summaryrefslogtreecommitdiffstats
path: root/support
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--support/SHA1/htpasswd-sha1.pl2
-rw-r--r--support/ab.c159
-rw-r--r--support/apxs.in22
-rw-r--r--support/dbmmanage.in88
-rw-r--r--support/htcacheclean.c75
-rw-r--r--support/htdbm.c10
-rw-r--r--support/htpasswd.c30
-rw-r--r--support/passwd_common.c57
-rw-r--r--support/passwd_common.h8
-rw-r--r--support/rotatelogs.c43
-rw-r--r--support/suexec.c16
11 files changed, 336 insertions, 174 deletions
diff --git a/support/SHA1/htpasswd-sha1.pl b/support/SHA1/htpasswd-sha1.pl
index ad624d1..a9dad11 100644
--- a/support/SHA1/htpasswd-sha1.pl
+++ b/support/SHA1/htpasswd-sha1.pl
@@ -5,7 +5,7 @@ use strict;
# on the command line and generates a username
# sha1-encrytped password on the stdout.
#
-# Typical useage:
+# Typical usage:
# ./htpasswd-sha1.pl dirkx MySecret >> sha1-passwd
#
# This is public domain code. Do whatever you want with it.
diff --git a/support/ab.c b/support/ab.c
index 779ef4c..1e9dc71 100644
--- a/support/ab.c
+++ b/support/ab.c
@@ -18,7 +18,7 @@
** This program is based on ZeusBench V1.0 written by Adam Twiss
** which is Copyright (c) 1996 by Zeus Technology Ltd. http://www.zeustech.net/
**
- ** This software is provided "as is" and any express or implied waranties,
+ ** This software is provided "as is" and any express or implied warranties,
** including but not limited to, the implied warranties of merchantability and
** fitness for a particular purpose are disclaimed. In no event shall
** Zeus Technology Ltd. be liable for any direct, indirect, incidental, special,
@@ -55,7 +55,7 @@
** trapping of connection errors which influenced measurements.
** Contributed by Sander Temme, Early 2001
** Version 1.3e
- ** - Changed timeout behavour during write to work whilst the sockets
+ ** - Changed timeout behavior during write to work whilst the sockets
** are filling up and apr_write() does writes a few - but not all.
** This will potentially change results. <dirkx@webweaving.org>, April 2001
** Version 2.0.36-dev
@@ -156,16 +156,30 @@
#include "ap_config_auto.h"
#endif
+#include <math.h>
+#if APR_HAVE_CTYPE_H
+#include <ctype.h>
+#endif
+#if APR_HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
#if defined(HAVE_OPENSSL)
-#include <openssl/rsa.h>
+#include <openssl/evp.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/rand.h>
+#include <openssl/opensslv.h>
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/core_names.h>
+#endif
+
#define USE_SSL
+
#define SK_NUM(x) sk_X509_num(x)
#define SK_VALUE(x,y) sk_X509_value(x,y)
typedef STACK_OF(X509) X509_STACK_TYPE;
@@ -178,9 +192,6 @@ typedef STACK_OF(X509) X509_STACK_TYPE;
#include <openssl/applink.c>
#endif
-#endif
-
-#if defined(USE_SSL)
#if (OPENSSL_VERSION_NUMBER >= 0x00909000)
#define AB_SSL_METHOD_CONST const
#else
@@ -197,6 +208,7 @@ typedef STACK_OF(X509) X509_STACK_TYPE;
#if !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name)
#define HAVE_TLSEXT
#endif
+
#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2060000f
#define SSL_CTRL_SET_MIN_PROTO_VERSION 123
#define SSL_CTRL_SET_MAX_PROTO_VERSION 124
@@ -205,15 +217,21 @@ typedef STACK_OF(X509) X509_STACK_TYPE;
#define SSL_CTX_set_max_proto_version(ctx, version) \
SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
#endif
-#endif
-#include <math.h>
-#if APR_HAVE_CTYPE_H
-#include <ctype.h>
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#ifdef TLS1_3_VERSION
+#define MAX_SSL_PROTO TLS1_3_VERSION
+#else
+#define MAX_SSL_PROTO TLS1_2_VERSION
#endif
-#if APR_HAVE_LIMITS_H
-#include <limits.h>
+#ifndef OPENSSL_NO_SSL3
+#define MIN_SSL_PROTO SSL3_VERSION
+#else
+#define MIN_SSL_PROTO TLS1_VERSION
#endif
+#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
+
+#endif /* HAVE_OPENSSL */
/* ------------------- DEFINITIONS -------------------------- */
@@ -542,22 +560,33 @@ static void set_conn_state(struct connection *c, connect_state_e new_state)
*
*/
#ifdef USE_SSL
-static long ssl_print_cb(BIO *bio,int cmd,const char *argp,int argi,long argl,long ret)
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+static long ssl_print_cb(BIO *bio, int cmd, const char *argp,
+ size_t len, int argi, long argl, int ret,
+ size_t *processed)
+#else
+static long ssl_print_cb(BIO *bio, int cmd, const char *argp,
+ int argi, long argl, long ret)
+#endif
{
BIO *out;
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ (void)len;
+ (void)processed;
+#endif
out=(BIO *)BIO_get_callback_arg(bio);
if (out == NULL) return(ret);
if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) {
BIO_printf(out,"read from %p [%p] (%d bytes => %ld (0x%lX))\n",
- bio, argp, argi, ret, ret);
+ bio, argp, argi, (long)ret, (long)ret);
BIO_dump(out,(char *)argp,(int)ret);
return(ret);
}
else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) {
BIO_printf(out,"write to %p [%p] (%d bytes => %ld (0x%lX))\n",
- bio, argp, argi, ret, ret);
+ bio, argp, argi, (long)ret, (long)ret);
BIO_dump(out,(char *)argp,(int)ret);
}
return ret;
@@ -752,17 +781,29 @@ static void ssl_proceed_handshake(struct connection *c)
break;
#ifndef OPENSSL_NO_EC
case EVP_PKEY_EC: {
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ size_t len;
+ char cname[80];
+ if (!EVP_PKEY_get_utf8_string_param(key, OSSL_PKEY_PARAM_GROUP_NAME,
+ cname, sizeof(cname), &len)) {
+ cname[0] = '?';
+ len = 1;
+ }
+ cname[len] = '\0';
+#else
const char *cname = NULL;
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
EC_KEY_free(ec);
cname = EC_curve_nid2nist(nid);
- if (!cname)
+ if (!cname) {
cname = OBJ_nid2sn(nid);
-
+ if (!cname)
+ cname = "?";
+ }
+#endif
apr_snprintf(ssl_tmp_key, 128, "ECDH %s %d bits",
- cname,
- EVP_PKEY_bits(key));
+ cname, EVP_PKEY_bits(key));
break;
}
#endif
@@ -1316,7 +1357,7 @@ static void output_html_results(void)
total = ap_round_ms(total);
if (done > 0) { /* avoid division by zero (if 0 done) */
- printf("<tr %s><th %s colspan=4>Connnection Times (ms)</th></tr>\n",
+ printf("<tr %s><th %s colspan=4>Connection Times (ms)</th></tr>\n",
trstring, tdstring);
printf("<tr %s><th %s>&nbsp;</th> <th %s>min</th> <th %s>avg</th> <th %s>max</th></tr>\n",
trstring, tdstring, tdstring, tdstring, tdstring);
@@ -1415,7 +1456,11 @@ static void start_connect(struct connection * c)
SSL_set_bio(c->ssl, bio, bio);
SSL_set_connect_state(c->ssl);
if (verbosity >= 4) {
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ BIO_set_callback_ex(bio, ssl_print_cb);
+#else
BIO_set_callback(bio, ssl_print_cb);
+#endif
BIO_set_callback_arg(bio, (void *)bio_err);
}
#ifdef HAVE_TLSEXT
@@ -1812,11 +1857,11 @@ static void test(void)
if (!use_html) {
printf("Benchmarking %s ", hostname);
- if (isproxy)
- printf("[through %s:%d] ", proxyhost, proxyport);
- printf("(be patient)%s",
- (heartbeatres ? "\n" : "..."));
- fflush(stdout);
+ if (isproxy)
+ printf("[through %s:%d] ", proxyhost, proxyport);
+ printf("(be patient)%s",
+ (heartbeatres ? "\n" : "..."));
+ fflush(stdout);
}
con = xcalloc(concurrency, sizeof(struct connection));
@@ -2082,14 +2127,14 @@ static void test(void)
static void copyright(void)
{
if (!use_html) {
- printf("This is ApacheBench, Version %s\n", AP_AB_BASEREVISION " <$Revision: 1843412 $>");
+ printf("This is ApacheBench, Version %s\n", AP_AB_BASEREVISION " <$Revision: 1913912 $>");
printf("Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/\n");
printf("Licensed to The Apache Software Foundation, http://www.apache.org/\n");
printf("\n");
}
else {
printf("<p>\n");
- printf(" This is ApacheBench, Version %s <i>&lt;%s&gt;</i><br>\n", AP_AB_BASEREVISION, "$Revision: 1843412 $");
+ printf(" This is ApacheBench, Version %s <i>&lt;%s&gt;</i><br>\n", AP_AB_BASEREVISION, "$Revision: 1913912 $");
printf(" Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/<br>\n");
printf(" Licensed to The Apache Software Foundation, http://www.apache.org/<br>\n");
printf("</p>\n<p>\n");
@@ -2160,7 +2205,13 @@ static void usage(const char *progname)
#endif
#ifdef HAVE_TLSV1_X
+
+#ifdef TLS1_3_VERSION
+#define TLS1_X_HELP_MSG ", TLS1.1, TLS1.2, TLS1.3"
+#else
#define TLS1_X_HELP_MSG ", TLS1.1, TLS1.2"
+#endif
+
#else
#define TLS1_X_HELP_MSG ""
#endif
@@ -2287,23 +2338,18 @@ static apr_status_t open_postfile(const char *pfile)
/* sort out command-line args and call test */
int main(int argc, const char * const argv[])
{
- int l;
char tmp[1024];
apr_status_t status;
apr_getopt_t *opt;
const char *opt_arg;
char c;
+#ifdef USE_SSL
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
- int max_prot = TLS1_2_VERSION;
-#ifndef OPENSSL_NO_SSL3
- int min_prot = SSL3_VERSION;
-#else
- int min_prot = TLS1_VERSION;
-#endif
+ int max_prot = MAX_SSL_PROTO;
+ int min_prot = MIN_SSL_PROTO;
#endif /* #if OPENSSL_VERSION_NUMBER >= 0x10100000L */
-#ifdef USE_SSL
AB_SSL_METHOD_CONST SSL_METHOD *meth = SSLv23_client_method();
-#endif
+#endif /* USE_SSL */
/* table defaults */
tablestring = "";
@@ -2432,8 +2478,7 @@ int main(int argc, const char * const argv[])
if (apr_base64_encode_len(strlen(opt_arg)) > sizeof(tmp)) {
err("Authentication credentials too long\n");
}
- l = apr_base64_encode(tmp, opt_arg, strlen(opt_arg));
- tmp[l] = '\0';
+ apr_base64_encode(tmp, opt_arg, strlen(opt_arg));
auth = apr_pstrcat(cntxt, auth, "Authorization: Basic ", tmp,
"\r\n", NULL);
@@ -2447,8 +2492,7 @@ int main(int argc, const char * const argv[])
if (apr_base64_encode_len(strlen(opt_arg)) > sizeof(tmp)) {
err("Proxy credentials too long\n");
}
- l = apr_base64_encode(tmp, opt_arg, strlen(opt_arg));
- tmp[l] = '\0';
+ apr_base64_encode(tmp, opt_arg, strlen(opt_arg));
auth = apr_pstrcat(cntxt, auth, "Proxy-Authorization: Basic ",
tmp, "\r\n", NULL);
@@ -2559,12 +2603,8 @@ int main(int argc, const char * const argv[])
#else /* #if OPENSSL_VERSION_NUMBER < 0x10100000L */
meth = TLS_client_method();
if (strncasecmp(opt_arg, "ALL", 3) == 0) {
- max_prot = TLS1_2_VERSION;
-#ifndef OPENSSL_NO_SSL3
- min_prot = SSL3_VERSION;
-#else
- min_prot = TLS1_VERSION;
-#endif
+ max_prot = MAX_SSL_PROTO;
+ min_prot = MIN_SSL_PROTO;
#ifndef OPENSSL_NO_SSL3
} else if (strncasecmp(opt_arg, "SSL3", 4) == 0) {
max_prot = SSL3_VERSION;
@@ -2576,6 +2616,11 @@ int main(int argc, const char * const argv[])
} else if (strncasecmp(opt_arg, "TLS1.2", 6) == 0) {
max_prot = TLS1_2_VERSION;
min_prot = TLS1_2_VERSION;
+#ifdef TLS1_3_VERSION
+ } else if (strncasecmp(opt_arg, "TLS1.3", 6) == 0) {
+ max_prot = TLS1_3_VERSION;
+ min_prot = TLS1_3_VERSION;
+#endif
} else if (strncasecmp(opt_arg, "TLS1", 4) == 0) {
max_prot = TLS1_VERSION;
min_prot = TLS1_VERSION;
@@ -2587,7 +2632,7 @@ int main(int argc, const char * const argv[])
tls_use_sni = 0;
break;
#endif
-#endif
+#endif /* USE_SSL */
}
}
@@ -2653,13 +2698,23 @@ int main(int argc, const char * const argv[])
/* Keep memory usage as low as possible */
SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
#endif
+
if (ssl_cipher != NULL) {
- if (!SSL_CTX_set_cipher_list(ssl_ctx, ssl_cipher)) {
- fprintf(stderr, "error setting cipher list [%s]\n", ssl_cipher);
- ERR_print_errors_fp(stderr);
- exit(1);
- }
+ int ok;
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && defined(TLS1_3_VERSION)
+ if (min_prot >= TLS1_3_VERSION)
+ ok = SSL_CTX_set_ciphersuites(ssl_ctx, ssl_cipher);
+ else
+#endif
+ ok = SSL_CTX_set_cipher_list(ssl_ctx, ssl_cipher);
+ if (!ok) {
+ BIO_printf(bio_err, "error setting ciphersuite list [%s]\n",
+ ssl_cipher);
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
}
+
if (verbosity >= 3) {
SSL_CTX_set_info_callback(ssl_ctx, ssl_state_cb);
}
diff --git a/support/apxs.in b/support/apxs.in
index ad1287f..b2705fa 100644
--- a/support/apxs.in
+++ b/support/apxs.in
@@ -23,10 +23,20 @@ package apxs;
## Configuration
##
+# are we building in a cross compile environment? If so, destdir contains
+# the base directory of the cross compiled environment, otherwise destdir
+# is the empty string.
+
+my $destdir = "";
+my $ddi = rindex($0, "@exp_bindir@");
+if ($ddi >= 0) {
+ $destdir = substr($0, 0, $ddi);
+}
+
my %config_vars = ();
my $installbuilddir = "@exp_installbuilddir@";
-get_config_vars("$installbuilddir/config_vars.mk",\%config_vars);
+get_config_vars($destdir . "$installbuilddir/config_vars.mk",\%config_vars);
# read the configuration variables once
@@ -41,10 +51,10 @@ my $CFG_CFLAGS = join ' ', map { get_vars($_) }
qw(SHLTCFLAGS CFLAGS NOTEST_CPPFLAGS EXTRA_CPPFLAGS EXTRA_CFLAGS);
my $CFG_LDFLAGS = join ' ', map { get_vars($_) }
qw(LDFLAGS NOTEST_LDFLAGS SH_LDFLAGS);
-my $includedir = get_vars("includedir");
+my $includedir = $destdir . get_vars("includedir");
my $CFG_INCLUDEDIR = eval qq("$includedir");
my $CFG_CC = get_vars("CC");
-my $libexecdir = get_vars("libexecdir");
+my $libexecdir = $destdir . get_vars("libexecdir");
my $CFG_LIBEXECDIR = eval qq("$libexecdir");
my $sbindir = get_vars("sbindir");
my $CFG_SBINDIR = eval qq("$sbindir");
@@ -335,7 +345,7 @@ if ($opt_q) {
}
}
-my $apr_config = get_vars("APR_CONFIG");
+my $apr_config = $destdir . get_vars("APR_CONFIG");
if (! -x "$apr_config") {
error("$apr_config not found!");
@@ -346,7 +356,7 @@ my $apr_major_version = (split /\./, `$apr_config --version`)[0];
my $apu_config = "";
if ($apr_major_version < 2) {
- $apu_config = get_vars("APU_CONFIG");
+ $apu_config = $destdir . get_vars("APU_CONFIG");
if (! -x "$apu_config") {
error("$apu_config not found!");
@@ -501,7 +511,7 @@ if ($opt_i or $opt_e) {
# use .so unambigiously for installed shared library modules
$t =~ s|\.[^./\\]+$|\.so|;
if ($opt_i) {
- push(@cmds, "$installbuilddir/instdso.sh SH_LIBTOOL='" .
+ push(@cmds, $destdir . "$installbuilddir/instdso.sh SH_LIBTOOL='" .
"$libtool' $f $CFG_LIBEXECDIR");
push(@cmds, "chmod 755 $CFG_LIBEXECDIR/$t");
}
diff --git a/support/dbmmanage.in b/support/dbmmanage.in
index 2dd8c86..881d230 100644
--- a/support/dbmmanage.in
+++ b/support/dbmmanage.in
@@ -32,9 +32,9 @@ sub usage {
die <<SYNTAX;
Usage: dbmmanage [enc] dbname command [username [pw [group[,group] [comment]]]]
- where enc is -d for crypt encryption (default except on Win32, Netware)
- -m for MD5 encryption (default on Win32, Netware)
- -s for SHA1 encryption
+ where enc is -d for crypt hashing (default except on Win32, Netware)
+ -m for MD5 hashing (default on Win32, Netware)
+ -s for SHA1 hashing
-p for plaintext
command is one of: $cmds
@@ -48,7 +48,7 @@ Usage: dbmmanage [enc] dbname command [username [pw [group[,group] [comment]]]]
SYNTAX
}
-sub need_sha1_crypt {
+sub need_sha1_hash {
if (!eval ('require "Digest/SHA1.pm";')) {
print STDERR <<SHAERR;
dbmmanage SHA1 passwords require the interface or the module Digest::SHA1
@@ -56,21 +56,21 @@ available from CPAN:
http://www.cpan.org/modules/by-module/Digest/Digest-MD5-2.12.tar.gz
-Please install Digest::SHA1 and try again, or use a different crypt option:
+Please install Digest::SHA1 and try again, or use a different hashing option:
SHAERR
usage();
}
}
-sub need_md5_crypt {
+sub need_md5_hash {
if (!eval ('require "Crypt/PasswdMD5.pm";')) {
print STDERR <<MD5ERR;
dbmmanage MD5 passwords require the module Crypt::PasswdMD5 available from CPAN
http://www.cpan.org/modules/by-module/Crypt/Crypt-PasswdMD5-1.1.tar.gz
-Please install Crypt::PasswdMD5 and try again, or use a different crypt option:
+Please install Crypt::PasswdMD5 and try again, or use a different hashing option:
MD5ERR
usage();
@@ -93,10 +93,10 @@ my $newstyle_salt = $^O =~ /(?:$newstyle_salt_platforms)/;
my $crypt_not_supported_platforms = join '|', qw{MSWin32 NetWare}; #others?
my $crypt_not_supported = $^O =~ /(?:$crypt_not_supported_platforms)/;
-my $crypt_method = "crypt";
+my $hash_method = "crypt";
if ($crypt_not_supported) {
- $crypt_method = "md5";
+ $hash_method = "md5";
}
# Some platforms won't jump through our favorite hoops
@@ -105,7 +105,7 @@ my $not_unix_platforms = join '|', qw{MSWin32 NetWare}; #others?
my $not_unix = $^O =~ /(?:$not_unix_platforms)/;
if ($crypt_not_supported) {
- $crypt_method = "md5";
+ $hash_method = "md5";
}
if (@ARGV[0] eq "-d") {
@@ -114,12 +114,12 @@ if (@ARGV[0] eq "-d") {
print STDERR
"Warning: Apache/$^O does not support crypt()ed passwords!\n\n";
}
- $crypt_method = "crypt";
+ $hash_method = "crypt";
}
if (@ARGV[0] eq "-m") {
shift @ARGV;
- $crypt_method = "md5";
+ $hash_method = "md5";
}
if (@ARGV[0] eq "-p") {
@@ -128,20 +128,20 @@ if (@ARGV[0] eq "-p") {
print STDERR
"Warning: Apache/$^O does not support plaintext passwords!\n\n";
}
- $crypt_method = "plain";
+ $hash_method = "plain";
}
if (@ARGV[0] eq "-s") {
shift @ARGV;
- need_sha1_crypt();
- $crypt_method = "sha1";
+ need_sha1_hash();
+ $hash_method = "sha1";
}
-if ($crypt_method eq "md5") {
- need_md5_crypt();
+if ($hash_method eq "md5") {
+ need_md5_hash();
}
-my($file,$command,$key,$crypted_pwd,$groups,$comment) = @ARGV;
+my($file,$command,$key,$hashed_pwd,$groups,$comment) = @ARGV;
usage() unless $file and $command and defined &{$dbmc::{$command}};
@@ -188,7 +188,7 @@ sub saltpw_crypt {
randchar(2);
}
-sub cryptpw_crypt {
+sub hashpw_crypt {
my ($pw, $salt) = @_;
$salt = saltpw_crypt unless $salt;
crypt $pw, $salt;
@@ -199,24 +199,24 @@ sub saltpw_md5 {
randchar(8);
}
-sub cryptpw_md5 {
+sub hashpw_md5 {
my($pw, $salt) = @_;
$salt = saltpw_md5 unless $salt;
Crypt::PasswdMD5::apache_md5_crypt($pw, $salt);
}
-sub cryptpw_sha1 {
+sub hashpw_sha1 {
my($pw, $salt) = @_;
'{SHA}' . Digest::SHA1::sha1_base64($pw) . "=";
}
-sub cryptpw {
- if ($crypt_method eq "md5") {
- return cryptpw_md5(@_);
- } elsif ($crypt_method eq "sha1") {
- return cryptpw_sha1(@_);
- } elsif ($crypt_method eq "crypt") {
- return cryptpw_crypt(@_);
+sub hashpw {
+ if ($hash_method eq "md5") {
+ return hashpw_md5(@_);
+ } elsif ($hash_method eq "sha1") {
+ return hashpw_sha1(@_);
+ } elsif ($hash_method eq "crypt") {
+ return hashpw_crypt(@_);
}
@_[0]; # otherwise return plaintext
}
@@ -243,10 +243,10 @@ sub getpass {
sub dbmc::update {
die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
- $crypted_pwd = (split /:/, $DB{$key}, 3)[0] if $crypted_pwd eq '.';
+ $hashed_pwd = (split /:/, $DB{$key}, 3)[0] if $hashed_pwd eq '.';
$groups = (split /:/, $DB{$key}, 3)[1] if !$groups || $groups eq '.';
$comment = (split /:/, $DB{$key}, 3)[2] if !$comment || $comment eq '.';
- if (!$crypted_pwd || $crypted_pwd eq '-') {
+ if (!$hashed_pwd || $hashed_pwd eq '-') {
dbmc->adduser;
}
else {
@@ -255,23 +255,23 @@ sub dbmc::update {
}
sub dbmc::add {
- die "Can't use empty password!\n" unless $crypted_pwd;
+ die "Can't use empty password!\n" unless $hashed_pwd;
unless($is_update) {
die "Sorry, user `$key' already exists!\n" if $DB{$key};
}
$groups = '' if $groups eq '-';
$comment = '' if $comment eq '-';
$groups .= ":" . $comment if $comment;
- $crypted_pwd .= ":" . $groups if $groups;
- $DB{$key} = $crypted_pwd;
+ $hashed_pwd .= ":" . $groups if $groups;
+ $DB{$key} = $hashed_pwd;
my $action = $is_update ? "updated" : "added";
- print "User $key $action with password encrypted to $DB{$key} using $crypt_method\n";
+ print "User $key $action with password hashed to $DB{$key} using $hash_method\n";
}
sub dbmc::adduser {
my $value = getpass "New password:";
die "They don't match, sorry.\n" unless getpass("Re-type new password:") eq $value;
- $crypted_pwd = cryptpw $value;
+ $hashed_pwd = hashpw $value;
dbmc->add;
}
@@ -289,23 +289,23 @@ sub dbmc::check {
my $chkpass = (split /:/, $DB{$key}, 3)[0];
my $testpass = getpass();
if (substr($chkpass, 0, 6) eq '$apr1$') {
- need_md5_crypt;
- $crypt_method = "md5";
+ need_md5_hash;
+ $hash_method = "md5";
} elsif (substr($chkpass, 0, 5) eq '{SHA}') {
- need_sha1_crypt;
- $crypt_method = "sha1";
+ need_sha1_hash;
+ $hash_method = "sha1";
} elsif (length($chkpass) == 13 && $chkpass ne $testpass) {
- $crypt_method = "crypt";
+ $hash_method = "crypt";
} else {
- $crypt_method = "plain";
+ $hash_method = "plain";
}
- print $crypt_method . (cryptpw($testpass, $chkpass) eq $chkpass
- ? " password ok\n" : " password mismatch\n");
+ print $hash_method . (hashpw($testpass, $chkpass) eq $chkpass
+ ? " password ok\n" : " password mismatch\n");
}
sub dbmc::import {
while(defined($_ = <STDIN>) and chomp) {
- ($key,$crypted_pwd,$groups,$comment) = split /:/, $_, 4;
+ ($key,$hashed_pwd,$groups,$comment) = split /:/, $_, 4;
dbmc->add;
}
}
diff --git a/support/htcacheclean.c b/support/htcacheclean.c
index 8692377..57c5c5b 100644
--- a/support/htcacheclean.c
+++ b/support/htcacheclean.c
@@ -110,7 +110,7 @@ static apr_file_t *errfile; /* stderr file handle */
static apr_file_t *outfile; /* stdout file handle */
static apr_off_t unsolicited; /* file size summary for deleted unsolicited
files */
-static APR_RING_ENTRY(_entry) root; /* ENTRY ring anchor */
+static ENTRY root; /* ENTRY ring anchor */
/* short program name as called */
static const char *shortname = "htcacheclean";
@@ -253,7 +253,8 @@ static void printstats(char *path, struct stats *s)
/**
* Round the value up to the given threshold.
*/
-static apr_size_t round_up(apr_size_t val, apr_off_t round) {
+static apr_size_t round_up(apr_size_t val, apr_off_t round)
+{
if (round > 1) {
return (apr_size_t)(((val + round - 1) / round) * round);
}
@@ -557,8 +558,6 @@ static int list_urls(char *path, apr_pool_t *pool, apr_off_t round)
}
}
}
-
- break;
}
}
}
@@ -604,13 +603,12 @@ static int process_dir(char *path, apr_pool_t *pool, apr_off_t *nodes)
apr_size_t len;
apr_time_t current, deviation;
char *nextpath, *base, *ext;
- APR_RING_ENTRY(_direntry) anchor;
- DIRENTRY *d, *t, *n;
+ DIRENTRY *d, *t, *n, anchor;
ENTRY *e;
int skip, retries;
disk_cache_info_t disk_info;
- APR_RING_INIT(&anchor, _direntry, link);
+ APR_RING_INIT(&anchor.link, _direntry, link);
apr_pool_create(&p, pool);
h = apr_hash_make(p);
fd = NULL;
@@ -626,7 +624,7 @@ static int process_dir(char *path, apr_pool_t *pool, apr_off_t *nodes)
}
d = apr_pcalloc(p, sizeof(DIRENTRY));
d->basename = apr_pstrcat(p, path, "/", info.name, NULL);
- APR_RING_INSERT_TAIL(&anchor, d, _direntry, link);
+ APR_RING_INSERT_TAIL(&anchor.link, d, _direntry, link);
(*nodes)++;
}
@@ -638,8 +636,8 @@ static int process_dir(char *path, apr_pool_t *pool, apr_off_t *nodes)
skip = baselen + 1;
- for (d = APR_RING_FIRST(&anchor);
- !interrupted && d != APR_RING_SENTINEL(&anchor, _direntry, link);
+ for (d = APR_RING_FIRST(&anchor.link);
+ !interrupted && d != APR_RING_SENTINEL(&anchor.link, _direntry, link);
d=n) {
n = APR_RING_NEXT(d, link);
base = strrchr(d->basename, '/');
@@ -684,9 +682,19 @@ static int process_dir(char *path, apr_pool_t *pool, apr_off_t *nodes)
}
if (info.filetype == APR_DIR) {
+ char *dirpath = apr_pstrdup(p, d->basename);
+
if (process_dir(d->basename, pool, nodes)) {
return 1;
}
+ /* When given the -t option htcacheclean does not
+ * delete directories that are already empty, so we'll do that here
+ * since process_dir checks all the directories.
+ * If it fails, it likely means there was something else there.
+ */
+ if (deldirs && !dryrun) {
+ apr_dir_remove(dirpath, p);
+ }
continue;
}
@@ -774,7 +782,7 @@ static int process_dir(char *path, apr_pool_t *pool, apr_off_t *nodes)
&len) == APR_SUCCESS) {
apr_file_close(fd);
e = apr_palloc(pool, sizeof(ENTRY));
- APR_RING_INSERT_TAIL(&root, e, _entry, link);
+ APR_RING_INSERT_TAIL(&root.link, e, _entry, link);
e->expire = disk_info.expire;
e->response_time = disk_info.response_time;
e->htime = d->htime;
@@ -890,7 +898,7 @@ static int process_dir(char *path, apr_pool_t *pool, apr_off_t *nodes)
&len) == APR_SUCCESS) {
apr_file_close(fd);
e = apr_palloc(pool, sizeof(ENTRY));
- APR_RING_INSERT_TAIL(&root, e, _entry, link);
+ APR_RING_INSERT_TAIL(&root.link, e, _entry, link);
e->expire = disk_info.expire;
e->response_time = disk_info.response_time;
e->htime = d->htime;
@@ -977,8 +985,8 @@ static void purge(char *path, apr_pool_t *pool, apr_off_t max,
s.inodes = inodes;
s.ntotal = nodes;
- for (e = APR_RING_FIRST(&root);
- e != APR_RING_SENTINEL(&root, _entry, link);
+ for (e = APR_RING_FIRST(&root.link);
+ e != APR_RING_SENTINEL(&root.link, _entry, link);
e = APR_RING_NEXT(e, link)) {
s.sum += round_up((apr_size_t)e->hsize, round);
s.sum += round_up((apr_size_t)e->dsize, round);
@@ -997,8 +1005,8 @@ static void purge(char *path, apr_pool_t *pool, apr_off_t max,
* happen if a wrong system time is corrected
*/
- for (e = APR_RING_FIRST(&root);
- e != APR_RING_SENTINEL(&root, _entry, link) && !interrupted;) {
+ for (e = APR_RING_FIRST(&root.link);
+ e != APR_RING_SENTINEL(&root.link, _entry, link) && !interrupted;) {
n = APR_RING_NEXT(e, link);
if (e->response_time > now || e->htime > now || e->dtime > now) {
delete_entry(path, e->basename, &s.nodes, pool);
@@ -1021,9 +1029,9 @@ static void purge(char *path, apr_pool_t *pool, apr_off_t max,
return;
}
- /* process all entries with are expired */
- for (e = APR_RING_FIRST(&root);
- e != APR_RING_SENTINEL(&root, _entry, link) && !interrupted;) {
+ /* process all entries which are expired */
+ for (e = APR_RING_FIRST(&root.link);
+ e != APR_RING_SENTINEL(&root.link, _entry, link) && !interrupted;) {
n = APR_RING_NEXT(e, link);
if (e->expire != APR_DATE_BAD && e->expire < now) {
delete_entry(path, e->basename, &s.nodes, pool);
@@ -1052,11 +1060,11 @@ static void purge(char *path, apr_pool_t *pool, apr_off_t max,
* than sorry
*/
while (!((!s.max || s.sum <= s.max) && (!s.inodes || s.nodes <= s.inodes))
- && !interrupted && !APR_RING_EMPTY(&root, _entry, link)) {
- oldest = APR_RING_FIRST(&root);
+ && !interrupted && !APR_RING_EMPTY(&root.link, _entry, link)) {
+ oldest = APR_RING_FIRST(&root.link);
for (e = APR_RING_NEXT(oldest, link);
- e != APR_RING_SENTINEL(&root, _entry, link);
+ e != APR_RING_SENTINEL(&root.link, _entry, link);
e = APR_RING_NEXT(e, link)) {
if (e->dtime < oldest->dtime) {
oldest = e;
@@ -1274,8 +1282,8 @@ static void usage(const char *error)
}
apr_file_printf(errfile,
"%s -- program for cleaning the disk cache." NL
- "Usage: %s [-Dvtrn] -pPATH [-lLIMIT|-LLIMIT] [-PPIDFILE]" NL
- " %s [-nti] -dINTERVAL -pPATH [-lLIMIT|-LLIMIT] [-PPIDFILE]" NL
+ "Usage: %s [-Dvtrn] -pPATH [-lLIMIT] [-LLIMIT] [-PPIDFILE]" NL
+ " %s [-nti] -dINTERVAL -pPATH [-lLIMIT] [-LLIMIT] [-PPIDFILE]" NL
" %s [-Dvt] -pPATH URL ..." NL
NL
"Options:" NL
@@ -1309,10 +1317,12 @@ static void usage(const char *error)
NL
" -R Specify amount to round sizes up to." NL
NL
- " -l Specify LIMIT as the total disk cache size limit. Attach 'K'" NL
- " or 'M' to the number for specifying KBytes or MBytes." NL
+ " -l Specify LIMIT as the total disk cache size limit. Attach 'K'," NL
+ " 'M' or 'G' to the number for specifying KBytes, MBytes or" NL
+ " GBytes." NL
NL
- " -L Specify LIMIT as the total disk cache inode limit." NL
+ " -L Specify LIMIT as the total disk cache inode limit. 'K', 'M' or" NL
+ " 'G' suffix can also be used." NL
NL
" -i Be intelligent and run only when there was a modification of" NL
" the disk cache. This option is only possible together with the" NL
@@ -1342,7 +1352,8 @@ static void usage(const char *error)
}
#undef NL
-static void usage_repeated_arg(apr_pool_t *pool, char option) {
+static void usage_repeated_arg(apr_pool_t *pool, char option)
+{
usage(apr_psprintf(pool,
"The option '%c' cannot be specified more than once",
option));
@@ -1516,7 +1527,7 @@ int main(int argc, const char * const argv[])
usage(apr_psprintf(pool, "Invalid limit: %s"
APR_EOL_STR APR_EOL_STR, arg));
}
- } while(0);
+ } while (0);
break;
case 'L':
@@ -1546,7 +1557,7 @@ int main(int argc, const char * const argv[])
usage(apr_psprintf(pool, "Invalid limit: %s"
APR_EOL_STR APR_EOL_STR, arg));
}
- } while(0);
+ } while (0);
break;
case 'a':
@@ -1625,7 +1636,7 @@ int main(int argc, const char * const argv[])
usage("Option -i cannot be used with URL arguments, aborting");
}
if (limit_found) {
- usage("Option -l cannot be used with URL arguments, aborting");
+ usage("Option -l and -L cannot be used with URL arguments, aborting");
}
while (o->ind < argc) {
status = delete_url(pool, proxypath, argv[o->ind]);
@@ -1704,7 +1715,7 @@ int main(int argc, const char * const argv[])
apr_pool_create(&instance, pool);
now = apr_time_now();
- APR_RING_INIT(&root, _entry, link);
+ APR_RING_INIT(&root.link, _entry, link);
delcount = 0;
unsolicited = 0;
dowork = 0;
diff --git a/support/htdbm.c b/support/htdbm.c
index 40a3d23..c2f8f3f 100644
--- a/support/htdbm.c
+++ b/support/htdbm.c
@@ -290,13 +290,13 @@ static void htdbm_usage(void)
" -n Don't update database; display results on stdout.\n"
" -b Use the password from the command line rather than prompting for it.\n"
" -i Read password from stdin without verification (for script usage).\n"
- " -m Force MD5 encryption of the password (default).\n"
- " -B Force BCRYPT encryption of the password (very secure).\n"
+ " -m Force MD5 hashing of the password (default).\n"
+ " -B Force BCRYPT hashing of the password (very secure).\n"
" -C Set the computing time used for the bcrypt algorithm\n"
" (higher is more secure but slower, default: %d, valid: 4 to 31).\n"
- " -d Force CRYPT encryption of the password (8 chars max, insecure).\n"
- " -s Force SHA encryption of the password (insecure).\n"
- " -p Do not encrypt the password (plaintext, insecure).\n"
+ " -d Force CRYPT hashing of the password (8 chars max, insecure).\n"
+ " -s Force SHA hashing of the password (insecure).\n"
+ " -p Do not hash the password (plaintext, insecure).\n"
" -T DBM Type (SDBM|GDBM|DB|default).\n"
" -l Display usernames from database on stdout.\n"
" -v Verify the username/password.\n"
diff --git a/support/htpasswd.c b/support/htpasswd.c
index 660a27c..c576532 100644
--- a/support/htpasswd.c
+++ b/support/htpasswd.c
@@ -98,28 +98,32 @@ static int mkrecord(struct passwd_ctx *ctx, char *user)
static void usage(void)
{
apr_file_printf(errfile, "Usage:" NL
- "\thtpasswd [-cimBdpsDv] [-C cost] passwordfile username" NL
- "\thtpasswd -b[cmBdpsDv] [-C cost] passwordfile username password" NL
+ "\thtpasswd [-cimB25dpsDv] [-C cost] [-r rounds] passwordfile username" NL
+ "\thtpasswd -b[cmB25dpsDv] [-C cost] [-r rounds] passwordfile username password" NL
NL
- "\thtpasswd -n[imBdps] [-C cost] username" NL
- "\thtpasswd -nb[mBdps] [-C cost] username password" NL
+ "\thtpasswd -n[imB25dps] [-C cost] [-r rounds] username" NL
+ "\thtpasswd -nb[mB25dps] [-C cost] [-r rounds] username password" NL
" -c Create a new file." NL
" -n Don't update file; display results on stdout." NL
" -b Use the password from the command line rather than prompting "
"for it." NL
" -i Read password from stdin without verification (for script usage)." NL
- " -m Force MD5 encryption of the password (default)." NL
- " -B Force bcrypt encryption of the password (very secure)." NL
+ " -m Force MD5 hashing of the password (default)." NL
+ " -2 Force SHA-256 hashing of the password (secure)." NL
+ " -5 Force SHA-512 hashing of the password (secure)." NL
+ " -B Force bcrypt hashing of the password (very secure)." NL
" -C Set the computing time used for the bcrypt algorithm" NL
- " (higher is more secure but slower, default: %d, valid: 4 to 31)." NL
- " -d Force CRYPT encryption of the password (8 chars max, insecure)." NL
- " -s Force SHA encryption of the password (insecure)." NL
- " -p Do not encrypt the password (plaintext, insecure)." NL
+ " (higher is more secure but slower, default: %d, valid: 4 to 17)." NL
+ " -r Set the number of rounds used for the SHA-256, SHA-512 algorithms" NL
+ " (higher is more secure but slower, default: 5000)." NL
+ " -d Force CRYPT hashing of the password (8 chars max, insecure)." NL
+ " -s Force SHA-1 hashing of the password (insecure)." NL
+ " -p Do not hash the password (plaintext, insecure)." NL
" -D Delete the specified user." NL
" -v Verify password for the specified user." NL
"On other systems than Windows and NetWare the '-p' flag will "
"probably not work." NL
- "The SHA algorithm does not use a salt and is less secure than the "
+ "The SHA-1 algorithm does not use a salt and is less secure than the "
"MD5 algorithm." NL,
BCRYPT_DEFAULT_COST
);
@@ -178,7 +182,7 @@ static void check_args(int argc, const char *const argv[],
if (rv != APR_SUCCESS)
exit(ERR_SYNTAX);
- while ((rv = apr_getopt(state, "cnmspdBbDiC:v", &opt, &opt_arg)) == APR_SUCCESS) {
+ while ((rv = apr_getopt(state, "cnmspdBbDi25C:r:v", &opt, &opt_arg)) == APR_SUCCESS) {
switch (opt) {
case 'c':
*mask |= APHTP_NEWFILE;
@@ -351,7 +355,7 @@ int main(int argc, const char * const argv[])
}
else {
/*
- * Error out if -c was omitted for this non-existant file.
+ * Error out if -c was omitted for this non-existent file.
*/
if (!(mask & APHTP_NEWFILE)) {
apr_file_printf(errfile,
diff --git a/support/passwd_common.c b/support/passwd_common.c
index 664e509..62e4843 100644
--- a/support/passwd_common.c
+++ b/support/passwd_common.c
@@ -179,16 +179,21 @@ err_too_long:
int mkhash(struct passwd_ctx *ctx)
{
char *pw;
- char salt[16];
+ char salt[17];
apr_status_t rv;
int ret = 0;
#if CRYPT_ALGO_SUPPORTED
char *cbuf;
#endif
+#ifdef HAVE_CRYPT_SHA2
+ const char *setting;
+ char method;
+#endif
- if (ctx->cost != 0 && ctx->alg != ALG_BCRYPT) {
+ if (ctx->cost != 0 && ctx->alg != ALG_BCRYPT
+ && ctx->alg != ALG_CRYPT_SHA256 && ctx->alg != ALG_CRYPT_SHA512 ) {
apr_file_printf(errfile,
- "Warning: Ignoring -C argument for this algorithm." NL);
+ "Warning: Ignoring -C/-r argument for this algorithm." NL);
}
if (ctx->passwd == NULL) {
@@ -246,6 +251,34 @@ int mkhash(struct passwd_ctx *ctx)
break;
#endif /* CRYPT_ALGO_SUPPORTED */
+#ifdef HAVE_CRYPT_SHA2
+ case ALG_CRYPT_SHA256:
+ case ALG_CRYPT_SHA512:
+ ret = generate_salt(salt, 16, &ctx->errstr, ctx->pool);
+ if (ret != 0)
+ break;
+
+ method = ctx->alg == ALG_CRYPT_SHA256 ? '5': '6';
+
+ if (ctx->cost)
+ setting = apr_psprintf(ctx->pool, "$%c$rounds=%d$%s",
+ method, ctx->cost, salt);
+ else
+ setting = apr_psprintf(ctx->pool, "$%c$%s",
+ method, salt);
+
+ cbuf = crypt(pw, setting);
+ if (cbuf == NULL) {
+ rv = APR_FROM_OS_ERROR(errno);
+ ctx->errstr = apr_psprintf(ctx->pool, "crypt() failed: %pm", &rv);
+ ret = ERR_PWMISMATCH;
+ break;
+ }
+
+ apr_cpystrn(ctx->out, cbuf, ctx->out_len - 1);
+ break;
+#endif /* HAVE_CRYPT_SHA2 */
+
#if BCRYPT_ALGO_SUPPORTED
case ALG_BCRYPT:
rv = apr_generate_random_bytes((unsigned char*)salt, 16);
@@ -294,6 +327,19 @@ int parse_common_options(struct passwd_ctx *ctx, char opt,
case 's':
ctx->alg = ALG_APSHA;
break;
+#ifdef HAVE_CRYPT_SHA2
+ case '2':
+ ctx->alg = ALG_CRYPT_SHA256;
+ break;
+ case '5':
+ ctx->alg = ALG_CRYPT_SHA512;
+ break;
+#else
+ case '2':
+ case '5':
+ ctx->errstr = "SHA-2 crypt() algorithms are not supported on this platform.";
+ return ERR_ALG_NOT_SUPP;
+#endif
case 'p':
ctx->alg = ALG_PLAIN;
#if !PLAIN_ALGO_SUPPORTED
@@ -324,11 +370,12 @@ int parse_common_options(struct passwd_ctx *ctx, char opt,
return ERR_ALG_NOT_SUPP;
#endif
break;
- case 'C': {
+ case 'C':
+ case 'r': {
char *endptr;
long num = strtol(opt_arg, &endptr, 10);
if (*endptr != '\0' || num <= 0) {
- ctx->errstr = "argument to -C must be a positive integer";
+ ctx->errstr = "argument to -C/-r must be a positive integer";
return ERR_SYNTAX;
}
ctx->cost = num;
diff --git a/support/passwd_common.h b/support/passwd_common.h
index 660081e..874c5e7 100644
--- a/support/passwd_common.h
+++ b/support/passwd_common.h
@@ -28,6 +28,10 @@
#include "apu_version.h"
#endif
+#if !defined(WIN32) && !defined(NETWARE)
+#include "ap_config_auto.h"
+#endif
+
#define MAX_STRING_LEN 256
#define ALG_PLAIN 0
@@ -35,6 +39,8 @@
#define ALG_APMD5 2
#define ALG_APSHA 3
#define ALG_BCRYPT 4
+#define ALG_CRYPT_SHA256 5
+#define ALG_CRYPT_SHA512 6
#define BCRYPT_DEFAULT_COST 5
@@ -84,7 +90,7 @@ struct passwd_ctx {
apr_size_t out_len;
char *passwd;
int alg;
- int cost;
+ int cost; /* cost for bcrypt, rounds for SHA-2 */
enum {
PW_PROMPT = 0,
PW_ARG,
diff --git a/support/rotatelogs.c b/support/rotatelogs.c
index 2526f56..e0819da 100644
--- a/support/rotatelogs.c
+++ b/support/rotatelogs.c
@@ -65,6 +65,7 @@ struct rotate_config {
int echo;
char *szLogRoot;
int truncate;
+ int truncate_rotated_only;
const char *linkfile;
const char *postrotate_prog;
#if APR_FILES_AS_SOCKETS
@@ -109,9 +110,9 @@ static void usage(const char *argv0, const char *reason)
}
fprintf(stderr,
#if APR_FILES_AS_SOCKETS
- "Usage: %s [-v] [-l] [-L linkname] [-p prog] [-f] [-D] [-t] [-e] [-c] [-n number] <logfile> "
+ "Usage: %s [-vlfDtTec] [-L linkname] [-p prog] [-n number] <logfile> "
#else
- "Usage: %s [-v] [-l] [-L linkname] [-p prog] [-f] [-D] [-t] [-e] [-n number] <logfile> "
+ "Usage: %s [-vlfDtTe] [-L linkname] [-p prog] [-n number] <logfile> "
#endif
"{<rotation time in seconds>|<rotation size>(B|K|M|G)} "
"[offset minutes from UTC]\n\n",
@@ -145,6 +146,7 @@ static void usage(const char *argv0, const char *reason)
" -f Force opening of log on program start.\n"
" -D Create parent directories of log file.\n"
" -t Truncate logfile instead of rotating, tail friendly.\n"
+ " -T Truncate logfiles opened for rotation, but not the initial logfile.\n"
" -e Echo log to stdout for further processing.\n"
#if APR_FILES_AS_SOCKETS
" -c Create log even if it is empty.\n"
@@ -380,6 +382,8 @@ static void doRotate(rotate_config_t *config, rotate_status_t *status)
apr_status_t rv;
struct logfile newlog;
int thisLogNum = -1;
+ int oldreason = status->rotateReason;
+ int truncate = config->truncate;
/* Retrieve local-time-adjusted-Unix-time. */
now = get_now(config, &offset);
@@ -459,8 +463,17 @@ static void doRotate(rotate_config_t *config, rotate_status_t *status)
if (config->verbose) {
fprintf(stderr, "Opening file %s\n", newlog.name);
}
- rv = apr_file_open(&newlog.fd, newlog.name, APR_WRITE | APR_CREATE | APR_APPEND
- | (config->truncate || (config->num_files > 0 && status->current.fd) ? APR_TRUNCATE : 0),
+
+ if (!truncate) {
+ /* -n and -T truncate subsequent files only. */
+ if (status->current.fd &&
+ (config->num_files > 0 || config->truncate_rotated_only)) {
+ truncate = 1;
+ }
+ }
+ rv = apr_file_open(&newlog.fd, newlog.name,
+ APR_WRITE | APR_CREATE | APR_APPEND
+ | (truncate ? APR_TRUNCATE : 0),
APR_OS_DEFAULT, newlog.pool);
if (rv == APR_SUCCESS) {
/* Handle post-rotate processing. */
@@ -474,6 +487,19 @@ static void doRotate(rotate_config_t *config, rotate_status_t *status)
/* New log file is now 'current'. */
status->current = newlog;
+
+ /* The first write to the initial file hasn't checked for size.
+ * In the normalized timestamp case and the custom strftime case with
+ * any reasonable accuracy, it's futile as the rotation will pick the
+ * same filename again.
+ * For -n, when not truncating, check and rotate.
+ */
+ if (config->num_files > 0 && oldreason == ROTATE_NEW && !config->truncate) {
+ checkRotate(config, status);
+ if (status->rotateReason != ROTATE_NONE) {
+ doRotate(config, status);
+ }
+ }
}
else {
char *error = apr_psprintf(newlog.pool, "%pm", &rv);
@@ -506,7 +532,7 @@ static void doRotate(rotate_config_t *config, rotate_status_t *status)
/*
* Get a size or time param from a string.
* Parameter 'last' indicates, whether the
- * argument is the last commadnline argument.
+ * argument is the last commandline argument.
* UTC offset is only allowed as a last argument
* in order to make is distinguishable from the
* rotation interval time.
@@ -585,9 +611,9 @@ int main (int argc, const char * const argv[])
apr_pool_create(&status.pool, NULL);
apr_getopt_init(&opt, status.pool, argc, argv);
#if APR_FILES_AS_SOCKETS
- while ((rv = apr_getopt(opt, "lL:p:fDtvecn:", &c, &opt_arg)) == APR_SUCCESS) {
+ while ((rv = apr_getopt(opt, "lL:p:fDtTvecn:", &c, &opt_arg)) == APR_SUCCESS) {
#else
- while ((rv = apr_getopt(opt, "lL:p:fDtven:", &c, &opt_arg)) == APR_SUCCESS) {
+ while ((rv = apr_getopt(opt, "lL:p:fDtTven:", &c, &opt_arg)) == APR_SUCCESS) {
#endif
switch (c) {
case 'l':
@@ -612,6 +638,9 @@ int main (int argc, const char * const argv[])
case 't':
config.truncate = 1;
break;
+ case 'T':
+ config.truncate_rotated_only = 1;
+ break;
case 'v':
config.verbose = 1;
break;
diff --git a/support/suexec.c b/support/suexec.c
index 0b52495..c2eb0b6 100644
--- a/support/suexec.c
+++ b/support/suexec.c
@@ -127,15 +127,15 @@ static const char *const safe_env_lst[] =
"REDIRECT_STATUS=",
"REDIRECT_URL=",
"REQUEST_METHOD=",
- "REQUEST_URI=",
"REQUEST_SCHEME=",
+ "REQUEST_URI=",
"SCRIPT_FILENAME=",
"SCRIPT_NAME=",
"SCRIPT_URI=",
"SCRIPT_URL=",
+ "SERVER_ADDR=",
"SERVER_ADMIN=",
"SERVER_NAME=",
- "SERVER_ADDR=",
"SERVER_PORT=",
"SERVER_PROTOCOL=",
"SERVER_SIGNATURE=",
@@ -223,7 +223,6 @@ static void log_no_err(const char *fmt,...)
static void clean_env(void)
{
- char pathbuf[512];
char **cleanenv;
char **ep;
int cidx = 0;
@@ -245,8 +244,7 @@ static void clean_env(void)
exit(123);
}
- sprintf(pathbuf, "PATH=%s", AP_SAFE_PATH);
- cleanenv[cidx] = strdup(pathbuf);
+ cleanenv[cidx] = strdup("PATH=" AP_SAFE_PATH);
if (cleanenv[cidx] == NULL) {
log_err("failed to malloc memory for environment\n");
exit(124);
@@ -504,7 +502,8 @@ int main(int argc, char *argv[])
* and setgid() to the target group. If unsuccessful, error out.
*/
if (((setgid(gid)) != 0) || (initgroups(actual_uname, gid) != 0)) {
- log_err("failed to setgid (%lu: %s)\n", (unsigned long)gid, cmd);
+ log_err("failed to setgid/initgroups (%lu: %s): %s\n",
+ (unsigned long)gid, cmd, strerror(errno));
exit(109);
}
@@ -512,13 +511,14 @@ int main(int argc, char *argv[])
* setuid() to the target user. Error out on fail.
*/
if ((setuid(uid)) != 0) {
- log_err("failed to setuid (%lu: %s)\n", (unsigned long)uid, cmd);
+ log_err("failed to setuid (%lu: %s): %s\n",
+ (unsigned long)uid, cmd, strerror(errno));
exit(110);
}
/*
* Get the current working directory, as well as the proper
- * document root (dependant upon whether or not it is a
+ * document root (dependent upon whether or not it is a
* ~userdir request). Error out if we cannot get either one,
* or if the current working directory is not in the docroot.
* Use chdir()s and getcwd()s to avoid problems with symlinked