Parent Directory
| 
Revision Log
| Links to HEAD: | (view) (annotate) |
| Sticky Revision: |
non-static directive parsers should be AP_DECLARE_NONSTD()
Vhosts: treating a pure-numeric Host header as a port is nonsense. PR 44979
Output -M and -S dumps (modules and vhosts) to stdout instead of stderr.
Remove all references to CORE_PRIVATE.
update license header text
Update the copyright year in all .c, .h and .xml files
No functional Change: Removing trailing whitespace. This also means that "blank" lines consisting of just spaces or tabs are now really blank lines
No functional change: simple detabbing of indented code.
Doxygen fixup / cleanup submited by: Neale Ranns neale ranns.org reviewed by: Ian Holsman
* server/vhost.c (get_addresses): Fix double negative and make errors consistent; thanks Joshua.
* server/vhost.c (get_addresses): Fail with an error message rather than an assert() for errors which plague users on Solaris boxes which don't have a properly configured resolver. PR: 27525
Add ap_vhost_iterate_given_conn() as I had previously mentioned on the mailing list.
Update copyright year to 2005 and standardize on current copyright owner line.
general property cleanup
<VirtualHost myhost> now applies to all IP addresses for myhost instead of just the first one reported by the resolver. This corrects a regression since 1.3.
* server/vhost.c (remove_unused_name_vhosts): Remove redundant check; catch all port-based NameVirtualHosts without defined VirtualHosts, preventing segfaults later in some misconfigurations. PR: 27731
* server/vhost.c: Fix comments which got search'n'replaced.
fix name of The Apache Software Foundation
fix copyright dates according to the first check in
apply Apache License, Version 2.0
update license to 2004.
stop using apr_sockaddr_port_get() accessor function, as it will disappear from APR 1.0 API shortly
finished that boring job: update license to 2003. Happy New Year! ;-))
Rearranged the loop in fix_hostname() to run faster in the common case in which lowercase characters are the most frequent characters in the hostname
Continue the Bill Rowe apr_size_t crusade.
Convert the hostname to all-lowercase in fix_hostname() so that the implementation matches the comments. (Note: The current virtual hosting code does case-insensitive host matching, so this fix is useful mostly to help ensure that custom modules and any future vhosting code don't get tripped up by case-sensitivity issues.) Submitted by: Perry Harrington <pedward@webcom.com> Reviewed by: Brian Pane
stop using APLOG_NOERRNO in calls to ap_log_?error()
Eliminate some sprintf calls
Allow empty Host: header arguments. Previously, request that sent: GET / HTTP/1.1 Host: would get a 400. RFC 2616 specifically allows for a "blank" host field. The read_request code properly handled this, but the fix_hostname in vhost.c would cause the 400. Now, simply return in fix_hostname when we see a blank hostname rather than erroring out. PR: 7441
Fix for vhosts where the hostname is followed by '.' PR: 9187 Submitted by: Ryan Cruse <ryan@estara.com>
clean up the use of apr_sockaddr_t (stay out of family-specific struct sockaddr* as much as possible)
Fix win32 compile breakage.
Update our copyright for this year.
fix a v4-specific INADDR_ANY check that kept name-based virtual hosts from working with IPv6
use a new APR function to perform socket address comparison so that we don't have to handle v4-mapped IPv6 addresses here
Fix matching of vhosts by ip address so we find IPv4 vhost address when target address is v4-mapped form of that address. This problem was reported by Don Hughes.
add a comment about the need to check for a host after returning from apr_parse_addr_port()
Fixed a segfault that occurred during startup if a VirtualHost directive had a port but no address Reported by: Don Hughes <support@sannotes.org>
Get IPv6 vhosts working (again ?). There were a couple of bogus IPv4-specific comparisons which prevented the data structures from being built correctly in ap_fini_vhost_config(). One of these (INADDR_ANY) can be easily rewritten to work with IPv6. The other (DEFAULT_VHOST_ADDR) isn't necessary for IPv6. Note that this is because we don't support the various flavors of _default_ that Apache-1.3+KAME-patch supports. PR: 8118
Begin to abstract out the underlying transport layer. The first step is to remove the socket from the conn_rec, the server now lives in a context that is passed to the core's input and output filters. This forces us to be very careful when adding calls that use the socket directly, because the socket isn't available in most locations.
Fixed previous patch to reflect what Apache-1.3 did regarding self- referential uri's, and updated the manual accordingly. XXX There is a kludge here: XXX the port number from the client's Host: header used to be tossed, and there is no clean mechanism to pass it (in the request_rec) to other consumers. As the unparsed_uri structure (which could avoid repeated parsing of URI, Host, Port etc) seems to be mostly unused currently, I used that to pass the port.
Please do not mix spaces and tabs within the same blocks, and please do not arbitrarily and inconsistently wrap lines. I apologise ahead of time for mucking up the cvslog, but this needed to be done.
insure that a '*' in <VirtualHost *> or NameVirtualHost * matches all ports. The recent change to eliminate the Port directive exposed this problem.
Fix a segfault when a numeric host (e.g., "Host: 123") was specified.
apr_parse_addr_port() assumes that if there is just a number it must
be a port, but here we need to assume that it is a host.
todo: pass a flag into apr_parse_addr_port()? unclear whether or
not that is cleaner overall
*) fix inline handling. we had: apr_inline, APR_INLINE, USE_GNU_INLINE, and INLINE. Now, we just have APR_INLINE and APR_HAS_INLINE. - convert all usage - note that apr_general messed up the defn (compared to apr.h) - simplify the inline decision logic in os/*/os.h - simplify the code in os/*/os-inline.c *) toss ap_checkconv() [no longer used]
Update copyright to 2001
include <arpa/inet.h> for the declarations for htons() et al; OS/390 has macros in arpa/inet.h which turn such "calls" into nothing and does not have functions to link against in libc
Clean up some of the includes: - explicitly include apr_lib.h since ap_config.h doesn't - use apr_want.h where possible - use APR_HAVE_ where possible - remove some unneeded includes
renaming various functions for consistency sake see: http://apr.apache.org/~dougm/apr_rename.pl PR: Obtained from: Submitted by: Reviewed by:
Relax the checking of Host: headers so that only character sequences that are sensitive to the filesystem are rejected, i.e. forward slashes, backward slashes, and sequences of more than one dot. This supports iDNS without compromising the safety of mass vhosting. PR: 6635
Some missing exports
Get "NameVirtualHost *" option working in Apache 2.0
Clean up some formatting. Using a tab of 22 characters makes the output very annoying to read. 8 looks much more reasonable to me. PR: Obtained from: Submitted by: Reviewed by:
Get -t -D DUMP_VHOSTS working and properly documented. This removes the -S option from the docs.
get_addresses() . use apr_parse_addr_port() so we handle IPv6 addresses on NameVirtualHost and <VirtualHost > directives . don't hardcode AF_INET when a hostname or IP address was coded dump_a_vhost() . check the address family before looking for certain IPv4 addresses ap_fini_vhost_config() . pass apr_status_t to ap_log_error() after apr_getnameinfo() fails
Use apr_parse_addr_port() in fix_hostname(). This simplifies the code by a small (okay, tiny) amount and lets IPv6 numeric address strings be passed through. Obtained from: the idea is from the KAME IPv6 patch for Apache 1.3
Fix a problem with the last commit... I missed one of the hashing changes so some of the code had an unnecessary IPv4 assumption.
Get rid of some IPv4 dependencies by passing the hash function the apr_sockaddr_t * instead of the IPv4 address.
Fix the call to apr_snprintf() for formatting the sockaddr in a vhost entry when dumping the vhost config.
move closer to IPv6 support by changing the server_addr_rec representation of the bound address to something which handles IPv6; this also allows us to switch to APR resolver routines in places instead of calling gethostbyname() and gethostbyaddr() directly Issues remaining with this set of changes: 1) apr_snprintf()'s %pA formatting needs to change to take apr_sockaddr_t * instead of sockaddr_in * -OR- just get rid of that type of formatting 2) apr_get_inaddr() is no longer used and should be removed
The local_addr and remote_addr fields in the conn_rec are now apr_sockaddr_t * instead of sockaddr_in. This is a small step towards IPv6 support.
updates to changed interfaces to apr_set_port(), apr_get_port(), apr_set_ipaddr(), and apr_get_ipaddr()
Change references of AF_ to reflect APR_ so they should work on all systems.
More local/remote changes and tidy up http_vhost a bit. Also add a new function to get an ap_ina_addr_t from a socket.
In mass hosting setups (using mod_vhost_alias or mod_rewrite) where the hostname is interpolated into the filename, we need to be sure that the result of interpolation doesn't expose parts of the filesystem that should be private. This was done by checking the syntax of the Host: header according to RFC 1123 and RFC 952. However, many people have broken configurations that violate this syntax (frequently because they use underscores in their names), and it also doesn't accommodate the current effort to internationalize the DNS. I don't think the former is a compelling reason to relax the syntax checking, but the latter does justify this change. The only RFC on internationalized DNS at the moment is RFC 2825 which is an introduction to how difficult the whole thing is; the other official documentation is a pile of Internet Drafts produced by the Internationalized Domain Names Working Group of the IETF (with names starting "draft-ietf-idn-"). However they have very little to say about URIs, and the current Internet draft about internationalized URIs (draft-masinter-url-i18n-05) has very little to say about hostnames :-( On the gripping hand there is some useful information at <http://www.apng.org/idns/> where there is some iDNS testbed work going on. The basic idea is that although the format of the hostnames in the DNS itself remains compatible with RFC 1123, the actual hostname presented to the resolver is in UTF8, and therefore the hostname in the URL and Host: header is also in UTF8. This change relaxes the checking so that only character sequences that are sensitive to the filesystem are rejected, i.e. forward slashes, backward slashes, and sequences of more than one dot. PR: 6635
Bring the apr_in_addr type into line with naming conventions and make changes where appropriate. At least on my system virtual hosts seem to still work :)
Change the code to reflect the recent API changes... Alter http_vhost.c to use the new apr_get_inaddr fucntion. Old code is still there just in case it breaks. can someone check it who knows this stuff?
This adds the APR_LOCAL/APR_REMOTE to APR and changes the apr_get/set_port functions to use it. This is onyl the start and I'll pause a while before I continue in case people really hate this. The patch can be backed out and all evidence will be removed, but I think this makes maintaining/developing the code easier in the long term.
More cleanup of apr_port_t stuff. This file will need a lot of work as it's using a lot of "raw" information from socket structures that won't work with IPv6. Needs to be abstracted out and use APR instead.
Doh! Missed this from the last commit...
Start of moving to apr_port_t in the server code. This will probably the first of a few...
Remove some more references to sockaddr structures... Removing the rest will need someone who knows this code to look through in more detail.
Tighten up the syntax checking of Host: headers to fix a security bug in some mass virtual hosting configurations that can allow a remote attacker to retrieve some files on the system that should be inaccessible. The problem occured with requests including the line "Host: ..." -- the last dot is stripped and the remaining ".." then reveals a parent directory. Reported by: Peter Christoffersen <pch@mindpass.com> Message-ID: <8quts6$2el$1@news.inet.tele.dk> Newsgroups: comp.infosystems.www.servers.unix
Renamed all MODULE_EXPORT symbols to AP_MODULE_DECLARE and all symbols for CORE_EXPORT to AP_CORE_DECLARE (namespace protecting the wrapper) and retitled API_EXPORT as AP_DECLARE and APR_EXPORT as APR_DECLARE. All _VAR_ flavors changes to _DATA to be absolutely clear. Thank you Greg, for the most obvious suggestion.
This commit adds support for purely name-based virtual hosting that
does not require any IP addresses in httpd.conf and which disregards
the local IP address of any connections. This will be particularly
appreciated by people running little servers on machines with
dynamically configured IP addresses, and by people wishing to use
identical httpd.conf files on all the machines in a load-balanced
cluster.
The syntax is:
NameVirtualHost *
<VirtualHost *>
ServerName my.friend.has.a.silly.vanitydomain.org
DocumentRoot /usr/local/apache/docs1
</VirtualHost>
<VirtualHost *>
ServerName but.easier.to.spell.than.my.vanitydomain.org
DocumentRoot /usr/local/apache/docs2
</VirtualHost>
The implementation is a straightforward extension of what is there
already although the patch is made somewhat larger by the need to
avoid duplicate code for normal and wildcarded NameVirtualHosts.
PR: 5595, 4455
[ported from 1.3.13]
Remaining cleanup of ap_ -> apr_ and AP_ -> APR_ transformation... see src/lib/apr/apr_compat.h for most details. Also a few minor nits to get Win32 to build. PR: Obtained from: Submitted by: Reviewed by:
prefix libapr functions and types with apr_
Move all APR functions related to strings to their own directory, and create a new header for those functions. This is the first step to removing the apr/lib directory completely, and moving those files/functions to descriptive directories.
Include strings.h for strcasecmp(), strncasecmp(), and bzero(). Include time.h for time(). This removes a bunch of compiler warnings with gcc -Wall on AIX. Submitted by: Jeff Trawick, Victor Orlikowski
More consification, correct command initialisation.
Command handler revamp. Note that this makes the code produce a LOT of warnings!
Get the ap_config.h cleanup working on FreeBSD by adding includes of additional system headers. A platform check in logresolve.c to determine whether or not we include <arpa/inet.h> was converted to a feature check.
Protect system header files with the appropriate macros.
Clean up a big chunk of ap_config.h. This basically stops ap_config.h from including any files. Because of this change, other files must include their own headers. I also cleaned up a couple of other bugs in some modules because I had to compile them all. I expect this to break multiple platforms, but this will be fixed over time. The massive configure cleanup is almost done. I will go through the files one more time after this commit.
Change ap_context_t to ap_pool_t. This compiles, runs, and serves pages on Linux, but probably breaks somewhere.
Update to Apache Software License version 1.1
Fix all the License issues. Including: s/Apache Group/Apache Software Foundation/ s/1999/2000/ s/Sascha's license/ASF license
Include ap_config.h before httpd.h, this ensures that AP_USE_HSREGEX is defined correctly in all C files.
Quiet some warnings. - 1 'suggest parentheses around assignment used as truth value' - a few "subscript has type `char'"
Finish the commits for the change in the header files. Basically, this hides all of the Apache macros that modules don't need access to. This should have been committed with the modules, but I wasn't paying attention to the directory I was in when I ran the commit. Submitted by: Manoj Kasichainula and Ryan Bloom
Fix compile break introduced to Apache 2.0 by the mass vhosting security fix.
Fix the mass vhosting security problem spotted by Lars, as in 1.3 Submitted by: Ben Hyde Reviewed by: Tony Finch
Cleanup the Windows build a bit by getting rid of more platform dependant code. Still won't compile cleanly, but we are closer. I am hoping for a clean Windows compile by Friday.
Cleaned up the APRFile uses in Apache. Also removed the apr.h header file because it is no longer used. Finally, I updated the dependancies to compile cleanly.
Cleanup the ZZZ comments. Basically these used to mark places where APR is needed. It is much easier to do this conversion by hand than by searching for old comments, so they are going away now.
Add a status value to ap_log_error and ap_log_rerror. This allows us to use apr_status codes in our error logs. The main advantage of this, is portable error codes. Now, Windows will finally be able to use errno!
Changed pools to contexts. Tested with prefork and pthread mpm's. I'll check this out tomorrow and make sure everything was checked in correctly.
Replace file descriptors with APRFile. Submitted by: Bill Stoddard
Odd comments and leftover bits from the pthreads version. The comments really should be deleted, or at least cleaned up. Submitted by: pthreads leftovers
Parts where server was eliminated from connection rec. Submitted by: Dean Gaudet
Apache 1.3.9 baseline for the Apache 2.0 repository. Obtained from: Apache 1.3.9 (minus unused files), tag APACHE_1_3_9 Submitted by: Apache Group
This form allows you to request diffs between any two revisions of this file. For each of the two "sides" of the diff, enter a numeric revision.
| apache@apache.org | ViewVC Help |
| Powered by ViewVC 1.1.2 |