Attachment #2179 for bug #6935

View | Details | Raw Unified | Return to bug 6935
Collapse All | Expand All




*** /dev/null	Tue Feb  6 11:05:04 1996
--- WWW/README-CACHE_CHECK_SIZE	Tue Feb  6 13:27:32 1996
***************
*** 0 ****
--- 1,11 ----
+ Patch to avoid serving truncated files from the cache.
+ 
+ Apply the patch, modify WWW/All/<model>/Makefile.include (for your model
+ system) and add '-DCACHE_CHECK_SIZE' to CFLAGS.
+ 
+ With the patch, the server checks the size of a file in the cache before
+ returning it to the user; if the size is incorrect, the server will
+ refresh the file in the cache.
+ 
+ -- 
+ -- 19960205, Gertjan van Oosten, gertjan@West.NL, West Consulting bv
*** WWW/Daemon/Implementation/HTCache.c.orig	Fri Aug 12 12:36:11 1994
--- WWW/Daemon/Implementation/HTCache.c	Mon Feb  5 14:02:11 1996
***************
*** 382,387 ****
--- 382,437 ----
  }
  
  
+ #ifdef CACHE_CHECK_SIZE
+ /*
+ **	Check whether cache file has correct size
+ **
+ ** On exit:
+ **	return YES
+ **		if size is good
+ **	return NO
+ **		if size is too small or too large
+ **
+ */
+ PRIVATE BOOL cache_check_size ARGS2(char *, cfn,
+                                     struct stat *, stat_info)
+ {
+     char buf[BUF_SIZE+2];
+     FILE *cf;
+     long cl = 0, pos, size, actual;
+ 
+     if (!cfn)
+ 	return NO;
+ 
+     cf = fopen(cfn, "r");
+     if (!cf)
+ 	return NO;
+ 
+     while (fgets(buf, sizeof(buf), cf)) {
+ 	if (!buf[0]
+ 	    || (buf[0] == '\n' && !buf[1])
+ 	    || (buf[0] == '\r' && buf[1] == '\n' && !buf[2]))
+ 	    break;
+ 
+         if (!strncasecomp(buf, "content-length:", 15))
+ 	    sscanf(buf+15, "%ld", &cl);
+     }
+     pos = ftell(cf);
+     fclose(cf);
+ 
+     size = stat_info->st_size;
+ 
+     actual = size - pos;
+     if (TRACE) {
+ 	fprintf(stderr,"Cache....... checking \"%s\": content-length %ld =?= %ld\n",
+ 		cfn,cl,actual);
+     }
+ 
+     return (cl == actual ? YES : NO);
+ }
+ #endif /* CACHE_CHECK_SIZE */
+ 
+ 
  PRIVATE BOOL do_caching ARGS1(char *, url)
  {
      HTList * cur = cc.no_caching;
***************
*** 460,465 ****
--- 510,518 ----
  				      time_t *,	expires)
  {
      struct stat stat_info;
+ #ifdef CACHE_CHECK_SIZE
+     BOOL size_ok;
+ #endif
  
      if (!url || !cfn || !cf || !if_ms) return CACHE_NO;
      *cfn = NULL;
***************
*** 497,503 ****
--- 550,563 ----
  	    }
  
  	    success = HTCacheInfo_for(*cfn, &ld, &lc, &ex, &mu, &lm);
+ #ifdef CACHE_CHECK_SIZE
+ 	    /* Check whether file in cache has correct size */
+ 	    size_ok = cache_check_size(*cfn, &stat_info);
+ #endif
  	    if (!success				  /* no entry */
+ #ifdef CACHE_CHECK_SIZE
+ 		|| !size_ok				  /* wrong size */
+ #endif
  		|| ex - cc.cache_time_margin <= cur_time  /* expired */
  		|| cur_time - lc >= refresh_interval	  /* time to refresh */
  		|| in.no_cache_pragma) {		  /* override cache */
***************
*** 507,512 ****
--- 567,576 ----
  		if (TRACE) {
  		    if (!success)
  			fprintf(stderr, "NoEntry..... %s -- expiring\n",*cfn);
+ #ifdef CACHE_CHECK_SIZE
+ 		    else if (!size_ok)
+ 			fprintf(stderr, "Truncated...... %s -- refresh\n",*cfn);
+ #endif
  		    else if (in.no_cache_pragma)
  			fprintf(stderr, "Forced...... refresh of %s\n",*cfn);
  		    else if (ex - cc.cache_time_margin <= cur_time)
***************
*** 527,533 ****
--- 591,601 ----
  		if (cc.cache_no_connect) {
  		    CTRACE(stderr, "Standalone.. caching mode but expired\n");
  		    cache_hit = YES;
+ #ifdef CACHE_CHECK_SIZE
+ 		    return size_ok ? CACHE_IF_MODIFIED : CACHE_CREATE;
+ #else
  		    return CACHE_IF_MODIFIED;
+ #endif
  		}
  
  		if (!(*cf = do_lock(*cfn))) {
***************
*** 550,556 ****
--- 618,628 ----
  		CTRACE(stderr,"IfModSince.. time: %s", ctime(if_ms));
  
  		free(backup);
+ #ifdef CACHE_CHECK_SIZE
+ 		return size_ok ? CACHE_IF_MODIFIED : CACHE_CREATE;
+ #else
  		return CACHE_IF_MODIFIED;
+ #endif
  	    }
  	    else {
  		CTRACE(stderr, "Cache....... not expired %s\n", *cfn);




*** /dev/null	Tue Feb  6 11:05:04 1996
--- WWW/README-CACHEDIRS	Tue Feb  6 13:03:37 1996
***************
*** 0 ****
--- 1,12 ----
+ Patch to translate directory names in the cache from e.g.
+   /www-cache/http/www.some.where.org/
+ to
+   /www-cache/http/org/where/some/www/
+ 
+ Note that this can lead to unexpected problems, when you have two URLs
+ like <URL:http://some.where.org/www/> and <URL:http://www.some.where.org/>.
+ [This does happen, e.g. many sites out there have "some.where.org" and
+ "www.some.where.org" point to the same machine.]
+ 
+ --
+ -- 19950915, Gertjan van Oosten, gertjan@West.NL, West Consulting B.V.
*** WWW/Daemon/Implementation/HTCache.c.orig	Fri Aug 12 12:36:11 1994
--- WWW/Daemon/Implementation/HTCache.c	Fri Sep 15 16:25:33 1995
***************
*** 5,16 ****
--- 5,19 ----
  ** AUTHORS:
  **	AL	Ari Luotonen	luotonen@dxcern.cern.ch
  **	FM	Fote Macrides	macrides@sci.wfeb.edu
+ **	GJ	Gertjan van Oosten	gertjan@West.NL
  **
  ** HISTORY:
  **	31 Jan 94  AL	Written from scratch on a *very* beautiful
  **			Sunday afternoon -- seems like the spring
  **			is already coming, yippee!
  **	 8 Jul 94  FM	Insulate free() from _free structure element.
+ **	15 Sep 95  GJ	Translate host names in cache to (reversed)
+ **			directories.
  **
  ** BUGS:
  **
***************
*** 243,248 ****
--- 246,252 ----
  {
      char * access = NULL;
      char * host = NULL;
+     char * revhost = NULL;
      char * path = NULL;
      char * cfn = NULL;
      BOOL welcome = NO;
***************
*** 274,291 ****
  	    *cur = TOLOWER(*cur);
  	    cur++;
  	}
      }
  
      cfn = (char*)malloc(strlen(cc.cache_root) +
  			strlen(access) +
! 			(host ? strlen(host) : 0) +
  			(path ? strlen(path) : 0) +
  			(welcome ? strlen(WELCOME_FILE) : 0) + 3);
      if (!cfn) outofmem(__FILE__, "cache_file_name");
!     sprintf(cfn, "%s/%s/%s%s%s", cc.cache_root, access, host, path,
  	    (welcome ? WELCOME_FILE : ""));
  
!     FREE(access); FREE(host); FREE(path);
  
      /*
      ** This checks that the last component is not too long.
--- 278,310 ----
  	    *cur = TOLOWER(*cur);
  	    cur++;
  	}
+ 	/*
+ 	** Now transform host name from "www.some.where.org"
+ 	** to "org/where/some/www".
+ 	** [For nameless hosts, you'd want the IP address
+ 	** translated from "10.127.7.254" to "10/127/7/254",
+ 	** but that is left as an exercise.]
+ 	*/
+ 	revhost = malloc(strlen(host)+1);
+ 	revhost[0] = '\0';
+ 	while (cur = strrchr(host, '.')) {
+ 	    strcat(revhost, cur+1);
+ 	    strcat(revhost, "/");
+ 	    *cur = '\0';
+ 	}
+ 	strcat(revhost, host);
      }
  
      cfn = (char*)malloc(strlen(cc.cache_root) +
  			strlen(access) +
! 			(revhost ? strlen(revhost) : 0) +
  			(path ? strlen(path) : 0) +
  			(welcome ? strlen(WELCOME_FILE) : 0) + 3);
      if (!cfn) outofmem(__FILE__, "cache_file_name");
!     sprintf(cfn, "%s/%s/%s%s%s", cc.cache_root, access, revhost, path,
  	    (welcome ? WELCOME_FILE : ""));
  
!     FREE(access); FREE(host); FREE(revhost); FREE(path);
  
      /*
      ** This checks that the last component is not too long.




*** /dev/null	Tue Feb  6 11:05:04 1996
--- WWW/README-DENYACCESS	Tue Feb  6 13:11:03 1996
***************
*** 0 ****
--- 1,28 ----
+ Patch to allow denial of IP addresses or domain names in a protection
+ mask.
+ 
+ With the patch, you can now specify patterns as:
+ 
+ Protection HEY-INTEL-NO-SECURITY-HOLES {
+ 	Mask		@(*.*.*.*, !132.233.*.*, !143.183.*.*, !137.46.*.*)
+ }
+ Protect	/*		HEY-INTEL-NO-SECURITY-HOLES
+ 
+ The comment from the patch is:
+ 
+ **	 9 Aug 95  GJ	Modified ip_in_def_list() to allow exclusions;
+ **			patterns can now be e.g.
+ **				@(*.*.*.*, !192.43.210.*)
+ **			which means: allow anyone in except West.NL;
+ **			the strange order of the patterns is because the
+ **			access list is built back to front, so be careful
+ **			to put the most restrictive patterns at the end!
+ **			The old patterns still work, of course, so
+ **				@(192.43.210.*)
+ **			would allow only West.NL, just as
+ **				@(!*.*.*.*, 192.43.210.*)
+ **			does (remember that this is matched back-to-front
+ **			by the server).
+ 
+ --
+ -- 19950809, Gertjan van Oosten, gertjan@west.nl, West Consulting B.V.
*** WWW/Daemon/Implementation/HTGroup.c.orig	Wed May  4 21:03:24 1994
--- WWW/Daemon/Implementation/HTGroup.c	Wed Aug  9 10:55:57 1995
***************
*** 8,18 ****
--- 8,37 ----
  **
  ** AUTHORS:
  **	AL	Ari Luotonen	luotonen@dxcern.cern.ch
+ **	GJ	Gertjan van Oosten	gertjan@West.NL
  **
  ** HISTORY:
+ **	 9 Aug 95  GJ	Modified ip_in_def_list() to allow exclusions;
+ **			patterns can now be e.g.
+ **				@(*.*.*.*, !192.43.210.*)
+ **			which means: allow anyone in except West.NL;
+ **			the strange order of the patterns is because the
+ **			access list is built back to front, so be careful
+ **			to put the most restrictive patterns at the end!
+ **			The old patterns still work, of course, so
+ **				@(192.43.210.*)
+ **			would allow only West.NL, just as
+ **				@(!*.*.*.*, 192.43.210.*)
+ **			does (remember that this is matched back-to-front
+ **			by the server).
  **
  **
  ** BUGS:
+ **	GJ	The modifications in ip_in_def_list() do not treat the
+ **		HTPattern as an abstract datatype; it is probably best
+ **		to encapsulate these manipulations in a few extra routines
+ **		in HTWild.c, but I can't be bothered.
+ **		A five-minute hack is a five-minute hack...
  **
  **
  **
***************
*** 581,590 ****
  	    /* Value of ref->translation is ignored, i.e. */
  	    /* no recursion for ip address tamplates.	  */
  	    HTPattern * pat = HTPattern_new(ref->name);
! 	    BOOL flag = HTIpMaskMatch(pat, ip_number, ip_name);
  	    HTPattern_free(pat);
  	    if (flag)
! 		return YES;
  	}
      }
      return NO;
--- 600,615 ----
  	    /* Value of ref->translation is ignored, i.e. */
  	    /* no recursion for ip address tamplates.	  */
  	    HTPattern * pat = HTPattern_new(ref->name);
! 	    BOOL negate = (*(pat->text)=='!');	/* "!bla.bla.bla.bla" ? */
! 	    BOOL flag;
! 	    if (negate)
! 	        pat->text++;			/* Skip '!' */
! 	    flag = HTIpMaskMatch(pat, ip_number, ip_name);
! 	    if (negate)
! 	        pat->text--;			/* Back to '!' */
  	    HTPattern_free(pat);
  	    if (flag)
! 		return negate ? NO : YES;
  	}
      }
      return NO;




*** Library/Implementation/HTParse.c	Sun Sep 25 14:53:34 1994
--- Library/Implementation/HTParse.c.patch	Wed Nov  9 10:42:15 1994
***************
*** 350,360 ****
  	path = filename;
      if (*path == '/' && *(path+1)=='/') {	  /* Some URLs start //<foo> */
  	path += 1;
!     } else if (!strncmp(path, "news:", 5)) {	    /* Make group lower case */
! 	char *group = path+5;
! 	while (*group && *group!='@' && *group!='/') {
! 	    *group = TOLOWER(*group);
! 	    group++;
  	}
  	if (URI_TRACE)
  	    fprintf(stderr, "into\n............ `%s'\n", filename);
--- 322,333 ----
  	path = filename;
      if (*path == '/' && *(path+1)=='/') {	  /* Some URLs start //<foo> */
  	path += 1;
!     } else if (!strncmp(path, "news:", 5)) {
! 	char *ptr = strchr(path+5, '@');
! 	if (!ptr) ptr = path+5;
! 	while (*ptr) {			    /* Make group or host lower case */
! 	    *ptr = TOLOWER(*ptr);
! 	    ptr++;
  	}
  	if (URI_TRACE)
  	    fprintf(stderr, "into\n............ `%s'\n", filename);




*** /dev/null	Mon Apr 15 09:53:26 1996
--- WWW/README-HTTPS	Mon Apr 15 10:11:26 1996
***************
*** 0 ****
--- 1,45 ----
+ Patch to enable SSL support, i.e. serving documents via 'https://' URLs.
+ I built this using CERN httpd 3.0 with Library 2.17 and SSLeay-0.5.1b.
+ For further information on CERN httpd see:
+ 
+ 	http://www.w3.org/pub/WWW/Daemon/
+ 
+ For further information on SSLeay see:
+ 
+ 	http://www.psy.uq.oz.au/~ftp/Crypto/
+ 	ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/
+ 	ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/
+ 
+ REMEMBER: export and/or import of crypto software or crypto hooks is
+ illegal in many parts of the world.
+ 
+ Apply the patch, modify WWW/All/<model>/Makefile.include (for your model
+ system) and add '-DUSE_SSL -I/usr/local/ssl/include' to CFLAGS
+ and '-L/usr/local/ssl/lib -lssl -lcrypto' to LDFLAGS (fill in the
+ correct paths to your SSL include files and libraries).
+ 
+ Add the following lines to your httpd.conf:
+  
+ Port			443
+ UseSSL			Yes
+ SSLRSAPrivateKeyFile	/usr/local/ssl/certs/httpsd.pem
+ SSLCertificateFile	/usr/local/ssl/certs/httpsd.pem
+ 
+ If you don't have UseSSL set, or have UseSSL set to No, it won't use SSL.
+ 
+ If you don't specify SSLRSAPrivateKeyFile or SSLCertificateFile, it will
+ use the default files (specific to your installation of SSL, the paths
+ given in the example are from the default installation of SSLeay).
+ 
+ Important note: don't use a pass phrase to encrypt your keys, or the
+                 daemon won't be able to read them!
+ 
+ Run 'make certificate' to generate a self-signed certificate for testing
+ purposes (set SSLTOP to the installation directory of SSLeay).
+ 
+ For more general remarks on SSLified applications, see:
+ 
+ 	ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/README.apps
+ 
+ -- 
+ -- 19960410, Gertjan van Oosten, gertjan@West.NL, West Consulting B.V.
*** WWW/Makefile.orig	Sat Jun 11 13:52:14 1994
--- WWW/Makefile	Mon Apr 15 10:13:51 1996
***************
*** 24,26 ****
--- 24,38 ----
  	rm -f Daemon/[a-z0-9]*/cgiparse
  	rm -f Daemon/[a-z0-9]*/cgiutils
  
+ #
+ # Target for generating a self-signed test certificate for the SSLified
+ # version of httpd (see README-HTTPS).
+ #
+ SSLTOP=/usr/local/ssl
+ certificate:
+ 	(\
+ 	cd $(SSLTOP)/certs; \
+ 	req -new -x509 -nodes -out httpsd.pem -keyout httpsd.pem; \
+ 	ln -s httpsd.pem `x509 -noout -hash < httpsd.pem`.0 ;\
+ 	chmod 644 $(SSLTOP)/certs/httpsd.pem; \
+ 	)
*** WWW/Library/Implementation/HTFormat.h.orig	Sun Sep 25 15:15:26 1994
--- WWW/Library/Implementation/HTFormat.h	Wed Apr 10 17:25:38 1996
***************
*** 61,66 ****
--- 61,67 ----
          char * input_pointer;
          char * input_limit;
          int input_file_number;
+         void *  ssl_con;
          BOOL    s_do_buffering;
          char *  s_buffer;
          int     s_buffer_size;
*** WWW/Library/Implementation/HTFormat.c.orig	Thu Sep 29 14:24:15 1994
--- WWW/Library/Implementation/HTFormat.c	Wed Apr 10 17:25:39 1996
***************
*** 51,56 ****
--- 51,59 ----
  #include "HTGuess.h"
  #include "HTError.h"
  
+ #ifdef USE_SSL
+ #include <ssl.h>
+ #endif /* USE_SSL */
  
  PUBLIC	BOOL HTOutputSource = NO;	/* Flag: shortcut parser to stdout */
  
***************
*** 474,480 ****
      int ch;
      do {
  	if (isoc-> input_pointer >= isoc->input_limit) {
! 	    int status = NETREAD(
  		   isoc->input_file_number,
  		   isoc->input_buffer, INPUT_BUFFER_SIZE);
  	    if (status <= 0) {
--- 477,491 ----
      int ch;
      do {
  	if (isoc-> input_pointer >= isoc->input_limit) {
! 	    int status =
! #ifdef USE_SSL
! 	        (isoc->ssl_con != NULL) ?
! 	        SSL_read(
! 		   isoc->ssl_con,
! 		   isoc->input_buffer, INPUT_BUFFER_SIZE)
! 		:
! #endif /* USE_SSL */
! 	        NETREAD(
  		   isoc->input_file_number,
  		   isoc->input_buffer, INPUT_BUFFER_SIZE);
  	    if (status <= 0) {
***************
*** 507,513 ****
  					   int *,		len)
  {
      if (isoc->input_pointer >= isoc->input_limit) {
! 	int status = NETREAD(isoc->input_file_number,
  			     isoc->input_buffer,
  			     ((*len < INPUT_BUFFER_SIZE) ?
  			      *len : INPUT_BUFFER_SIZE));
--- 518,533 ----
  					   int *,		len)
  {
      if (isoc->input_pointer >= isoc->input_limit) {
! 	int status =
! #ifdef USE_SSL
! 	    (isoc->ssl_con != NULL) ?
! 	    SSL_read(isoc->ssl_con,
! 			     isoc->input_buffer,
! 			     ((*len < INPUT_BUFFER_SIZE) ?
! 			      *len : INPUT_BUFFER_SIZE))
! 	    :
! #endif /* USE_SSL */
! 	    NETREAD(isoc->input_file_number,
  			     isoc->input_buffer,
  			     ((*len < INPUT_BUFFER_SIZE) ?
  			      *len : INPUT_BUFFER_SIZE));
***************
*** 538,544 ****
  	int status;
  
  	isoc->input_pointer = isoc->input_buffer;
! 	status = NETREAD(isoc->input_file_number,
  			 isoc->input_buffer,
  			 INPUT_BUFFER_SIZE);
  	if (status <= 0) {
--- 558,572 ----
  	int status;
  
  	isoc->input_pointer = isoc->input_buffer;
! 	status =
! #ifdef USE_SSL
! 	    (isoc->ssl_con != NULL) ?
! 	    SSL_read(isoc->ssl_con,
! 			 isoc->input_buffer,
! 			 INPUT_BUFFER_SIZE)
! 	    :
! #endif /* USE_SSL */
! 	    NETREAD(isoc->input_file_number,
  			 isoc->input_buffer,
  			 INPUT_BUFFER_SIZE);
  	if (status <= 0) {
*** WWW/Library/Implementation/HTWriter.h.orig	Sun Sep 25 15:15:20 1994
--- WWW/Library/Implementation/HTWriter.h	Wed Apr 10 17:25:41 1996
***************
*** 17,26 ****
  
  #include "HTStream.h"
  
! extern HTStream * HTWriter_new PARAMS((int soc));
! extern HTStream * HTWriter_newNoClose PARAMS((int soc));
  
! extern HTStream * HTASCIIWriter PARAMS((int soc));
  
  #endif
  
--- 17,26 ----
  
  #include "HTStream.h"
  
! extern HTStream * HTWriter_new PARAMS((int soc, void *ssl_con));
! extern HTStream * HTWriter_newNoClose PARAMS((int soc, void *ssl_con));
  
! extern HTStream * HTASCIIWriter PARAMS((int soc, void *ssl_con));
  
  #endif
  
*** WWW/Library/Implementation/HTWriter.c.orig	Sun Sep 25 14:53:45 1994
--- WWW/Library/Implementation/HTWriter.c	Wed Apr 10 17:25:40 1996
***************
*** 9,14 ****
--- 9,18 ----
  #include "HTUtils.h"
  #include "tcp.h"
  
+ #ifdef USE_SSL
+ #include <ssl.h>
+ #endif /* USE_SSL */
+ 
  /*		HTML Object
  **		-----------
  */
***************
*** 17,22 ****
--- 21,27 ----
  	CONST HTStreamClass *	isa;
  
  	int	soc;
+ 	void	*ssl_con;
  	char	*write_pointer;
  	char 	buffer[BUFFER_SIZE];
  	BOOL	leave_open;
***************
*** 48,54 ****
  	status = NETWRITE(me->soc, me->buffer,  /* Put timeout? @@@ */
  			write_pointer - read_pointer);
  #endif /* OLD_CODE */
! 	status = NETWRITE(me->soc, read_pointer, write_pointer - read_pointer);
  	if (status<0) {
  	    if(TRACE) fprintf(stderr,
  	    "HTWrite: Error: write() on socket returns %d !!!\n", status);
--- 53,65 ----
  	status = NETWRITE(me->soc, me->buffer,  /* Put timeout? @@@ */
  			write_pointer - read_pointer);
  #endif /* OLD_CODE */
! 	status =
! #ifdef USE_SSL
! 	    (me->ssl_con != NULL) ?
! 	    SSL_write(me->ssl_con, read_pointer, write_pointer - read_pointer)
! 	    :
! #endif /* USE_SSL */
! 	    NETWRITE(me->soc, read_pointer, write_pointer - read_pointer);
  	if (status<0) {
  	    if(TRACE) fprintf(stderr,
  	    "HTWrite: Error: write() on socket returns %d !!!\n", status);
***************
*** 110,116 ****
      }
  #endif
      while (read_pointer < write_pointer) {
!         int status = NETWRITE(me->soc, read_pointer,
  			write_pointer - read_pointer);
  	if (status<0) {
  	    if(TRACE) fprintf(stderr,
--- 121,134 ----
      }
  #endif
      while (read_pointer < write_pointer) {
!         int status =
! #ifdef USE_SSL
! 	    (me->ssl_con != NULL) ?
! 	    SSL_write(me->ssl_con, read_pointer,
! 			write_pointer - read_pointer)
! 	    :
! #endif /* USE_SSL */
! 	    NETWRITE(me->soc, read_pointer,
  			write_pointer - read_pointer);
  	if (status<0) {
  	    if(TRACE) fprintf(stderr,
***************
*** 161,167 ****
  **	-------------------------
  */
  
! PUBLIC HTStream* HTWriter_new ARGS1(int, soc)
  {
      HTStream* me = (HTStream*)calloc(1,sizeof(*me));
      if (me == NULL) outofmem(__FILE__, "HTML_new");
--- 179,185 ----
  **	-------------------------
  */
  
! PUBLIC HTStream* HTWriter_new ARGS2(int, soc, void *, ssl_con)
  {
      HTStream* me = (HTStream*)calloc(1,sizeof(*me));
      if (me == NULL) outofmem(__FILE__, "HTML_new");
***************
*** 171,183 ****
      me->make_ascii = NO;
  #endif    
      me->soc = soc;
      me->write_pointer = me->buffer;
      return me;
  }
  
! PUBLIC HTStream* HTWriter_newNoClose ARGS1(int, soc)
  {
!     HTStream * me = HTWriter_new(soc);
      if (me) me->leave_open = YES;
      return me;
  }
--- 189,202 ----
      me->make_ascii = NO;
  #endif    
      me->soc = soc;
+     me->ssl_con = ssl_con;
      me->write_pointer = me->buffer;
      return me;
  }
  
! PUBLIC HTStream* HTWriter_newNoClose ARGS2(int, soc, void *, ssl_con)
  {
!     HTStream * me = HTWriter_new(soc, ssl_con);
      if (me) me->leave_open = YES;
      return me;
  }
***************
*** 187,193 ****
  **	-------------------------
  */
  
! PUBLIC HTStream* HTASCIIWriter ARGS1(int, soc)
  {
      HTStream* me = (HTStream*)calloc(1,sizeof(*me));
      if (me == NULL) outofmem(__FILE__, "HTML_new");
--- 206,212 ----
  **	-------------------------
  */
  
! PUBLIC HTStream* HTASCIIWriter ARGS2(int, soc, void *, ssl_con)
  {
      HTStream* me = (HTStream*)calloc(1,sizeof(*me));
      if (me == NULL) outofmem(__FILE__, "HTML_new");
***************
*** 197,202 ****
--- 216,222 ----
      me->make_ascii = YES;
  #endif    
      me->soc = soc;
+     me->ssl_con = ssl_con;
      me->write_pointer = me->buffer;
      return me;
  }
*** WWW/Daemon/Implementation/HTConfig.h.orig	Sun Sep 25 14:55:28 1994
--- WWW/Daemon/Implementation/HTConfig.h	Wed Apr 10 17:17:09 1996
***************
*** 45,50 ****
--- 45,53 ----
      char *	hostname;		/* Used for CGI scripts		*/
      HTServType	server_type;		/* Standalone or inetd		*/
      int		port;			/* Default port number string	*/
+     BOOL	use_ssl;		/* Am I an https server?	*/
+     char *	ssl_key_file;		/* RSA private key file		*/
+     char *	ssl_cert_file;		/* Certificate file		*/
      BOOL	no_bg;			/* Don't auto-go background	*/
      BOOL	standalone;		/* Am I standalone?		*/
      char *	server_root;		/* Server's "home directory"	*/
*** WWW/Daemon/Implementation/HTConfig.c.orig	Mon Sep 26 15:22:52 1994
--- WWW/Daemon/Implementation/HTConfig.c	Wed Apr 10 17:17:09 1996
***************
*** 115,120 ****
--- 115,123 ----
      sc.output_timeout = DEFAULT_OUTPUT_TIMEOUT;
      sc.script_timeout = DEFAULT_SCRIPT_TIMEOUT;
      sc.do_accept_hack = YES;
+     sc.use_ssl = NO;
+     sc.ssl_key_file = NULL;
+     sc.ssl_cert_file = NULL;
      sc.disabled[ (int)METHOD_PUT ] = YES;
      sc.disabled[ (int)METHOD_DELETE ] = YES;
      sc.disabled[ (int)METHOD_CHECKIN ] = YES;
***************
*** 1819,1824 ****
--- 1822,1839 ----
  		}
  	    }
  
+ #ifdef USE_SSL
+ 	} else if (!strcmp(vec[0], "usessl")) {
+ 	    sc.use_ssl = positive(vec[1]);
+ 	    CTRACE(stderr,"SSL......... %sabled\n",
+ 		   sc.use_ssl ? "en" : "dis");
+ 	} else if (!strcmp(vec[0], "sslrsaprivatekeyfile")) {
+ 	    sc.ssl_key_file = tilde_to_home(vec[1]);
+ 	    CTRACE(stderr, "SSLKeyFile.. %s\n", sc.ssl_key_file);
+ 	} else if (!strcmp(vec[0], "sslcertificatefile")) {
+ 	    sc.ssl_cert_file = tilde_to_home(vec[1]);
+ 	    CTRACE(stderr, "SSLCertFile. %s\n", sc.ssl_cert_file);
+ #endif /* USE_SSL */
  	} else if (!strncmp(vec[0],"pidfile",7)) {
  	    sc.pid_file = tilde_to_home(vec[1]);
  	    CTRACE(stderr, "PidFile..... %s\n", sc.pid_file);
*** WWW/Daemon/Implementation/HTDaemon.c.orig	Mon Sep 26 15:23:00 1994
--- WWW/Daemon/Implementation/HTDaemon.c	Wed Apr 10 17:17:11 1996
***************
*** 193,198 ****
--- 193,202 ----
  #endif
  
  
+ #ifdef USE_SSL
+ #include <ssl.h>
+ #endif /* USE_SSL */
+ 
  
  #ifdef VMS
  #define gc()
***************
*** 228,233 ****
--- 232,243 ----
  #endif /* FORKING */
  PRIVATE int script_pid = 0;
  
+ #ifdef USE_SSL
+ SSL_CTX	*ssl_ctx;
+ char	ssl_file_path[1024];
+ #endif /* USE_SSL */
+ void	*ssl_con;
+ 
  /*      Program-Global Variables
  **      ------------------------
  */
***************
*** 1559,1564 ****
--- 1569,1575 ----
      reset_server_env();
  
      isoc = HTInputSocket_new(soc);
+     isoc->ssl_con = ssl_con;
  
      input_timeout_on();
      req = HTParseRequest(isoc);
***************
*** 1571,1577 ****
  
      HTSoc = soc;
      req->isoc = isoc;
!     req->output_stream = HTWriter_newNoClose(soc);
  
      if (req->method == METHOD_INVALID) {
          if (HTReqLine) {
--- 1582,1588 ----
  
      HTSoc = soc;
      req->isoc = isoc;
!     req->output_stream = HTWriter_newNoClose(soc, isoc->ssl_con);
  
      if (req->method == METHOD_INVALID) {
          if (HTReqLine) {
***************
*** 2183,2188 ****
--- 2194,2243 ----
                  CTRACE(stderr, "Child....... I'%s\n",
                         do_gc ? "ll do gc upon exit" : "m alive");
  
+ #ifdef USE_SSL
+ 		if (sc.use_ssl) {
+ 		    SSL_set_fd(ssl_con, com_soc);
+ 
+ 		    /*
+ 		     * Use default paths and filename "httpsd.pem" for public
+ 		     * and private key if not specified in the config.
+ 		     * Note: don't encrypt the key with a pass phrase!
+ 		     */
+ 		    if (SSL_use_RSAPrivateKey_file(ssl_con,
+ 			    sc.ssl_key_file ? sc.ssl_key_file : ssl_file_path,
+ 			    X509_FILETYPE_PEM) <= 0) {
+ 			fprintf(stderr, "SSL_use_RSAPrivateKey_file(%s) error ",
+ 			    sc.ssl_key_file ? sc.ssl_key_file : ssl_file_path);
+ 			ERR_print_errors(stderr);
+ 			fflush(stderr);
+ 			_exit(1);
+ 		    }
+ 
+ 		    if (SSL_use_certificate_file(ssl_con,
+ 			    sc.ssl_cert_file ? sc.ssl_cert_file : ssl_file_path,
+ 			    X509_FILETYPE_PEM) <= 0) {
+ 			fprintf(stderr, "SSL_use_certificate_file(%s) error ",
+ 			    sc.ssl_cert_file ? sc.ssl_cert_file : ssl_file_path);
+ 			ERR_print_errors(stderr);
+ 			fflush(stderr);
+ 			_exit(1);
+ 		    }
+ 
+ 		    /*
+ 		     * TODO:
+ 		     * Call SSL_set_verify(ssl_con, SSL_VERIFY_..., ...)
+ 		     */
+ 
+ 		    if (SSL_accept(ssl_con) <= 0) {
+ 			fprintf(stderr, "SSL_accept error %s\n",
+ 			    ERR_error_string(ERR_get_error(), NULL));
+ 			fflush(stderr);
+ 			SSL_free(ssl_con);
+ 			_exit(1);
+ 		    }
+ 		}
+ #endif /* USE_SSL */
+ 
                  /*
                   * This no-linger stuff is borrowed from NCSA httpd code.
                   * In Linux this causes problems -- is this necessary at
***************
*** 3044,3051 ****
  
      if (sc.server_type == SERVER_TYPE_STANDALONE) {
          if (!sc.port) {
!             sc.port = 80;
!             CTRACE(stderr,"Default..... port 80 for standalone server\n");
          }
      }
      else if (sc.server_type == SERVER_TYPE_INETD) {
--- 3099,3113 ----
  
      if (sc.server_type == SERVER_TYPE_STANDALONE) {
          if (!sc.port) {
!             sc.port =
! #ifdef USE_SSL
!                 sc.use_ssl ?
!                 443
!                 :
! #endif /* SSL */
!                 80;
!             CTRACE(stderr,"Default..... port %d for standalone server\n",
!                 sc.port);
          }
      }
      else if (sc.server_type == SERVER_TYPE_INETD) {
***************
*** 3243,3248 ****
--- 3305,3326 ----
      if (status<0 && role != passive) {
          exit(status);
      }
+ 
+     ssl_con = NULL;
+ #ifdef USE_SSL
+     if (sc.use_ssl) {
+ 	SSL_load_error_strings();
+ 	ssl_ctx = (SSL_CTX *)SSL_CTX_new();
+ 	ssl_con = (SSL *)SSL_new(ssl_ctx);
+ 	sprintf(ssl_file_path, "%s/%s", X509_get_default_cert_dir(), "httpsd.pem");
+ 
+ 	if (!X509_set_default_verify_paths(ssl_ctx->cert)) {
+ 	    fprintf(stderr,"HTTPSD ERROR: cannot load certificates via X509_set_default_verify_paths\n");
+ 	    ERR_print_errors(stderr);
+ 	    exit(1);
+ 	}
+     }
+ #endif /* USE_SSL */
  
      exit(0);
      return 0;   /* NOTREACHED -- For gcc */




*** 1.1	1995/07/11 17:09:01
--- Library/Implementation/HTAAServ.c	1995/07/12 20:54:32
***************
*** 571,576 ****
--- 571,588 ----
       */
      StrAllocCopy(untranslated, HTReqArgPath);
  
+     if (sc.virtualize) {					/* JPH003 */
+         char * vpath;						/* JPH003 */
+ 								/* JPH003 */
+         vpath = (char *)malloc(1 + strlen(HTVirtualHost) +	/* JPH003 */
+                                strlen(HTReqArgPath) + 1);	/* JPH003 */
+         sprintf(vpath, "/%s%s", HTVirtualHost, HTReqArgPath);	/* JPH003 */
+         CTRACE(stderr, "Virtualize.. %s -> %s\n",		/* JPH003 */
+                HTReqArgPath, vpath);				/* JPH003 */
+         StrAllocCopy(HTReqArgPath, vpath);			/* JPH003 */
+         free(vpath);						/* JPH003 */
+     }								/* JPH003 */
+ 
      /*
      ** Translate into absolute pathname, and
      ** get protection by "protect" and "defprot" rules.
***************
*** 618,623 ****
--- 630,646 ----
  			    StrAllocCat(welcome, "/");
  			    physical = HTMulti(req, welcome, &stat_info2);
  			    free(welcome);
+ 
+                             if (physical &&			/* JPH003 */
+                                 !S_ISDIR(stat_info2.st_mode) &&	/* JPH003 */
+                                 sc.virtualize) {		/* JPH003 */
+                                 CTRACE(stderr,			/* JPH003 */
+                                   "UnVirtualize %s -> %s\n",	/* JPH003 */
+                                   HTReqArgPath,			/* JPH003 */
+                                   untranslated);		/* JPH003 */
+                                 strcpy(HTReqArgPath,		/* JPH003 */
+                                        untranslated);		/* JPH003 */
+                             }					/* JPH003 */
  
  			    if (physical && !S_ISDIR(stat_info2.st_mode)) {
  				char * escaped = HTEscape(HTReqArgPath,
*** 1.1	1995/07/14 15:49:18
--- Library/Implementation/HTConfig.c	1995/07/14 15:56:01
***************
*** 111,116 ****
--- 111,118 ----
   */
  PUBLIC void HTDefaultConfig NOARGS
  {
+     sc.virtualize = NO;						/* JPH003 */
+     sc.workers = 0;						/* JPH004 */
      sc.input_timeout = DEFAULT_INPUT_TIMEOUT;
      sc.output_timeout = DEFAULT_OUTPUT_TIMEOUT;
      sc.script_timeout = DEFAULT_SCRIPT_TIMEOUT;
***************
*** 1233,1238 ****
--- 1235,1255 ----
  	} else if (strstr(vec[0],"icon")) {	/* All *Icon* directives */
  	    icon_config(vec,c);
  
+ 	} else if (strstr(vec[0], "virtualize")) {		/* JPH003 */
+ 	    sc.virtualize = positive(vec[1]);			/* JPH003 */
+ 	    CTRACE(stderr, "Virtualize.. %s\n",			/* JPH003 */
+ 		   sc.virtualize ? "On" : "Off");		/* JPH003 */
+ 								/* JPH003 */
+ 	} else if (strstr(vec[0], "workers")) {			/* JPH004 */
+ 	    sc.workers = atoi(vec[1]);				/* JPH004 */
+ 	    if (sc.workers) {					/* JPH004 */
+ 		CTRACE(stderr,					/* JPH004 */
+ 		       "PreForking.. On, %d workers\n",		/* JPH004 */
+ 		       sc.workers);				/* JPH004 */
+ 	    } else { 						/* JPH004 */
+ 		CTRACE(stderr, "PreForking.. Off\n");		/* JPH004 */
+ 	    }							/* JPH004 */
+ 								/* JPH004 */
  	} else if (!strncmp(vec[0], "serverroot", 10)) {
  	    sc.server_root = tilde_to_home(vec[1]);
  	    HTSaveLocallyDir = sc.server_root;		/* Henrik Aug 31, 94 */
*** 1.1	1995/07/11 17:09:06
--- Library/Implementation/HTConfig.h	1995/07/12 21:50:59
***************
*** 47,52 ****
--- 47,54 ----
      int		port;			/* Default port number string	*/
      BOOL	no_bg;			/* Don't auto-go background	*/
      BOOL	standalone;		/* Am I standalone?		*/
+     BOOL	virtualize;		/* multi-home mode? */	/* JPH003 */
+     int		workers;		/* preforking mode? */	/* JPH004 */
      char *	server_root;		/* Server's "home directory"	*/
      int		security_level;		/* 0 = normal, 1 = high		*/
      char *	errormsg_path;		/* URL for error messages	*/
*** 1.1	1995/07/11 17:09:07
--- Library/Implementation/HTDaemon.c	1995/10/11 16:56:00
***************
*** 161,166 ****
--- 161,168 ----
  #include <signal.h>
  #include <sys/param.h>
  #include <errno.h>
+ #include <sys/uio.h>						/* JPH004 */
+ #include <setjmp.h>						/* JPH007 */
  
  #ifndef SIGCLD
  #ifdef SIGCHLD
***************
*** 251,256 ****
--- 253,260 ----
  /*      Server environment when handling requests
  **      -----------------------------------------
  */
+ PUBLIC jmp_buf		HTJumpEnv;				/* JPH007 */
+ PUBLIC char *           HTVirtualHost           = NULL;		/* JPH003 */
  PUBLIC char *           HTReasonLine            = NULL;
  PUBLIC int              HTSoc                   = 0;
  PUBLIC char *           HTReqLine               = NULL;
***************
*** 532,543 ****
--- 536,556 ----
  {
      if (sc.standalone) {
  #if defined(__svr4__) || defined(_POSIX_SOURCE) || defined(__hpux)
+         if (kill(-pgrp, SIGTERM) == 0) {			/* JPH001 */
+         	kill(-pgrp, SIGCONT);				/* JPH001 */
+ 		sleep(5);					/* JPH001 */
+ 	}							/* JPH001 */
          kill(-pgrp, SIGKILL);
  #else
+         if (killpg(pgrp, SIGTERM) == 0) {			/* JPH001 */
+         	killpg(pgrp, SIGCONT);				/* JPH001 */
+ 		sleep(5);					/* JPH001 */
+ 	}							/* JPH001 */
          killpg(pgrp, SIGKILL);
  #endif
          shutdown(master_soc, 2);
          close(master_soc);
+ 	exit(1);						/* JPH001 */
      }
  }
  
***************
*** 580,585 ****
--- 593,600 ----
  
  PRIVATE void sig_pipe NOARGS
  {
+     PRIVATE void clean_exit NOARGS;				/* JPH007 */
+ 
      if (!sigpipe_caught) {
          if (HTReqLine)
              HTLog_error2("Connection interrupted [SIGPIPE], req:",HTReqLine);
***************
*** 587,592 ****
--- 602,614 ----
              HTLog_error("Connection interrupted [SIGPIPE]");
      }
  
+     if (sc.workers) {						/* JPH004 */
+         CTRACE(stderr, "SIGPIPE..... ignored (pre-forking)\n");	/* JPH004 */
+         sigpipe_caught = YES;					/* JPH004 */
+         set_signals();						/* JPH004 */
+         return;							/* JPH004 */
+     }								/* JPH004 */
+ 
      if (ignore_sigpipes) {
          CTRACE(stderr, "SIGPIPE..... ignored (writing to cache)\n");
          sigpipe_caught = YES;
***************
*** 595,605 ****
      else {
          timeout_off();  /* So timeouts don't go to parent */
          CTRACE(stderr, "SIGPIPE..... caught, exiting...\n");
!         if (com_soc > 0) {
!             shutdown(com_soc, 2);
!             NETCLOSE(com_soc);
!         }
!         exit(0);
      }
  }
  
--- 617,623 ----
      else {
          timeout_off();  /* So timeouts don't go to parent */
          CTRACE(stderr, "SIGPIPE..... caught, exiting...\n");
!         clean_exit();						/* JPH007 */
      }
  }
  
***************
*** 1444,1449 ****
--- 1462,1471 ----
          shutdown(com_soc, 2);
          NETCLOSE(com_soc);
      }
+     if (sc.workers) {						/* JPH007 */
+         longjmp(HTJumpEnv, 1);					/* JPH007 */
+         HTLog_error("Worker failed to long-jump back");		/* JPH007 */
+     }								/* JPH007 */
      exit(0);
  }
  
***************
*** 1625,1630 ****
--- 1647,1666 ----
      HTVMS_enableSysPrv();
  #endif /* VMS */
  
+     if (sc.virtualize) {					/* JPH003 */
+         SockA vaddr;						/* JPH003 */
+         int vlen = sizeof(vaddr);				/* JPH003 */
+ 								/* JPH003 */
+         memset((char*)&vaddr, 0, sizeof(vaddr));		/* JPH003 */
+         getsockname(com_soc, (struct sockaddr*)&vaddr, &vlen);	/* JPH003 */
+         StrAllocCopy(HTVirtualHost, HTInetString(&vaddr));	/* JPH003 */
+         if (!HTVirtualHost || !*HTVirtualHost) {		/* JPH003 */
+ 		StrAllocCopy(HTVirtualHost, "0.0.0.0");		/* JPH003 */
+ 	}							/* JPH003 */
+         CTRACE(stderr, "Connection... via address %s\n",	/* JPH003 */
+                HTVirtualHost);					/* JPH003 */
+     }								/* JPH003 */
+ 
      out.status_code = HTAA_checkAuthorization(req);
      CTRACE(stderr, "AA.......... check returned %d\n", out.status_code);
      CTRACE(stderr, "Translated.. \"%s\"\n",
***************
*** 2063,2069 ****
  }
  #endif /* not VMS */
  
! 
  
  /*                                                    standalone_server_loop()
   *      New server_loop() for Unixes in standalone mode
--- 2099,2413 ----
  }
  #endif /* not VMS */
  
! #if !defined(VMS) && defined(FORKING)				/* JPH004 */
! PRIVATE int wait_for_work ARGS1(int, fd)			/* JPH004 */
! {								/* JPH004 */
!     struct iovec iov[1];					/* JPH004 */
!     struct msghdr msg;						/* JPH004 */
!     int passedfd = -1;		/* just in case */		/* JPH004 */
!     char dummy;							/* JPH004 */
! 								/* JPH004 */
!     iov[0].iov_base = &dummy;					/* JPH004 */
!     iov[0].iov_len = 1;						/* JPH004 */
!     msg.msg_name = NULL;					/* JPH004 */
!     msg.msg_namelen = 0;					/* JPH004 */
!     msg.msg_iov = iov;						/* JPH004 */
!     msg.msg_iovlen = 1;						/* JPH004 */
!     msg.msg_accrights = (caddr_t)&passedfd;			/* JPH004 */
!     msg.msg_accrightslen = sizeof(passedfd);			/* JPH004 */
!     while (recvmsg(fd, &msg, 0) == -1) {			/* JPH007 */
!         if (errno != EINTR) {					/* JPH007 */
!             HTLog_error("Failed to recvmsg in worker\n");	/* JPH004 */
!             _exit(1);						/* JPH004 */
!         }							/* JPH007 */
!     }								/* JPH004 */
!     return passedfd;						/* JPH004 */
! }								/* JPH004 */
! 								/* JPH004 */
! PRIVATE int work_completed ARGS1(HTWorkerStruct *, wp)		/* JPH004 */
! {								/* JPH004 */
!     return send(wp->fd, &wp->index, sizeof(wp->index), 0);	/* JPH004 */
! }								/* JPH004 */
! 								/* JPH004 */
! PRIVATE int do_work ARGS1(HTWorkerStruct *, wp)			/* JPH004 */
! {								/* JPH004 */
!     int tcp_status;						/* JPH004 */
!     static struct linger sl = {1, 600};				/* JPH004 */
!     SockA addr;							/* JPH004 */
!     int alen = sizeof(addr);					/* JPH004 */
!     char * host;						/* JPH004 */
!     int fd;							/* JPH008 */
!     int closemask = 0;						/* JPH008 */
! 								/* JPH004 */
!     for (fd = 0; fd < 32; ++fd) {				/* JPH008 */
!         closemask |= (!~fcntl(fd, F_GETFD, 0) << fd);		/* JPH008 */
!     }								/* JPH008 */
!     for (;;) {							/* JPH004 */
!         com_soc = wait_for_work(wp->fd);			/* JPH004 */
!         time(&cur_time);					/* JPH004 */
!         child_serial++;						/* JPH004 */
!         CTRACE(stderr, "Worker...... I'm awake\n");		/* JPH004 */
!         if (sc.do_linger) {					/* JPH004 */
!             setsockopt(com_soc, SOL_SOCKET, SO_LINGER,		/* JPH004 */
!                        (char*)&sl, sizeof(sl));			/* JPH004 */
!         }							/* JPH004 */
!         memset((char*)&addr, 0, sizeof(addr));			/* JPH004 */
!         getpeername(com_soc, (struct sockaddr*)&addr, &alen);	/* JPH004 */
!         host = HTInetString(&addr);				/* JPH004 */
!         if (!host || !*host) host = "0.0.0.0";			/* JPH004 */
!         StrAllocCopy(HTClientHost, host);			/* JPH004 */
!         FREE(HTClientHostName);					/* JPH004 */
!         if (sc.do_dns_lookup) {					/* JPH004 */
!             HTClientHostName = HTGetHostBySock(com_soc);	/* JPH004 */
!         }							/* JPH004 */
!         CTRACE(stderr, "Reading..... socket %d from host %s\n",	/* JPH004 */
!                com_soc, HTClientHost);				/* JPH004 */
!         remote_ident = NULL;					/* JPH004 */
!         if (sc.do_rfc931) { /* ...broken?... */ }		/* JPH004 */
!         sigpipe_caught = NO;					/* JPH004 */
!         if (setjmp(HTJumpEnv) == 0) {				/* JPH007 */
!             tcp_status = HTHandle(com_soc);			/* JPH004 */
!         }							/* JPH007 */
!         if (TRACE) {						/* JPH004 */
!             if (tcp_status < 0) {				/* JPH004 */
!                 fprintf(stderr,					/* JPH004 */
!                   "ERROR....... %d handling msg (errno=%d).\n",	/* JPH004 */
!                   tcp_status, errno);				/* JPH004 */
!             } else if (tcp_status == 0) {			/* JPH004 */
!                 fprintf(stderr,					/* JPH004 */
!                   "Socket...... %d disconnected by peer\n",	/* JPH004 */
!                   com_soc);					/* JPH004 */
!             }							/* JPH004 */
!         }							/* JPH004 */
!         shutdown(com_soc, 2);					/* JPH004 */
!         NETCLOSE(com_soc);					/* JPH004 */
!         for (fd = 0; fd < 32; ++fd) {				/* JPH008 */
!             if (closemask & (1 << fd)) close(fd);		/* JPH008 */
!         }							/* JPH008 */
!         work_completed(wp);					/* JPH004 */
!     }								/* JPH004 */
!     /*NOTREACHED*/						/* JPH004 */
! }								/* JPH004 */
! 								/* JPH004 */
! PRIVATE int getlocaldgram ARGS2(struct sockaddr_un *, sunp,	/* JPH004 */
!                                 int *, alenp)			/* JPH004 */
! {								/* JPH004 */
!     int sockfd;							/* JPH004 */
! 								/* JPH004 */
!     if ((sockfd = socket(AF_UNIX, SOCK_DGRAM, 0)) == -1) {	/* JPH004 */
!         HTLog_error("Failed to create UNIX/DGRAM socket\n");	/* JPH004 */
!         return -1;						/* JPH004 */
!     }								/* JPH004 */
!     sunp->sun_family = AF_UNIX;					/* JPH004 */
!     strcpy(sunp->sun_path, tempnam(NULL, "wwwSS"));		/* JPH004 */
!     *alenp = sizeof(sunp->sun_family) + strlen(sunp->sun_path);	/* JPH004 */
!     if (bind(sockfd, sunp, *alenp) == -1) {			/* JPH004 */
!         HTLog_error2("Failed to bind UNIX/DGRAM socket to %s",	/* JPH004 */
!                      sunp->sun_path);				/* JPH004 */
!         return -1;						/* JPH004 */
!     }								/* JPH004 */
!     return sockfd;						/* JPH004 */
! }								/* JPH004 */
! 								/* JPH004 */
! PRIVATE int make_worker ARGS3(HTWorkerStruct *, wp,		/* JPH004 */
!                               struct sockaddr_un *, bossp,	/* JPH004 */
!                               int, bosslen)			/* JPH004 */
! {								/* JPH004 */
!     wp->fd = getlocaldgram(&wp->addr, &wp->addrlen);		/* JPH004 */
!     if (wp->fd == -1) {						/* JPH004 */
!         HTLog_error("Failed to make worker process\n");		/* JPH004 */
!         return -1;						/* JPH004 */
!     }								/* JPH004 */
!     if (connect(wp->fd, bossp, bosslen) == -1) {		/* JPH004 */
!         HTLog_error("Failed to connect worker process\n");	/* JPH004 */
!         return -1;						/* JPH004 */
!     }								/* JPH004 */
!     if ((wp->pid = fork()) == 0) do_work(wp);			/* JPH004 */
!     if (wp->pid == -1) {					/* JPH004 */
!         HTLog_error("Failed to fork worker process\n");		/* JPH004 */
!     }								/* JPH004 */
!     close(wp->fd);						/* JPH004 */
!     wp->fd = -1;						/* JPH004 */
!     return (wp->pid);						/* JPH004 */
! }								/* JPH004 */
! 								/* JPH004 */
! PRIVATE int assign_work ARGS3(int, workerfd,			/* JPH004 */
!                               int, clientfd,			/* JPH004 */
!                               HTWorkerStruct *, wp)		/* JPH004 */
! {								/* JPH004 */
!     struct iovec iov[1];					/* JPH004 */
!     struct msghdr msg;						/* JPH004 */
! 								/* JPH004 */
!     iov[0].iov_base = "?";		/* any old byte */	/* JPH004 */
!     iov[0].iov_len = 1;						/* JPH004 */
!     msg.msg_name = (caddr_t)&wp->addr;				/* JPH004 */
!     msg.msg_namelen = wp->addrlen;				/* JPH004 */
!     msg.msg_iov = iov;						/* JPH004 */
!     msg.msg_iovlen = 1;						/* JPH004 */
!     msg.msg_accrights = (caddr_t)&clientfd;			/* JPH004 */
!     msg.msg_accrightslen = sizeof(clientfd);			/* JPH004 */
!     if (sendmsg(workerfd, &msg, 0) == -1) {			/* JPH004 */
!         HTLog_error("Failed to sendmsg to worker\n");		/* JPH004 */
!         return -1;						/* JPH004 */
!     }								/* JPH004 */
!     return 0;							/* JPH004 */
! }								/* JPH004 */
! 								/* JPH004 */
! PRIVATE int worker_done ARGS1(int, fd)				/* JPH004 */
! {								/* JPH004 */
!     int index = -1;			/* just in case */	/* JPH004 */
! 								/* JPH004 */
!     (void)recv(fd, &index, sizeof(index));			/* JPH004 */
!     return index;						/* JPH004 */
! }								/* JPH004 */
! 								/* JPH004 */
! 								/* JPH004 */
! /*      New server_loop() for Unixes in preforking mode */	/* JPH004 */
! 								/* JPH004 */
! PRIVATE int preforking_server_loop NOARGS			/* JPH004 */
! {								/* JPH004 */
!     int soc_addr_len = sizeof(client_soc_addr);			/* JPH004 */
!     int timeout;						/* JPH004 */
!     int worker_soc = -1;					/* JPH004 */
!     struct sockaddr_un boss;					/* JPH004 */
!     int blen;							/* JPH004 */
!     int nw = 0;							/* JPH004 */
!     HTWorkerStruct * worker = NULL;				/* JPH004 */
!     int * roster = NULL;					/* JPH004 */
!     int nIdle;							/* JPH004 */
!     int idle_index;	/* index in worker of just completed */	/* JPH004 */
!     int idle_slot;	/* and its slot in roster table */	/* JPH004 */
!     fd_set read_chans;						/* JPH004 */
!     struct timeval max_wait;					/* JPH004 */
!     int nfound;							/* JPH004 */
! 								/* JPH004 */
!     CTRACE(stderr, "ServerLoop.. Unix preforking\n");		/* JPH004 */
! 								/* JPH004 */
!     worker_soc = getlocaldgram(&boss, &blen);			/* JPH004 */
!     if (worker_soc == -1) goto fallback;			/* JPH004 */
!     worker = (HTWorkerStruct *)					/* JPH004 */
!       malloc(sc.workers * sizeof(HTWorkerStruct));		/* JPH004 */
!     if (worker == NULL) {					/* JPH004 */
!         HTLog_error("Worker alloc failed\n");			/* JPH004 */
!         goto fallback;						/* JPH004 */
!     }								/* JPH004 */
!     roster = (int *)malloc(sc.workers * sizeof(int));		/* JPH004 */
!     if (roster == NULL) {					/* JPH004 */
!         HTLog_error("Worker roster alloc failed\n");		/* JPH004 */
!         goto fallback;						/* JPH004 */
!     }								/* JPH004 */
!     for (nIdle = 0; nIdle < sc.workers; ++nIdle) {		/* JPH004 */
!         roster[nIdle] = nIdle;					/* JPH004 */
!     }								/* JPH004 */
!     for (nw = 0; nw < sc.workers; ++nw) {			/* JPH004 */
!         worker[nw].index = nw;					/* JPH004 */
!         worker[nw].slot = nw;					/* JPH004 */
!         if (make_worker(worker + nw, &boss, blen) == -1) break;	/* JPH004 */
!     }								/* JPH004 */
!     if (nw == 0) {						/* JPH004 */
!         HTLog_error("Unable to create any worker processes\n");	/* JPH004 */
!         goto fallback;						/* JPH004 */
!     }								/* JPH004 */
!     if (nw != sc.workers) {					/* JPH004 */
!         HTLog_errorN("Worker processes reduced to", nw);	/* JPH004 */
!         sc.workers = nw;					/* JPH004 */
!     }								/* JPH004 */
! 								/* JPH004 */
!     FD_ZERO(&open_sockets);					/* JPH004 */
!     FD_SET(worker_soc, &open_sockets);				/* JPH004 */
!     FD_SET(master_soc, &open_sockets);				/* JPH004 */
!     num_sockets = 1 +						/* JPH004 */
!       ((worker_soc > master_soc) ? worker_soc : master_soc);	/* JPH004 */
!     for (;;) {							/* JPH004 */
!         if (nIdle == 0) {					/* JPH004 */
!             HTLog_error("All workers busy, not accepting\n");	/* JPH004 */
!             FD_CLR(master_soc, &open_sockets);			/* JPH004 */
!         }							/* JPH004 */
!         read_chans = open_sockets;				/* JPH004 */
!         timeout = get_next_timeout();				/* JPH004 */
!         max_wait.tv_sec = timeout/100;				/* JPH004 */
!         max_wait.tv_usec = (timeout%100)*10000;			/* JPH004 */
!         timeout /= 100;						/* JPH004 */
!         if (TRACE) {						/* JPH004 */
!             fprintf(stderr,					/* JPH004 */
!               "Next timeout after %d hours %d mins %d secs\n",	/* JPH004 */
!                timeout/3600, (timeout/60)%60, timeout%60);	/* JPH004 */
!             fprintf(stderr,					/* JPH004 */
!               "Daemon...... %s (Mask=%x hex, max=%x hex).\n",	/* JPH004 */
!               "Waiting for connection",				/* JPH004 */
!               *(unsigned int *)(&read_chans),			/* JPH004 */
!               (unsigned int)num_sockets);			/* JPH004 */
!         }							/* JPH004 */
! #ifdef __hpux							/* JPH004 */
!         nfound = select(num_sockets,				/* JPH004 */
!           (int *)&read_chans, NULL, NULL,			/* JPH004 */
!           timeout > 0 ? &max_wait : NULL);			/* JPH004 */
! #else								/* JPH004 */
!         nfound = select(num_sockets,				/* JPH004 */
!           &read_chans, NULL, NULL,				/* JPH004 */
!           timeout > 0 ? &max_wait : NULL);			/* JPH004 */
! #endif								/* JPH004 */
!         if (nfound < 0) {   /* Interrupted */			/* JPH004 */
!             if (errno != EINTR) (void)HTInetStatus("select");	/* JPH004 */
!             continue;						/* JPH004 */
!         }							/* JPH004 */
!         if (nfound == 0) {  /* Timeout */			/* JPH004 */
!             CTRACE(stderr,					/* JPH004 */
!               "Time to do.. daily garbage collection\n");	/* JPH004 */
!             gc_pid = fork();					/* JPH004 */
!             if (!gc_pid) gc_and_exit(1,0);			/* JPH004 */
!             else continue;					/* JPH004 */
!         }							/* JPH004 */
!         if (FD_ISSET(worker_soc, &read_chans)) {		/* JPH004 */
!                 idle_index = worker_done(worker_soc);		/* JPH004 */
!                 if (idle_index != -1) {				/* JPH004 */
!                         idle_slot = worker[idle_index].slot;	/* JPH004 */
!                         roster[idle_slot] = roster[nIdle];	/* JPH004 */
!                         worker[roster[nIdle]].slot = idle_slot;	/* JPH004 */
!                         roster[nIdle] = idle_index;		/* JPH004 */
!                         worker[idle_index].slot = nIdle;	/* JPH004 */
!                         if (nIdle++ == 0) {			/* JPH004 */
!                             HTLog_error(			/* JPH004 */
!                               "A worker is now available\n");	/* JPH004 */
!                             FD_SET(master_soc, &open_sockets);	/* JPH004 */
!                         }					/* JPH004 */
!                 }						/* JPH004 */
!         }							/* JPH004 */
!         if (FD_ISSET(master_soc, &read_chans)) {		/* JPH004 */
!             CTRACE(stderr,					/* JPH004 */
!               "Daemon...... accepting connection...\n");	/* JPH004 */
!             com_soc = accept(master_soc,			/* JPH004 */
!               (struct sockaddr *)&client_soc_addr,		/* JPH004 */
!               &soc_addr_len);					/* JPH004 */
!             if (com_soc < 0) {					/* JPH004 */
!                 if (errno != EINTR) HTInetStatus("accept");	/* JPH004 */
!                 continue;					/* JPH004 */
!             }							/* JPH004 */
!             --nIdle;						/* JPH004 */
!             CTRACE(stderr,					/* JPH004 */
!               "Accepted.... socket %d, worker %d slot %d\n",	/* JPH004 */
!               com_soc, roster[nIdle], nIdle);			/* JPH004 */
!             assign_work(worker_soc, com_soc,			/* JPH004 */
!               worker + roster[nIdle]);				/* JPH004 */
!             NETCLOSE(com_soc);					/* JPH004 */
! #ifdef SIGTSTP  /* BSD */					/* JPH004 */
!             sig_child();	/* ??? redundant ??? */		/* JPH004 */
! #endif								/* JPH004 */
!         }							/* JPH004 */
!     } /* for loop */						/* JPH004 */
! 								/* JPH004 */
! fallback:							/* JPH004 */
!     if (worker_soc != -1) {					/* JPH004 */
!         close(worker_soc);					/* JPH004 */
!         unlink(boss.sun_path);					/* JPH004 */
!     }								/* JPH004 */
!     if (roster != NULL) free(roster);				/* JPH004 */
!     if (worker != NULL) free(worker);				/* JPH004 */
!     sc.workers = 0;						/* JPH004 */
!     HTLog_error("Falling back to non-preforking mode\n");	/* JPH004 */
!     return 1;							/* JPH004 */
! }								/* JPH004 */
! #endif								/* JPH004 */
  
  /*                                                    standalone_server_loop()
   *      New server_loop() for Unixes in standalone mode
***************
*** 2300,2305 ****
--- 2644,2652 ----
          /*
           * Use new server loop, old one is a mess.
           */
+         if ((role == master) && (sc.workers)) {			/* JPH004 */
+             preforking_server_loop();				/* JPH004 */
+         }							/* JPH004 */
          if (role == master) standalone_server_loop();
  #endif
  
***************
*** 2674,2685 ****
  #if defined(__svr4__) || defined(_POSIX_SOURCE) || defined(__hpux)
      pgrp = setsid();
  #else
!     pgrp = setpgrp(0, getpid());
  
      if ((fd = open("/dev/tty", O_RDWR)) >= 0) {
          ioctl(fd, TIOCNOTTY, (char*)NULL);      /* Lose controlling tty */
          close(fd);
      }
  #endif
      if (pgrp == -1)
          HTLog_error("Can't change process group");
--- 3021,3038 ----
  #if defined(__svr4__) || defined(_POSIX_SOURCE) || defined(__hpux)
      pgrp = setsid();
  #else
!     pgrp = (setpgrp(0, getpid()) == -1) ? -1 : getpgrp(0);	/* JPH002 */
  
      if ((fd = open("/dev/tty", O_RDWR)) >= 0) {
          ioctl(fd, TIOCNOTTY, (char*)NULL);      /* Lose controlling tty */
          close(fd);
      }
+ 
+     /* TIOCNOTTY can reset pgrp to zero! */			/* JPH002 */
+ 								/* JPH002 */
+     if (getpgrp(0) == 0) {					/* JPH002 */
+         pgrp = (setpgrp(0, getpid()) == -1) ? -1 : getpgrp(0);	/* JPH002 */
+     }								/* JPH002 */
  #endif
      if (pgrp == -1)
          HTLog_error("Can't change process group");
*** 1.1	1995/07/11 17:09:08
--- Library/Implementation/HTDaemon.h	1995/07/13 02:57:04
***************
*** 14,19 ****
--- 14,20 ----
  extern BOOL ignore_sigpipes;	/* Should we catch and ignore SIGPIPE	*/
  extern BOOL sigpipe_caught;	/* If so, have we caught a SIGPIPE	*/
  
+ extern char *		HTVirtualHost;				/* JPH003 */
  extern char *		HTClientProtocol;
  extern int		HTServerPort;
  
***************
*** 53,58 ****
--- 54,71 ----
  extern BOOL		trace_all;
  #define VTRACE		if(trace_all)fprintf
  
+ #ifdef FORKING							/* JPH004 */
+ #include <sys/un.h>						/* JPH004 */
+ 								/* JPH004 */
+ typedef struct _HTWorkerStruct {				/* JPH004 */
+     struct sockaddr_un	addr;					/* JPH004 */
+     int			addrlen;				/* JPH004 */
+     int			index;	/* into worker table */		/* JPH004 */
+     int			slot;	/* into roster table */		/* JPH004 */
+     int			pid;					/* JPH004 */
+     int			fd;	/* valid in workers only */	/* JPH004 */
+ } HTWorkerStruct;						/* JPH004 */
+ #endif								/* JPH004 */
  
  typedef struct _HTInStruct {
      BOOL	no_cache_pragma;
*** 1.1	1995/07/11 17:09:11
--- Library/Implementation/HTLog.c	1995/07/14 00:08:39
***************
*** 62,68 ****
  
      /* If we have a date format to paste on the file names. Else use default */
      time(&t);
!     gmt = gmtime(&t);
      result = malloc(strlen(filename)+DATE_EXT_LEN+2);
      if (sc.log_file_date_ext) {
  
--- 62,68 ----
  
      /* If we have a date format to paste on the file names. Else use default */
      time(&t);
!     gmt = sc.use_gmt ? gmtime(&t) : localtime(&t);		/* JPH005 */
      result = malloc(strlen(filename)+DATE_EXT_LEN+2);
      if (sc.log_file_date_ext) {
  
***************
*** 300,305 ****
--- 300,312 ----
  	}
  	else strcpy(buf, "- -");
  
+ 	if (sc.virtualize) {					/* JPH003 */
+ 	    fprintf(log, "%s %s %s %s [%s] \"%s\" %s\n",	/* JPH003 */
+ 		    HTVirtualHost,				/* JPH003 */
+ 		    n_pick(HTClientHostName,HTClientHost),	/* JPH003 */
+ 		    r_ident, authuser, log_time(),		/* JPH003 */
+ 		    n_noth(HTReqLine), buf);			/* JPH003 */
+ 	} else							/* JPH003 */
  	fprintf(log, "%s %s %s [%s] \"%s\" %s\n",
  		n_pick(HTClientHostName,HTClientHost),
  		r_ident, authuser, log_time(), n_noth(HTReqLine), buf);
*** 1.1	1995/07/11 17:09:15
--- Library/Implementation/HTScript.c	1995/07/15 01:24:04
***************
*** 833,838 ****
--- 833,839 ----
      char ** argv = NULL;
      char ** envp = NULL;
      BOOL nph_script = NO;
+     int fd;							/* JPH006 */
  
      FREE(msg);		/* From previous call */
  
***************
*** 939,944 ****
--- 940,948 ----
  	pid = fork();
  	if (pid < 0) {	/* fork() failed */
  	    char msg[100];
+ 
+             close(pin[0]),close(pin[1]);			/* JPH006 */
+             close(pout[0]),close(pout[1]);			/* JPH006 */
  	    sprintf(msg, "Internal error: fork() failed with %s script",
  		    (nph_script ? "NPH-" : HTMethod_name(req->method)));
  	    return HTLoadError(req, 500, msg);
***************
*** 954,959 ****
--- 958,964 ----
  	    ** Standalone server, redirect socket to stdin/stdout.
  	    */
  	    CTRACE(stderr, "Child....... doing IO redirections\n");
+             close(0);						/* JPH006 */
  	    if (req->content_length > 0) {	/* Need to give stdin */
  		if (pin[0] != 0) {
  		    CTRACE(stderr, "Child....... stdin from input pipe\n");
***************
*** 981,986 ****
--- 986,992 ----
  		   "Child....... Standalone specific IO redirections done.\n");
  	    CTRACE(stderr, "Child....... redirecting stderr to stdout, and then doing execve()\n");
  	    dup2(1, 2);	/* Redirect stderr to stdout */
+             for (fd = 3; fd < pout[1]; ++fd) close(fd);		/* JPH006 */
  	    if (-1 == execve(HTReqScript, argv, envp)) {
  		CTRACE(stderr, "ERROR....... execve() failed\n");
  		HTLoadError(req, 500, "Internal error: execve() failed");




*** /dev/null	Tue Feb  6 11:05:04 1996
--- WWW/README-REFERER_LOG	Tue Feb  6 13:24:53 1996
***************
*** 0 ****
--- 1,30 ----
+ Patch to add RefererLog to the configuration.
+ 
+ Apply the patch, modify WWW/All/<model>/Makefile.include (for your model
+ system) and add '-DREFERER_LOG' to CFLAGS.
+ 
+ Add the following line to your httpd.conf:
+ 
+ RefererLog	/www/logs/referer
+ 
+ The syntax is identical to that for AccessLog, in fact: for each entry
+ in the AccessLog there will be an entry in the RefererLog.
+ 
+ The format of the RefererLog is slightly different from the NCSA one
+ <URL:http://hoohoo.ncsa.uiuc.edu/docs/setup/httpd/RefererLog.html>:
+ 
+ host.some.where.org [05/Feb/1996:12:38:36 -0100] http://lycos-tmp1.psc.edu/cgi-bin/pursuit?query=something -> /
+ host.some.where.org [05/Feb/1996:12:38:55 -0100] http://www.my.domain/ -> /info/
+ some.one.else [05/Feb/1996:12:40:02 -0100] - -> /HotNews/
+ 
+ So:
+ 
+ referring-host [timestamp] referring-URL -> document
+ 
+ The referring-host and timestamp will be in the same format as in the
+ AccessLog.  If there is no referring-URL, a minus sign will be printed.
+ Anything matching the NoLog directive (so it isn't logged in the
+ AccessLog) is not logged in the RefererLog.
+ 
+ --
+ -- 19960205, Gertjan van Oosten, gertjan@West.NL, West Consulting bv
*** WWW/Daemon/Implementation/HTConfig.h.orig	Sun Sep 25 14:55:28 1994
--- WWW/Daemon/Implementation/HTConfig.h	Mon Feb  5 15:01:23 1996
***************
*** 76,81 ****
--- 76,84 ----
      BOOL	always_welcome;		/* Redirect directory names to	*/
  					/* welcome page on that dir.	*/
      char *	access_log_name;	/* Access log file name		*/
+ #ifdef REFERER_LOG
+     char *	referer_log_name;	/* Referer log file name	*/
+ #endif
      char *	proxy_log_name;		/* Proxy access log file name	*/
      char *	cache_log_name;		/* Cache access log file name	*/
      char *	error_log_name;		/* Error log file name		*/
*** WWW/Daemon/Implementation/HTConfig.c.orig	Mon Sep 26 15:22:52 1994
--- WWW/Daemon/Implementation/HTConfig.c	Mon Feb  5 15:00:35 1996
***************
*** 1675,1680 ****
--- 1675,1686 ----
  	    sc.access_log_name = tilde_to_home(vec[1]);
  	    CTRACE(stderr, "AccessLog... %s\n", sc.access_log_name);
  
+ #ifdef REFERER_LOG
+ 	} else if (!strncmp(vec[0],"refererlog",10)) {
+ 	    sc.referer_log_name = tilde_to_home(vec[1]);
+ 	    CTRACE(stderr, "RefererLog... %s\n", sc.referer_log_name);
+ 
+ #endif
  	} else if (!strncmp(vec[0],"cacheaccesslog",12)) {
  	    sc.cache_log_name = tilde_to_home(vec[1]);
  	    CTRACE(stderr, "Cache log... %s\n", sc.cache_log_name);
*** WWW/Daemon/Implementation/HTLog.h.orig	Sun Sep 25 14:55:29 1994
--- WWW/Daemon/Implementation/HTLog.h	Mon Feb  5 14:58:06 1996
***************
*** 8,13 ****
--- 8,16 ----
  PUBLIC BOOL HTLog_openAll NOPARAMS;
  PUBLIC void HTLog_closeAll NOPARAMS;
  PUBLIC void HTLog_access PARAMS((HTRequest *	req));
+ #ifdef REFERER_LOG
+ PUBLIC void HTLog_referer PARAMS((HTRequest *	req));
+ #endif
  PUBLIC void HTLog_error PARAMS((CONST char * msg));
  PUBLIC void HTLog_error2 PARAMS((CONST char *	msg,
  				 CONST char *	param));
*** WWW/Daemon/Implementation/HTLog.c.orig	Sun Sep 25 19:53:37 1994
--- WWW/Daemon/Implementation/HTLog.c	Mon Feb  5 16:02:10 1996
***************
*** 40,45 ****
--- 40,48 ----
  PRIVATE FILE *	proxy_log	= NULL;		
  PRIVATE FILE *	cache_log	= NULL;
  PRIVATE FILE *	error_log	= NULL;
+ #ifdef REFERER_LOG
+ PRIVATE FILE *	referer_log	= NULL;
+ #endif
  
  extern char * HTClientHost;
  extern char * HTClientHostName;
***************
*** 125,130 ****
--- 128,136 ----
  static access_log_times = 0;
  static error_log_times = 0;
  static cache_log_times = 0;
+ #ifdef REFERER_LOG
+ static referer_log_times = 0;
+ #endif
  
     /* flush C rtl buffers */
     fflush(fptr);
***************
*** 165,170 ****
--- 171,189 ----
  				cache_log, "shr=get","shr=put", "shr=upd");
        }
     }
+ #ifdef REFERER_LOG
+    else
+    if (fptr == referer_log)
+    {
+       referer_log_times++;
+       if (referer_log_times > TIMES_TO_REOPEN)
+       {
+          referer_log_times = 0;
+          referer_log = freopen(time_escapes(sc.referer_log_name), "a+", 
+ 				referer_log, "shr=get","shr=put", "shr=upd");
+       }
+    }
+ #endif
  
     return(1);
  }
***************
*** 316,324 ****
--- 335,378 ----
      }
  
      HTFlush(log);
+ 
+ #ifdef REFERER_LOG
+     if (log == access_log)
+ 	HTLog_referer(req);
+ #endif
  }
  
  
+ #ifdef REFERER_LOG
+ PUBLIC void HTLog_referer ARGS1(HTRequest *, req)
+ {
+     time_t t;
+     struct tm * gorl;
+     FILE * log = referer_log;
+ 
+     if (!log) return;
+ 
+     if (sc.new_logfile_format) {
+ 	fprintf(log, "%s [%s] %s -> %s\n",
+ 		n_pick(HTClientHostName,HTClientHost),
+ 		log_time(), n_hyph(HTReferer), n_noth(HTReqArg));
+     }
+     else {	/* Still old format */
+ 	time(&t);
+ 	if (sc.use_gmt)
+ 	    gorl = gmtime(&t);
+ 	else
+ 	    gorl = localtime(&t);
+ 
+ 	fprintf(log, "%24.24s %s %s -> %s\n",
+ 		asctime(gorl), HTClientHost, n_hyph(HTReferer), n_noth(HTReqArg));
+     }
+ 
+     HTFlush(log);
+ }
+ #endif /* REFERER_LOG */
+ 
+ 
  PRIVATE char * status_name NOARGS
  {
      switch (HTReason) {
***************
*** 431,436 ****
--- 485,496 ----
  	fclose(cache_log);
  	cache_log = NULL;
      }
+ #ifdef REFERER_LOG
+     if (referer_log) {
+ 	fclose(referer_log);
+ 	referer_log = NULL;
+     }
+ #endif
  }
  
  
***************
*** 467,472 ****
--- 527,535 ----
      char * aln = NULL;
      char * pln = NULL;
      char * cln = NULL;
+ #ifdef REFERER_LOG
+     char * rln = NULL;
+ #endif
      char * eln = NULL;
  
      /*
***************
*** 517,522 ****
--- 580,602 ----
  	}
      }
  
+ #ifdef REFERER_LOG
+     /*
+      * Open referer log file
+      */
+     if (sc.referer_log_name) {
+ 	rln = time_escapes(sc.referer_log_name);
+ 	referer_log = do_open(rln);
+ 	if (referer_log) {
+ 	    CTRACE(stderr, "Referer log... \"%s\" opened\n", rln);
+ 	}
+ 	else {
+ 	    HTLog_error2("Can't open referer log:", rln);
+ 	    flag = NO;
+ 	}
+     }
+ #endif
+ 
      /*
       * Open error log and flush the current error queue to it
       */
***************
*** 549,554 ****
--- 629,637 ----
      FREE(pln);
      FREE(eln);
      FREE(cln);
+ #ifdef REFERER_LOG
+     FREE(rln);
+ #endif
  
      return flag;
  }




============================================================================
README:
============================================================================

OVERVIEW

	This SSL tunneling patch for CERN httpd adds support for the
	CONNECT method used by SSL enhanced clients to open a secure
	tunnel through the proxy.

THEORY

	The CONNECT method takes

		hostname:port

	as its argument, and the request is in the form of the
	HTTP/1.0 request (that is, the string "HTTP/1.0" and the
	request headers must follow the request).  Example:

		CONNECT home1.netscape.com:443 HTTP/1.0<crlf>
		<crlf>

	The response will be either a normal HTTP/1.0 error response
	(in case the host is unreachable for one reason or another),
	or in case of success:

		HTTP/1.0 200 Connection established<crlf>
		<crlf>

	after which the connection is open, and the client may start
	the SSL handshake.

	This is a superior approach because it allows the HTTP request
	headers to be passed, making it possible to do authentication
	on the proxy, and allows any other future extension.

CONFIGURATION

	Because the configuration of CERN httpd is based on URL
	patterns, for ease of configuration, the hostname:port
	argument in automatically transformed into an internal
	representation:

		connect://hostname:port

	connect:// URLs do not exist in real life -- this is just a
	notion in the configuration file to make life easier!!

ENABLING

	SSL tunneling is disabled by default.  To enable it for HTTPS
	(uses the port 443), add the following line in the
	configuration file:

		Pass connect://*:443

	To enable secure news (SNEWS, uses port 563) tunneling, add
	line:

		Pass connect://*:563

	DO NOT use trailing slashes.  DO NOT allow all connect://
	requests, the following is unsafe:

		Pass connect://*

PROTECTION

	IP address protection should always be used in connection with
	SSL tunneling.  To create a protection template P which allows
	access only for hosts with IP addresses 198.93.*.* and
	198.95.*.*, use the template:

		Protection P {
		    CONNECT-Mask @(198.93.*.*, 198.95.*.*)
		}

	Note that this only declares a template; to actually apply the
	protection use the Protect rule, AFTER the Protection
	declaration, but BEFORE the Pass rule:

		Protect connect://* P

	Or, to collect them all together:

		Protection P {
		    CONNECT-Mask @(198.93.*.*, 198.95.*.*)
		}
		Protect	connect://* P
		Pass connect://*:443
		Pass connect://*:563

	The Protection binding to name P may be left out in case it's
	only used once, and the protection configuration may be
	inlined in place of the protection name in Protect rule:

		Protect connect://* {
		    CONNECT-Mask @(198.93.*.*, 198.95.*.*)
		}
		Pass connect://*:443
		Pass connect://*:563

	For a better insight of the CERN httpd's configuration system,
	please refer to the online manual:

		http://www.w3.org/httpd/

PROXY AUTHENTICATION

	This patch does not enable proxy authentication.  Proxy
	authentication is not supported by the CERN proxy.  Proxy
	authentication uses the status code 407, and headers
	Proxy-Authenticate and Proxy-Authorization.

	You MUST NOT try to use the Protect directive to turn on
	normal user authentication on (the one that uses the 401
	status code, and WWW-Authenticate and Authorization headers).
	That is an incorrect way to do authentication for the proxy,
	and causes compatibility and security problems.

CHAINING PROXIES

	This patch does not enable chaining proxies to do SSL
	tunneling.  More specifically, the CERN proxy with this patch
	IS able to act as the OUTMOST proxy in the chain, but it
	doesn't work if it is the inner proxy that has to speak to
	another, outer proxy to establish a secure connection through
	that.  Therefore, a combination such as inner Netscape Proxy
	and outer CERN httpd would work, but not vice versa.

THE NETSCAPE PROXY SERVER

	The Netscape Proxy Server is a commercially supported proxy
	server available from Netscape Communications Corporation.  In
	addition to it's unique, more efficient architecture, it
	natively supports proxy authentication, proxy chaining, SSL
	tunneling and HTTPS proxying, enabling also clients without
	native SSL support to use HTTPS.

AUTHOR
	Ari Luotonen, Netscape Communications Corporation, 1995
	<ari@netscape.com>

DISCLAIMER

	I do not have any official connection to the CERN httpd
	development anymore.  I have left the CERN WWW project in
	summer '94.  I do not provide any support for this software or
	this patch.  For general CERN httpd support, please contact:

		httpd@w3.org

	THIS PATCH IS PROVIDED IN GOOD FAITH, AS IS.  I AND NETSCAPE
	MAKE NO CLAIMS TO ITS SUITABILITY FOR ANY PARTICULAR PURPOSE,
	AND I AND NETSCAPE PROVIDE ABSOLUTELY NO WARRANTY OF ANY KIND
	WITH RESPECT TO THIS PATCH OR THIS SOFTWARE.  THE ENTIRE RISK
	AS TO THE QUALITY AND PERFORMANCE OF THIS SOFTWARE/PATCH IS
	WITH THE USER.  IN NO EVENT WILL I OR NETSCAPE BE LIABLE TO
	ANYONE FOR ANY DAMAGES ARISING OUT THE USE OF THIS
	SOFTWARE/PATCH, INCLUDING, WITHOUT LIMITATION, DAMAGES
	RESULTING FROM LOST DATA OR LOST PROFITS, OR FOR ANY SPECIAL,
	INCIDENTAL OR CONSEQUENTIAL DAMAGES.


============================================================================
PATCH TO WWW COMMON LIBRARY 2.17 AND CERN HTTPD 3.0:
============================================================================

*** WWW/Library/Implementation/HTAccess.c.orig	Thu Sep 29 04:53:28 1994
--- WWW/Library/Implementation/HTAccess.c	Tue May  9 13:16:50 1995
***************
*** 146,151 ****
--- 146,152 ----
      "SHOWMETHOD",
      "LINK",
      "UNLINK",
+     "CONNECT",
      NULL
  };
  
*** WWW/Library/Implementation/HTAccess.h.orig	Sun Sep 25 07:15:14 1994
--- WWW/Library/Implementation/HTAccess.h	Tue May  9 13:15:47 1995
***************
*** 60,65 ****
--- 60,66 ----
          METHOD_SHOWMETHOD,
          METHOD_LINK,
          METHOD_UNLINK,
+ 	METHOD_CONNECT,
          MAX_METHODS
  } HTMethod;
  /*
*** WWW/Daemon/Implementation/HTAAProt.h.orig	Sun Sep 25 06:55:47 1994
--- WWW/Daemon/Implementation/HTAAProt.h	Mon May 15 21:05:40 1995
***************
*** 52,57 ****
--- 52,58 ----
      GroupDef *    put_mask;     /*  - " - (PUT)                         */
      GroupDef *    post_mask;    /*  - " - (POST)                        */
      GroupDef *    delete_mask;  /*  - " - (DELETE)                      */
+     GroupDef *    connect_mask;	/*  - " - (CONNECT)			*/
      GroupDef *    gen_mask;     /* General mask (used when needed but   */
                                  /* other masks not set).                */
      HTList *      valid_schemes;/* Valid authentication schemes         */
*** WWW/Daemon/Implementation/HTAAProt.c.orig	Sun Sep 25 11:53:03 1994
--- WWW/Daemon/Implementation/HTAAProt.c	Mon May 15 21:18:05 1995
***************
*** 356,361 ****
--- 356,373 ----
  		    }
  		} /* if "Post-Mask" */
  
+ 		else if (0==strncasecomp(fieldname, "connect", 7)) {
+ 		    prot->connect_mask = HTAA_parseGroupDef(fp);
+ 		    lex_item=LEX_REC_SEP; /*groupdef parser read this already*/
+ 		    if (TRACE) {
+ 			if (prot->connect_mask) {
+ 			    fprintf(stderr, "CONNECT-Mask\n");
+ 			    HTAA_printGroupDef(prot->connect_mask);
+ 			}
+ 			else fprintf(stderr,"SYNTAX ERROR parsing CONNECT-Mask\n");
+ 		    }
+ 		} /* if "Connect-Mask" */
+ 
  		else if (0==strncasecomp(fieldname, "delete", 6)) {
  		    prot->delete_mask = HTAA_parseGroupDef(fp);
  		    lex_item=LEX_REC_SEP; /*groupdef parser read this already*/
*** WWW/Daemon/Implementation/HTAAServ.c.orig	Sun Sep 25 06:52:53 1994
--- WWW/Daemon/Implementation/HTAAServ.c	Mon May 15 21:06:18 1995
***************
*** 208,213 ****
--- 208,215 ----
  	    mask = prot->post_mask;
  	else if (!strcmp(method_name, "DELETE"))
  	    mask = prot->delete_mask;
+ 	else if (!strcmp(method_name, "CONNECT"))
+ 	    mask = prot->connect_mask;
  	if (!mask)
  	    mask = prot->gen_mask;
      }
*** WWW/Daemon/Implementation/HTRequest.c.orig	Fri Aug 12 03:36:29 1994
--- WWW/Daemon/Implementation/HTRequest.c	Mon May 15 21:32:44 1995
***************
*** 1006,1011 ****
--- 1006,1028 ----
      }
  
      /*
+      * SSL tunneling -- make host:port appear as connect://host:port
+      * to make it work better with the configuration system.
+      * Ari Luotonen <ari@netscape.com> May 1995
+      */
+     if (req->method == METHOD_CONNECT && HTReqArg) {
+ 	char *tmp = HTReqArg;
+ 	HTReqArg = NULL;
+ 	StrAllocCopy(HTReqArg, "connect://");
+ 	StrAllocCat(HTReqArg, tmp);
+ 	free(tmp);
+ 	if ((tmp = strchr(HTReqArg + 10, ':'))) {
+ 	    for (tmp++; *tmp && isdigit(*tmp); tmp++);
+ 	    *tmp = '\0';
+ 	}
+     }
+ 
+     /*
      ** Check that the third argument actually is a valid
      ** client protocol specifier (if it is not we might wait
      ** for an eternity for the rest of an HTTP1 request when it
*** WWW/Daemon/Implementation/HTDaemon.c.orig	Mon Sep 26 07:23:00 1994
--- WWW/Daemon/Implementation/HTDaemon.c	Mon Jun 12 15:58:58 1995
***************
*** 65,70 ****
--- 65,71 ----
  **			defined via "ServerRoot" in the configuration file.
  **			Commented out dead extern declarations.
  **	 8 Jul 94  FM	Insulate free() from _free structure element.
+ **	   May 95  AL   SSL tunneling support
  */
  
  /* (c) CERN WorldWideWeb project 1990-1992. See Copyright.html for details */
***************
*** 162,167 ****
--- 163,173 ----
  #include <sys/param.h>
  #include <errno.h>
  
+ #if !defined(__osf__) && !defined(AIX) && !defined(_HPUX_SOURCE) && \
+     !defined(BSDI) && !defined(__linux)
+ #include <sys/filio.h>
+ #endif
+ 
  #ifndef SIGCLD
  #ifdef SIGCHLD
  #define SIGCLD SIGCHLD
***************
*** 376,381 ****
--- 382,602 ----
  
  
  
+ /*
+  * SSL tunneling support by Ari Luotonen <ari@netscape.com>, May 1995
+  */
+ 
+ 
+ #define SSL_PROXY_BUFSIZE 4096
+ 
+ 
+ int shove_buffer ARGS4(int,	sd,
+ 		       char *,	b,
+ 		       int *,	i,
+ 		       int *,	c)
+ {
+     int n = write(sd, &b[*i], *c);
+ 
+     if (n > 0)
+       {
+ 	  *i += n;
+ 	  *c -= n;
+       }
+     else if (n == -1 && (errno == EWOULDBLOCK || errno == EINTR))
+       {
+ 	  n = 0;
+       }
+ 
+     return n;
+ }
+ 
+ int drag_buffer ARGS4(int,	sd,
+ 		      char *,	b,
+ 		      int *,	i,
+ 		      int *,	c)
+ {
+     int n = read(sd, b, SSL_PROXY_BUFSIZE);
+ 
+     *i = *c = 0;
+ 
+     if (n > 0)
+       {
+ 	  *c = n;
+       }
+     else if (n == -1 && errno != EWOULDBLOCK && errno != EINTR)
+       {
+ 	  return 0;
+       }
+     return n;
+ }
+ 
+ 
+ int ssl_proxy_pump ARGS3(int,		sd1,
+ 			 int,		sd2,
+ 			 char *,	initial)
+ {
+     char b1[SSL_PROXY_BUFSIZE];
+     char b2[SSL_PROXY_BUFSIZE];
+     int i1=0, i2=0;		/* Buffer start index */
+     int c1=0, c2=0;		/* Buffer data counter */
+     int r1=0, r2=0;		/* Socket read ready */
+     int w1=0, w2=0;		/* Socket write ready */
+     int closed1=0, closed2=0;	/* Socket close */
+     int n_fds = ((sd1 > sd2) ? sd1 : sd2) + 1;
+     fd_set rd_fds, wr_fds;
+     int status;
+ 
+     memset(&rd_fds, 0, sizeof(rd_fds));
+     memset(&wr_fds, 0, sizeof(wr_fds));
+ 
+     if (initial && *initial) {
+ 	strcpy(b1, initial);
+ 	c1 = strlen(initial);
+     }
+ 
+     while (1) {
+ 	FD_SET(sd1, &rd_fds);
+ 	FD_SET(sd2, &rd_fds);
+ 	FD_SET(sd1, &wr_fds);
+ 	FD_SET(sd2, &wr_fds);
+ 
+ 	if (!(status = select(n_fds, &rd_fds, &wr_fds, NULL, NULL)))
+ 	  {
+ 	      break;
+ 	  }
+ 	else if (status == -1)
+ 	  {
+ 	      if (errno == EINTR)
+ 		  continue;
+ 	      else
+ 		  break;
+ 	  }
+ 
+ 	r1 = FD_ISSET(sd1, &rd_fds);
+ 	r2 = FD_ISSET(sd2, &rd_fds);
+ 	w1 = FD_ISSET(sd1, &wr_fds);
+ 	w2 = FD_ISSET(sd2, &wr_fds);
+ 
+ 	if (w1 && c1 > 0)
+ 	  {
+ 	      if (shove_buffer(sd1, b1, &i1, &c1) == -1)
+ 		  closed1 = 1;
+ 	  }
+ 	if (w2 && c2 > 0)
+ 	  {
+ 	      if (shove_buffer(sd2, b2, &i2, &c2) == -1)
+ 		    closed2 = 1;
+ 	  }
+ 	if (r1 && !c2)
+ 	  {
+ 	      if (!drag_buffer(sd1, b2, &i2, &c2))
+ 		  closed1 = 1;
+ 	  }
+ 	if (r2 && !c1)
+ 	  {
+ 	      if (!drag_buffer(sd2, b1, &i1, &c1))
+ 		  closed2 = 1;
+ 	  }
+ 
+ 	if (closed1 || closed2)
+ 	  {
+ 	      break;
+ 	  }
+     }
+ 
+     NETCLOSE(sd1);
+     NETCLOSE(sd2);
+ 
+     return 1;
+ }
+ 
+ 
+ BOOL ssl_proxy_get_addr ARGS3(char *,	arg,
+ 			      char **,	host,
+ 			      int *,	port)
+ {
+     char *p;
+ 
+     if (arg && host && port && !strncmp(arg, "connect://", 10)) {
+ 
+ 	*host = NULL;
+ 	StrAllocCopy(*host, arg + 10);
+ 
+ 	if ((p = strchr(*host, ':'))) {
+ 	    *p++ = '\0';
+ 	    if ((*port = atoi(p)) > 0)
+ 		return YES;
+ 	}
+     }
+     return NO;
+ }
+ 
+ 
+ int ssl_proxy_connect ARGS3(HTRequest *,	req,
+ 			    char *,		host,
+ 			    int,		port)
+ {
+     struct sockaddr_in sa;
+     struct hostent *hp;
+     int sd, status, one=1;
+ 
+     memset(&sa, 0, sizeof(sa));
+     sa.sin_family = AF_INET;
+     sa.sin_port = htons(port);
+ 
+     if (isdigit(*host))
+ 	sa.sin_addr.s_addr = inet_addr(host);
+     else if ((hp = gethostbyname(host)))
+ 	memcpy(&sa.sin_addr, hp->h_addr, hp->h_length);
+     else {
+ 	HTLoadError(req, 500, "Unable to locate host");
+ 	return -1;
+     }
+ 
+     if ((sd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) {
+ 	HTLoadError(req, 500, "Can't create socket");
+ 	return -1;
+     }
+ 
+     if ((status = connect(sd, (struct sockaddr *)&sa, sizeof(sa))) == -1) {
+ 	HTLoadError(req, 500, "Can't connect to host");
+ 	return -1;
+     }
+ 
+     if ((status = ioctl(sd, FIONBIO, &one)) == -1) {
+ 	HTLoadError(req, 500, "Can't make socket non-blocking");
+ 	return -1;
+     }
+ 
+     return sd;
+ }
+ 
+ 
+ 
+ BOOL ssl_proxy_request ARGS2(char *, arg, HTRequest *, req)
+ {
+     char *host = NULL;
+     int port = 0;
+     int sd, one=1;
+ 
+     CTRACE(stderr, "Handling CONNECT %s\n", arg);
+ 
+     if (!ssl_proxy_get_addr(arg, &host, &port)) {
+ 	HTLoadError(req, 400, "Bad CONNECT request address");
+ 	return NO;
+     }
+ 
+     if ((sd = ssl_proxy_connect(req, host, port)) < 0)
+ 	return NO;
+ 
+     if (ioctl(HTSoc, FIONBIO, &one) < -1) {
+ 	HTLoadError(req, 500, "Can't make client socket non-blocking");
+ 	return NO;
+     }
+ 
+     ssl_proxy_pump(HTSoc, sd, "HTTP/1.0 200 Connection established\r\n\r\n");
+     return YES;
+ }
  
  
  #if defined(Mips)
***************
*** 1832,1837 ****
--- 2053,2062 ----
              }
              FREE(cfn);
          }
+ 	else if (req->method==METHOD_CONNECT) {
+ 	    /* SSL tunneling by Ari Luotonen <ari@netscape.com>, May 1995 */
+ 	    ssl_proxy_request(HTReqArg, req);
+ 	}
          else {
              /* Normal retrieve with no caching */
              CTRACE(stderr, "No caching.. %s\n",

Return to bug 6935

Line 0 Link Here

(-)w3c-httpd/patches/CacheCheckSize.patch (+147 lines)
		1	*** /dev/null Tue Feb 6 11:05:04 1996
		2	--- WWW/README-CACHE_CHECK_SIZE Tue Feb 6 13:27:32 1996
		3	***************
		4	* 0 **
		5	--- 1,11 ----
		6	+ Patch to avoid serving truncated files from the cache.
		7	+
		8	+ Apply the patch, modify WWW/All/<model>/Makefile.include (for your model
		9	+ system) and add '-DCACHE_CHECK_SIZE' to CFLAGS.
		10	+
		11	+ With the patch, the server checks the size of a file in the cache before
		12	+ returning it to the user; if the size is incorrect, the server will
		13	+ refresh the file in the cache.
		14	+
		15	+ --
		16	+ -- 19960205, Gertjan van Oosten, gertjan@West.NL, West Consulting bv
		17	*** WWW/Daemon/Implementation/HTCache.c.orig Fri Aug 12 12:36:11 1994
		18	--- WWW/Daemon/Implementation/HTCache.c Mon Feb 5 14:02:11 1996
		19	***************
		20	* 382,387 **
		21	--- 382,437 ----
		22	}
		23
		24
		25	+ #ifdef CACHE_CHECK_SIZE
		26	+ /*
		27	+ ** Check whether cache file has correct size
		28	+ **
		29	+ ** On exit:
		30	+ ** return YES
		31	+ ** if size is good
		32	+ ** return NO
		33	+ ** if size is too small or too large
		34	+ **
		35	+ */
		36	+ PRIVATE BOOL cache_check_size ARGS2(char *, cfn,
		37	+ struct stat *, stat_info)
		38	+ {
		39	+ char buf[BUF_SIZE+2];
		40	+ FILE *cf;
		41	+ long cl = 0, pos, size, actual;
		42	+
		43	+ if (!cfn)
		44	+ return NO;
		45	+
		46	+ cf = fopen(cfn, "r");
		47	+ if (!cf)
		48	+ return NO;
		49	+
		50	+ while (fgets(buf, sizeof(buf), cf)) {
		51	+ if (!buf[0]
		52	+ \|\| (buf[0] == '\n' && !buf[1])
		53	+ \|\| (buf[0] == '\r' && buf[1] == '\n' && !buf[2]))
		54	+ break;
		55	+
		56	+ if (!strncasecomp(buf, "content-length:", 15))
		57	+ sscanf(buf+15, "%ld", &cl);
		58	+ }
		59	+ pos = ftell(cf);
		60	+ fclose(cf);
		61	+
		62	+ size = stat_info->st_size;
		63	+
		64	+ actual = size - pos;
65	+ if (TRACE) {
66	+ fprintf(stderr,"Cache....... checking \"%s\": content-length %ld =?= %ld\n",
67	+ cfn,cl,actual);
68	+ }
69	+
70	+ return (cl == actual ? YES : NO);
71	+ }
72	+ #endif /* CACHE_CHECK_SIZE */
73	+
74	+
75	PRIVATE BOOL do_caching ARGS1(char *, url)
76	{
77	HTList * cur = cc.no_caching;
78	***************
79	* 460,465 **
80	--- 510,518 ----
81	time_t *, expires)
82	{
83	struct stat stat_info;
84	+ #ifdef CACHE_CHECK_SIZE
85	+ BOOL size_ok;
86	+ #endif
87
88	if (!url \|\| !cfn \|\| !cf \|\| !if_ms) return CACHE_NO;
89	*cfn = NULL;
90	***************
91	* 497,503 **
92	--- 550,563 ----
93	}
94
95	success = HTCacheInfo_for(*cfn, &ld, &lc, &ex, &mu, &lm);
96	+ #ifdef CACHE_CHECK_SIZE
97	+ /* Check whether file in cache has correct size */
98	+ size_ok = cache_check_size(*cfn, &stat_info);
99	+ #endif
100	if (!success /* no entry */
101	+ #ifdef CACHE_CHECK_SIZE
102	+ \|\| !size_ok /* wrong size */
103	+ #endif
104	\|\| ex - cc.cache_time_margin <= cur_time /* expired */
105	\|\| cur_time - lc >= refresh_interval /* time to refresh */
106	\|\| in.no_cache_pragma) { /* override cache */
107	***************
108	* 507,512 **
109	--- 567,576 ----
110	if (TRACE) {
111	if (!success)
112	fprintf(stderr, "NoEntry..... %s -- expiring\n",*cfn);
113	+ #ifdef CACHE_CHECK_SIZE
114	+ else if (!size_ok)
115	+ fprintf(stderr, "Truncated...... %s -- refresh\n",*cfn);
116	+ #endif
117	else if (in.no_cache_pragma)
118	fprintf(stderr, "Forced...... refresh of %s\n",*cfn);
119	else if (ex - cc.cache_time_margin <= cur_time)
120	***************
121	* 527,533 **
122	--- 591,601 ----
123	if (cc.cache_no_connect) {
124	CTRACE(stderr, "Standalone.. caching mode but expired\n");
125	cache_hit = YES;
126	+ #ifdef CACHE_CHECK_SIZE
127	+ return size_ok ? CACHE_IF_MODIFIED : CACHE_CREATE;
128	+ #else
129	return CACHE_IF_MODIFIED;
130	+ #endif
131	}
132
133	if (!(cf = do_lock(cfn))) {
134	***************
135	* 550,556 **
136	--- 618,628 ----
137	CTRACE(stderr,"IfModSince.. time: %s", ctime(if_ms));
138
139	free(backup);
140	+ #ifdef CACHE_CHECK_SIZE
141	+ return size_ok ? CACHE_IF_MODIFIED : CACHE_CREATE;
142	+ #else
143	return CACHE_IF_MODIFIED;
144	+ #endif
145	}
146	else {
147	CTRACE(stderr, "Cache....... not expired %s\n", *cfn);

Line 0 Link Here

(-)w3c-httpd/patches/CacheDirs.patch (+101 lines)
		1	*** /dev/null Tue Feb 6 11:05:04 1996
		2	--- WWW/README-CACHEDIRS Tue Feb 6 13:03:37 1996
		3	***************
		4	* 0 **
		5	--- 1,12 ----
		6	+ Patch to translate directory names in the cache from e.g.
		7	+ /www-cache/http/www.some.where.org/
		8	+ to
		9	+ /www-cache/http/org/where/some/www/
		10	+
		11	+ Note that this can lead to unexpected problems, when you have two URLs
		12	+ like <URL:http://some.where.org/www/> and <URL:http://www.some.where.org/>.
		13	+ [This does happen, e.g. many sites out there have "some.where.org" and
		14	+ "www.some.where.org" point to the same machine.]
		15	+
		16	+ --
		17	+ -- 19950915, Gertjan van Oosten, gertjan@West.NL, West Consulting B.V.
		18	*** WWW/Daemon/Implementation/HTCache.c.orig Fri Aug 12 12:36:11 1994
		19	--- WWW/Daemon/Implementation/HTCache.c Fri Sep 15 16:25:33 1995
		20	***************
		21	* 5,16 **
		22	--- 5,19 ----
		23	** AUTHORS:
		24	** AL Ari Luotonen luotonen@dxcern.cern.ch
		25	** FM Fote Macrides macrides@sci.wfeb.edu
		26	+ ** GJ Gertjan van Oosten gertjan@West.NL
		27	**
		28	** HISTORY:
		29	** 31 Jan 94 AL Written from scratch on a very beautiful
		30	** Sunday afternoon -- seems like the spring
		31	** is already coming, yippee!
		32	** 8 Jul 94 FM Insulate free() from _free structure element.
		33	+ ** 15 Sep 95 GJ Translate host names in cache to (reversed)
		34	+ ** directories.
		35	**
		36	** BUGS:
		37	**
		38	***************
		39	* 243,248 **
		40	--- 246,252 ----
		41	{
		42	char * access = NULL;
		43	char * host = NULL;
		44	+ char * revhost = NULL;
		45	char * path = NULL;
		46	char * cfn = NULL;
		47	BOOL welcome = NO;
		48	***************
		49	* 274,291 **
		50	cur = TOLOWER(cur);
		51	cur++;
		52	}
		53	}
		54
		55	cfn = (char*)malloc(strlen(cc.cache_root) +
		56	strlen(access) +
		57	! (host ? strlen(host) : 0) +
		58	(path ? strlen(path) : 0) +
		59	(welcome ? strlen(WELCOME_FILE) : 0) + 3);
		60	if (!cfn) outofmem(__FILE__, "cache_file_name");
		61	! sprintf(cfn, "%s/%s/%s%s%s", cc.cache_root, access, host, path,
		62	(welcome ? WELCOME_FILE : ""));
		63
		64	! FREE(access); FREE(host); FREE(path);
65
66	/*
67	** This checks that the last component is not too long.
68	--- 278,310 ----
69	cur = TOLOWER(cur);
70	cur++;
71	}
72	+ /*
73	+ ** Now transform host name from "www.some.where.org"
74	+ ** to "org/where/some/www".
75	+ ** [For nameless hosts, you'd want the IP address
76	+ ** translated from "10.127.7.254" to "10/127/7/254",
77	+ ** but that is left as an exercise.]
78	+ */
79	+ revhost = malloc(strlen(host)+1);
80	+ revhost[0] = '\0';
81	+ while (cur = strrchr(host, '.')) {
82	+ strcat(revhost, cur+1);
83	+ strcat(revhost, "/");
84	+ *cur = '\0';
85	+ }
86	+ strcat(revhost, host);
87	}
88
89	cfn = (char*)malloc(strlen(cc.cache_root) +
90	strlen(access) +
91	! (revhost ? strlen(revhost) : 0) +
92	(path ? strlen(path) : 0) +
93	(welcome ? strlen(WELCOME_FILE) : 0) + 3);
94	if (!cfn) outofmem(__FILE__, "cache_file_name");
95	! sprintf(cfn, "%s/%s/%s%s%s", cc.cache_root, access, revhost, path,
96	(welcome ? WELCOME_FILE : ""));
97
98	! FREE(access); FREE(host); FREE(revhost); FREE(path);
99
100	/*
101	** This checks that the last component is not too long.

Line 0 Link Here

(-)w3c-httpd/patches/DenyAccess.patch (+97 lines)
		1	*** /dev/null Tue Feb 6 11:05:04 1996
		2	--- WWW/README-DENYACCESS Tue Feb 6 13:11:03 1996
		3	***************
		4	* 0 **
		5	--- 1,28 ----
		6	+ Patch to allow denial of IP addresses or domain names in a protection
		7	+ mask.
		8	+
		9	+ With the patch, you can now specify patterns as:
		10	+
		11	+ Protection HEY-INTEL-NO-SECURITY-HOLES {
		12	+ Mask @(..., !132.233.., !143.183.., !137.46..)
		13	+ }
		14	+ Protect /* HEY-INTEL-NO-SECURITY-HOLES
		15	+
		16	+ The comment from the patch is:
		17	+
		18	+ ** 9 Aug 95 GJ Modified ip_in_def_list() to allow exclusions;
		19	+ ** patterns can now be e.g.
		20	+ ** @(..., !192.43.210.*)
		21	+ ** which means: allow anyone in except West.NL;
		22	+ ** the strange order of the patterns is because the
		23	+ ** access list is built back to front, so be careful
		24	+ ** to put the most restrictive patterns at the end!
		25	+ ** The old patterns still work, of course, so
		26	+ ** @(192.43.210.*)
		27	+ ** would allow only West.NL, just as
		28	+ ** @(!..., 192.43.210.*)
		29	+ ** does (remember that this is matched back-to-front
		30	+ ** by the server).
		31	+
		32	+ --
		33	+ -- 19950809, Gertjan van Oosten, gertjan@west.nl, West Consulting B.V.
		34	*** WWW/Daemon/Implementation/HTGroup.c.orig Wed May 4 21:03:24 1994
		35	--- WWW/Daemon/Implementation/HTGroup.c Wed Aug 9 10:55:57 1995
		36	***************
		37	* 8,18 **
		38	--- 8,37 ----
		39	**
		40	** AUTHORS:
		41	** AL Ari Luotonen luotonen@dxcern.cern.ch
		42	+ ** GJ Gertjan van Oosten gertjan@West.NL
		43	**
		44	** HISTORY:
		45	+ ** 9 Aug 95 GJ Modified ip_in_def_list() to allow exclusions;
		46	+ ** patterns can now be e.g.
		47	+ ** @(..., !192.43.210.*)
		48	+ ** which means: allow anyone in except West.NL;
		49	+ ** the strange order of the patterns is because the
		50	+ ** access list is built back to front, so be careful
		51	+ ** to put the most restrictive patterns at the end!
		52	+ ** The old patterns still work, of course, so
		53	+ ** @(192.43.210.*)
		54	+ ** would allow only West.NL, just as
		55	+ ** @(!..., 192.43.210.*)
		56	+ ** does (remember that this is matched back-to-front
		57	+ ** by the server).
		58	**
		59	**
		60	** BUGS:
		61	+ ** GJ The modifications in ip_in_def_list() do not treat the
		62	+ ** HTPattern as an abstract datatype; it is probably best
		63	+ ** to encapsulate these manipulations in a few extra routines
		64	+ ** in HTWild.c, but I can't be bothered.
65	+ ** A five-minute hack is a five-minute hack...
66	**
67	**
68	**
69	***************
70	* 581,590 **
71	/* Value of ref->translation is ignored, i.e. */
72	/* no recursion for ip address tamplates. */
73	HTPattern * pat = HTPattern_new(ref->name);
74	! BOOL flag = HTIpMaskMatch(pat, ip_number, ip_name);
75	HTPattern_free(pat);
76	if (flag)
77	! return YES;
78	}
79	}
80	return NO;
81	--- 600,615 ----
82	/* Value of ref->translation is ignored, i.e. */
83	/* no recursion for ip address tamplates. */
84	HTPattern * pat = HTPattern_new(ref->name);
85	! BOOL negate = ((pat->text)=='!'); / "!bla.bla.bla.bla" ? */
86	! BOOL flag;
87	! if (negate)
88	! pat->text++; /* Skip '!' */
89	! flag = HTIpMaskMatch(pat, ip_number, ip_name);
90	! if (negate)
91	! pat->text--; /* Back to '!' */
92	HTPattern_free(pat);
93	if (flag)
94	! return negate ? NO : YES;
95	}
96	}
97	return NO;

Line 0 Link Here

(-)w3c-httpd/patches/HTParse.c.patch (+28 lines)
	1	*** Library/Implementation/HTParse.c Sun Sep 25 14:53:34 1994
	2	--- Library/Implementation/HTParse.c.patch Wed Nov 9 10:42:15 1994
	3	***************
	4	* 350,360 **
	5	path = filename;
	6	if (path == '/' && (path+1)=='/') { /* Some URLs start //<foo> */
	7	path += 1;
	8	! } else if (!strncmp(path, "news:", 5)) { /* Make group lower case */
	9	! char *group = path+5;
	10	! while (group && group!='@' && *group!='/') {
	11	! group = TOLOWER(group);
	12	! group++;
	13	}
	14	if (URI_TRACE)
	15	fprintf(stderr, "into\n............ `%s'\n", filename);
	16	--- 322,333 ----
	17	path = filename;
	18	if (path == '/' && (path+1)=='/') { /* Some URLs start //<foo> */
	19	path += 1;
	20	! } else if (!strncmp(path, "news:", 5)) {
	21	! char *ptr = strchr(path+5, '@');
	22	! if (!ptr) ptr = path+5;
	23	! while (ptr) { / Make group or host lower case */
	24	! ptr = TOLOWER(ptr);
	25	! ptr++;
	26	}
	27	if (URI_TRACE)
	28	fprintf(stderr, "into\n............ `%s'\n", filename);

Line 0 Link Here

(-)w3c-httpd/patches/HTTPS.patch (+553 lines)
		1	*** /dev/null Mon Apr 15 09:53:26 1996
		2	--- WWW/README-HTTPS Mon Apr 15 10:11:26 1996
		3	***************
		4	* 0 **
		5	--- 1,45 ----
		6	+ Patch to enable SSL support, i.e. serving documents via 'https://' URLs.
		7	+ I built this using CERN httpd 3.0 with Library 2.17 and SSLeay-0.5.1b.
		8	+ For further information on CERN httpd see:
		9	+
		10	+ http://www.w3.org/pub/WWW/Daemon/
		11	+
		12	+ For further information on SSLeay see:
		13	+
		14	+ http://www.psy.uq.oz.au/~ftp/Crypto/
		15	+ ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/
		16	+ ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/
		17	+
		18	+ REMEMBER: export and/or import of crypto software or crypto hooks is
		19	+ illegal in many parts of the world.
		20	+
		21	+ Apply the patch, modify WWW/All/<model>/Makefile.include (for your model
		22	+ system) and add '-DUSE_SSL -I/usr/local/ssl/include' to CFLAGS
		23	+ and '-L/usr/local/ssl/lib -lssl -lcrypto' to LDFLAGS (fill in the
		24	+ correct paths to your SSL include files and libraries).
		25	+
		26	+ Add the following lines to your httpd.conf:
		27	+
		28	+ Port 443
		29	+ UseSSL Yes
		30	+ SSLRSAPrivateKeyFile /usr/local/ssl/certs/httpsd.pem
		31	+ SSLCertificateFile /usr/local/ssl/certs/httpsd.pem
		32	+
		33	+ If you don't have UseSSL set, or have UseSSL set to No, it won't use SSL.
		34	+
		35	+ If you don't specify SSLRSAPrivateKeyFile or SSLCertificateFile, it will
		36	+ use the default files (specific to your installation of SSL, the paths
		37	+ given in the example are from the default installation of SSLeay).
		38	+
		39	+ Important note: don't use a pass phrase to encrypt your keys, or the
		40	+ daemon won't be able to read them!
		41	+
		42	+ Run 'make certificate' to generate a self-signed certificate for testing
		43	+ purposes (set SSLTOP to the installation directory of SSLeay).
		44	+
		45	+ For more general remarks on SSLified applications, see:
		46	+
		47	+ ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/README.apps
		48	+
		49	+ --
		50	+ -- 19960410, Gertjan van Oosten, gertjan@West.NL, West Consulting B.V.
		51	*** WWW/Makefile.orig Sat Jun 11 13:52:14 1994
		52	--- WWW/Makefile Mon Apr 15 10:13:51 1996
		53	***************
		54	* 24,26 **
		55	--- 24,38 ----
		56	rm -f Daemon/[a-z0-9]*/cgiparse
		57	rm -f Daemon/[a-z0-9]*/cgiutils
		58
		59	+ #
		60	+ # Target for generating a self-signed test certificate for the SSLified
		61	+ # version of httpd (see README-HTTPS).
		62	+ #
		63	+ SSLTOP=/usr/local/ssl
		64	+ certificate:
65	+ (\
66	+ cd $(SSLTOP)/certs; \
67	+ req -new -x509 -nodes -out httpsd.pem -keyout httpsd.pem; \
68	+ ln -s httpsd.pem `x509 -noout -hash < httpsd.pem`.0 ;\
69	+ chmod 644 $(SSLTOP)/certs/httpsd.pem; \
70	+ )
71	*** WWW/Library/Implementation/HTFormat.h.orig Sun Sep 25 15:15:26 1994
72	--- WWW/Library/Implementation/HTFormat.h Wed Apr 10 17:25:38 1996
73	***************
74	* 61,66 **
75	--- 61,67 ----
76	char * input_pointer;
77	char * input_limit;
78	int input_file_number;
79	+ void * ssl_con;
80	BOOL s_do_buffering;
81	char * s_buffer;
82	int s_buffer_size;
83	*** WWW/Library/Implementation/HTFormat.c.orig Thu Sep 29 14:24:15 1994
84	--- WWW/Library/Implementation/HTFormat.c Wed Apr 10 17:25:39 1996
85	***************
86	* 51,56 **
87	--- 51,59 ----
88	#include "HTGuess.h"
89	#include "HTError.h"
90
91	+ #ifdef USE_SSL
92	+ #include <ssl.h>
93	+ #endif /* USE_SSL */
94
95	PUBLIC BOOL HTOutputSource = NO; /* Flag: shortcut parser to stdout */
96
97	***************
98	* 474,480 **
99	int ch;
100	do {
101	if (isoc-> input_pointer >= isoc->input_limit) {
102	! int status = NETREAD(
103	isoc->input_file_number,
104	isoc->input_buffer, INPUT_BUFFER_SIZE);
105	if (status <= 0) {
106	--- 477,491 ----
107	int ch;
108	do {
109	if (isoc-> input_pointer >= isoc->input_limit) {
110	! int status =
111	! #ifdef USE_SSL
112	! (isoc->ssl_con != NULL) ?
113	! SSL_read(
114	! isoc->ssl_con,
115	! isoc->input_buffer, INPUT_BUFFER_SIZE)
116	! :
117	! #endif /* USE_SSL */
118	! NETREAD(
119	isoc->input_file_number,
120	isoc->input_buffer, INPUT_BUFFER_SIZE);
121	if (status <= 0) {
122	***************
123	* 507,513 **
124	int *, len)
125	{
126	if (isoc->input_pointer >= isoc->input_limit) {
127	! int status = NETREAD(isoc->input_file_number,
128	isoc->input_buffer,
129	((*len < INPUT_BUFFER_SIZE) ?
130	*len : INPUT_BUFFER_SIZE));
131	--- 518,533 ----
132	int *, len)
133	{
134	if (isoc->input_pointer >= isoc->input_limit) {
135	! int status =
136	! #ifdef USE_SSL
137	! (isoc->ssl_con != NULL) ?
138	! SSL_read(isoc->ssl_con,
139	! isoc->input_buffer,
140	! ((*len < INPUT_BUFFER_SIZE) ?
141	! *len : INPUT_BUFFER_SIZE))
142	! :
143	! #endif /* USE_SSL */
144	! NETREAD(isoc->input_file_number,
145	isoc->input_buffer,
146	((*len < INPUT_BUFFER_SIZE) ?
147	*len : INPUT_BUFFER_SIZE));
148	***************
149	* 538,544 **
150	int status;
151
152	isoc->input_pointer = isoc->input_buffer;
153	! status = NETREAD(isoc->input_file_number,
154	isoc->input_buffer,
155	INPUT_BUFFER_SIZE);
156	if (status <= 0) {
157	--- 558,572 ----
158	int status;
159
160	isoc->input_pointer = isoc->input_buffer;
161	! status =
162	! #ifdef USE_SSL
163	! (isoc->ssl_con != NULL) ?
164	! SSL_read(isoc->ssl_con,
165	! isoc->input_buffer,
166	! INPUT_BUFFER_SIZE)
167	! :
168	! #endif /* USE_SSL */
169	! NETREAD(isoc->input_file_number,
170	isoc->input_buffer,
171	INPUT_BUFFER_SIZE);
172	if (status <= 0) {
173	*** WWW/Library/Implementation/HTWriter.h.orig Sun Sep 25 15:15:20 1994
174	--- WWW/Library/Implementation/HTWriter.h Wed Apr 10 17:25:41 1996
175	***************
176	* 17,26 **
177
178	#include "HTStream.h"
179
180	! extern HTStream * HTWriter_new PARAMS((int soc));
181	! extern HTStream * HTWriter_newNoClose PARAMS((int soc));
182
183	! extern HTStream * HTASCIIWriter PARAMS((int soc));
184
185	#endif
186
187	--- 17,26 ----
188
189	#include "HTStream.h"
190
191	! extern HTStream * HTWriter_new PARAMS((int soc, void *ssl_con));
192	! extern HTStream * HTWriter_newNoClose PARAMS((int soc, void *ssl_con));
193
194	! extern HTStream * HTASCIIWriter PARAMS((int soc, void *ssl_con));
195
196	#endif
197
198	*** WWW/Library/Implementation/HTWriter.c.orig Sun Sep 25 14:53:45 1994
199	--- WWW/Library/Implementation/HTWriter.c Wed Apr 10 17:25:40 1996
200	***************
201	* 9,14 **
202	--- 9,18 ----
203	#include "HTUtils.h"
204	#include "tcp.h"
205
206	+ #ifdef USE_SSL
207	+ #include <ssl.h>
208	+ #endif /* USE_SSL */
209	+
210	/* HTML Object
211	** -----------
212	*/
213	***************
214	* 17,22 **
215	--- 21,27 ----
216	CONST HTStreamClass * isa;
217
218	int soc;
219	+ void *ssl_con;
220	char *write_pointer;
221	char buffer[BUFFER_SIZE];
222	BOOL leave_open;
223	***************
224	* 48,54 **
225	status = NETWRITE(me->soc, me->buffer, /* Put timeout? @@@ */
226	write_pointer - read_pointer);
227	#endif /* OLD_CODE */
228	! status = NETWRITE(me->soc, read_pointer, write_pointer - read_pointer);
229	if (status<0) {
230	if(TRACE) fprintf(stderr,
231	"HTWrite: Error: write() on socket returns %d !!!\n", status);
232	--- 53,65 ----
233	status = NETWRITE(me->soc, me->buffer, /* Put timeout? @@@ */
234	write_pointer - read_pointer);
235	#endif /* OLD_CODE */
236	! status =
237	! #ifdef USE_SSL
238	! (me->ssl_con != NULL) ?
239	! SSL_write(me->ssl_con, read_pointer, write_pointer - read_pointer)
240	! :
241	! #endif /* USE_SSL */
242	! NETWRITE(me->soc, read_pointer, write_pointer - read_pointer);
243	if (status<0) {
244	if(TRACE) fprintf(stderr,
245	"HTWrite: Error: write() on socket returns %d !!!\n", status);
246	***************
247	* 110,116 **
248	}
249	#endif
250	while (read_pointer < write_pointer) {
251	! int status = NETWRITE(me->soc, read_pointer,
252	write_pointer - read_pointer);
253	if (status<0) {
254	if(TRACE) fprintf(stderr,
255	--- 121,134 ----
256	}
257	#endif
258	while (read_pointer < write_pointer) {
259	! int status =
260	! #ifdef USE_SSL
261	! (me->ssl_con != NULL) ?
262	! SSL_write(me->ssl_con, read_pointer,
263	! write_pointer - read_pointer)
264	! :
265	! #endif /* USE_SSL */
266	! NETWRITE(me->soc, read_pointer,
267	write_pointer - read_pointer);
268	if (status<0) {
269	if(TRACE) fprintf(stderr,
270	***************
271	* 161,167 **
272	** -------------------------
273	*/
274
275	! PUBLIC HTStream* HTWriter_new ARGS1(int, soc)
276	{
277	HTStream* me = (HTStream)calloc(1,sizeof(me));
278	if (me == NULL) outofmem(__FILE__, "HTML_new");
279	--- 179,185 ----
280	** -------------------------
281	*/
282
283	! PUBLIC HTStream* HTWriter_new ARGS2(int, soc, void *, ssl_con)
284	{
285	HTStream* me = (HTStream)calloc(1,sizeof(me));
286	if (me == NULL) outofmem(__FILE__, "HTML_new");
287	***************
288	* 171,183 **
289	me->make_ascii = NO;
290	#endif
291	me->soc = soc;
292	me->write_pointer = me->buffer;
293	return me;
294	}
295
296	! PUBLIC HTStream* HTWriter_newNoClose ARGS1(int, soc)
297	{
298	! HTStream * me = HTWriter_new(soc);
299	if (me) me->leave_open = YES;
300	return me;
301	}
302	--- 189,202 ----
303	me->make_ascii = NO;
304	#endif
305	me->soc = soc;
306	+ me->ssl_con = ssl_con;
307	me->write_pointer = me->buffer;
308	return me;
309	}
310
311	! PUBLIC HTStream* HTWriter_newNoClose ARGS2(int, soc, void *, ssl_con)
312	{
313	! HTStream * me = HTWriter_new(soc, ssl_con);
314	if (me) me->leave_open = YES;
315	return me;
316	}
317	***************
318	* 187,193 **
319	** -------------------------
320	*/
321
322	! PUBLIC HTStream* HTASCIIWriter ARGS1(int, soc)
323	{
324	HTStream* me = (HTStream)calloc(1,sizeof(me));
325	if (me == NULL) outofmem(__FILE__, "HTML_new");
326	--- 206,212 ----
327	** -------------------------
328	*/
329
330	! PUBLIC HTStream* HTASCIIWriter ARGS2(int, soc, void *, ssl_con)
331	{
332	HTStream* me = (HTStream)calloc(1,sizeof(me));
333	if (me == NULL) outofmem(__FILE__, "HTML_new");
334	***************
335	* 197,202 **
336	--- 216,222 ----
337	me->make_ascii = YES;
338	#endif
339	me->soc = soc;
340	+ me->ssl_con = ssl_con;
341	me->write_pointer = me->buffer;
342	return me;
343	}
344	*** WWW/Daemon/Implementation/HTConfig.h.orig Sun Sep 25 14:55:28 1994
345	--- WWW/Daemon/Implementation/HTConfig.h Wed Apr 10 17:17:09 1996
346	***************
347	* 45,50 **
348	--- 45,53 ----
349	char * hostname; /* Used for CGI scripts */
350	HTServType server_type; /* Standalone or inetd */
351	int port; /* Default port number string */
352	+ BOOL use_ssl; /* Am I an https server? */
353	+ char * ssl_key_file; /* RSA private key file */
354	+ char * ssl_cert_file; /* Certificate file */
355	BOOL no_bg; /* Don't auto-go background */
356	BOOL standalone; /* Am I standalone? */
357	char * server_root; /* Server's "home directory" */
358	*** WWW/Daemon/Implementation/HTConfig.c.orig Mon Sep 26 15:22:52 1994
359	--- WWW/Daemon/Implementation/HTConfig.c Wed Apr 10 17:17:09 1996
360	***************
361	* 115,120 **
362	--- 115,123 ----
363	sc.output_timeout = DEFAULT_OUTPUT_TIMEOUT;
364	sc.script_timeout = DEFAULT_SCRIPT_TIMEOUT;
365	sc.do_accept_hack = YES;
366	+ sc.use_ssl = NO;
367	+ sc.ssl_key_file = NULL;
368	+ sc.ssl_cert_file = NULL;
369	sc.disabled[ (int)METHOD_PUT ] = YES;
370	sc.disabled[ (int)METHOD_DELETE ] = YES;
371	sc.disabled[ (int)METHOD_CHECKIN ] = YES;
372	***************
373	* 1819,1824 **
374	--- 1822,1839 ----
375	}
376	}
377
378	+ #ifdef USE_SSL
379	+ } else if (!strcmp(vec[0], "usessl")) {
380	+ sc.use_ssl = positive(vec[1]);
381	+ CTRACE(stderr,"SSL......... %sabled\n",
382	+ sc.use_ssl ? "en" : "dis");
383	+ } else if (!strcmp(vec[0], "sslrsaprivatekeyfile")) {
384	+ sc.ssl_key_file = tilde_to_home(vec[1]);
385	+ CTRACE(stderr, "SSLKeyFile.. %s\n", sc.ssl_key_file);
386	+ } else if (!strcmp(vec[0], "sslcertificatefile")) {
387	+ sc.ssl_cert_file = tilde_to_home(vec[1]);
388	+ CTRACE(stderr, "SSLCertFile. %s\n", sc.ssl_cert_file);
389	+ #endif /* USE_SSL */
390	} else if (!strncmp(vec[0],"pidfile",7)) {
391	sc.pid_file = tilde_to_home(vec[1]);
392	CTRACE(stderr, "PidFile..... %s\n", sc.pid_file);
393	*** WWW/Daemon/Implementation/HTDaemon.c.orig Mon Sep 26 15:23:00 1994
394	--- WWW/Daemon/Implementation/HTDaemon.c Wed Apr 10 17:17:11 1996
395	***************
396	* 193,198 **
397	--- 193,202 ----
398	#endif
399
400
401	+ #ifdef USE_SSL
402	+ #include <ssl.h>
403	+ #endif /* USE_SSL */
404	+
405
406	#ifdef VMS
407	#define gc()
408	***************
409	* 228,233 **
410	--- 232,243 ----
411	#endif /* FORKING */
412	PRIVATE int script_pid = 0;
413
414	+ #ifdef USE_SSL
415	+ SSL_CTX *ssl_ctx;
416	+ char ssl_file_path[1024];
417	+ #endif /* USE_SSL */
418	+ void *ssl_con;
419	+
420	/* Program-Global Variables
421	** ------------------------
422	*/
423	***************
424	* 1559,1564 **
425	--- 1569,1575 ----
426	reset_server_env();
427
428	isoc = HTInputSocket_new(soc);
429	+ isoc->ssl_con = ssl_con;
430
431	input_timeout_on();
432	req = HTParseRequest(isoc);
433	***************
434	* 1571,1577 **
435
436	HTSoc = soc;
437	req->isoc = isoc;
438	! req->output_stream = HTWriter_newNoClose(soc);
439
440	if (req->method == METHOD_INVALID) {
441	if (HTReqLine) {
442	--- 1582,1588 ----
443
444	HTSoc = soc;
445	req->isoc = isoc;
446	! req->output_stream = HTWriter_newNoClose(soc, isoc->ssl_con);
447
448	if (req->method == METHOD_INVALID) {
449	if (HTReqLine) {
450	***************
451	* 2183,2188 **
452	--- 2194,2243 ----
453	CTRACE(stderr, "Child....... I'%s\n",
454	do_gc ? "ll do gc upon exit" : "m alive");
455
456	+ #ifdef USE_SSL
457	+ if (sc.use_ssl) {
458	+ SSL_set_fd(ssl_con, com_soc);
459	+
460	+ /*
461	+ * Use default paths and filename "httpsd.pem" for public
462	+ * and private key if not specified in the config.
463	+ * Note: don't encrypt the key with a pass phrase!
464	+ */
465	+ if (SSL_use_RSAPrivateKey_file(ssl_con,
466	+ sc.ssl_key_file ? sc.ssl_key_file : ssl_file_path,
467	+ X509_FILETYPE_PEM) <= 0) {
468	+ fprintf(stderr, "SSL_use_RSAPrivateKey_file(%s) error ",
469	+ sc.ssl_key_file ? sc.ssl_key_file : ssl_file_path);
470	+ ERR_print_errors(stderr);
471	+ fflush(stderr);
472	+ _exit(1);
473	+ }
474	+
475	+ if (SSL_use_certificate_file(ssl_con,
476	+ sc.ssl_cert_file ? sc.ssl_cert_file : ssl_file_path,
477	+ X509_FILETYPE_PEM) <= 0) {
478	+ fprintf(stderr, "SSL_use_certificate_file(%s) error ",
479	+ sc.ssl_cert_file ? sc.ssl_cert_file : ssl_file_path);
480	+ ERR_print_errors(stderr);
481	+ fflush(stderr);
482	+ _exit(1);
483	+ }
484	+
485	+ /*
486	+ * TODO:
487	+ * Call SSL_set_verify(ssl_con, SSL_VERIFY_..., ...)
488	+ */
489	+
490	+ if (SSL_accept(ssl_con) <= 0) {
491	+ fprintf(stderr, "SSL_accept error %s\n",
492	+ ERR_error_string(ERR_get_error(), NULL));
493	+ fflush(stderr);
494	+ SSL_free(ssl_con);
495	+ _exit(1);
496	+ }
497	+ }
498	+ #endif /* USE_SSL */
499	+
500	/*
501	* This no-linger stuff is borrowed from NCSA httpd code.
502	* In Linux this causes problems -- is this necessary at
503	***************
504	* 3044,3051 **
505
506	if (sc.server_type == SERVER_TYPE_STANDALONE) {
507	if (!sc.port) {
508	! sc.port = 80;
509	! CTRACE(stderr,"Default..... port 80 for standalone server\n");
510	}
511	}
512	else if (sc.server_type == SERVER_TYPE_INETD) {
513	--- 3099,3113 ----
514
515	if (sc.server_type == SERVER_TYPE_STANDALONE) {
516	if (!sc.port) {
517	! sc.port =
518	! #ifdef USE_SSL
519	! sc.use_ssl ?
520	! 443
521	! :
522	! #endif /* SSL */
523	! 80;
524	! CTRACE(stderr,"Default..... port %d for standalone server\n",
525	! sc.port);
526	}
527	}
528	else if (sc.server_type == SERVER_TYPE_INETD) {
529	***************
530	* 3243,3248 **
531	--- 3305,3326 ----
532	if (status<0 && role != passive) {
533	exit(status);
534	}
535	+
536	+ ssl_con = NULL;
537	+ #ifdef USE_SSL
538	+ if (sc.use_ssl) {
539	+ SSL_load_error_strings();
540	+ ssl_ctx = (SSL_CTX *)SSL_CTX_new();
541	+ ssl_con = (SSL *)SSL_new(ssl_ctx);
542	+ sprintf(ssl_file_path, "%s/%s", X509_get_default_cert_dir(), "httpsd.pem");
543	+
544	+ if (!X509_set_default_verify_paths(ssl_ctx->cert)) {
545	+ fprintf(stderr,"HTTPSD ERROR: cannot load certificates via X509_set_default_verify_paths\n");
546	+ ERR_print_errors(stderr);
547	+ exit(1);
548	+ }
549	+ }
550	+ #endif /* USE_SSL */
551
552	exit(0);
553	return 0; /* NOTREACHED -- For gcc */

Line 0 Link Here

(-)w3c-httpd/patches/RefererLog.patch (+240 lines)
		1	*** /dev/null Tue Feb 6 11:05:04 1996
		2	--- WWW/README-REFERER_LOG Tue Feb 6 13:24:53 1996
		3	***************
		4	* 0 **
		5	--- 1,30 ----
		6	+ Patch to add RefererLog to the configuration.
		7	+
		8	+ Apply the patch, modify WWW/All/<model>/Makefile.include (for your model
		9	+ system) and add '-DREFERER_LOG' to CFLAGS.
		10	+
		11	+ Add the following line to your httpd.conf:
		12	+
		13	+ RefererLog /www/logs/referer
		14	+
		15	+ The syntax is identical to that for AccessLog, in fact: for each entry
		16	+ in the AccessLog there will be an entry in the RefererLog.
		17	+
		18	+ The format of the RefererLog is slightly different from the NCSA one
		19	+ <URL:http://hoohoo.ncsa.uiuc.edu/docs/setup/httpd/RefererLog.html>:
		20	+
		21	+ host.some.where.org [05/Feb/1996:12:38:36 -0100] http://lycos-tmp1.psc.edu/cgi-bin/pursuit?query=something -> /
		22	+ host.some.where.org [05/Feb/1996:12:38:55 -0100] http://www.my.domain/ -> /info/
		23	+ some.one.else [05/Feb/1996:12:40:02 -0100] - -> /HotNews/
		24	+
		25	+ So:
		26	+
		27	+ referring-host [timestamp] referring-URL -> document
		28	+
		29	+ The referring-host and timestamp will be in the same format as in the
		30	+ AccessLog. If there is no referring-URL, a minus sign will be printed.
		31	+ Anything matching the NoLog directive (so it isn't logged in the
		32	+ AccessLog) is not logged in the RefererLog.
		33	+
		34	+ --
		35	+ -- 19960205, Gertjan van Oosten, gertjan@West.NL, West Consulting bv
		36	*** WWW/Daemon/Implementation/HTConfig.h.orig Sun Sep 25 14:55:28 1994
		37	--- WWW/Daemon/Implementation/HTConfig.h Mon Feb 5 15:01:23 1996
		38	***************
		39	* 76,81 **
		40	--- 76,84 ----
		41	BOOL always_welcome; /* Redirect directory names to */
		42	/* welcome page on that dir. */
		43	char * access_log_name; /* Access log file name */
		44	+ #ifdef REFERER_LOG
		45	+ char * referer_log_name; /* Referer log file name */
		46	+ #endif
		47	char * proxy_log_name; /* Proxy access log file name */
		48	char * cache_log_name; /* Cache access log file name */
		49	char * error_log_name; /* Error log file name */
		50	*** WWW/Daemon/Implementation/HTConfig.c.orig Mon Sep 26 15:22:52 1994
		51	--- WWW/Daemon/Implementation/HTConfig.c Mon Feb 5 15:00:35 1996
		52	***************
		53	* 1675,1680 **
		54	--- 1675,1686 ----
		55	sc.access_log_name = tilde_to_home(vec[1]);
		56	CTRACE(stderr, "AccessLog... %s\n", sc.access_log_name);
		57
		58	+ #ifdef REFERER_LOG
		59	+ } else if (!strncmp(vec[0],"refererlog",10)) {
		60	+ sc.referer_log_name = tilde_to_home(vec[1]);
		61	+ CTRACE(stderr, "RefererLog... %s\n", sc.referer_log_name);
		62	+
		63	+ #endif
		64	} else if (!strncmp(vec[0],"cacheaccesslog",12)) {
65	sc.cache_log_name = tilde_to_home(vec[1]);
66	CTRACE(stderr, "Cache log... %s\n", sc.cache_log_name);
67	*** WWW/Daemon/Implementation/HTLog.h.orig Sun Sep 25 14:55:29 1994
68	--- WWW/Daemon/Implementation/HTLog.h Mon Feb 5 14:58:06 1996
69	***************
70	* 8,13 **
71	--- 8,16 ----
72	PUBLIC BOOL HTLog_openAll NOPARAMS;
73	PUBLIC void HTLog_closeAll NOPARAMS;
74	PUBLIC void HTLog_access PARAMS((HTRequest * req));
75	+ #ifdef REFERER_LOG
76	+ PUBLIC void HTLog_referer PARAMS((HTRequest * req));
77	+ #endif
78	PUBLIC void HTLog_error PARAMS((CONST char * msg));
79	PUBLIC void HTLog_error2 PARAMS((CONST char * msg,
80	CONST char * param));
81	*** WWW/Daemon/Implementation/HTLog.c.orig Sun Sep 25 19:53:37 1994
82	--- WWW/Daemon/Implementation/HTLog.c Mon Feb 5 16:02:10 1996
83	***************
84	* 40,45 **
85	--- 40,48 ----
86	PRIVATE FILE * proxy_log = NULL;
87	PRIVATE FILE * cache_log = NULL;
88	PRIVATE FILE * error_log = NULL;
89	+ #ifdef REFERER_LOG
90	+ PRIVATE FILE * referer_log = NULL;
91	+ #endif
92
93	extern char * HTClientHost;
94	extern char * HTClientHostName;
95	***************
96	* 125,130 **
97	--- 128,136 ----
98	static access_log_times = 0;
99	static error_log_times = 0;
100	static cache_log_times = 0;
101	+ #ifdef REFERER_LOG
102	+ static referer_log_times = 0;
103	+ #endif
104
105	/* flush C rtl buffers */
106	fflush(fptr);
107	***************
108	* 165,170 **
109	--- 171,189 ----
110	cache_log, "shr=get","shr=put", "shr=upd");
111	}
112	}
113	+ #ifdef REFERER_LOG
114	+ else
115	+ if (fptr == referer_log)
116	+ {
117	+ referer_log_times++;
118	+ if (referer_log_times > TIMES_TO_REOPEN)
119	+ {
120	+ referer_log_times = 0;
121	+ referer_log = freopen(time_escapes(sc.referer_log_name), "a+",
122	+ referer_log, "shr=get","shr=put", "shr=upd");
123	+ }
124	+ }
125	+ #endif
126
127	return(1);
128	}
129	***************
130	* 316,324 **
131	--- 335,378 ----
132	}
133
134	HTFlush(log);
135	+
136	+ #ifdef REFERER_LOG
137	+ if (log == access_log)
138	+ HTLog_referer(req);
139	+ #endif
140	}
141
142
143	+ #ifdef REFERER_LOG
144	+ PUBLIC void HTLog_referer ARGS1(HTRequest *, req)
145	+ {
146	+ time_t t;
147	+ struct tm * gorl;
148	+ FILE * log = referer_log;
149	+
150	+ if (!log) return;
151	+
152	+ if (sc.new_logfile_format) {
153	+ fprintf(log, "%s [%s] %s -> %s\n",
154	+ n_pick(HTClientHostName,HTClientHost),
155	+ log_time(), n_hyph(HTReferer), n_noth(HTReqArg));
156	+ }
157	+ else { /* Still old format */
158	+ time(&t);
159	+ if (sc.use_gmt)
160	+ gorl = gmtime(&t);
161	+ else
162	+ gorl = localtime(&t);
163	+
164	+ fprintf(log, "%24.24s %s %s -> %s\n",
165	+ asctime(gorl), HTClientHost, n_hyph(HTReferer), n_noth(HTReqArg));
166	+ }
167	+
168	+ HTFlush(log);
169	+ }
170	+ #endif /* REFERER_LOG */
171	+
172	+
173	PRIVATE char * status_name NOARGS
174	{
175	switch (HTReason) {
176	***************
177	* 431,436 **
178	--- 485,496 ----
179	fclose(cache_log);
180	cache_log = NULL;
181	}
182	+ #ifdef REFERER_LOG
183	+ if (referer_log) {
184	+ fclose(referer_log);
185	+ referer_log = NULL;
186	+ }
187	+ #endif
188	}
189
190
191	***************
192	* 467,472 **
193	--- 527,535 ----
194	char * aln = NULL;
195	char * pln = NULL;
196	char * cln = NULL;
197	+ #ifdef REFERER_LOG
198	+ char * rln = NULL;
199	+ #endif
200	char * eln = NULL;
201
202	/*
203	***************
204	* 517,522 **
205	--- 580,602 ----
206	}
207	}
208
209	+ #ifdef REFERER_LOG
210	+ /*
211	+ * Open referer log file
212	+ */
213	+ if (sc.referer_log_name) {
214	+ rln = time_escapes(sc.referer_log_name);
215	+ referer_log = do_open(rln);
216	+ if (referer_log) {
217	+ CTRACE(stderr, "Referer log... \"%s\" opened\n", rln);
218	+ }
219	+ else {
220	+ HTLog_error2("Can't open referer log:", rln);
221	+ flag = NO;
222	+ }
223	+ }
224	+ #endif
225	+
226	/*
227	* Open error log and flush the current error queue to it
228	*/
229	***************
230	* 549,554 **
231	--- 629,637 ----
232	FREE(pln);
233	FREE(eln);
234	FREE(cln);
235	+ #ifdef REFERER_LOG
236	+ FREE(rln);
237	+ #endif
238
239	return flag;
240	}

Line 0 Link Here

(-)w3c-httpd/patches/SSL.patch (+532 lines)
		1	============================================================================
		2	README:
		3	============================================================================
		4
		5	OVERVIEW
		6
		7	This SSL tunneling patch for CERN httpd adds support for the
		8	CONNECT method used by SSL enhanced clients to open a secure
		9	tunnel through the proxy.
		10
		11	THEORY
		12
		13	The CONNECT method takes
		14
		15	hostname:port
		16
		17	as its argument, and the request is in the form of the
		18	HTTP/1.0 request (that is, the string "HTTP/1.0" and the
		19	request headers must follow the request). Example:
		20
		21	CONNECT home1.netscape.com:443 HTTP/1.0<crlf>
		22	<crlf>
		23
		24	The response will be either a normal HTTP/1.0 error response
		25	(in case the host is unreachable for one reason or another),
		26	or in case of success:
		27
		28	HTTP/1.0 200 Connection established<crlf>
		29	<crlf>
		30
		31	after which the connection is open, and the client may start
		32	the SSL handshake.
		33
		34	This is a superior approach because it allows the HTTP request
		35	headers to be passed, making it possible to do authentication
		36	on the proxy, and allows any other future extension.
		37
		38	CONFIGURATION
		39
		40	Because the configuration of CERN httpd is based on URL
		41	patterns, for ease of configuration, the hostname:port
		42	argument in automatically transformed into an internal
		43	representation:
		44
		45	connect://hostname:port
		46
		47	connect:// URLs do not exist in real life -- this is just a
		48	notion in the configuration file to make life easier!!
		49
		50	ENABLING
		51
		52	SSL tunneling is disabled by default. To enable it for HTTPS
		53	(uses the port 443), add the following line in the
		54	configuration file:
		55
		56	Pass connect://*:443
		57
		58	To enable secure news (SNEWS, uses port 563) tunneling, add
		59	line:
		60
		61	Pass connect://*:563
		62
		63	DO NOT use trailing slashes. DO NOT allow all connect://
		64	requests, the following is unsafe:
65
66	Pass connect://*
67
68	PROTECTION
69
70	IP address protection should always be used in connection with
71	SSL tunneling. To create a protection template P which allows
72	access only for hosts with IP addresses 198.93.. and
73	198.95.., use the template:
74
75	Protection P {
76	CONNECT-Mask @(198.93.., 198.95..)
77	}
78
79	Note that this only declares a template; to actually apply the
80	protection use the Protect rule, AFTER the Protection
81	declaration, but BEFORE the Pass rule:
82
83	Protect connect://* P
84
85	Or, to collect them all together:
86
87	Protection P {
88	CONNECT-Mask @(198.93.., 198.95..)
89	}
90	Protect connect://* P
91	Pass connect://*:443
92	Pass connect://*:563
93
94	The Protection binding to name P may be left out in case it's
95	only used once, and the protection configuration may be
96	inlined in place of the protection name in Protect rule:
97
98	Protect connect://* {
99	CONNECT-Mask @(198.93.., 198.95..)
100	}
101	Pass connect://*:443
102	Pass connect://*:563
103
104	For a better insight of the CERN httpd's configuration system,
105	please refer to the online manual:
106
107	http://www.w3.org/httpd/
108
109	PROXY AUTHENTICATION
110
111	This patch does not enable proxy authentication. Proxy
112	authentication is not supported by the CERN proxy. Proxy
113	authentication uses the status code 407, and headers
114	Proxy-Authenticate and Proxy-Authorization.
115
116	You MUST NOT try to use the Protect directive to turn on
117	normal user authentication on (the one that uses the 401
118	status code, and WWW-Authenticate and Authorization headers).
119	That is an incorrect way to do authentication for the proxy,
120	and causes compatibility and security problems.
121
122	CHAINING PROXIES
123
124	This patch does not enable chaining proxies to do SSL
125	tunneling. More specifically, the CERN proxy with this patch
126	IS able to act as the OUTMOST proxy in the chain, but it
127	doesn't work if it is the inner proxy that has to speak to
128	another, outer proxy to establish a secure connection through
129	that. Therefore, a combination such as inner Netscape Proxy
130	and outer CERN httpd would work, but not vice versa.
131
132	THE NETSCAPE PROXY SERVER
133
134	The Netscape Proxy Server is a commercially supported proxy
135	server available from Netscape Communications Corporation. In
136	addition to it's unique, more efficient architecture, it
137	natively supports proxy authentication, proxy chaining, SSL
138	tunneling and HTTPS proxying, enabling also clients without
139	native SSL support to use HTTPS.
140
141	AUTHOR
142	Ari Luotonen, Netscape Communications Corporation, 1995
143	<ari@netscape.com>
144
145	DISCLAIMER
146
147	I do not have any official connection to the CERN httpd
148	development anymore. I have left the CERN WWW project in
149	summer '94. I do not provide any support for this software or
150	this patch. For general CERN httpd support, please contact:
151
152	httpd@w3.org
153
154	THIS PATCH IS PROVIDED IN GOOD FAITH, AS IS. I AND NETSCAPE
155	MAKE NO CLAIMS TO ITS SUITABILITY FOR ANY PARTICULAR PURPOSE,
156	AND I AND NETSCAPE PROVIDE ABSOLUTELY NO WARRANTY OF ANY KIND
157	WITH RESPECT TO THIS PATCH OR THIS SOFTWARE. THE ENTIRE RISK
158	AS TO THE QUALITY AND PERFORMANCE OF THIS SOFTWARE/PATCH IS
159	WITH THE USER. IN NO EVENT WILL I OR NETSCAPE BE LIABLE TO
160	ANYONE FOR ANY DAMAGES ARISING OUT THE USE OF THIS
161	SOFTWARE/PATCH, INCLUDING, WITHOUT LIMITATION, DAMAGES
162	RESULTING FROM LOST DATA OR LOST PROFITS, OR FOR ANY SPECIAL,
163	INCIDENTAL OR CONSEQUENTIAL DAMAGES.
164
165
166	============================================================================
167	PATCH TO WWW COMMON LIBRARY 2.17 AND CERN HTTPD 3.0:
168	============================================================================
169
170	*** WWW/Library/Implementation/HTAccess.c.orig Thu Sep 29 04:53:28 1994
171	--- WWW/Library/Implementation/HTAccess.c Tue May 9 13:16:50 1995
172	***************
173	* 146,151 **
174	--- 146,152 ----
175	"SHOWMETHOD",
176	"LINK",
177	"UNLINK",
178	+ "CONNECT",
179	NULL
180	};
181
182	*** WWW/Library/Implementation/HTAccess.h.orig Sun Sep 25 07:15:14 1994
183	--- WWW/Library/Implementation/HTAccess.h Tue May 9 13:15:47 1995
184	***************
185	* 60,65 **
186	--- 60,66 ----
187	METHOD_SHOWMETHOD,
188	METHOD_LINK,
189	METHOD_UNLINK,
190	+ METHOD_CONNECT,
191	MAX_METHODS
192	} HTMethod;
193	/*
194	*** WWW/Daemon/Implementation/HTAAProt.h.orig Sun Sep 25 06:55:47 1994
195	--- WWW/Daemon/Implementation/HTAAProt.h Mon May 15 21:05:40 1995
196	***************
197	* 52,57 **
198	--- 52,58 ----
199	GroupDef * put_mask; /* - " - (PUT) */
200	GroupDef * post_mask; /* - " - (POST) */
201	GroupDef * delete_mask; /* - " - (DELETE) */
202	+ GroupDef * connect_mask; /* - " - (CONNECT) */
203	GroupDef * gen_mask; /* General mask (used when needed but */
204	/* other masks not set). */
205	HTList * valid_schemes;/* Valid authentication schemes */
206	*** WWW/Daemon/Implementation/HTAAProt.c.orig Sun Sep 25 11:53:03 1994
207	--- WWW/Daemon/Implementation/HTAAProt.c Mon May 15 21:18:05 1995
208	***************
209	* 356,361 **
210	--- 356,373 ----
211	}
212	} /* if "Post-Mask" */
213
214	+ else if (0==strncasecomp(fieldname, "connect", 7)) {
215	+ prot->connect_mask = HTAA_parseGroupDef(fp);
216	+ lex_item=LEX_REC_SEP; /groupdef parser read this already/
217	+ if (TRACE) {
218	+ if (prot->connect_mask) {
219	+ fprintf(stderr, "CONNECT-Mask\n");
220	+ HTAA_printGroupDef(prot->connect_mask);
221	+ }
222	+ else fprintf(stderr,"SYNTAX ERROR parsing CONNECT-Mask\n");
223	+ }
224	+ } /* if "Connect-Mask" */
225	+
226	else if (0==strncasecomp(fieldname, "delete", 6)) {
227	prot->delete_mask = HTAA_parseGroupDef(fp);
228	lex_item=LEX_REC_SEP; /groupdef parser read this already/
229	*** WWW/Daemon/Implementation/HTAAServ.c.orig Sun Sep 25 06:52:53 1994
230	--- WWW/Daemon/Implementation/HTAAServ.c Mon May 15 21:06:18 1995
231	***************
232	* 208,213 **
233	--- 208,215 ----
234	mask = prot->post_mask;
235	else if (!strcmp(method_name, "DELETE"))
236	mask = prot->delete_mask;
237	+ else if (!strcmp(method_name, "CONNECT"))
238	+ mask = prot->connect_mask;
239	if (!mask)
240	mask = prot->gen_mask;
241	}
242	*** WWW/Daemon/Implementation/HTRequest.c.orig Fri Aug 12 03:36:29 1994
243	--- WWW/Daemon/Implementation/HTRequest.c Mon May 15 21:32:44 1995
244	***************
245	* 1006,1011 **
246	--- 1006,1028 ----
247	}
248
249	/*
250	+ * SSL tunneling -- make host:port appear as connect://host:port
251	+ * to make it work better with the configuration system.
252	+ * Ari Luotonen <ari@netscape.com> May 1995
253	+ */
254	+ if (req->method == METHOD_CONNECT && HTReqArg) {
255	+ char *tmp = HTReqArg;
256	+ HTReqArg = NULL;
257	+ StrAllocCopy(HTReqArg, "connect://");
258	+ StrAllocCat(HTReqArg, tmp);
259	+ free(tmp);
260	+ if ((tmp = strchr(HTReqArg + 10, ':'))) {
261	+ for (tmp++; tmp && isdigit(tmp); tmp++);
262	+ *tmp = '\0';
263	+ }
264	+ }
265	+
266	+ /*
267	** Check that the third argument actually is a valid
268	** client protocol specifier (if it is not we might wait
269	** for an eternity for the rest of an HTTP1 request when it
270	*** WWW/Daemon/Implementation/HTDaemon.c.orig Mon Sep 26 07:23:00 1994
271	--- WWW/Daemon/Implementation/HTDaemon.c Mon Jun 12 15:58:58 1995
272	***************
273	* 65,70 **
274	--- 65,71 ----
275	** defined via "ServerRoot" in the configuration file.
276	** Commented out dead extern declarations.
277	** 8 Jul 94 FM Insulate free() from _free structure element.
278	+ ** May 95 AL SSL tunneling support
279	*/
280
281	/* (c) CERN WorldWideWeb project 1990-1992. See Copyright.html for details */
282	***************
283	* 162,167 **
284	--- 163,173 ----
285	#include <sys/param.h>
286	#include <errno.h>
287
288	+ #if !defined(__osf__) && !defined(AIX) && !defined(_HPUX_SOURCE) && \
289	+ !defined(BSDI) && !defined(__linux)
290	+ #include <sys/filio.h>
291	+ #endif
292	+
293	#ifndef SIGCLD
294	#ifdef SIGCHLD
295	#define SIGCLD SIGCHLD
296	***************
297	* 376,381 **
298	--- 382,602 ----
299
300
301
302	+ /*
303	+ * SSL tunneling support by Ari Luotonen <ari@netscape.com>, May 1995
304	+ */
305	+
306	+
307	+ #define SSL_PROXY_BUFSIZE 4096
308	+
309	+
310	+ int shove_buffer ARGS4(int, sd,
311	+ char *, b,
312	+ int *, i,
313	+ int *, c)
314	+ {
315	+ int n = write(sd, &b[i], c);
316	+
317	+ if (n > 0)
318	+ {
319	+ *i += n;
320	+ *c -= n;
321	+ }
322	+ else if (n == -1 && (errno == EWOULDBLOCK \|\| errno == EINTR))
323	+ {
324	+ n = 0;
325	+ }
326	+
327	+ return n;
328	+ }
329	+
330	+ int drag_buffer ARGS4(int, sd,
331	+ char *, b,
332	+ int *, i,
333	+ int *, c)
334	+ {
335	+ int n = read(sd, b, SSL_PROXY_BUFSIZE);
336	+
337	+ i = c = 0;
338	+
339	+ if (n > 0)
340	+ {
341	+ *c = n;
342	+ }
343	+ else if (n == -1 && errno != EWOULDBLOCK && errno != EINTR)
344	+ {
345	+ return 0;
346	+ }
347	+ return n;
348	+ }
349	+
350	+
351	+ int ssl_proxy_pump ARGS3(int, sd1,
352	+ int, sd2,
353	+ char *, initial)
354	+ {
355	+ char b1[SSL_PROXY_BUFSIZE];
356	+ char b2[SSL_PROXY_BUFSIZE];
357	+ int i1=0, i2=0; /* Buffer start index */
358	+ int c1=0, c2=0; /* Buffer data counter */
359	+ int r1=0, r2=0; /* Socket read ready */
360	+ int w1=0, w2=0; /* Socket write ready */
361	+ int closed1=0, closed2=0; /* Socket close */
362	+ int n_fds = ((sd1 > sd2) ? sd1 : sd2) + 1;
363	+ fd_set rd_fds, wr_fds;
364	+ int status;
365	+
366	+ memset(&rd_fds, 0, sizeof(rd_fds));
367	+ memset(&wr_fds, 0, sizeof(wr_fds));
368	+
369	+ if (initial && *initial) {
370	+ strcpy(b1, initial);
371	+ c1 = strlen(initial);
372	+ }
373	+
374	+ while (1) {
375	+ FD_SET(sd1, &rd_fds);
376	+ FD_SET(sd2, &rd_fds);
377	+ FD_SET(sd1, &wr_fds);
378	+ FD_SET(sd2, &wr_fds);
379	+
380	+ if (!(status = select(n_fds, &rd_fds, &wr_fds, NULL, NULL)))
381	+ {
382	+ break;
383	+ }
384	+ else if (status == -1)
385	+ {
386	+ if (errno == EINTR)
387	+ continue;
388	+ else
389	+ break;
390	+ }
391	+
392	+ r1 = FD_ISSET(sd1, &rd_fds);
393	+ r2 = FD_ISSET(sd2, &rd_fds);
394	+ w1 = FD_ISSET(sd1, &wr_fds);
395	+ w2 = FD_ISSET(sd2, &wr_fds);
396	+
397	+ if (w1 && c1 > 0)
398	+ {
399	+ if (shove_buffer(sd1, b1, &i1, &c1) == -1)
400	+ closed1 = 1;
401	+ }
402	+ if (w2 && c2 > 0)
403	+ {
404	+ if (shove_buffer(sd2, b2, &i2, &c2) == -1)
405	+ closed2 = 1;
406	+ }
407	+ if (r1 && !c2)
408	+ {
409	+ if (!drag_buffer(sd1, b2, &i2, &c2))
410	+ closed1 = 1;
411	+ }
412	+ if (r2 && !c1)
413	+ {
414	+ if (!drag_buffer(sd2, b1, &i1, &c1))
415	+ closed2 = 1;
416	+ }
417	+
418	+ if (closed1 \|\| closed2)
419	+ {
420	+ break;
421	+ }
422	+ }
423	+
424	+ NETCLOSE(sd1);
425	+ NETCLOSE(sd2);
426	+
427	+ return 1;
428	+ }
429	+
430	+
431	+ BOOL ssl_proxy_get_addr ARGS3(char *, arg,
432	+ char **, host,
433	+ int *, port)
434	+ {
435	+ char *p;
436	+
437	+ if (arg && host && port && !strncmp(arg, "connect://", 10)) {
438	+
439	+ *host = NULL;
440	+ StrAllocCopy(*host, arg + 10);
441	+
442	+ if ((p = strchr(*host, ':'))) {
443	+ *p++ = '\0';
444	+ if ((*port = atoi(p)) > 0)
445	+ return YES;
446	+ }
447	+ }
448	+ return NO;
449	+ }
450	+
451	+
452	+ int ssl_proxy_connect ARGS3(HTRequest *, req,
453	+ char *, host,
454	+ int, port)
455	+ {
456	+ struct sockaddr_in sa;
457	+ struct hostent *hp;
458	+ int sd, status, one=1;
459	+
460	+ memset(&sa, 0, sizeof(sa));
461	+ sa.sin_family = AF_INET;
462	+ sa.sin_port = htons(port);
463	+
464	+ if (isdigit(*host))
465	+ sa.sin_addr.s_addr = inet_addr(host);
466	+ else if ((hp = gethostbyname(host)))
467	+ memcpy(&sa.sin_addr, hp->h_addr, hp->h_length);
468	+ else {
469	+ HTLoadError(req, 500, "Unable to locate host");
470	+ return -1;
471	+ }
472	+
473	+ if ((sd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) {
474	+ HTLoadError(req, 500, "Can't create socket");
475	+ return -1;
476	+ }
477	+
478	+ if ((status = connect(sd, (struct sockaddr *)&sa, sizeof(sa))) == -1) {
479	+ HTLoadError(req, 500, "Can't connect to host");
480	+ return -1;
481	+ }
482	+
483	+ if ((status = ioctl(sd, FIONBIO, &one)) == -1) {
484	+ HTLoadError(req, 500, "Can't make socket non-blocking");
485	+ return -1;
486	+ }
487	+
488	+ return sd;
489	+ }
490	+
491	+
492	+
493	+ BOOL ssl_proxy_request ARGS2(char , arg, HTRequest , req)
494	+ {
495	+ char *host = NULL;
496	+ int port = 0;
497	+ int sd, one=1;
498	+
499	+ CTRACE(stderr, "Handling CONNECT %s\n", arg);
500	+
501	+ if (!ssl_proxy_get_addr(arg, &host, &port)) {
502	+ HTLoadError(req, 400, "Bad CONNECT request address");
503	+ return NO;
504	+ }
505	+
506	+ if ((sd = ssl_proxy_connect(req, host, port)) < 0)
507	+ return NO;
508	+
509	+ if (ioctl(HTSoc, FIONBIO, &one) < -1) {
510	+ HTLoadError(req, 500, "Can't make client socket non-blocking");
511	+ return NO;
512	+ }
513	+
514	+ ssl_proxy_pump(HTSoc, sd, "HTTP/1.0 200 Connection established\r\n\r\n");
515	+ return YES;
516	+ }
517
518
519	#if defined(Mips)
520	***************
521	* 1832,1837 **
522	--- 2053,2062 ----
523	}
524	FREE(cfn);
525	}
526	+ else if (req->method==METHOD_CONNECT) {
527	+ /* SSL tunneling by Ari Luotonen <ari@netscape.com>, May 1995 */
528	+ ssl_proxy_request(HTReqArg, req);
529	+ }
530	else {
531	/* Normal retrieve with no caching */
532	CTRACE(stderr, "No caching.. %s\n",