mod_authnz_ldap: Allow using exec: callouts like SSLPassphraseDialog

  *) mod_ssl: Add new directive SSLCompression to disable TLS-level

     compression. PR 53219. [Björn Jacke <bjoern j3e de>, Stefan Fritsch]

  *) mod_authnz_ldap: Allow using exec: calls to obtain LDAP bind

     password.  [Daniel Ruggeri]

Changes with Apache 2.2.23

  *) SECURITY: CVE-2012-0883 (cve.mitre.org)

PATCHES ACCEPTED TO BACKPORT FROM TRUNK:

  [ start all new proposals below, under PATCHES PROPOSED. ]

   * mod_authnz_ldap: Allow using exec: callouts like SSLPassphraseDialog

     for AuthLDAPBindPassword.

     trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1433478

                  http://svn.apache.org/viewvc?view=revision&revision=1467523

                  http://svn.apache.org/viewvc?view=revision&revision=1467792

     2.2.x patch: http://people.apache.org/~druggeri/patches/AuthLDAPBindPasswordExec-2.2.patch

                  (20130119 - updated to include minor mmn bump)

                  (20130412 - updated to not use static var - thx, wrowe)

     +1: druggeri, minfrin. wrowe

  * mod_ssl: Catch missing, mismatched or encrypted client cert/key pairs

    with SSLProxyMachineCertificateFile/Path directives. PR 52212, PR 54698.

    (check at startup, to prevent segfaults at proxy request time)

    2.2.x patch: trunk patch works modulo CHANGES

    +1: trawick, wrowe

   * mod_authnz_ldap: Allow using exec: callouts like SSLPassphraseDialog

     for AuthLDAPBindPassword.

     trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1433478

     2.4.x patch: http://people.apache.org/~druggeri/patches/AuthLDAPBindPasswordExec-2.4.patch

     +1: druggeri

PATCHES/ISSUES THAT ARE STALLED

  * mod_cache: Realign the cache_quick_handler() to behave identically

    module="mod_authnz_ldap">AuthLDAPBindDN</directive> and <directive

    module="mod_authnz_ldap">AuthLDAPBindPassword</directive> if you

    absolutely need them to search the directory.</p> 

    <p>If the value begins with exec: the resulting command will be

    executed and the first line returned to standard output by the

    program will be used as the password.</p>

<example><pre>

#Password used as-is

AuthLDAPBindPassword secret

#Run /path/to/program to get my password

AuthLDAPBindPassword exec:/path/to/program

#Run /path/to/otherProgram and provide arguments

AuthLDAPBindPassword "exec:/path/to/otherProgram argument1"

</pre></example>

</usage>

</directivesynopsis>

 * 20051115.29 (2.2.21) add max_ranges to core_dir_config

 * 20051115.30 (2.2.21) add ap_set_accept_ranges()

 * 20051115.31 (2.2.23) Add forcerecovery to proxy_balancer_shared struct

 # 20051115.32 (2.2.24) Add ap_get_exec_line

 */

#define MODULE_MAGIC_COOKIE 0x41503232UL /* "AP22" */

#ifndef MODULE_MAGIC_NUMBER_MAJOR

#define MODULE_MAGIC_NUMBER_MAJOR 20051115

#endif

#define MODULE_MAGIC_NUMBER_MINOR 31                    /* 0...n */

#define MODULE_MAGIC_NUMBER_MINOR 32                    /* 0...n */

/**

 * Determine if the server's current MODULE_MAGIC_NUMBER is at least a

 */

AP_DECLARE(const char *) ap_psignature(const char *prefix, request_rec *r);

/**

 * Short function to execute a command and return the first line of

 * output minus \r \n. Useful for "obscuring" passwords via exec calls

 * @param p the pool to allocate from

 * @param cmd the command to execute

 * @param argv the arguments to pass to the cmd

 * @return ptr to characters or NULL on any error

 */

AP_DECLARE(char *) ap_get_exec_line(apr_pool_t *p,

                                    const char *cmd,

                                    const char * const *argv);

/** strtoul does not exist on sunos4. */

#ifdef strtoul

#undef strtoul