -1 in fields means error @@ -2335,7 +2499,7 @@ AP_DECLARE(void) ap_bin2hex(const void *src, apr_size_t srclen, char *dest); /** * Short function to execute a command and return the first line of - * output minus \r \n. Useful for "obscuring" passwords via exec calls + * output minus \\r \\n. Useful for "obscuring" passwords via exec calls * @param p the pool to allocate from * @param cmd the command to execute * @param argv the arguments to pass to the cmd @@ -2397,6 +2561,101 @@ AP_DECLARE(int) ap_cstr_casecmp(const char *s1, const char *s2); */ AP_DECLARE(int) ap_cstr_casecmpn(const char *s1, const char *s2, apr_size_t n); +/** + * Default flags for ap_dir_*fnmatch(). + */ +#define AP_DIR_FLAG_NONE 0 + +/** + * If set, wildcards that match no files or directories will be ignored, otherwise + * an error is triggered. + */ +#define AP_DIR_FLAG_OPTIONAL 1 + +/** + * If set, and the wildcard resolves to a directory, recursively find all files + * below that directory, otherwise return the directory. + */ +#define AP_DIR_FLAG_RECURSIVE 2 + +/** + * Structure to provide the state of a directory match. + */ +typedef struct ap_dir_match_t ap_dir_match_t; + +/** + * Concrete structure to provide the state of a directory match. + */ +struct ap_dir_match_t { + /** Pool to use for allocating the result */ + apr_pool_t *p; + /** Temporary pool used for directory traversal */ + apr_pool_t *ptemp; + /** Prefix for log messages */ + const char *prefix; + /** Callback for each file found that matches the wildcard. Return NULL on success, an error string on error. */ + const char *(*cb)(ap_dir_match_t *w, const char *fname); + /** Context for the callback */ + void *ctx; + /** Flags to indicate whether optional or recursive */ + int flags; + /** Recursion depth safety check */ + unsigned int depth; +}; + +/** + * Search for files given a non wildcard filename with non native separators. + * + * If the provided filename points at a file, the callback within ap_dir_match_t is + * triggered for that file, and this function returns the result of the callback. + * + * If the provided filename points at a directory, and recursive within ap_dir_match_t + * is true, the callback will be triggered for every file found recursively beneath + * that directory, otherwise the callback is triggered once for the directory itself. + * This function returns the result of the callback. + * + * If the provided path points to neither a file nor a directory, and optional within + * ap_dir_match_t is true, this function returns NULL. If optional within ap_dir_match_t + * is false, this function will return an error string indicating that the path does not + * exist. + * + * @param w Directory match structure containing callback and context. + * @param fname The name of the file or directory, with non native separators. + * @return NULL on success, or a string describing the error. + */ +AP_DECLARE(const char *)ap_dir_nofnmatch(ap_dir_match_t *w, const char *fname) + __attribute__((nonnull(1,2))); + +/** + * Search for files given a wildcard filename with non native separators. + * + * If the filename contains a wildcard, all files and directories that match the wildcard + * will be returned. + * + * ap_dir_nofnmatch() is called for each directory and file found, and the callback + * within ap_dir_match_t triggered as described above. + * + * Wildcards may appear in both directory and file components in the path, and + * wildcards may appear more than once. + * + * @param w Directory match structure containing callback and context. + * @param path Path prefix for search, with non native separators and no wildcards. + * @param fname The name of the file or directory, with non native separators and + * optional wildcards. + * @return NULL on success, or a string describing the error. + */ +AP_DECLARE(const char *)ap_dir_fnmatch(ap_dir_match_t *w, const char *path, + const char *fname) __attribute__((nonnull(1,3))); + +/** + * Determine if the final Transfer-Encoding is "chunked". + * + * @param p The pool to allocate from + * @param line the header field-value to scan + * @return 1 if the last Transfer-Encoding is "chunked", else 0 + */ +AP_DECLARE(int) ap_is_chunked(apr_pool_t *p, const char *line); + #ifdef __cplusplus } #endif diff --git a/include/mod_auth.h b/include/mod_auth.h index 9b9561e..639b97f 100644 --- a/include/mod_auth.h +++ b/include/mod_auth.h @@ -123,7 +123,7 @@ typedef struct { } authz_provider; /* ap_authn_cache_store: Optional function for authn providers - * to enable cacheing their lookups with mod_authn_cache + * to enable caching their lookups with mod_authn_cache * @param r The request rec * @param module Module identifier * @param user User name to authenticate diff --git a/include/mpm_common.h b/include/mpm_common.h index 1284a7a..539d640 100644 --- a/include/mpm_common.h +++ b/include/mpm_common.h @@ -452,6 +452,15 @@ AP_DECLARE_HOOK(void, suspend_connection, AP_DECLARE_HOOK(void, resume_connection, (conn_rec *c, request_rec *r)) +/** + * Notification that the child is stopping. If graceful, ongoing + * requests will be served. + * @param pchild The child pool + * @param graceful != 0 iff this is a graceful shutdown. + */ +AP_DECLARE_HOOK(void, child_stopping, + (apr_pool_t *pchild, int graceful)) + /* mutex type string for accept mutex, if any; MPMs should use the * same mutex type for ease of configuration */ diff --git a/include/scoreboard.h b/include/scoreboard.h index 9376da2..0142aa9 100644 --- a/include/scoreboard.h +++ b/include/scoreboard.h @@ -66,7 +66,7 @@ extern "C" { #define SERVER_IDLE_KILL 10 /* Server is cleaning up idle children. */ #define SERVER_NUM_STATUS 11 /* number of status settings */ -/* Type used for generation indicies. Startup and every restart cause a +/* Type used for generation indices. Startup and every restart cause a * new generation of children to be spawned. Children within the same * generation share the same configuration information -- pointers to stuff * created at config time in the parent are valid across children. However, @@ -148,12 +148,14 @@ struct process_score { apr_uint32_t lingering_close; /* async connections in lingering close */ apr_uint32_t keep_alive; /* async connections in keep alive */ apr_uint32_t suspended; /* connections suspended by some module */ - int bucket; /* Listener bucket used by this child */ + int bucket; /* Listener bucket used by this child; this field is DEPRECATED + * and no longer updated by the MPMs (i.e. always zero). + */ }; /* Scoreboard is now in 'local' memory, since it isn't updated once created, * even in forked architectures. Child created-processes (non-fork) will - * set up these indicies into the (possibly relocated) shmem records. + * set up these indices into the (possibly relocated) shmem records. */ typedef struct { global_score *global; @@ -174,6 +176,7 @@ apr_status_t ap_cleanup_scoreboard(void *d); */ AP_DECLARE(int) ap_exists_scoreboard_image(void); AP_DECLARE(void) ap_increment_counts(ap_sb_handle_t *sbh, request_rec *r); +AP_DECLARE(void) ap_set_conn_count(ap_sb_handle_t *sb, request_rec *r, unsigned short conn_count); AP_DECLARE(apr_status_t) ap_reopen_scoreboard(apr_pool_t *p, apr_shm_t **shm, int detached); AP_DECLARE(void) ap_init_scoreboard(void *shared_score); diff --git a/include/util_fcgi.h b/include/util_fcgi.h index 849fdee..66af75a 100644 --- a/include/util_fcgi.h +++ b/include/util_fcgi.h @@ -16,7 +16,7 @@ /** * @file util_fcgi.h - * @brief FastCGI protocol defitions and support routines + * @brief FastCGI protocol definitions and support routines * * @defgroup APACHE_CORE_FASTCGI FastCGI Tools * @ingroup APACHE_CORE diff --git a/include/util_ldap.h b/include/util_ldap.h index f7cd736..edb8a81 100644 --- a/include/util_ldap.h +++ b/include/util_ldap.h @@ -32,7 +32,6 @@ #if APR_MAJOR_VERSION < 2 /* The LDAP API is currently only present in APR 1.x */ #include "apr_ldap.h" -#include "apr_ldap_rebind.h" #else #define APR_HAS_LDAP 0 #endif @@ -135,7 +134,7 @@ typedef struct util_ldap_connection_t { apr_pool_t *rebind_pool; /* frequently cleared pool for rebind data */ int must_rebind; /* The connection was last bound with other then binddn/bindpw */ request_rec *r; /* request_rec used to find this util_ldap_connection_t */ - apr_time_t last_backend_conn; /* the approximate time of the last backend LDAP requst */ + apr_time_t last_backend_conn; /* the approximate time of the last backend LDAP request */ } util_ldap_connection_t; typedef struct util_ldap_config_t { diff --git a/include/util_script.h b/include/util_script.h index 3566bd3..0557c7f 100644 --- a/include/util_script.h +++ b/include/util_script.h @@ -225,6 +225,8 @@ AP_DECLARE(int) ap_scan_script_header_err_core_ex(request_rec *r, char *buffer, */ AP_DECLARE(void) ap_args_to_table(request_rec *r, apr_table_t **table); +#define AP_TRUST_CGILIKE_CL_ENVVAR "ap_trust_cgilike_cl" + #ifdef __cplusplus } #endif diff --git a/include/util_time.h b/include/util_time.h index 2cd2833..9208218 100644 --- a/include/util_time.h +++ b/include/util_time.h @@ -47,6 +47,8 @@ extern "C" { #define AP_CTIME_OPTION_USEC 0x1 /* Use more compact ISO 8601 format */ #define AP_CTIME_OPTION_COMPACT 0x2 +/* Add timezone offset from GMT ([+-]hhmm) */ +#define AP_CTIME_OPTION_GMTOFF 0x4 /** @@ -95,7 +97,7 @@ AP_DECLARE(apr_status_t) ap_recent_ctime(char *date_str, apr_time_t t); * @param option Additional formatting options (AP_CTIME_OPTION_*). * @param len Pointer to an int containing the length of the provided buffer. * On successful return it contains the number of bytes written to the - * buffer. + * buffer (including trailing NUL byte). * @return APR_SUCCESS iff successful, APR_ENOMEM if buffer was to short. */ AP_DECLARE(apr_status_t) ap_recent_ctime_ex(char *date_str, apr_time_t t, |