git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@633620 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@633614 13f79535-47bb-0310-9956-ffa450edef68

ABA problem and avoidance because only caller is single listener thread


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@633612 13f79535-47bb-0310-9956-ffa450edef68

into a copy runas administrator with permissions (closing the original monitor),
in response to any start/stop/restart request who's control permissions failed.
This happens to work on Win2000 and later, although it is actually needed in 
Win2008 or Vista and later, where by default under UAC, the admin user actually 
has no permissions to control services unless the app is run elevated.  

We don't want to do this at start time, and assault the user with auth attempts
at login before they have even asked to use the features of the Monitor.  Once
we've made the transition, we'll leave the new monitor running elevated.  Some
branding with the "security" shield icon is actually recommended by the CUA, but
I'm neglecting this for the moment.

This patch drops the single instance mutex for a search of existing windows of 
our window's class & title, which is localized to the current session and just fine
for the purpose of restricting multiple invocations.




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@633607 13f79535-47bb-0310-9956-ffa450edef68

Clean up provider interface, removing use of mod_ssl-specific types:

* modules/ssl/ssl_private.h (modssl_sesscache_provider): Replace BOOL
  with apr_status_t, UCHAR with unsigned char; use 'unsigned int' for
  idlen; constify id arguments; remove pool argument from ->status.

* modules/ssl/ssl_scache_dc.c, modules/ssl/ssl_scache_memcache,
  modules/ssl/ssl_scache_shmcb.c, modules/ssl_scache_dbm.c: Update
  accordingly.

* modules/ssl/ssl_scache.c (ssl_scache_retrieve, ssl_scache_store):
  Adjust for BOOL->apr_status_t change.
  (ssl_ext_status_hook): Update for dropped pool argument.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@633526 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@633174 13f79535-47bb-0310-9956-ffa450edef68

  (1) Fix Origin checking (PR 36783 - Robert L Mathews)
  (2) Check ownership if both FollowSymlinks and SymlinksIfOwnerMatch are set


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@632947 13f79535-47bb-0310-9956-ffa450edef68

replace all relevant ascii strxxx fn's with _tcsxxx macros and encode relevant text
with the _T() macro wrapper, permitting /D UNICODE builds in place of /D _MCBS
builds in use today.  This allows for internationalized unicode service names and
textual modification.  Since this is win32 only, using APR style utf-8-ization is silly.

Because today this module simply isn't loadable on Win95-ME, nobody has actually
complained, and we really have no desire to support such a dangerous OS in the
wild of the internet, the unicode build should become the default.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@632885 13f79535-47bb-0310-9956-ffa450edef68

  causing revalidation.

PR: 44511


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@632749 13f79535-47bb-0310-9956-ffa450edef68

didn't pick up on updated sdbm maps due to this.
PR41190 [Niklas Edmundsson]

NOTE: Only tested on httpd-2.2.8.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@632730 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@632635 13f79535-47bb-0310-9956-ffa450edef68

Submitted privately by: Markus Weber <Weber.Markus akdb.de>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@632632 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@632566 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@632564 13f79535-47bb-0310-9956-ffa450edef68

This forces rotatelogs to create the logfile as soon
as started not as soon as it sees it's first line
of input.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@632355 13f79535-47bb-0310-9956-ffa450edef68

  GET http://[3ffe:1:1001:3000:230:5ff:fe05:3c3c]/server-status HTTP/1.0
through the httpd-2.x mod_proxy.c code, while a directive
  ProxyDomain .my.dom.ain
is in effect, the request is redirected to
  Location: http://[3ffe:1:1001:3000:230:5ff:fe05:3c3c.my.dom.ain]/server-status

The patch fixes this bug, by testing whether the hostname part of the
unparsed_uri contains colon characters (which is the case only for
IPv6 literals).

This patch is also a candidate for httpd-2.0 and httpd-2.2


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@632304 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@631735 13f79535-47bb-0310-9956-ffa450edef68

  cache is configured or the session is thread safe.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@631693 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@631364 13f79535-47bb-0310-9956-ffa450edef68

AP_INIT_ITERATE parameter


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@631342 13f79535-47bb-0310-9956-ffa450edef68

Move mutex handling up out of the session cache providers:

* modules/ssl/ssl_private.h (modssl_sesscache_provider): Add name and 
  flags fields.  Define MODSSL_SESSCACHE_FLAG_NOTMPSAFE constant.

* modules/ssl/ssl_scache.c (ssl_scache_store, ssl_scache_retrieve,
  ssl_scache_remove, ssl_ext_status_hook): Lock and release the mutex
  around provider calls, if necessary.

* modules/ssl/ssl_engine_mutex.c (ssl_mutex_init): Do nothing if no
  session cache is configured, or the session cache does not require a
  mutex.  Otherwise, fail if no mutex is configured and the session
  cache *does* require a mutex.
  (ssl_mutex_on, ssl_mutex_off): Remove checks for mutex mode;
  functions now invoked only if necessary.

* modules/ssl/ssl_scache_dc.c, modules/ssl/ssl_scache_memcache: Set
  name and flags fields in provider structures.

* modules/ssl/ssl_scache_shmcb.c, modules/ssl_scache_dbm.c: Remove
  mutex handling through; set name and flags fields in provider
  structures; mark both as unsafe for concurrent access in flags.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@631297 13f79535-47bb-0310-9956-ffa450edef68

  key id generation by passing the correct length to snprintf (it
  was NUL terminating at the second byte with len=2);


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@631254 13f79535-47bb-0310-9956-ffa450edef68

  if no provider is configured.

Submitted by: rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@631119 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@631107 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@631054 13f79535-47bb-0310-9956-ffa450edef68

  the temporary pool from the context.  (missed in r630974)

Found by: rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@631006 13f79535-47bb-0310-9956-ffa450edef68

Use the ap_provider interface for session cache storage providers.

* modules/ssl/mod_ssl.c (modssl_register_scache): New function.
  (ssl_register_hooks): Call it.

* modules/ssl/ssl_private.h: Define MODSSL_SESSCACHE_PROVIDER_GROUP
  and MODSSL_SESSCACHE_PROVIDER_VERSION constants.
  Remove ssl_scmode_t type.  Change nSessionCacheMode in
  SSLModConfigRec into a long sesscache_mode, storing the OpenSSL
  SSL_SESS_CACHE_* flags directly.

* modules/ssl/ssl_engine_config.c (ssl_config_global_create): Set
  sesscache_mode to SSL_SESS_CACHE_OFF by default.
  (ssl_cmd_SSLSessionCache): Remove ifdef spaghetti; fetch configured
  session cache by provider name.  Set mc->sesscache_mode for
  configured providers.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_session_cache): Use the
  configured mode flags directly from mc->sesscache_mode.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@631000 13f79535-47bb-0310-9956-ffa450edef68

  r630974; create the subpool.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@630990 13f79535-47bb-0310-9956-ffa450edef68

Move provider-specific configuration handling down into the provider
code.  Eliminate all use of SSLModConfigRec within provider code.

* modules/ssl/ssl_private.h (modssl_sesscache_provider): Add 'create'
  function which creates and configures the cache provider, before
  initialisation.  Change 'init' function to take the context pointer
  as an input parameter, and reorder to be first.

* modules/ssl/ssl_scache.c (ssl_scache_init): Adjust accordingly.

* modules/ssl/ssl_scache_memcache.c (struct context): Add servers
  field.
  (ssl_scache_mc_create): New function.
  (ssl_scache_mc_init): Use servers from context not SSLModConfigRec.

* modules/ssl/ssl_scache_dbm.c (struct context): Define.
  (ssl_scache_dbm_create): New function.
  (ssl_scache_dbm_init, ssl_scache_dbm_kill): Adjust to use filename
  and pool from context.
  (ssl_scache_dbm_store, ssl_scache_dbm_retrieve,
  ssl_scache_dbm_status): Use filename from context.  Use context pool
  for temp storage of the DBM object, and clear before use.
  (ssl_scache_dbm_expire): Remove static tLast; use last_expiry from
  context.  Use context pool for temp storage and clear before use.

* modules/ssl/ssl_scache_dc.c (struct context): Add target field.
  (ssl_scache_dc_init, ssl_scache_dc_status): Use target from context.

* modules/ssl/ssl_scache_shmcb.c (struct context): Add data_file,
  shm_size fields.
  (ssl_scache_shmcb_create): New function; moved argument parsing
  logic from ssl_cmd_SSLSessionCache
  (ssl_scache_shmcb_init, ssl_scache_shmcb_status): Use config from
  context.

* modules/ssl/ssl_engine_config.c (ssl_config_global_create): Remove
  handling of old provider-specific fields.
  (ssl_cmd_SSLSessionCache): Call provider ->create function to parse
  the argument and create provider-specific context structure.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@630974 13f79535-47bb-0310-9956-ffa450edef68

value of sk_X509_NAME_set_cmp_func to void, to avoid warnings with
recent version of OpenSSL.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@630858 13f79535-47bb-0310-9956-ffa450edef68

code and update the comment.   No functional change.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@630805 13f79535-47bb-0310-9956-ffa450edef68

modssl_sesscache_provider objects.

Found by: rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@630795 13f79535-47bb-0310-9956-ffa450edef68

  on success.

* modules/ssl/ssl_scache_dc.c (ssl_scache_dc_retrieve): Likewise.

Found by: rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@630787 13f79535-47bb-0310-9956-ffa450edef68

  shmcbc_subcache_remove): Restore check for idx->removed flag.

Found by: rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@630786 13f79535-47bb-0310-9956-ffa450edef68

Submitted by Kaspar Brand.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@630436 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@630350 13f79535-47bb-0310-9956-ffa450edef68

  - Fix the same race condition in event MPM.
  - Slightly optimize code in worker MPM by removing the need for an additional
    dereference operation.
  - Do some word smithing on the CHANGES entry.

PR: 44402
Submitted by: Basant Kumar Kukreja <basant.kukreja sun.com>
Reviewed by: rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@630348 13f79535-47bb-0310-9956-ffa450edef68

PR44402: reported and fixed by Basant Kumar Kukreja


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@630335 13f79535-47bb-0310-9956-ffa450edef68

Move provider-private context out of SSLModConfigRec and into an
opaque context pointer.  Use real error propagation in the ->init
functions rather than ssl_die().

* modules/ssl/ssl_private.h (modssl_sesscache_provider): Take a
  context out-parameter from ->init, and return an apr_status_t.
  Add context pointer as first arg for the other function types.
  (SSLModConfigRec): Remove tSessionCacheData* fields; add
  sesscache_context field.

* modules/ssl/ssl_scache.c (ssl_scache_init): Move once-per-process
  invocation check back into here.  
  (ssl_scache_*): Adjust to use context pointer.

* modules/ssl/ssl_scache_shmcb.c, modules/ssl/ssl_scache_dc.c,
  modules/ssl/ssl_scache_dbm.c: Adjust all implementations to use
  opaque context pointer.

* modules/ssl/ssl_scache_memcache.c: Move memcache context into the
  context structure rather than using global state.

* modules/ssl/ssl_engine_config.c: Remove handling of
  pSessionCacheData* fields in SSLModConfigRec.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@630323 13f79535-47bb-0310-9956-ffa450edef68

storage providers; includes a significant change to the shmcb storage
structure:

* modules/ssl/ssl_private.h (modssl_sesscache_provider): Change
  retrieve function to take dest/destlen output buffer, to take a
  constant id paramater, and to return a BOOL.

* modules/ssl/ssl_scache.c (ssl_scache_retrieve): Update accordingly,
  perform SSL deserialization here.

* modules/ssl/ssl_scache_dc.c (ssl_scache_dc_retrieve),
  modules/ssl/ssl_scache_dbm.c (ssl_scache_dbm_retrieve),
  modules/ssl/ssl_scache_memcache.c (ssl_scache_mc_retrieve):
  Update accordingly.

* modules/ssl/ssl_scache_shmcb.c: Store the whole ID in the cache
  before the data, so that each index can be compared against the
  requested ID without deserializing the data.  This requires approx
  20% extra storage per session in the common case, though should
  reduce CPU overhead in some retrieval paths.
  (SHMCBIndex): Replace s_id2 field with id_len.
  (shmcb_cyclic_memcmp): New function.
  (ssl_scache_shmcb_init): Change the heuristics to allow for increase
  in per-session storage requirement.
  (ssl_scache_shmcb_retrieve): Drop requirement on ID length.
  (shmcb_subcache_store): Store the ID in the cyclic buffer.
  (shmcb_subcache_retrieve, shmcb_subcache_remove): Compare against
  the stored ID rather than deserializing the data.
  (ssl_scache_shmcb_retrieve, ssl_scache_shmcb_store): Update
  accordingly.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@630307 13f79535-47bb-0310-9956-ffa450edef68