CGIplus-enabled Run-time Environment Example -------------------------------------------- ***** FIRST, EVIDENCE OF PERSISTANCE ***** Usage Count: 2 ***** SECOND, THE CGI ENVIRONMENT AVAILABLE ***** WWW_AUTH_TYPE= WWW_CONTENT_LENGTH=0 WWW_CONTENT_TYPE=text/plain; charset=ISO-8859-1 WWW_DOCUMENT_ROOT= WWW_GATEWAY_BG=BG47559: WWW_GATEWAY_INTERFACE=CGI/1.1 WWW_GATEWAY_EOF=$Z-C3CEC6D71385252C89AE003D- WWW_GATEWAY_EOT=$D-169649DA01F335931F0D5DB8- WWW_GATEWAY_ESC=$E-E92E64597997E046F548260F- WWW_GATEWAY_MRS=4492 WWW_HTTP_CF_RAY=8e9905b0292210d3-ORD WWW_HTTP_USER_AGENT=Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) WWW_HTTP_HOST=675502.arinterhk.tech WWW_HTTP_CF_IPCOUNTRY=US WWW_HTTP_ACCEPT_ENCODING=gzip, br WWW_HTTP_X_FORWARDED_FOR=3.149.232.87 WWW_HTTP_X_FORWARDED_PROTO=https WWW_HTTP_ACCEPT=*/* WWW_HTTP_CF_CONNECTING_IP=3.149.232.87 WWW_HTTP_CF_VISITOR={"scheme":"https"} WWW_HTTP_CONNECTION=Keep-Alive WWW_HTTP_CDN_LOOP=cloudflare; loops=1 WWW_PATH_INFO=/just/a/bogus/path.txt WWW_PATH_ODS=5 WWW_PATH_TRANSLATED=WASD_ROOT:[just.a.bogus]path.txt WWW_QUERY_STRING=query=string WWW_REMOTE_ADDR=172.69.59.171 WWW_REMOTE_HOST=172.69.59.171 WWW_REMOTE_PORT=19476 WWW_REMOTE_USER= WWW_REQUEST_METHOD=GET WWW_REQUEST_PROTOCOL=HTTP/1.1 WWW_REQUEST_SCHEME=http: WWW_REQUEST_TIME_GMT=Thu, 28 Nov 2024 08:41:11 GMT WWW_REQUEST_TIME_LOCAL=Thu, 28 Nov 2024 09:41:11 WWW_REQUEST_URI=/rtbin/version.h/just/a/bogus/path.txt?query=string WWW_SCRIPT_FILENAME=WASD_ROOT:[src.httpd]version.h WWW_SCRIPT_NAME=/rtbin/version.h WWW_SCRIPT_RTE=cgi-bin:[000000]rte_example.exe WWW_SERVER_ADDR=146.48.108.2 WWW_SERVER_CHARSET=ISO-8859-1 WWW_SERVER_GMT=+01:00 WWW_SERVER_NAME=ns1.gposta.it WWW_SERVER_PROTOCOL=HTTP/1.1 WWW_SERVER_PORT=80 WWW_SERVER_SIGNATURE=
WASD/11.5.1 Server at ns1.gposta.it Port 80
WWW_SERVER_SOFTWARE=HTTPd-WASD/11.5.1 OpenVMS/IA64 SSL WWW_UNIQUE_ID=Z0g6twAAAAQkwAEpABs WWW_FORM_QUERY=string WWW_KEY_COUNT=0 ***** THIRD, AN "INTERPRETED" FILE (WWW_SCRIPT_NAME/WWW_SCRIPT_FILENAME) ***** [0001] /*****************************************************************************/ [0002] /* [0003] version.h [0004] [0005] [0006] VERSION HISTORY [0007] --------------- [0008] 17-AUG-2020 MGD v11.5.1, [0009] Http2RequestData() reduce memory consumption [0010] HTTP2_DEFAULT_WINDOW_SIZE from 1048575 to 131070 [0011] if no service configured create http: and https: ex nihilo [0012] VmCheckPgFlLimit() and WASD_VM_PGFL_LIMIT logical name [0013] keep connect cert (->VerifyPeer) distinct from client cert [0014] bugfix; ProxyEnd() fix NetIoEnd() fix [0015] bugfix; OdsDirectSearch() if wildcard specification [0016] return RMS$_NMF, otherwise RMS$_FNF (seems so elementary) [0017] bugfix; Http2RequestCancel() cancel and abort [0018] bugfix; RequestEnd() redirection [0019] bugfix; SesolaALPNCallback() 'h2' global and service enabled [0020] bugfix; ControlDoHelp() remove non-existant DISCONNECT=.. [0021] bugfix; RequestExecutePostAuth1() INTERNAL_PASSWORD_CHANGE [0022] should call HtAdminBegin() not AdminBegin() [0023] bugfix; SesolaSNICallback() needs to propagate newly set [0024] context client verify parameters to SSL-specific [0025] bugfix; SesolaNetFree() ensure (sigh) X509_free() where [0026] ->ClientCertPtr associated with connection (i.e. HTTP/2) [0027] bugfix; RequestParseExecute() ensure PUT and DELETE have [0028] WebDAV header field(s) before considering WebDAV [0029] 22-JUL-2020 MGD v11.5.0, "Stay well..." [0030] static fallback cert replaced by dynamic SesolaMkCert() [0031] protocol "HTTP/2" also reported in standard log formats [0032] DavWebRequest() remove requirement for logical name [0033] WASD_HTTP2_WEBDAV after WebDAV over HTTP/2 tested [0034] NetIoQioMaxSeg() tune QIO to TCP MSS [0035] verified against VSI SSL111 product [0036] SET response=csp= ("content-security-policy:") [0037] https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP [0038] SET response=cspro= ("..policy-report-only:") [0039] metacon alpn: (TLS application level protocol negotiation) [0040] metacon proctor: (obvious proctored script clause) [0041] DCL callout CSP: ("content-security-policy:") [0042] DCL callout CSPRO: ("..policy-report-only:") [0043] REGEX.C updated (ever-so-slightly) [0044] more proxy persistent connection (per JPP) [0045] RequestAbort() accomodates HttpdSupervisor() refinement [0046] and REQUEST_STATE_ABORT used throughout server [0047] Http2RequestData() delivers Http2RequestCancel() read AST [0048] NetTestSupevisor() and WASD_NET_TEST_BREAK logical name [0049] bugfix; ProxyEnd() free ioptr using NetIoEnd() [0050] bugfix; NetIoWriteStatus() and NetIoReadStatus() [0051] bugfix; RequestPersistentConnection() pipelined request [0052] bugfix; Http2RequestData() flow control [0053] bugfix; SesolaClientCertGet() SSL_VERIFY_POST_HANDSHAKE [0054] bugfix; httpd.c if (!CliDemo) HttpdGblSecInit(); [0055] bugfix; MetaConConditionalList() bu**ered [0056] bugfix; RequestProcessFields() DictLookup (.."accept"..) [0057] bugfix; SesolaCertExtension() BIO_NOCLOSE memory leak [0058] bugfix; CacheLoadEnd() free rqCache.ContentPtr on fail [0059] bugfix; DICT.C "tmptr && tmptr->clink.." [0060] bugfix; Http2Priority() exclusive bit [0061] bugfix; NetCreateService() only SesolaInitService() once [0062] bugfix; WatchDataDump() CHARS_PER_LINE calculation (sigh) [0063] bugfix; OdsDirectSearch() RMS$_FNF not RMS$_NMF (per JPP) [0064] bugfix; RequestShareBegin() if (!MATCH6 (cptr, "raw://")) [0065] bugfix; SesolaNetClientBegin() SESOLA_SINCE_110 [0066] BIO_set_data() before SSL_set_bio() (per JPP) [0067] bugfix; AdminParsePath() extraneous OdsParseRelease() [0068] bugfix; OdsDirectSearch() only if not already on the block [0069] boundary add one to get to next, otherwise already there! [0070] 20-JUL-2019 MGD v11.4.0, "One small step ..." [0071] 25th Anniversary Release (see 20-JUN-1994 below) [0072] adapt WatchSystemPlus() to allow use via CLI /SYSPLUS [0073] then dignified with a (sysPlus..()) module of its very own [0074] /OUTPUT= (in particular for /SYSPLUS) [0075] HttpdSupervisor() explicitly WatchEnd() [0076] Sesola_netio_read() and Sesola_netio_write() if connection [0077] broken (channel zero) return zero (SSL shutdown) [0078] SET response=200=203 for request tracking and log analysis [0079] ResponseHiss() response status changed from 403 to 203 [0080] status code 418 (teapot) forces connection drop [0081] allow a specified port when redirecting, i.e. http[s]//:nnn [0082] Sesola_netio_read_ast() 0 status TCP/IP Services? [0083] Sesola_netio_write_ast() 0 status TCP/IP Services? [0084] bugfix; SesolaClientCertGet() status 0 an issue [0085] bugfix; SesolaClientCertGet() if (value <= 0) break; [0086] bugfix; CgiOutput() Content-Length: strtoul() [0087] bugfix; SesolaClientCert() allow pattern per 25-AUG-2015 [0088] bugfix; SesolaCertExtension() storage reset [0089] bugfix; SesolaCertParseDn() regression (or whatever) [0090] bugfix; Http2NetQueueWrite() PEEK_8 at w2ptr->type [0091] bugfix; non-local without "Host:" use name not host:port [0092] bugfix; Http2RequestEnd() copy tally rx/tx to request [0093] bugfix; OdsDirectSearch() (uint)0xffff && rlen < 508) [0094] bugfix; AuthCompleted() and AuthNotComplete() to address [0095] AST delivery following request end and rundown [0096] bugfix; for bugfix StringSliceValue() kludge [0097] allow for DECnet connection string specified username [0098] bugfix; DavMetaDir() ACCVIO from !SAME2(mfdptr,'[.') [0099] 24-NOV-2018 MGD v11.3.0 [0100] verified against OpenSSL v1.0.2 && v1.1.0 && v1.1.1 [0101] TLSv1.3 operational [0102] verified against EXPAT v2.2.5 (for WebDAV purposes) [0103] (but reverted to v2.0.1 for final VAX WASD release) [0104] VM.C eliminate dynamic tuning of heap initial allocation [0105] and rework to allow detailed memory management statistics [0106] to be compiled into the runtime for development purposes [0107] ODS (FILES-11) directory parser [0108] WatchSystemPlus() et.al. for system troubleshooting [0109] RequestBegin() exit after consecutive SesolaNetBegin() fails [0110] DavWebRundown() explicitly abort WebDAV processing [0111] allow logical name content during one-to-one rule mapping [0112] refactor WatchWrite() using NetWriteBuffered() [0113] DclTaskRunDown() always use DclEmptySysOutput() [0114] [BufferQuotaDclOutput] BUFQUO value for SYS$OUTPUT mailbox [0115] refactor Http2RequestCancel() into Http2RequestCancelRead() [0116] and Http2RequestCancelWrite() [0117] ProxyRequestRebuild() proxy-authorization opaque: [0118] ProxyTunnelLogicalName() WASD_TUNNEL_SECONDS [0119] RequestGet() and ProxyTunnelNetReadAst() provide [0120] "X-Forwarded-For:" client host to proxied-to server [0121] /DO=REQUEST=RUNDOWN=.. [0122] /DO=ZERO=STATUS [0123] /DO=SSL=SERVICE=LOAD[=] no longer works [0124] SET response=var=crlf [0125] SET response=var=lf [0126] SET response=var=none [0127] bugfix; PutWriteFileOpen() override incompatible existing [0128] file characteristics by first erasing the file [0129] bugfix; seeming innumerable WebDAV fixes (some obvious, [0130] some obscure) many thanks to John Dite for his patience and [0131] persistence in finding and reporting anomalous behaviours [0132] (check the individual DAV...C modules for descriptions) [0133] bugfix; StringSliceValue() kludge for DECnet tasks [0134] bugfix; MetaConEvaluate() "webdav:MSagent" [0135] bugfix; DavWebMicrosoftDetect() before ->WebDavTaskPtr [0136] bugfix; X509_free() memory leak with ->ClientCertPtr [0137] bugfix; Http2NetIoWrite() blocking write data must be [0138] asynchronously persistent so employ internal buffer(s) [0139] bugfix; /DO=AUTH=SKELKEY=.. cluster wide (yet again :-) [0140] bugfix; SESOLA-OpenSSL memory leak at v11.0.0 [0141] bugfix; FileParseAst() regression with search list file [0142] bugfix; RequestRundown() allow for cache activity [0143] bugfix; WatchDataDump() CHARS_PER_LINE calculation [0144] bugfix; (longstanding) MapUrl__Map() multiple template [0145] wildcards when reverse mapping [0146] 01-MAR-2018 MGD v11.2.0 [0147] make WATCH item width flexible using initial value 6 digits [0148] with leading 3 digits HTTP/2 stream ID followed by 3 digits [0149] connection ID number and on overflow increment by 2 [0150] if |WASD_ENV| defined use that in absence of /ENV=.. [0151] Dav..() always DavWebEnd() not RequestEnd() [0152] WebDAV "authorisation" allowed to be EXTERNAL or OPAQUE [0153] RequestRundown() outstanding task sanity checks [0154] HttpdSupervisor() refactored timeout handling [0155] ProxyTunnelLogicalName() and WASD_TUNNEL to provide client [0156] host and port tunnel data available to the WASD system [0157] activated by SET..PROXY=FORWARDED=[FOR|ADDRESS] [0158] logging 'II' image information (file, version, link time) [0159] logging 'TI' request time in ISO 8601 extended format [0160] logging 'TS' (sortable) UTC request time ISO 8601 format [0161] logging 'TU' request time UTC (GMT) now synonym for 'TG' [0162] stamp (note) log events when common/combined with/without+ [0163] SET DIR=TITLE=[default|owner|remote||this=] [0164] /DO=HELP brief summary of command-line /DOs [0165] /DO=SSL=SERVICE=LOAD[= (re)load SSL context [0166] (/DO=SSL=CERT=LOAD is now implemented using this) [0167] /DO=STATUS report basic status of all instances [0168] /DO=STATUS=NOW instances immediately update status information [0169] /DO=STATUS=PURGE zero stale instance status information [0170] /DO=STATUS=RESET zero instance status information [0171] /NOTE= annotation to server process log [0172] refactor WatchEnd() (yet again) [0173] DclInit() do not adjust SYS$OUTPUT mailbox size when HTTP/2 [0174] is enabled, issue an informational as required [0175] DclMemBuf..() memory buffer script IPC (see DCLMEMBUF.C) [0176] callout BUFFER-BEGIN: [0177] callout BUFFER-END: [0178] callout BUFFER-WRITE: [0179] SesolaReport() allow reporting using an HTTP service [0180] CgiOutput() refine Content-Length: to report out-of-range [0181] CgiOutput() reject subsequent non-header [0182] WatchReport() move SSL item into Network group [0183] WatchShowCluster() and WatchShowSystem() VMS V6.2 obsolete [0184] bugfix; (longstanding) InstanceSocketForAdmin() sys$deq() [0185] bugfix; Http2..() window update and flow control management [0186] bugfix; logging 'BB' header length "lost" during HTTP/2 mods [0187] bugfix; nil content CGI responses not delivered [0188] bugfix; (long-standing) always use UpdEnd() not SysDclAst() [0189] bugfix; CgiGenerateVariables() [0190] |rqptr->rqAuth.SourceRealm != AUTH_SOURCE_AGENT_OPAQUE &&| [0191] 09-AUG-2017 MGD v11.1.1 [0192] relax HTTP/2 "rabbit hole" to permit WATCHing except [0193] for items [x]HTTP/2, [x]SSL and [x]network [0194] /INSTANCE=CONFIG ensures config values used [0195] SesolaClientCertRenegotiate() allow for pre- and post- [0196] OpenSSL 1.1.0 due to MSIE11 (Edge) stalling on a read [0197] after renegotiation (pre reverts to v11.0 and earlier code) [0198] SesolaInitService() when SSL_CTX_set_tmp_dh_callback() is [0199] enabled (DH_PARAM_*.PEM files present) ensure flag [0200] SSL_OP_CIPHER_SERVER_PREFERENCE is implicitly set [0201] MapUrl_GuaranteeAccess() mapping as well as authorisation [0202] Authorize() move AuthorizeGuaranteeAccess() up-front to [0203] ensure access to guaranteed paths not only with failure [0204] StringSliceValue() allow quote-delim inside space-delimited [0205] bugfix; rationalise as OpenSSL_version[_num]() becomes [0206] confused catering for OpenSSL v1.0.2 && v1.1.0 && v1.1.1 [0207] bugfix; HttpdSupervisor() do RequestRundown() only the once [0208] bugfix; DclCalloutDefault() NOTICED: and OPCOM: responses [0209] bugfix; DclScriptProctor() request is not actually "!!*!" [0210] bugfix; HpackHeadersFrame() use ":authority" pseudo-header [0211] for "Host:" header according to RFC7540 8.1.2.3 [0212] bugfix; SesolaCertExtension() generate UPN independently [0213] for each of pre- and post- OpenSSL 1.1.n [0214] bugfix; SesolaClientCertConditional() 'IS' processing [0215] bugfix; SesolaClientCertRenegotiate() allow for low-level [0216] (i.e. SSL) I/O errors (e.g. link disconnection) [0217] bugfix; LoggingDo() 'SR' silliness from v11.0 rework [0218] bugfix; MapUrl_ExplainPathSet() response=header=add=.. [0219] bugfix; for HTTP/2 (sigh) we need NPH to generate a header [0220] bugfix; session ticket key refresh (must be one of those...) [0221] 04-MAY-2017 MGD v11.1.0, [0222] "Raw"Socket based on WebSocket infrastructure [0223] [DclScriptProctor] * general idle process(es) [0224] [ServiceRawSocket] enables a RawSocket [0225] [ServiceSSLcert] specification can contain wildcard(s) [0226] SET proxy=header=[=] [0227] logging 'CL' insert request content-length [0228] logging 'PL' insert PUT or POST body received count [0229] Sesola..() refinements for OpenSSL v1.1.1 and TLS 1.3 [0230] sesola.h |#include "openssl/rand.h"| to fix OpenSSL v1.1.0 [0231] static link error against rand_bytes() and rand_seed() [0232] SesolaNetThisIsSSL() allow redirection to include scheme [0233] /DO=SSL=CERT=LOAD ... basically for internal use only! [0234] (heads-up: planned Let's Encrypt CME utility :-) [0235] Graph..() activity graphic now implemented using HTML5 canvas [0236] ResponseHeader() ensure non-printables cannot be injected [0237] InstanceSessionTicketKey() rework multi-instance/cluster [0238] (sigh! yes again; the lack of a test cluster these days) [0239] DirDirectories() do not list "hidden" (^.the.DIR) directories [0240] bugfix; use rqHeader.RequestBody.. for body with header [0241] bugfix; DclScriptProctor() v11.0 request structure [0242] requires dictionary and netio structures [0243] bugfix; SesolaNetIoRead() SSL_read() in-progress [0244] bugfix; Http2RequestEnd() end-of-request (control) frame [0245] independent of request itself [0246] bugfix; Http2NetQueueWrite() and Http2NetWriteDataAst() [0247] blocking writes are not placed on the request's [0248] write list as they are transparent to the request [0249] bugfix; Http2NetQueueWrite() deliver via NetIoWriteStatus() [0250] using SS$_NORMAL (HTTP/2 I/O) not the request ->VmsStatus [0251] bugfix; SesolaControlReloadCA() do not proactively [0252] X509_STORE_free() (leaves a dangling pointer?) [0253] bugfix; SesolaSNICallback() port elimination [0254] bugfix; RequestExecutePostCache() keyword redirection count [0255] 25-AUG-2016 MGD v11.0.2, [0256] Http2RequestBegin() ensure stream ident not reused [0257] increase MAX_REQUEST_HEADER from 16384 to 32768 [0258] InstanceSessionTicketKey() rework multi-instance rotate [0259] CgiGenerateVariables() mitigate httpoxy vulnerability [0260] MsgConfigLoadCallback() make [ismap] optional [0261] ParseCommandInteger() accept just an integer [0262] CLI /INSTANCE= now sets global section |InstanceMax| [0263] to allow the created process to continue to exist and when [0264] used needs to be reset with the likes of /INSTANCE=1 [0265] minimum supported OpenSSL version is now v1.0.0 [0266] which precludes HP SSL V1.4 (at least) [0267] OpenSSL v1.1.0 required code changes including [0268] #if (OPENSSL_VERSION_NUMBER < 0x10100000L) in Sesola..() [0269] modules, and introducing a version dependent build [0270] SesolaClientCertRenegotiate() rework due to OpenSSL v1.1.0 [0271] ResponseHeader() ->rqCgi.ScriptControlHttpStatus will allow [0272] an error reporting script to override the original status [0273] CGI Script-Control: X-http-status= [0274] %SSL-x-STRICT (RFC6797) now described as %SSL-x-STRICT, HSTS [0275] bugfix; Http2RequestData() always deliver via NetIoReadAst() [0276] bugfix; HpackHeadersFrame() uncompressed header size [0277] bugfix; CgiGenerateVariables() names from dictionary [0278] bugfix; MetaConEvaluate() request: regression [0279] bugfix; RequestProcessFields() if-range: regression [0280] bugfix; MetaConEvaluate() client_connect_gt: regression [0281] bugfix; SesolaClientCert() move X509 RENEGOTIATE switch [0282] HTTP/2 to HTTP/1.1 after SSL_get_peer_certificate() [0283] 30-JUN-2016 MGD v11.0.1, [0284] meta config [[wasd*n.n.n]] server version conditional [0285] [SSLsessionLifetime] session ticket (or ID) lifetime [0286] [SSLverifyPeerDataMax] see documentation [0287] [ServiceSSLsessionLifetime] per-service equivalent [0288] [ServiceSSLverifyPeerDataMax] per-service equivalent [0289] [SSLsessionCacheMax] default (of zero) now disables [0290] in favour of the more efficient Session Ticket [0291] SesolaSessionTicket..() refresh and coordinate the [0292] TLS session ticket key cluster-wide using the DLM [0293] InstanceSupervisor() refresh session ticket key at midnight [0294] RequestGblSecUpdate() method and URI only printable chars [0295] ProxyTunnelRequestParse() append mapped path for logging [0296] DirFiles() and DavPropSearchAst() ignore ambiguous file [0297] names containing an escaped ("^.") period but no type [0298] ErrorRedirectQueryString() ERROR_URI variable [0299] bugfix; MapOdsUrlToOds5Vms() URLs will not contain [0300] '^'-escaped sequences so just '^'-escape them [0301] bugfix; SesolaClientCertRenegotiate() ensure request [0302] data cleared before renegotiate ([SSLverifyPeerDataMax]) [0303] bugfix; DclTaskRundown() cancel HTTP/2 client read [0304] bugfix; HttpdSupervisor() accumulate proxy accounting data [0305] bugfix; RequestEnd2() decrement processing rx or (SSH) method [0306] bugfix; RequestEnd2() read status OK -or- ENDOFFILE [0307] bugfix; HpackHeadersFrame() multiple to single cookie header [0308] bugfix; MetaConEvaluate() request-scheme: regression [0309] bugfix; NetWrite() response header write error handling [0310] bugfix; SesolaClientCert() just return status [0311] 07-MAY-2016 MGD v11.0.0, [0312] HTTP/2 (RFC7540, RFC7541) [0313] restructure network I/O abstractions (oh boy!) [0314] key-value dictionary (associative array) abstraction [0315] add "Refresh [integer] Seconds" to appropriate reports [0316] ProxyFtpListOutput() update in line with directory listing [0317] SET dict[=[=]] [0318] SET http2=protocol=1.1 [0319] SET http2=send=goaway[=] [0320] SET http2=send=ping [0321] SET http2=send=reset[=] [0322] SET http2=write=[low|normal|high] [0323] metacon dict:, http2: and request-protocol: [0324] [HTTP2..] global configuration [0325] [TimeoutHttp2Idle] [0326] logging 'DI' insert specified dictionary item value [0327] /DO=HTTP2=PURGE[=] [0328] ensure timed-out requests are logged as 408/500 [0329] excise much of the twenty years of reporting HTML cruft [0330] obsolete ismap.c, filedot.c, menu.c and track.c functionality [0331] 22-APR-2016 MGD v10.4.3 (unreleased), [0332] logging 'NP' insert notepad value [0333] logging 'XX' insert custom site/client-specific datum [0334] SET sslcgi=apache_mod_ssl_client [0335] SET sslcgi=apache_mod_ssl_extens [0336] LoggingDo() MAX_FAO_VECTOR from 64 to 128 [0337] SSL_CTX_set_ecdh_auto() set elliptic curves selection [0338] SesolaTmpDHCallback() improve DH*.PEM flexibility [0339] SesolaCertExtension() parse X509 extensions [0340] SesolaCertName() parse X509 distinguished name [0341] SesolaCgiVariablesExtension() document X509 extensions [0342] SesolaReport() list certificate extensions [0343] [ru:/CN=] allows multiple to be selected between [0344] (e.g. "[ru:/CN=user*]", "[ru:/CN=^^\[^/=\]*$]") [0345] SesolaCertParseDn() strncmp() not strsame() [0346] SesolaCertParseDn() select on pattern match [0347] StringMatchAndRegex() ensure |rqptr| not needed [0348] add limit to consecutive failures on persistent connection [0349] remove limit to consecutive requests on persistent connection [0350] TcpIpAddressToString() IPv4 in IPv6 as ::FFFF:n.n.n.n [0351] bugfix; ResponseHeader() for HEAD request transfer-encoding [0352] chunked suppress actual chunked body (RFC 7230 3.3) [0353] bugfix; SesolaInit() session cache max -1 disables cache [0354] bugfix; LoggingDo() elapsed time items [0355] bugfix; LoggingDo() 'CC' do not reuse pointers! [0356] bugfix; LoggingDo() 'VS' |->ServicePtr| dereference [0357] 15-AUG-2015 MGD v10.4.2, [0358] [ServiceStrictTransSec] (RFC6797) [0359] [SSLstrictTransSec] (RFC6797) [0360] SET response=sts= (Strict-Transport-Security:) [0361] ResponseHeader() Strict-Transport-Security: header [0362] add WATCH "!42*x" to beginning and ending of requests [0363] DavWebRequest() allow bodies with any and no Content-Type: [0364] then in DavWebRequest2() check for XML in the body content [0365] RequestRedirect() always use dynamic buffers [0366] when "remote-addr:" begins '?' translate host to IP address [0367] LoggingDo() add WASD_LOGS "convenience" logical name [0368] disable kludge; SesolaNetAccept() SSL3_ST_SR_CLNT_HELLO_C [0369] as the issue seems to have been fixed in OpenSSL v1.0.2c [0370] logical name WASD_REDIRECT_WILDCARD must be defined [0371] to enable "DNS wildcard" proxy redirection [0372] bugfix; [Cli]ParseCommand() parenthesis parsing [0373] bugfix; Request..() rework pipelined request handling [0374] bugfix; move supervisor PID from InstanceNodeSupervisor() [0375] to InstanceNodeSupervisorAst() [0376] bugfix; DavWebDestination() URI and URL (Total Commander) [0377] bugfix; Error..() earlier and broader detection of WebDAV [0378] bugfix; DavDeleteParse() enable access around OdsParse() [0379] bugfix; DavMoveMeta() do not report RMS$_DNF [0380] bugfix; FaoSAK() sdptr = StrDscBuffer(StrDscPtr); [0381] bugfix; DavXmlStartElement() PROPFIND accumulate list of [0382] dead properties subsequently searched for in the metadata [0383] bugfix; MapUrl_ExplainPathSet() ->ResponseChunked [0384] bugfix; CONFIG_SERVER_LOGS logical names precede fixed locale [0385] 12-FEB-2015 MGD v10.4.1, [0386] ProxyResponseRebuild() and ProxyRequestRebuild() provide [0387] timeout=n parameter with Keep-Alive: header field (some [0388] origin servers hang when no parameters supplied, per JPP) [0389] SesolaInitOptions() expand options keywords to include [0390] most SSL_OP_.. flags using the OpenSSL flag #define as the [0391] keyword minus the "SSL_" (e.g. OP_CIPHER_SERVER_PREFERENCE) [0392] SesolaTmpRSACallback() and SesolaTmpDHCallback() [0393] support for ephemeral keys enabling "forward secrecy" [0394] SesolaInitService() and SesolaInitClientService() [0395] if cipher list begins '+', '-' or '!' append it to default [0396] increase MAX_REQUEST_HEADER from 8192 to 16384 [0397] (proxying requests from Firefox to IIS, per JPP) [0398] kludge; SesolaNetAccept() SSL3_ST_SR_CLNT_HELLO_C [0399] bugfix; RequestEndEnd() use ZERO_DELTA_TIME macro [0400] bugfix; AuthCacheNeedsReval() AlreadyLocked (per JPP) [0401] bugfix; ConfigReportSecureSocket() FaoVector[32] [0402] 05-DEC-2014 MGD v10.4.0 [0403] CORS support [0404] /SSL=(TLSvALL,TLSv1.1,noTLSv1.1,TLSv1.2,noTLSv1.2) [0405] removed /SSL=(2|3|23) which must be altered to SSLv2, etc. [0406] NOTE: TLSv1, TLSv1.1, TLSv1.2 now ENABLED by default [0407] SSLv2 and SSLv3 are now DISABLED by default [0408] (as recommended post-POODLE) [0409] MapUrl_ClientAddress() allows for transparent upstream proxy [0410] ResponseStream() and request /stream/ [0411] AuthCacheNeedsReval() so multiple cache entries for the [0412] same credentials do not trigger multiple revalidations [0413] SsiEnd() detect and report non-SSI problem encountered [0414] access log buffer extended from [4096] to [16384] (UMA SAML) [0415] LoggingQuoted() explicitly encode some fields where a raw [0416] quotation mark (URI forbidden) can break a log entry [0417] HttpdExit() sanity check trace after %SYSTEM-F-ASTFLT [0418] stack corruption at (you guessed it) Uni Malaga resulted [0419] in the icb.libicb$v_bottom_of_stack never being set! [0420] tweaks to some accounting fields and values (for WASDmon) [0421] NetCreateService() check bind address string instead of [0422] address to allow binding primary to 0.0.0.0 (INADDR_ANY) [0423] directory default listing style now ed [0424] directory path SET ods=name=utf8 then response charset=utf-8 [0425] directory ?httpd=index&font=[inherit|monospace(D)] [0426] ?httpd=index&style=table[2] [0427] SET client=[forwarded|if=forwarded|literal=|reset| [0428] if=xforwardedfor|xforwardedfor] [0429] SET dir=font=[inherit|monospace(D)] [0430] dir=style=TABLE[2] (new default) [0431] SET cors=age= cors=cred=[true|false] [0432] cors=expose= cors=headers= [0433] cors=methods= cors=origin= [0434] SET ods=name=8bit, ods=name=utf8, ods=name=default [0435] SET webdav=[no]hidden [0436] webdav=meta=dir= [0437] [SecureSocket] and [SSL...] (overridden by /SSL=) [0438] [WebDAVmetaDir] sub or full directory for meta files [0439] WedDAV configurable metadata (sub)directory [0440] AuthAccessCheck() add explicit check against server [0441] account to improve reporting of underlying access [0442] User-defined logging directives 'CI', 'SR', 'SV' for [0443] SSL cipher, session reuse and version items [0444] COMMON+, COMMON_SERVER+, COMBINED+ composite log formats [0445] X-record0-mode[=0|1] and associated CGI null-record mode [0446] bugfix; and refine DirFormatSize() [0447] bugfix; SSLv23_method() appears to be a Swiss-army knife [0448] significant rework of SSL version configuration [0449] bugfix; TcpIpCacheAddressToName() memcpy null char [0450] bugfix; DavMetaOpenAst() retry after meta directory creation [0451] bugfix; DavPropEnd() ensure unused meta-data file deleted [0452] bugfix; MapOds5VmsToUrl() et.al. allow for ".][" [0453] bugfix; SAME3 0x00ffffff mask (not 0xffffff00) [0454] bugfix; DirFormatAcpInfoAst() ThisIsADirectory = false; [0455] bugfix; DavWebCreateDir() set SYSPRV access, propagate rest [0456] bugfix; PutWriteFileOpen() WebDAV should not use default [0457] protection mask and instead propagate from profile [0458] bugfix; FileParseAst() allow for non-dir .DIR files [0459] bugfix; RequestRedirect() allocate using (possibly expanded) [0460] header length (not fixed) when allocating POST buffer [0461] bugfix; PROXY.C no $QIO buffer should exceed 65535! [0462] 06-OCT-2013 MGD v10.3.0 [0463] TLS1 Server Name Indication (SNI) extension [0464] /SSL= parameter options rework (plus new mnemonic options) [0465] SesolaNetClientBegin() include SNI before connect [0466] PutWriteFileOpen() support FAB$C_STM and FAB$C_STMCR [0467] DclMailboxAcl() allow usernames without associated [0468] identifiers (i.e. shared UICs) by first trying with the [0469] username and on failure getting the UIC and using that [0470] FaoUrlEncodeTable tilde from "%7e" to "~" (cadaver issue) [0471] GzipInit() ZLIB shareable image via logical names [0472] WASD_LIBZ_SHR32, then GNV$LIBZSHR32, finally LIBZ_SHR32 [0473] PersonaAssume() wrap sys$persona_create() with SYSPRV [0474] after modifications to DclMailboxAcl() to allow usernames [0475] without associated identifiers (i.e. shared UICs) [0476] authorisation realm read-only group can be specified as "*" [0477] to represent that "everyone else" can read [0478] ProxyResponseRebuild() additional header length bumped [0479] from an ambit 256 to an ambit 1024 (Uni Malaga :-) [0480] OdsNamBlockAst() on non-ODS_EXTENDED platforms (i.e. VAX) [0481] tease-out system file name from Nam.nam$l_name and [0482] Nam.nam$l_type into odsptr->SysFileName buffer [0483] historically used by ODS-5 and munge for ODS-2 as well [0484] .WWW_WASD directory directive file [0485] sortable directory listing [0486] ?httpd=index&ilink=[yes|no] [0487] ?httpd=index&override=[yes|no] [0488] ?httpd=index&query= (.WWW_WASD specific) [0489] ?httpd=index&style= [0490] ?httpd=index&sort=[+|-] [0491] ?httpd=index&target= [0492] ?httpd=index&these=[,] [0493] ?httpd=index&versions=|* [0494] SET dir=delimit= [0495] SET dir=[no]ilink [0496] SET dir=style=sort (plus the dir=style=2) [0497] SET dir=sort=[+|-] [0498] SET dir=target= [0499] SET dir=these=[,] [0500] SET dir=versions=|* [0501] SET put=rfm=[STM|STMCR|UDF] added to FIX512,STMLF [0502] "upstream-addr:" conditional [0503] [AuthRevalidateLoginCookie] obsolete (in favour of ...) [0504] rqptr->AuthRevalidateCount to track empty authentication [0505] prompts preceding potential redundant revalidation prompt [0506] [PutBinaryRFM] add STM and STMCR [0507] [ServiceNonSSLRedirect] |[:] [0508] some refinements to Upd..() layout and functionality [0509] refine HTML and bring a little more up-to-date [0510] AUTH_MAX_USERNAME_LENGTH bumped from 47 to 64 for X509 [0511] FileAcpInfoAst() '$.' file extension kludge [0512] bugfix; AuthConfigLoadCallBack() additional [AuthProxy] [0513] with intervening rules should reset proxies [0514] bugfix; FileResponseHeader() "?httpd=content&type=" decoded [0515] bugfix; MapOds..() identify MFD using "000000]" and "000000." [0516] bugfix; AuthVmsGetUai() interaction of logon= parameters [0517] bugfix; UpdFileRename() ACCVIO with AuthAccessEnable() [0518] bugfix; RequestParseAndExecute2() remove reset of [0519] request persistent flag from OPTIONS and DELETE [0520] bugfix; SesolaInitService() (or refinement) [0521] SSL_CTX_set_session_id_context() against each service [0522] bugfix; DirFormatSize() bytes [0523] bugfix; OdsParseTerminate() on non-ODS_EXTENDED platforms [0524] (i.e. VAX) reset .nam$b_esl to changed expanded length [0525] or it can generate RMS$_ESL errors [0526] bugfix; DavPropSearchAst() on non-ODS_EXTENDED platforms [0527] (i.e. VAX) reset .nam$b_rsl to changed resultant length [0528] or it can generate RMS$_RSL errors [0529] bugfix; non-ODS_EXTENDED platforms (e.g. VAX) must [0530] OdsParse() NAM$M_NOCONCEAL before OdsSearchNoConceal() [0531] bugfix; MapUrl__Map() reverse mapping wildcard copy [0532] bugfix; CgiGenerateVariables() AUTH_GROUP write/read status [0533] bugfix; AuthClientHostGroup() wildcard match result reversed [0534] bugfix; ProxyResponseRebuild() call ProxyRebuildLocation() [0535] can return a pointer to the original location! [0536] bugfix; SesolaInit() translate WASD_SSL_CIPHER logical name [0537] 09-NOV-2012 MGD v10.2.0, [0538] TOKEN authorisation [0539] request header DNT (do not track) [0540] set ProxyReadBufferSize to 64k (per JPP) [0541] allow (proxy) ResponseBufferSize to be >= 64k (per JPP) [0542] HttpdSystemInfo() $GETSYIW() CsidVersion treat status [0543] SS$_UNREACHABLE as non-fatal and fallback to 16 byte LVB [0544] DIGEST.C numerious tweaks up to RFC2069 [0545] [AuthTokenEntriesMax] for token authorisation [0546] bugfix; HTAdminModifyUser() use database name for digest [0547] bugfix; AuthorizeResponse() digest scheme [0548] bugfix; AuthVmsGetUai() logon= fall through [0549] bugfix; DclSysOutputAst() WebSocket wrt agent [0550] bugfix; WebSockEnd() do not NetCloseSocket() [0551] bugfix; (at least improve) caching of group write/read [0552] bugfix; SesolaParseCertDn() return NULL if record not found [0553] bugfix; AuthorizeGroupWrite() with cached entries! [0554] bugfix; AuthReadSimpleList() parameter /DIRECTORY= processing [0555] 28-APR-2012 MGD v10.1.1, [0556] RequestGet() no longer report 408 for unused connections [0557] RequestEndEnd() likewise ignore unused connections (Chrome) [0558] MetaConLoad() compress non-signficant white-space [0559] proxy WebSocket upgrade requests as raw tunnels (kludge) [0560] DclRestartScript() refine WebSocket handling [0561] DirFormatSize() now uses quadword [0562] DirFormatSize() adjusts units to fit size width [0563] MATCH0..8() macro to improve efficiency over memcmp() [0564] SAME1..4() macro to abstract the *(USHORTPTR)s, etc. [0565] bugfix; RequestBegin() remove RequestEnd() following failed [0566] SesolaNetBegin() resulted in redundant request rundown [0567] bugfix; SesolaNetAccept() initialise value=0 [0568] bugfix; SesolaNetRead() SSL state not SSL_ST_OK [0569] bugfix; SesolaNetWrite() SSL state not SSL_ST_OK [0570] bugfix; DavWebMicrosoftMunge2() token reprocessing [0571] bugfix; FileAcpInfoAst() SS$_BADPARAM >2GB <4GB (per JPP) [0572] bugfix; WebSockCloseMailboxes() logic [0573] bugfix; DclScriptProcessCompletionAST() don't WebSockClose() [0574] any WebSocket request currrently associated with the task [0575] bugfix; RequestEndEnd() '->WebSocketCount' already locked [0576] 06-NOV-2011 MGD v10.1.0, [0577] dragged kicking and screaming to VMS V7.0 base build [0578] Web Socket (HTML5) support [0579] Secure Sockets default to SSL v3 and TLS v1 (no more SSL v2) [0580] SET cache=[no]cookie [0581] SET map=uri [0582] SET proxy=chain=cred= [0583] SET proxy=tunnel=request= [0584] SET regex= [0585] SET response=HTTP=original [0586] SET service= [0587] SET notimeout (short-hand for timeout=none,none,none) [0588] SET websocket= [0589] "origin:" conditional [0590] "request-peek:" conditional [0591] "upgrade:" conditional [0592] "websocket:" conditional [0593] [DclScriptProctor] (pro-)activate script/environments [0594] [RegEx] enabled/disabled/ [0595] [ServiceProxyChainCred] down-stream proxy credentials [0596] [WwwImplied] "www." is implied even with virtual services [0597] ("Host:") not beginning with it (ServiceFindVirtual()) [0598] callout LIFETIME: can accept [0599] callout SCRIPT-CONTROL:string (see DCL.C) [0600] logging 'PP' outgoing proxy connection local port [0601] /DO=ALIGN=.. to allow collection and analysis of Alpha and [0602] Itanium alignment fault data using HttpdAlignFault() et.al. [0603] /DO=NET=PURGE[=..] expanded capability [0604] /DO=WEBSOCKET=DISCONNECT[=..] to disconnect WebSockets [0605] /PRIORITY= limit increased from 6 to 15 [0606] SesolaInit() default is SSLv2 off and SSLv3/TLSv1 on [0607] AuthAgentCallout() callout BODY implemented (for PAPI) [0608] MapOdsUrlTo..() consecutive '/' into a single a la Unix [0609] ServiceReportNow() service synopsis [0610] ProxyTunnelChainConnect() chain proxy authorization [0611] ProxyRequestRebuild() chain proxy authorization (BASIC only) [0612] ServiceReportNow() add summary to service report [0613] configuration lines beginning "!#" now allow WATCHable [0614] during mapping and authorisation processing [0615] reworked query string handling based on length [0616] ServiceEntityMatch() processes in-match and if-not-match [0617] CacheSearch() implement request cache control [0618] CacheLoadResponse() checks response header for [0619] "Cache-Control:" directives and adjusts accordingly [0620] CacheLoadEnd() buffer all content-type data [0621] (previous behaviour truncated at ';' or white-space) [0622] MetaConLoad() ensure metacon "lines" are quadword aligned [0623] __unaligned directive added to pointer macros in a [0624] (successful) effort to avoid alignment faults [0625] VM_OFFSET now 8 (quadword alignment) instead of 4 [0626] bugfix; OdsFileExists() parse NAM$M_NOCONCEAL in case of [0627] multi-valued, concealed logical devices and then convert [0628] returned status DNF into the functional equivalent FNF [0629] bugfix; directory listing OdsSearchNoConceal() to [0630] process concealed, multi-value logical device names [0631] bugfix; RequestRedirect() only concat '&' if including query [0632] bugfix; set rule 'CacheSetting' boolean with any CACHE=.. [0633] 02-OCT-2010 MGD v10.0.3, [0634] command-line checks of configuration files [0635] /DO=AUTH=CHECK /DO=CONFIG=CHECK (all configuration files) [0636] /DO=GLOBAL=CHECK /DO=MAP=CHECK /DO=MSG=CHECK [0637] /DO=SERVICE=CHECK [0638] TcpIp6..() functions to resolve IPv6 AAAA records [0639] ProxyRequestParse() improve IPv6 host parsing [0640] bugfix; regression at 10.0.1 with proxy authorization [0641] bugfix; SSL_set_info_callback() not SSL_CTX_set..() [0642] 01-JUL-2010 MGD v10.0.2, [0643] metacon "file:" and "directory:" to probe file-system [0644] SET script=lifetime= [0645] SET put=max= per-path equivalent of [PutMaxKbytes] [0646] SET put=max=* for (effectively) unlimited upload [0647] BODY.C significant rework to function()alise common code [0648] BODY.C improve performance with multiblock of 127 (per JPP) [0649] BODY.C make MultipartContentType(Ptr) a dynamic structure [0650] as Microsoft endeavour to include application data [0651] along with MIME content-type, see ... [0652] http://msdn.microsoft.com/en-us/library/aa338205.aspx [0653] and an example (no kidding!) ... [0654] "application/vnd.ms.powerpoint.template.macroEnabled.12application/x-font" [0655] FileNextBlocks() change QIO file size from long to quad [0656] to cater for files greater than 4GB (4GB+ is limited to [0657] file serving only, no ranges, etc.) [0658] RequestExecutePostCache() UTF-8 decode WebDAV objects [0659] RequestRedirect() support WebDAV "Destination:" field (JPP) [0660] DclAllocateTask() default unconfigured CGIplus lifetime [0661] SsiDoSet() and SsiGetTagValue() allow '$' in variable names [0662] Mapurl_ControlReload() rather than Mapurl_Load() [0663] bugfix; MapUrl_ControlReload() [0664] bugfix; DclUpdateScriptNameCache() run-time pointer [0665] bugfix; OdsNamBlockAst() odsptr->NamFileSysNamePtr [0666] always set to odsptr->SysFileName in case RMS$_FNF, etc. [0667] bugfix; RequestGet() MAX_REQUEST_HEADER (per JPP) [0668] bugfix; allow METACON_TOKEN_INCLUDE for [IncludeFile] [0669] bugfix; MetaConEvaluate() when JustChecking: HTTP header [0670] fields (e.g. "cookie:") [0671] bugfix; DavMetaReadName() and DavMetaWriteName() [0672] allow for typeless file names (e.g. ]AFILE.;) [0673] bugfix; PutWriteFileOpen() ensure SYSPRV enabled before [0674] $ERASE() if not WebDAV request (access and ownership) (JPP) [0675] bugfix; DavWebSlashlessMunge() enable SYSPRV while [0676] calling OdsFileExists() (per JPP) [0677] bugfix; do not use REDIRECT for WebDAV request error report [0678] bugfix; no new token when refreshing existing lock (per JPP) [0679] bugfix; FileNextBlocks() signed/unsigned comparison [0680] when calculating buffer size on files larger than 2^31 [0681] bugfix; MapOdsUrlToOds5Vms() MapOdsElementsToVms() [0682] include '|' and '%' as ODS-5 escaped characters [0683] bugfix; DirAuthorizationAst() only check access on [0684] non-empty expanded file names [0685] bugfix; PutWriteFileOpen() ensure SYSPRV enabled before [0686] $CREATE() if not WebDAV request (for access and ownership) [0687] bugfix; FileNextBlocks() signed/unsigned comparison [0688] when calculating buffer size on files larger than 2^31 [0689] bugfix; MapOdsUrlToOds5Vms() MapOdsElementsToVms() [0690] include '|' as an ODS-5 escaped character [0691] bugfix; DirAuthorizationAst() only check access on [0692] non-empty expanded file names [0693] bugfix; PutWriteFileOpen() ensure SYSPRV enabled before [0694] $CREATE() if not WebDAV request (for access and ownership) [0695] bugfix; DirBegin() "httpd=index&" detection (since v9.3.0) [0696] bugfix; DirEnd() suppress unless RequestEnd() AST [0697] bugfix; SsiDoDcl() report cgi=/script= query string as error [0698] bugfix; UpdBegin() [goto] processing [0699] 01-MAR-2010 MGD v10.0.1, [0700] ProxyFtpListProcessUnix() names with white-space (per JPP) [0701] ProxyResponseRebuild() !"accept-encoding" (per JPP) [0702] make proxy requests subject to throttle (per JPP) [0703] MapUrl__Map() increase some buffer sizes (per JPP) [0704] RequestRedirect() add return length (overflow) check [0705] log format 'HO' request "Host:" field [0706] log format 'RH' any request header (e.g. "RH:cache-control:") [0707] log format 'VS' request virtual service [0708] According to http://www.ietf.org/rfc/rfc2145.txt a server [0709] should respond with the minor HTTP version reflecting its [0710] own compliance rather than the client's provided the [0711] response itself is compliant with the client minor version [0712] (i.e. HTTP/1.0 requests should get HTTP/1.1 in the response [0713] status line - and now implemented by ResponseHeader()) [0714] bugfix; LoggingDo() sys$flush(&RAB) not (&FAB) [0715] bugfix; LoggingDo() initialise (zero) &DummyRequest [0716] bugfix; ProxyMaintInit() use v10orPrev10() for scan (per JPP) [0717] bugfix; ProxyTunnelReadAst() data count tx (per JPP) [0718] bugfix; ConfigAcceptClientHostName() reject [0719] 29-NOV-2009 MGD v10.0.0, [0720] WebDAV 1,2 [0721] AuthAcmeVerifyUser() requires SECURITY privilege to [0722] allow ACME$M_NOAUTHORIZATION for authentication-only [0723] when using WASD_NIL_ACCESS identifier [0724] AuthAcmeVerifyUser() and AuthVmsGetUai() can now use [0725] [AuthSYSUAFlogonType] and/or an optional authorization rule [0726] parameter 'param="logon=.."' to specify the login type [0727] (default is still NETWORK) [0728] AuthRestrictAny() uses a single set of access restrictions [0729] ACME DOI name of '*' indicates use the default of [0730] ACME$LATEST_ENABLED_AGENT_LIST rather than specified DOI [0731] (authentication realm set to the DOI authentication realm) [0732] allow for []-delimited IPv6 addresses as service names [0733] concurrently support v10 and pre-v10 logical names [0734] (use WASD_.. rather than HTTPD$.. and HT_.. logical names) [0735] move WASD process naming schema from "HTTPd:" to "WASD:" [0736] (implies the automatic creation of new rights identifiers) [0737] use STR_DSC and associated StrDsc..() functions [0738] to refine and simplify formatted and buffered output [0739] OdsNameOfDirectoryFile() no longer mandatory that a [0740] directory file actually exists to generate the name [0741] MapUrl_Map()/__Map() now have a REQUEST_PATHSET parameter [0742] (to better decouple file-system mapping and path SETing) [0743] refine loading and mapping of path SETings [0744] add HTTP status filter to WATCH [0745] DclSysOutputAst() if WATCHing DCL and non-CGI-compliant [0746] response continue to end-of-script bit-bucketing output [0747] (DECNET.C code already provides this behaviour) [0748] User-defined log format now includes 'CP' client port [0749] RequestRedirect() allow a redirect to include its own query [0750] string and then concatenate any request query with '&'.. [0751] CgiVariable() optimise single-quotation escaping (JPP) [0752] GzipShouldDeflate() do not compress Shockwave Flash [0753] increase minimum size before compression to 1400 bytes [0754] HttpdExit() add explicit traceback for AXP and IA64 (per JPP) [0755] WATCH script item [0756] (interesting and useful suggestion from Jean-Pierre Petit) [0757] callout WATCH:string (see DCL.C) [0758] CGI variable WATCH_SCRIPT indicates when script WATCHing [0759] SET css= [0760] SET put=max= [0761] SET put=rfm=[FIX512|STMLF] [0762] SET script=agent=as= [0763] SET webdav=... (multiple WebDAV related settings) [0764] [AuthSYSUAFlogonType] specifies NETWORK, DIALUP, etc. [0765] [BufferSizeNetFile] global configuration directive [0766] [BufferSizeNetMTU] global configuration directive [0767] [HttpTrace] global configuration directive [0768] [PutBinaryRFM] global configuration directive [0769] [ServiceLogFormat] a per-service user-defined log format [0770] [ServiceShareSSH] share with (allow proxy to) SSH [0771] [WebDAV...] global configuration directives [0772] "webdav:" conditional [0773] logical name WASD_NO_SYSUAF_ACME disables SYSUAF via ACME [0774] logical name WASD_NO_ACME disables ACME altogether [0775] can't believe it but some PHP script paths are [0776] exceeding a SCRIPT_NAME_SIZE of 128 - bump to 256! [0777] ServiceConfigAdd() use INADDR_ANY if host name lookup fails [0778] NetCreateService() use primary if service IP addr reset [0779] activity report has some major changes (see version log) [0780] AuthorizeResponse() allow agent reason for 403 [0781] bugfix; NetWriteStrDsc() flush all full descriptors [0782] bugfix; NetWriteGzip() ensure buffer size <= 65535 [0783] bugfix; MapUrl__Map() to URL use request ODS not path ODS [0784] bugfix; ServiceConfigFromString() create and use [0785] temporary service structure when generating report [0786] bugfix; FileAcpInfoAst() and CacheAcpInfoAst() [0787] byte-range limit negative offset [0788] bugfix; OdsNamBlockAst() deliver AST with 'AstParam' [0789] (requiring parameter changes to *lots* of AST functions [0790] called by use of OdsParse() and OdsSearch() - bugga!) [0791] bugfix; AuthVmsChangePassword() ensure that [0792] rqAuth.SysUafDataPtr is populated [0793] bugfix; MapUrl__Map() proxy 'fall-thru' [0794] bugfix; ProxyResponseRebuild() proxy->client compression [0795] chunk only for HTTP/1.1 responses and connection [0796] persistence header fields reflect non-chunked GZIP stream [0797] bugfix; HttpdSupervisor() no-progress use ->BytesRaw.. [0798] bugfix; ErrorNoticed() use of 'rqptr' (from 16-NOV-2007) [0799] bugfix; NetRead() redact into DataPtr *not* into [0800] rqNet.ReadBufferPtr (which works until subsequent read :-) [0801] bugfix; DclUpdateScriptNameCache() undo bug from fix of [0802] non-existant problem from 12-APR-2008 (talk about it!) [0803] bugfix; DclUpdateScriptNameCache() copy determined [0804] script invocation method ("@","$","=", etc.) into cache [0805] 15-MAR-2008 MGD v9.3.0, [0806] RequestReport() per-current, per-connection, [0807] per-throttle and per-history [0808] CgiGenerateVariables() suppress SCRIPT_NAME if it is an [0809] empty script name ("/") [0810] RequestGblSecUpdate() include remote user and realm in [0811] request monitor data [0812] callout REDACT: and REDACT-SIZE: [0813] support for request redaction (see DCL.C) [0814] NetRead(), RequestRedact(), RequestEnd() redact support [0815] callout NOTICED: (and auth agent NOTICED) [0816] callout OPCOM: (and auth agent OPCOM) [0817] auth agent callout SCRIPT-META [0818] DirBegin() only use query string if it begins "httpd=index&" [0819] RequestExecutePostCache() check again for RequestHomePage() [0820] before final RequestFile() [0821] [ServiceProxyAuth] CHAIN [0822] AUTH_PATH variable for authentication agents [0823] AuthConfigLoadCallBack() do not lower-case path [0824] ProxyRequestRebuild() allow "Proxy-Authorization:" header [0825] only if configured for CHAIN proxy authentication [0826] [SocketSizeRcvBuf] and [SocketSizeSndBuf] [0827] HTADMIN and AUTHHTA modules allow for CONNECT method [0828] ProxyTunnel..() provide for SSL client connections [0829] Server Activity graphing slash-delimitted 'max-requests' [0830] that scales the Y axis allowing finer detail display [0831] authorization realm agent can now be '=agent+opaque' [0832] to suppress the automatic username/password challenge [0833] accounting per-request GZIP compress percentage [0834] RequestRedirect() include response cookie(s) [0835] force ACME on VMS V7.3 and later [0836] [AuthSYSUAFuseACME] obsolete [0837] bugfix; GraphActivityPlotBegin() X axis scaling for [0838] non-integral factors [0839] bugfix; GraphActivityReport() uninitialised 'cptr' before [0840] use in processing '"form"-based query string' [0841] bugfix; AdminMenu() JavaScript doIt() call [0842] bugfix; RequestGet() buggy browser kludge (per JPP) [0843] bugfix; CONNECT proxy authorization [0844] bugfix; AuthCacheGblSecInit() (per JPP) [0845] bugfix; ProxyVerifyGblSecInit() (per JPP) [0846] bugfix; SesolaCacheGblSecInit() (per JPP) [0847] 19-MAY-2007 MGD v9.2.1, [0848] RequestGet() now handles extraneous which [0849] buggy browsers can incorrectly insert after the body [0850] of a valid request (See RFC 2616 section 4.1) [0851] ProxyRequestBegin() restrict HTTP methods for FTP scheme [0852] ProxyFtpLifeCycle() process HEAD as for GET [0853] ProxyResponseRebuild() make request HTTP version a [0854] consideration before chunking proxy->client (with JPP) [0855] RequestExecutePostAuth1() kludge to allow 'implied' scripts [0856] CgiGenerateVariables() provide TRACK_ID if present (for JPP) [0857] bugfix; DclBegin() agent runs under default account [0858] bugfix; MapUrl_Map() auth agent modifying path SETings [0859] bugfix; DirFormatAcpInfoAst() 'S' (size) processing for [0860] block totals at the end of a listing [0861] bugfix; agent mappings using VMS-USER: not being cached [0862] bugfix; GzipDeflateCache() allow for cached CGI header [0863] bugfix; CacheNext() don't adjust GZIP content for CGI header [0864] bugfix; ConfigLoadCallback() post-process sanity checking [0865] for 'NetConcurrentMax' and 'NetConcurrentProcessMax' [0866] bugfix; BodyReadBegin() 413 set status before declaring AST [0867] bugfix; ProxyRequestRebuild() proxy verify [0868] "Authorization:" request header field carriage-control [0869] bugfix; ProxyNetConnectPersist() rejects all further [0870] requests once ProxyConnectPersistMax has been hit [0871] 04-NOV-2006 MGD v9.2.0, [0872] significantly enhance WATCH filtering [0873] added REG_NEWLINE to REGEX_C_FLAGS so that anchors match [0874] newlines in strings to support 'Request' filter in WATCH [0875] access logging now supports an HOURLY period [0876] remove file name length constraint for access logs created [0877] on an ODS-5 volume (allows full host name components, etc.) [0878] ProxyTunnelChainConnect() and ProxyTunnelChainConnectAst() [0879] to implement raw tunnelling through an intermediate proxy [0880] maintenance; there seem to have been some changes in the [0881] underlying TCP/IP Services handling of shared sockets [0882] so NetAcceptAst() set socket share on client and ... [0883] NetClientSocketCcl() to control BG device carriage-control [0884] (to parallel the APACHE$SET_CCL.EXE functionality) [0885] DclCalloutDefault() add GATEWAY-CCL: callout to allow [0886] BG device carriage-control from running script [0887] RequestHttpStatusCode() provides more fine-grained HTTP [0888] response status code accounting (mainly for WOTSUP) [0889] DirFormat() and DirFormatSize() allow in-line layouts to [0890] specify size with VMS format listings, as well as [0891] adding size specification of 'V' (VMS-ish, in blocks) [0892] use PercentOf() and QuadPercentOf() for more accurate and [0893] more consistent percentages [0894] AdminMenu() status panel (time, connect, request) mods [0895] AdminMenu() instance [active][standby] functionality [0896] (service item) network connection [Purge][All] [0897] activity graph; add request peak data [0898] ('network connections' has been masquerading as this) [0899] (also see 'CRAZY' note in GraphActivityReport()) [0900] for authorization add '+=' to realm default syntax for [0901] realm default to be concatenated to any path access [0902] /DO=INSTANCE=ACTIVE|STANDBY [0903] /DO=NET=PURGE[=ALL]|SUSPEND[=NOW]|RESUME [0904] NetPassive() and NetActive() to allow non-supervisor [0905] instances to be made quiescent [0906] NetSuspend() and NetResume() to allow halt and resume [0907] request processing [0908] NetPurge() to remove network connections [0909] increase AUTH_MAX_PATH_PARAM_LENGTH from 127 to 255 [0910] (initially prompted by development of AUTHAGENT_LDAP) [0911] add 'ConnectSuspend', 'InstancePassive', 'LastExitTime64', [0912] 'LastExitPid' and 'ResponseStatusCodeCount[]' to global [0913] section [0914] bugfix; LoggingDo() changes for daily period test [0915] to support hourly logging (thanks again JPP) [0916] bugfix; SsiEnd() propagate included document user variables [0917] back into parent document to ensure they remain *global* [0918] bugfix; GzipShouldDefault() uninitialized 'cptr' when no [0919] content-type would cause WatchThis() "!AZ" to barf if [0920] 'cptr' was non-NULL but pointed into an invalid page [0921] bugfix; NetAcceptProcess() and NetDirectResponse() [0922] should issue 503 for 'too busy', not 502 [0923] bugfix; StringMatchAndRegex() regular expression [0924] 'MatchType' detection prior to pre-match [0925] bugfix; ThrottleReport() column alignment of 'busy' and [0926] 'total' percentages in second row of per-path statistics [0927] bugfix; NetAccept(), NetAcceptAst(), NetAcceptProcess() [0928] nasty problem where multihomed servers 'svptr' confusion [0929] (due to the multihome pointer manipulation) could result [0930] in an attempted re-queue of an accept on a service that [0931] did not correspond to the original accept AST delivery [0932] with the result that no accept ended up being queued [0933] bugfix; ResponseHeader() and NetWrite() accomodate 304 [0934] bugfix; RequestGet() timestamp the event immediately [0935] bugfix; AuthConfigLine() propagate 'RealmCanString' by [0936] making it static storage (doh) [0937] bugfix; MenuFileDescription() status from OdsParse() [0938] bugfix; StmLfLog() -E- to -I- for non-status-value call [0939] 11-MAY-2006 MGD v9.1.4, [0940] 'Proxy affinity' courtesy of Jean-Pierre Petit (esme.fr) [0941] (see PROXY.C for an explanation of what all this means) [0942] enabled per-service using [ServiceProxyAffinity] or [0943] per-path using SET PROXY=[NO]AFFINITY [0944] SesolaCacheInit(), in conjunction with AuthConfigInit() [0945] noting the presence of any X509 realm, automatically [0946] adjusts multi-instance, SSL session cache record size [0947] to accomodate potential client certificate [0948] SesolaInit() added ICACHE=SIZE= and SSL=ICACHE=RECORD= to [0949] allow manual configuration of instance SSL session cache [0950] RequestRedirect() "//:port/path" (i.e. begins with "//:") [0951] allows a redirect to a different port on the same host [0952] increase MapUrl__Map() WildBuffer[] storage to 4096 [0953] increase HOST_STORAGE from 236 to 1004 as an interim [0954] workaround for SS$_ENDOFFILE when storage insufficient [0955] (jpp@esme.fr) - why doesn't it return SS$_RESULTOVF?!! [0956] SesolaCacheInit() if boolean 'AuthRealmX509' indicates X509 [0957] realm is in use then use a larger session cache record [0958] potential bugfix; CgiOutput() CGI_OUTPUT_MODE_CRLF output [0959] count should be checked for zero before negative index [0960] potential bugfix; when URL-encoded decoding use unsigned [0961] char to prevent sign bit issues with the likes of %FC [0962] bugfix; non-SSL SesolaCacheInit() should return not bugcheck! [0963] bugfix; SSL_shutdown() problem reported by JPP [0964] introduce SesolaNetReadAst() and SesolaNetWriteAst() [0965] to defer reset of AST function address used to indicate [0966] AST-in-progress in other parts of the code [0967] bugfix; CgiOutput() empty 'record' in stream mode should be [0968] ignored and not have carriage-control adjusted (JFP) [0969] bugfix; 'RQ' include method (equivalent of Apache "%r") [0970] bugfix; 'EM', 'ES' and 'UE' arithmetic ('doh'!?) [0971] bugfix; DECnetWriteRequestBody() suppress empty record on [0972] end-of-body for OSU (call DECnetWriteRequestBodyAst()) [0973] to prevent it interfering with functionality [0974] bugfix; HttpdTimerSet() TIMER_PERSISTENT (jpp@esme.fr) [0975] bugfix; RequestFields() allow for header lines with no [0976] white-space between field name and value (jpp@esme.fr) [0977] 24-NOV-2005 MGD v9.1.3, [0978] authorization OPAQUE realm to allow a script to completely [0979] generate it's own authentication challenge and processing [0980] bugfix; MapUrl__Map() SCRIPT result copy not checking [0981] for null resulting in occasional overflow error status [0982] bugfix; FileNextBlocks() ensure VARiable record format [0983] files have records read on word (even byte) boundaries [0984] bugfix; AuthConfigProxyMap() set cache record SYSUAF [0985] authentication boolean in tandem with request boolean [0986] bugfix; DclSysCommandAst() allow for the queued [0987] post-CGIplus script STOP/ID=0 and EOF [0988] bugfix; copy sentinals into request storage to prevent [0989] them (potentially) being overwritten by an early call [0990] to DclScriptProcessCompletionAST() [0991] bugfix; ResponseHeader() ensure a charset= supplied with [0992] a text content-type (e.g. from a CGI script) is used [0993] 15-SEP-2005 MGD v9.1.2, [0994] metacon "server-protocol:" as "1.1", "1.0", "0.9" [0995] SET proxy=reverse=[no]auth (jpp@esme.fr) [0996] AuthAcmeVerifyUser() remote IP address to refine intrusion [0997] data and reduce possibility of DOS attack on usernames [0998] support multiple IP addresses in host cache (jpp@esme.fr) [0999] support proxy to origin server failover (jpp@esme.fr) [1000] [ProxyConnectTimeoutSeconds] configures period proxy to [1001] origin server connection is attempted (1-60 seconds) [1002] add selected request data to ErrorNoticed() report [1003] /DO=ZERO=NOTICED to reset 'errors noticed' accounting [1004] refine OPTIONS ResponseOptions() to provide "Allow:" [1005] bugfix; raw proxy tunnelling requires a contrived connect [1006] request in NetRead() to initiate an AST to RequestGet() [1007] bugfix; AuthAcmeVerifyUser() ACME$_LOGON_TYPE requires [1008] IMPERSONATE (DETACH) privilege for VMS V7.3-1 and earlier [1009] bugfix; DECnetOsuDialog() allow CgiOutput() error responses [1010] bugfix; initialize TcpIpHostCacheExpireSeconds (jpp@esme.fr) [1011] 10-JUL-2005 MGD v9.1.1, [1012] [[?]] and service:? to match unknown virtual service [1013] OpenSSL v0.9.8 changed macro name EVP_F_EVP_DECRYPTFINAL [1014] bugfix; adjust CacheMemoryInUse/CachePermMemoryInUse [1015] bugfix; GzipDeflateCache() ambit buffer size calculation [1016] too small for small content lengths (just allow heaps!) [1017] 26-JUN-2005 MGD v9.1.0, [1018] SET throttle=/ per-user throttle [1019] SET script=symbol=[no]truncate [1020] allow for VMS V8.2 64 byte lksb$b_valblk [1021] /DO=DCL=[PURGE|DELETE]=[USER|SCRIPT|FILE]= [1022] script processes by username, script name, or file name [1023] /DO=NOTE= to provide admin mapping notes [1024] /DO=THROTTLE=[TERMINATE|RELEASE]=[USER|SCRIPT]= [1025] throttled requests by username or script name [1026] AdminMenu() [/DO=] button/field and supporting functionality [1027] caching of GZIP compressed content [1028] proxy cache GZIP compressed content [1029] revised multihoming so that the client specified IP address [1030] of a accept()ed connection is used to identify the service [1031] (this allows easier isolation of SSL certificates, etc.) [1032] metacon 'instance:' to allow testing of WASD instances [1033] metacon 'multihome:' to allow detection of mismatched [1034] multihomed IP addresses and services [1035] metacon 'note:' to allow testing of admin conditional notes [1036] metacon 'robin:' to allow round-robin distribution [1037] CGI variable SERVER_MULTIHOME present when above true [1038] provide PWDMIX mixed-case plus printable char passwords [1039] in AuthVmsVerifyPassword() and AuthVmsChangePassword() [1040] CgiVariable() allow path mapping script=symbol=truncate to [1041] truncate a CLI symbol within the limit of the current VMS [1042] version capacity, noting this in SERVER_TRUNCATE variable [1043] SesolaInitService() no longer needs to clone [1044] modify VM statistics to a max of 1024 pages and granularity [1045] of 8 (GZIP significantly increased memory requirements) [1046] DclTaskRunDown() proactively handle task after SS$_NONEXPR [1047] ProxyMaintSupervisor() return if caching not enabled [1048] IA64 TcpIpSetAgentInfo() Multinet uses UCX$IPC_SHR [1049] in the image header (TCP/IP Services' TCPIP$IPC_SHR) [1050] AuthVmsVerifyUser() WATCH which flag causes failure [1051] allow client-side GZIPing of non-GZIPed proxied responses [1052] (courtesy Jean-Pierre Petit at jpp@esme.fr) [1053] allow config files to be a logical search list [1054] (initially to support multiple language HTTPD$MSG files) [1055] relax configured file type check if path SETing [1056] script=command=<..> provides a full activation command [1057] HTTPD$VERIFY can now specify a REMOTE_ADDR IP address [1058] allow report path to exclude using negative codes [1059] SSI to response header [1060] SSI to pre-expire [1061] make EXQUOTA (particularly ASTLM) a little more obvious [1062] bugfix; remove mutex around spurious wake counter [1063] bugfix; MetaConLoad() allocate structure before non-filename [1064] return! (revealed by Alex Daniels with no HTTPD$SERVICE) [1065] bugfix; prevent expired SYSUAF password from being cached [1066] bugfix; ProxyEnd(rqptr) should be ProxyEnd(ktptr) in [1067] ProxyNetHostConnectAst() (jpp@esme.fr) [1068] bugfix; FileResponseHeader() if none-match entity and [1069] IfModifiedSince() logic [1070] bugfix; GzipDeflateCache() ambit buffer size caclulation [1071] (captr->ContentLength >> 9) now (.. >> 7) (jpp@esme.fr) [1072] bugfix; MapOdsUrlToOds2Vms() DECnet access string should [1073] be able to support the space required for password [1074] bugfix; HTTP_METHOD_.. constants needs to be a bitmap! [1075] bugfix; the Ben Burke collection :-) [1076] bugfix; SesolaNetClientShutdown() remove SSL_shutdown() [1077] (revealed by https: tunnelling shutdown) [1078] bugfix; keyword search exclusion on configured file type [1079] 04-FEB-2005 MGD v9.0.2, [1080] SET script=control=<...> [1081] [GzipFlushSeconds] controls GZIPed response flush interval [1082] NetWriteGzip() abandon using argument counts to determine [1083] AST usage or direct call, use NetWriteGzipAst() instead [1084] RequestParseAndExecute() and ProxyRequestBegin() remove [1085] explicit disable of POST & PUT connection persistence [1086] CgiOutput() if "Location:" is supplied but no HTTP [1087] status turn it into a 302 (see also ResponseHeader()) [1088] ResponseHeader() include 'rqResponse.LocationPtr' [1089] GzipShouldDeflate() disable PDF deflation by default [1090] bugfix; aarghh! NetWriteGzip()/NetWriteGzipAst() [1091] bugfix; ServiceConfigAdd(), NetHostNameLookup() status check [1092] bugfix; ProxyReadResponseAst() if required, chunking needs [1093] to be performed after header as well as body processing [1094] bugfix; NetWriteChunked() ensure an empty body is [1095] terminated with a chunk of zero [1096] bugfix; NetWrite() distinguish between "empty" data and [1097] end-of-stream (inducing occasional ZLIB buffer errors) [1098] bugfix; AuthorizeRealm() check for login cookie before [1099] revalidating new cache record credentials (jpp@esme.fr) [1100] 22-DEC-2004 MGD v9.0.1, [1101] introduce chunked responses where content-length is [1102] unknown to enhance connection persistence behaviour [1103] SET response=[no]chunked [1104] CGI Script-Control: X-transfer-encoding-chunked[=0|1] [1105] in Sesola_read() and Sesola_write() remove [1106] BIO_set_retry_..() and BIO_clear_retry_..(), [1107] bugfix; NetWriteGzip() AST no remaining data length [1108] bugfix; Sesola_read_ast() and Sesola_write_ast() [1109] zero I/O status block count on error status [1110] bugfix; MapOdsVmsToUnix() empty if empty [1111] 01-DEC-2004 MGD v9.0.0, [1112] HTTP/1.1 compliance [1113] persistent connections over SSL [1114] persistent proxy connections [1115] proxy tunnelling [1116] significant changes to proxy cache file processing [1117] GZIP transfer-encoding (reponse and request) [1118] allow ResponseHiss() kBytes [1119] allow throttling with zero requests being processed [1120] metacon 'request-method:?' tests for HTTP extension method [1121] metacon refined directive and request header field processing [1122] request redirect, CGI variable and proxy request field [1123] processing refined [1124] SET report=tunnel [1125] SET response=gzip=<...> [1126] SET script=body=[no]decode [1127] SET script=syntax=[no]unix [1128] [ConnectMax] (supercedes [Busy]) max concurrent connections [1129] [EntityTag] enables the generation of file "ETag:", [1130] [GzipAccept] accept gzip encoded request bodies [1131] [GzipResponse] level[,memory,window] gzip encoded responses [1132] [LogWriteFail503] service unavailable 503 response when [1133] access log write fails [1134] [PipelineRequests] enables pipeline processing [1135] [ProcessMax] max concurrent requests being processed [1136] [ProxyCacheNegativeSeconds] for non-success responses [1137] [ProxyConnectPersistMax] and [ProxyConnectPersistSeconds] [1138] for controlling proxy->server connection persistence [1139] [ServiceProxyTunnel] connect | firewall | raw [1140] [ServiceClientSSLcert] and others allow outgoing SSL config [1141] [TimeoutPersistent] supercedes [TimeoutKeepAlive] [1142] CGI Script-Control: X-content-encoding-gzip[=0|1] [1143] bugfix; FileVariableRecord() memset only if positive [1144] bugfix; (authorization) agents should not begin to read [1145] a POSTed request body (Jean-Pierre Petit, jpp@esme.fr)) [1146] bugfix; CgiOutputFile() missing sizeof(FILE_CONTENT) [1147] when VmReallocHeap() increasing buffer space [1148] bugfix; AuthReadSimpleList() group member password check [1149] 02-OCT-2004 MGD v8.5.3, [1150] revalidation periods and '?httpd=logout&goto=...' [1151] change from self-relative to absolute links in "Index of" [1152] anchor generation (broke usage in some SSI documents) [1153] bugfix; MetaconClientConcurrent() if IP address not the same! [1154] bugfix; auth=revalidate= is minutes not seconds [1155] bugfix; even number of bytes on a disk $QIO READVBLK [1156] bugfix; HttpTimerSet() after mapping in case of SET timeout [1157] bugfix; ServiceFindVirtual() port string comparison [1158] 31-JUL-2004 MGD v8.5.2, [1159] bugfix; StringMatchAndRegex() SMATCH__GREEDY_REGEX [1160] bugfix; (potential anyway) PutWriteFileClose()/PutEnd() [1161] bugfix; TcpIpNetMask() result in AuthRestrictList() [1162] bugfix; ProxyFtpPasvData() if PASV response address [1163] is 0.0.0.0 then use connect address [1164] 30-JUN-2004 MGD v8.5.1, [1165] bugfix; HttpdExit() INHIB_MSG test [1166] 07-JUN-2004 MGD v8.5.0, [1167] IPv6 (concurrent with IPv4) support [1168] ACME authentication (realm) [1169] [AuthSysUafUseACME] config directive [1170] config directives [DNSLookupClient] (formerly [DNSLookup]), [1171] [DNSLookupLifeTime] and [DNSLookupRetry] [1172] config directive [ProxyHostCachePurgeHours] obsolete [1173] SYSUAF user verification now checks pre-expired passwords [1174] changes to eliminate RMS from file access and proxy cache [1175] (WASD's doing all the content conversion work anyway!) [1176] by using ACP/QIOs and massaging record content explicitly [1177] (outgrowth of returns from 8.4.3 changes in this area) [1178] on-disk structure for each PASS result (ODS-2 or ODS-5) [1179] is applied to a path unless otherwise SET with ODS= [1180] bugfix; file cache pointer initialization before [1181] first call to CacheNext() [1182] bugfix; agent script should have non-strict-CGI ignored [1183] (stupid problem introduced with script output caching) [1184] 04-MAR-2004 MGD v8.4.3, [1185] read variable record format files using block IO and then [1186] explicitly process those records to produce a stream-LF [1187] block of data in their place! [1188] (provides in excess of 400% throughput boost!!! :^) [1189] set script process default directory before activation [1190] set script process parse extended/traditional if path ODS set [1191] CGI 'Script-Control: X-content-handler=SSI' field [1192] absorb CGI/NPH header during script CGI processing [1193] SET ssi=exec= [1194] script=default= [1195] SSI can now be enabled on a per-path basis using 'ssi=exec=#' [1196] SSI #exec (#dcl) directives can be allowed on per-path basis [1197] using SET ssi=exec= (e.g. 'ssi=exec=say,show') [1198] 'delete-on-close' file specification extended [1199] SSI [1200] metacon add server_process_gt:, change to client_connect_gt: [1201] and server_connect_gt: to better reflect functionality [1202] service access log report (last 65kB of an access log) [1203] add connect processing and keep-alive accounting items [1204] DECC 6.2 objected to '$DESCRIPTOR(name,ptr->string)' [1205] bugfix; rare RECTOOBIG on variable record length file where [1206] longest record exceeded 'OutputBufferSize' so initialize [1207] buffer to maximum of 'OutputBufferSize' or file lrl [1208] bugfix; RequestExecute() re-set error by redirect [1209] bugfix; ErrorGeneral() always get module name and number [1210] bugfix; DclAllocateTask() CGIplus with virtual services [1211] bugfix; ProxyFtpListProcessUnix() maximum fields handling [1212] 08-JAN-2004 MGD v8.4.1, [1213] SET response=header=[no]add[=""] [1214] 04-JAN-2004 MGD v8.4.0, [1215] compilation and run-time support for IA64 [1216] for VMS 7.3-2 and later take advantage of the larger [1217] EDCL CLI line (255->4095) and symbol (1024->8192) sizes [1218] 'config directory' located authorization databases [1219] authorization path keyword 'final' to conclude further [1220] rule mapping at that point (as if none matched) [1221] rule mapping "set map=root=" allows a set of rules [1222] to be rooted to a particular path (CGI document-root) [1223] support "Range: bytes=[,..]" request field [1224] for non-VAR-record files and cached files [1225] provide network mode operation (server and scripts) [1226] revise detached process cleanup candidate identification [1227] (now requires CMKRNL privilege to use $GRANTID service) [1228] modify DCL.C script activation code (allow qualifiers [1229] and/or parameters to be supplied from path setting) [1230] extensive rework of cache module to allow non-file content [1231] (e.g. script) output to be cached [1232] [CacheGuardPeriod] configuration directive [1233] optional HTTPD$MSG [language] 'charset=' parameter [1234] HTA database now "read [record] regardless of lock" [1235] SET cache=[no]cgi, cache=expires=, cache=[no]file, [1236] cache=[no]net, cache=maxkbytes=, cache=[no]nph, [1237] cache=[no]script, cache=[no]ssi, [1238] map=root=, [1239] map=set=[no]ignore, map=set=[no]request, [1240] proxy=reverse=location=, proxy=reverse=verify, [1241] response=header=[append|full|none], [1242] script=command= [1243] reverse-proxy 302 "Location: ..." response can have the [1244] location URL rewritten to reflect the original host [1245] reverse-proxy can be locally authorized and then have [1246] that verified by the proxied-to server (UMA) [1247] metacon "document-root:" ('DR') reflects "set map=root=" [1248] add "client_current_gt:" and "server_current_gt:" [1249] /PERSONA=IDENT= is now available for PERSONA_MACRO [1250] mapping now URL-encodes a redirect wildcard path portions [1251] rework some report item format and content [1252] check Digest authentication against Mozilla 1.4 [1253] only check SYSUAF secondary password expiry date/time [1254] if the secondary password hash is not empty [1255] bugfix; error report by redirect, set after virtual host [1256] bugfix; GraphActivityPlotBegin() and GraphActivityDataScan() [1257] signed/unsigned issue masking out request value [1258] bugfix; chained proxy CONNECT processing [1259] bugfix; keep track of outstanding body reads [1260] bugfix; according to the doco "Index of"s from SSI should [1261] not be delimited top or bottom (up to SSI to caption it!) [1262] bugfix; DclScriptProcessPurge() [1263] 12-OCT-2003 MGD v8.3.2, [1264] bugfix; DECnet allow for outstanding network writes [1265] bugfix; "internal" script detection [1266] bugfix; MetaConLoad() [IncludeFile] [1267] bugfix; ProxyRequestRebuild() rebuild buffer space [1268] bugfix; suppress output after "Script-Control: x-error..." [1269] bugfix; keyword search exclude file type [1270] bugfix; notepad needs to be explicitly NULLed [1271] bugfix; MAP-FILE: stripping leading character [1272] bugfix; DECnet allow for outstanding body reads [1273] 15-AUG-2003 MGD v8.3.1, [1274] allow the database directory location to be specified using [1275] authorization rule 'param="/directory=device:[directory]"' [1276] allow for and keep track of $HIBER spurious wakes [1277] massage SYSUAF-authenticated remote username to comply [1278] with VMS requirements [1279] suppress digest auth challenge except for HTA and external [1280] where CDATA constraints make using entity impossible [1281] use a field name of hidden$lf and ^ substituted [1282] with the BODY.C module doing some sleight-of-hand with it [1283] (modern browsers like Mozilla were having issues) [1284] BODY_DISCARD_CHUNK_COUNT made *very* large [1285] bugfix; ServiceConfigReviseNow() form element names must be [1286] unique (technically correct, enforced by modern browsers) [1287] bugfix; AuthCacheAddRecord() [1288] bugfix; check for NULL pointer 'cnptr->ReuseConnection' [1289] bugfix; DECnetCgiDialog() not strict wait for EOF sentinal [1290] bugfix; do not allow SET mapping during a callout [1291] bugfix; use _BBCCI() to clear the mutex in InstanceExit()!! [1292] bugfix; SesolaCacheAddRecord() oldest tick second [1293] 28-JUN-2003 MGD v8.3.0, [1294] regular expression support [1295] [AuthFailurePeriod], [AuthFailureTimeout], [1296] [ProxyUnknownRequestFields], [RegEx] directives [1297] SET cache=[no]perm, cache=max= [1298] SET notepad= and if (notepad:) [1299] metacon "notepad:", "regex:", "request:" ('RQ'), "restart:" [1300] [Match] Server Admin item, report, and WATCH item [1301] file cache support for permanent and volatile entries [1302] improve efficiency RequestRedirect() & ProxyRequestRebuild() [1303] store and provide unrecognised request header fields [1304] rework break-in detection and processing [1305] (configuration defaults to LGI sysgen parameters and now [1306] operates in the same way as described for general VMS) [1307] /SYSUAF=(VMS,ID) allows concurrent VMS and ID authorization [1308] add proxy cache device error count statistics [1309] home pages may now be [Welcome]+[DclScriptRunTime] specified [1310] (i.e. provided via scripting environments such as PHP) [1311] request heap statistics and VmRequestTune() [1312] bugfix; add HTTP protocol to combined/common format URL [1313] bugfix; request body to be read needs to be the smaller of [1314] remaining body or buffer size (jpp@esme.fr) [1315] bugfix; InstanceMutex..() use _BBCCI() to clear the mutex [1316] bugfix; FILE.C FileSetCharset() following CacheSearch() [1317] moved to CACHE.C module (ACCVIO if entry NULLed) [1318] bugfix; ProxyMaintDeviceStats() volume count (set) handling [1319] bugfix; ServiceConfigFromString() (jpp@esme.fr) [1320] bugfix; DirFormatLayout() static flags (jpp@esme.fr) [1321] bugfix; request SET Html.. memory allocation (jpp@esme.fr) [1322] bugfix; MetaConParse() decrement index (back) when [1323] not currently executing an if()inline directive [1324] bugfix; (and refine) DECnetSupervisor() [1325] bugfix; DclSysOutputAst() do not rundown script process [1326] if the error generated came from "Script-Control:" [1327] bugfix; CGI(plus) allow for '!' from (!$blah) mapping rule [1328] 09-APR-2003 MGD v8.2.0, [1329] some minor logging format changes for server entries [1330] wildcard and comma-separated list of languages [1331] can be specified (e.g. "[Language] es-ES,es,es-*") [1332] [ProxyForwarded] supercedes [ProxyAddForwardedBy] with [1333] proxy=forwarded[=...] mapping rule [1334] [ProxyXForwardedFor] configuration directive with [1335] proxy=xforwardedfor[=...] mapping rule to support [1336] proxy generation of "X-Forwarded-For:" header field [1337] authentication agent '100 REASON any text' [1338] script=as=$? to indicate optional use of SYSUAF username [1339] SET dir=style[=default|original|anchor|htdir], [1340] SET html=[bodytag|header|headertag|footer|footertag]=[..] [1341] and incorporation in "Index of", selected other facilities [1342] SET cgiplusin=[none|cr|lf|crlf], SET cgiplusin=eof, [1343] SET script=query=none, SET script=path=find, [1344] SET [no]search=none [1345] disable 'NetMultiHomedHost' (should not be required [1346] for modern virtual service processing) [1347] script=params=+(name=value) concatenates to any existing [1348] HTAdminPasswordChange() check for VMS group write [1349] processes created using HttpdDetachServerProcess() now have [1350] a YYYYMMDDHHMMSS timestamp as part of the process log name [1351] with RTEs look first for one that was executing the same [1352] script, then if not found fall back to (any) LRU RTE [1353] SYSUAF security profile via rule and /PROFILE=BYRULE [1354] script as SYSUAF username can be requested with auth rule [1355] allow [[service]] to include the [[scheme://service]] [1356] relax ServiceParse() so that [[the.host.name]] is accepted [1357] enable SYSPRV in HTAdminDatabaseSearch() [1358] relax initial CGI response line checking [1359] build 'records' from script single byte output streams [1360] general (non-RTE) run-time allowed with (!..) syntax [1361] both run-time specifications allowed with SCRIPT rule [1362] added GATEWAY_EOF/EOT/ESC CGI variables [1363] sentinals changed to have only RMS-compliant characters [1364] supply more detail from "%DCL-E-OPENIN, blah" responses [1365] SesolaParseCertDn() record /email and /emailAddress [1366] bugfix; Alpha VMS V7.1 or earlier sys$persona_assume() [1367] needs to be used in the same way as for VAX [1368] bugfix; RequestRedirect() append remain CGI response header [1369] bugfix; body provision for script processing restart [1370] bugfix; proxy FTP ResponseHeader() content-length of zero [1371] bugfix; StringParseQuery() loop on string overflow [1372] bugfix; HTAdminPasswordChange() cache reset realm [1373] bugfix; error recovery in Sesola_read() and Sesola_write() [1374] bugfix; DECnetFindCgiScript() foreign verb creation [1375] 10-JAN-2003 MGD v8.1.1, [1376] SET script=query=relaxed [1377] AuthVmsLoadIdentifiers() more flexible [1378] bugfix; ControlEnqueueCommand() occasional race condition [1379] 07-DEC-2002 MGD v8.1.0, [1380] SET auth=all (path must be subject to authorization or fail) [1381] CGI 'Control-Script:' X-error-... fields [1382] add 'mp' mapping and 'mapped-path:' metacon conditionals [1383] add 'rc' mapping and 'redirected:' metacon conditionals [1384] add 'st' mapping and 'script-name:' metacon conditionals [1385] add "path-translated:" metacon conditional [1386] skeleton-key authentication [1387] refine mapping rule processing to ensure that paths with [1388] forbidden syntax generate RMS bad syntax [1389] check for device and directory (minimum) before parse [1390] refine metacon reporting (reporting detected errors to OPCOM) [1391] the server now detects the presence of HTTP$NOBODY [1392] account and scripts using that [1393] if the server is using HTTP$NOBODY or /script=as= [1394] DECnet scripting now uses the same account [1395] refine VMS security profile usage (no, just coincidence!) [1396] to allow VMS profile authorized requests to override [1397] directory listing controls (amongst other things) [1398] server process log is now accessable via the Admin Menu [1399] additional mapping functionality (SET query-string=) [1400] no sneaky getting directory contents by downloading files! [1401] CGI.C in non-strict CGI mode report anything like [1402] "%DCL-E-OPENIN, blah" as a failed script activation [1403] PUT.C allow for white-space in multipart file names [1404] bugfix; in OdsNameOfDirectoryFile() use SYSPRV [1405] around sys$parse() to ensure access to directory [1406] bugfix; set path dir=access not ignored [1407] 25-SEP-2002 MGD v8.0.1 [1408] additional persona counters [1409] /script=as= allows a NOBODY scripting environment [1410] without enabling PERSONA in general [1411] require account SYSPRV for certain command-line activities [1412] implement /persona=[authorized|relaxed|relaxed=authorized] [1413] to prevent inadvertant scripting using privileged accounts [1414] HttpdDetachServerProcess() [STARTUP]STARTUP_SERVER.COM [1415] MapOdsElementsToVms() excise parent directory syntax [1416] only use MapUrl_VmsUserName() path ODS if not already set [1417] SET report=4nn=nnn for mapping HTTP status [1418] SET map=ellipsis now required to map VMS '...' wildcard [1419] SET dir=charset= directory listing charset mapping rule [1420] support 'script=as=' functionality, plus DECnet variants [1421] NODE"$":: substitutes SYSUAF authenticated username into [1422] access string (for proxy access to account) and [1423] NODE"~":: substitutes '/~username/' username in same way [1424] set path en/decoding for RSI (MultiNet NFS), PATHWORKS (v4), [1425] Advanced Server (PATHWORKS v6) / Samba file naming schemas [1426] (as well as for ODS-2 and ODS-5) [1427] AuthVmsCheckUserAccess() traps SS$_NOCALLPRIV returning [1428] SS$_NOPRIV to allow directory listings of DFS volumes [1429] introduce fab$b_rfm and fab$b_rat as fields to allow [1430] PUT.C to specifically set these attributes as required [1431] refine SesolaReport() for obtaining service ciphers [1432] (OpenSSLv0.9.6f/0.9.7-beta break it) [1433] local redirection should have the path re-URL-encoded [1434] FAO change function of "!&U" to "!&P", new "!&U" [1435] enhance authentication and SSL global section creation [1436] allow for 'pass /* 400' (i.e. no trailing message) [1437] RFC1413 authorization with DNS lookup use host name to [1438] construct remote user string [1439] rework path alert notification for greater functionality [1440] bugfix; make ServiceConfigLoad() file not found non fatal [1441] bugfix; ConfigIconFor() terminate on content-type [1442] bugfix; if restart MIME boundary matching algorithm [1443] using that char (allow for --..boundary) [1444] bugfix; 'Xray' broken in v8, repaired and reworked [1445] bugfix; always revalidate X509 and RFC1413 [1446] (for path authorization after script) [1447] bugfix; 'script' and 'exec' MetaConParseReset() state [1448] bugfix; set AuthCacheRecordSize from HTTPD$CONFIG value [1449] bugfix; when discarding via BodyReadBegin() use BodyRead() [1450] to queue a network read only if data is outstanding [1451] bugfix; template/result wildcard checking for scripting rules [1452] bugfix; do not count callout records for CGI header purposes [1453] 03-JUL-2002 MGD v8.0.0 [1454] "instance" capability (loosely coupled, multiple [1455] socket/service-sharing servers on the one system) [1456] meta-config (integrated config, mapping, service, auth), [1457] provide "module WATCHing" for on-line, ad hoc debug [1458] SET script=params=(name=value), proxy=bind=
and [1459] proxy=chain= mapping rules [1460] asynchronous block processing of POST and PUT request body [1461] some accomodations for Mozilla-HTTP/1.1 "Cache-Control:" [1462] improve performance with EFN$C_ENF and use explicitly [1463] allocated event flags for avoiding potential interactions [1464] client host name lookup now asynchronous [1465] FTP proxying processing [1466] /DEMO demonstration mode [1467] 29-JUN-2002 MGD v7.2.3 [1468] some accomodations for Mozilla-HTTP/1.1 "Cache-Control:" [1469] bugfix; [ProxyCacheNoReloadSeconds] parsing [1470] bugfix; (well sort of) it would appear that after NO_CONCEAL [1471] searching and a sys$open() must sys$close() *before* the [1472] SYNCHCK sys$parse() release resources otherwise a channel [1473] bugfix; ensure when OdsParse() is used successively with [1474] the same ODS structure that previous resources are first [1475] released (can present a problem unique to search lists) [1476] to the device is left assigned!! [1477] bugfix; ensure sys$search() RMS channel is released [1478] bugfix; ProxyResolveHostCache() NULL 'rqptr' [1479] bugfix; account/password expiry [1480] bugfix; DclFindFileEnd() reset result file name [1481] bugfix; SsiAccessesClose() now synchronous using SYSPRV [1482] 13-APR-2002 MGD v7.2.2 [1483] Authorize() allow /NO401 parameter to suppress server [1484] challenge to allow external agent to response (e.g. PHP) [1485] ProxyHostConnectAst() invalidate host cache entry [1486] NetCreateService() checks previously bound address [1487] MapOdsUrlToVms() eliminate chance of device:[.directory] [1488] make a proxy reactive purge initially more agressive [1489] keep-alive decision logic to RequestFields() [1490] bugfix; ensure only one request revalidates a cache entry at [1491] a time (multiple could cause eventual channel exhaustion) [1492] bugfix; switch return not break with next reactive scan [1493] bugfix; AuthConfigProxyMap() wildcard string results [1494] bugfix; ODS-5 parent directories with multiple periods [1495] bugfix; command-line proxy cache maintenance reporting [1496] bugfix; FileNextRecordAst() VAR file into contents buffer [1497] bugfix; MAPURL.C throttle report [1498] bugfix; AuthCacheAddRecord() and host group without "host=" [1499] bugfix; reset SSL state to SSL_ST_OK if renegotiation fails [1500] bugfix; DclTaskRunDown() reset script task type [1501] bugfix; MsgFor() Accept-Lang: comparison [1502] bugfix; NetAcceptAst() deassign channel when connect dropped [1503] bugfix; wildcard substitution in MapUrl__Map() [1504] bugfix; StringMatch() wildcard matching [1505] bugfix; close log file for ALL services in LOGGING.C [1506] bugfix; !&M formatting directive in PROXYCACHE.C [1507] bugfix; /RELAXED should allow all but DISUSERed accounts [1508] to authenticate regardless of RESTRICTED or CAPTIVE flags [1509] 03-NOV-2001 MGD v7.2.1 [1510] PERSONA.C using PERSONA.MAR can now provide persona scripting [1511] for pre-VMS 6.2 VAX systems (CAUTION!! - UNSUPPORTED) [1512] "TASK=CGI..", "0=CGI.." recognised as DECnet CGI dialog [1513] FAB$M_TEF to deallocate unused log file space [1514] StringMatch() replaces SearchTextString() for more [1515] light-weight text matching (affects six modules) [1516] [SsiSizeMax] and [ProxyCacheNoReloadSeconds] [1517] FILE.C block I/O complete if _rsz is less than _usz [1518] 'ProxyCacheNoReloadSeconds' limits immediate (pragma) reload [1519] ensure mapping conditional not mistaken for missing template [1520] kludge work around spawning authorized privs with $CREPRC [1521] bugfix; ensure only one request revalidates a cache entry at [1522] a time (multiple could cause eventual channel exhaustion) [1523] bugfix; close current log file if period changes [1524] bugfix; DECnet user script mapping [1525] bugfix; FileNextBlocksAst() 'ContentRemaining' [1526] bugfix; wildcard substitution in MapUrl__Map() [1527] bugfix; sys$close() in OdsLoadTextFile() [1528] bugfix; always generate callout sequences [1529] bugfix; a bugfix in VMS V7.2 has broken the previously [1530] working usage of IO$_MODIFY in ProxyCacheSetLastAccessed() [1531] bugfix; activity graphic [1532] bugfix; check ParseQueryField() in WatchBegin() for NULL [1533] bugfix; allow agent to provide 'CGIPLUS:' directive [1534] bugfix; 'layout=U' upper-casing [1535] 01-JUL-2001 MGD v7.2.0 [1536] X.509 authentication and authorization [1537] RFC1413 (identfication protocol) authorization [1538] remote user to vms user (SYSUAF authorization) proxy mapping [1539] proxy cache maintainence may now be done from the CLI [1540] HTL list maintenance can now be done from the Admin Menu [1541] a fatal authorization problem now disables authorization [1542] "hh:mm:ss" allows for a more versatile period [1543] concurrent processing controls (request "throttling") [1544] improved script process run-down conditions and handling [1545] HttpdTick() drives XxxSupervisor()s [1546] control (/DO= and Admin menu) now via a global section [1547] monitor (HTTPDMON) data now supplied via a global section [1548] suppress CGI content-type "x-internal..." [1549] [IncludeFile] for all configuration files [1550] request supervisor refinements [1551] .URL file processing [1552] 01-JUL-2001 MGD v7.1.2 [1553] add selective status codes to error report path [1554] refine 'view' and 'list' redirection in UPD.C [1555] refine logging RMS characteristics (500% improvement) [1556] provide for ODS-5 "hidden" files ('^.') [1557] check network status during SSL accept [1558] EXEC of file type [1559] remove http: check from SesolaAccept() [1560] bugfix; parsing of [ServiceProxyChain] [1561] bugfix; 'RU' conditional [1562] bugfix; SCRIPT_FILENAME with CGIplus [1563] bugfix; NetThisVirtualService() and call conditions [1564] bugfix; SesolaFree() BioPtr [1565] bugfix; AuthVmsCheckUserAccess() return SS$_NOPRIV [1566] bugfix; ParseNetMask() and VSLM mask processing [1567] bugfix; sys$create_user_profile() length size from word [1568] (System Services Manual) to unsigned int (startlet.h)! [1569] bugfix; authorization network masks [1570] bugfix; directory specfication length (sys$check_access()) [1571] bugfix; HTAdminPasswordChange() call to FaoToOpcom() [1572] bugfix; AuthGenerateHashPassword() force upper-case [1573] bugfix; final status at write group/no read group check [1574] 18-JAN-2001 MGD v7.1.1 [1575] HTTPD$SCRATCH automatic script scratch file cleanup [1576] authentication agent can now '100 SET-COOKIE rfc2109-cookie' [1577] bugfix; memory leak in AUTH.C [1578] bugfix; FILE.C make a search list DNF appear as a FNF [1579] bugfix; /PROFILE empty directory passing incorrect parameter [1580] bugfix; general error reporter variable arguments [1581] bugfix; final authorization failure should specify 403 [1582] bugfix; ensure mapping rules exist for authentication agents [1583] bugfix; control cache purge arguments [1584] 17-OCT-2000 MGD v7.1.0 [1585] sys$creprc() scripting [1586] sys$persona...() scripting [1587] Run Time Environments (RTEs) [1588] server-group/cluster-wide directives (via DLM) [1589] further refined CGI.C module output handling [1590] apply authorization to SSI.C #include'd and #dir'e [1591] client socket (BGnnnn:) potentially sharable for scripts [1592] proxy cache device directory organization flat256/64x64 [1593] modify SSL initialization to better indicate "fallback" [1594] integration of WATCH peek/one-shot [1595] 03-SEP-2000 MGD v7.0.2 [1596] limit script output of ENDOFFILE [1597] if CGI response "Content-Encoding:" force stream mode [1598] bugfix; ProxyResolveHostLookup() can be called multiple [1599] during host name resolution - only allocate channel once!! [1600] bugfix; include Accept-Encoding when redirecting [1601] bugfix; ParseQueryField() string length check [1602] 09-JUL-2000 MGD v7.0.1 [1603] locking around proxy cache scans [1604] add "success=" 303 processing to PUT.C file upload [1605] improve CgiOutput() header processing (again!) [1606] correct concealed/searchlist parsing [1607] allow "302 location" redirection from authentication agent [1608] bugfix; proxy CONNECT service [1609] bugfix; HEAD requests specifying content-length [1610] bugfix; WatchCliSettings() storage [1611] 01-JUN-2000 MGD v7.0.0 [1612] support extended file specifications [1613] (ODS-5 under Alpha VMS V7.2ff) [1614] event reporting via OPCOM [1615] some "Apache" support for easing CGI script ports [1616] access log file naming refinements [1617] 18-MAR-2000 MGD v6.1.3 [1618] bugfix; authconfig processing [1619] 06-JAN-2000 MGD v6.1.2 [1620] authorization failure limit evasion period [1621] numerous warnings from DECC v6.2 addressed [1622] bugfix; user restriction list pass (broken in 6.1) [1623] 17-DEC-1999 MGD v6.1.1 [1624] bugfix; quote double-up in CgiVariable() (INSVIRMEM exit) [1625] 04-DEC-1999 MGD v6.1.0 [1626] "agent" authentication/authorization [1627] CGI(plus) processing provides callouts [1628] SSI module now supports OSU-specific directives [1629] /SYSPRV now allows operation with SYSPRV turned on [1630] "one-shot" WATCH and "peek" reports [1631] output no-progress timer [1632] remove NETLIB support [1633] 16-OCT-1999 MGD v6.0.3 [1634] bugfix; sys$create_user_profile [1635] bugfix; mapping storage overflow [1636] USER mapping rule for SYSUAF access [1637] 12-SEP-1999 MGD v6.0.2 [1638] minor changes to authorization processing [1639] bugfix; service parsing and SSL [1640] virtual services now match using "Host:" field [1641] 19-JUN-1999 MGD v6.0.1 [1642] refinements to request termination/rundown [1643] bugfix; DECnet (CGI and OSU) task handling [1644] bugfix; proxy request HTTP/0.9 response processing [1645] 30-MAY-1999 MGD v6.0.0 [1646] proxy, with HTTP caching [1647] OpenSSL 0.9.3 support (also SSLeay support) [1648] extended authorization/authentication environment [1649] 31-MAR-1999 MGD v5.3.4 [1650] bugfix; SesolaReport(), HttpHeaderChallenge() [1651] 28-MAR-1999 MGD v5.3.3 [1652] SSI variables global (when "#include"ing other SSI) [1653] SSI read buffer determined by 'FileXabFhc.xab$w_lrl' [1654] 05-FEB-1999 MGD v5.3.2 [1655] bugfix; FileNextRecord() zero '_usz' [1656] 10-JAN-1999 MGD v5.3.1 [1657] greater granularity when WATCHing authorization [1658] bugfix; OSU scripting pass *mapped* file spec [1659] 14-NOV-1998 MGD v5.3.0 [1660] [[host:port]] virtual service syntax [1661] [AddType] can now "text/html; charset=ISO-8859-1" [1662] [CharsetDefault] sets text and server character set [1663] improved AST granularity several significant modules [1664] WATCH report and CLI [1665] RMS-invalid substitution character in mapping rules [1666] bugfix; NameOfDirectoryFile() [1667] 29-AUG-1998 MGD v5.2.0 [1668] reuse DECnet task connections [1669] allow specified hosts exclusion from logging [1670] stream-LF conversion only on specified paths [1671] bugfix; SYS$TIMEZONE_DIFFERENTIAL processing [1672] bugfix; DECnet tasks not aborted at timeout [1673] 07-JUL-1998 MGD v5.1.0 [1674] add eXtended Server Side Includes processing [1675] design-problem; modify CGIplus script rundown [1676] SYSUAF authentication by identifier [1677] per-service logging [1678] rqptr->rqTmr.Terminated (occasional lib$get_vm() [1679] %LIB-F-BADLOADR around connection expiry termination) [1680] 20-DEC-1997 MGD v5.0.0 [1681] optional Secure Sockets Layer (using SSLeay) [1682] DECnet-based scripting including OSU emulation [1683] miscellaneous revisions and "improvements" [1684] 07-JAN-1997 MGD v4.5.2 [1685] bugfix; record-mode file transfer [1686] bugfix; activity graph [1687] 06-DEC-1997 MGD v4.5.1 [1688] resolving a suspected inconsistent AST delivery situation [1689] by requiring all $QIO()s with AST routines to ensure any [1690] queueing errors etc. are reported via the AST routine by [1691] an explicit $DCLAST() ... this removes ambiguity about how [1692] $QIO() returns should be handled ... drastic but desperate [1693] times, etc. (a more consistent and desirable model anyway :^) [1694] 02-NOV-1997 MGD v4.5.0 [1695] file cache [1696] logging periods [1697] HttpdSupervisor() [1698] configurable script run-time environments [1699] additional request header fields [1700] 18-OCT-1997 MGD v4.4.1 [1701] bugfix; duration [1702] bugfix; logging period [1703] 01-OCT-1997 MGD v4.4.0 [1704] message module [1705] conditional rule mapping [1706] SYSUAF-authenticated user access control [1707] multi-homed/multi-port services [1708] (some NETLIB packages now cannot DNS lookup) [1709] echo and Xray internal scripts [1710] extensions to logging functionality [1711] additional command-line server control [1712] bugfix; redirection loop detection [1713] 01-AUG-1997 MGD v4.3.0 [1714] MadGoat NETLIB broadens TCP/IP package support [1715] server activity report [1716] 16-JUL-1997 MGD v4.2.2 [1717] bugfix; WORLD realm and access list [1718] 07-JUL-1997 MGD v4.2.1 [1719] minimum heap allocation chunk size [1720] prevent keep-alive timeout redefining request logical [1721] 01-JUL-1997 MGD v4.2.0 [1722] change name to WASD (Wide Area Surveillance Division) [1723] persistent DCL subprocesses and CGIplus [1724] (see re-written DCL.C module) [1725] scripting and client reports [1726] potential multi-thread problems in reports fixed [1727] 27-MAR-1997 MGD v4.1.0 [1728] rationalized HTTP response header generation [1729] delete on close for "temporary" files to support [1730] UPD module "preview" functionality ... WARNING, any [1731] file with a name comprising a leading hyphen [1732] sixteen digits and a trailing hyphen will be deleted! [1733] 01-FEB-1997 MGD v4.0.0 [1734] HTTPd version 4 [1735] 01-OCT-1996 MGD v3.4.0 [1736] extended server reporting [1737] 01-AUG-1996 MGD v3.3.0 [1738] realm/path-based authorization [1739] BASIC and DIGEST authentication [1740] PUT(/POST/DELETE) module [1741] StmLf module (variable to stream-LF file conversion) [1742] 12-APR-1996 MGD v3.2.0 [1743] file record/binary now determined by record format [1744] persistent connections ("Keep-Alive" within HTTP/1.0) [1745] moved RMS parse structures into thread data [1746] improved local redirection detection [1747] observed Multinet disconnection/zero-byte behaviour [1748] (request now aborts if network read returns zero bytes) [1749] 15-FEB-1996 MGD v3.1.1 [1750] fixed rediculous :^( bug in 302 HTTP header [1751] minor changes to request accounting and server report [1752] minor changes for user directory support [1753] minor changes to error reporting [1754] 03-JAN-1996 MGD v3.1.0 [1755] support for both DEC TCP/IP Services and TGV MultiNet [1756] 01-DEC-1995 MGD v3.0.0 [1757] single heap for each thread's dynamic memory management [1758] extensive rework of DCL subprocess functionality [1759] HTML pre-processsing module (aka Server Side Includes) [1760] NCSA/CERN compliant image-mapping module [1761] NetWriteBuffered() for improving network IO [1762] miscellaneous reworks/rewrites [1763] 27-SEP-1995 MGD v2.3.0 [1764] carriage-control on non-header records from [1765] to single ('\n' ... newline), some browsers expect [1766] only this (e.g. Netscape 1.n was spitting on X-bitmaps) [1767] added Greenwich Mean Time time-stamp functionality [1768] added 'Referer:', 'If-Modified-Since:', 'User-Agent:' [1769] 07-AUG-1995 MGD v2.2.2 [1770] optionally include commented VMS file specifications [1771] in HTML documents and VMS-style directory listings [1772] 16-JUN-1995 MGD v2.2.1 [1773] added file type description to "Index of" (directory) [1774] 24-MAY-1995 MGD v2.2.0 [1775] minor changes to allow compilation on AXP platform [1776] 03-APR-1995 MGD v2.1.0 [1777] add SYSUAF authentication, POST method handling [1778] 20-DEC-1994 MGD v2.0.0 [1779] multi-threaded version [1780] 20-JUN-1994 MGD v1.0.0 [1781] single-threaded version [1782] */ [1783] /*****************************************************************************/ [1784] [1785] #ifndef VERSION_H_LOADED [1786] #define VERSION_H_LOADED 1 [1787] [1788] /* five characters or less */ [1789] #define HTTPD_NAME "WASD" [1790] #define HTTPD_SOFTWAREID_NAME "HTTPd-WASD" [1791] [1792] /* keep HTTPD_GBLSEC_VERSION in step with this version (as necessary) */ [1793] #define HTTPD_VERSION "11.5.1" [1794] [1795] /* used to name and to detect changes in global section data structures */ [1796] #define ACTIVITY_GBLSEC_VERSION_NUMBER 0x110000 /* i.e. 11.00.00 */ [1797] #define AUTH_GBLSEC_VERSION_NUMBER 0x110000 [1798] #define AUTH_TOKEN_GBLSEC_VERSION_NUMBER 0x110000 [1799] #define HTTPD_GBLSEC_VERSION_NUMBER 0x110000 [1800] #define SESOLA_GBLSEC_VERSION_NUMBER 0x110000 [1801] #define PROXYVERIFY_GBLSEC_VERSION_NUMBER 0x110000 [1802] [1803] /* used as part of the the "instance" lock names, allowed range 1..15 */ [1804] #define HTTPD_LOCK_VERSION 1 [1805] [1806] VersionInfo(); [1807] [1808] #endif /* VERSION_H_LOADED */ [1809] [1810] /*****************************************************************************/