CGIplus-enabled Run-time Environment Example -------------------------------------------- ***** FIRST, EVIDENCE OF PERSISTANCE ***** Usage Count: 1 ***** SECOND, THE CGI ENVIRONMENT AVAILABLE ***** WWW_AUTH_TYPE= WWW_CONTENT_LENGTH=0 WWW_CONTENT_TYPE=text/plain; charset=ISO-8859-1 WWW_CSP_NONCE=2c78238fc9ca59d65ccb88e512fea37 WWW_DOCUMENT_ROOT= WWW_GATEWAY_INTERFACE=CGI/1.1 WWW_GATEWAY_EOF=$Z-26EAB4B5C9D4E5F2551B6CCB- WWW_GATEWAY_EOT=$D-F8476D90DF530C511971F9DE- WWW_GATEWAY_ESC=$E-23D35CC7C8BE665CD206A3AD- WWW_GATEWAY_MRS=16492 WWW_HTTP_ACCEPT=*/* WWW_HTTP_USER_AGENT=Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) WWW_HTTP_ACCEPT_ENCODING=gzip, br, zstd, deflate WWW_HTTP_HOST=wasd.vsm.com.au WWW_PATH_INFO=/just/a/bogus/path.txt WWW_PATH_ODS=5 WWW_PATH_TRANSLATED=WASD_ROOT:[just.a.bogus]path.txt WWW_QUERY_STRING=query=string WWW_REMOTE_ADDR=18.224.58.33 WWW_REMOTE_HOST=ec2-18-224-58-33.us-east-2.compute.amazonaws.com WWW_REMOTE_PORT=44655 WWW_REMOTE_USER= WWW_REQUEST_METHOD=GET WWW_REQUEST_PROTOCOL=HTTP/2 WWW_REQUEST_SCHEME=https: WWW_REQUEST_TIME_GMT=Thu, 31 Oct 2024 23:53:38 GMT WWW_REQUEST_TIME_LOCAL=Fri, 01 Nov 2024 10:23:38 WWW_REQUEST_URI=/rtbin/version.h/just/a/bogus/path.txt?query=string WWW_SCRIPT_FILENAME=WASD_ROOT:[src.httpd]version.h WWW_SCRIPT_NAME=/rtbin/version.h WWW_SCRIPT_RTE=cgi-bin:[000000]rte_example.exe WWW_SERVER_ADDR=119.252.17.13 WWW_SERVER_CHARSET=ISO-8859-1 WWW_SERVER_GMT=+10:30 WWW_SERVER_NAME=wasd.vsm.com.au WWW_SERVER_PROTOCOL=HTTP/1.1 WWW_SERVER_PORT=443 WWW_SERVER_SIGNATURE=
WASD/12.2.5 Server at wasd.vsm.com.au Port 443
WWW_SERVER_SOFTWARE=HTTPd-WASD/12.2.5 OpenVMS/IA64 SSL WWW_UNIQUE_ID=741a24ae183d1a5a65a WWW_FORM_QUERY=string WWW_KEY_COUNT=0 ***** THIRD, AN "INTERPRETED" FILE (WWW_SCRIPT_NAME/WWW_SCRIPT_FILENAME) ***** [0001] /*****************************************************************************/ [0002] /* [0003] version.h [0004] [0005] [0006] VERSION HISTORY [0007] --------------- [0008] 24-OCT-2024 MGD v12.2.5, [0009] /DO=AUTH=SKELKEY= extend skeleton-key functionality [0010] WATCH now can generate standlone report file [0011] WATCH can collect data in a "detached" mode [0012] WATCH can collect data after network "trigger" [0013] WATCH cipher octets only when [x]SSL is checked [0014] WATCH "rabbit hole" restriction removed with revised strategy [0015] /DO=ZERO=HTTP2 [0016] refine HTTP/2 flow control [0017] Http2FlowCheck() and WASD_HTTP2_FLOW_CHECK logical name [0018] [SRC.LIBZ] and WASD_LIBZ_SHR32 [0019] HttpdSystemInfo() SYI$_CPUID to get underlying x86-64 CPU [0020] refine/expand server process log reports [0021] RequestLogNBG() to access log NBG request [0022] TcpIpSocketMaxQio() remove TLS-specific ->TcpMaxQio [0023] SesolaNetIoPerMinute() allows socket read size to be set [0024] SesolaCme.c supports ALPN-TLS-01 (acme-tls/1) [0025] DclMemBuf.C as promised (in 2017)) counters moved to accounting [0026] proxy FTP obsolete [0027] bugfix; FileNextBlocks() StrDscBegin() [0028] bugfix; DclScriptProcessCompletionAST() remove IO$_WRITEOF [0029] bugfix; RequestEnd2() some statistics [0030] bugfix; RequestDiscardBody() regression [0031] bugfix; LoggingDo() abs(rqptr->rqResponse.Duration64) [0032] bugfix; Sesola_netio_read_ex() ->TcpMaxQio to ->TcpMaxSeg [0033] subtly broke (very) large reads, back to v12.0.0 strategy [0034] bugfix; request I/O accounting with HTTP/2 [0035] bugfix; HpackHeadersFrame() >= CookieSize [0036] bugfix; allow service name devoid of alphabetics (e.g. 10-8.) [0037] bugfix; ProxyTunnelLogicalName() SYSNAM for PSL$C_EXEC [0038] bugfix; DECnetSupervisor() remove orphaned tasks [0039] 16-JAN-2024 MGD v12.2.0, [0040] OpenSSL 3.0.n now the baseline supported version [0041] Can still be built and run against OpenSSL 1.1.1 [0042] OpenSSL TLS 1.3 requires SSL_CTX_set_cipher_suites() [0043] OpenSSL v1.1.1 emulate v3.0.n OSSL_default_ciphersuites() [0044] and OSSL_default_cipher_list() [0045] GATEWAY_SYMBOLS standard CGI variable [0046] #WASD_CONFIG_GLOBAL [Accept] and [Reject] now accept file [0047] specifications allowing files of patterns to be loaded [0048] /DO=ACCEPT and /DO=REJECT allow reloading of above [0049] /DO=REJECT=PURGE[=] allows purging of $STATUS IPs [0050] NetReject..() module allows more sophisticated accept/reject [0051] allow CIDR n.n.n.n/n patterns [0052] allow IP range n.n.n.n-n.n.n.n patterns [0053] $DNS, $LOG, $NOTE, $OPCOM, $4/5nn with $400, $403 [0054] $4/5nn maps a specific HTTP status to rejected IPs [0055] [SSLcipherSuites] for TLSv1.3 [0056] [ServiceSSLcipherSuites] for TLSv1.3 [0057] [AuthParam] and AuthConfigParam() provides per-realm params [0058] FaolSAK() 'UQ' and 'XQ' unsigned and hexdeciaml quadwords [0059] SesolaCertVerifyCallback() and SesolaClientCert() use new [0060] algorithm for determining client certificate validity [0061] X509 Authorization parameters can now include [0062] [IG:] will ignore client cert verification [0063] error number returned during the verification process [0064] (see prologue to AuthConfigParam()) [0065] logical name WASD_WATCH_ONE_SHOT defines one-shot items [0066] ensure all WASD_ROOT:[] are WASD_: [0067] HttpdSysOutDaily() per-day progessive snapshot of server log [0068] Http2Supervisor() mitigate Rapid Reset CVE-2023-44487 [0069] DclTaskRecover() periodically recover scripting resources [0070] HTTP/2 refinements using https://github.com/summerwind/h2spec [0071] bugfix; DirFormatAcpInfoAst() 64 bit file size [0072] bugfix; FileAcpInfoAst() 64 bit file size [0073] bugfix; DavPropLive() 64 bit file size [0074] bugfix; SesolaWatchPeek() do NOT SSL_free()! [0075] bugfix; braindead SesolaServiceSameCA() [0076] bugfix; OdsDirect() [again!] [0077] if (odsptr->DirectWildcard[0] && [0078] !odsptr->DirectVersion0) [0079] status = RMS$_NMF; [0080] 08-JAN-2023 MGD v12.1.0, [0081] WASD_CONFIG_INLINE configuration file [0082] SESOLA123 and SESOLA321 to allow OpenSSL-3.0 and [0083] OpenSSL-1.1.1 to be built using the same object code [0084] SesolaServiceSameCA() mitigate OpenSSL-3.0 expense [0085] TcpIpSocketMaxQio() adjust send buffer 2x (unless explicit) [0086] TcpIpSocketSndBuf() and ..RcvBuf() selectively applied [0087] ResponseHeader() default "content-security-policy:" [0088] move onclick=s to addEventListener()s to support [0089] content-security-policy: 'strict-dynamic' [0090] NetListFor() include client IP port, rework truncation [0091] AdminMenu() [Request+] report [0092] NetWrite() drop any and all HTTP status 418 (e.g. DCL script) [0093] Sesola..() remove code support prior to OpenSSL 1.1.0 [0094] SysLogInit() and SysLogOpcom() and WASD_SYSLOG logical name [0095] OdsAccessCheck() and logical name WASD_ODS_ACCESS_CHECK [0096] metacon remote-addr: and remote-name: tests if DNS resolution [0097] succeeded (if equal then name equals address and failed) [0098] RequestDiscardBody() use ->rqBody.ContentCount64 [0099] DECnetEnd() "solution" to obscure corner-case behaviour [0100] [NoticeInvalid] global configuration [0101] /DO=NOTICE=INVALID= [0102] /DO=OPCOM="" [0103] pre-v10.0 file name munging via v10orPrev10() eliminated [0104] while every care has been exercised with null-terminated [0105] string overflow; strzcpy() and strzcat() now ubiquitous [0106] bugfix; PutDelete() missing OdsStructInit(&SearchOds,true); [0107] bugfix; NetAbortSocket() deliver any outstanding read and/or [0108] write ASTs (especially for HTTP/2 streams) [0109] bugfix; ProxyTunnelLogicalName(NULL) from HttpdTick() [0110] bugfix; HttpdSupervisor() HTTP/2 request timeout/no-progress [0111] bugfix; ProxyTunnelBegin() not ProxyTunnelRebuildRequest() [0112] PROXY_TUNNEL_HTTP and PROXY_TUNNEL_HTTPS should NetRead() [0113] bugfix; DECnetWriteRequestBody() tkptr->QueuedDECnetIO++; [0114] 05-OCT-2022 MGD v12.0.1, [0115] strsame() now implemented using str[n]casecmp() [0116] bugfix; OdsDirect() end of records (-1) in end file block [0117] bugfix; when using file cache magic buffers [0118] bugfix; AuthorizeRealm() greater-than not -or-equal-to [0119] ->LastAccessMinutesAgo > ->rqAuth.RevalidateTimeout [0120] 23-OCT-2021 MGD v12.0.0, [0121] So long, farewell, Auf Wiedersehen, goodnight (-VAX) [0122] (comprehensive move to native 64 bit data storage) [0123] continuing port to x86-64 (OpenVMS V9.1-A) [0124] verified builds against and operates with OpenSSL 3.0 [0125] (but not offically supported due to OpenSSL 3.0 issues) [0126] accomodate PIPE from WASD_ROOT:[SRC.UTILS]WASTEE.C [0127] TcpIpAlt..() experimental address/name lookup [0128] BSD 4.4 sockaddr.. IO$M_EXTEND to $QIO (per MB) [0129] proxy caching has been obsoleted [0130] proxy SOCKS5 connect support [0131] scripting process naming revised (perhaps even enhanced) [0132] agent scripting extended and formalised for v12... [0133] AGENT-BEGIN: and AGENT-END: callouts [0134] CGI: and DICT: callouts [0135] /DO=DCL=PROCTOR=APPLY [0136] /DO=DCL=PROCTOR=LOAD [0137] /DO=NET=LIST [0138] /DO=NET=PURGE=HTTP1 [0139] /DO=NET=PURGE=HTTP2 [0140] logging 'XX:blb' visual aid [0141] AdminPing() provides a baseline RTT for request processing [0142] SET proxy=rework= (replacement strings for response) [0143] SET response=var=asis (provide exact image of on-disk file) [0144] SET webdav=all (process all requests via WebDAV code) [0145] SET webdav=auth (authorise access using WebDAV SETings) [0146] metacon webdav:all (SETing of above) [0147] metacon webdav:auth (SETing of above) [0148] pass /whatever "200 $" executes CLI command [0149] !#-- and !#++ selectively disable/(re)enable WATCH reporting [0150] [ServiceConnect] respond to a connection on a port [0151] WATCH: proctored script by checking only [x]Script [0152] OdsFileAcpInfo() ATR$C_MODDATE (date-time *data* modified) [0153] supplements ATR$C_REVDATE (classic revision date-time) [0154] callout HTTP-STATUS: detect if a script has responded yet [0155] DavWebRequest() specifically handle WebDAV GET and HEAD [0156] DavMetaOds() ensure extended syntax only used ODS-5 volumes [0157] AuthAccessEnable() file access use (rqptr->WebDavRequest || [0158] rqptr->WhiffOfWebDav || rqptr->rqPathSet.WebDavAuth) [0159] AuthParseAuthorization() return AUTH_DENIED_BY_LOGIN [0160] if unknown scheme allowing 401 response rather than 403 [0161] FaoBigNumber() '&,' optionally numbers 'P', 'G', 'M', 'k' [0162] SesolaMkCertRetain() stores dynamic cert in process logical [0163] WatchData() and WatchDataDump() constrain length [0164] NetListFor() use of $BRKTHRU requires OPER privilege [0165] bugfix; Http2Supervisor() idle connection [0166] bugfix; SesolaNetIoRead() /bytes = value/ [0167] bugfix; FileBegin() ERROR_REPORTED() free file task [0168] bugfix; CliDemo and instance environment number (per KM) [0169] bugfix; CgiGenerateVariables() "AUTHAGENT hangs when called [0170] for a POST request" (per JPP) [0171] bugfix; DclCalloutDefault() CLIENT-READ: [0172] bugfix; AdminMenu() activity hours 672 [0173] bugfix; MapOdsAdsVmsToUrl() "if (SAME2(cptr,':['))" [0174] bugfix; OdsDirectSearch() appending the resultant file name [0175] to the pre-filled expanded name [0176] bugfix; DavMetaCreateDir() and DavMetaDeleteDir() [0177] allow for non-existant meta data files [0178] bugfix; DavMetaName() no meta directory [0179] bugfix; ErrorReportFooter() use request heap for signature [0180] 17-AUG-2020 MGD v11.5.1, [0181] Http2RequestData() reduce memory consumption [0182] HTTP2_DEFAULT_WINDOW_SIZE from 1048575 to 131070 [0183] if no service configured create http: and https: ex nihilo [0184] VmCheckPgFlLimit() and WASD_VM_PGFL_LIMIT logical name [0185] keep connect cert (->VerifyPeer) distinct from client cert [0186] bugfix; ProxyEnd() fix NetIoEnd() fix [0187] bugfix; OdsDirectSearch() if wildcard specification [0188] return RMS$_NMF, otherwise RMS$_FNF (seems so elementary) [0189] bugfix; Http2RequestCancel() cancel and abort [0190] bugfix; RequestEnd() redirection [0191] bugfix; SesolaALPNCallback() 'h2' global and service enabled [0192] bugfix; ControlDoHelp() remove non-existant DISCONNECT=.. [0193] bugfix; RequestExecutePostAuth1() INTERNAL_PASSWORD_CHANGE [0194] should call HtAdminBegin() not AdminBegin() [0195] bugfix; SesolaSNICallback() needs to propagate newly set [0196] context client verify parameters to SSL-specific [0197] bugfix; SesolaNetFree() ensure (sigh) X509_free() where [0198] ->ClientCertPtr associated with connection (i.e. HTTP/2) [0199] bugfix; RequestParseExecute() ensure PUT and DELETE have [0200] WebDAV header field(s) before considering WebDAV [0201] 22-JUL-2020 MGD v11.5.0, "Stay well..." [0202] static fallback cert replaced by dynamic SesolaMkCert() [0203] protocol "HTTP/2" also reported in standard log formats [0204] DavWebRequest() remove requirement for logical name [0205] WASD_HTTP2_WEBDAV after WebDAV over HTTP/2 tested [0206] NetIoQioMaxSeg() tune QIO to TCP MSS [0207] verified against VSI SSL111 product [0208] SET response=c sp= ("content-security-policy:") [0209] https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP [0210] SET response=cspro= ("..policy-report-only:") [0211] metacon alpn: (TLS application level protocol negotiation) [0212] metacon proctor: (obvious proctored script clause) [0213] DCL callout CSP: ("content-security-policy:") [0214] DCL callout CSPRO: ("..policy-report-only:") [0215] REGEX.C updated (ever-so-slightly) [0216] more proxy persistent connection (per JPP) [0217] RequestAbort() accomodates HttpdSupervisor() refinement [0218] and REQUEST_STATE_ABORT used throughout server [0219] Http2RequestData() delivers Http2RequestCancel() read AST [0220] NetTestSupevisor() and WASD_NET_TEST_BREAK logical name [0221] bugfix; ProxyEnd() free ioptr using NetIoEnd() [0222] bugfix; NetIoWriteStatus() and NetIoReadStatus() [0223] bugfix; RequestPersistentConnection() pipelined request [0224] bugfix; Http2RequestData() flow control [0225] bugfix; SesolaClientCertGet() SSL_VERIFY_POST_HANDSHAKE [0226] bugfix; httpd.c if (!CliDemo) HttpdGblSecInit(); [0227] bugfix; MetaConConditionalList() bu**ered [0228] bugfix; RequestProcessFields() DictLookup (.."accept"..) [0229] bugfix; SesolaCertExtension() BIO_NOCLOSE memory leak [0230] bugfix; CacheLoadEnd() free rqCache.ContentPtr on fail [0231] bugfix; DICT.C "tmptr && tmptr->clink.." [0232] bugfix; Http2Priority() exclusive bit [0233] bugfix; NetCreateService() only SesolaInitService() once [0234] bugfix; WatchDataDump() CHARS_PER_LINE calculation (sigh) [0235] bugfix; OdsDirectSearch() RMS$_FNF not RMS$_NMF (per JPP) [0236] bugfix; RequestShareBegin() if (!MATCH6 (cptr, "raw://")) [0237] bugfix; SesolaNetClientBegin() SESOLA_SINCE_110 [0238] BIO_set_data() before SSL_set_bio() (per JPP) [0239] bugfix; AdminParsePath() extraneous OdsParseRelease() [0240] bugfix; OdsDirectSearch() only if not already on the block [0241] boundary add one to get to next, otherwise already there! [0242] 20-JUL-2019 MGD v11.4.0, "One small step ..." [0243] 25th Anniversary Release (see 20-JUN-1994 below) [0244] adapt WatchSystemPlus() to allow use via CLI /SYSPLUS [0245] then dignified with a (sysPlus..()) module of its very own [0246] /OUTPUT= (in particular for /SYSPLUS) [0247] HttpdSupervisor() explicitly WatchEnd() [0248] Sesola_netio_read() and Sesola_netio_write() if connection [0249] broken (channel zero) return zero (SSL shutdown) [0250] SET response=200=203 for request tracking and log analysis [0251] ResponseHiss() response status changed from 403 to 203 [0252] status code 418 (teapot) forces connection drop [0253] allow a specified port when redirecting, i.e. http[s]//:nnn [0254] Sesola_netio_read_ast() 0 status TCP/IP Services? [0255] Sesola_netio_write_ast() 0 status TCP/IP Services? [0256] bugfix; SesolaClientCertGet() status 0 an issue [0257] bugfix; SesolaClientCertGet() if (value <= 0) break; [0258] bugfix; CgiOutput() Content-Length: strtoul() [0259] bugfix; SesolaClientCert() allow pattern per 25-AUG-2015 [0260] bugfix; SesolaCertExtension() storage reset [0261] bugfix; SesolaCertParseDn() regression (or whatever) [0262] bugfix; Http2NetQueueWrite() PEEK_8 at w2ptr->type [0263] bugfix; non-local without "Host:" use name not host:port [0264] bugfix; Http2RequestEnd() copy tally rx/tx to request [0265] bugfix; OdsDirectSearch() (uint)0xffff && rlen < 508) [0266] bugfix; AuthCompleted() and AuthNotComplete() to address [0267] AST delivery following request end and rundown [0268] bugfix; for bugfix StringSliceValue() kludge [0269] allow for DECnet connection string specified username [0270] bugfix; DavMetaDir() ACCVIO from !SAME2(mfdptr,'[.') [0271] 24-NOV-2018 MGD v11.3.0 [0272] verified against OpenSSL v1.0.2 && v1.1.0 && v1.1.1 [0273] TLSv1.3 operational [0274] verified against EXPAT v2.2.5 (for WebDAV purposes) [0275] (but reverted to v2.0.1 for final VAX WASD release) [0276] VM.C eliminate dynamic tuning of heap initial allocation [0277] and rework to allow detailed memory management statistics [0278] to be compiled into the runtime for development purposes [0279] ODS (FILES-11) directory parser [0280] WatchSystemPlus() et.al. for system troubleshooting [0281] RequestBegin() exit after consecutive SesolaNetBegin() fails [0282] DavWebRundown() explicitly abort WebDAV processing [0283] allow logical name content during one-to-one rule mapping [0284] refactor WatchWrite() using NetWriteBuffered() [0285] DclTaskRunDown() always use DclEmptySysOutput() [0286] [BufferQuotaDclOutput] BUFQUO value for SYS$OUTPUT mailbox [0287] refactor Http2RequestCancel() into Http2RequestCancelRead() [0288] and Http2RequestCancelWrite() [0289] ProxyRequestRebuild() proxy-authorization opaque: [0290] ProxyTunnelLogicalName() WASD_TUNNEL_SECONDS [0291] RequestGet() and ProxyTunnelNetReadAst() provide [0292] "X-Forwarded-For:" client host to proxied-to server [0293] /DO=REQUEST=RUNDOWN=.. [0294] /DO=ZERO=STATUS [0295] /DO=SSL=SERVICE=LOAD[=] no longer works [0296] SET response=var=crlf [0297] SET response=var=lf [0298] SET response=var=none [0299] bugfix; PutWriteFileOpen() override incompatible existing [0300] file characteristics by first erasing the file [0301] bugfix; seeming innumerable WebDAV fixes (some obvious, [0302] some obscure) many thanks to John Dite for his patience and [0303] persistence in finding and reporting anomalous behaviours [0304] (check the individual DAV...C modules for descriptions) [0305] bugfix; StringSliceValue() kludge for DECnet tasks [0306] bugfix; MetaConEvaluate() "webdav:MSagent" [0307] bugfix; DavWebMicrosoftDetect() before ->WebDavTaskPtr [0308] bugfix; X509_free() memory leak with ->ClientCertPtr [0309] bugfix; Http2NetIoWrite() blocking write data must be [0310] asynchronously persistent so employ internal buffer(s) [0311] bugfix; /DO=AUTH=SKELKEY=.. cluster wide (yet again :-) [0312] bugfix; SESOLA-OpenSSL memory leak at v11.0.0 [0313] bugfix; FileParseAst() regression with search list file [0314] bugfix; RequestRundown() allow for cache activity [0315] bugfix; WatchDataDump() CHARS_PER_LINE calculation [0316] bugfix; (longstanding) MapUrl__Map() multiple template [0317] wildcards when reverse mapping [0318] 01-MAR-2018 MGD v11.2.0 [0319] make WATCH item width flexible using initial value 6 digits [0320] with leading 3 digits HTTP/2 stream ID followed by 3 digits [0321] connection ID number and on overflow increment by 2 [0322] if |WASD_ENV| defined use that in absence of /ENV=.. [0323] Dav..() always DavWebEnd() not RequestEnd() [0324] WebDAV "authorisation" allowed to be EXTERNAL or OPAQUE [0325] RequestRundown() outstanding task sanity checks [0326] HttpdSupervisor() refactored timeout handling [0327] ProxyTunnelLogicalName() and WASD_TUNNEL to provide client [0328] host and port tunnel data available to the WASD system [0329] activated by SET..PROXY=FORWARDED=[FOR|ADDRESS] [0330] logging 'II' image information (file, version, link time) [0331] logging 'TI' request time in ISO 8601 extended format [0332] logging 'TS' (sortable) UTC request time ISO 8601 format [0333] logging 'TU' request time UTC (GMT) now synonym for 'TG' [0334] stamp (note) log events when common/combined with/without+ [0335] SET DIR=TITLE=[default|owner|remote||this=] [0336] /DO=HELP brief summary of command-line /DOs [0337] /DO=SSL=SERVICE=LOAD[= (re)load SSL context [0338] (/DO=SSL=CERT=LOAD is now implemented using this) [0339] /DO=STATUS report basic status of all instances [0340] /DO=STATUS=NOW instances immediately update status information [0341] /DO=STATUS=PURGE zero stale instance status information [0342] /DO=STATUS=RESET zero instance status information [0343] /NOTE= annotation to server process log [0344] refactor WatchEnd() (yet again) [0345] DclInit() do not adjust SYS$OUTPUT mailbox size when HTTP/2 [0346] is enabled, issue an informational as required [0347] DclMemBuf..() memory buffer script IPC (see DCLMEMBUF.C) [0348] callout BUFFER-BEGIN: [0349] callout BUFFER-END: [0350] callout BUFFER-WRITE: [0351] SesolaReport() allow reporting using an HTTP service [0352] CgiOutput() refine Content-Length: to report out-of-range [0353] CgiOutput() reject subsequent non-header [0354] WatchReport() move SSL item into Network group [0355] WatchShowCluster() and WatchShowSystem() VMS V6.2 obsolete [0356] bugfix; (longstanding) InstanceSocketForAdmin() sys$deq() [0357] bugfix; Http2..() window update and flow control management [0358] bugfix; logging 'BB' header length "lost" during HTTP/2 mods [0359] bugfix; nil content CGI responses not delivered [0360] bugfix; (long-standing) always use UpdEnd() not SysDclAst() [0361] bugfix; CgiGenerateVariables() [0362] |rqptr->rqAuth.SourceRealm != AUTH_SOURCE_AGENT_OPAQUE &&| [0363] 09-AUG-2017 MGD v11.1.1 [0364] relax HTTP/2 "rabbit hole" to permit WATCHing except [0365] for items [x]HTTP/2, [x]SSL and [x]network [0366] /INSTANCE=CONFIG ensures config values used [0367] SesolaClientCertRenegotiate() allow for pre- and post- [0368] OpenSSL 1.1.0 due to MSIE11 (Edge) stalling on a read [0369] after renegotiation (pre reverts to v11.0 and earlier code) [0370] SesolaInitService() when SSL_CTX_set_tmp_dh_callback() is [0371] enabled (DH_PARAM_*.PEM files present) ensure flag [0372] SSL_OP_CIPHER_SERVER_PREFERENCE is implicitly set [0373] MapUrl_GuaranteeAccess() mapping as well as authorisation [0374] Authorize() move AuthorizeGuaranteeAccess() up-front to [0375] ensure access to guaranteed paths not only with failure [0376] StringSliceValue() allow quote-delim inside space-delimited [0377] bugfix; rationalise as OpenSSL_version[_num]() becomes [0378] confused catering for OpenSSL v1.0.2 && v1.1.0 && v1.1.1 [0379] bugfix; HttpdSupervisor() do RequestRundown() only the once [0380] bugfix; DclCalloutDefault() NOTICED: and OPCOM: responses [0381] bugfix; DclScriptProctor() request is not actually "!!*!" [0382] bugfix; HpackHeadersFrame() use ":authority" pseudo-header [0383] for "Host:" header according to RFC7540 8.1.2.3 [0384] bugfix; SesolaCertExtension() generate UPN independently [0385] for each of pre- and post- OpenSSL 1.1.n [0386] bugfix; SesolaClientCertConditional() 'IS' processing [0387] bugfix; SesolaClientCertRenegotiate() allow for low-level [0388] (i.e. SSL) I/O errors (e.g. link disconnection) [0389] bugfix; LoggingDo() 'SR' silliness from v11.0 rework [0390] bugfix; MapUrl_ExplainPathSet() response=header=add=.. [0391] bugfix; for HTTP/2 (sigh) we need NPH to generate a header [0392] bugfix; session ticket key refresh (must be one of those...) [0393] 04-MAY-2017 MGD v11.1.0, [0394] "Raw"Socket based on WebSocket infrastructure [0395] [DclScriptProctor] * general idle process(es) [0396] [ServiceRawSocket] enables a RawSocket [0397] [ServiceSSLcert] specification can contain wildcard(s) [0398] SET proxy=header=[=] [0399] logging 'CL' insert request content-length [0400] logging 'PL' insert PUT or POST body received count [0401] Sesola..() refinements for OpenSSL v1.1.1 and TLS 1.3 [0402] sesola.h |#include "openssl/rand.h"| to fix OpenSSL v1.1.0 [0403] static link error against rand_bytes() and rand_seed() [0404] SesolaNetThisIsSSL() allow redirection to include scheme [0405] /DO=SSL=CERT=LOAD ... basically for internal use only! [0406] (heads-up: planned Let's Encrypt CME utility :-) [0407] Graph..() activity graphic now implemented using HTML5 canvas [0408] ResponseHeader() ensure non-printables cannot be injected [0409] InstanceSessionTicketKey() rework multi-instance/cluster [0410] (sigh! yes again; the lack of a test cluster these days) [0411] DirDirectories() do not list "hidden" (^.the.DIR) directories [0412] bugfix; use rqHeader.RequestBody.. for body with header [0413] bugfix; DclScriptProctor() v11.0 request structure [0414] requires dictionary and netio structures [0415] bugfix; SesolaNetIoRead() SSL_read() in-progress [0416] bugfix; Http2RequestEnd() end-of-request (control) frame [0417] independent of request itself [0418] bugfix; Http2NetQueueWrite() and Http2NetWriteDataAst() [0419] blocking writes are not placed on the request's [0420] write list as they are transparent to the request [0421] bugfix; Http2NetQueueWrite() deliver via NetIoWriteStatus() [0422] using SS$_NORMAL (HTTP/2 I/O) not the request ->VmsStatus [0423] bugfix; SesolaControlReloadCA() do not proactively [0424] X509_STORE_free() (leaves a dangling pointer?) [0425] bugfix; SesolaSNICallback() port elimination [0426] bugfix; RequestExecutePostCache() keyword redirection count [0427] 25-AUG-2016 MGD v11.0.2, [0428] Http2RequestBegin() ensure stream ident not reused [0429] increase MAX_REQUEST_HEADER from 16384 to 32768 [0430] InstanceSessionTicketKey() rework multi-instance rotate [0431] CgiGenerateVariables() mitigate httpoxy vulnerability [0432] MsgConfigLoadCallback() make [ismap] optional [0433] ParseCommandInteger() accept just an integer [0434] CLI /INSTANCE= now sets global section |InstanceMax| [0435] to allow the created process to continue to exist and when [0436] used needs to be reset with the likes of /INSTANCE=1 [0437] minimum supported OpenSSL version is now v1.0.0 [0438] which precludes HP SSL V1.4 (at least) [0439] OpenSSL v1.1.0 required code changes including [0440] #if (OPENSSL_VERSION_NUMBER < 0x10100000L) in Sesola..() [0441] modules, and introducing a version dependent build [0442] SesolaClientCertRenegotiate() rework due to OpenSSL v1.1.0 [0443] ResponseHeader() ->rqCgi.ScriptControlHttpStatus will allow [0444] an error reporting script to override the original status [0445] CGI Script-Control: X-http-status= [0446] %SSL-x-STRICT (RFC6797) now described as %SSL-x-STRICT, HSTS [0447] bugfix; Http2RequestData() always deliver via NetIoReadAst() [0448] bugfix; HpackHeadersFrame() uncompressed header size [0449] bugfix; CgiGenerateVariables() names from dictionary [0450] bugfix; MetaConEvaluate() request: regression [0451] bugfix; RequestProcessFields() if-range: regression [0452] bugfix; MetaConEvaluate() client_connect_gt: regression [0453] bugfix; SesolaClientCert() move X509 RENEGOTIATE switch [0454] HTTP/2 to HTTP/1.1 after SSL_get_peer_certificate() [0455] 30-JUN-2016 MGD v11.0.1, [0456] meta config [[wasd*n.n.n]] server version conditional [0457] [SSLsessionLifetime] session ticket (or ID) lifetime [0458] [SSLverifyPeerDataMax] see documentation [0459] [ServiceSSLsessionLifetime] per-service equivalent [0460] [ServiceSSLverifyPeerDataMax] per-service equivalent [0461] [SSLsessionCacheMax] default (of zero) now disables [0462] in favour of the more efficient Session Ticket [0463] SesolaSessionTicket..() refresh and coordinate the [0464] TLS session ticket key cluster-wide using the DLM [0465] InstanceSupervisor() refresh session ticket key at midnight [0466] RequestGblSecUpdate() method and URI only printable chars [0467] ProxyTunnelRequestParse() append mapped path for logging [0468] DirFiles() and DavPropSearchAst() ignore ambiguous file [0469] names containing an escaped ("^.") period but no type [0470] ErrorRedirectQueryString() ERROR_URI variable [0471] bugfix; MapOdsUrlToOds5Vms() URLs will not contain [0472] '^'-escaped sequences so just '^'-escape them [0473] bugfix; SesolaClientCertRenegotiate() ensure request [0474] data cleared before renegotiate ([SSLverifyPeerDataMax]) [0475] bugfix; DclTaskRundown() cancel HTTP/2 client read [0476] bugfix; HttpdSupervisor() accumulate proxy accounting data [0477] bugfix; RequestEnd2() decrement processing rx or (SSH) method [0478] bugfix; RequestEnd2() read status OK -or- ENDOFFILE [0479] bugfix; HpackHeadersFrame() multiple to single cookie header [0480] bugfix; MetaConEvaluate() request-scheme: regression [0481] bugfix; NetWrite() response header write error handling [0482] bugfix; SesolaClientCert() just return status [0483] 07-MAY-2016 MGD v11.0.0, [0484] HTTP/2 (RFC7540, RFC7541) [0485] restructure network I/O abstractions (oh boy!) [0486] key-value dictionary (associative array) abstraction [0487] add "Refresh [integer] Seconds" to appropriate reports [0488] ProxyFtpListOutput() update in line with directory listing [0489] SET dict[=[=]] [0490] SET http2=protocol=1.1 [0491] SET http2=send=goaway[=] [0492] SET http2=send=ping [0493] SET http2=send=reset[=] [0494] SET http2=write=[low|normal|high] [0495] metacon dict:, http2: and request-protocol: [0496] [HTTP2..] global configuration [0497] [TimeoutHttp2Idle] [0498] logging 'DI' insert specified dictionary item value [0499] /DO=HTTP2=PURGE[=] [0500] ensure timed-out requests are logged as 408/500 [0501] excise much of the twenty years of reporting HTML cruft [0502] obsolete ismap.c, filedot.c, menu.c and track.c functionality [0503] 22-APR-2016 MGD v10.4.3 (unreleased), [0504] logging 'NP' insert notepad value [0505] logging 'XX' insert custom site/client-specific datum [0506] SET sslcgi=apache_mod_ssl_client [0507] SET sslcgi=apache_mod_ssl_extens [0508] LoggingDo() MAX_FAO_VECTOR from 64 to 128 [0509] SSL_CTX_set_ecdh_auto() set elliptic curves selection [0510] SesolaTmpDHCallback() improve DH*.PEM flexibility [0511] SesolaCertExtension() parse X509 extensions [0512] SesolaCertName() parse X509 distinguished name [0513] SesolaCgiVariablesExtension() document X509 extensions [0514] SesolaReport() list certificate extensions [0515] [ru:/CN=] allows multiple to be selected between [0516] (e.g. "[ru:/CN=user*]", "[ru:/CN=^^\[^/=\]*$]") [0517] SesolaCertParseDn() strncmp() not strsame() [0518] SesolaCertParseDn() select on pattern match [0519] StringMatchAndRegex() ensure |rqptr| not needed [0520] add limit to consecutive failures on persistent connection [0521] remove limit to consecutive requests on persistent connection [0522] TcpIpAddressToString() IPv4 in IPv6 as ::FFFF:n.n.n.n [0523] bugfix; ResponseHeader() for HEAD request transfer-encoding [0524] chunked suppress actual chunked body (RFC 7230 3.3) [0525] bugfix; SesolaInit() session cache max -1 disables cache [0526] bugfix; LoggingDo() elapsed time items [0527] bugfix; LoggingDo() 'CC' do not reuse pointers! [0528] bugfix; LoggingDo() 'VS' |->ServicePtr| dereference [0529] 15-AUG-2015 MGD v10.4.2, [0530] [ServiceStrictTransSec] (RFC6797) [0531] [SSLstrictTransSec] (RFC6797) [0532] SET response=sts= (Strict-Transport-Security:) [0533] ResponseHeader() Strict-Transport-Security: header [0534] add WATCH "!42*x" to beginning and ending of requests [0535] DavWebRequest() allow bodies with any and no Content-Type: [0536] then in DavWebRequest2() check for XML in the body content [0537] RequestRedirect() always use dynamic buffers [0538] when "remote-addr:" begins '?' translate host to IP address [0539] LoggingDo() add WASD_LOGS "convenience" logical name [0540] disable kludge; SesolaNetAccept() SSL3_ST_SR_CLNT_HELLO_C [0541] as the issue seems to have been fixed in OpenSSL v1.0.2c [0542] logical name WASD_REDIRECT_WILDCARD must be defined [0543] to enable "DNS wildcard" proxy redirection [0544] bugfix; [Cli]ParseCommand() parenthesis parsing [0545] bugfix; Request..() rework pipelined request handling [0546] bugfix; move supervisor PID from InstanceNodeSupervisor() [0547] to InstanceNodeSupervisorAst() [0548] bugfix; DavWebDestination() URI and URL (Total Commander) [0549] bugfix; Error..() earlier and broader detection of WebDAV [0550] bugfix; DavDeleteParse() enable access around OdsParse() [0551] bugfix; DavMoveMeta() do not report RMS$_DNF [0552] bugfix; FaoSAK() sdptr = StrDscBuffer(StrDscPtr); [0553] bugfix; DavXmlStartElement() PROPFIND accumulate list of [0554] dead properties subsequently searched for in the metadata [0555] bugfix; MapUrl_ExplainPathSet() ->ResponseChunked [0556] bugfix; CONFIG_SERVER_LOGS logical names precede fixed locale [0557] 12-FEB-2015 MGD v10.4.1, [0558] ProxyResponseRebuild() and ProxyRequestRebuild() provide [0559] timeout=n parameter with Keep-Alive: header field (some [0560] origin servers hang when no parameters supplied, per JPP) [0561] SesolaInitOptions() expand options keywords to include [0562] most SSL_OP_.. flags using the OpenSSL flag #define as the [0563] keyword minus the "SSL_" (e.g. OP_CIPHER_SERVER_PREFERENCE) [0564] SesolaTmpRSACallback() and SesolaTmpDHCallback() [0565] support for ephemeral keys enabling "forward secrecy" [0566] SesolaInitService() and SesolaInitClientService() [0567] if cipher list begins '+', '-' or '!' append it to default [0568] increase MAX_REQUEST_HEADER from 8192 to 16384 [0569] (proxying requests from Firefox to IIS, per JPP) [0570] kludge; SesolaNetAccept() SSL3_ST_SR_CLNT_HELLO_C [0571] bugfix; RequestEndEnd() use ZERO_DELTA_TIME macro [0572] bugfix; AuthCacheNeedsReval() AlreadyLocked (per JPP) [0573] bugfix; ConfigReportSecureSocket() FaoVector[32] [0574] 05-DEC-2014 MGD v10.4.0 [0575] CORS support [0576] /SSL=(TLSvALL,TLSv1.1,noTLSv1.1,TLSv1.2,noTLSv1.2) [0577] removed /SSL=(2|3|23) which must be altered to SSLv2, etc. [0578] NOTE: TLSv1, TLSv1.1, TLSv1.2 now ENABLED by default [0579] SSLv2 and SSLv3 are now DISABLED by default [0580] (as recommended post-POODLE) [0581] MapUrl_ClientAddress() allows for transparent upstream proxy [0582] ResponseStream() and request /stream/ [0583] AuthCacheNeedsReval() so multiple cache entries for the [0584] same credentials do not trigger multiple revalidations [0585] SsiEnd() detect and report non-SSI problem encountered [0586] access log buffer extended from [4096] to [16384] (UMA SAML) [0587] LoggingQuoted() explicitly encode some fields where a raw [0588] quotation mark (URI forbidden) can break a log entry [0589] HttpdExit() sanity check trace after %SYSTEM-F-ASTFLT [0590] stack corruption at (you guessed it) Uni Malaga resulted [0591] in the icb.libicb$v_bottom_of_stack never being set! [0592] tweaks to some accounting fields and values (for WASDmon) [0593] NetCreateService() check bind address string instead of [0594] address to allow binding primary to 0.0.0.0 (INADDR_ANY) [0595] directory default listing style now ed [0596] directory path SET ods=name=utf8 then response charset=utf-8 [0597] directory ?httpd=index&font=[inherit|monospace(D)] [0598] ?httpd=index&style=table[2] [0599] SET client=[forwarded|if=forwarded|literal=|reset| [0600] if=xforwardedfor|xforwardedfor] [0601] SET dir=font=[inherit|monospace(D)] [0602] dir=style=TABLE[2] (new default) [0603] SET cors=age= cors=cred=[true|false] [0604] cors=expose= cors=headers= [0605] cors=methods= cors=origin= [0606] SET ods=name=8bit, ods=name=utf8, ods=name=default [0607] SET webdav=[no]hidden [0608] webdav=meta=dir= [0609] [SecureSocket] and [SSL...] (overridden by /SSL=) [0610] [WebDAVmetaDir] sub or full directory for meta files [0611] WedDAV configurable metadata (sub)directory [0612] AuthAccessCheck() add explicit check against server [0613] account to improve reporting of underlying access [0614] User-defined logging directives 'CI', 'SR', 'SV' for [0615] SSL cipher, session reuse and version items [0616] COMMON+, COMMON_SERVER+, COMBINED+ composite log formats [0617] X-record0-mode[=0|1] and associated CGI null-record mode [0618] bugfix; and refine DirFormatSize() [0619] bugfix; SSLv23_method() appears to be a Swiss-army knife [0620] significant rework of SSL version configuration [0621] bugfix; TcpIpCacheAddressToName() memcpy null char [0622] bugfix; DavMetaOpenAst() retry after meta directory creation [0623] bugfix; DavPropEnd() ensure unused meta-data file deleted [0624] bugfix; MapOds5VmsToUrl() et.al. allow for ".][" [0625] bugfix; SAME3 0x00ffffff mask (not 0xffffff00) [0626] bugfix; DirFormatAcpInfoAst() ThisIsADirectory = false; [0627] bugfix; DavWebCreateDir() set SYSPRV access, propagate rest [0628] bugfix; PutWriteFileOpen() WebDAV should not use default [0629] protection mask and instead propagate from profile [0630] bugfix; FileParseAst() allow for non-dir .DIR files [0631] bugfix; RequestRedirect() allocate using (possibly expanded) [0632] header length (not fixed) when allocating POST buffer [0633] bugfix; PROXY.C no $QIO buffer should exceed 65535! [0634] 06-OCT-2013 MGD v10.3.0 [0635] TLS1 Server Name Indication (SNI) extension [0636] /SSL= parameter options rework (plus new mnemonic options) [0637] SesolaNetClientBegin() include SNI before connect [0638] PutWriteFileOpen() support FAB$C_STM and FAB$C_STMCR [0639] DclMailboxAcl() allow usernames without associated [0640] identifiers (i.e. shared UICs) by first trying with the [0641] username and on failure getting the UIC and using that [0642] FaoUrlEncodeTable tilde from "%7e" to "~" (cadaver issue) [0643] GzipInit() ZLIB shareable image via logical names [0644] WASD_LIBZ_SHR32, then GNV$LIBZSHR32, finally LIBZ_SHR32 [0645] PersonaAssume() wrap sys$persona_create() with SYSPRV [0646] after modifications to DclMailboxAcl() to allow usernames [0647] without associated identifiers (i.e. shared UICs) [0648] authorisation realm read-only group can be specified as "*" [0649] to represent that "everyone else" can read [0650] ProxyResponseRebuild() additional header length bumped [0651] from an ambit 256 to an ambit 1024 (Uni Malaga :-) [0652] OdsNamBlockAst() on non-ODS_EXTENDED platforms (i.e. VAX) [0653] tease-out system file name from Nam.nam$l_name and [0654] Nam.nam$l_type into odsptr->SysFileName buffer [0655] historically used by ODS-5 and munge for ODS-2 as well [0656] .WWW_WASD directory directive file [0657] sortable directory listing [0658] ?httpd=index&ilink=[yes|no] [0659] ?httpd=index&override=[yes|no] [0660] ?httpd=index&query= (.WWW_WASD specific) [0661] ?httpd=index&style= [0662] ?httpd=index&sort=[+|-] [0663] ?httpd=index&target= [0664] ?httpd=index&these=[,] [0665] ?httpd=index&versions=|* [0666] SET dir=delimit= [0667] SET dir=[no]ilink [0668] SET dir=style=sort (plus the dir=style=2) [0669] SET dir=sort=[+|-] [0670] SET dir=target= [0671] SET dir=these=[,] [0672] SET dir=versions=|* [0673] SET put=rfm=[STM|STMCR|UDF] added to FIX512,STMLF [0674] "upstream-addr:" conditional [0675] [AuthRevalidateLoginCookie] obsolete (in favour of ...) [0676] rqptr->AuthRevalidateCount to track empty authentication [0677] prompts preceding potential redundant revalidation prompt [0678] [PutBinaryRFM] add STM and STMCR [0679] [ServiceNonSSLRedirect] |[:] [0680] some refinements to Upd..() layout and functionality [0681] refine HTML and bring a little more up-to-date [0682] AUTH_MAX_USERNAME_LENGTH bumped from 47 to 64 for X509 [0683] FileAcpInfoAst() '$.' file extension kludge [0684] bugfix; AuthConfigLoadCallBack() additional [AuthProxy] [0685] with intervening rules should reset proxies [0686] bugfix; FileResponseHeader() "?httpd=content&type=" decoded [0687] bugfix; MapOds..() identify MFD using "000000]" and "000000." [0688] bugfix; AuthVmsGetUai() interaction of logon= parameters [0689] bugfix; UpdFileRename() ACCVIO with AuthAccessEnable() [0690] bugfix; RequestParseAndExecute2() remove reset of [0691] request persistent flag from OPTIONS and DELETE [0692] bugfix; SesolaInitService() (or refinement) [0693] SSL_CTX_set_session_id_context() against each service [0694] bugfix; DirFormatSize() bytes [0695] bugfix; OdsParseTerminate() on non-ODS_EXTENDED platforms [0696] (i.e. VAX) reset .nam$b_esl to changed expanded length [0697] or it can generate RMS$_ESL errors [0698] bugfix; DavPropSearchAst() on non-ODS_EXTENDED platforms [0699] (i.e. VAX) reset .nam$b_rsl to changed resultant length [0700] or it can generate RMS$_RSL errors [0701] bugfix; non-ODS_EXTENDED platforms (e.g. VAX) must [0702] OdsParse() NAM$M_NOCONCEAL before OdsSearchNoConceal() [0703] bugfix; MapUrl__Map() reverse mapping wildcard copy [0704] bugfix; CgiGenerateVariables() AUTH_GROUP write/read status [0705] bugfix; AuthClientHostGroup() wildcard match result reversed [0706] bugfix; ProxyResponseRebuild() call ProxyRebuildLocation() [0707] can return a pointer to the original location! [0708] bugfix; SesolaInit() translate WASD_SSL_CIPHER logical name [0709] 09-NOV-2012 MGD v10.2.0, [0710] TOKEN authorisation [0711] request header DNT (do not track) [0712] set ProxyReadBufferSize to 64k (per JPP) [0713] allow (proxy) ResponseBufferSize to be >= 64k (per JPP) [0714] HttpdSystemInfo() $GETSYIW() CsidVersion treat status [0715] SS$_UNREACHABLE as non-fatal and fallback to 16 byte LVB [0716] DIGEST.C numerious tweaks up to RFC2069 [0717] [AuthTokenEntriesMax] for token authorisation [0718] bugfix; HTAdminModifyUser() use database name for digest [0719] bugfix; AuthorizeResponse() digest scheme [0720] bugfix; AuthVmsGetUai() logon= fall through [0721] bugfix; DclSysOutputAst() WebSocket wrt agent [0722] bugfix; WebSockEnd() do not NetCloseSocket() [0723] bugfix; (at least improve) caching of group write/read [0724] bugfix; SesolaParseCertDn() return NULL if record not found [0725] bugfix; AuthorizeGroupWrite() with cached entries! [0726] bugfix; AuthReadSimpleList() parameter /DIRECTORY= processing [0727] 28-APR-2012 MGD v10.1.1, [0728] RequestGet() no longer report 408 for unused connections [0729] RequestEndEnd() likewise ignore unused connections (Chrome) [0730] MetaConLoad() compress non-signficant white-space [0731] proxy WebSocket upgrade requests as raw tunnels (kludge) [0732] DclRestartScript() refine WebSocket handling [0733] DirFormatSize() now uses quadword [0734] DirFormatSize() adjusts units to fit size width [0735] MATCH0..8() macro to improve efficiency over memcmp() [0736] SAME1..4() macro to abstract the *(USHORTPTR)s, etc. [0737] bugfix; RequestBegin() remove RequestEnd() following failed [0738] SesolaNetBegin() resulted in redundant request rundown [0739] bugfix; SesolaNetAccept() initialise value=0 [0740] bugfix; SesolaNetRead() SSL state not SSL_ST_OK [0741] bugfix; SesolaNetWrite() SSL state not SSL_ST_OK [0742] bugfix; DavWebMicrosoftMunge2() token reprocessing [0743] bugfix; FileAcpInfoAst() SS$_BADPARAM >2GB <4GB (per JPP) [0744] bugfix; WebSockCloseMailboxes() logic [0745] bugfix; DclScriptProcessCompletionAST() don't WebSockClose() [0746] any WebSocket request currrently associated with the task [0747] bugfix; RequestEndEnd() '->WebSocketCount' already locked [0748] 06-NOV-2011 MGD v10.1.0, [0749] dragged kicking and screaming to VMS V7.0 base build [0750] Web Socket (HTML5) support [0751] Secure Sockets default to SSL v3 and TLS v1 (no more SSL v2) [0752] SET cache=[no]cookie [0753] SET map=uri [0754] SET proxy=chain=cred= [0755] SET proxy=tunnel=request= [0756] SET regex= [0757] SET response=HTTP=original [0758] SET service= [0759] SET notimeout (short-hand for timeout=none,none,none) [0760] SET websocket= [0761] "origin:" conditional [0762] "request-peek:" conditional [0763] "upgrade:" conditional [0764] "websocket:" conditional [0765] [DclScriptProctor] (pro-)activate script/environments [0766] [RegEx] enabled/disabled/ [0767] [ServiceProxyChainCred] down-stream proxy credentials [0768] [WwwImplied] "www." is implied even with virtual services [0769] ("Host:") not beginning with it (ServiceFindVirtual()) [0770] callout LIFETIME: can accept [0771] callout SCRIPT-CONTROL:string (see DCL.C) [0772] logging 'PP' outgoing proxy connection local port [0773] /DO=ALIGN=.. to allow collection and analysis of Alpha and [0774] Itanium alignment fault data using HttpdAlignFault() et.al. [0775] /DO=NET=PURGE[=..] expanded capability [0776] /DO=WEBSOCKET=DISCONNECT[=..] to disconnect WebSockets [0777] /PRIORITY= limit increased from 6 to 15 [0778] SesolaInit() default is SSLv2 off and SSLv3/TLSv1 on [0779] AuthAgentCallout() callout BODY implemented (for PAPI) [0780] MapOdsUrlTo..() consecutive '/' into a single a la Unix [0781] ServiceReportNow() service synopsis [0782] ProxyTunnelChainConnect() chain proxy authorization [0783] ProxyRequestRebuild() chain proxy authorization (BASIC only) [0784] ServiceReportNow() add summary to service report [0785] configuration lines beginning "!#" now allow WATCHable [0786] during mapping and authorisation processing [0787] reworked query string handling based on length [0788] ServiceEntityMatch() processes in-match and if-not-match [0789] CacheSearch() implement request cache control [0790] CacheLoadResponse() checks response header for [0791] "Cache-Control:" directives and adjusts accordingly [0792] CacheLoadEnd() buffer all content-type data [0793] (previous behaviour truncated at ';' or white-space) [0794] MetaConLoad() ensure metacon "lines" are quadword aligned [0795] __unaligned directive added to pointer macros in a [0796] (successful) effort to avoid alignment faults [0797] VM_OFFSET now 8 (quadword alignment) instead of 4 [0798] bugfix; OdsFileExists() parse NAM$M_NOCONCEAL in case of [0799] multi-valued, concealed logical devices and then convert [0800] returned status DNF into the functional equivalent FNF [0801] bugfix; directory listing OdsSearchNoConceal() to [0802] process concealed, multi-value logical device names [0803] bugfix; RequestRedirect() only concat '&' if including query [0804] bugfix; set rule 'CacheSetting' boolean with any CACHE=.. [0805] 02-OCT-2010 MGD v10.0.3, [0806] command-line checks of configuration files [0807] /DO=AUTH=CHECK /DO=CONFIG=CHECK (all configuration files) [0808] /DO=GLOBAL=CHECK /DO=MAP=CHECK /DO=MSG=CHECK [0809] /DO=SERVICE=CHECK [0810] TcpIp6..() functions to resolve IPv6 AAAA records [0811] ProxyRequestParse() improve IPv6 host parsing [0812] bugfix; regression at 10.0.1 with proxy authorization [0813] bugfix; SSL_set_info_callback() not SSL_CTX_set..() [0814] 01-JUL-2010 MGD v10.0.2, [0815] metacon "file:" and "directory:" to probe file-system [0816] SET script=lifetime= [0817] SET put=max= per-path equivalent of [PutMaxKbytes] [0818] SET put=max=* for (effectively) unlimited upload [0819] BODY.C significant rework to function()alise common code [0820] BODY.C improve performance with multiblock of 127 (per JPP) [0821] BODY.C make MultipartContentType(Ptr) a dynamic structure [0822] as Microsoft endeavour to include application data [0823] along with MIME content-type, see ... [0824] http://msdn.microsoft.com/en-us/library/aa338205.aspx [0825] and an example (no kidding!) ... [0826] "application/vnd.ms.powerpoint.template.macroEnabled.12application/x-font" [0827] FileNextBlocks() change QIO file size from long to quad [0828] to cater for files greater than 4GB (4GB+ is limited to [0829] file serving only, no ranges, etc.) [0830] RequestExecutePostCache() UTF-8 decode WebDAV objects [0831] RequestRedirect() support WebDAV "Destination:" field (JPP) [0832] DclAllocateTask() default unconfigured CGIplus lifetime [0833] SsiDoSet() and SsiGetTagValue() allow '$' in variable names [0834] Mapurl_ControlReload() rather than Mapurl_Load() [0835] bugfix; MapUrl_ControlReload() [0836] bugfix; DclUpdateScriptNameCache() run-time pointer [0837] bugfix; OdsNamBlockAst() odsptr->NamFileSysNamePtr [0838] always set to odsptr->SysFileName in case RMS$_FNF, etc. [0839] bugfix; RequestGet() MAX_REQUEST_HEADER (per JPP) [0840] bugfix; allow METACON_TOKEN_INCLUDE for [IncludeFile] [0841] bugfix; MetaConEvaluate() when JustChecking: HTTP header [0842] fields (e.g. "cookie:") [0843] bugfix; DavMetaReadName() and DavMetaWriteName() [0844] allow for typeless file names (e.g. ]AFILE.;) [0845] bugfix; PutWriteFileOpen() ensure SYSPRV enabled before [0846] $ERASE() if not WebDAV request (access and ownership) (JPP) [0847] bugfix; DavWebSlashlessMunge() enable SYSPRV while [0848] calling OdsFileExists() (per JPP) [0849] bugfix; do not use REDIRECT for WebDAV request error report [0850] bugfix; no new token when refreshing existing lock (per JPP) [0851] bugfix; FileNextBlocks() signed/unsigned comparison [0852] when calculating buffer size on files larger than 2^31 [0853] bugfix; MapOdsUrlToOds5Vms() MapOdsElementsToVms() [0854] include '|' and '%' as ODS-5 escaped characters [0855] bugfix; DirAuthorizationAst() only check access on [0856] non-empty expanded file names [0857] bugfix; PutWriteFileOpen() ensure SYSPRV enabled before [0858] $CREATE() if not WebDAV request (for access and ownership) [0859] bugfix; FileNextBlocks() signed/unsigned comparison [0860] when calculating buffer size on files larger than 2^31 [0861] bugfix; MapOdsUrlToOds5Vms() MapOdsElementsToVms() [0862] include '|' as an ODS-5 escaped character [0863] bugfix; DirAuthorizationAst() only check access on [0864] non-empty expanded file names [0865] bugfix; PutWriteFileOpen() ensure SYSPRV enabled before [0866] $CREATE() if not WebDAV request (for access and ownership) [0867] bugfix; DirBegin() "httpd=index&" detection (since v9.3.0) [0868] bugfix; DirEnd() suppress unless RequestEnd() AST [0869] bugfix; SsiDoDcl() report cgi=/script= query string as error [0870] bugfix; UpdBegin() [goto] processing [0871] 01-MAR-2010 MGD v10.0.1, [0872] ProxyFtpListProcessUnix() names with white-space (per JPP) [0873] ProxyResponseRebuild() !"accept-encoding" (per JPP) [0874] make proxy requests subject to throttle (per JPP) [0875] MapUrl__Map() increase some buffer sizes (per JPP) [0876] RequestRedirect() add return length (overflow) check [0877] log format 'HO' request "Host:" field [0878] log format 'RH' any request header (e.g. "RH:cache-control:") [0879] log format 'VS' request virtual service [0880] According to http://www.ietf.org/rfc/rfc2145.txt a server [0881] should respond with the minor HTTP version reflecting its [0882] own compliance rather than the client's provided the [0883] response itself is compliant with the client minor version [0884] (i.e. HTTP/1.0 requests should get HTTP/1.1 in the response [0885] status line - and now implemented by ResponseHeader()) [0886] bugfix; LoggingDo() sys$flush(&RAB) not (&FAB) [0887] bugfix; LoggingDo() initialise (zero) &DummyRequest [0888] bugfix; ProxyMaintInit() use v10orPrev10() for scan (per JPP) [0889] bugfix; ProxyTunnelReadAst() data count tx (per JPP) [0890] bugfix; ConfigAcceptClientHostName() reject [0891] 29-NOV-2009 MGD v10.0.0, [0892] WebDAV 1,2 [0893] AuthAcmeVerifyUser() requires SECURITY privilege to [0894] allow ACME$M_NOAUTHORIZATION for authentication-only [0895] when using WASD_NIL_ACCESS identifier [0896] AuthAcmeVerifyUser() and AuthVmsGetUai() can now use [0897] [AuthSYSUAFlogonType] and/or an optional authorization rule [0898] parameter 'param="logon=.."' to specify the login type [0899] (default is still NETWORK) [0900] AuthRestrictAny() uses a single set of access restrictions [0901] ACME DOI name of '*' indicates use the default of [0902] ACME$LATEST_ENABLED_AGENT_LIST rather than specified DOI [0903] (authentication realm set to the DOI authentication realm) [0904] allow for []-delimited IPv6 addresses as service names [0905] concurrently support v10 and pre-v10 logical names [0906] (use WASD_.. rather than HTTPD$.. and HT_.. logical names) [0907] move WASD process naming schema from "HTTPd:" to "WASD:" [0908] (implies the automatic creation of new rights identifiers) [0909] use STR_DSC and associated StrDsc..() functions [0910] to refine and simplify formatted and buffered output [0911] OdsNameOfDirectoryFile() no longer mandatory that a [0912] directory file actually exists to generate the name [0913] MapUrl_Map()/__Map() now have a REQUEST_PATHSET parameter [0914] (to better decouple file-system mapping and path SETing) [0915] refine loading and mapping of path SETings [0916] add HTTP status filter to WATCH [0917] DclSysOutputAst() if WATCHing DCL and non-CGI-compliant [0918] response continue to end-of-script bit-bucketing output [0919] (DECNET.C code already provides this behaviour) [0920] User-defined log format now includes 'CP' client port [0921] RequestRedirect() allow a redirect to include its own query [0922] string and then concatenate any request query with '&'.. [0923] CgiVariable() optimise single-quotation escaping (JPP) [0924] GzipShouldDeflate() do not compress Shockwave Flash [0925] increase minimum size before compression to 1400 bytes [0926] HttpdExit() add explicit traceback for AXP and IA64 (per JPP) [0927] WATCH script item [0928] (interesting and useful suggestion from Jean-Pierre Petit) [0929] callout WATCH:string (see DCL.C) [0930] CGI variable WATCH_SCRIPT indicates when script WATCHing [0931] SET css= [0932] SET put=max= [0933] SET put=rfm=[FIX512|STMLF] [0934] SET script=agent=as= [0935] SET webdav=... (multiple WebDAV related settings) [0936] [AuthSYSUAFlogonType] specifies NETWORK, DIALUP, etc. [0937] [BufferSizeNetFile] global configuration directive [0938] [BufferSizeNetMTU] global configuration directive [0939] [HttpTrace] global configuration directive [0940] [PutBinaryRFM] global configuration directive [0941] [ServiceLogFormat] a per-service user-defined log format [0942] [ServiceShareSSH] share with (allow proxy to) SSH [0943] [WebDAV...] global configuration directives [0944] "webdav:" conditional [0945] logical name WASD_NO_SYSUAF_ACME disables SYSUAF via ACME [0946] logical name WASD_NO_ACME disables ACME altogether [0947] can't believe it but some PHP script paths are [0948] exceeding a SCRIPT_NAME_SIZE of 128 - bump to 256! [0949] ServiceConfigAdd() use INADDR_ANY if host name lookup fails [0950] NetCreateService() use primary if service IP addr reset [0951] activity report has some major changes (see version log) [0952] AuthorizeResponse() allow agent reason for 403 [0953] bugfix; NetWriteStrDsc() flush all full descriptors [0954] bugfix; NetWriteGzip() ensure buffer size <= 65535 [0955] bugfix; MapUrl__Map() to URL use request ODS not path ODS [0956] bugfix; ServiceConfigFromString() create and use [0957] temporary service structure when generating report [0958] bugfix; FileAcpInfoAst() and CacheAcpInfoAst() [0959] byte-range limit negative offset [0960] bugfix; OdsNamBlockAst() deliver AST with 'AstParam' [0961] (requiring parameter changes to *lots* of AST functions [0962] called by use of OdsParse() and OdsSearch() - bugga!) [0963] bugfix; AuthVmsChangePassword() ensure that [0964] rqAuth.SysUafDataPtr is populated [0965] bugfix; MapUrl__Map() proxy 'fall-thru' [0966] bugfix; ProxyResponseRebuild() proxy->client compression [0967] chunk only for HTTP/1.1 responses and connection [0968] persistence header fields reflect non-chunked GZIP stream [0969] bugfix; HttpdSupervisor() no-progress use ->BytesRaw.. [0970] bugfix; ErrorNoticed() use of 'rqptr' (from 16-NOV-2007) [0971] bugfix; NetRead() redact into DataPtr *not* into [0972] rqNet.ReadBufferPtr (which works until subsequent read :-) [0973] bugfix; DclUpdateScriptNameCache() undo bug from fix of [0974] non-existant problem from 12-APR-2008 (talk about it!) [0975] bugfix; DclUpdateScriptNameCache() copy determined [0976] script invocation method ("@","$","=", etc.) into cache [0977] 15-MAR-2008 MGD v9.3.0, [0978] RequestReport() per-current, per-connection, [0979] per-throttle and per-history [0980] CgiGenerateVariables() suppress SCRIPT_NAME if it is an [0981] empty script name ("/") [0982] RequestGblSecUpdate() include remote user and realm in [0983] request monitor data [0984] callout REDACT: and REDACT-SIZE: [0985] support for request redaction (see DCL.C) [0986] NetRead(), RequestRedact(), RequestEnd() redact support [0987] callout NOTICED: (and auth agent NOTICED) [0988] callout OPCOM: (and auth agent OPCOM) [0989] auth agent callout SCRIPT-META [0990] DirBegin() only use query string if it begins "httpd=index&" [0991] RequestExecutePostCache() check again for RequestHomePage() [0992] before final RequestFile() [0993] [ServiceProxyAuth] CHAIN [0994] AUTH_PATH variable for authentication agents [0995] AuthConfigLoadCallBack() do not lower-case path [0996] ProxyRequestRebuild() allow "Proxy-Authorization:" header [0997] only if configured for CHAIN proxy authentication [0998] [SocketSizeRcvBuf] and [SocketSizeSndBuf] [0999] HTADMIN and AUTHHTA modules allow for CONNECT method [1000] ProxyTunnel..() provide for SSL client connections [1001] Server Activity graphing slash-delimitted 'max-requests' [1002] that scales the Y axis allowing finer detail display [1003] authorization realm agent can now be '=agent+opaque' [1004] to suppress the automatic username/password challenge [1005] accounting per-request GZIP compress percentage [1006] RequestRedirect() include response cookie(s) [1007] force ACME on VMS V7.3 and later [1008] [AuthSYSUAFuseACME] obsolete [1009] bugfix; GraphActivityPlotBegin() X axis scaling for [1010] non-integral factors [1011] bugfix; GraphActivityReport() uninitialised 'cptr' before [1012] use in processing '"form"-based query string' [1013] bugfix; AdminMenu() JavaScript doIt() call [1014] bugfix; RequestGet() buggy browser kludge (per JPP) [1015] bugfix; CONNECT proxy authorization [1016] bugfix; AuthCacheGblSecInit() (per JPP) [1017] bugfix; ProxyVerifyGblSecInit() (per JPP) [1018] bugfix; SesolaCacheGblSecInit() (per JPP) [1019] 19-MAY-2007 MGD v9.2.1, [1020] RequestGet() now handles extraneous which [1021] buggy browsers can incorrectly insert after the body [1022] of a valid request (See RFC 2616 section 4.1) [1023] ProxyRequestBegin() restrict HTTP methods for FTP scheme [1024] ProxyFtpLifeCycle() process HEAD as for GET [1025] ProxyResponseRebuild() make request HTTP version a [1026] consideration before chunking proxy->client (with JPP) [1027] RequestExecutePostAuth1() kludge to allow 'implied' scripts [1028] CgiGenerateVariables() provide TRACK_ID if present (for JPP) [1029] bugfix; DclBegin() agent runs under default account [1030] bugfix; MapUrl_Map() auth agent modifying path SETings [1031] bugfix; DirFormatAcpInfoAst() 'S' (size) processing for [1032] block totals at the end of a listing [1033] bugfix; agent mappings using VMS-USER: not being cached [1034] bugfix; GzipDeflateCache() allow for cached CGI header [1035] bugfix; CacheNext() don't adjust GZIP content for CGI header [1036] bugfix; ConfigLoadCallback() post-process sanity checking [1037] for 'NetConcurrentMax' and 'NetConcurrentProcessMax' [1038] bugfix; BodyReadBegin() 413 set status before declaring AST [1039] bugfix; ProxyRequestRebuild() proxy verify [1040] "Authorization:" request header field carriage-control [1041] bugfix; ProxyNetConnectPersist() rejects all further [1042] requests once ProxyConnectPersistMax has been hit [1043] 04-NOV-2006 MGD v9.2.0, [1044] significantly enhance WATCH filtering [1045] added REG_NEWLINE to REGEX_C_FLAGS so that anchors match [1046] newlines in strings to support 'Request' filter in WATCH [1047] access logging now supports an HOURLY period [1048] remove file name length constraint for access logs created [1049] on an ODS-5 volume (allows full host name components, etc.) [1050] ProxyTunnelChainConnect() and ProxyTunnelChainConnectAst() [1051] to implement raw tunnelling through an intermediate proxy [1052] maintenance; there seem to have been some changes in the [1053] underlying TCP/IP Services handling of shared sockets [1054] so NetAcceptAst() set socket share on client and ... [1055] NetClientSocketCcl() to control BG device carriage-control [1056] (to parallel the APACHE$SET_CCL.EXE functionality) [1057] DclCalloutDefault() add GATEWAY-CCL: callout to allow [1058] BG device carriage-control from running script [1059] RequestHttpStatusCode() provides more fine-grained HTTP [1060] response status code accounting (mainly for WOTSUP) [1061] DirFormat() and DirFormatSize() allow in-line layouts to [1062] specify size with VMS format listings, as well as [1063] adding size specification of 'V' (VMS-ish, in blocks) [1064] use PercentOf() and QuadPercentOf() for more accurate and [1065] more consistent percentages [1066] AdminMenu() status panel (time, connect, request) mods [1067] AdminMenu() instance [active][standby] functionality [1068] (service item) network connection [Purge][All] [1069] activity graph; add request peak data [1070] ('network connections' has been masquerading as this) [1071] (also see 'CRAZY' note in GraphActivityReport()) [1072] for authorization add '+=' to realm default syntax for [1073] realm default to be concatenated to any path access [1074] /DO=INSTANCE=ACTIVE|STANDBY [1075] /DO=NET=PURGE[=ALL]|SUSPEND[=NOW]|RESUME [1076] NetPassive() and NetActive() to allow non-supervisor [1077] instances to be made quiescent [1078] NetSuspend() and NetResume() to allow halt and resume [1079] request processing [1080] NetPurge() to remove network connections [1081] increase AUTH_MAX_PATH_PARAM_LENGTH from 127 to 255 [1082] (initially prompted by development of AUTHAGENT_LDAP) [1083] add 'ConnectSuspend', 'InstancePassive', 'LastExitTime64', [1084] 'LastExitPid' and 'ResponseStatusCodeCount[]' to global [1085] section [1086] bugfix; LoggingDo() changes for daily period test [1087] to support hourly logging (thanks again JPP) [1088] bugfix; SsiEnd() propagate included document user variables [1089] back into parent document to ensure they remain *global* [1090] bugfix; GzipShouldDefault() uninitialized 'cptr' when no [1091] content-type would cause WatchThis() "!AZ" to barf if [1092] 'cptr' was non-NULL but pointed into an invalid page [1093] bugfix; NetAcceptProcess() and NetDirectResponse() [1094] should issue 503 for 'too busy', not 502 [1095] bugfix; StringMatchAndRegex() regular expression [1096] 'MatchType' detection prior to pre-match [1097] bugfix; ThrottleReport() column alignment of 'busy' and [1098] 'total' percentages in second row of per-path statistics [1099] bugfix; NetAccept(), NetAcceptAst(), NetAcceptProcess() [1100] nasty problem where multihomed servers 'svptr' confusion [1101] (due to the multihome pointer manipulation) could result [1102] in an attempted re-queue of an accept on a service that [1103] did not correspond to the original accept AST delivery [1104] with the result that no accept ended up being queued [1105] bugfix; ResponseHeader() and NetWrite() accomodate 304 [1106] bugfix; RequestGet() timestamp the event immediately [1107] bugfix; AuthConfigLine() propagate 'RealmCanString' by [1108] making it static storage (doh) [1109] bugfix; MenuFileDescription() status from OdsParse() [1110] bugfix; StmLfLog() -E- to -I- for non-status-value call [1111] 11-MAY-2006 MGD v9.1.4, [1112] 'Proxy affinity' courtesy of Jean-Pierre Petit (esme.fr) [1113] (see PROXY.C for an explanation of what all this means) [1114] enabled per-service using [ServiceProxyAffinity] or [1115] per-path using SET PROXY=[NO]AFFINITY [1116] SesolaCacheInit(), in conjunction with AuthConfigInit() [1117] noting the presence of any X509 realm, automatically [1118] adjusts multi-instance, SSL session cache record size [1119] to accomodate potential client certificate [1120] SesolaInit() added ICACHE=SIZE= and SSL=ICACHE=RECORD= to [1121] allow manual configuration of instance SSL session cache [1122] RequestRedirect() "//:port/path" (i.e. begins with "//:") [1123] allows a redirect to a different port on the same host [1124] increase MapUrl__Map() WildBuffer[] storage to 4096 [1125] increase HOST_STORAGE from 236 to 1004 as an interim [1126] workaround for SS$_ENDOFFILE when storage insufficient [1127] (jpp@esme.fr) - why doesn't it return SS$_RESULTOVF?!! [1128] SesolaCacheInit() if boolean 'AuthRealmX509' indicates X509 [1129] realm is in use then use a larger session cache record [1130] potential bugfix; CgiOutput() CGI_OUTPUT_MODE_CRLF output [1131] count should be checked for zero before negative index [1132] potential bugfix; when URL-encoded decoding use unsigned [1133] char to prevent sign bit issues with the likes of %FC [1134] bugfix; non-SSL SesolaCacheInit() should return not bugcheck! [1135] bugfix; SSL_shutdown() problem reported by JPP [1136] introduce SesolaNetReadAst() and SesolaNetWriteAst() [1137] to defer reset of AST function address used to indicate [1138] AST-in-progress in other parts of the code [1139] bugfix; CgiOutput() empty 'record' in stream mode should be [1140] ignored and not have carriage-control adjusted (JFP) [1141] bugfix; 'RQ' include method (equivalent of Apache "%r") [1142] bugfix; 'EM', 'ES' and 'UE' arithmetic ('doh'!?) [1143] bugfix; DECnetWriteRequestBody() suppress empty record on [1144] end-of-body for OSU (call DECnetWriteRequestBodyAst()) [1145] to prevent it interfering with functionality [1146] bugfix; HttpdTimerSet() TIMER_PERSISTENT (jpp@esme.fr) [1147] bugfix; RequestFields() allow for header lines with no [1148] white-space between field name and value (jpp@esme.fr) [1149] 24-NOV-2005 MGD v9.1.3, [1150] authorization OPAQUE realm to allow a script to completely [1151] generate it's own authentication challenge and processing [1152] bugfix; MapUrl__Map() SCRIPT result copy not checking [1153] for null resulting in occasional overflow error status [1154] bugfix; FileNextBlocks() ensure VARiable record format [1155] files have records read on word (even byte) boundaries [1156] bugfix; AuthConfigProxyMap() set cache record SYSUAF [1157] authentication boolean in tandem with request boolean [1158] bugfix; DclSysCommandAst() allow for the queued [1159] post-CGIplus script STOP/ID=0 and EOF [1160] bugfix; copy sentinals into request storage to prevent [1161] them (potentially) being overwritten by an early call [1162] to DclScriptProcessCompletionAST() [1163] bugfix; ResponseHeader() ensure a charset= supplied with [1164] a text content-type (e.g. from a CGI script) is used [1165] 15-SEP-2005 MGD v9.1.2, [1166] metacon "server-protocol:" as "1.1", "1.0", "0.9" [1167] SET proxy=reverse=[no]auth (jpp@esme.fr) [1168] AuthAcmeVerifyUser() remote IP address to refine intrusion [1169] data and reduce possibility of DOS attack on usernames [1170] support multiple IP addresses in host cache (jpp@esme.fr) [1171] support proxy to origin server failover (jpp@esme.fr) [1172] [ProxyConnectTimeoutSeconds] configures period proxy to [1173] origin server connection is attempted (1-60 seconds) [1174] add selected request data to ErrorNoticed() report [1175] /DO=ZERO=NOTICED to reset 'errors noticed' accounting [1176] refine OPTIONS ResponseOptions() to provide "Allow:" [1177] bugfix; raw proxy tunnelling requires a contrived connect [1178] request in NetRead() to initiate an AST to RequestGet() [1179] bugfix; AuthAcmeVerifyUser() ACME$_LOGON_TYPE requires [1180] IMPERSONATE (DETACH) privilege for VMS V7.3-1 and earlier [1181] bugfix; DECnetOsuDialog() allow CgiOutput() error responses [1182] bugfix; initialize TcpIpHostCacheExpireSeconds (jpp@esme.fr) [1183] 10-JUL-2005 MGD v9.1.1, [1184] [[?]] and service:? to match unknown virtual service [1185] OpenSSL v0.9.8 changed macro name EVP_F_EVP_DECRYPTFINAL [1186] bugfix; adjust CacheMemoryInUse/CachePermMemoryInUse [1187] bugfix; GzipDeflateCache() ambit buffer size calculation [1188] too small for small content lengths (just allow heaps!) [1189] 26-JUN-2005 MGD v9.1.0, [1190] SET throttle=/ per-user throttle [1191] SET script=symbol=[no]truncate [1192] allow for VMS V8.2 64 byte lksb$b_valblk [1193] /DO=DCL=[PURGE|DELETE]=[USER|SCRIPT|FILE]= [1194] script processes by username, script name, or file name [1195] /DO=NOTE= to provide admin mapping notes [1196] /DO=THROTTLE=[TERMINATE|RELEASE]=[USER|SCRIPT]= [1197] throttled requests by username or script name [1198] AdminMenu() [/DO=] button/field and supporting functionality [1199] caching of GZIP compressed content [1200] proxy cache GZIP compressed content [1201] revised multihoming so that the client specified IP address [1202] of a accept()ed connection is used to identify the service [1203] (this allows easier isolation of SSL certificates, etc.) [1204] metacon 'instance:' to allow testing of WASD instances [1205] metacon 'multihome:' to allow detection of mismatched [1206] multihomed IP addresses and services [1207] metacon 'note:' to allow testing of admin conditional notes [1208] metacon 'robin:' to allow round-robin distribution [1209] CGI variable SERVER_MULTIHOME present when above true [1210] provide PWDMIX mixed-case plus printable char passwords [1211] in AuthVmsVerifyPassword() and AuthVmsChangePassword() [1212] CgiVariable() allow path mapping script=symbol=truncate to [1213] truncate a CLI symbol within the limit of the current VMS [1214] version capacity, noting this in SERVER_TRUNCATE variable [1215] SesolaInitService() no longer needs to clone [1216] modify VM statistics to a max of 1024 pages and granularity [1217] of 8 (GZIP significantly increased memory requirements) [1218] DclTaskRunDown() proactively handle task after SS$_NONEXPR [1219] ProxyMaintSupervisor() return if caching not enabled [1220] IA64 TcpIpSetAgentInfo() Multinet uses UCX$IPC_SHR [1221] in the image header (TCP/IP Services' TCPIP$IPC_SHR) [1222] AuthVmsVerifyUser() WATCH which flag causes failure [1223] allow client-side GZIPing of non-GZIPed proxied responses [1224] (courtesy Jean-Pierre Petit at jpp@esme.fr) [1225] allow config files to be a logical search list [1226] (initially to support multiple language HTTPD$MSG files) [1227] relax configured file type check if path SETing [1228] script=command=<..> provides a full activation command [1229] HTTPD$VERIFY can now specify a REMOTE_ADDR IP address [1230] allow report path to exclude using negative codes [1231] SSI to response header [1232] SSI to pre-expire [1233] make EXQUOTA (particularly ASTLM) a little more obvious [1234] bugfix; remove mutex around spurious wake counter [1235] bugfix; MetaConLoad() allocate structure before non-filename [1236] return! (revealed by Alex Daniels with no HTTPD$SERVICE) [1237] bugfix; prevent expired SYSUAF password from being cached [1238] bugfix; ProxyEnd(rqptr) should be ProxyEnd(ktptr) in [1239] ProxyNetHostConnectAst() (jpp@esme.fr) [1240] bugfix; FileResponseHeader() if none-match entity and [1241] IfModifiedSince() logic [1242] bugfix; GzipDeflateCache() ambit buffer size caclulation [1243] (captr->ContentLength >> 9) now (.. >> 7) (jpp@esme.fr) [1244] bugfix; MapOdsUrlToOds2Vms() DECnet access string should [1245] be able to support the space required for password [1246] bugfix; HTTP_METHOD_.. constants needs to be a bitmap! [1247] bugfix; the Ben Burke collection :-) [1248] bugfix; SesolaNetClientShutdown() remove SSL_shutdown() [1249] (revealed by https: tunnelling shutdown) [1250] bugfix; keyword search exclusion on configured file type [1251] 04-FEB-2005 MGD v9.0.2, [1252] SET script=control=<...> [1253] [GzipFlushSeconds] controls GZIPed response flush interval [1254] NetWriteGzip() abandon using argument counts to determine [1255] AST usage or direct call, use NetWriteGzipAst() instead [1256] RequestParseAndExecute() and ProxyRequestBegin() remove [1257] explicit disable of POST & PUT connection persistence [1258] CgiOutput() if "Location:" is supplied but no HTTP [1259] status turn it into a 302 (see also ResponseHeader()) [1260] ResponseHeader() include 'rqResponse.LocationPtr' [1261] GzipShouldDeflate() disable PDF deflation by default [1262] bugfix; aarghh! NetWriteGzip()/NetWriteGzipAst() [1263] bugfix; ServiceConfigAdd(), NetHostNameLookup() status check [1264] bugfix; ProxyReadResponseAst() if required, chunking needs [1265] to be performed after header as well as body processing [1266] bugfix; NetWriteChunked() ensure an empty body is [1267] terminated with a chunk of zero [1268] bugfix; NetWrite() distinguish between "empty" data and [1269] end-of-stream (inducing occasional ZLIB buffer errors) [1270] bugfix; AuthorizeRealm() check for login cookie before [1271] revalidating new cache record credentials (jpp@esme.fr) [1272] 22-DEC-2004 MGD v9.0.1, [1273] introduce chunked responses where content-length is [1274] unknown to enhance connection persistence behaviour [1275] SET response=[no]chunked [1276] CGI Script-Control: X-transfer-encoding-chunked[=0|1] [1277] in Sesola_read() and Sesola_write() remove [1278] BIO_set_retry_..() and BIO_clear_retry_..(), [1279] bugfix; NetWriteGzip() AST no remaining data length [1280] bugfix; Sesola_read_ast() and Sesola_write_ast() [1281] zero I/O status block count on error status [1282] bugfix; MapOdsVmsToUnix() empty if empty [1283] 01-DEC-2004 MGD v9.0.0, [1284] HTTP/1.1 compliance [1285] persistent connections over SSL [1286] persistent proxy connections [1287] proxy tunnelling [1288] significant changes to proxy cache file processing [1289] GZIP transfer-encoding (reponse and request) [1290] allow ResponseHiss() kBytes [1291] allow throttling with zero requests being processed [1292] metacon 'request-method:?' tests for HTTP extension method [1293] metacon refined directive and request header field processing [1294] request redirect, CGI variable and proxy request field [1295] processing refined [1296] SET report=tunnel [1297] SET response=gzip=<...> [1298] SET script=body=[no]decode [1299] SET script=syntax=[no]unix [1300] [ConnectMax] (supercedes [Busy]) max concurrent connections [1301] [EntityTag] enables the generation of file "ETag:", [1302] [GzipAccept] accept gzip encoded request bodies [1303] [GzipResponse] level[,memory,window] gzip encoded responses [1304] [LogWriteFail503] service unavailable 503 response when [1305] access log write fails [1306] [PipelineRequests] enables pipeline processing [1307] [ProcessMax] max concurrent requests being processed [1308] [ProxyCacheNegativeSeconds] for non-success responses [1309] [ProxyConnectPersistMax] and [ProxyConnectPersistSeconds] [1310] for controlling proxy->server connection persistence [1311] [ServiceProxyTunnel] connect | firewall | raw [1312] [ServiceClientSSLcert] and others allow outgoing SSL config [1313] [TimeoutPersistent] supercedes [TimeoutKeepAlive] [1314] CGI Script-Control: X-content-encoding-gzip[=0|1] [1315] bugfix; FileVariableRecord() memset only if positive [1316] bugfix; (authorization) agents should not begin to read [1317] a POSTed request body (Jean-Pierre Petit, jpp@esme.fr)) [1318] bugfix; CgiOutputFile() missing sizeof(FILE_CONTENT) [1319] when VmReallocHeap() increasing buffer space [1320] bugfix; AuthReadSimpleList() group member password check [1321] 02-OCT-2004 MGD v8.5.3, [1322] revalidation periods and '?httpd=logout&goto=...' [1323] change from self-relative to absolute links in "Index of" [1324] anchor generation (broke usage in some SSI documents) [1325] bugfix; MetaconClientConcurrent() if IP address not the same! [1326] bugfix; auth=revalidate= is minutes not seconds [1327] bugfix; even number of bytes on a disk $QIO READVBLK [1328] bugfix; HttpTimerSet() after mapping in case of SET timeout [1329] bugfix; ServiceFindVirtual() port string comparison [1330] 31-JUL-2004 MGD v8.5.2, [1331] bugfix; StringMatchAndRegex() SMATCH__GREEDY_REGEX [1332] bugfix; (potential anyway) PutWriteFileClose()/PutEnd() [1333] bugfix; TcpIpNetMask() result in AuthRestrictList() [1334] bugfix; ProxyFtpPasvData() if PASV response address [1335] is 0.0.0.0 then use connect address [1336] 30-JUN-2004 MGD v8.5.1, [1337] bugfix; HttpdExit() INHIB_MSG test [1338] 07-JUN-2004 MGD v8.5.0, [1339] IPv6 (concurrent with IPv4) support [1340] ACME authentication (realm) [1341] [AuthSysUafUseACME] config directive [1342] config directives [DNSLookupClient] (formerly [DNSLookup]), [1343] [DNSLookupLifeTime] and [DNSLookupRetry] [1344] config directive [ProxyHostCachePurgeHours] obsolete [1345] SYSUAF user verification now checks pre-expired passwords [1346] changes to eliminate RMS from file access and proxy cache [1347] (WASD's doing all the content conversion work anyway!) [1348] by using ACP/QIOs and massaging record content explicitly [1349] (outgrowth of returns from 8.4.3 changes in this area) [1350] on-disk structure for each PASS result (ODS-2 or ODS-5) [1351] is applied to a path unless otherwise SET with ODS= [1352] bugfix; file cache pointer initialization before [1353] first call to CacheNext() [1354] bugfix; agent script should have non-strict-CGI ignored [1355] (stupid problem introduced with script output caching) [1356] 04-MAR-2004 MGD v8.4.3, [1357] read variable record format files using block IO and then [1358] explicitly process those records to produce a stream-LF [1359] block of data in their place! [1360] (provides in excess of 400% throughput boost!!! :^) [1361] set script process default directory before activation [1362] set script process parse extended/traditional if path ODS set [1363] CGI 'Script-Control: X-content-handler=SSI' field [1364] absorb CGI/NPH header during script CGI processing [1365] SET ssi=exec= [1366] script=default= [1367] SSI can now be enabled on a per-path basis using 'ssi=exec=#' [1368] SSI #exec (#dcl) directives can be allowed on per-path basis [1369] using SET ssi=exec= (e.g. 'ssi=exec=say,show') [1370] 'delete-on-close' file specification extended [1371] SSI [1372] metacon add server_process_gt:, change to client_connect_gt: [1373] and server_connect_gt: to better reflect functionality [1374] service access log report (last 65kB of an access log) [1375] add connect processing and keep-alive accounting items [1376] DECC 6.2 objected to '$DESCRIPTOR(name,ptr->string)' [1377] bugfix; rare RECTOOBIG on variable record length file where [1378] longest record exceeded 'OutputBufferSize' so initialize [1379] buffer to maximum of 'OutputBufferSize' or file lrl [1380] bugfix; RequestExecute() re-set error by redirect [1381] bugfix; ErrorGeneral() always get module name and number [1382] bugfix; DclAllocateTask() CGIplus with virtual services [1383] bugfix; ProxyFtpListProcessUnix() maximum fields handling [1384] 08-JAN-2004 MGD v8.4.1, [1385] SET response=header=[no]add[=""] [1386] 04-JAN-2004 MGD v8.4.0, [1387] compilation and run-time support for IA64 [1388] for VMS 7.3-2 and later take advantage of the larger [1389] EDCL CLI line (255->4095) and symbol (1024->8192) sizes [1390] 'config directory' located authorization databases [1391] authorization path keyword 'final' to conclude further [1392] rule mapping at that point (as if none matched) [1393] rule mapping "set map=root=" allows a set of rules [1394] to be rooted to a particular path (CGI document-root) [1395] support "Range: bytes=[,..]" request field [1396] for non-VAR-record files and cached files [1397] provide network mode operation (server and scripts) [1398] revise detached process cleanup candidate identification [1399] (now requires CMKRNL privilege to use $GRANTID service) [1400] modify DCL.C script activation code (allow qualifiers [1401] and/or parameters to be supplied from path setting) [1402] extensive rework of cache module to allow non-file content [1403] (e.g. script) output to be cached [1404] [CacheGuardPeriod] configuration directive [1405] optional HTTPD$MSG [language] 'charset=' parameter [1406] HTA database now "read [record] regardless of lock" [1407] SET cache=[no]cgi, cache=expires=, cache=[no]file, [1408] cache=[no]net, cache=maxkbytes=, cache=[no]nph, [1409] cache=[no]script, cache=[no]ssi, [1410] map=root=, [1411] map=set=[no]ignore, map=set=[no]request, [1412] proxy=reverse=location=, proxy=reverse=verify, [1413] response=header=[append|full|none], [1414] script=command= [1415] reverse-proxy 302 "Location: ..." response can have the [1416] location URL rewritten to reflect the original host [1417] reverse-proxy can be locally authorized and then have [1418] that verified by the proxied-to server (UMA) [1419] metacon "document-root:" ('DR') reflects "set map=root=" [1420] add "client_current_gt:" and "server_current_gt:" [1421] /PERSONA=IDENT= is now available for PERSONA_MACRO [1422] mapping now URL-encodes a redirect wildcard path portions [1423] rework some report item format and content [1424] check Digest authentication against Mozilla 1.4 [1425] only check SYSUAF secondary password expiry date/time [1426] if the secondary password hash is not empty [1427] bugfix; error report by redirect, set after virtual host [1428] bugfix; GraphActivityPlotBegin() and GraphActivityDataScan() [1429] signed/unsigned issue masking out request value [1430] bugfix; chained proxy CONNECT processing [1431] bugfix; keep track of outstanding body reads [1432] bugfix; according to the doco "Index of"s from SSI should [1433] not be delimited top or bottom (up to SSI to caption it!) [1434] bugfix; DclScriptProcessPurge() [1435] 12-OCT-2003 MGD v8.3.2, [1436] bugfix; DECnet allow for outstanding network writes [1437] bugfix; "internal" script detection [1438] bugfix; MetaConLoad() [IncludeFile] [1439] bugfix; ProxyRequestRebuild() rebuild buffer space [1440] bugfix; suppress output after "Script-Control: x-error..." [1441] bugfix; keyword search exclude file type [1442] bugfix; notepad needs to be explicitly NULLed [1443] bugfix; MAP-FILE: stripping leading character [1444] bugfix; DECnet allow for outstanding body reads [1445] 15-AUG-2003 MGD v8.3.1, [1446] allow the database directory location to be specified using [1447] authorization rule 'param="/directory=device:[directory]"' [1448] allow for and keep track of $HIBER spurious wakes [1449] massage SYSUAF-authenticated remote username to comply [1450] with VMS requirements [1451] suppress digest auth challenge except for HTA and external [1452] where CDATA constraints make using entity impossible [1453] use a field name of hidden$lf and ^ substituted [1454] with the BODY.C module doing some sleight-of-hand with it [1455] (modern browsers like Mozilla were having issues) [1456] BODY_DISCARD_CHUNK_COUNT made *very* large [1457] bugfix; ServiceConfigReviseNow() form element names must be [1458] unique (technically correct, enforced by modern browsers) [1459] bugfix; AuthCacheAddRecord() [1460] bugfix; check for NULL pointer 'cnptr->ReuseConnection' [1461] bugfix; DECnetCgiDialog() not strict wait for EOF sentinal [1462] bugfix; do not allow SET mapping during a callout [1463] bugfix; use _BBCCI() to clear the mutex in InstanceExit()!! [1464] bugfix; SesolaCacheAddRecord() oldest tick second [1465] 28-JUN-2003 MGD v8.3.0, [1466] regular expression support [1467] [AuthFailurePeriod], [AuthFailureTimeout], [1468] [ProxyUnknownRequestFields], [RegEx] directives [1469] SET cache=[no]perm, cache=max= [1470] SET notepad= and if (notepad:) [1471] metacon "notepad:", "regex:", "request:" ('RQ'), "restart:" [1472] [Match] Server Admin item, report, and WATCH item [1473] file cache support for permanent and volatile entries [1474] improve efficiency RequestRedirect() & ProxyRequestRebuild() [1475] store and provide unrecognised request header fields [1476] rework break-in detection and processing [1477] (configuration defaults to LGI sysgen parameters and now [1478] operates in the same way as described for general VMS) [1479] /SYSUAF=(VMS,ID) allows concurrent VMS and ID authorization [1480] add proxy cache device error count statistics [1481] home pages may now be [Welcome]+[DclScriptRunTime] specified [1482] (i.e. provided via scripting environments such as PHP) [1483] request heap statistics and VmRequestTune() [1484] bugfix; add HTTP protocol to combined/common format URL [1485] bugfix; request body to be read needs to be the smaller of [1486] remaining body or buffer size (jpp@esme.fr) [1487] bugfix; InstanceMutex..() use _BBCCI() to clear the mutex [1488] bugfix; FILE.C FileSetCharset() following CacheSearch() [1489] moved to CACHE.C module (ACCVIO if entry NULLed) [1490] bugfix; ProxyMaintDeviceStats() volume count (set) handling [1491] bugfix; ServiceConfigFromString() (jpp@esme.fr) [1492] bugfix; DirFormatLayout() static flags (jpp@esme.fr) [1493] bugfix; request SET Html.. memory allocation (jpp@esme.fr) [1494] bugfix; MetaConParse() decrement index (back) when [1495] not currently executing an if()inline directive [1496] bugfix; (and refine) DECnetSupervisor() [1497] bugfix; DclSysOutputAst() do not rundown script process [1498] if the error generated came from "Script-Control:" [1499] bugfix; CGI(plus) allow for '!' from (!$blah) mapping rule [1500] 09-APR-2003 MGD v8.2.0, [1501] some minor logging format changes for server entries [1502] wildcard and comma-separated list of languages [1503] can be specified (e.g. "[Language] es-ES,es,es-*") [1504] [ProxyForwarded] supercedes [ProxyAddForwardedBy] with [1505] proxy=forwarded[=...] mapping rule [1506] [ProxyXForwardedFor] configuration directive with [1507] proxy=xforwardedfor[=...] mapping rule to support [1508] proxy generation of "X-Forwarded-For:" header field [1509] authentication agent '100 REASON any text' [1510] script=as=$? to indicate optional use of SYSUAF username [1511] SET dir=style[=default|original|anchor|htdir], [1512] SET html=[bodytag|header|headertag|footer|footertag]=[..] [1513] and incorporation in "Index of", selected other facilities [1514] SET cgiplusin=[none|cr|lf|crlf], SET cgiplusin=eof, [1515] SET script=query=none, SET script=path=find, [1516] SET [no]search=none [1517] disable 'NetMultiHomedHost' (should not be required [1518] for modern virtual service processing) [1519] script=params=+(name=value) concatenates to any existing [1520] HTAdminPasswordChange() check for VMS group write [1521] processes created using HttpdDetachServerProcess() now have [1522] a YYYYMMDDHHMMSS timestamp as part of the process log name [1523] with RTEs look first for one that was executing the same [1524] script, then if not found fall back to (any) LRU RTE [1525] SYSUAF security profile via rule and /PROFILE=BYRULE [1526] script as SYSUAF username can be requested with auth rule [1527] allow [[service]] to include the [[scheme://service]] [1528] relax ServiceParse() so that [[the.host.name]] is accepted [1529] enable SYSPRV in HTAdminDatabaseSearch() [1530] relax initial CGI response line checking [1531] build 'records' from script single byte output streams [1532] general (non-RTE) run-time allowed with (!..) syntax [1533] both run-time specifications allowed with SCRIPT rule [1534] added GATEWAY_EOF/EOT/ESC CGI variables [1535] sentinals changed to have only RMS-compliant characters [1536] supply more detail from "%DCL-E-OPENIN, blah" responses [1537] SesolaParseCertDn() record /email and /emailAddress [1538] bugfix; Alpha VMS V7.1 or earlier sys$persona_assume() [1539] needs to be used in the same way as for VAX [1540] bugfix; RequestRedirect() append remain CGI response header [1541] bugfix; body provision for script processing restart [1542] bugfix; proxy FTP ResponseHeader() content-length of zero [1543] bugfix; StringParseQuery() loop on string overflow [1544] bugfix; HTAdminPasswordChange() cache reset realm [1545] bugfix; error recovery in Sesola_read() and Sesola_write() [1546] bugfix; DECnetFindCgiScript() foreign verb creation [1547] 10-JAN-2003 MGD v8.1.1, [1548] SET script=query=relaxed [1549] AuthVmsLoadIdentifiers() more flexible [1550] bugfix; ControlEnqueueCommand() occasional race condition [1551] 07-DEC-2002 MGD v8.1.0, [1552] SET auth=all (path must be subject to authorization or fail) [1553] CGI 'Control-Script:' X-error-... fields [1554] add 'mp' mapping and 'mapped-path:' metacon conditionals [1555] add 'rc' mapping and 'redirected:' metacon conditionals [1556] add 'st' mapping and 'script-name:' metacon conditionals [1557] add "path-translated:" metacon conditional [1558] skeleton-key authentication [1559] refine mapping rule processing to ensure that paths with [1560] forbidden syntax generate RMS bad syntax [1561] check for device and directory (minimum) before parse [1562] refine metacon reporting (reporting detected errors to OPCOM) [1563] the server now detects the presence of HTTP$NOBODY [1564] account and scripts using that [1565] if the server is using HTTP$NOBODY or /script=as= [1566] DECnet scripting now uses the same account [1567] refine VMS security profile usage (no, just coincidence!) [1568] to allow VMS profile authorized requests to override [1569] directory listing controls (amongst other things) [1570] server process log is now accessable via the Admin Menu [1571] additional mapping functionality (SET query-string=) [1572] no sneaky getting directory contents by downloading files! [1573] CGI.C in non-strict CGI mode report anything like [1574] "%DCL-E-OPENIN, blah" as a failed script activation [1575] PUT.C allow for white-space in multipart file names [1576] bugfix; in OdsNameOfDirectoryFile() use SYSPRV [1577] around sys$parse() to ensure access to directory [1578] bugfix; set path dir=access not ignored [1579] 25-SEP-2002 MGD v8.0.1 [1580] additional persona counters [1581] /script=as= allows a NOBODY scripting environment [1582] without enabling PERSONA in general [1583] require account SYSPRV for certain command-line activities [1584] implement /persona=[authorized|relaxed|relaxed=authorized] [1585] to prevent inadvertant scripting using privileged accounts [1586] HttpdDetachServerProcess() [STARTUP]STARTUP_SERVER.COM [1587] MapOdsElementsToVms() excise parent directory syntax [1588] only use MapUrl_VmsUserName() path ODS if not already set [1589] SET report=4nn=nnn for mapping HTTP status [1590] SET map=ellipsis now required to map VMS '...' wildcard [1591] SET dir=charset= directory listing charset mapping rule [1592] support 'script=as=' functionality, plus DECnet variants [1593] NODE"$":: substitutes SYSUAF authenticated username into [1594] access string (for proxy access to account) and [1595] NODE"~":: substitutes '/~username/' username in same way [1596] set path en/decoding for RSI (MultiNet NFS), PATHWORKS (v4), [1597] Advanced Server (PATHWORKS v6) / Samba file naming schemas [1598] (as well as for ODS-2 and ODS-5) [1599] AuthVmsCheckUserAccess() traps SS$_NOCALLPRIV returning [1600] SS$_NOPRIV to allow directory listings of DFS volumes [1601] introduce fab$b_rfm and fab$b_rat as fields to allow [1602] PUT.C to specifically set these attributes as required [1603] refine SesolaReport() for obtaining service ciphers [1604] (OpenSSLv0.9.6f/0.9.7-beta break it) [1605] local redirection should have the path re-URL-encoded [1606] FAO change function of "!&U" to "!&P", new "!&U" [1607] enhance authentication and SSL global section creation [1608] allow for 'pass /* 400' (i.e. no trailing message) [1609] RFC1413 authorization with DNS lookup use host name to [1610] construct remote user string [1611] rework path alert notification for greater functionality [1612] bugfix; make ServiceConfigLoad() file not found non fatal [1613] bugfix; ConfigIconFor() terminate on content-type [1614] bugfix; if restart MIME boundary matching algorithm [1615] using that char (allow for --..boundary) [1616] bugfix; 'Xray' broken in v8, repaired and reworked [1617] bugfix; always revalidate X509 and RFC1413 [1618] (for path authorization after script) [1619] bugfix; 'script' and 'exec' MetaConParseReset() state [1620] bugfix; set AuthCacheRecordSize from HTTPD$CONFIG value [1621] bugfix; when discarding via BodyReadBegin() use BodyRead() [1622] to queue a network read only if data is outstanding [1623] bugfix; template/result wildcard checking for scripting rules [1624] bugfix; do not count callout records for CGI header purposes [1625] 03-JUL-2002 MGD v8.0.0 [1626] "instance" capability (loosely coupled, multiple [1627] socket/service-sharing servers on the one system) [1628] meta-config (integrated config, mapping, service, auth), [1629] provide "module WATCHing" for on-line, ad hoc debug [1630] SET script=params=(name=value), proxy=bind=
and [1631] proxy=chain= mapping rules [1632] asynchronous block processing of POST and PUT request body [1633] some accomodations for Mozilla-HTTP/1.1 "Cache-Control:" [1634] improve performance with EFN$C_ENF and use explicitly [1635] allocated event flags for avoiding potential interactions [1636] client host name lookup now asynchronous [1637] FTP proxying processing [1638] /DEMO demonstration mode [1639] 29-JUN-2002 MGD v7.2.3 [1640] some accomodations for Mozilla-HTTP/1.1 "Cache-Control:" [1641] bugfix; [ProxyCacheNoReloadSeconds] parsing [1642] bugfix; (well sort of) it would appear that after NO_CONCEAL [1643] searching and a sys$open() must sys$close() *before* the [1644] SYNCHCK sys$parse() release resources otherwise a channel [1645] bugfix; ensure when OdsParse() is used successively with [1646] the same ODS structure that previous resources are first [1647] released (can present a problem unique to search lists) [1648] to the device is left assigned!! [1649] bugfix; ensure sys$search() RMS channel is released [1650] bugfix; ProxyResolveHostCache() NULL 'rqptr' [1651] bugfix; account/password expiry [1652] bugfix; DclFindFileEnd() reset result file name [1653] bugfix; SsiAccessesClose() now synchronous using SYSPRV [1654] 13-APR-2002 MGD v7.2.2 [1655] Authorize() allow /NO401 parameter to suppress server [1656] challenge to allow external agent to response (e.g. PHP) [1657] ProxyHostConnectAst() invalidate host cache entry [1658] NetCreateService() checks previously bound address [1659] MapOdsUrlToVms() eliminate chance of device:[.directory] [1660] make a proxy reactive purge initially more agressive [1661] keep-alive decision logic to RequestFields() [1662] bugfix; ensure only one request revalidates a cache entry at [1663] a time (multiple could cause eventual channel exhaustion) [1664] bugfix; switch return not break with next reactive scan [1665] bugfix; AuthConfigProxyMap() wildcard string results [1666] bugfix; ODS-5 parent directories with multiple periods [1667] bugfix; command-line proxy cache maintenance reporting [1668] bugfix; FileNextRecordAst() VAR file into contents buffer [1669] bugfix; MAPURL.C throttle report [1670] bugfix; AuthCacheAddRecord() and host group without "host=" [1671] bugfix; reset SSL state to SSL_ST_OK if renegotiation fails [1672] bugfix; DclTaskRunDown() reset script task type [1673] bugfix; MsgFor() Accept-Lang: comparison [1674] bugfix; NetAcceptAst() deassign channel when connect dropped [1675] bugfix; wildcard substitution in MapUrl__Map() [1676] bugfix; StringMatch() wildcard matching [1677] bugfix; close log file for ALL services in LOGGING.C [1678] bugfix; !&M formatting directive in PROXYCACHE.C [1679] bugfix; /RELAXED should allow all but DISUSERed accounts [1680] to authenticate regardless of RESTRICTED or CAPTIVE flags [1681] 03-NOV-2001 MGD v7.2.1 [1682] PERSONA.C using PERSONA.MAR can now provide persona scripting [1683] for pre-VMS 6.2 VAX systems (CAUTION!! - UNSUPPORTED) [1684] "TASK=CGI..", "0=CGI.." recognised as DECnet CGI dialog [1685] FAB$M_TEF to deallocate unused log file space [1686] StringMatch() replaces SearchTextString() for more [1687] light-weight text matching (affects six modules) [1688] [SsiSizeMax] and [ProxyCacheNoReloadSeconds] [1689] FILE.C block I/O complete if _rsz is less than _usz [1690] 'ProxyCacheNoReloadSeconds' limits immediate (pragma) reload [1691] ensure mapping conditional not mistaken for missing template [1692] kludge work around spawning authorized privs with $CREPRC [1693] bugfix; ensure only one request revalidates a cache entry at [1694] a time (multiple could cause eventual channel exhaustion) [1695] bugfix; close current log file if period changes [1696] bugfix; DECnet user script mapping [1697] bugfix; FileNextBlocksAst() 'ContentRemaining' [1698] bugfix; wildcard substitution in MapUrl__Map() [1699] bugfix; sys$close() in OdsLoadTextFile() [1700] bugfix; always generate callout sequences [1701] bugfix; a bugfix in VMS V7.2 has broken the previously [1702] working usage of IO$_MODIFY in ProxyCacheSetLastAccessed() [1703] bugfix; activity graphic [1704] bugfix; check ParseQueryField() in WatchBegin() for NULL [1705] bugfix; allow agent to provide 'CGIPLUS:' directive [1706] bugfix; 'layout=U' upper-casing [1707] 01-JUL-2001 MGD v7.2.0 [1708] X.509 authentication and authorization [1709] RFC1413 (identfication protocol) authorization [1710] remote user to vms user (SYSUAF authorization) proxy mapping [1711] proxy cache maintainence may now be done from the CLI [1712] HTL list maintenance can now be done from the Admin Menu [1713] a fatal authorization problem now disables authorization [1714] "hh:mm:ss" allows for a more versatile period [1715] concurrent processing controls (request "throttling") [1716] improved script process run-down conditions and handling [1717] HttpdTick() drives XxxSupervisor()s [1718] control (/DO= and Admin menu) now via a global section [1719] monitor (HTTPDMON) data now supplied via a global section [1720] suppress CGI content-type "x-internal..." [1721] [IncludeFile] for all configuration files [1722] request supervisor refinements [1723] .URL file processing [1724] 01-JUL-2001 MGD v7.1.2 [1725] add selective status codes to error report path [1726] refine 'view' and 'list' redirection in UPD.C [1727] refine logging RMS characteristics (500% improvement) [1728] provide for ODS-5 "hidden" files ('^.') [1729] check network status during SSL accept [1730] EXEC of file type [1731] remove http: check from SesolaAccept() [1732] bugfix; parsing of [ServiceProxyChain] [1733] bugfix; 'RU' conditional [1734] bugfix; SCRIPT_FILENAME with CGIplus [1735] bugfix; NetThisVirtualService() and call conditions [1736] bugfix; SesolaFree() BioPtr [1737] bugfix; AuthVmsCheckUserAccess() return SS$_NOPRIV [1738] bugfix; ParseNetMask() and VSLM mask processing [1739] bugfix; sys$create_user_profile() length size from word [1740] (System Services Manual) to unsigned int (startlet.h)! [1741] bugfix; authorization network masks [1742] bugfix; directory specfication length (sys$check_access()) [1743] bugfix; HTAdminPasswordChange() call to FaoToOpcom() [1744] bugfix; AuthGenerateHashPassword() force upper-case [1745] bugfix; final status at write group/no read group check [1746] 18-JAN-2001 MGD v7.1.1 [1747] HTTPD$SCRATCH automatic script scratch file cleanup [1748] authentication agent can now '100 SET-COOKIE rfc2109-cookie' [1749] bugfix; memory leak in AUTH.C [1750] bugfix; FILE.C make a search list DNF appear as a FNF [1751] bugfix; /PROFILE empty directory passing incorrect parameter [1752] bugfix; general error reporter variable arguments [1753] bugfix; final authorization failure should specify 403 [1754] bugfix; ensure mapping rules exist for authentication agents [1755] bugfix; control cache purge arguments [1756] 17-OCT-2000 MGD v7.1.0 [1757] sys$creprc() scripting [1758] sys$persona...() scripting [1759] Run Time Environments (RTEs) [1760] server-group/cluster-wide directives (via DLM) [1761] further refined CGI.C module output handling [1762] apply authorization to SSI.C #include'd and #dir'e [1763] client socket (BGnnnn:) potentially sharable for scripts [1764] proxy cache device directory organization flat256/64x64 [1765] modify SSL initialization to better indicate "fallback" [1766] integration of WATCH peek/one-shot [1767] 03-SEP-2000 MGD v7.0.2 [1768] limit script output of ENDOFFILE [1769] if CGI response "Content-Encoding:" force stream mode [1770] bugfix; ProxyResolveHostLookup() can be called multiple [1771] during host name resolution - only allocate channel once!! [1772] bugfix; include Accept-Encoding when redirecting [1773] bugfix; ParseQueryField() string length check [1774] 09-JUL-2000 MGD v7.0.1 [1775] locking around proxy cache scans [1776] add "success=" 303 processing to PUT.C file upload [1777] improve CgiOutput() header processing (again!) [1778] correct concealed/searchlist parsing [1779] allow "302 location" redirection from authentication agent [1780] bugfix; proxy CONNECT service [1781] bugfix; HEAD requests specifying content-length [1782] bugfix; WatchCliSettings() storage [1783] 01-JUN-2000 MGD v7.0.0 [1784] support extended file specifications [1785] (ODS-5 under Alpha VMS V7.2ff) [1786] event reporting via OPCOM [1787] some "Apache" support for easing CGI script ports [1788] access log file naming refinements [1789] 18-MAR-2000 MGD v6.1.3 [1790] bugfix; authconfig processing [1791] 06-JAN-2000 MGD v6.1.2 [1792] authorization failure limit evasion period [1793] numerous warnings from DECC v6.2 addressed [1794] bugfix; user restriction list pass (broken in 6.1) [1795] 17-DEC-1999 MGD v6.1.1 [1796] bugfix; quote double-up in CgiVariable() (INSVIRMEM exit) [1797] 04-DEC-1999 MGD v6.1.0 [1798] "agent" authentication/authorization [1799] CGI(plus) processing provides callouts [1800] SSI module now supports OSU-specific directives [1801] /SYSPRV now allows operation with SYSPRV turned on [1802] "one-shot" WATCH and "peek" reports [1803] output no-progress timer [1804] remove NETLIB support [1805] 16-OCT-1999 MGD v6.0.3 [1806] bugfix; sys$create_user_profile [1807] bugfix; mapping storage overflow [1808] USER mapping rule for SYSUAF access [1809] 12-SEP-1999 MGD v6.0.2 [1810] minor changes to authorization processing [1811] bugfix; service parsing and SSL [1812] virtual services now match using "Host:" field [1813] 19-JUN-1999 MGD v6.0.1 [1814] refinements to request termination/rundown [1815] bugfix; DECnet (CGI and OSU) task handling [1816] bugfix; proxy request HTTP/0.9 response processing [1817] 30-MAY-1999 MGD v6.0.0 [1818] proxy, with HTTP caching [1819] OpenSSL 0.9.3 support (also SSLeay support) [1820] extended authorization/authentication environment [1821] 31-MAR-1999 MGD v5.3.4 [1822] bugfix; SesolaReport(), HttpHeaderChallenge() [1823] 28-MAR-1999 MGD v5.3.3 [1824] SSI variables global (when "#include"ing other SSI) [1825] SSI read buffer determined by 'FileXabFhc.xab$w_lrl' [1826] 05-FEB-1999 MGD v5.3.2 [1827] bugfix; FileNextRecord() zero '_usz' [1828] 10-JAN-1999 MGD v5.3.1 [1829] greater granularity when WATCHing authorization [1830] bugfix; OSU scripting pass *mapped* file spec [1831] 14-NOV-1998 MGD v5.3.0 [1832] [[host:port]] virtual service syntax [1833] [AddType] can now "text/html; charset=ISO-8859-1" [1834] [CharsetDefault] sets text and server character set [1835] improved AST granularity several significant modules [1836] WATCH report and CLI [1837] RMS-invalid substitution character in mapping rules [1838] bugfix; NameOfDirectoryFile() [1839] 29-AUG-1998 MGD v5.2.0 [1840] reuse DECnet task connections [1841] allow specified hosts exclusion from logging [1842] stream-LF conversion only on specified paths [1843] bugfix; SYS$TIMEZONE_DIFFERENTIAL processing [1844] bugfix; DECnet tasks not aborted at timeout [1845] 07-JUL-1998 MGD v5.1.0 [1846] add eXtended Server Side Includes processing [1847] design-problem; modify CGIplus script rundown [1848] SYSUAF authentication by identifier [1849] per-service logging [1850] rqptr->rqTmr.Terminated (occasional lib$get_vm() [1851] %LIB-F-BADLOADR around connection expiry termination) [1852] 20-DEC-1997 MGD v5.0.0 [1853] optional Secure Sockets Layer (using SSLeay) [1854] DECnet-based scripting including OSU emulation [1855] miscellaneous revisions and "improvements" [1856] 07-JAN-1997 MGD v4.5.2 [1857] bugfix; record-mode file transfer [1858] bugfix; activity graph [1859] 06-DEC-1997 MGD v4.5.1 [1860] resolving a suspected inconsistent AST delivery situation [1861] by requiring all $QIO()s with AST routines to ensure any [1862] queueing errors etc. are reported via the AST routine by [1863] an explicit $DCLAST() ... this removes ambiguity about how [1864] $QIO() returns should be handled ... drastic but desperate [1865] times, etc. (a more consistent and desirable model anyway :^) [1866] 02-NOV-1997 MGD v4.5.0 [1867] file cache [1868] logging periods [1869] HttpdSupervisor() [1870] configurable script run-time environments [1871] additional request header fields [1872] 18-OCT-1997 MGD v4.4.1 [1873] bugfix; duration [1874] bugfix; logging period [1875] 01-OCT-1997 MGD v4.4.0 [1876] message module [1877] conditional rule mapping [1878] SYSUAF-authenticated user access control [1879] multi-homed/multi-port services [1880] (some NETLIB packages now cannot DNS lookup) [1881] echo and Xray internal scripts [1882] extensions to logging functionality [1883] additional command-line server control [1884] bugfix; redirection loop detection [1885] 01-AUG-1997 MGD v4.3.0 [1886] MadGoat NETLIB broadens TCP/IP package support [1887] server activity report [1888] 16-JUL-1997 MGD v4.2.2 [1889] bugfix; WORLD realm and access list [1890] 07-JUL-1997 MGD v4.2.1 [1891] minimum heap allocation chunk size [1892] prevent keep-alive timeout redefining request logical [1893] 01-JUL-1997 MGD v4.2.0 [1894] change name to WASD (Wide Area Surveillance Division) [1895] persistent DCL subprocesses and CGIplus [1896] (see re-written DCL.C module) [1897] scripting and client reports [1898] potential multi-thread problems in reports fixed [1899] 27-MAR-1997 MGD v4.1.0 [1900] rationalized HTTP response header generation [1901] delete on close for "temporary" files to support [1902] UPD module "preview" functionality ... WARNING, any [1903] file with a name comprising a leading hyphen [1904] sixteen digits and a trailing hyphen will be deleted! [1905] 01-FEB-1997 MGD v4.0.0 [1906] HTTPd version 4 [1907] 01-OCT-1996 MGD v3.4.0 [1908] extended server reporting [1909] 01-AUG-1996 MGD v3.3.0 [1910] realm/path-based authorization [1911] BASIC and DIGEST authentication [1912] PUT(/POST/DELETE) module [1913] StmLf module (variable to stream-LF file conversion) [1914] 12-APR-1996 MGD v3.2.0 [1915] file record/binary now determined by record format [1916] persistent connections ("Keep-Alive" within HTTP/1.0) [1917] moved RMS parse structures into thread data [1918] improved local redirection detection [1919] observed Multinet disconnection/zero-byte behaviour [1920] (request now aborts if network read returns zero bytes) [1921] 15-FEB-1996 MGD v3.1.1 [1922] fixed rediculous :^( bug in 302 HTTP header [1923] minor changes to request accounting and server report [1924] minor changes for user directory support [1925] minor changes to error reporting [1926] 03-JAN-1996 MGD v3.1.0 [1927] support for both DEC TCP/IP Services and TGV MultiNet [1928] 01-DEC-1995 MGD v3.0.0 [1929] single heap for each thread's dynamic memory management [1930] extensive rework of DCL subprocess functionality [1931] HTML pre-processsing module (aka Server Side Includes) [1932] NCSA/CERN compliant image-mapping module [1933] NetWriteBuffered() for improving network IO [1934] miscellaneous reworks/rewrites [1935] 27-SEP-1995 MGD v2.3.0 [1936] carriage-control on non-header records from [1937] to single ('\n' ... newline), some browsers expect [1938] only this (e.g. Netscape 1.n was spitting on X-bitmaps) [1939] added Greenwich Mean Time time-stamp functionality [1940] added 'Referer:', 'If-Modified-Since:', 'User-Agent:' [1941] 07-AUG-1995 MGD v2.2.2 [1942] optionally include commented VMS file specifications [1943] in HTML documents and VMS-style directory listings [1944] 16-JUN-1995 MGD v2.2.1 [1945] added file type description to "Index of" (directory) [1946] 24-MAY-1995 MGD v2.2.0 [1947] minor changes to allow compilation on AXP platform [1948] 03-APR-1995 MGD v2.1.0 [1949] add SYSUAF authentication, POST method handling [1950] 20-DEC-1994 MGD v2.0.0 [1951] multi-threaded version [1952] 20-JUN-1994 MGD v1.0.0 [1953] single-threaded version [1954] */ [1955] /*****************************************************************************/ [1956] [1957] #ifndef VERSION_H_LOADED [1958] #define VERSION_H_LOADED 1 [1959] [1960] /* five characters or less */ [1961] #define HTTPD_NAME "WASD" [1962] #define HTTPD_SOFTWAREID_NAME "HTTPd-WASD" [1963] [1964] /* keep HTTPD_GBLSEC_VERSION in step with this version (as necessary) */ [1965] #define HTTPD_VERSION "12.2.5" [1966] [1967] /* used to name and to detect changes in global section data structures */ [1968] #define ACTIVITY_GBLSEC_VERSION_NUMBER 0x120000 /* i.e. 12.00.00 */ [1969] #define AUTH_GBLSEC_VERSION_NUMBER 0x120000 [1970] #define AUTH_TOKEN_GBLSEC_VERSION_NUMBER 0x120000 [1971] #define HTTPD_GBLSEC_VERSION_NUMBER 0x120000 [1972] #define SESOLA_GBLSEC_VERSION_NUMBER 0x120000 [1973] #define PROXYVERIFY_GBLSEC_VERSION_NUMBER 0x120000 [1974] [1975] /* used as part of the the "instance" lock names, allowed range 1..15 */ [1976] #define HTTPD_LOCK_VERSION 1 [1977] [1978] VersionInfo(); [1979] [1980] #endif /* VERSION_H_LOADED */ [1981] [1982] /*****************************************************************************/