VladPolskiy/apache-http-server
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-07-25 17:01:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
30,246 Commits 62 Branches 304 Tags
a01e89c88536bc78eb8b5ef183c1767191c6c349
Commit Graph

115 Commits

Author SHA1 Message Date
Yann Ylavic
4c670d1715 Follow up to r1772812: update APLOGNO(). 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1783764 13f79535-47bb-0310-9956-ffa450edef68
 2017-02-20 14:03:28 +00:00
Yann Ylavic
fed21b132d mod_session_crypto: Authenticate the session data/cookie with a MAC (SipHash) 
to prevent deciphering or tampering with a padding oracle attack.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772812 13f79535-47bb-0310-9956-ffa450edef68
 2016-12-05 23:43:05 +00:00
Jacob Champion
091f96ee10 Remove unnecessary apr_table_do() function casts 
Function casts can cause hard-to-debug corruption issues if a
declaration is accidentally changed to be incompatible. Luckily, most of
the function casts for apr_table_do() calls are unnecessary. Remove
them, and adjust the signatures for helpers that weren't taking void* as
the first argument.

The remaining helper that requires a cast is http_filter.c's
form_header_field(), which is probably where many of these casts were
copy-pasted from. I have left it as-is: it has other direct callers
besides apr_table_do(), and it's already documented with warnings not to
change the function signature.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769192 13f79535-47bb-0310-9956-ffa450edef68
 2016-11-10 20:53:21 +00:00
Yann Ylavic
a83e9b4d71 mod_session: Introduce SessionExpiryUpdateInterval which allows to 
configure the session/cookie expiry's update interval. PR 57300.

Submitted by: Paul Spangler <paul.spangler ni.com>
Reviewed/Committed by: ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1709121 13f79535-47bb-0310-9956-ffa450edef68
 2015-10-16 22:36:17 +00:00
Yann Ylavic
cd7fdfee05 mod_session_dbd: follow up to r1687021. 
Move the new pool argument of dbd_load() first as the other functions in the
module (no functional change).
Suggested by: mrumph

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1687087 13f79535-47bb-0310-9956-ffa450edef68
 2015-06-23 15:38:13 +00:00
Yann Ylavic
4aa8d59e98 mod_session_dbd: follow up to r1686122. 
DBD entries should also have request lifetime.
Proposed by: Jacob Champion <jacob.champion ni.com>
Reviewed by: ylavic

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1687021 13f79535-47bb-0310-9956-ffa450edef68
 2015-06-23 10:54:15 +00:00
Nick Kew
ed50579d80 mod_session_dbd: Request Notes should have request lifetime. 
Patch by Jacob Champion at ni.com


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1686122 13f79535-47bb-0310-9956-ffa450edef68
 2015-06-17 23:09:36 +00:00
Yann Ylavic
c1d21475a6 mod_authn_dbd, mod_authz_dbd, mod_session_dbd, mod_rewrite: Fix lifetime 
of DB lookup entries independently of the selected DB engine.  PR 46421.

Suggested by: Michel Stam <michel reverze net>
Proposed by: Steven whitson <steven.whitson gmail com>
Reviewed/Extended/Committed by: ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1679181 13f79535-47bb-0310-9956-ffa450edef68
 2015-05-13 11:34:30 +00:00
Graham Leggett
48ebde687b mod_session: When we have a session we were unable to decode, behave as if there was no session at all. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1560977 13f79535-47bb-0310-9956-ffa450edef68
 2014-01-24 13:02:42 +00:00
Jeff Trawick
2ab66dcfb3 mod_session: Fix problems interpreting the SessionInclude and 
SessionExclude configuration.

PR: 56038
Submitted by: Erik Pearson <erik adaptations.com>
Reviewed by: trawick


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1559828 13f79535-47bb-0310-9956-ffa450edef68
 2014-01-20 21:01:15 +00:00
Christophe Jaillet
6ae5c8f6f3 Remove redundant check (already performed the line before) 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1551012 13f79535-47bb-0310-9956-ffa450edef68
 2013-12-15 10:30:35 +00:00
Graham Leggett
c7ec3ecccd mod_session_crypto: Make sure we try to initialise twice, so we don't 
succeed in configtest but fail on restart.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1550312 13f79535-47bb-0310-9956-ffa450edef68
 2013-12-11 23:14:46 +00:00
Graham Leggett
c8b1ad8f55 mod_session: Reset the max-age on session save. PR 47476. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1531683 13f79535-47bb-0310-9956-ffa450edef68
 2013-10-13 13:07:19 +00:00
Graham Leggett
0d9b5c81a5 mod_session: After parsing the value of the header specified by the 
SessionHeader directive, remove the value from the response. PR 55279.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1531679 13f79535-47bb-0310-9956-ffa450edef68
 2013-10-13 12:27:54 +00:00
Daniel Ruggeri
90f9939cee Add exec: callout support for mod_session_crypto 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1524079 13f79535-47bb-0310-9956-ffa450edef68
 2013-09-17 14:53:21 +00:00
Graham Leggett
3eed634c9c CVE-2013-2249 
mod_session_dbd: Make sure that dirty flag is respected when saving 
sessions, and ensure the session ID is changed each time the session 
changes.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1488158 13f79535-47bb-0310-9956-ffa450edef68
 2013-05-31 11:13:25 +00:00
Guenter Knauf
1ef0978c78 Kill some NetWare build warnings. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1481040 13f79535-47bb-0310-9956-ffa450edef68
 2013-05-10 14:58:20 +00:00
Stefan Fritsch
e00688ffd9 Use %pm available since apr 1.3 instead of an extra call to apr_strerror 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1463056 13f79535-47bb-0310-9956-ffa450edef68
 2013-03-31 21:29:28 +00:00
Graham Leggett
48a3a922e2 mod_session_crypto: Protect ourselves against underlying libraries who 
fail to load without providing an error message of their own.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1418655 13f79535-47bb-0310-9956-ffa450edef68
 2012-12-08 12:12:16 +00:00
Guenter Knauf
5a6d76ec90 Axed C++ comments. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1409170 13f79535-47bb-0310-9956-ffa450edef68
 2012-11-14 11:43:49 +00:00
Christophe Jaillet
1070bb2265 formatting: space vs tab 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1408961 13f79535-47bb-0310-9956-ffa450edef68
 2012-11-13 21:08:33 +00:00
Christophe Jaillet
b40d4dc880 mod_session_dbd: fix a segmentation fault in the function dbd_remove. 
The segmentation fault is caused by an uninitialized function pointer session_dbd_acquire_fn.
PR 53452

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1408958 13f79535-47bb-0310-9956-ffa450edef68
 2012-11-13 21:03:10 +00:00
Christophe Jaillet
2cf5acd15f s/;;/;/ 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1397636 13f79535-47bb-0310-9956-ffa450edef68
 2012-10-12 16:41:34 +00:00
Stefan Fritsch
8c960a8c15 Various code clean up 
Submitted by: Christophe JAILLET <christophe jaillet wanadoo fr>
PR: 52893 


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1361801 13f79535-47bb-0310-9956-ffa450edef68
 2012-07-15 21:14:00 +00:00
Igor Galić
03c9315842 Your APR does not include SSL/EVP support. Yes, but how do I enable it? --with-crypto 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1324760 13f79535-47bb-0310-9956-ffa450edef68
 2012-04-11 13:41:36 +00:00
Graham Leggett
720f5f4e43 mod_session: Sessions are encoded as application/x-www-form-urlencoded strings, however we 
do not handle the encoding of spaces properly. Fixed.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1293658 13f79535-47bb-0310-9956-ffa450edef68
 2012-02-25 18:10:56 +00:00
Stefan Fritsch
21cc07a470 Make APACHE_MODULE() accept an optional prerequisite module for configure. 
Introduce the following configure time dependencies:
  mod_proxy_* (except proxy_html) require mod_proxy
  mod_dav_* require mod_dav
  mod_session_* require mod_session


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1234180 13f79535-47bb-0310-9956-ffa450edef68
 2012-01-20 22:14:31 +00:00
Stefan Fritsch
92e366007c Add lots of unique tags to error log messages 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1209766 13f79535-47bb-0310-9956-ffa450edef68
 2011-12-02 23:02:04 +00:00
Graham Leggett
7d139ae671 mod_session_dbd: Use apr_status_t as a return code across the mod_session API. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1209618 13f79535-47bb-0310-9956-ffa450edef68
 2011-12-02 18:14:52 +00:00
Graham Leggett
45eb1cdd06 mod_session: Use apr_status_t as a return code across the mod_session API, 
clarify where we ignore errors and why.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1209603 13f79535-47bb-0310-9956-ffa450edef68
 2011-12-02 17:47:05 +00:00
Graham Leggett
efcf8a984c mod_session_crypto: Fix a pool lifetime problem when reading from 
SessionCryptoPassphraseFile.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1209461 13f79535-47bb-0310-9956-ffa450edef68
 2011-12-02 13:23:21 +00:00
Stefan Fritsch
7ecccc1570 Remove some more now redundant log prefixes 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1208816 13f79535-47bb-0310-9956-ffa450edef68
 2011-11-30 21:51:51 +00:00
Graham Leggett
8f46969f8e mod_session_crypto: Add a SessionCryptoPassphraseFile directive so that the 
administrator can hide the keys from the configuration.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1208517 13f79535-47bb-0310-9956-ffa450edef68
 2011-11-30 16:56:50 +00:00
Graham Leggett
6e132242c3 Remove unused variables. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1206338 13f79535-47bb-0310-9956-ffa450edef68
 2011-11-25 21:43:08 +00:00
Stefan Fritsch
bd5efb04fa We still have to pass the dependency check to APACHE_MODULE to ensure 
that mod_session_crypto is disabled with --enable-mods-shared=reallyall


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1199046 13f79535-47bb-0310-9956-ffa450edef68
 2011-11-08 01:34:58 +00:00
Jeff Trawick
3097e8585d if mod_session_crypto prereq isn't available, don't bail if 
the module was enabled implicitly


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1198989 13f79535-47bb-0310-9956-ffa450edef68
 2011-11-07 22:59:51 +00:00
Guenter Knauf
aeedd021c7 Fixed NetWare build check for APU_HAVE_CRYPTO. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1194935 13f79535-47bb-0310-9956-ffa450edef68
 2011-10-29 17:12:32 +00:00
Guenter Knauf
aae60cdbd8 Added check for APU_HAVE_CRYPTO to NetWare build. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1194930 13f79535-47bb-0310-9956-ffa450edef68
 2011-10-29 16:42:22 +00:00
Guenter Knauf
2b26aee8d1 Some NetWare build tweaks: removed obsolete include paths. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1194893 13f79535-47bb-0310-9956-ffa450edef68
 2011-10-29 14:27:14 +00:00
Graham Leggett
1211292e7f Remove spurious parsing of the cipher parameter. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1188945 13f79535-47bb-0310-9956-ffa450edef68
 2011-10-25 22:10:04 +00:00
Graham Leggett
848139b502 mod_session_crypto: Refactor to support the new apr_crypto API. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1188900 13f79535-47bb-0310-9956-ffa450edef68
 2011-10-25 20:45:40 +00:00
Jim Jagielski
103f776c25 Cleanup effort in prep for GA push: 
Trim trailing whitespace... no func change



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1174748 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-23 13:38:09 +00:00
Stefan Fritsch
891953516f Enable mod_session_crypt if deps are fulfilled and mod_session is 
enabled


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1150466 13f79535-47bb-0310-9956-ffa450edef68
 2011-07-24 18:57:17 +00:00
Stefan Fritsch
abb02e83c2 Fix build with recent apr_crypto API change 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1138611 13f79535-47bb-0310-9956-ffa450edef68
 2011-06-22 20:16:43 +00:00
Stefan Fritsch
59c52538f3 Code cleanup: replace apr_table_set with non-copying apr_table_setn 
in a few places

Submitted by: Christophe JAILLET <christophe jaillet wanadoo fr>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1137413 13f79535-47bb-0310-9956-ffa450edef68
 2011-06-19 18:50:12 +00:00
Graham Leggett
cc6b937c77 mod_session_crypto: Use the apr v2.0 crypto interface, which has been 
backported to apr-util v1.4.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1126233 13f79535-47bb-0310-9956-ffa450edef68
 2011-05-22 21:37:21 +00:00
Graham Leggett
b9474fdfeb Remove the references to apr_crypto_t where apr_crypto_block_t is already 
present.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1103385 13f79535-47bb-0310-9956-ffa450edef68
 2011-05-15 14:15:22 +00:00
Graham Leggett
e18345a584 Add API protection against the deprecated v1.4 apr_crypto API. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1103351 13f79535-47bb-0310-9956-ffa450edef68
 2011-05-15 12:44:25 +00:00
Graham Leggett
e155f87c68 Reorder the parameters as per the updated apr v2.0 apr_crypto API. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1103337 13f79535-47bb-0310-9956-ffa450edef68
 2011-05-15 12:24:22 +00:00
Graham Leggett
2a1e8f277b Use namespace protection on mode and type constants. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1103331 13f79535-47bb-0310-9956-ffa450edef68
 2011-05-15 11:39:00 +00:00